diff --git a/docs/1secure/admin/_category_.json b/docs/1secure/admin/_category_.json new file mode 100644 index 0000000000..2e5a41ed48 --- /dev/null +++ b/docs/1secure/admin/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Introducing Netwrix 1Secure", + "position": 50, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/1secure/admin/alerts/_category_.json b/docs/1secure/admin/alerts/_category_.json new file mode 100644 index 0000000000..c894ddbada --- /dev/null +++ b/docs/1secure/admin/alerts/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Alert Profiles", + "position": 70, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/1secure/admin/alerts/alerts.md b/docs/1secure/admin/alerts/alerts.md new file mode 100644 index 0000000000..c9b804484f --- /dev/null +++ b/docs/1secure/admin/alerts/alerts.md @@ -0,0 +1,136 @@ +--- +title: "Alerts" +description: "Alerts" +sidebar_position: 10 +--- + +# Alerts + +When you create an alert profile, several alerts are preconfigured for it. You can, however, choose +to enable or disable them as well as add custom alerts to the profile. These alerts are triggered by +specific events. This means that when the defined action (event) is detected within the organization +the alert profile is assigned to, an alert is generated. Alerts notify you of critical actions that +impact your organization's security, enabling you to respond swiftly to potential risks. + +You can access the generated alerts in the following ways: + +- View the alerts generated for an organization on the Netwrix 1Secure dashboard. See the + [1Secure Dashboard](/docs/1secure/admin/dashboard/overview.md) topic for additional information. +- Receive alerts as email notifications sent to the specified email address(es). See the + [Manage Delivery Settings for an Alert Profile](overview.md#manage-delivery-settings-for-an-alert-profile) topic + for setting up email notifications. + +Follow the steps to view the alerts within an alert profile. + +**Step 1 –** Navigate to Configuration > Alerts. + +**Step 2 –** Click an alert profile. The alerts for the profile are displayed in a list. + +![Alerts List within an alert profile](/img/product_docs/1secure/admin/alerts/alertslist.webp) + +You can view the following for each alert in the list: + +- Source – Indicates the origin or type of data that triggers the alert. For example, Activity + Records. +- Alert Name – The name of the alert +- Is Active – Indicates whether the alert is activated. You can toggle it ON or OFF as required. +- Grouping On – Indicates whether grouping is applied to the alert. If yes, then it displays the + criteria, such as What, Who, Where, etc. +- Threshold – The threshold value set for the alert. The threshold is the minimum number of activity + records that must occur within a specified time frame (threshold period) to trigger an alert. +- Threshold Period – The threshold period set for the alert. The threshold period is the maximum + duration, starting from the first activity record, within which the specified number of activity + records (threshold) must occur to trigger an alert. +- Batching Period – The batching period set for the alert. The batching period feature allows you to + receive a single notification that includes all alerts triggered during the specified period. + +## Add a Custom Alert + +Follow the steps to add a custom alert. + +**Step 1 –** Navigate to Configuration > Alerts. + +**Step 2 –** Click an alert profile. The alerts for the profile are displayed in a list. + +**Step 3 –** Click **Add**. The New Alert pane is displayed. + +![New Alert Pane](/img/product_docs/1secure/admin/alerts/addcustomalert.webp) + +**Step 4 –** Select a custom report from the Report drop-down menu to trigger the alert when a new +record is generated for the report. See the [ Custom Reports](/docs/1secure/admin/searchandreports/customreports.md) +topic for additional information. + +**Step 5 –** Specify a name and description for the alert. + +**Step 6 –** Toggle the **Is Active** switch to ON to activate the alert. Notifications are sent for +active alerts only. + +**Step 7 –** Toggle the **Is Grouped** switch to ON, which displays the Grouped On drop-down menu. +When grouping is enabled, alerts are organized based on the criteria you select in the _Grouped On_ +drop-down menu. + +**Step 8 –** Select one of the following options from the **Grouped On** drop-down menu: + +- Who – Groups alerts with respect to the user who performed the activity (deleted an account, + created a record, etc.) +- Where – Groups alerts with respect to the location where the activity is performed. For example, + SharePoint Online site, file server, etc. +- What – Groups alerts with respect to the object the activity is performed on, such as a computer, + file, etc. + +Example: You have two users, User 1 and User 2, each performing different actions. By setting +"Grouped On" to "Who", alerts will be generated per user, resulting in two separate alerts — one for +User 1 and another for User 2. Each alert will include only the activity associated with that +specific user. If grouping is not enabled, all activities will be consolidated into a single alert +based on the specified _threshold_ and _threshold period_. + +**Step 9 –** In the Threshold field, specify a threshold for the alert. The threshold is the minimum +number of activity records that must occur within a specified time frame (threshold period) to +trigger an alert. For example, if the threshold is set to 3, an alert will be triggered when at +least 3 activity records are generated within the specified time frame. + +**Step 10 –** In the Threshold Period field, specify a threshold period for the alert. The threshold +period is the maximum duration, starting from the first activity record, within which the specified +number of activity records (threshold) must occur to trigger an alert. For example, if the threshold +is set to 5 and the threshold period is 10 minutes, at least 5 activity records must be generated +within 10 minutes to trigger an alert. + +**Step 11 –** If you do not want alert notifications to be sent to you each time an alert is +generated, there is a batching period option. In the Batching Period field, specify a batching +period for the alert. The batching period feature allows you to receive a single notification that +includes all alerts triggered during the specified period. For example, if the batching period is +set to 30 minutes (00:30:00) for an alert such as "Computer removed," you will receive a single +notification for the alerts generated during that time frame, rather than receiving individual +notifications for each alert. + +**Step 12 –** Click **Save**. + +The alert is configured and added to the list. + +## Modify an Alert + +Follow the steps to modify a preconfigured or custom alert. + +**Step 1 –** Navigate to Configuration > Alerts. + +**Step 2 –** Click an alert profile. The alerts for the profile are displayed in a list. + +**Step 3 –** Click the **Edit** icon for an alert. The Edit alert pane is displayed. + +**Step 4 –** Modify the required information. See the +[Add a Custom Alert](#add-a-custom-alert) topic, starting from Step 4 for additional information. + +**Step 5 –** Click **Save**. + +## Delete a Custom Alert + +Follow the steps to delete a custom alert. + +**Step 1 –** Navigate to Configuration > Alerts. + +**Step 2 –** Click an alert profile. The alerts for the profile are displayed in a list. + +**Step 3 –** Click the **Delete** icon for an alert to delete it. A dialog box is displayed, +prompting you to confirm the deletion of the alert. + +**Step 4 –** Click **Yes**. The alert is deleted from the system. diff --git a/docs/1secure/admin/alerts/index.md b/docs/1secure/admin/alerts/index.md deleted file mode 100644 index bbbc247313..0000000000 --- a/docs/1secure/admin/alerts/index.md +++ /dev/null @@ -1,139 +0,0 @@ ---- -id: alerts -title: "Alerts" -pagination_label: "Alerts" -sidebar_label: "Alerts" -sidebar_position: 79 -description: "Learn how to configure and manage alerts that notify you of critical security events and actions in your organization." ---- - -# Alerts - -When you create an alert profile, several alerts are preconfigured for it. You can, however, choose -to enable or disable them as well as add custom alerts to the profile. These alerts are triggered by -specific events. This means that when the defined action (event) is detected within the organization -the alert profile is assigned to, an alert is generated. Alerts notify you of critical actions that -impact your organization's security, enabling you to respond swiftly to potential risks. - -You can access the generated alerts in the following ways: - -- View the alerts generated for an organization on the Netwrix 1Secure dashboard. See the - [1Secure Dashboard](/docs/1secure/admin/dashboard/index.md) topic for additional information. -- Receive alerts as email notifications sent to the specified email address(es). See the - [Manage Delivery Settings for an Alert Profile](profiles.md#manage-delivery-settings-for-an-alert-profile) topic - for setting up email notifications. - -Follow the steps to view the alerts within an alert profile. - -**Step 1 –** Navigate to Configuration > Alerts. - -**Step 2 –** Click an alert profile. The alerts for the profile are displayed in a list. - -![Alerts List within an alert profile](/img/product_docs/1secure/admin/alerts/alertslist.webp) - -You can view the following for each alert in the list: - -- Source – Indicates the origin or type of data that triggers the alert. For example, Activity - Records. -- Alert Name – The name of the alert -- Is Active – Indicates whether the alert is activated. You can toggle it ON or OFF as required. -- Grouping On – Indicates whether grouping is applied to the alert. If yes, then it displays the - criteria, such as What, Who, Where, etc. -- Threshold – The threshold value set for the alert. The threshold is the minimum number of activity - records that must occur within a specified time frame (threshold period) to trigger an alert. -- Threshold Period – The threshold period set for the alert. The threshold period is the maximum - duration, starting from the first activity record, within which the specified number of activity - records (threshold) must occur to trigger an alert. -- Batching Period – The batching period set for the alert. The batching period feature allows you to - receive a single notification that includes all alerts triggered during the specified period. - -## Add a Custom Alert - -Follow the steps to add a custom alert. - -**Step 1 –** Navigate to Configuration > Alerts. - -**Step 2 –** Click an alert profile. The alerts for the profile are displayed in a list. - -**Step 3 –** Click **Add**. The New Alert pane is displayed. - -![New Alert Pane](/img/product_docs/1secure/admin/alerts/addcustomalert.webp) - -**Step 4 –** Select a custom report from the Report drop-down menu to trigger the alert when a new -record is generated for the report. See the [ Custom Reports](/docs/1secure/admin/searchandreports/customreports.md) -topic for additional information. - -**Step 5 –** Specify a name and description for the alert. - -**Step 6 –** Toggle the **Is Active** switch to ON to activate the alert. Notifications are sent for -active alerts only. - -**Step 7 –** Toggle the **Is Grouped** switch to ON, which displays the Grouped On drop-down menu. -When grouping is enabled, alerts are organized based on the criteria you select in the _Grouped On_ -drop-down menu. - -**Step 8 –** Select one of the following options from the **Grouped On** drop-down menu: - -- Who – Groups alerts with respect to the user who performed the activity (deleted an account, - created a record, etc.) -- Where – Groups alerts with respect to the location where the activity is performed. For example, - SharePoint Online site, file server, etc. -- What – Groups alerts with respect to the object the activity is performed on, such as a computer, - file, etc. - -Example: You have two users, User 1 and User 2, each performing different actions. By setting -"Grouped On" to "Who", alerts will be generated per user, resulting in two separate alerts — one for -User 1 and another for User 2. Each alert will include only the activity associated with that -specific user. If grouping is not enabled, all activities will be consolidated into a single alert -based on the specified _threshold_ and _threshold period_. - -**Step 9 –** In the Threshold field, specify a threshold for the alert. The threshold is the minimum -number of activity records that must occur within a specified time frame (threshold period) to -trigger an alert. For example, if the threshold is set to 3, an alert will be triggered when at -least 3 activity records are generated within the specified time frame. - -**Step 10 –** In the Threshold Period field, specify a threshold period for the alert. The threshold -period is the maximum duration, starting from the first activity record, within which the specified -number of activity records (threshold) must occur to trigger an alert. For example, if the threshold -is set to 5 and the threshold period is 10 minutes, at least 5 activity records must be generated -within 10 minutes to trigger an alert. - -**Step 11 –** If you do not want alert notifications to be sent to you each time an alert is -generated, there is a batching period option. In the Batching Period field, specify a batching -period for the alert. The batching period feature allows you to receive a single notification that -includes all alerts triggered during the specified period. For example, if the batching period is -set to 30 minutes (00:30:00) for an alert such as "Computer removed," you will receive a single -notification for the alerts generated during that time frame, rather than receiving individual -notifications for each alert. - -**Step 12 –** Click **Save**. - -The alert is configured and added to the list. - -## Modify an Alert - -Follow the steps to modify a preconfigured or custom alert. - -**Step 1 –** Navigate to Configuration > Alerts. - -**Step 2 –** Click an alert profile. The alerts for the profile are displayed in a list. - -**Step 3 –** Click the **Edit** icon for an alert. The Edit alert pane is displayed. - -**Step 4 –** Modify the required information. See the -[Add a Custom Alert](#add-a-custom-alert) topic, starting from Step 4 for additional information. - -**Step 5 –** Click **Save**. - -## Delete a Custom Alert - -Follow the steps to delete a custom alert. - -**Step 1 –** Navigate to Configuration > Alerts. - -**Step 2 –** Click an alert profile. The alerts for the profile are displayed in a list. - -**Step 3 –** Click the **Delete** icon for an alert to delete it. A dialog box is displayed, -prompting you to confirm the deletion of the alert. - -**Step 4 –** Click **Yes**. The alert is deleted from the system. diff --git a/docs/1secure/admin/alerts/overview.md b/docs/1secure/admin/alerts/overview.md new file mode 100644 index 0000000000..f833cb53c0 --- /dev/null +++ b/docs/1secure/admin/alerts/overview.md @@ -0,0 +1,103 @@ +--- +title: "Alert Profiles" +description: "Alert Profiles" +sidebar_position: 70 +--- + +# Alert Profiles + +Alert profiles provide a way to easily group alert configurations and delivery notification settings +together. You can create an alert profile, enable relevant alerts for the profile, and assign it to +organization(s). Additionally, you can customize delivery settings and specify which user(s) will +receive notifications when alerts in the profile are triggered. + +To view the alert profiles, navigate to Configuration > Alerts. + +![Alert Profiles List](/img/product_docs/1secure/admin/alerts/alertsprofiles.webp) + +Alert profiles are displayed in the list with the following information: + +- Alert profile – The name of the alert profile +- Alerts enabled – The number of alerts enabled for the profile +- Used in organizations – The number of organizations the alert profile is applied to +- Notification delivery – Indicates whether email notifications are configured for the profile + +**NOTE:** The alert profile named _Netwrix Profile (Default)_ is available by default and is +automatically applied to all managed organizations. + +## Add an Alert Profile + +Follow the steps to add an alert profile. + +**Step 1 –** Navigate to Configuration > Alerts. + +**Step 2 –** Click **Add profile**. The New alert profile pane is displayed. + +![New Alert Profile pane](/img/product_docs/1secure/admin/alerts/addalertprofile.webp) + +**Step 3 –** Enter a name for the alert profile in the Name field and click **Save**. + +The alert profile is added to the list. You can: + +- Assign this profile to an organization. You can do this when creating a new organization or + editing an organization. See the [Add Organizations](/docs/1secure/admin/organizations/addorganizations.md) topic + for additional information. +- Click the profile to review the list of alerts, enable the desired alerts, make necessary edits + for alerts, and set delivery settings for the alert profile. See [Alerts](/docs/1secure/admin/alerts/alerts.md) topic for + additional information. + +## Modify the Name of an Alert Profile + +Follow the steps to modify the name of an alert profile. + +**Step 1 –** Navigate to Configuration > Alerts. + +**Step 2 –** Click the Edit icon for an alert profile. The Edit alert profile pane is displayed. + +**Step 3 –** Modify the name of the profile. + +**Step 4 –** Click **Save**. + +## Delete an Alert Profile + +**NOTE:** (1) The alert profile named _Netwrix Profile (Default)_ cannot be deleted. +(2) When an alert profile is deleted, the _Netwrix Profile (Default)_ is automatically assigned to +the organizations that were previously assigned the deleted profile. + +Follow the steps to delete an alert profile. + +**Step 1 –** Navigate to Configuration > Alerts. + +**Step 2 –** Click the Delete icon for an alert profile to delete it. A dialog box is displayed, +prompting you to confirm the deletion of the profile. + +**Step 3 –** Click **Yes**. The alert profile is deleted from the system. + +## Manage Delivery Settings for an Alert Profile + +You can receive alerts by email or through the third-party ticket service, as used by the Managed +Service Providers. + +Follow the steps to configure alerts by email. + +**Step 1 –** . Navigate to Configuration > Alerts. + +**Step 2 –** Click an alert profile. The alerts for the profile are displayed in a list. + +**Step 3 –** Click the Email icon under Delivery Settings. The Email Delivery Settings pane is +displayed. + +![Email Delivery Settings pane](/img/product_docs/1secure/admin/alerts/alertsemaildelivery.webp) + +**Step 4 –** . Toggle the Enabled switch to ON to enable email notifications for the alert profile. + +**Step 5 –** In the Email Addresses field, enter the email address of a recipient for alert +notifications and click the Add icon. To specify multiple email addresses, add them one by one. + +**Step 6 –** Check the **Email Organization Admins** check box to send the alerts to all the +organization admins by email. + +**Step 7 –** Click Save. + +You may also link to a third-party ticketing system. See the +[Third-party systems](/docs/1secure/integration/overview.md) topic for additional information. diff --git a/docs/1secure/admin/alerts/profiles.md b/docs/1secure/admin/alerts/profiles.md deleted file mode 100644 index d66ca68180..0000000000 --- a/docs/1secure/admin/alerts/profiles.md +++ /dev/null @@ -1,106 +0,0 @@ ---- -id: alert-profiles -title: "Alert Profiles" -pagination_label: "Alert Profiles" -sidebar_label: "Alert Profiles" -sidebar_position: 80 -description: "Learn how to create and manage alert profiles with grouped configurations and delivery notification settings." ---- - -# Alert Profiles - -Alert profiles provide a way to easily group alert configurations and delivery notification settings -together. You can create an alert profile, enable relevant alerts for the profile, and assign it to -organization(s). Additionally, you can customize delivery settings and specify which user(s) will -receive notifications when alerts in the profile are triggered. - -To view the alert profiles, navigate to Configuration > Alerts. - -![Alert Profiles List](/img/product_docs/1secure/admin/alerts/alertsprofiles.webp) - -Alert profiles are displayed in the list with the following information: - -- Alert profile – The name of the alert profile -- Alerts enabled – The number of alerts enabled for the profile -- Used in organizations – The number of organizations the alert profile is applied to -- Notification delivery – Indicates whether email notifications are configured for the profile - -**NOTE:** The alert profile named _Netwrix Profile (Default)_ is available by default and is -automatically applied to all managed organizations. - -## Add an Alert Profile - -Follow the steps to add an alert profile. - -**Step 1 –** Navigate to Configuration > Alerts. - -**Step 2 –** Click **Add profile**. The New alert profile pane is displayed. - -![New Alert Profile pane](/img/product_docs/1secure/admin/alerts/addalertprofile.webp) - -**Step 3 –** Enter a name for the alert profile in the Name field and click **Save**. - -The alert profile is added to the list. You can: - -- Assign this profile to an organization. You can do this when creating a new organization or - editing an organization. See the [Add Organizations](/docs/1secure/admin/organizations/addorganizations.md) topic - for additional information. -- Click the profile to review the list of alerts, enable the desired alerts, make necessary edits - for alerts, and set delivery settings for the alert profile. See [Alerts](/docs/1secure/admin/alerts/index.md) topic for - additional information. - -## Modify the Name of an Alert Profile - -Follow the steps to modify the name of an alert profile. - -**Step 1 –** Navigate to Configuration > Alerts. - -**Step 2 –** Click the Edit icon for an alert profile. The Edit alert profile pane is displayed. - -**Step 3 –** Modify the name of the profile. - -**Step 4 –** Click **Save**. - -## Delete an Alert Profile - -**NOTE:** (1) The alert profile named _Netwrix Profile (Default)_ cannot be deleted. -(2) When an alert profile is deleted, the _Netwrix Profile (Default)_ is automatically assigned to -the organizations that were previously assigned the deleted profile. - -Follow the steps to delete an alert profile. - -**Step 1 –** Navigate to Configuration > Alerts. - -**Step 2 –** Click the Delete icon for an alert profile to delete it. A dialog box is displayed, -prompting you to confirm the deletion of the profile. - -**Step 3 –** Click **Yes**. The alert profile is deleted from the system. - -## Manage Delivery Settings for an Alert Profile - -You can receive alerts by email or through the third-party ticket service, as used by the Managed -Service Providers. - -Follow the steps to configure alerts by email. - -**Step 1 –** . Navigate to Configuration > Alerts. - -**Step 2 –** Click an alert profile. The alerts for the profile are displayed in a list. - -**Step 3 –** Click the Email icon under Delivery Settings. The Email Delivery Settings pane is -displayed. - -![Email Delivery Settings pane](/img/product_docs/1secure/admin/alerts/alertsemaildelivery.webp) - -**Step 4 –** . Toggle the Enabled switch to ON to enable email notifications for the alert profile. - -**Step 5 –** In the Email Addresses field, enter the email address of a recipient for alert -notifications and click the Add icon. To specify multiple email addresses, add them one by one. - -**Step 6 –** Check the **Email Organization Admins** check box to send the alerts to all the -organization admins by email. - -**Step 7 –** Click Save. - -You may also link to a third-party ticketing system. See the -[Third-party systems](/docs/1secure/integrations/index.md) topic for additional information. diff --git a/docs/1secure/admin/alerts/timeline.md b/docs/1secure/admin/alerts/timeline.md deleted file mode 100644 index 2de67445e6..0000000000 --- a/docs/1secure/admin/alerts/timeline.md +++ /dev/null @@ -1,108 +0,0 @@ ---- -id: alerts-timeline -title: "Alerts Timeline" -pagination_label: "Alerts Timeline" -sidebar_label: "Alerts Timeline" -sidebar_position: 81 -description: "Learn how to view and analyze triggered alerts using statistics, charts, and comprehensive alert lists." ---- - -# Alerts Timeline - -The Alerts Timeline page provides a view of triggered alerts. It highlights key statistics, -including the top 5 alert types by count and a timeline chart to visualize alerts triggered over -time. The page also displays a complete list of generated alerts for thorough analysis and -monitoring. - -To access the Alerts Timeline page, click **Home** at the top and do one of the following: - -- On the Top 5 Organizations with Most Alerts chart, click a bar. It opens the Alerts Timeline page - that displays alert-related data for the organization represented by the selected bar. -- On the Top 5 Triggered Alerts by Type chart, click a bar. It opens the Alerts Timeline page that - displays alert-related data for all managed organizations. -- In the organizations list, click an organization name to navigate to the Organization Statistics - page, then click the Alerts Timeline chart. It opens the Alerts Timeline page that displays - alert-related data for the organization selected in the organizations list. - -![Alerts Timeline Page](/img/product_docs/1secure/admin/dashboard/alertstimeline.webp) - -If you are a managed organization user, this page displays insights specific to your organization. - -If you are a managing organization (MSP) user, this page provides insights for all your -organizations. - -Top 5 Alerts by Count - -This card displays a pie chart illustrating the five most frequently triggered alert types. Each -slice represents the share of an alert type relative to the others. Hover over a slice to view the -exact number of alerts for that type. -The legend maps the colors used in the pie chart to the names of the alert types along with the -share percentage. - -Click an alert type on the legend to disable it. Disabled alert types are not displayed in the pie -chart. Hence, the pie chart displays only the enabled alert types and their percentage shares with -respect to each other. You can click a disabled alert type on the legend to enable it. - -Alerts Timeline - -This card displays a bar chart illustrating the number of alerts triggered for the period selected -in the timeframe drop-down menu. Hover over a bar on the chart to view the exact number of alerts -triggered on any specific date. - -Alerts List - -This section lists all the triggered alerts with the following information: - -- Organization – Displays the name of the organization the alert belongs to. Click an organization - name to view its alert-related data on the Alerts Timeline page. On filtering data by - organization, the Organization column is hidden from the Alerts list. -- Alert time – Displays the date and time when the alert is triggered -- Source type – Displays the origin or type of data that triggers the alert. Source types are: - - - Activity Records – Alerts generated based on user activities or actions - - Health Notifications – Alerts related to system performance, for example, when Netwrix 1Secure - is unable to communicate with Netwrix Cloud Agent. - -- Alert name – Displays the name of the alert -- Num activity records – Displays the number of activity records associated with the triggered - alert, based on the threshold value set for it. The threshold is the minimum number of activity - records that must occur within a specified time frame (threshold period) to trigger an alert. -- Last updated – Displays the date and time when the alert is triggered, based on the threshold - value set for it. The threshold is the minimum number of activity records that must occur within a - specified time frame (threshold period) to trigger an alert.last updated. -- Item – Displays the name of the entity by which the alert is grouped, such as a computer, file, - user, etc. -- Activity Records – Click the Activity Records link for an alert to navigate to the Activity page, - where you can view a detailed report for that alert type. See the - [Activity Reports](/docs/1secure/admin/searchandreports/activity.md) topic for additional information. - -Click a column header to sort data in the alerts list by that column in ascending order. An arrow -appears next to the column name to indicate the sort order. Click the column header again to sort -the data in descending order. - -Edit Alerts Settings - -Click the **Edit Alerts Settings** link to navigate to the Alerts page, where you can create a new -alert and modify existing ones. See the [Alerts](/docs/1secure/admin/alerts/index.md) topic for additional -information. - -## Filter Data - -Multiple filters are available on this page to enable you to filter data as desired. You can apply -one or more filters at a time. - -- Organizations – Select an organization from the Organizations drop-down menu to view its - alert-related data. -- Filter by Keyword – Type a search string (only alpha characters allowed) in the Filter by keyword - field and press Enter. The Alerts list displays the data that matches the specified keyword. -- Alert – Select an alert type from the Alert drop-down menu. The charts and the alerts list display - data specific to the selected alert type. By default, All is selected. -- Item – Select an item from the Item drop-down menu. The charts and the alerts list display alert - data specific to the selected item. By default, All is selected. -- Timeframe – Select a time period from the Timeframe drop-down menu. The charts and the listing on - the page display data for the selected time period. For example, if you select 7 Days, the data - will reflect information for the past 7 days. By default, 30 Days is selected. Options are: - - - 7 Days - - 30 Days - - 90 Days diff --git a/docs/1secure/admin/dashboard/_category_.json b/docs/1secure/admin/dashboard/_category_.json new file mode 100644 index 0000000000..29fe53fab6 --- /dev/null +++ b/docs/1secure/admin/dashboard/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "1Secure Dashboard", + "position": 20, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/1secure/admin/dashboard/alertstimeline.md b/docs/1secure/admin/dashboard/alertstimeline.md new file mode 100644 index 0000000000..f741e2fe0d --- /dev/null +++ b/docs/1secure/admin/dashboard/alertstimeline.md @@ -0,0 +1,105 @@ +--- +title: "Alerts Timeline" +description: "Alerts Timeline" +sidebar_position: 20 +--- + +# Alerts Timeline + +The Alerts Timeline page provides a view of triggered alerts. It highlights key statistics, +including the top 5 alert types by count and a timeline chart to visualize alerts triggered over +time. The page also displays a complete list of generated alerts for thorough analysis and +monitoring. + +To access the Alerts Timeline page, click **Home** at the top and do one of the following: + +- On the Top 5 Organizations with Most Alerts chart, click a bar. It opens the Alerts Timeline page + that displays alert-related data for the organization represented by the selected bar. +- On the Top 5 Triggered Alerts by Type chart, click a bar. It opens the Alerts Timeline page that + displays alert-related data for all managed organizations. +- In the organizations list, click an organization name to navigate to the Organization Statistics + page, then click the Alerts Timeline chart. It opens the Alerts Timeline page that displays + alert-related data for the organization selected in the organizations list. + +![Alerts Timeline Page](/img/product_docs/1secure/admin/dashboard/alertstimeline.webp) + +If you are a managed organization user, this page displays insights specific to your organization. + +If you are a managing organization (MSP) user, this page provides insights for all your +organizations. + +Top 5 Alerts by Count + +This card displays a pie chart illustrating the five most frequently triggered alert types. Each +slice represents the share of an alert type relative to the others. Hover over a slice to view the +exact number of alerts for that type. +The legend maps the colors used in the pie chart to the names of the alert types along with the +share percentage. + +Click an alert type on the legend to disable it. Disabled alert types are not displayed in the pie +chart. Hence, the pie chart displays only the enabled alert types and their percentage shares with +respect to each other. You can click a disabled alert type on the legend to enable it. + +Alerts Timeline + +This card displays a bar chart illustrating the number of alerts triggered for the period selected +in the timeframe drop-down menu. Hover over a bar on the chart to view the exact number of alerts +triggered on any specific date. + +Alerts List + +This section lists all the triggered alerts with the following information: + +- Organization – Displays the name of the organization the alert belongs to. Click an organization + name to view its alert-related data on the Alerts Timeline page. On filtering data by + organization, the Organization column is hidden from the Alerts list. +- Alert time – Displays the date and time when the alert is triggered +- Source type – Displays the origin or type of data that triggers the alert. Source types are: + + - Activity Records – Alerts generated based on user activities or actions + - Health Notifications – Alerts related to system performance, for example, when Netwrix 1Secure + is unable to communicate with Netwrix Cloud Agent. + +- Alert name – Displays the name of the alert +- Num activity records – Displays the number of activity records associated with the triggered + alert, based on the threshold value set for it. The threshold is the minimum number of activity + records that must occur within a specified time frame (threshold period) to trigger an alert. +- Last updated – Displays the date and time when the alert is triggered, based on the threshold + value set for it. The threshold is the minimum number of activity records that must occur within a + specified time frame (threshold period) to trigger an alert.last updated. +- Item – Displays the name of the entity by which the alert is grouped, such as a computer, file, + user, etc. +- Activity Records – Click the Activity Records link for an alert to navigate to the Activity page, + where you can view a detailed report for that alert type. See the + [Activity Reports](/docs/1secure/admin/searchandreports/activity.md) topic for additional information. + +Click a column header to sort data in the alerts list by that column in ascending order. An arrow +appears next to the column name to indicate the sort order. Click the column header again to sort +the data in descending order. + +Edit Alerts Settings + +Click the **Edit Alerts Settings** link to navigate to the Alerts page, where you can create a new +alert and modify existing ones. See the [Alerts](/docs/1secure/admin/alerts/alerts.md) topic for additional +information. + +## Filter Data + +Multiple filters are available on this page to enable you to filter data as desired. You can apply +one or more filters at a time. + +- Organizations – Select an organization from the Organizations drop-down menu to view its + alert-related data. +- Filter by Keyword – Type a search string (only alpha characters allowed) in the Filter by keyword + field and press Enter. The Alerts list displays the data that matches the specified keyword. +- Alert – Select an alert type from the Alert drop-down menu. The charts and the alerts list display + data specific to the selected alert type. By default, All is selected. +- Item – Select an item from the Item drop-down menu. The charts and the alerts list display alert + data specific to the selected item. By default, All is selected. +- Timeframe – Select a time period from the Timeframe drop-down menu. The charts and the listing on + the page display data for the selected time period. For example, if you select 7 Days, the data + will reflect information for the past 7 days. By default, 30 Days is selected. Options are: + + - 7 Days + - 30 Days + - 90 Days diff --git a/docs/1secure/admin/dashboard/index.md b/docs/1secure/admin/dashboard/index.md deleted file mode 100644 index bdc51fa674..0000000000 --- a/docs/1secure/admin/dashboard/index.md +++ /dev/null @@ -1,128 +0,0 @@ ---- -id: 1secure-dashboard -title: "1Secure Dashboard" -pagination_label: "1Secure Dashboard" -sidebar_label: "1Secure Dashboard" -sidebar_position: 20 -description: "Overview of the 1Secure dashboard providing single-pane-of-glass view for MSPs to manage client organizations and alerts." ---- - -# 1Secure Dashboard - -The Netwrix 1Secure dashboard provides an intuitive, single-pane-of-glass view of your clients -organizations, enabling managing organizations, such as Managed Service Providers (MSPs), to quickly -identify and prioritize what requires immediate attention. It displays the alerts triggered by -specific events, offering drill-down capabilities that enable you to access detailed information on -specific alerts and issues, ensuring timely and effective responses. See the -[Alerts](/docs/1secure/admin/alerts) topic for additional information on alerts. - -Click **Home** at the top of the page to access the dashboard. This page is also the default landing -page of the application when you sign in. - -![Dashboard Page for managing user](/img/product_docs/1secure/admin/dashboard/dashboardpage.webp) - -If you are a managed organization user, this page displays insights specific to your organization. -See the [Organization Statistics](/docs/1secure/admin/dashboard/organizationstatistics.md) topic for additional information. - -If you are a managing organization (MSP) user, this page provides insights for all your -organizations. - -Top 5 Triggered Alerts by Type - -This card displays a bar chart that highlights the five most frequently triggered alert types. Hover -over a bar to view the exact number of alerts for that type. Click a bar to navigate to the Alerts -Timeline page. See the [Alerts Timeline](/docs/1secure/admin/alerts/timeline.md) topic for additional information. - -Top 5 Organizations with Most Alerts - -This card displays a bar chart that highlights the five organizations with the highest number of -triggered alerts. Hover over a bar to view the exact number of alerts triggered for that -organization. Click a bar to navigate to the Alerts Timeline page. See the -[Alerts Timeline](/docs/1secure/admin/alerts/timeline.md) topic for additional information. - -Top 5 Organizations at Risk - -This card lists the five organizations with the highest risk levels. Each record includes the -organization’s name, risk level (high, medium, or low), and the number of risks detected. Click a -record to navigate to the Risk Assessment dashboard. See the -[Risk Assessment Dashboard](/docs/1secure/admin/riskprofiles/riskassessmentdashboard.md) topic for additional -information. - -Health Status - -This bar lists the different health statuses assigned to organizations in the Organizations list, -along with the number of organizations associated with each status. - -Organizations List - -This section lists all managed organizations with the following information: - -- Name – Displays the name of an organization. Click an organization name to navigate to the - Organization Statistics page. See the [Organization Statistics](/docs/1secure/admin/dashboard/organizationstatistics.md) topic - for additional information. - -- Alerts – Displays the total number of alerts triggered for the organization. Click the value to - navigate to the Alerts Timeline page. See the [Alerts Timeline](/docs/1secure/admin/alerts/timeline.md) topic for - additional information. -- Risk Level – Displays the risk level for the organization such as, high, medium, or low. Click the - value to navigate to the Risk Assessment dashboard. See the - [Risk Assessment Dashboard](/docs/1secure/admin/riskprofiles/riskassessmentdashboard.md) topic for additional - information. -- Users – Displays the total number of users in the organization along with their percentage share - with respect to the total number of users in the managed organizations (tenant) in 1Secure. Click - the value to navigate to the Billable Users page. See the - [System Reports](/docs/1secure/admin/searchandreports/system.md) topic for additional information. -- Status – Displays the current health status of the organization, which can be: Healthy, Trial in - Progress, New, Update Recommended, Needs Attention, Experiencing Issues, Offline, Disabled, Not - Configured, and Pending Deletion. Click the value to navigate to the Health Status for - Organization: `` pane. -- Tags – Displays the user defined tag(s) applied to the organization. - -Click a column header to sort the data in the organizations list by that column in ascending order. -An arrow appears next to the column name to indicate the sort order. Click the column header again -to sort the data in descending order. - -Add Organization - -Click the Add Organization button to add a new organization. See the -[Add Organizations](/docs/1secure/admin/organizations/addorganizations.md) topic for additional information. - -## Filter Data - -Multiple filters are available on this page to enable you to filter data as desired. You can apply -one or more filters at a time. - -**NOTE:** Some filters apply to all data displayed on this page, while others are specific to the -Organizations list. - -- Filter by Keyword – Type a search string (only alpha characters allowed) in the Filter by keyword - field and press Enter. The Organizations list displays the data that matches the specified - keyword. -- Alert – Select an alert type from the Alert drop-down menu. The organizations with alerts - triggered for the selected type are displayed in the list. By default, All is selected. -- Health Status – Select a health status from the Health Status drop-down menu. The organizations - with the selected heath status are displayed in the list. By default, All is selected . Other - statuses are: - - - Healthy - - Trial in Progress - - New - - Update Recommended - - Needs attention - - Experiencing Issues - - Offline - - Disabled - - Not configured - - Pending deletion - -- Tag – Select a tag from the Tag drop-down menu. The bar charts and the organizations list on the - dashboard display data for the organizations the tag is associated with. By default, All is - selected. -- Timeframe – Select a time period from the Timeframe drop-down menu. The charts and the listing on - the page display data for the selected time period. For example, if you select 7 Days, the data - will reflect information for the past 7 days. By default, 30 Days is selected. Options are: - - - 7 Days - - 30 Days - - 90 Days - - 365 Days diff --git a/docs/1secure/admin/dashboard/organizationstatistics.md b/docs/1secure/admin/dashboard/organizationstatistics.md index eb66694d2c..d762124500 100644 --- a/docs/1secure/admin/dashboard/organizationstatistics.md +++ b/docs/1secure/admin/dashboard/organizationstatistics.md @@ -1,10 +1,7 @@ --- -id: organization-statistics title: "Organization Statistics" -pagination_label: "Organization Statistics" -sidebar_label: "Organization Statistics" -sidebar_position: 21 -description: "View detailed statistics and security insights for client organizations including health status and risk assessments." +description: "Organization Statistics" +sidebar_position: 10 --- # Organization Statistics @@ -63,7 +60,7 @@ This card displays a list of custom reports created for the organization. See th This card displays a line chart illustrating the number of alerts triggered during the past three months. Hover over a point on the chart to view the exact number of alerts triggered on any specific date. Click a point on the chart to navigate to the Alerts Timeline page. See the -[Alerts Timeline](/docs/1secure/admin/alerts/timeline.md) topic for additional information. +[Alerts Timeline](/docs/1secure/admin/dashboard/alertstimeline.md) topic for additional information. ## Changes By Date diff --git a/docs/1secure/admin/dashboard/overview.md b/docs/1secure/admin/dashboard/overview.md new file mode 100644 index 0000000000..21abe3c125 --- /dev/null +++ b/docs/1secure/admin/dashboard/overview.md @@ -0,0 +1,125 @@ +--- +title: "1Secure Dashboard" +description: "1Secure Dashboard" +sidebar_position: 20 +--- + +# 1Secure Dashboard + +The Netwrix 1Secure dashboard provides an intuitive, single-pane-of-glass view of your clients +organizations, enabling managing organizations, such as Managed Service Providers (MSPs), to quickly +identify and prioritize what requires immediate attention. It displays the alerts triggered by +specific events, offering drill-down capabilities that enable you to access detailed information on +specific alerts and issues, ensuring timely and effective responses. See the +[Alerts](/docs/1secure/admin/alerts/alerts.md) topic for additional information on alerts. + +Click **Home** at the top of the page to access the dashboard. This page is also the default landing +page of the application when you sign in. + +![Dashboard Page for managing user](/img/product_docs/1secure/admin/dashboard/dashboardpage.webp) + +If you are a managed organization user, this page displays insights specific to your organization. +See the [Organization Statistics](/docs/1secure/admin/dashboard/organizationstatistics.md) topic for additional information. + +If you are a managing organization (MSP) user, this page provides insights for all your +organizations. + +Top 5 Triggered Alerts by Type + +This card displays a bar chart that highlights the five most frequently triggered alert types. Hover +over a bar to view the exact number of alerts for that type. Click a bar to navigate to the Alerts +Timeline page. See the [Alerts Timeline](/docs/1secure/admin/dashboard/alertstimeline.md) topic for additional information. + +Top 5 Organizations with Most Alerts + +This card displays a bar chart that highlights the five organizations with the highest number of +triggered alerts. Hover over a bar to view the exact number of alerts triggered for that +organization. Click a bar to navigate to the Alerts Timeline page. See the +[Alerts Timeline](/docs/1secure/admin/dashboard/alertstimeline.md) topic for additional information. + +Top 5 Organizations at Risk + +This card lists the five organizations with the highest risk levels. Each record includes the +organization’s name, risk level (high, medium, or low), and the number of risks detected. Click a +record to navigate to the Risk Assessment dashboard. See the +[Risk Assessment Dashboard](/docs/1secure/admin/riskprofiles/riskassessmentdashboard.md) topic for additional +information. + +Health Status + +This bar lists the different health statuses assigned to organizations in the Organizations list, +along with the number of organizations associated with each status. + +Organizations List + +This section lists all managed organizations with the following information: + +- Name – Displays the name of an organization. Click an organization name to navigate to the + Organization Statistics page. See the [Organization Statistics](/docs/1secure/admin/dashboard/organizationstatistics.md) topic + for additional information. + +- Alerts – Displays the total number of alerts triggered for the organization. Click the value to + navigate to the Alerts Timeline page. See the [Alerts Timeline](/docs/1secure/admin/dashboard/alertstimeline.md) topic for + additional information. +- Risk Level – Displays the risk level for the organization such as, high, medium, or low. Click the + value to navigate to the Risk Assessment dashboard. See the + [Risk Assessment Dashboard](/docs/1secure/admin/riskprofiles/riskassessmentdashboard.md) topic for additional + information. +- Users – Displays the total number of users in the organization along with their percentage share + with respect to the total number of users in the managed organizations (tenant) in 1Secure. Click + the value to navigate to the Billable Users page. See the + [System Reports](/docs/1secure/admin/searchandreports/system.md) topic for additional information. +- Status – Displays the current health status of the organization, which can be: Healthy, Trial in + Progress, New, Update Recommended, Needs Attention, Experiencing Issues, Offline, Disabled, Not + Configured, and Pending Deletion. Click the value to navigate to the Health Status for + Organization: `` pane. +- Tags – Displays the user defined tag(s) applied to the organization. + +Click a column header to sort the data in the organizations list by that column in ascending order. +An arrow appears next to the column name to indicate the sort order. Click the column header again +to sort the data in descending order. + +Add Organization + +Click the Add Organization button to add a new organization. See the +[Add Organizations](/docs/1secure/admin/organizations/addorganizations.md) topic for additional information. + +## Filter Data + +Multiple filters are available on this page to enable you to filter data as desired. You can apply +one or more filters at a time. + +**NOTE:** Some filters apply to all data displayed on this page, while others are specific to the +Organizations list. + +- Filter by Keyword – Type a search string (only alpha characters allowed) in the Filter by keyword + field and press Enter. The Organizations list displays the data that matches the specified + keyword. +- Alert – Select an alert type from the Alert drop-down menu. The organizations with alerts + triggered for the selected type are displayed in the list. By default, All is selected. +- Health Status – Select a health status from the Health Status drop-down menu. The organizations + with the selected heath status are displayed in the list. By default, All is selected . Other + statuses are: + + - Healthy + - Trial in Progress + - New + - Update Recommended + - Needs attention + - Experiencing Issues + - Offline + - Disabled + - Not configured + - Pending deletion + +- Tag – Select a tag from the Tag drop-down menu. The bar charts and the organizations list on the + dashboard display data for the organizations the tag is associated with. By default, All is + selected. +- Timeframe – Select a time period from the Timeframe drop-down menu. The charts and the listing on + the page display data for the selected time period. For example, if you select 7 Days, the data + will reflect information for the past 7 days. By default, 30 Days is selected. Options are: + + - 7 Days + - 30 Days + - 90 Days + - 365 Days diff --git a/docs/1secure/admin/datacollection/_category_.json b/docs/1secure/admin/datacollection/_category_.json new file mode 100644 index 0000000000..5a027931e9 --- /dev/null +++ b/docs/1secure/admin/datacollection/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Datacollection", + "position": 50, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/1secure/admin/datacollection/activedirectoryauditing/_category_.json b/docs/1secure/admin/datacollection/activedirectoryauditing/_category_.json new file mode 100644 index 0000000000..b8d226df12 --- /dev/null +++ b/docs/1secure/admin/datacollection/activedirectoryauditing/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Active Directory Auditing", + "position": 50, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "activedirectoryauditing" + } +} \ No newline at end of file diff --git a/docs/1secure/admin/datacollection/activedirectory/activedirectoryauditing.md b/docs/1secure/admin/datacollection/activedirectoryauditing/activedirectoryauditing.md similarity index 79% rename from docs/1secure/admin/datacollection/activedirectory/activedirectoryauditing.md rename to docs/1secure/admin/datacollection/activedirectoryauditing/activedirectoryauditing.md index 9491a3dee5..82f3f2f1e6 100644 --- a/docs/1secure/admin/datacollection/activedirectory/activedirectoryauditing.md +++ b/docs/1secure/admin/datacollection/activedirectoryauditing/activedirectoryauditing.md @@ -1,10 +1,7 @@ --- -id: active-directory-auditing title: "Active Directory Auditing" -pagination_label: "Active Directory Auditing" -sidebar_label: "Active Directory Auditing" -sidebar_position: 64 -description: "Learn how to configure accounts with specific permissions for Active Directory data collection." +description: "Active Directory Auditing" +sidebar_position: 50 --- # Active Directory Auditing @@ -25,10 +22,10 @@ following aspects: | | | | -------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | In the target domain | Account Permission Required | -| Do you plan to use [Network Traffic Compression](/docs/1secure/configuration/networktrafficcompression.md) for data processing? | If **YES**, account must belong to Domain Admin group. If **NO**, add an account to 'Manage auditing and security log' policy. See [Configure the Manage Auditing and Security Log Policy](/docs/1secure/admin/datacollection/activedirectory/manageauditingsecuritylog.md) for more information. | -| Do you plan to use AD Deleted Objects container for data processing? | If **YES**, account requires Read permission on the read container. See [Granting Permissions for 'Deleted Objects' Container](/docs/1secure/admin/datacollection/activedirectory/permissionsadcontainer.md) topic for more information. | -| Is auto-backup _enabled_ for the domain controller event logs? | If **YES**, account needs the following: - Access to specific registry key on the domain controllers. See[Assigning Permission To Read the Registry Key](/docs/1secure/admin/datacollection/activedirectory/permissionsregistrykeys.md) for additional information. - Membership in either Administrators, Print Operators, or Server Operators group. - Read/Write and Full Control permissions on the logs back up folder. | -| Is there an on-premises Exchange server in your Active Directory domain? | If **YES**, account needs the following: - Membership in the **Organization Management** or **Records Management** group or having Audit Logs management role. See [Assigning Management Roles](/docs/1secure/admin/datacollection/activedirectory/auditlogsrole.md) topic for additional information. - Adjustment of the Exchange Administrator Audit Logging settings. See [Configure Exchange Administrator Audit Logging Settings](/docs/1secure/admin/datacollection/activedirectory/auditlogging.md) topic for additional information. | +| Do you plan to use [Network Traffic Compression](/docs/1secure/configuration/networktrafficcompression.md) for data processing? | If **YES**, account must belong to Domain Admin group. If **NO**, add an account to 'Manage auditing and security log' policy. See [Configure the Manage Auditing and Security Log Policy](/docs/1secure/admin/datacollection/activedirectoryauditing/manageauditingsecuritylog.md) for more information. | +| Do you plan to use AD Deleted Objects container for data processing? | If **YES**, account requires Read permission on the read container. See [Granting Permissions for 'Deleted Objects' Container](/docs/1secure/admin/datacollection/activedirectoryauditing/permissionsadcontainer.md) topic for more information. | +| Is auto-backup _enabled_ for the domain controller event logs? | If **YES**, account needs the following: - Access to specific registry key on the domain controllers. See[Assigning Permission To Read the Registry Key](/docs/1secure/admin/datacollection/activedirectoryauditing/permissionsregistrykeys.md) for additional information. - Membership in either Administrators, Print Operators, or Server Operators group. - Read/Write and Full Control permissions on the logs back up folder. | +| Is there an on-premises Exchange server in your Active Directory domain? | If **YES**, account needs the following: - Membership in the **Organization Management** or **Records Management** group or having Audit Logs management role. See [Assigning Management Roles](/docs/1secure/admin/datacollection/activedirectoryauditing/auditlogsrole.md) topic for additional information. - Adjustment of the Exchange Administrator Audit Logging settings. See [Configure Exchange Administrator Audit Logging Settings](/docs/1secure/admin/datacollection/activedirectoryauditing/auditlogging.md) topic for additional information. | ## Use GMSA diff --git a/docs/1secure/admin/datacollection/activedirectory/auditlogging.md b/docs/1secure/admin/datacollection/activedirectoryauditing/auditlogging.md similarity index 93% rename from docs/1secure/admin/datacollection/activedirectory/auditlogging.md rename to docs/1secure/admin/datacollection/activedirectoryauditing/auditlogging.md index 7990e00404..f640198111 100644 --- a/docs/1secure/admin/datacollection/activedirectory/auditlogging.md +++ b/docs/1secure/admin/datacollection/activedirectoryauditing/auditlogging.md @@ -1,10 +1,7 @@ --- -id: configure-exchange-administrator-audit-logging-settings title: "Configure Exchange Administrator Audit Logging Settings" -pagination_label: "Configure Exchange Administrator Audit Logging Settings" -sidebar_label: "Configure Exchange Administrator Audit Logging Settings" -sidebar_position: 65 -description: "Learn how to configure Exchange Administrator Audit Logging settings for monitoring changes to Exchange servers." +description: "Configure Exchange Administrator Audit Logging Settings" +sidebar_position: 60 --- # Configure Exchange Administrator Audit Logging Settings diff --git a/docs/1secure/admin/datacollection/activedirectory/auditlogsrole.md b/docs/1secure/admin/datacollection/activedirectoryauditing/auditlogsrole.md similarity index 76% rename from docs/1secure/admin/datacollection/activedirectory/auditlogsrole.md rename to docs/1secure/admin/datacollection/activedirectoryauditing/auditlogsrole.md index 9f965a071e..7682c3696a 100644 --- a/docs/1secure/admin/datacollection/activedirectory/auditlogsrole.md +++ b/docs/1secure/admin/datacollection/activedirectoryauditing/auditlogsrole.md @@ -1,10 +1,7 @@ --- -id: assigning-management-roles title: "Assigning Management Roles" -pagination_label: "Assigning Management Roles" -sidebar_label: "Assigning Management Roles" -sidebar_position: 66 -description: "Learn how to assign required management roles to accounts for Exchange data collection." +description: "Assigning Management Roles" +sidebar_position: 10 --- # Assigning Management Roles diff --git a/docs/1secure/admin/datacollection/activedirectory/logonasbatch.md b/docs/1secure/admin/datacollection/activedirectoryauditing/logonasbatch.md similarity index 91% rename from docs/1secure/admin/datacollection/activedirectory/logonasbatch.md rename to docs/1secure/admin/datacollection/activedirectoryauditing/logonasbatch.md index c0249a06bc..75bd223642 100644 --- a/docs/1secure/admin/datacollection/activedirectory/logonasbatch.md +++ b/docs/1secure/admin/datacollection/activedirectoryauditing/logonasbatch.md @@ -1,10 +1,7 @@ --- -id: define-log-on-as-a-batch-job-policy title: "Define Log On As a Batch Job Policy" -pagination_label: "Define Log On As a Batch Job Policy" -sidebar_label: "Define Log On As a Batch Job Policy" -sidebar_position: 67 -description: "Learn how to configure Log On As a Batch Job policy for Data Processing Account access." +description: "Define Log On As a Batch Job Policy" +sidebar_position: 50 --- # Define Log On As a Batch Job Policy diff --git a/docs/1secure/admin/datacollection/activedirectory/manageauditingsecuritylog.md b/docs/1secure/admin/datacollection/activedirectoryauditing/manageauditingsecuritylog.md similarity index 82% rename from docs/1secure/admin/datacollection/activedirectory/manageauditingsecuritylog.md rename to docs/1secure/admin/datacollection/activedirectoryauditing/manageauditingsecuritylog.md index 108f8b81bd..db2121666d 100644 --- a/docs/1secure/admin/datacollection/activedirectory/manageauditingsecuritylog.md +++ b/docs/1secure/admin/datacollection/activedirectoryauditing/manageauditingsecuritylog.md @@ -1,10 +1,7 @@ --- -id: configure-the-manage-auditing-and-security-log-policy title: "Configure the Manage Auditing and Security Log Policy" -pagination_label: "Configure the Manage Auditing and Security Log Policy" -sidebar_label: "Configure the Manage Auditing and Security Log Policy" -sidebar_position: 68 -description: "Learn how to configure Manage Auditing and Security Log policy for non-Domain Admin data collection accounts." +description: "Configure the Manage Auditing and Security Log Policy" +sidebar_position: 30 --- # Configure the Manage Auditing and Security Log Policy diff --git a/docs/1secure/admin/datacollection/activedirectory/permissionsadcontainer.md b/docs/1secure/admin/datacollection/activedirectoryauditing/permissionsadcontainer.md similarity index 82% rename from docs/1secure/admin/datacollection/activedirectory/permissionsadcontainer.md rename to docs/1secure/admin/datacollection/activedirectoryauditing/permissionsadcontainer.md index b954c97488..ab2739ad71 100644 --- a/docs/1secure/admin/datacollection/activedirectory/permissionsadcontainer.md +++ b/docs/1secure/admin/datacollection/activedirectoryauditing/permissionsadcontainer.md @@ -1,10 +1,7 @@ --- -id: granting-permissions-for-deleted-objects-container title: "Granting Permissions for 'Deleted Objects' Container" -pagination_label: "Granting Permissions for 'Deleted Objects' Container" -sidebar_label: "Granting Permissions for 'Deleted Objects' Container" -sidebar_position: 69 -description: "Learn how to grant permissions for the Deleted Objects container for non-Domain Admin data collection accounts." +description: "Granting Permissions for 'Deleted Objects' Container" +sidebar_position: 20 --- # Granting Permissions for 'Deleted Objects' Container diff --git a/docs/1secure/admin/datacollection/activedirectory/permissionsregistrykeys.md b/docs/1secure/admin/datacollection/activedirectoryauditing/permissionsregistrykeys.md similarity index 90% rename from docs/1secure/admin/datacollection/activedirectory/permissionsregistrykeys.md rename to docs/1secure/admin/datacollection/activedirectoryauditing/permissionsregistrykeys.md index aa0b494539..d1eeb59c89 100644 --- a/docs/1secure/admin/datacollection/activedirectory/permissionsregistrykeys.md +++ b/docs/1secure/admin/datacollection/activedirectoryauditing/permissionsregistrykeys.md @@ -1,10 +1,7 @@ --- -id: assigning-permission-to-read-the-registry-key title: "Assigning Permission To Read the Registry Key" -pagination_label: "Assigning Permission To Read the Registry Key" -sidebar_label: "Assigning Permission To Read the Registry Key" -sidebar_position: 70 -description: "Learn how to assign registry key read permissions for data collection accounts on domain controllers." +description: "Assigning Permission To Read the Registry Key" +sidebar_position: 40 --- # Assigning Permission To Read the Registry Key diff --git a/docs/1secure/admin/datacollection/computer/_category_.json b/docs/1secure/admin/datacollection/computer/_category_.json new file mode 100644 index 0000000000..5bc401b801 --- /dev/null +++ b/docs/1secure/admin/datacollection/computer/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Computer Auditing", + "position": 60, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/1secure/admin/datacollection/computer/backupfilesdirectories.md b/docs/1secure/admin/datacollection/computer/backupfilesdirectories.md index 54d87baedc..9e2769a7e4 100644 --- a/docs/1secure/admin/datacollection/computer/backupfilesdirectories.md +++ b/docs/1secure/admin/datacollection/computer/backupfilesdirectories.md @@ -1,10 +1,7 @@ --- -id: configure-the-back-up-files-and-directories-policy title: "Configure the Back up Files and Directories Policy" -pagination_label: "Configure the Back up Files and Directories Policy" -sidebar_label: "Configure the Back up Files and Directories Policy" -sidebar_position: 72 -description: "Learn how to configure the Back up Files and Directories policy using Local Security Policy or Group Policy Management Console." +description: "Configure the Back up Files and Directories Policy" +sidebar_position: 10 --- # Configure the Back up Files and Directories Policy diff --git a/docs/1secure/admin/datacollection/computer/index.md b/docs/1secure/admin/datacollection/computer/index.md deleted file mode 100644 index 4c6bd24073..0000000000 --- a/docs/1secure/admin/datacollection/computer/index.md +++ /dev/null @@ -1,37 +0,0 @@ ---- -id: computer-auditing -title: "Computer Auditing" -pagination_label: "Computer Auditing" -sidebar_label: "Computer Auditing" -sidebar_position: 71 -description: "Learn how to configure data collection accounts for Computer source auditing with required policies and permissions." ---- - -# Computer Auditing - -Before adding a Computer source, plan for the account that will be used for data collection. You -will provide this account when adding the source. - -Data Collection Accounts should meet the following policies and permissions: - -- The \_**\_Manage auditing and security log\_\_**and Backup files and directories policies must be - defined for this account. See the - [Configure the Manage Auditing and Security Log Policy](/docs/1secure/admin/datacollection/activedirectory/manageauditingsecuritylog.md) - and [Configure the Back up Files and Directories Policy](/docs/1secure/admin/datacollection/computer/backupfilesdirectories.md) topics for - additional information. -- The **Read** share permission on the audited shared folders. -- The **Read** NTFS permission on all objects in the audited folders. - -**NOTE:** If you want to use network traffic compression, data collecting account on the target -server must be a member of the local Administrators group. - -You can also use group Managed Service Accounts (gMSA) as a data collecting account. For more -information on gMSA, see the following: - -- [Using Group Managed Service Account (gMSA)](/docs/1secure/admin/datacollection/gmsa.md) - -- Microsoft article: - [Group Managed Service Accounts Overview](https://docs.microsoft.com/en-us/windows-server/security/group-managed-service-accounts/group-managed-service-accounts-overview) - -On the **Netwrix Cloud Agent**'s host, the gMSA account must be a member of the local Administrators -group. diff --git a/docs/1secure/admin/datacollection/computer/overview.md b/docs/1secure/admin/datacollection/computer/overview.md new file mode 100644 index 0000000000..05ed8c4b60 --- /dev/null +++ b/docs/1secure/admin/datacollection/computer/overview.md @@ -0,0 +1,34 @@ +--- +title: "Computer Auditing" +description: "Computer Auditing" +sidebar_position: 60 +--- + +# Computer Auditing + +Before adding a Computer source, plan for the account that will be used for data collection. You +will provide this account when adding the source. + +Data Collection Accounts should meet the following policies and permissions: + +- The \_**\_Manage auditing and security log\_\_**and Backup files and directories policies must be + defined for this account. See the + [Configure the Manage Auditing and Security Log Policy](/docs/1secure/admin/datacollection/activedirectoryauditing/manageauditingsecuritylog.md) + and [Configure the Back up Files and Directories Policy](/docs/1secure/admin/datacollection/computer/backupfilesdirectories.md) topics for + additional information. +- The **Read** share permission on the audited shared folders. +- The **Read** NTFS permission on all objects in the audited folders. + +**NOTE:** If you want to use network traffic compression, data collecting account on the target +server must be a member of the local Administrators group. + +You can also use group Managed Service Accounts (gMSA) as a data collecting account. For more +information on gMSA, see the following: + +- [Using Group Managed Service Account (gMSA)](/docs/1secure/admin/datacollection/gmsa.md) + +- Microsoft article: + [Group Managed Service Accounts Overview](https://docs.microsoft.com/en-us/windows-server/security/group-managed-service-accounts/group-managed-service-accounts-overview) + +On the **Netwrix Cloud Agent**'s host, the gMSA account must be a member of the local Administrators +group. diff --git a/docs/1secure/admin/datacollection/datacollectingaccount.md b/docs/1secure/admin/datacollection/datacollectingaccount.md deleted file mode 100644 index 531c9c5951..0000000000 --- a/docs/1secure/admin/datacollection/datacollectingaccount.md +++ /dev/null @@ -1,28 +0,0 @@ ---- -id: data-collecting-account -title: "Data Collecting Account" -pagination_label: "Data Collecting Account" -sidebar_label: "Data Collecting Account" -sidebar_position: 59 -description: "Learn about service accounts used by 1Secure to collect audit data from monitored systems and their requirements." ---- - -# Data Collecting Account - -The data collecting account is a service account that Netwrix 1Secure uses to collect audit data -from the monitored items (domains, OUs, servers, etc.). Netwrix recommends creating a dedicated -service account for that purpose. Depending on the data source and connector, the account must meet -the corresponding requirements (see the table below). - -You can use group Managed Service Account (gMSA) as data collecting account. See the -[Using Group Managed Service Account (gMSA)](/docs/1secure/admin/datacollection/gmsa.md) topic for additional information. - -Currently, the following data sources are supported: - -| Data source | Provided connectors | Required rights and permissions: | -| ----------------- | ------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------- | -| Active Directory | Active Directory Activity Active Directory Logons | [Active Directory Auditing](/docs/1secure/admin/datacollection/activedirectory/activedirectoryauditing.md) [Logon Activity Auditing](/docs/1secure/admin/datacollection/logonactivity/index.md) | -| Azure AD | Azure AD Activity Azure AD Logons | [Microsoft Entra ID Auditing](/docs/1secure/admin/datacollection/entraid.md) | -| Computer | File Server Activity | [Computer Auditing](/docs/1secure/admin/datacollection/computer/index.md) | -| SharePoint Online | SharePoint Online Activity | [SharePoint Online Auditing](/docs/1secure/admin/datacollection/sharepointonline.md) | -| Exchange Online | Exchange Online Activity | [Exchange Online Auditing](/docs/1secure/admin/datacollection/exchangeonline.md) | diff --git a/docs/1secure/admin/datacollection/entraid.md b/docs/1secure/admin/datacollection/entraid.md index 8ffca6475d..8f3700ea1f 100644 --- a/docs/1secure/admin/datacollection/entraid.md +++ b/docs/1secure/admin/datacollection/entraid.md @@ -1,10 +1,7 @@ --- -id: microsoft-entra-id-auditing title: "Microsoft Entra ID Auditing" -pagination_label: "Microsoft Entra ID Auditing" -sidebar_label: "Microsoft Entra ID Auditing" -sidebar_position: 60 -description: "Learn how to configure Microsoft Entra ID auditing for Office 365 organizations with modern authentication." +description: "Microsoft Entra ID Auditing" +sidebar_position: 20 --- # Microsoft Entra ID Auditing @@ -24,5 +21,5 @@ settings to Netwrix 1Secure when configuring a monitored item. Support for modern authentication will allow you to audit the organizations where MFA is enabled for all users, including service accounts. See the -[App Registration and Configuration in Microsoft Entra ID](/docs/1secure/configuration/entraid/registerconfig.md) +[App Registration and Configuration in Microsoft Entra ID](/docs/1secure/configuration/registerconfig/registerconfig.md) topic for additional information. diff --git a/docs/1secure/admin/datacollection/exchangeonline.md b/docs/1secure/admin/datacollection/exchangeonline.md index f3cc48101b..f19591ec76 100644 --- a/docs/1secure/admin/datacollection/exchangeonline.md +++ b/docs/1secure/admin/datacollection/exchangeonline.md @@ -1,10 +1,7 @@ --- -id: exchange-online-auditing title: "Exchange Online Auditing" -pagination_label: "Exchange Online Auditing" -sidebar_label: "Exchange Online Auditing" -sidebar_position: 61 -description: "Learn how to configure Exchange Online auditing with dedicated Microsoft Entra ID applications." +description: "Exchange Online Auditing" +sidebar_position: 40 --- # Exchange Online Auditing @@ -16,5 +13,5 @@ tenant) settings. Netwrix 1Secure will access the cloud-based Office 365 infrastructure using a dedicated Microsoft Entra ID application, formerly Azure AD. This app should be created manually by user with administrative role and assigned required permissions. See the -[App Registration and Configuration in Microsoft Entra ID](/docs/1secure/configuration/entraid/registerconfig.md) +[App Registration and Configuration in Microsoft Entra ID](/docs/1secure/configuration/registerconfig/registerconfig.md) topic for additional information. diff --git a/docs/1secure/admin/datacollection/gmsa.md b/docs/1secure/admin/datacollection/gmsa.md index 4cd7d3dd4a..80618295a4 100644 --- a/docs/1secure/admin/datacollection/gmsa.md +++ b/docs/1secure/admin/datacollection/gmsa.md @@ -1,10 +1,7 @@ --- -id: using-group-managed-service-account-gmsa title: "Using Group Managed Service Account (gMSA)" -pagination_label: "Using Group Managed Service Account (gMSA)" -sidebar_label: "Using Group Managed Service Account (gMSA)" -sidebar_position: 62 -description: "Learn how to use Group Managed Service Accounts for simplified data collection and storage administration." +description: "Using Group Managed Service Account (gMSA)" +sidebar_position: 80 --- # Using Group Managed Service Account (gMSA) @@ -97,4 +94,4 @@ To create a new gMSA in the root domain using PowerShell: ended with $, here __NCASrv$\_\_ To learn about the data collecting account, which collects data from the monitored items, go -to [Data Collecting Account](/docs/1secure/admin/datacollection/datacollectingaccount.md) article. +to [Data Collecting Account](/docs/1secure/admin/datacollection/overview.md) article. diff --git a/docs/1secure/admin/datacollection/logonactivity/_category_.json b/docs/1secure/admin/datacollection/logonactivity/_category_.json new file mode 100644 index 0000000000..49baa75520 --- /dev/null +++ b/docs/1secure/admin/datacollection/logonactivity/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Logon Activity Auditing", + "position": 70, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/1secure/admin/datacollection/logonactivity/index.md b/docs/1secure/admin/datacollection/logonactivity/index.md deleted file mode 100644 index 24c5fb042b..0000000000 --- a/docs/1secure/admin/datacollection/logonactivity/index.md +++ /dev/null @@ -1,24 +0,0 @@ ---- -id: logon-activity-auditing -title: "Logon Activity Auditing" -pagination_label: "Logon Activity Auditing" -sidebar_label: "Logon Activity Auditing" -sidebar_position: 73 -description: "Learn how to configure domain accounts for logon activity data collection with network traffic compression requirements." ---- - -# Logon Activity Auditing - -Before you start adding the logon activity connector in your domain, plan for the domain account -that will be used for data collection – it should meet the requirements listed below. Then you will -provide this account in the Netwrix 1Secure configuration window. - -Depending on the network traffic compression setting you need to use, one of the following is -required: - -- If network traffic compression is enabled, then the account must belong to the Domain Admins - group; -- If network traffic compression is disabled, then you can choose between account which belongs to - the Domain Admins group or non-administrative account. See - [Configure Non-Administrative Account to Collect Logon Activity ](/docs/1secure/admin/datacollection/logonactivity/nondomainadmin.md)for more - information; diff --git a/docs/1secure/admin/datacollection/logonactivity/nondomainadmin.md b/docs/1secure/admin/datacollection/logonactivity/nondomainadmin.md index 2690ac4a17..2451c638f3 100644 --- a/docs/1secure/admin/datacollection/logonactivity/nondomainadmin.md +++ b/docs/1secure/admin/datacollection/logonactivity/nondomainadmin.md @@ -1,10 +1,7 @@ --- -id: configure-non-administrative-account-to-collect-logon-activity title: "Configure Non-Administrative Account to Collect Logon Activity" -pagination_label: "Configure Non-Administrative Account to Collect Logon Activity" -sidebar_label: "Configure Non-Administrative Account to Collect Logon Activity" -sidebar_position: 74 -description: "Learn how to configure non-administrative accounts with minimum rights for logon activity collection." +description: "Configure Non-Administrative Account to Collect Logon Activity" +sidebar_position: 10 --- # Configure Non-Administrative Account to Collect Logon Activity @@ -24,9 +21,9 @@ Do the following: - Back up files and directories. [Configure the Back up Files and Directories Policy](/docs/1secure/admin/datacollection/computer/backupfilesdirectories.md) -- Log on as a batch job. [Define Log On As a Batch Job Policy](/docs/1secure/admin/datacollection/activedirectory/logonasbatch.md) +- Log on as a batch job. [Define Log On As a Batch Job Policy](/docs/1secure/admin/datacollection/activedirectoryauditing/logonasbatch.md) - Manage auditing and security log. - [Configure the Manage Auditing and Security Log Policy](/docs/1secure/admin/datacollection/activedirectory/manageauditingsecuritylog.md) + [Configure the Manage Auditing and Security Log Policy](/docs/1secure/admin/datacollection/activedirectoryauditing/manageauditingsecuritylog.md) **Step 2 –** Grant the _Read_ permission on the following registry keys to this user: @@ -34,5 +31,5 @@ Do the following: - `HKEY_LOCAL_MACHINE`\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg - `HKEY_LOCAL_MACHINE`\SYSTEM\CurrentControlSet\Services\EventLog\Security -[Assigning Permission To Read the Registry Key](/docs/1secure/admin/datacollection/activedirectory/permissionsregistrykeys.md) how +[Assigning Permission To Read the Registry Key](/docs/1secure/admin/datacollection/activedirectoryauditing/permissionsregistrykeys.md) how to do it using Registry Editor. diff --git a/docs/1secure/admin/datacollection/logonactivity/overview.md b/docs/1secure/admin/datacollection/logonactivity/overview.md new file mode 100644 index 0000000000..e02a594c22 --- /dev/null +++ b/docs/1secure/admin/datacollection/logonactivity/overview.md @@ -0,0 +1,21 @@ +--- +title: "Logon Activity Auditing" +description: "Logon Activity Auditing" +sidebar_position: 70 +--- + +# Logon Activity Auditing + +Before you start adding the logon activity connector in your domain, plan for the domain account +that will be used for data collection – it should meet the requirements listed below. Then you will +provide this account in the Netwrix 1Secure configuration window. + +Depending on the network traffic compression setting you need to use, one of the following is +required: + +- If network traffic compression is enabled, then the account must belong to the Domain Admins + group; +- If network traffic compression is disabled, then you can choose between account which belongs to + the Domain Admins group or non-administrative account. See + [Configure Non-Administrative Account to Collect Logon Activity ](/docs/1secure/admin/datacollection/logonactivity/nondomainadmin.md)for more + information; diff --git a/docs/1secure/admin/datacollection/overview.md b/docs/1secure/admin/datacollection/overview.md new file mode 100644 index 0000000000..7c9daccd6f --- /dev/null +++ b/docs/1secure/admin/datacollection/overview.md @@ -0,0 +1,25 @@ +--- +title: "Data Collecting Account" +description: "Data Collecting Account" +sidebar_position: 10 +--- + +# Data Collecting Account + +The data collecting account is a service account that Netwrix 1Secure uses to collect audit data +from the monitored items (domains, OUs, servers, etc.). Netwrix recommends creating a dedicated +service account for that purpose. Depending on the data source and connector, the account must meet +the corresponding requirements (see the table below). + +You can use group Managed Service Account (gMSA) as data collecting account. See the +[Using Group Managed Service Account (gMSA)](/docs/1secure/admin/datacollection/gmsa.md) topic for additional information. + +Currently, the following data sources are supported: + +| Data source | Provided connectors | Required rights and permissions: | +| ----------------- | ------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------- | +| Active Directory | Active Directory Activity Active Directory Logons | [Active Directory Auditing](/docs/1secure/admin/datacollection/activedirectoryauditing/activedirectoryauditing.md) [Logon Activity Auditing](/docs/1secure/admin/datacollection/logonactivity/overview.md) | +| Azure AD | Azure AD Activity Azure AD Logons | [Microsoft Entra ID Auditing](/docs/1secure/admin/datacollection/entraid.md) | +| Computer | File Server Activity | [Computer Auditing](/docs/1secure/admin/datacollection/computer/overview.md) | +| SharePoint Online | SharePoint Online Activity | [SharePoint Online Auditing](/docs/1secure/admin/datacollection/sharepointonline.md) | +| Exchange Online | Exchange Online Activity | [Exchange Online Auditing](/docs/1secure/admin/datacollection/exchangeonline.md) | diff --git a/docs/1secure/admin/datacollection/sharepointonline.md b/docs/1secure/admin/datacollection/sharepointonline.md index 2acd515b8b..c51dc39c47 100644 --- a/docs/1secure/admin/datacollection/sharepointonline.md +++ b/docs/1secure/admin/datacollection/sharepointonline.md @@ -1,10 +1,7 @@ --- -id: sharepoint-online-auditing title: "SharePoint Online Auditing" -pagination_label: "SharePoint Online Auditing" -sidebar_label: "SharePoint Online Auditing" -sidebar_position: 63 -description: "Learn how to configure SharePoint Online auditing for Office 365 organizations with modern authentication." +description: "SharePoint Online Auditing" +sidebar_position: 30 --- # SharePoint Online Auditing @@ -13,7 +10,7 @@ Netwrix 1Secure allows you to audit Office 365 organizations that have establish authentication as their identity management approach, including support for [multi-factor authentication (MFA)](https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-mfa-howitworks). See the Microsoft -[App Registration and Configuration in Microsoft Entra ID](/docs/1secure/configuration/entraid/registerconfig.md) +[App Registration and Configuration in Microsoft Entra ID](/docs/1secure/configuration/registerconfig/registerconfig.md) article for additional information. In this scenario, Netwrix 1Secure will access the cloud-based infrastructure via Microsoft Graph and @@ -25,7 +22,7 @@ app and provide its settings to Netwrix 1Securewhen adding a SharePoint Online d Support for modern authentication will allow you to audit the organizations where MFA is enabled for all users, including service accounts. See the -[App Registration and Configuration in Microsoft Entra ID](/docs/1secure/configuration/entraid/registerconfig.md) +[App Registration and Configuration in Microsoft Entra ID](/docs/1secure/configuration/registerconfig/registerconfig.md) topic for additional information. ## Configure SharePoint Online Auditing @@ -37,7 +34,7 @@ administrative role will be required: Microsoft Entra ID application should be created manually by user with administrative role and assigned required permissions. This app will allow you to collect activity. See the -[App Registration and Configuration in Microsoft Entra ID](/docs/1secure/configuration/entraid/registerconfig.md) +[App Registration and Configuration in Microsoft Entra ID](/docs/1secure/configuration/registerconfig/registerconfig.md) topic for additional information. ## diff --git a/docs/1secure/admin/howitworks.md b/docs/1secure/admin/howitworks.md new file mode 100644 index 0000000000..f31fbba46c --- /dev/null +++ b/docs/1secure/admin/howitworks.md @@ -0,0 +1,30 @@ +--- +title: "How It Works" +description: "How It Works" +sidebar_position: 110 +--- + +# How It Works + +Netwrix 1Secure is a Microsoft Azure hosted, multi-tenant SaaS application that provides a single +location to manage both on-premises and cloud environments. Solution architecture and components +interactions are shown in the figure below. + +![overview_table](/img/product_docs/1secure/admin/overview_table.webp) + +Netwrix 1Secure On-Prem Agent is a lightweight Windows service which you deploy in your network. The +agent collects aggregated data from your on-premises Netwrix 1SecureAPI and/or uploads the data to +your Netwrix 1Secure tenant via REST API calls over HTTPS every 15 minutes. + +Netwrix 1SecureAPI or Azure Function App receives the data from Netwrix 1Secure On-Prem Agent. +Token-based authentication is used for verification between the Netwrix 1Secure API and the agent. +The service behind the Netwrix stores the data in the Azure SQL Database. The data is segregated by +tenant (organization). + +All the activity records are stored in the Cosmos Database. The configuration settings, source +management, alerts are stored in the Main Database. + +Netwrix 1Secure Website is the presentation layer of the product that retrieves data from the Azure +SQL database and presents it to users. Users can access this web portal with their corporate +credentials using Azure AD Authentication (OAuth 2.0). Data is retrieved via API calls made on the +user's behalf. \ No newline at end of file diff --git a/docs/1secure/admin/index.md b/docs/1secure/admin/index.md deleted file mode 100644 index d0f5e3907b..0000000000 --- a/docs/1secure/admin/index.md +++ /dev/null @@ -1,16 +0,0 @@ ---- -id: admin -title: "Admin" -pagination_label: "Admin" -sidebar_label: "Admin" -sidebar_position: 100 -description: "Administrative documentation and configuration guides for 1Secure management and operations." ---- - -# Admin - -```mdx-code-block -import DocCardList from '@theme/DocCardList'; - - -``` \ No newline at end of file diff --git a/docs/1secure/admin/login.md b/docs/1secure/admin/login.md deleted file mode 100644 index d355e052ba..0000000000 --- a/docs/1secure/admin/login.md +++ /dev/null @@ -1,249 +0,0 @@ ---- -id: first-login-to-1secure -title: "First Login to 1Secure" -pagination_label: "First Login to 1Secure" -sidebar_label: "First Login to 1Secure" -sidebar_position: 10 -description: "Learn how to complete your first login to 1Secure and activate your MSP account." ---- - -# First Login to 1Secure - -This topic describes how an MSP can access the 1Secure tenant for the first time, activate their -account, and complete the initial login. After logging in, the MSP can add users to the tenant and -assign them roles based on the required access levels. - -When the Netwrix team adds a new user account for your organization, you will receive an email -invitation. This email will be sent from "noreply-account@netwrix.com" and will have the subject -"Welcome to Netwrix 1Secure". - -This email includes a unique access link to product’s web portal. You need to activate your account -via the link within 2 days. If it expires, you will need to follow the link and request a new -activation link. - -![accountactivation](/img/product_docs/1secure/admin/login/accountactivation.webp) - -## Activate an Account - -Follow the steps to activate an account: - -**Step 1 –** Open the invitation email and do one of the following: - -- Click the **Activate my Netwrix account** button -- Click the account activation link included in the email. - -The Change Your Password page is displayed. - -![Change Your Password page](/img/product_docs/1secure/admin/login/changepassword.webp) - -**Step 2 –** In the **New password** field, enter a password to set for your account. - -**Step 3 –** In the **Re-enter new password** field, enter the same password again to confirm. - -**Step 4 –** Click the **Reset Password** button. The account is now activated, and your password -has been set. - -Once you have set your account password, log in to 1Secure with your credentials. See the -[Log In](#log-in) topic for additional information. - -## Log In - -Follow the steps to log in to 1Secure. - -**Step 1 –** Open the invitation email and click the Netwrix 1Secure tenant link. You are navigated -to the 1Secure login page. - -![Log In page](/img/product_docs/1secure/admin/login/companylogin.webp) - -**Step 2 –** On the login page, click the **Log In** button. - -**Step 3 –** In the Email address field, specify a valid email address registered with 1Secure, then -click **Continue**. The Enter Your Password page is displayed. - -![Enter Your Password page](/img/product_docs/1secure/admin/login/passwordpage.webp) - -**Step 4 –** In the Password field, specify the valid password for the email address, then click -**Continue**. The Keep Your Account Safe page is displayed, prompting you to choose an -authentication method. When logging in for the first time, you must authorize your account using -multi-factor authentication. - -![Keep Your Account Safe page](/img/product_docs/1secure/admin/login/authenticationmethods.webp) - -**Step 5 –** Click **Google Authenticator or Similar** or **Security Key** to select an -authentication method. After that, one of the following happens: - -- If you selected Google Authenticator or Similar option, you will be navigated to Secure Your - Account page. Scan the QR code using your preferred authenticator app and then enter the provided - one time code in the **Enter one time code** field. See the documentation of your authenticator - app for additional information. -- If you selected Security Key option, you will be navigated to the Adding Your Security Key page. - See the - [Set up a security key as your verification method](https://support.microsoft.com/en-us/account-billing/set-up-a-security-key-as-your-verification-method-2911cacd-efa5-4593-ae22-e09ae14c6698) - article for additional information. - -After successful authorization, You are redirected to the dashboard. See the -[1Secure Dashboard](/docs/1secure/admin/dashboard/index.md) topic for additional information. - -Once the initial login is completed, an MSP can configure Single Sign On (SSO) using supported -authentication services, including Entra ID, 1Secure Authentication, or OpenID Connect. See the -[SSO Configuration with Authentication Services](#sso-configuration-with-authentication-services) -topic for additional information. - -### Reset Password - -Follow the steps to reset the password of an account: - -**Step 1 –** Navigate to the company's login page. - -**Step 2 –** On the login page, click the **Log In** button. - -**Step 3 –** In the Email address field, specify a valid email address registered with 1Secure, then -click **Continue**. The Enter Your Password page is displayed. - -![Enter Your Password page](/img/product_docs/1secure/admin/login/passwordpage.webp) - -**Step 4 –** Click the **Forgot password** link. The Change Your Password page is displayed. - -![Change Your Password page](/img/product_docs/1secure/admin/login/changepassword.webp) - -**Step 5 –** In the **New password** field, enter a password to set for your account. - -**Step 6 –** In the **Re-enter new password** field, enter the same password again to confirm. - -**Step 7 –** Click the **Reset Password** button. The password of the account has been reset. - -Once you have reset your account password, log in to 1Secure with your new credentials. - -## Single Sign On - -Single Sign On (SSO) is a powerful authentication process that enhances security and improves user -experience by allowing users to access multiple applications with a single set of login credentials. -Single Sign On (SSO) allows you to log in to 1Secure using Microsoft Entra ID or Open ID Connect -credentials. It enhances the user experience by enabling access with existing organizational -credentials. - -### Log In Through Single Sign On - -Users can log in to the 1Secure tenant using Single Sign On (SSO) if their accounts are added to the -authentication provider configured for the tenant. For example, if Microsoft Entra ID is configured -as the authentication provider and its users are added to 1Secure, they can log in to the 1Secure -tenant with their Microsoft Entra ID credentials. - -When the Netwrix team adds a new user account for your organization, you will receive an email -invitation. This email will be sent from "noreply-account@netwrix.com" and will have the subject -"Welcome to Netwrix 1Secure". - -![1Secure Invitation Email](/img/product_docs/1secure/admin/login/1secureinvitation-sso.webp) - -**Step 1 –** Click **Access 1Secure** button in the invitation email. You are navigated to the -1Secure login page. - -![Log In page](/img/product_docs/1secure/admin/login/companylogin.webp) - -**Step 2 –** On the login page, click the **Log In** button. - -**Step 3 –** In the Email address field, specify a valid email address registered with 1Secure, then -click **Continue**. Based on your authentication status, one of the following will occur: - -- If you are logged out of your authentication provider, you will be redirected to the - authentication provider's login page. For example, if you are using Microsoft Entra ID, you will - be redirected to the Microsoft Entra ID login page. Authenticate using your credentials. After - successful authentication, you will be logged in to 1Secure. -- If you are already logged in to your authentication provider, then you will be directly logged in - to 1Secure application. - -### SSO Configuration with Authentication Services - -To enable Single Sign-On (SSO) for tenant users, an MSP must configure SSO using one of the -following authentication services: - -- [Configure SSO with Microsoft Entra ID Authentication](#configure-sso-with-microsoft-entra-id-authentication) -- [Configure SSO with OpenID Connect Authentication](#configure-sso-with-openid-connect-authentication) - -**NOTE:** When you first log in to 1Secure, SSO is not enabled, and 1Secure Authentication is -applied by default. This method requires Multi-factor authentication (MFA) to verify your identity -for secure access. See the [Log In](/docs/1secure/admin/index.md) topic for additional information on -Multi-factor authentication. - -#### Configure SSO with Microsoft Entra ID Authentication - -Follow the steps to configure SSO with Microsoft Entra ID authentication. - -**Step 1 –** Click **Configuration** in the top bar. The Managed organizations page is displayed, -that lists the managed organizations defined in 1Secure. - -**Step 2 –** In the left pane, click **My organization**. The My organization page is displayed - -![My Organization page](/img/product_docs/1secure/admin/login/myorg_authentication.webp) - -**Step 3 –** Under Authentication section, click **Edit Settings**. The Authentication settings pane -is displayed. - -**Step 4 –** In Method drop-down menu, select **Entra ID**. - -![Authentication Settings pane](/img/product_docs/1secure/admin/login/entraidauth.webp) - -**Step 5 –** In Client ID field, specify the client ID of the app registered in Microsoft Entra ID. -See the -[Register an App in Microsoft Entra ID For Authentication](#register-an-app-in-microsoft-entra-id-for-authentication) topic -for additional information. - -**Step 6 –** Click **Save**. The Single Sing-On (SSO) is configured with Microsoft Entra ID -authentication. - -#### Configure SSO with OpenID Connect Authentication - -Follow the steps to configure SSO with OpenID Connect authentication. - -**Step 1 –** Click **Configuration** in the top bar. The Managed organizations page is displayed, -that lists the managed organizations defined in 1Secure. - -**Step 2 –** In the left pane, click **My organization**. The My organization page is displayed - -![My Organization page](/img/product_docs/1secure/admin/login/myorg_authentication.webp) - -**Step 3 –** Under Authentication section, click **Edit Settings**. The Authentication settings pane -is displayed. - -**Step 4 –** In Method drop-down menu, select **OpenID Connect**. - -![Authentication Settings pane](/img/product_docs/1secure/admin/login/openidconnectauth.webp) - -**Step 5 –** In Client ID field, specify the client ID of the OpenID application that 1Secure uses -to communicate with the OpenID provider. - -**Step 6 –** In Discovery url field, specify the Discovery URL of the OpenID application. - -**Step 7 –** Click **Save**. The Single Sign On (SSO) is configured with OpenID Connect -authentication. - -#### Register an App in Microsoft Entra ID For Authentication - -To configure Single Sign On (SSO) with Microsoft Entra ID authentication, register an application in -the Microsoft Microsoft Entra ID by following the steps mentioned below. - -**Step 1 –** Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com/). - -**Step 2 –** On the left navigation menu, navigate to **Identity** > **Applications** > **App -registrations** page. - -**Step 3 –** On the App registrations page, click **New registration** in the top toolbar. The -Register an application page is displayed. - -**Step 4 –** Specify the following information on the Register an application page: - -- Name – Enter a user-facing display name for the application, for example, Netwrix 1Secure Entra ID -- Supported account types – Select **Accounts in this organizational directory only** -- Platform – Select the **Web** platform in the drop-down menu -- Redirect URL (optional) – Enter **https://auth.netwrix.com/login/callback** - -**Step 5 –** Click **Register**. - -The Overview page for the newly registered application opens. The following settings of the -registered application are required while configuring Single Sign on (SSO) with Entra ID in 1Secure. -It is recommended to copy these settings and keep them safe. - -- Application (client) ID – A client ID for the registered application -- Directory (tenant) ID – A tenant ID for the registered application -- Client Secret – A client secret value generated when a new client secret key is created for the - registered application. See the [Generate Client Secret Value](/docs/1secure/configuration/entraid/registerconfig.md#generate-client-secret-value) topic for additional information. \ No newline at end of file diff --git a/docs/1secure/admin/login/_category_.json b/docs/1secure/admin/login/_category_.json new file mode 100644 index 0000000000..869d9559d7 --- /dev/null +++ b/docs/1secure/admin/login/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "First Login to 1Secure", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "login" + } +} \ No newline at end of file diff --git a/docs/1secure/admin/login/login.md b/docs/1secure/admin/login/login.md new file mode 100644 index 0000000000..c22da1f5c3 --- /dev/null +++ b/docs/1secure/admin/login/login.md @@ -0,0 +1,246 @@ +--- +title: "First Login to 1Secure" +description: "First Login to 1Secure" +sidebar_position: 10 +--- + +# First Login to 1Secure + +This topic describes how an MSP can access the 1Secure tenant for the first time, activate their +account, and complete the initial login. After logging in, the MSP can add users to the tenant and +assign them roles based on the required access levels. + +When the Netwrix team adds a new user account for your organization, you will receive an email +invitation. This email will be sent from "noreply-account@netwrix.com" and will have the subject +"Welcome to Netwrix 1Secure". + +This email includes a unique access link to product’s web portal. You need to activate your account +via the link within 2 days. If it expires, you will need to follow the link and request a new +activation link. + +![accountactivation](/img/product_docs/1secure/admin/login/accountactivation.webp) + +## Activate an Account + +Follow the steps to activate an account: + +**Step 1 –** Open the invitation email and do one of the following: + +- Click the **Activate my Netwrix account** button +- Click the account activation link included in the email. + +The Change Your Password page is displayed. + +![Change Your Password page](/img/product_docs/1secure/admin/login/changepassword.webp) + +**Step 2 –** In the **New password** field, enter a password to set for your account. + +**Step 3 –** In the **Re-enter new password** field, enter the same password again to confirm. + +**Step 4 –** Click the **Reset Password** button. The account is now activated, and your password +has been set. + +Once you have set your account password, log in to 1Secure with your credentials. See the +[Log In](#log-in) topic for additional information. + +## Log In + +Follow the steps to log in to 1Secure. + +**Step 1 –** Open the invitation email and click the Netwrix 1Secure tenant link. You are navigated +to the 1Secure login page. + +![Log In page](/img/product_docs/1secure/admin/login/companylogin.webp) + +**Step 2 –** On the login page, click the **Log In** button. + +**Step 3 –** In the Email address field, specify a valid email address registered with 1Secure, then +click **Continue**. The Enter Your Password page is displayed. + +![Enter Your Password page](/img/product_docs/1secure/admin/login/passwordpage.webp) + +**Step 4 –** In the Password field, specify the valid password for the email address, then click +**Continue**. The Keep Your Account Safe page is displayed, prompting you to choose an +authentication method. When logging in for the first time, you must authorize your account using +multi-factor authentication. + +![Keep Your Account Safe page](/img/product_docs/1secure/admin/login/authenticationmethods.webp) + +**Step 5 –** Click **Google Authenticator or Similar** or **Security Key** to select an +authentication method. After that, one of the following happens: + +- If you selected Google Authenticator or Similar option, you will be navigated to Secure Your + Account page. Scan the QR code using your preferred authenticator app and then enter the provided + one time code in the **Enter one time code** field. See the documentation of your authenticator + app for additional information. +- If you selected Security Key option, you will be navigated to the Adding Your Security Key page. + See the + [Set up a security key as your verification method](https://support.microsoft.com/en-us/account-billing/set-up-a-security-key-as-your-verification-method-2911cacd-efa5-4593-ae22-e09ae14c6698) + article for additional information. + +After successful authorization, You are redirected to the dashboard. See the +[1Secure Dashboard](/docs/1secure/admin/dashboard/overview.md) topic for additional information. + +Once the initial login is completed, an MSP can configure Single Sign On (SSO) using supported +authentication services, including Entra ID, 1Secure Authentication, or OpenID Connect. See the +[SSO Configuration with Authentication Services](#sso-configuration-with-authentication-services) +topic for additional information. + +### Reset Password + +Follow the steps to reset the password of an account: + +**Step 1 –** Navigate to the company's login page. + +**Step 2 –** On the login page, click the **Log In** button. + +**Step 3 –** In the Email address field, specify a valid email address registered with 1Secure, then +click **Continue**. The Enter Your Password page is displayed. + +![Enter Your Password page](/img/product_docs/1secure/admin/login/passwordpage.webp) + +**Step 4 –** Click the **Forgot password** link. The Change Your Password page is displayed. + +![Change Your Password page](/img/product_docs/1secure/admin/login/changepassword.webp) + +**Step 5 –** In the **New password** field, enter a password to set for your account. + +**Step 6 –** In the **Re-enter new password** field, enter the same password again to confirm. + +**Step 7 –** Click the **Reset Password** button. The password of the account has been reset. + +Once you have reset your account password, log in to 1Secure with your new credentials. + +## Single Sign On + +Single Sign On (SSO) is a powerful authentication process that enhances security and improves user +experience by allowing users to access multiple applications with a single set of login credentials. +Single Sign On (SSO) allows you to log in to 1Secure using Microsoft Entra ID or Open ID Connect +credentials. It enhances the user experience by enabling access with existing organizational +credentials. + +### Log In Through Single Sign On + +Users can log in to the 1Secure tenant using Single Sign On (SSO) if their accounts are added to the +authentication provider configured for the tenant. For example, if Microsoft Entra ID is configured +as the authentication provider and its users are added to 1Secure, they can log in to the 1Secure +tenant with their Microsoft Entra ID credentials. + +When the Netwrix team adds a new user account for your organization, you will receive an email +invitation. This email will be sent from "noreply-account@netwrix.com" and will have the subject +"Welcome to Netwrix 1Secure". + +![1Secure Invitation Email](/img/product_docs/1secure/admin/login/1secureinvitation-sso.webp) + +**Step 1 –** Click **Access 1Secure** button in the invitation email. You are navigated to the +1Secure login page. + +![Log In page](/img/product_docs/1secure/admin/login/companylogin.webp) + +**Step 2 –** On the login page, click the **Log In** button. + +**Step 3 –** In the Email address field, specify a valid email address registered with 1Secure, then +click **Continue**. Based on your authentication status, one of the following will occur: + +- If you are logged out of your authentication provider, you will be redirected to the + authentication provider's login page. For example, if you are using Microsoft Entra ID, you will + be redirected to the Microsoft Entra ID login page. Authenticate using your credentials. After + successful authentication, you will be logged in to 1Secure. +- If you are already logged in to your authentication provider, then you will be directly logged in + to 1Secure application. + +### SSO Configuration with Authentication Services + +To enable Single Sign-On (SSO) for tenant users, an MSP must configure SSO using one of the +following authentication services: + +- [Configure SSO with Microsoft Entra ID Authentication](#configure-sso-with-microsoft-entra-id-authentication) +- [Configure SSO with OpenID Connect Authentication](#configure-sso-with-openid-connect-authentication) + +**NOTE:** When you first log in to 1Secure, SSO is not enabled, and 1Secure Authentication is +applied by default. This method requires Multi-factor authentication (MFA) to verify your identity +for secure access. See the [Log In](/docs/1secure/admin/overview.md) topic for additional information on +Multi-factor authentication. + +#### Configure SSO with Microsoft Entra ID Authentication + +Follow the steps to configure SSO with Microsoft Entra ID authentication. + +**Step 1 –** Click **Configuration** in the top bar. The Managed organizations page is displayed, +that lists the managed organizations defined in 1Secure. + +**Step 2 –** In the left pane, click **My organization**. The My organization page is displayed + +![My Organization page](/img/product_docs/1secure/admin/login/myorg_authentication.webp) + +**Step 3 –** Under Authentication section, click **Edit Settings**. The Authentication settings pane +is displayed. + +**Step 4 –** In Method drop-down menu, select **Entra ID**. + +![Authentication Settings pane](/img/product_docs/1secure/admin/login/entraidauth.webp) + +**Step 5 –** In Client ID field, specify the client ID of the app registered in Microsoft Entra ID. +See the +[Register an App in Microsoft Entra ID For Authentication](#register-an-app-in-microsoft-entra-id-for-authentication) topic +for additional information. + +**Step 6 –** Click **Save**. The Single Sing-On (SSO) is configured with Microsoft Entra ID +authentication. + +#### Configure SSO with OpenID Connect Authentication + +Follow the steps to configure SSO with OpenID Connect authentication. + +**Step 1 –** Click **Configuration** in the top bar. The Managed organizations page is displayed, +that lists the managed organizations defined in 1Secure. + +**Step 2 –** In the left pane, click **My organization**. The My organization page is displayed + +![My Organization page](/img/product_docs/1secure/admin/login/myorg_authentication.webp) + +**Step 3 –** Under Authentication section, click **Edit Settings**. The Authentication settings pane +is displayed. + +**Step 4 –** In Method drop-down menu, select **OpenID Connect**. + +![Authentication Settings pane](/img/product_docs/1secure/admin/login/openidconnectauth.webp) + +**Step 5 –** In Client ID field, specify the client ID of the OpenID application that 1Secure uses +to communicate with the OpenID provider. + +**Step 6 –** In Discovery url field, specify the Discovery URL of the OpenID application. + +**Step 7 –** Click **Save**. The Single Sign On (SSO) is configured with OpenID Connect +authentication. + +#### Register an App in Microsoft Entra ID For Authentication + +To configure Single Sign On (SSO) with Microsoft Entra ID authentication, register an application in +the Microsoft Microsoft Entra ID by following the steps mentioned below. + +**Step 1 –** Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com/). + +**Step 2 –** On the left navigation menu, navigate to **Identity** > **Applications** > **App +registrations** page. + +**Step 3 –** On the App registrations page, click **New registration** in the top toolbar. The +Register an application page is displayed. + +**Step 4 –** Specify the following information on the Register an application page: + +- Name – Enter a user-facing display name for the application, for example, Netwrix 1Secure Entra ID +- Supported account types – Select **Accounts in this organizational directory only** +- Platform – Select the **Web** platform in the drop-down menu +- Redirect URL (optional) – Enter **https://auth.netwrix.com/login/callback** + +**Step 5 –** Click **Register**. + +The Overview page for the newly registered application opens. The following settings of the +registered application are required while configuring Single Sign on (SSO) with Entra ID in 1Secure. +It is recommended to copy these settings and keep them safe. + +- Application (client) ID – A client ID for the registered application +- Directory (tenant) ID – A tenant ID for the registered application +- Client Secret – A client secret value generated when a new client secret key is created for the + registered application. See the [Generate Client Secret Value](/docs/1secure/configuration/registerconfig/registerconfig.md#generate-client-secret-value) topic for additional information. \ No newline at end of file diff --git a/docs/1secure/admin/login/sso.md b/docs/1secure/admin/login/sso.md new file mode 100644 index 0000000000..22db997e01 --- /dev/null +++ b/docs/1secure/admin/login/sso.md @@ -0,0 +1,139 @@ +--- +title: "Single Sign On" +description: "Single Sign On" +sidebar_position: 10 +--- + +# Single Sign On + +Single Sign On (SSO) is a powerful authentication process that enhances security and improves user +experience by allowing users to access multiple applications with a single set of login credentials. +Single Sign On (SSO) allows you to log in to 1Secure using Microsoft Entra ID or Open ID Connect +credentials. It enhances the user experience by enabling access with existing organizational +credentials. + +## Log In Through Single Sign On + +Users can log in to the 1Secure tenant using Single Sign On (SSO) if their accounts are added to the +authentication provider configured for the tenant. For example, if Microsoft Entra ID is configured +as the authentication provider and its users are added to 1Secure, they can log in to the 1Secure +tenant with their Microsoft Entra ID credentials. + +When the Netwrix team adds a new user account for your organization, you will receive an email +invitation. This email will be sent from "noreply-account@netwrix.com" and will have the subject +"Welcome to Netwrix 1Secure". + +![1Secure Invitation Email](/img/product_docs/1secure/admin/login/1secureinvitation-sso.webp) + +**Step 1 –** Click **Access 1Secure** button in the invitation email. You are navigated to the +1Secure login page. + +![Log In page](/img/product_docs/1secure/admin/login/companylogin.webp) + +**Step 2 –** On the login page, click the **Log In** button. + +**Step 3 –** In the Email address field, specify a valid email address registered with 1Secure, then +click **Continue**. Based on your authentication status, one of the following will occur: + +- If you are logged out of your authentication provider, you will be redirected to the + authentication provider's login page. For example, if you are using Microsoft Entra ID, you will + be redirected to the Microsoft Entra ID login page. Authenticate using your credentials. After + successful authentication, you will be logged in to 1Secure. +- If you are already logged in to your authentication provider, then you will be directly logged in + to 1Secure application. + +## SSO Configuration with Authentication Services + +To enable Single Sign-On (SSO) for tenant users, an MSP must configure SSO using one of the +following authentication services: + +- [Configure SSO with Microsoft Entra ID Authentication](#configure-sso-with-microsoft-entra-id-authentication) +- [Configure SSO with OpenID Connect Authentication](#configure-sso-with-openid-connect-authentication) + +**NOTE:** When you first log in to 1Secure, SSO is not enabled, and 1Secure Authentication is +applied by default. This method requires Multi-factor authentication (MFA) to verify your identity +for secure access. See the [Log In](/docs/1secure/admin/overview.md) topic for additional information on +Multi-factor authentication. + +### Configure SSO with Microsoft Entra ID Authentication + +Follow the steps to configure SSO with Microsoft Entra ID authentication. + +**Step 1 –** Click **Configuration** in the top bar. The Managed organizations page is displayed, +that lists the managed organizations defined in 1Secure. + +**Step 2 –** In the left pane, click **My organization**. The My organization page is displayed + +![My Organization page](/img/product_docs/1secure/admin/login/myorg_authentication.webp) + +**Step 3 –** Under Authentication section, click **Edit Settings**. The Authentication settings pane +is displayed. + +**Step 4 –** In Method drop-down menu, select **Entra ID**. + +![Authentication Settings pane](/img/product_docs/1secure/admin/login/entraidauth.webp) + +**Step 5 –** In Client ID field, specify the client ID of the app registered in Microsoft Entra ID. +See the +[Register an App in Microsoft Entra ID For Authentication](#register-an-app-in-microsoft-entra-id-for-authentication) topic +for additional information. + +**Step 6 –** Click **Save**. The Single Sing-On (SSO) is configured with Microsoft Entra ID +authentication. + +### Configure SSO with OpenID Connect Authentication + +Follow the steps to configure SSO with OpenID Connect authentication. + +**Step 1 –** Click **Configuration** in the top bar. The Managed organizations page is displayed, +that lists the managed organizations defined in 1Secure. + +**Step 2 –** In the left pane, click **My organization**. The My organization page is displayed + +![My Organization page](/img/product_docs/1secure/admin/login/myorg_authentication.webp) + +**Step 3 –** Under Authentication section, click **Edit Settings**. The Authentication settings pane +is displayed. + +**Step 4 –** In Method drop-down menu, select **OpenID Connect**. + +![Authentication Settings pane](/img/product_docs/1secure/admin/login/openidconnectauth.webp) + +**Step 5 –** In Client ID field, specify the client ID of the OpenID application that 1Secure uses +to communicate with the OpenID provider. + +**Step 6 –** In Discovery url field, specify the Discovery URL of the OpenID application. + +**Step 7 –** Click **Save**. The Single Sign On (SSO) is configured with OpenID Connect +authentication. + +#### Register an App in Microsoft Entra ID For Authentication + +To configure Single Sign On (SSO) with Microsoft Entra ID authentication, register an application in +the Microsoft Microsoft Entra ID by following the steps mentioned below. + +**Step 1 –** Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com/). + +**Step 2 –** On the left navigation menu, navigate to **Identity** > **Applications** > **App +registrations** page. + +**Step 3 –** On the App registrations page, click **New registration** in the top toolbar. The +Register an application page is displayed. + +**Step 4 –** Specify the following information on the Register an application page: + +- Name – Enter a user-facing display name for the application, for example, Netwrix 1Secure Entra ID +- Supported account types – Select **Accounts in this organizational directory only** +- Platform – Select the **Web** platform in the drop-down menu +- Redirect URL (optional) – Enter **https://auth.netwrix.com/login/callback** + +**Step 5 –** Click **Register**. + +The Overview page for the newly registered application opens. The following settings of the +registered application are required while configuring Single Sign on (SSO) with Entra ID in 1Secure. +It is recommended to copy these settings and keep them safe. + +- Application (client) ID – A client ID for the registered application +- Directory (tenant) ID – A tenant ID for the registered application +- Client Secret – A client secret value generated when a new client secret key is created for the + registered application. See the [Generate Client Secret Value](/docs/1secure/configuration/registerconfig/registerconfig.md#generate-client-secret-value) topic for additional information. \ No newline at end of file diff --git a/docs/1secure/admin/notifications.md b/docs/1secure/admin/notifications.md new file mode 100644 index 0000000000..fc7fe7f058 --- /dev/null +++ b/docs/1secure/admin/notifications.md @@ -0,0 +1,25 @@ +--- +title: "Notifications" +description: "Notifications" +sidebar_position: 90 +--- + +# Notifications + +Netwrix 1Secure provides real-time notifications to the users, which report on various issues for +the user. This includes an agent update, issues with organizations, status of the organizations, +expired credentials, and others. + +| Icon | Description | +| --------------------------------------------------------------------------------------- | ------------------------------------------------------- | +| ![selfupdate_icon](/img/product_docs/1secure/admin/selfupdate_icon.webp) | Bell icon. Click the Bell icon to look for the updates. | + +Follow the steps to review notifications. + +**Step 1 –** Click the **Bell** icon in the upper right corner of your screen. + +**Step 2 –** You can select and fix any of the issues on the displayed panel. + +![notifications](/img/product_docs/1secure/admin/notifications.webp) + +**Step 3 –** Select **Fix**. \ No newline at end of file diff --git a/docs/1secure/admin/organizations/_category_.json b/docs/1secure/admin/organizations/_category_.json new file mode 100644 index 0000000000..4043c32b88 --- /dev/null +++ b/docs/1secure/admin/organizations/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Manage Organizations", + "position": 30, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/1secure/admin/organizations/addingusers/_category_.json b/docs/1secure/admin/organizations/addingusers/_category_.json new file mode 100644 index 0000000000..b41e0c15f9 --- /dev/null +++ b/docs/1secure/admin/organizations/addingusers/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Add Users", + "position": 70, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "addingusers" + } +} \ No newline at end of file diff --git a/docs/1secure/admin/organizations/addingusers.md b/docs/1secure/admin/organizations/addingusers/addingusers.md similarity index 96% rename from docs/1secure/admin/organizations/addingusers.md rename to docs/1secure/admin/organizations/addingusers/addingusers.md index 3a494b9e1b..f7e1f4dfa7 100644 --- a/docs/1secure/admin/organizations/addingusers.md +++ b/docs/1secure/admin/organizations/addingusers/addingusers.md @@ -1,10 +1,7 @@ --- -id: add-users title: "Add Users" -pagination_label: "Add Users" -sidebar_label: "Add Users" -sidebar_position: 31 -description: "Learn how to add users to your organization and assign administrator, editor, or viewer roles." +description: "Add Users" +sidebar_position: 70 --- # Add Users @@ -18,7 +15,7 @@ include: - Viewer You can add users both in Managing Organization and in Managed Organization. See the -[Manage Organizations](/docs/1secure/admin/organizations/index.md) topic for additional information. +[Manage Organizations](/docs/1secure/admin/organizations/overview.md) topic for additional information. Image keys: diff --git a/docs/1secure/admin/organizations/roledefinitions.md b/docs/1secure/admin/organizations/addingusers/roledefinitions.md similarity index 97% rename from docs/1secure/admin/organizations/roledefinitions.md rename to docs/1secure/admin/organizations/addingusers/roledefinitions.md index cc04e5abdf..12d3a2fb85 100644 --- a/docs/1secure/admin/organizations/roledefinitions.md +++ b/docs/1secure/admin/organizations/addingusers/roledefinitions.md @@ -1,10 +1,7 @@ --- -id: permissions-by-role title: "Permissions by Role" -pagination_label: "Permissions by Role" -sidebar_label: "Permissions by Role" -sidebar_position: 38 -description: "Reference guide for user permissions and role-based access control across different 1Secure screens and actions." +description: "Permissions by Role" +sidebar_position: 10 --- # Permissions by Role diff --git a/docs/1secure/admin/organizations/addorganizations.md b/docs/1secure/admin/organizations/addorganizations.md index 453eacd7b6..6b97247b80 100644 --- a/docs/1secure/admin/organizations/addorganizations.md +++ b/docs/1secure/admin/organizations/addorganizations.md @@ -1,10 +1,7 @@ --- -id: add-organizations title: "Add Organizations" -pagination_label: "Add Organizations" -sidebar_label: "Add Organizations" -sidebar_position: 32 -description: "Follow step-by-step instructions to add new organizations to your 1Secure system." +description: "Add Organizations" +sidebar_position: 20 --- # Add Organizations @@ -43,7 +40,7 @@ organization: - Exchange Online - SharePoint Online -**NOTE:** See the [Sources and Connectors](/docs/1secure/admin/organizations/sourcesandconnectors/index.md) topic for detailed +**NOTE:** See the [Sources and Connectors](/docs/1secure/admin/organizations/sourcesandconnectors/overview.md) topic for detailed information. ![addorganizationssites](/img/product_docs/1secure/admin/organizations/addorganizationssites.webp) @@ -67,12 +64,12 @@ displayed only when adding these sources. ![addorganizationssourcedetails](/img/product_docs/1secure/admin/organizations/addorganizationssourcedetails.webp) **Step 6 –** On the Configure source details (Step 3 of 4) window, specify your source settings. See -the [Sources and Connectors](/docs/1secure/admin/organizations/sourcesandconnectors/index.md) topic for additional information. +the [Sources and Connectors](/docs/1secure/admin/organizations/sourcesandconnectors/overview.md) topic for additional information. ![addorganizationssourcesandconnectors](/img/product_docs/1secure/admin/organizations/addorganizationssourcesandconnectors.webp) **Step 7 –** On the Choose new connector (Step 4 of 4) window, add the connectors for your sources -on. See the [Sources and Connectors](/docs/1secure/admin/organizations/sourcesandconnectors/index.md) topic for additional +on. See the [Sources and Connectors](/docs/1secure/admin/organizations/sourcesandconnectors/overview.md) topic for additional information. **Step 8 –** Click **Finish** or **Save & Add another source** to add a source for your diff --git a/docs/1secure/admin/organizations/addsites.md b/docs/1secure/admin/organizations/addsites.md index d8559be3ed..1faac89394 100644 --- a/docs/1secure/admin/organizations/addsites.md +++ b/docs/1secure/admin/organizations/addsites.md @@ -1,10 +1,7 @@ --- -id: add-sites-to-an-organization title: "Add Sites to an Organization" -pagination_label: "Add Sites to an Organization" -sidebar_label: "Add Sites to an Organization" -sidebar_position: 33 -description: "Learn how to add sites to organizations for managing multiple office locations and tracking agent status." +description: "Add Sites to an Organization" +sidebar_position: 40 --- # Add Sites to an Organization diff --git a/docs/1secure/admin/organizations/billableaccounts.md b/docs/1secure/admin/organizations/billableaccounts.md index a66888c91d..f35878c254 100644 --- a/docs/1secure/admin/organizations/billableaccounts.md +++ b/docs/1secure/admin/organizations/billableaccounts.md @@ -1,10 +1,7 @@ --- -id: billable-accounts title: "Billable Accounts" -pagination_label: "Billable Accounts" -sidebar_label: "Billable Accounts" -sidebar_position: 34 -description: "View and review billable Active Directory and Microsoft Entra ID accounts for your organization." +description: "Billable Accounts" +sidebar_position: 60 --- # Billable Accounts diff --git a/docs/1secure/admin/organizations/index.md b/docs/1secure/admin/organizations/index.md deleted file mode 100644 index c9880336d5..0000000000 --- a/docs/1secure/admin/organizations/index.md +++ /dev/null @@ -1,42 +0,0 @@ ---- -id: manage-organizations -title: "Manage Organizations" -pagination_label: "Manage Organizations" -sidebar_label: "Manage Organizations" -sidebar_position: 30 -description: "Learn how to manage organizations and configure settings for Managed Service Providers in 1Secure." ---- - -# Manage Organizations - -Netwrix 1Secure operates as a service, providing data analysis and reporting capabilities for the -organizations (tenants) or company departments/RO/BOs. Organization management pages are available -to the authorized administrators of a company or Managed Service Provider on the Configuration page. - -The topics in this section provide information for: adding your organization, adding users, adding -data source, and other configurations for the Managed Service Provider. - -After authorizing in a system, Managed Service Providers (MSP) need to configure their organization. -The Organization is the name of the company you use to log in. See the -[First Login to 1Secure](/docs/1secure/admin/login.md) topic for additional information. - -In system, there are parent tenants and child tenants. _Parent tenant_ or Managing Organization is -the MSP you are authorizing with. The MSP or parent tenant may have lots of clients or _child -tenants_ (Managed Organization), which you can review and add on the Managed Organization page. - -Below you can see home pages of: - -- Managing Organization - -![managedorganizations](/img/product_docs/1secure/admin/organizations/managedorganizations.webp) - -- Managed Organization - -![homepagemanaged](/img/product_docs/1secure/admin/organizations/homepagemanaged.webp) - -See the following topics for additional information: - -- [Add Organizations](/docs/1secure/admin/organizations/addorganizations.md) -- [Add Users](/docs/1secure/admin/organizations/addingusers.md) -- [Sources and Connectors](/docs/1secure/admin/organizations/sourcesandconnectors/index.md) -- [ Manage Credentials ](/docs/1secure/admin/organizations/managingcredentials.md) diff --git a/docs/1secure/admin/organizations/managemyorganization.md b/docs/1secure/admin/organizations/managemyorganization.md index fbb6f865dd..6da563f309 100644 --- a/docs/1secure/admin/organizations/managemyorganization.md +++ b/docs/1secure/admin/organizations/managemyorganization.md @@ -1,10 +1,7 @@ --- -id: manage-my-organization title: "Manage My Organization" -pagination_label: "Manage My Organization" -sidebar_label: "Manage My Organization" -sidebar_position: 35 -description: "Learn how to review and edit your organization profile settings and manage deletion requests." +description: "Manage My Organization" +sidebar_position: 30 --- # Manage My Organization diff --git a/docs/1secure/admin/organizations/managingcredentials.md b/docs/1secure/admin/organizations/managingcredentials.md index fb491f971e..00ac7db26d 100644 --- a/docs/1secure/admin/organizations/managingcredentials.md +++ b/docs/1secure/admin/organizations/managingcredentials.md @@ -1,10 +1,7 @@ --- -id: manage-credentials title: "Manage Credentials" -pagination_label: "Manage Credentials" -sidebar_label: "Manage Credentials" -sidebar_position: 36 -description: "Learn how to set up, review, edit, and delete credentials for data source connections." +description: "Manage Credentials" +sidebar_position: 90 --- # Manage Credentials diff --git a/docs/1secure/admin/organizations/organizationgroups.md b/docs/1secure/admin/organizations/organizationgroups.md index 30ad202d75..db024cbad3 100644 --- a/docs/1secure/admin/organizations/organizationgroups.md +++ b/docs/1secure/admin/organizations/organizationgroups.md @@ -1,10 +1,7 @@ --- -id: organization-groups title: "Organization Groups" -pagination_label: "Organization Groups" -sidebar_label: "Organization Groups" -sidebar_position: 37 -description: "Learn how to create and manage organization groups for designated user access control." +description: "Organization Groups" +sidebar_position: 80 --- # Organization Groups diff --git a/docs/1secure/admin/organizations/overview.md b/docs/1secure/admin/organizations/overview.md new file mode 100644 index 0000000000..bef0ab4e5d --- /dev/null +++ b/docs/1secure/admin/organizations/overview.md @@ -0,0 +1,39 @@ +--- +title: "Manage Organizations" +description: "Manage Organizations" +sidebar_position: 30 +--- + +# Manage Organizations + +Netwrix 1Secure operates as a service, providing data analysis and reporting capabilities for the +organizations (tenants) or company departments/RO/BOs. Organization management pages are available +to the authorized administrators of a company or Managed Service Provider on the Configuration page. + +The topics in this section provide information for: adding your organization, adding users, adding +data source, and other configurations for the Managed Service Provider. + +After authorizing in a system, Managed Service Providers (MSP) need to configure their organization. +The Organization is the name of the company you use to log in. See the +[First Login to 1Secure](/docs/1secure/admin/login/login.md) topic for additional information. + +In system, there are parent tenants and child tenants. _Parent tenant_ or Managing Organization is +the MSP you are authorizing with. The MSP or parent tenant may have lots of clients or _child +tenants_ (Managed Organization), which you can review and add on the Managed Organization page. + +Below you can see home pages of: + +- Managing Organization + +![managedorganizations](/img/product_docs/1secure/admin/organizations/managedorganizations.webp) + +- Managed Organization + +![homepagemanaged](/img/product_docs/1secure/admin/organizations/homepagemanaged.webp) + +See the following topics for additional information: + +- [Add Organizations](/docs/1secure/admin/organizations/addorganizations.md) +- [Add Users](/docs/1secure/admin/organizations/addingusers/addingusers.md) +- [Sources and Connectors](/docs/1secure/admin/organizations/sourcesandconnectors/overview.md) +- [ Manage Credentials ](/docs/1secure/admin/organizations/managingcredentials.md) diff --git a/docs/1secure/admin/organizations/sourcesandconnectors/_category_.json b/docs/1secure/admin/organizations/sourcesandconnectors/_category_.json new file mode 100644 index 0000000000..09ca4e9aa9 --- /dev/null +++ b/docs/1secure/admin/organizations/sourcesandconnectors/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Sources and Connectors", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/1secure/admin/organizations/sourcesandconnectors/activedirectory.md b/docs/1secure/admin/organizations/sourcesandconnectors/activedirectory.md index 871538add1..6a817a1188 100644 --- a/docs/1secure/admin/organizations/sourcesandconnectors/activedirectory.md +++ b/docs/1secure/admin/organizations/sourcesandconnectors/activedirectory.md @@ -1,10 +1,7 @@ --- -id: add-a-source-and-connectors-for-active-directory title: "Add a Source and Connectors for Active Directory" -pagination_label: "Add a Source and Connectors for Active Directory" -sidebar_label: "Add a Source and Connectors for Active Directory" -sidebar_position: 41 -description: "Step-by-step guide to add Active Directory data sources and connectors to your organization." +description: "Add a Source and Connectors for Active Directory" +sidebar_position: 10 --- # Add a Source and Connectors for Active Directory @@ -102,7 +99,7 @@ Directory. Specufy the following: - Adjust audit settings automatically – Select this checkbox to adjust the audit settings automatically. With this approach, 1Secure will check your current audit settings at each data collection session and adjust them if necessary. See the - [Active Directory: automatic configuration](/docs/1secure/configuration/activedirectory/auto.md) topic for + [Active Directory: automatic configuration](/docs/1secure/configuration/admanual/auto.md) topic for additional information. **Step 11 –** Click **Finish**. diff --git a/docs/1secure/admin/organizations/sourcesandconnectors/computer.md b/docs/1secure/admin/organizations/sourcesandconnectors/computer.md index 292e236a2b..f7600e820e 100644 --- a/docs/1secure/admin/organizations/sourcesandconnectors/computer.md +++ b/docs/1secure/admin/organizations/sourcesandconnectors/computer.md @@ -1,10 +1,7 @@ --- -id: add-a-source-and-connectors-for-computer title: "Add a Source and Connectors for Computer" -pagination_label: "Add a Source and Connectors for Computer" -sidebar_label: "Add a Source and Connectors for Computer" -sidebar_position: 42 -description: "Step-by-step guide to add Computer data sources and connectors to your organization." +description: "Add a Source and Connectors for Computer" +sidebar_position: 30 --- # Add a Source and Connectors for Computer @@ -106,7 +103,7 @@ the following: - Adjust audit settings automatically – Select this checkbox to adjust the audit settings automatically. With this approach, 1Secure will check your current audit settings at each data collection session and adjust them if necessary. See the - [Active Directory: automatic configuration](/docs/1secure/configuration/activedirectory/auto.md) topic for + [Active Directory: automatic configuration](/docs/1secure/configuration/admanual/auto.md) topic for additional information. - Monitor User Hidden Shares – Select this checkbox to monitor the user hidden shares on the computer. diff --git a/docs/1secure/admin/organizations/sourcesandconnectors/entraid.md b/docs/1secure/admin/organizations/sourcesandconnectors/entraid.md index 63033433d9..190642b89e 100644 --- a/docs/1secure/admin/organizations/sourcesandconnectors/entraid.md +++ b/docs/1secure/admin/organizations/sourcesandconnectors/entraid.md @@ -1,10 +1,7 @@ --- -id: add-a-source-and-connectors-for-microsoft-entra-id title: "Add a Source and Connectors for Microsoft Entra ID" -pagination_label: "Add a Source and Connectors for Microsoft Entra ID" -sidebar_label: "Add a Source and Connectors for Microsoft Entra ID" -sidebar_position: 43 -description: "Step-by-step guide to add Microsoft Entra ID data sources and connectors to your organization." +description: "Add a Source and Connectors for Microsoft Entra ID" +sidebar_position: 20 --- # Add a Source and Connectors for Microsoft Entra ID @@ -32,7 +29,7 @@ pane is displayed. sources, such as computers, allows them to share a common configuration and makes it easier to manage related sources together. - Tenant ID – The tenant ID of the app registered in Microsoft Entra ID. See the - [App Registration and Configuration in Microsoft Entra ID](/docs/1secure/configuration/entraid/registerconfig.md) topic + [App Registration and Configuration in Microsoft Entra ID](/docs/1secure/configuration/registerconfig/registerconfig.md) topic for additional information. - Crawl Source – Toggle this option to ON to enable data collection for the source - Service Account Entra ID Groups – Specify Microsoft Entra ID groups to exclude their service @@ -45,15 +42,15 @@ pane is displayed. new Credentials** from the drop-down menu or click the **Add** icon, then specify the following: - Client ID – The client ID of the app registered in Microsoft Entra ID. See the - [App Registration and Configuration in Microsoft Entra ID](/docs/1secure/configuration/entraid/registerconfig.md) topic + [App Registration and Configuration in Microsoft Entra ID](/docs/1secure/configuration/registerconfig/registerconfig.md) topic for additional information. - Client Secret – The client secret of the app registered in Microsoft Entra ID. See the - [App Registration and Configuration in Microsoft Entra ID](/docs/1secure/configuration/entraid/registerconfig.md) topic + [App Registration and Configuration in Microsoft Entra ID](/docs/1secure/configuration/registerconfig/registerconfig.md) topic for additional information. - Download Certificate – For certain connectors, such as SharePoint Online State, authentication requires a certificate instead of a client secret. Download this certificate and then upload it to the app registered in Microsoft Entra ID. See the - [Upload a Certificate](/docs/1secure/configuration/entraid/registerconfig.md#upload-a-certificate) topic + [Upload a Certificate](/docs/1secure/configuration/registerconfig/registerconfig.md#upload-a-certificate) topic for additional information. - Display Name – Specify a name you want to show for your credentials. It will be displayed on the Credentials tab of the Managed Organizations page. diff --git a/docs/1secure/admin/organizations/sourcesandconnectors/exchangeonline.md b/docs/1secure/admin/organizations/sourcesandconnectors/exchangeonline.md index cdc33f1e88..2f5fcd0736 100644 --- a/docs/1secure/admin/organizations/sourcesandconnectors/exchangeonline.md +++ b/docs/1secure/admin/organizations/sourcesandconnectors/exchangeonline.md @@ -1,10 +1,7 @@ --- -id: add-a-source-and-connectors-for-exchange-online title: "Add a Source and Connectors for Exchange Online" -pagination_label: "Add a Source and Connectors for Exchange Online" -sidebar_label: "Add a Source and Connectors for Exchange Online" -sidebar_position: 44 -description: "Step-by-step guide to add Exchange Online data sources and connectors to your organization." +description: "Add a Source and Connectors for Exchange Online" +sidebar_position: 40 --- # Add a Source and Connectors for Exchange Online @@ -32,7 +29,7 @@ pane is displayed. sources, such as computers, allows them to share a common configuration and makes it easier to manage related sources together. - Tenant ID – The tenant ID of the app registered in Microsoft Entra ID. See the - [App Registration and Configuration in Microsoft Entra ID](/docs/1secure/configuration/entraid/registerconfig.md) topic + [App Registration and Configuration in Microsoft Entra ID](/docs/1secure/configuration/registerconfig/registerconfig.md) topic for additional information. - Crawl Source – Toggle this option to ON to enable data collection for the source - Credentials – Displays the crdentials that have already been added, while also providing the @@ -41,15 +38,15 @@ pane is displayed. new Credentials** from the drop-down menu or click the **Add** icon, then specify the following: - Client ID – The client ID of the app registered in Microsoft Entra ID. See the - [App Registration and Configuration in Microsoft Entra ID](/docs/1secure/configuration/entraid/registerconfig.md) topic + [App Registration and Configuration in Microsoft Entra ID](/docs/1secure/configuration/registerconfig/registerconfig.md) topic for additional information. - Client Secret – The client secret of the app registered in Microsoft Entra ID. See the - [App Registration and Configuration in Microsoft Entra ID](/docs/1secure/configuration/entraid/registerconfig.md) topic + [App Registration and Configuration in Microsoft Entra ID](/docs/1secure/configuration/registerconfig/registerconfig.md) topic for additional information. - Download Certificate – For certain connectors, such as SharePoint Online State, authentication requires a certificate instead of a client secret. Download this certificate and then upload it to the app registered in Microsoft Entra ID. See the - [Upload a Certificate](/docs/1secure/configuration/entraid/registerconfig.md#upload-a-certificate) topic + [Upload a Certificate](/docs/1secure/configuration/registerconfig/registerconfig.md#upload-a-certificate) topic for additional information. - Display Name – Specify a name you want to show for your credentials. It will be displayed on the Credentials tab of the Managed Organizations page. diff --git a/docs/1secure/admin/organizations/sourcesandconnectors/index.md b/docs/1secure/admin/organizations/sourcesandconnectors/index.md deleted file mode 100644 index 4898245551..0000000000 --- a/docs/1secure/admin/organizations/sourcesandconnectors/index.md +++ /dev/null @@ -1,29 +0,0 @@ ---- -id: sources-and-connectors -title: "Sources and Connectors" -pagination_label: "Sources and Connectors" -sidebar_label: "Sources and Connectors" -sidebar_position: 40 -description: "Overview of available data sources and connectors for collecting data from various environments." ---- - -# Sources and Connectors - -In Netwrix 1Secure, you can add data sources and their connectors to collect data from the following -environments: - -- Active Drectory -- Computer -- Exchange Online -- Microsoft Entra ID -- SharePoint Online -- SQL Server - -Using connectors, Netwrix 1Secure can: - -- Read and write data to/from your organization’s systems -- Connect to your sources for analyzing and processing the data - -**NOTE:** Before adding a data source, make sure its prerequisites are met. See the -[Requirements](/docs/1secure/requirements.md#prerequisites-for-data-sources) topic for -additional information. diff --git a/docs/1secure/admin/organizations/sourcesandconnectors/overview.md b/docs/1secure/admin/organizations/sourcesandconnectors/overview.md new file mode 100644 index 0000000000..b6dc7db05d --- /dev/null +++ b/docs/1secure/admin/organizations/sourcesandconnectors/overview.md @@ -0,0 +1,26 @@ +--- +title: "Sources and Connectors" +description: "Sources and Connectors" +sidebar_position: 10 +--- + +# Sources and Connectors + +In Netwrix 1Secure, you can add data sources and their connectors to collect data from the following +environments: + +- Active Drectory +- Computer +- Exchange Online +- Microsoft Entra ID +- SharePoint Online +- SQL Server + +Using connectors, Netwrix 1Secure can: + +- Read and write data to/from your organization’s systems +- Connect to your sources for analyzing and processing the data + +**NOTE:** Before adding a data source, make sure its prerequisites are met. See the +[Requirements](/docs/1secure/requirements/prerequisitesfordatasources.md) topic for +additional information. diff --git a/docs/1secure/admin/organizations/sourcesandconnectors/sharepointonline.md b/docs/1secure/admin/organizations/sourcesandconnectors/sharepointonline.md index 28d6a2b1f9..622f7a1b61 100644 --- a/docs/1secure/admin/organizations/sourcesandconnectors/sharepointonline.md +++ b/docs/1secure/admin/organizations/sourcesandconnectors/sharepointonline.md @@ -1,10 +1,7 @@ --- -id: add-a-source-and-connectors-for-sharepoint-online title: "Add a Source and Connectors for SharePoint Online" -pagination_label: "Add a Source and Connectors for SharePoint Online" -sidebar_label: "Add a Source and Connectors for SharePoint Online" -sidebar_position: 45 -description: "Step-by-step guide to add SharePoint Online data sources and connectors to your organization." +description: "Add a Source and Connectors for SharePoint Online" +sidebar_position: 50 --- # Add a Source and Connectors for SharePoint Online @@ -32,7 +29,7 @@ pane is displayed. sources, such as computers, allows them to share a common configuration and makes it easier to manage related sources together. - Tenant ID – The tenant ID of the app registered in Microsoft Entra ID. See the - [App Registration and Configuration in Microsoft Entra ID](/docs/1secure/configuration/entraid/registerconfig.md) topic + [App Registration and Configuration in Microsoft Entra ID](/docs/1secure/configuration/registerconfig/registerconfig.md) topic for additional information. - Crawl Source – Toggle this option to ON to enable data collection for the source - Credentials – Displays the crdentials that have already been added, while also providing the @@ -41,15 +38,15 @@ pane is displayed. new Credentials** from the drop-down menu or click the **Add** icon, then specify the following: - Client ID – The client ID of the app registered in Microsoft Entra ID. See the - [App Registration and Configuration in Microsoft Entra ID](/docs/1secure/configuration/entraid/registerconfig.md) topic + [App Registration and Configuration in Microsoft Entra ID](/docs/1secure/configuration/registerconfig/registerconfig.md) topic for additional information. - Client Secret – The client secret of the app registered in Microsoft Entra ID. See the - [App Registration and Configuration in Microsoft Entra ID](/docs/1secure/configuration/entraid/registerconfig.md) topic + [App Registration and Configuration in Microsoft Entra ID](/docs/1secure/configuration/registerconfig/registerconfig.md) topic for additional information. - Download Certificate – For certain connectors, such as SharePoint Online State, authentication requires a certificate instead of a client secret. Download this certificate and then upload it to the app registered in Microsoft Entra ID. See the - [Upload a Certificate](/docs/1secure/configuration/entraid/registerconfig.md#upload-a-certificate) topic + [Upload a Certificate](/docs/1secure/configuration/registerconfig/registerconfig.md#upload-a-certificate) topic for additional information. - Display Name – Specify a name you want to show for your credentials. It will be displayed on the Credentials tab of the Managed Organizations page. diff --git a/docs/1secure/admin/organizations/sourcesandconnectors/sqlserver.md b/docs/1secure/admin/organizations/sourcesandconnectors/sqlserver.md index 2fa736df12..9361ce031a 100644 --- a/docs/1secure/admin/organizations/sourcesandconnectors/sqlserver.md +++ b/docs/1secure/admin/organizations/sourcesandconnectors/sqlserver.md @@ -1,10 +1,7 @@ --- -id: add-a-source-and-connectors-for-sql-server title: "Add a Source and Connectors for SQL Server" -pagination_label: "Add a Source and Connectors for SQL Server" -sidebar_label: "Add a Source and Connectors for SQL Server" -sidebar_position: 46 -description: "Step-by-step guide to add SQL Server data sources and connectors to your organization." +description: "Add a Source and Connectors for SQL Server" +sidebar_position: 60 --- # Add a Source and Connectors for SQL Server diff --git a/docs/1secure/admin/organizations/viewtabsanddashboard.md b/docs/1secure/admin/organizations/viewtabsanddashboard.md index fe5cdbdef9..87f99dae1f 100644 --- a/docs/1secure/admin/organizations/viewtabsanddashboard.md +++ b/docs/1secure/admin/organizations/viewtabsanddashboard.md @@ -1,10 +1,7 @@ --- -id: view-tabs-and-dashboards-for-the-organization title: "View Tabs and Dashboards for the Organization" -pagination_label: "View Tabs and Dashboards for the Organization" -sidebar_label: "View Tabs and Dashboards for the Organization" -sidebar_position: 39 -description: "Learn how to navigate and view available tabs and dashboards for managed organizations." +description: "View Tabs and Dashboards for the Organization" +sidebar_position: 50 --- # View Tabs and Dashboards for the Organization @@ -19,14 +16,14 @@ The Managed organizations page has the following tabs: ![tabsview](/img/product_docs/1secure/admin/organizations/tabsview.webp) - Sources – Add, edit, or delete sources for your organization, review its statuses, and so on. See - the [Sources and Connectors](/docs/1secure/admin/organizations/sourcesandconnectors/index.md) topic for additional information. + the [Sources and Connectors](/docs/1secure/admin/organizations/sourcesandconnectors/overview.md) topic for additional information. - Sites – View the sites and status of your Netwrix Cloud Agent. See the [Add Sites to an Organization](/docs/1secure/admin/organizations/addsites.md) and [Update Netwrix Cloud Agent](/docs/1secure/index.md#updating-netwrix-cloud-agent) topic for additional information. - Credentials – Review and edit the credentials of your organization. See the[ Manage Credentials ](/docs/1secure/admin/organizations/managingcredentials.md)topic for additional information. - Users – Review or add Business Viewers or Co-managing Administrators to the audited organization. - See the [Add Users](/docs/1secure/admin/organizations/addingusers.md) topic for additional information. + See the [Add Users](/docs/1secure/admin/organizations/addingusers/addingusers.md) topic for additional information. - Subscriptions– Review or edit the subscriptions of your organization. See the [Subscriptions](/docs/1secure/admin/searchandreports/subscriptions.md) topic for additional information. diff --git a/docs/1secure/admin/overview.md b/docs/1secure/admin/overview.md new file mode 100644 index 0000000000..91447bc14f --- /dev/null +++ b/docs/1secure/admin/overview.md @@ -0,0 +1,17 @@ +--- +title: "Introducing Netwrix 1Secure" +description: "Introducing Netwrix 1Secure" +sidebar_position: 50 +--- + +# Introducing Netwrix 1Secure + +Netwrix 1Secure is a Microsoft Azure-hosted, multi-tenant SaaS application that provides a single +location to manage both on-premises and cloud environments. The system collects data from the user environments and notifies you on any actions made to the organization. These could include deletion or adding accounts, working with group memberships, changes to the organization, etc. + +With Netwrix 1Secure, Managed Service Providers can run various reports for your system, investigating incidents, suspicious activities, collected across the entire IT infrastructure. + +Major benefits: +- Detect system alerts — on premises and in the cloud +- Increase productivity of IT Managed Service Provider team +- Providing overall reports based on the search parameters diff --git a/docs/1secure/admin/riskprofiles/_category_.json b/docs/1secure/admin/riskprofiles/_category_.json new file mode 100644 index 0000000000..e8629118a1 --- /dev/null +++ b/docs/1secure/admin/riskprofiles/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Manage Risk Profiles", + "position": 60, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "riskprofiles" + } +} \ No newline at end of file diff --git a/docs/1secure/admin/riskprofiles/index.md b/docs/1secure/admin/riskprofiles/index.md deleted file mode 100644 index f15aaf8e3e..0000000000 --- a/docs/1secure/admin/riskprofiles/index.md +++ /dev/null @@ -1,118 +0,0 @@ ---- -id: manage-risk-profiles -title: "Manage Risk Profiles" -pagination_label: "Manage Risk Profiles" -sidebar_label: "Manage Risk Profiles" -sidebar_position: 75 -description: "Learn how to create and manage risk profiles with configurable risk thresholds for security vulnerability analysis." ---- - -# Manage Risk Profiles - -In Netwrix 1Secure, the Managed Service Provider (MSP) can create risk profiles.  A risk profile -consists of a set of risk metrics, each with preconfigured risk thresholds that represent low, -medium, and high risk levels for the metric. You cannot add new metrics but you can change the risk -thresholds for each metric. A risk metric is a measurable security parameter that helps analyze -potential vulnerabilities in an environment, such as disabled computer accounts, stale direct user -permission, inactive user accounts, etc. See the [ Manage Risk Metrics](/docs/1secure/admin/riskprofiles/riskmetrics.md) topic for -additional information. - -You can assign a risk profile to one or more organizations. This profile examines the nature and -level of threats faced by an organization. Once a risk profile is assigned to an organization, you -can do the following: - -- Generate state-in-time risk reports to get detailed information on specific security aspects of - your environment. A separate state-in-time report is generated for each risk metric in the - profile. See the [State In Time Risks Reports](/docs/1secure/admin/searchandreports/stateintime.md) topic for - additional information. -- Analyze risks for your managed organizations on the Risk Assessment Dashboard page. See the - [Risk Assessment Dashboard](/docs/1secure/admin/riskprofiles/riskassessmentdashboard.md) topic for additional information. - -**NOTE:** An organization can have only one risk profile assigned to it at a time. - -## View Risk Profiles - -Follow the steps to view the risk profiles created in 1Secure. - -**Step 1 –** Click **Configuration** in the top bar. The Managed organizations page is displayed, -that lists the managed organizations defined in 1Secure. - -**Step 2 –** In the left pane, click **Risk profiles**.The Risk profiles page is displayed. - -![Risk profiles list](/img/product_docs/1secure/admin/riskprofiles/riskprofiles.webp) - -Risk profiles are displayed in the list with the following information: - -- Risk profile – The name of the risk profile. Click a profile name to view risk metrics for that - profile. See the [ Manage Risk Metrics](/docs/1secure/admin/riskprofiles/riskmetrics.md) topic for additional information. -- Used in organizations – The number of organizations the risk profile is applied to. Click a value - to navigate to the Profile usage - `` pane that displays the organizations this risk - profile is applied to. - -Click a column header to sort data in the list by that column in ascending order. An arrow appears -next to the column name to indicate the sort order. Click the column header again to sort the data -in descending order. - -**NOTE:** The risk profile named Default Profile is available by default and is automatically -applied to all managed organizations. You can assign a different risk profile to an organization if -needed. You can do this when creating a new organization or editing an organization. See the -[Add Organizations](/docs/1secure/admin/organizations/addorganizations.md) topic for additional information. - -## Add a Risk Profile - -Follow the steps to create a risk profile. - -**Step 1 –** Click **Configuration** in the top bar. The Managed organizations page is displayed, -that lists the managed organizations defined in 1Secure. - -**Step 2 –** In the left pane, click **Risk profiles**.The Risk profiles page is displayed. - -**Step 3 –** Click **Add profile**. The New risk profile pane is displayed. - -![New risk profile pane](/img/product_docs/1secure/admin/riskprofiles/newriskprofilepane.webp) - -**Step 4 –** Enter a name for the risk profile in the Name field and click **Save**. - -The risk profile is added to the list on the Risk profiles page. You can: - -- Assign this profile to an organization. You can do this when creating a new organization or - editing an organization. See the [Add Organizations](/docs/1secure/admin/organizations/addorganizations.md) topic - for additional information. Navigate to the configuration page of an organization to see the name - of the risk profile assigned to it. -- Configure risk thresholds for the metrics in the risk profile. See - the[ Manage Risk Metrics](/docs/1secure/admin/riskprofiles/riskmetrics.md) topic for additional information. - -## Modify the Name of a Risk Profile - -Follow the steps to modify the name of a risk profile. - -**NOTE:** The risk profile named Default Profile cannot be modified. - -**Step 1 –** Click **Configuration** in the top bar. The Managed organizations page is displayed, -that lists the managed organizations defined in 1Secure. - -**Step 2 –** In the left pane, click **Risk profiles**.The Risk profiles page is displayed. - -**Step 3 –** Click the Edit icon for a risk profile. The Edit risk profile pane is displayed. - -**Step 4 –** Modify the name of the profile in the Name field. - -**Step 5 –** Click **Save**. - -## Delete a Risk Profile - -**NOTE:** (1) The risk profile named Default Profile cannot be deleted. (2) When a risk profile is -deleted, the Default Profile is automatically assigned to the organizations that were previously -assigned the deleted profile. - -Follow the steps to delete a risk profile. - -**Step 1 –** Click **Configuration** in the top bar. The Managed organizations page is displayed, -that lists the managed organizations defined in 1Secure. - -**Step 2 –** In the left pane, click **Risk profiles**.The Risk profiles page is displayed. - -**Step 3 –** Click the Delete icon for a risk profile to delete it. A dialog box is displayed, -prompting you to confirm the deletion. - -**Step 4 –** Click **Yes**. The risk profile is deleted from the system. diff --git a/docs/1secure/admin/riskprofiles/metrics_list.md b/docs/1secure/admin/riskprofiles/metrics_list.md index b4ba20a304..af5f1bea62 100644 --- a/docs/1secure/admin/riskprofiles/metrics_list.md +++ b/docs/1secure/admin/riskprofiles/metrics_list.md @@ -1,10 +1,7 @@ --- -id: risk-metrics-list title: "Risk Metrics List" -pagination_label: "Risk Metrics List" -sidebar_label: "Risk Metrics List" -sidebar_position: 76 -description: "Comprehensive list of all risk metrics included in risk profiles with descriptions and security implications." +description: "Risk Metrics List" +sidebar_position: 20 --- # Risk Metrics List diff --git a/docs/1secure/admin/riskprofiles/riskassessmentdashboard.md b/docs/1secure/admin/riskprofiles/riskassessmentdashboard.md index dea7b2f1b5..0546a2e1a7 100644 --- a/docs/1secure/admin/riskprofiles/riskassessmentdashboard.md +++ b/docs/1secure/admin/riskprofiles/riskassessmentdashboard.md @@ -1,10 +1,7 @@ --- -id: risk-assessment-dashboard title: "Risk Assessment Dashboard" -pagination_label: "Risk Assessment Dashboard" -sidebar_label: "Risk Assessment Dashboard" -sidebar_position: 77 -description: "Learn how to use the Risk Assessment dashboard to monitor security posture and track vulnerabilities for organizations." +description: "Risk Assessment Dashboard" +sidebar_position: 30 --- # Risk Assessment Dashboard @@ -28,7 +25,7 @@ On the Risk Assessment dashboard, you can check: _Remember,_ each organization has a risk profile associated with it and the risk analysis of an organization is based on the metrics included in the risk profile. See the -[Manage Risk Profiles](/docs/1secure/admin/riskprofiles/index.md) topic for additional information. +[Manage Risk Profiles](/docs/1secure/admin/riskprofiles/riskprofiles.md) topic for additional information. ## View the Risk Assessment Dashboard @@ -236,7 +233,7 @@ The left pane displays the following details for an enumerated risk: - Remediate – On clicking this button, the Remediate `` pane is displayed, which provides AI-generated step-by-step guidance to help you remediate the risk. - Edit risk settings – Click this link to navigate to the Risk Profiles page where you can manage - the risk profiles. See the [Manage Risk Profiles](/docs/1secure/admin/riskprofiles/index.md) topic for additional + the risk profiles. See the [Manage Risk Profiles](/docs/1secure/admin/riskprofiles/riskprofiles.md) topic for additional information. Boolean Risk Details @@ -257,7 +254,7 @@ The left pane displays the following details for a Boolean risk: - Remediate – On clicking this button, the Remediate `` pane is displayed, which provides AI-generated step-by-step guidance to help you remediate the risk. - Edit risk settings – Click this link to navigate to the Risk Profiles page where you can manage - the risk profiles. See the [Manage Risk Profiles](/docs/1secure/admin/riskprofiles/index.md) topic for additional + the risk profiles. See the [Manage Risk Profiles](/docs/1secure/admin/riskprofiles/riskprofiles.md) topic for additional information. ## Export a Risk Assessment Report for an Organization diff --git a/docs/1secure/admin/riskprofiles/riskmetrics.md b/docs/1secure/admin/riskprofiles/riskmetrics.md index 043f8cf3ca..1248e40c3c 100644 --- a/docs/1secure/admin/riskprofiles/riskmetrics.md +++ b/docs/1secure/admin/riskprofiles/riskmetrics.md @@ -1,10 +1,7 @@ --- -id: manage-risk-metrics title: "Manage Risk Metrics" -pagination_label: "Manage Risk Metrics" -sidebar_label: "Manage Risk Metrics" -sidebar_position: 78 -description: "Learn how to view, modify, and manage risk thresholds for security metrics within risk profiles." +description: "Manage Risk Metrics" +sidebar_position: 10 --- # Manage Risk Metrics diff --git a/docs/1secure/admin/riskprofiles/riskprofiles.md b/docs/1secure/admin/riskprofiles/riskprofiles.md new file mode 100644 index 0000000000..afd0f7e61e --- /dev/null +++ b/docs/1secure/admin/riskprofiles/riskprofiles.md @@ -0,0 +1,115 @@ +--- +title: "Manage Risk Profiles" +description: "Manage Risk Profiles" +sidebar_position: 60 +--- + +# Manage Risk Profiles + +In Netwrix 1Secure, the Managed Service Provider (MSP) can create risk profiles.  A risk profile +consists of a set of risk metrics, each with preconfigured risk thresholds that represent low, +medium, and high risk levels for the metric. You cannot add new metrics but you can change the risk +thresholds for each metric. A risk metric is a measurable security parameter that helps analyze +potential vulnerabilities in an environment, such as disabled computer accounts, stale direct user +permission, inactive user accounts, etc. See the [ Manage Risk Metrics](/docs/1secure/admin/riskprofiles/riskmetrics.md) topic for +additional information. + +You can assign a risk profile to one or more organizations. This profile examines the nature and +level of threats faced by an organization. Once a risk profile is assigned to an organization, you +can do the following: + +- Generate state-in-time risk reports to get detailed information on specific security aspects of + your environment. A separate state-in-time report is generated for each risk metric in the + profile. See the [State In Time Risks Reports](/docs/1secure/admin/searchandreports/stateintime.md) topic for + additional information. +- Analyze risks for your managed organizations on the Risk Assessment Dashboard page. See the + [Risk Assessment Dashboard](/docs/1secure/admin/riskprofiles/riskassessmentdashboard.md) topic for additional information. + +**NOTE:** An organization can have only one risk profile assigned to it at a time. + +## View Risk Profiles + +Follow the steps to view the risk profiles created in 1Secure. + +**Step 1 –** Click **Configuration** in the top bar. The Managed organizations page is displayed, +that lists the managed organizations defined in 1Secure. + +**Step 2 –** In the left pane, click **Risk profiles**.The Risk profiles page is displayed. + +![Risk profiles list](/img/product_docs/1secure/admin/riskprofiles/riskprofiles.webp) + +Risk profiles are displayed in the list with the following information: + +- Risk profile – The name of the risk profile. Click a profile name to view risk metrics for that + profile. See the [ Manage Risk Metrics](/docs/1secure/admin/riskprofiles/riskmetrics.md) topic for additional information. +- Used in organizations – The number of organizations the risk profile is applied to. Click a value + to navigate to the Profile usage - `` pane that displays the organizations this risk + profile is applied to. + +Click a column header to sort data in the list by that column in ascending order. An arrow appears +next to the column name to indicate the sort order. Click the column header again to sort the data +in descending order. + +**NOTE:** The risk profile named Default Profile is available by default and is automatically +applied to all managed organizations. You can assign a different risk profile to an organization if +needed. You can do this when creating a new organization or editing an organization. See the +[Add Organizations](/docs/1secure/admin/organizations/addorganizations.md) topic for additional information. + +## Add a Risk Profile + +Follow the steps to create a risk profile. + +**Step 1 –** Click **Configuration** in the top bar. The Managed organizations page is displayed, +that lists the managed organizations defined in 1Secure. + +**Step 2 –** In the left pane, click **Risk profiles**.The Risk profiles page is displayed. + +**Step 3 –** Click **Add profile**. The New risk profile pane is displayed. + +![New risk profile pane](/img/product_docs/1secure/admin/riskprofiles/newriskprofilepane.webp) + +**Step 4 –** Enter a name for the risk profile in the Name field and click **Save**. + +The risk profile is added to the list on the Risk profiles page. You can: + +- Assign this profile to an organization. You can do this when creating a new organization or + editing an organization. See the [Add Organizations](/docs/1secure/admin/organizations/addorganizations.md) topic + for additional information. Navigate to the configuration page of an organization to see the name + of the risk profile assigned to it. +- Configure risk thresholds for the metrics in the risk profile. See + the[ Manage Risk Metrics](/docs/1secure/admin/riskprofiles/riskmetrics.md) topic for additional information. + +## Modify the Name of a Risk Profile + +Follow the steps to modify the name of a risk profile. + +**NOTE:** The risk profile named Default Profile cannot be modified. + +**Step 1 –** Click **Configuration** in the top bar. The Managed organizations page is displayed, +that lists the managed organizations defined in 1Secure. + +**Step 2 –** In the left pane, click **Risk profiles**.The Risk profiles page is displayed. + +**Step 3 –** Click the Edit icon for a risk profile. The Edit risk profile pane is displayed. + +**Step 4 –** Modify the name of the profile in the Name field. + +**Step 5 –** Click **Save**. + +## Delete a Risk Profile + +**NOTE:** (1) The risk profile named Default Profile cannot be deleted. (2) When a risk profile is +deleted, the Default Profile is automatically assigned to the organizations that were previously +assigned the deleted profile. + +Follow the steps to delete a risk profile. + +**Step 1 –** Click **Configuration** in the top bar. The Managed organizations page is displayed, +that lists the managed organizations defined in 1Secure. + +**Step 2 –** In the left pane, click **Risk profiles**.The Risk profiles page is displayed. + +**Step 3 –** Click the Delete icon for a risk profile to delete it. A dialog box is displayed, +prompting you to confirm the deletion. + +**Step 4 –** Click **Yes**. The risk profile is deleted from the system. diff --git a/docs/1secure/admin/searchandreports/_category_.json b/docs/1secure/admin/searchandreports/_category_.json new file mode 100644 index 0000000000..27e1cbec96 --- /dev/null +++ b/docs/1secure/admin/searchandreports/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Search and Reports", + "position": 40, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/1secure/admin/searchandreports/activity.md b/docs/1secure/admin/searchandreports/activity.md index ba0b4a1ad4..2d8f96471b 100644 --- a/docs/1secure/admin/searchandreports/activity.md +++ b/docs/1secure/admin/searchandreports/activity.md @@ -1,10 +1,7 @@ --- -id: activity-reports title: "Activity Reports" -pagination_label: "Activity Reports" -sidebar_label: "Activity Reports" -sidebar_position: 48 -description: "Learn how to monitor and analyze user activities with detailed activity reports and custom filters." +description: "Activity Reports" +sidebar_position: 10 --- # Activity Reports diff --git a/docs/1secure/admin/searchandreports/applyfilters.md b/docs/1secure/admin/searchandreports/applyfilters.md index 5efeef9169..de6ae919f2 100644 --- a/docs/1secure/admin/searchandreports/applyfilters.md +++ b/docs/1secure/admin/searchandreports/applyfilters.md @@ -1,10 +1,7 @@ --- -id: apply-filters title: "Apply Filters" -pagination_label: "Apply Filters" -sidebar_label: "Apply Filters" -sidebar_position: 49 -description: "Learn how to use filters to narrow search results and create custom filter combinations for precise reporting." +description: "Apply Filters" +sidebar_position: 90 --- # Apply Filters @@ -24,7 +21,7 @@ reports with the predefined filters. To create a unique set of filters, you can: **NOTE:** All reports on the **Reports** > **Activity** tab are associated with the respective alerts. Click the **Alerts Timeline Dashboard** in the upper left corner of the page to view the -alerts for your organization. See the [Alerts](/docs/1secure/admin/alerts/index.md) topic for additional +alerts for your organization. See the [Alerts](/docs/1secure/admin/alerts/alerts.md) topic for additional information. | Icon | Description | diff --git a/docs/1secure/admin/searchandreports/auditlogs.md b/docs/1secure/admin/searchandreports/auditlogs.md index 501a271ba6..cfcf3961bd 100644 --- a/docs/1secure/admin/searchandreports/auditlogs.md +++ b/docs/1secure/admin/searchandreports/auditlogs.md @@ -1,10 +1,7 @@ --- -id: generate-a-self-audit-report title: "Generate a Self-Audit Report" -pagination_label: "Generate a Self-Audit Report" -sidebar_label: "Generate a Self-Audit Report" -sidebar_position: 50 -description: "Learn how to generate self-audit reports to track changes to 1Secure configuration and monitoring scope." +description: "Generate a Self-Audit Report" +sidebar_position: 60 --- # Generate a Self-Audit Report diff --git a/docs/1secure/admin/searchandreports/billableusers.md b/docs/1secure/admin/searchandreports/billableusers.md index 70fe803418..3176110443 100644 --- a/docs/1secure/admin/searchandreports/billableusers.md +++ b/docs/1secure/admin/searchandreports/billableusers.md @@ -1,10 +1,7 @@ --- -id: billable-users-report title: "Billable Users Report" -pagination_label: "Billable Users Report" -sidebar_label: "Billable Users Report" -sidebar_position: 51 -description: "Learn how to generate reports on billable Active Directory and Microsoft Entra ID accounts for your organization." +description: "Billable Users Report" +sidebar_position: 110 --- # Billable Users Report @@ -15,7 +12,7 @@ Directory/Microsoft Entra ID (formerly Azure AD) accounts for your organization | Icon | Description | | --------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| ![businessuserslock](/img/product_docs/1secure/admin/searchandreports/businessuserslock.webp) | Lock Icon. It shows that the business users cannot view the report. See the [Add Users](/docs/1secure/admin/organizations/addingusers.md) topic for additional information on the business users. | +| ![businessuserslock](/img/product_docs/1secure/admin/searchandreports/businessuserslock.webp) | Lock Icon. It shows that the business users cannot view the report. See the [Add Users](/docs/1secure/admin/organizations/addingusers/addingusers.md) topic for additional information on the business users. | ## Review a Report diff --git a/docs/1secure/admin/searchandreports/compliance.md b/docs/1secure/admin/searchandreports/compliance.md index 9c0646da85..36fec93016 100644 --- a/docs/1secure/admin/searchandreports/compliance.md +++ b/docs/1secure/admin/searchandreports/compliance.md @@ -1,10 +1,7 @@ --- -id: compliance-reports title: "Compliance Reports" -pagination_label: "Compliance Reports" -sidebar_label: "Compliance Reports" -sidebar_position: 52 -description: "Learn how to generate compliance reports for Microsoft Entra ID, Active Directory, and SharePoint Online configurations." +description: "Compliance Reports" +sidebar_position: 20 --- # Compliance Reports diff --git a/docs/1secure/admin/searchandreports/customreports.md b/docs/1secure/admin/searchandreports/customreports.md index 1732034ef5..67efeeff9c 100644 --- a/docs/1secure/admin/searchandreports/customreports.md +++ b/docs/1secure/admin/searchandreports/customreports.md @@ -1,10 +1,7 @@ --- -id: custom-reports title: "Custom Reports" -pagination_label: "Custom Reports" -sidebar_label: "Custom Reports" -sidebar_position: 53 -description: "Learn how to create and save custom reports with specific filter sets for recurring analysis." +description: "Custom Reports" +sidebar_position: 50 --- # Custom Reports @@ -48,7 +45,7 @@ generated. **Step 8 –** Optionally, select the **Share with business users** check box to share the report with business users. See the -[Add the Business Viewer Role](/docs/1secure/admin/organizations/addingusers.md#add-the-business-viewer-role) topic +[Add the Business Viewer Role](/docs/1secure/admin/organizations/addingusers/addingusers.md#add-the-business-viewer-role) topic for additional information on shared reports. **NOTE:** This check box is not available for End Customer Organizations. @@ -58,7 +55,7 @@ for additional information on shared reports. Your custom report is created under the respective category. **NOTE:** You may link this report to an alert. See the -[Add a Custom Alert](/docs/1secure/admin/alerts/index.md#add-a-custom-alert) topic for additional information. +[Add a Custom Alert](/docs/1secure/admin/alerts/alerts.md#add-a-custom-alert) topic for additional information. ## Modify a Custom Report diff --git a/docs/1secure/admin/searchandreports/exportreport.md b/docs/1secure/admin/searchandreports/exportreport.md index 78fb45a965..b8c1609c8b 100644 --- a/docs/1secure/admin/searchandreports/exportreport.md +++ b/docs/1secure/admin/searchandreports/exportreport.md @@ -1,10 +1,7 @@ --- -id: export-a-report-or-investigation-results title: "Export a Report or Investigation Results" -pagination_label: "Export a Report or Investigation Results" -sidebar_label: "Export a Report or Investigation Results" -sidebar_position: 54 -description: "Learn how to export investigation results and reports as Excel files for easier review and analysis." +description: "Export a Report or Investigation Results" +sidebar_position: 70 --- # Export a Report or Investigation Results diff --git a/docs/1secure/admin/searchandreports/filteroperators.md b/docs/1secure/admin/searchandreports/filteroperators.md index 533942864d..a8d1c58a72 100644 --- a/docs/1secure/admin/searchandreports/filteroperators.md +++ b/docs/1secure/admin/searchandreports/filteroperators.md @@ -1,10 +1,7 @@ --- -id: filter-operators title: "Filter Operators" -pagination_label: "Filter Operators" -sidebar_label: "Filter Operators" -sidebar_position: 55 -description: "Learn about filter operators and search conditions for precise data retrieval and comparison." +description: "Filter Operators" +sidebar_position: 100 --- # Filter Operators diff --git a/docs/1secure/admin/searchandreports/index.md b/docs/1secure/admin/searchandreports/index.md deleted file mode 100644 index 40ae3149c3..0000000000 --- a/docs/1secure/admin/searchandreports/index.md +++ /dev/null @@ -1,38 +0,0 @@ ---- -id: search-and-reports -title: "Search and Reports" -pagination_label: "Search and Reports" -sidebar_label: "Search and Reports" -sidebar_position: 47 -description: "Learn how to use the search interface and create flexible reports for investigating incidents and activities." ---- - -# Search and Reports - -Netwrix 1Secure provides a convenient search interface for investigating incidents, suspicious -activities, collected across the entire IT infrastructure. Netwrix 1Secure allows creating flexible -searches in order to receive precise results on _who_ changed _what_, _when_, or _where_, for -example. - -Based on your filter preferences, you can create your customized report or choose the report from -the list with the predefined filter settings. - -This functionality is currently available for the following data sources: - -- Active Directory (on-premise) -- Azure AD -- Computer -- Exchange Online -- SharePoint Online - -Netwrix 1Secure also provides possibility for generating state-in-time reports. This functionality -is currently available for the following connectors: - -- Active Directory State -- Microsoft Entra ID State - -See the following topics for additional information: - -- [Apply Filters](/docs/1secure/admin/searchandreports/applyfilters.md) -- Create Reports with Custom Filters -- [State In Time Risks Reports](/docs/1secure/admin/searchandreports/stateintime.md) diff --git a/docs/1secure/admin/searchandreports/overview.md b/docs/1secure/admin/searchandreports/overview.md new file mode 100644 index 0000000000..116aa1fa93 --- /dev/null +++ b/docs/1secure/admin/searchandreports/overview.md @@ -0,0 +1,35 @@ +--- +title: "Search and Reports" +description: "Search and Reports" +sidebar_position: 40 +--- + +# Search and Reports + +Netwrix 1Secure provides a convenient search interface for investigating incidents, suspicious +activities, collected across the entire IT infrastructure. Netwrix 1Secure allows creating flexible +searches in order to receive precise results on _who_ changed _what_, _when_, or _where_, for +example. + +Based on your filter preferences, you can create your customized report or choose the report from +the list with the predefined filter settings. + +This functionality is currently available for the following data sources: + +- Active Directory (on-premise) +- Azure AD +- Computer +- Exchange Online +- SharePoint Online + +Netwrix 1Secure also provides possibility for generating state-in-time reports. This functionality +is currently available for the following connectors: + +- Active Directory State +- Microsoft Entra ID State + +See the following topics for additional information: + +- [Apply Filters](/docs/1secure/admin/searchandreports/applyfilters.md) +- Create Reports with Custom Filters +- [State In Time Risks Reports](/docs/1secure/admin/searchandreports/stateintime.md) diff --git a/docs/1secure/admin/searchandreports/stateintime.md b/docs/1secure/admin/searchandreports/stateintime.md index 9391977e10..23cf61754a 100644 --- a/docs/1secure/admin/searchandreports/stateintime.md +++ b/docs/1secure/admin/searchandreports/stateintime.md @@ -1,10 +1,7 @@ --- -id: state-in-time-risks-reports title: "State In Time Risks Reports" -pagination_label: "State In Time Risks Reports" -sidebar_label: "State In Time Risks Reports" -sidebar_position: 56 -description: "Learn how to generate state-in-time reports based on risk profiles to analyze environment configurations at specific points in time." +description: "State In Time Risks Reports" +sidebar_position: 30 --- # State In Time Risks Reports @@ -142,7 +139,7 @@ This table provides a list of filters and descriptions. | Member through | Specify whether a group is a member of a group explicitly or inherited from another group. For example, Group A > Admin Group (Group A is explicitly a member of Admin Group) Group B > Group C > Admin Group (Group C is explicitly a member of Admin Group while Group B is an inherited member of Admin Group) If you do not specify the value, it will include both. If your Value is Inherited, it will only show Group B, and if you Value is Explicit, it will show Group A and Group C | | Status | Filters the report based on any of the following user account statuses: - Enabled - Disabled | | Source Type | Filters the report based on any of the following source types: - AD Group - Entra ID Group - Windows Local Group - SharePoint Online Group | -| Source | Filters the report based on the name of a data source. The data source name corresponds to the value specified in the Source Group field when adding a data source. See the [Sources and Connectors](/docs/1secure/admin/organizations/sourcesandconnectors/index.md) topic for additional information. | +| Source | Filters the report based on the name of a data source. The data source name corresponds to the value specified in the Source Group field when adding a data source. See the [Sources and Connectors](/docs/1secure/admin/organizations/sourcesandconnectors/overview.md) topic for additional information. | | Name | Filters the report based on the name of a user or computer account. | | Location | Filters the report based on the location of an account in the directory. For example, Guest is an account name and its location is SSA-D4.local/Users/Guest. | | Role | Filters the report based on a role, such as Global Administrator. | diff --git a/docs/1secure/admin/searchandreports/subscriptions.md b/docs/1secure/admin/searchandreports/subscriptions.md index 047ad92470..cb0a3ed55e 100644 --- a/docs/1secure/admin/searchandreports/subscriptions.md +++ b/docs/1secure/admin/searchandreports/subscriptions.md @@ -1,10 +1,7 @@ --- -id: subscriptions title: "Subscriptions" -pagination_label: "Subscriptions" -sidebar_label: "Subscriptions" -sidebar_position: 57 -description: "Learn how to schedule and automatically deliver reports to email addresses or SharePoint Online folders." +description: "Subscriptions" +sidebar_position: 80 --- # Subscriptions @@ -97,7 +94,7 @@ specify the settings for SharePoint Online delivery. **NOTE:** If you encounter the message, Integration required, you must first configure your integration for SharePoint Online. See the -[SharePoint Online](/docs/1secure/integrations/sharepointonline.md) topic for additional information. +[SharePoint Online](/docs/1secure/integration/sharepointonline.md) topic for additional information. Expand the SharePoint Online Settings section and specify the following settings for saving the report: diff --git a/docs/1secure/admin/searchandreports/system.md b/docs/1secure/admin/searchandreports/system.md index 9b9d35399d..c865e451fa 100644 --- a/docs/1secure/admin/searchandreports/system.md +++ b/docs/1secure/admin/searchandreports/system.md @@ -1,10 +1,7 @@ --- -id: system-reports title: "System Reports" -pagination_label: "System Reports" -sidebar_label: "System Reports" -sidebar_position: 58 -description: "Learn how to review automatically generated system reports including Billable Users insights." +description: "System Reports" +sidebar_position: 40 --- # System Reports diff --git a/docs/1secure/admin/statuses.md b/docs/1secure/admin/statuses.md new file mode 100644 index 0000000000..99a354145d --- /dev/null +++ b/docs/1secure/admin/statuses.md @@ -0,0 +1,20 @@ +--- +title: "Statuses" +description: "Statuses" +sidebar_position: 80 +--- + +# Statuses + +Statuses in Netwrix 1Secure allow you check up the state of the system, specifically - sources, +agent, and connectors. As you add your sources, connectors, install the agent, Netwrix 1Secure +provides several statuses for these: + +![statuses_chart](/img/product_docs/1secure/admin/statuses_chart.webp) + +**NOTE:** The New status changes to Healthy status when the agent finishes collection from the +environment. The time frame for a change may be within a minute up to several hours depending on the +environment size. + +You can also review the agent status while adding the organization. See the +[Manage Organizations](/docs/1secure/admin/organizations/overview.md) topic for more information. \ No newline at end of file diff --git a/docs/1secure/admin/updatenetwrixcloudagent.md b/docs/1secure/admin/updatenetwrixcloudagent.md new file mode 100644 index 0000000000..c0a5e1dc65 --- /dev/null +++ b/docs/1secure/admin/updatenetwrixcloudagent.md @@ -0,0 +1,89 @@ +--- +title: "Updating Netwrix Cloud Agent" +description: "Updating Netwrix Cloud Agent" +sidebar_position: 100 +--- + +# Updating Netwrix Cloud Agent + +With Netwrix 1Secure, you can both update the version of the agent by installing new agent or using +Self-update function. The Self-update saves your time from installing the new version repeatedly, +while providing real-time notifications, managing agent schedule, and bulk update option. + +During the update process, your activity monitoring will not be disrupted. + +| Icon | Description | +| --------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------- | +| ![selfupdate_icon](/img/product_docs/1secure/admin/selfupdate_icon.webp) | Bell Icon. Click the Bell Icon to look up for the available updates of the Netwrix Cloud Agent. | + +## Update Agents in Bulk + +Follow the steps to update agents in bulk. + +**Step 1 –** To update selected agents, on the Managed Organizations page, select **Bulk Update +Agent**. + +![updateagents](/img/product_docs/1secure/admin/updateagents.webp) + +**Step 2 –** On the Update Agents page, check the boxes next to agents you wish to update and click +**Confirm**. + +The agents are now updated. + +## Edit Agent Update Schedule + +Follow the steps to update agent schedule. + +**Step 1 –** To edit the agent update schedule, on the Managed Organizations page, select **Agent +Update Settings**. The Edit Agent Update Schedule page displays. + +![editagentupdatesschedule2](/img/product_docs/1secure/admin/editagentupdatesschedule2.webp) + +**Step 2 –** In the Update Schedule section, select Enabled. + +**Step 3 –** In the Update Window section, configure the options to specify when you want the update +to occur. + +**Step 4 –** Select Confirm. + +The agent update schedule is now configured. + +## Enable Self-Update Function + +Follow the steps to enable the self-update function . + +**Step 1 –** To look up the available updates, click the **Bell** icon. The panel with available +updates displays. + +![selfupdate_panel](/img/product_docs/1secure/admin/selfupdate_panel.webp) + +**Step 2 –** Click **Fix** for the agents to be updated. Now you can see the list of organizations +and which agents may be updated to the new version. + +**Step 3 –** Click **Update available** to update the agent to the current version. The Edit Agent +Update Schedule page displays, offering you the proposed version. + +![editagentupdatesschedule](/img/product_docs/1secure/admin/editagentupdatesschedule.webp) + +**Step 4 –** Select **Confirm**. The agent shall update and upload a new .msi file of your agent. + +**Step 5 –** Alternately, update the version for an organization from the Managed organizations +page. Select the **organization** and then the **Sites** tab. + +![updateagents2](/img/product_docs/1secure/admin/updateagents2.webp) + +**Step 6 –** Click Update. + +**Step 7 –** Toggle on Override Tenancy Defaults if you want to change the update defaults for that +organization. + +**Step 8 –** Click Edit. + +**Step 9 –** On the Edit Agent Update Schedule window, select Enabled and apply the required +parameters to specify when you want the update occur. + +![editagentupdatesschedule2](/img/product_docs/1secure/admin/editagentupdatesschedule2.webp) + +**Step 10 –** Click **Confirm**. + +The self-update function is now configured. \ No newline at end of file diff --git a/docs/1secure/configuration/_category_.json b/docs/1secure/configuration/_category_.json new file mode 100644 index 0000000000..374d319b9e --- /dev/null +++ b/docs/1secure/configuration/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Configure IT Infrastructure for Auditing and Monitoring", + "position": 30, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/1secure/configuration/activedirectory/admanual.md b/docs/1secure/configuration/activedirectory/admanual.md deleted file mode 100644 index 76156cab3a..0000000000 --- a/docs/1secure/configuration/activedirectory/admanual.md +++ /dev/null @@ -1,35 +0,0 @@ ---- -id: configure-domain-for-monitoring-active-directory -title: "Configure Domain for Monitoring Active Directory" -pagination_label: "Configure Domain for Monitoring Active Directory" -sidebar_label: "Configure Domain for Monitoring Active Directory" -sidebar_position: 101 -description: "Learn how to configure your Active Directory domain for monitoring using automatic or manual methods." ---- - -# Configure Domain for Monitoring Active Directory - -You can configure your Active Directory domain for monitoring in one of the following ways: - -- Automatically when creating an organization - - This method is recommended for evaluation purposes in test environments. If any conflicts are - detected with your current audit settings, automatic audit configuration will not be - performed.For a full list of audit settings required for Netwrix 1Secure to collect - comprehensive audit data and instructions on how to configure them, refer to - [Configure IT Infrastructure for Auditing and Monitoring](/docs/1secure/configuration/configureitinfrastructure.md). - - If you select to automatically configure audit in the target environment, your current audit - settings will be checked on each data collection and adjusted if necessary. - -- Manually. - -Also, perform the following procedures: - -- [Configure Basic Domain Audit Policies](/docs/1secure/configuration/activedirectory/domainauditpolicies.md) or - [Configure Advanced Audit Policies](/docs/1secure/configuration/activedirectory/advancedpolicy.md). Either local or advanced audit policies - must be configured to track changes to accounts and groups, and to identify workstations where - changes were made. -- [Configure Object-Level Auditing](/docs/1secure/configuration/activedirectory/objectlevel.md) -- Adjust Security Event Log Size and Retention Settings -- [Enable Secondary Logon Service](/docs/1secure/configuration/activedirectory/secondarylogonservice.md) diff --git a/docs/1secure/configuration/activedirectory/auto.md b/docs/1secure/configuration/activedirectory/auto.md deleted file mode 100644 index a50549f840..0000000000 --- a/docs/1secure/configuration/activedirectory/auto.md +++ /dev/null @@ -1,26 +0,0 @@ ---- -id: active-directory-automatic-configuration -title: "Active Directory: automatic configuration" -pagination_label: "Active Directory: automatic configuration" -sidebar_label: "Active Directory: automatic configuration" -sidebar_position: 104 -description: "Learn how to automatically apply Active Directory audit settings required by Netwrix 1Secure." ---- - -# Active Directory: automatic configuration - -This is a recommended method of applying Active Directory audit settings required by Netwrix 1Secure -to monitor your AD domain. With this approach, the program will check your current audit settings at -each data collection session and adjust them if necessary. - -To adjust audit settings automatically, do any of the following: - -- When creating an organization, select the **Adjust audit settings automatically** option. - -- For the existing organization, modify data collection settings for Active Directory, selecting - **Adjust audit settings automatically** option. - -See also: - -- [Configure Domain for Monitoring Active Directory](/docs/1secure/configuration/activedirectory/admanual.md) -- [Active Directory: manual configuration](/docs/1secure/configuration/activedirectory/cfgmanual.md) diff --git a/docs/1secure/configuration/activedirectory/cfgmanual.md b/docs/1secure/configuration/activedirectory/cfgmanual.md deleted file mode 100644 index e4e04ae146..0000000000 --- a/docs/1secure/configuration/activedirectory/cfgmanual.md +++ /dev/null @@ -1,52 +0,0 @@ ---- -id: active-directory-manual-configuration -title: "Active Directory: manual configuration" -pagination_label: "Active Directory: manual configuration" -sidebar_label: "Active Directory: manual configuration" -sidebar_position: 105 -description: "Learn how to manually configure your domain for Active Directory monitoring using Group Policy Management Console or ADSI Edit." ---- - -# Active Directory: manual configuration - -To configure your domain for monitoring manually, you will need: - -- **Group Policy Management Console** — if you plan to perform configuration steps from a domain - controller - - -OR- - -- **ADSI Edit** — if you plan to perform configuration steps from a server other than domain - controller - -If these tools are not installed, refer to the related topics: - -- [Install ADSI Edit](/docs/1secure/configuration/activedirectory/adsi.md) -- [Group Policy Management Console](/docs/1secure/configuration/activedirectory/grouppolicymanagementconsole.md) - -Take the following configuration steps: - -**Step 1 –** Configure effective domain controllers policy (by default, Default Domain Controllers -Policy). See [Configure Basic Domain Audit Policies](/docs/1secure/configuration/activedirectory/domainauditpolicies.md) or -[Configure Advanced Audit Policies](/docs/1secure/configuration/activedirectory/advancedpolicy.md) for details. - -**Step 2 –** [Configure Object-Level Auditing](/docs/1secure/configuration/activedirectory/objectlevel.md) - -**Step 3 –** Adjust Security Event Log Size and Retention Settings - -**Step 4 –** If you have an on-premises Exchange server in your Active Directory domain, consider -that some changes to AD can be made via that Exchange server. To be able to audit and report who -made those changes, you should -[Configure Exchange Administrator Audit Logging Settings](/docs/1secure/admin/datacollection/activedirectory/auditlogging.md) - -Also, remember to do the following for AD auditing: - -**Step 1 –** Configure Data Collecting Account, as described in -[Active Directory Auditing](/docs/1secure/admin/datacollection/activedirectory/activedirectoryauditing.md) - -**Step 2 –** Configure required protocols and ports, as described in -[Protocols and Ports Required for Monitoring Active Directory, Exchange, and Group Policy](/docs/1secure/configuration/activedirectory/protocolsandports.md) -topic. - -**Step 3 –** [Enable Secondary Logon Service](/docs/1secure/configuration/activedirectory/secondarylogonservice.md) on the computer where -Netwrix Cloud Agent resides. diff --git a/docs/1secure/configuration/activedirectory/secondarylogonservice.md b/docs/1secure/configuration/activedirectory/secondarylogonservice.md deleted file mode 100644 index d8b52ec08e..0000000000 --- a/docs/1secure/configuration/activedirectory/secondarylogonservice.md +++ /dev/null @@ -1,19 +0,0 @@ ---- -id: enable-secondary-logon-service -title: "Enable Secondary Logon Service" -pagination_label: "Enable Secondary Logon Service" -sidebar_label: "Enable Secondary Logon Service" -sidebar_position: 110 -description: "Learn how to enable the Secondary Logon service on the computer where Netwrix Cloud Agent resides." ---- - -# Enable Secondary Logon Service - -**Step 1 –** On the computer where Netwrix Cloud Agent resides, navigate to **Start** > **Windows -Administrative** Tools (Windows Server 2016 and higher) or Administrative Tools (Windows 2012) **> -Services**. - -**Step 2 –** In the **Services** dialog, locate the **Secondary Logon** service. - -**Step 3 –** Right-click the service and on the **General** tab make sure that **Startup type** for -this service is other than _Disabled_. Startup type can be either _Automatic_ or _Manual_. diff --git a/docs/1secure/configuration/admanual/_category_.json b/docs/1secure/configuration/admanual/_category_.json new file mode 100644 index 0000000000..15c6e7eb23 --- /dev/null +++ b/docs/1secure/configuration/admanual/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Configure Domain for Monitoring Active Directory", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "admanual" + } +} \ No newline at end of file diff --git a/docs/1secure/configuration/admanual/admanual.md b/docs/1secure/configuration/admanual/admanual.md new file mode 100644 index 0000000000..d8f269d837 --- /dev/null +++ b/docs/1secure/configuration/admanual/admanual.md @@ -0,0 +1,32 @@ +--- +title: "Configure Domain for Monitoring Active Directory" +description: "Configure Domain for Monitoring Active Directory" +sidebar_position: 50 +--- + +# Configure Domain for Monitoring Active Directory + +You can configure your Active Directory domain for monitoring in one of the following ways: + +- Automatically when creating an organization + + This method is recommended for evaluation purposes in test environments. If any conflicts are + detected with your current audit settings, automatic audit configuration will not be + performed.For a full list of audit settings required for Netwrix 1Secure to collect + comprehensive audit data and instructions on how to configure them, refer to + [Configure IT Infrastructure for Auditing and Monitoring](/docs/1secure/configuration/configureitinfrastructure.md). + + If you select to automatically configure audit in the target environment, your current audit + settings will be checked on each data collection and adjusted if necessary. + +- Manually. + +Also, perform the following procedures: + +- [Configure Basic Domain Audit Policies](/docs/1secure/configuration/admanual/domainauditpolicies.md) or + [Configure Advanced Audit Policies](/docs/1secure/configuration/admanual/advancedpolicy.md). Either local or advanced audit policies + must be configured to track changes to accounts and groups, and to identify workstations where + changes were made. +- [Configure Object-Level Auditing](/docs/1secure/configuration/admanual/objectlevel.md) +- Adjust Security Event Log Size and Retention Settings +- [Enable Secondary Logon Service](/docs/1secure/configuration/admanual/secondarylogonservice.md) diff --git a/docs/1secure/configuration/activedirectory/adsi.md b/docs/1secure/configuration/admanual/adsi.md similarity index 85% rename from docs/1secure/configuration/activedirectory/adsi.md rename to docs/1secure/configuration/admanual/adsi.md index 50d0919517..c3aca4769f 100644 --- a/docs/1secure/configuration/activedirectory/adsi.md +++ b/docs/1secure/configuration/admanual/adsi.md @@ -1,10 +1,7 @@ --- -id: install-adsi-edit title: "Install ADSI Edit" -pagination_label: "Install ADSI Edit" -sidebar_label: "Install ADSI Edit" -sidebar_position: 102 -description: "Learn how to install ADSI Edit utility for viewing and managing Active Directory objects and attributes." +description: "Install ADSI Edit" +sidebar_position: 100 --- # Install ADSI Edit diff --git a/docs/1secure/configuration/activedirectory/advancedpolicy.md b/docs/1secure/configuration/admanual/advancedpolicy.md similarity index 93% rename from docs/1secure/configuration/activedirectory/advancedpolicy.md rename to docs/1secure/configuration/admanual/advancedpolicy.md index 5926ebeaa0..0ae1b9884b 100644 --- a/docs/1secure/configuration/activedirectory/advancedpolicy.md +++ b/docs/1secure/configuration/admanual/advancedpolicy.md @@ -1,10 +1,7 @@ --- -id: configure-advanced-audit-policies title: "Configure Advanced Audit Policies" -pagination_label: "Configure Advanced Audit Policies" -sidebar_label: "Configure Advanced Audit Policies" -sidebar_position: 103 -description: "Learn how to configure advanced audit policies for more granular Active Directory change tracking." +description: "Configure Advanced Audit Policies" +sidebar_position: 10 --- # Configure Advanced Audit Policies diff --git a/docs/1secure/configuration/admanual/auto.md b/docs/1secure/configuration/admanual/auto.md new file mode 100644 index 0000000000..1ea962ebfe --- /dev/null +++ b/docs/1secure/configuration/admanual/auto.md @@ -0,0 +1,23 @@ +--- +title: "Active Directory: automatic configuration" +description: "Active Directory: automatic configuration" +sidebar_position: 20 +--- + +# Active Directory: automatic configuration + +This is a recommended method of applying Active Directory audit settings required by Netwrix 1Secure +to monitor your AD domain. With this approach, the program will check your current audit settings at +each data collection session and adjust them if necessary. + +To adjust audit settings automatically, do any of the following: + +- When creating an organization, select the **Adjust audit settings automatically** option. + +- For the existing organization, modify data collection settings for Active Directory, selecting + **Adjust audit settings automatically** option. + +See also: + +- [Configure Domain for Monitoring Active Directory](/docs/1secure/configuration/admanual/admanual.md) +- [Active Directory: manual configuration](/docs/1secure/configuration/admanual/cfgmanual.md) diff --git a/docs/1secure/configuration/admanual/cfgmanual.md b/docs/1secure/configuration/admanual/cfgmanual.md new file mode 100644 index 0000000000..4c60b3f8e5 --- /dev/null +++ b/docs/1secure/configuration/admanual/cfgmanual.md @@ -0,0 +1,49 @@ +--- +title: "Active Directory: manual configuration" +description: "Active Directory: manual configuration" +sidebar_position: 30 +--- + +# Active Directory: manual configuration + +To configure your domain for monitoring manually, you will need: + +- **Group Policy Management Console** — if you plan to perform configuration steps from a domain + controller + + -OR- + +- **ADSI Edit** — if you plan to perform configuration steps from a server other than domain + controller + +If these tools are not installed, refer to the related topics: + +- [Install ADSI Edit](/docs/1secure/configuration/admanual/adsi.md) +- [Group Policy Management Console](/docs/1secure/configuration/admanual/grouppolicymanagementconsole.md) + +Take the following configuration steps: + +**Step 1 –** Configure effective domain controllers policy (by default, Default Domain Controllers +Policy). See [Configure Basic Domain Audit Policies](/docs/1secure/configuration/admanual/domainauditpolicies.md) or +[Configure Advanced Audit Policies](/docs/1secure/configuration/admanual/advancedpolicy.md) for details. + +**Step 2 –** [Configure Object-Level Auditing](/docs/1secure/configuration/admanual/objectlevel.md) + +**Step 3 –** Adjust Security Event Log Size and Retention Settings + +**Step 4 –** If you have an on-premises Exchange server in your Active Directory domain, consider +that some changes to AD can be made via that Exchange server. To be able to audit and report who +made those changes, you should +[Configure Exchange Administrator Audit Logging Settings](/docs/1secure/admin/datacollection/activedirectoryauditing/auditlogging.md) + +Also, remember to do the following for AD auditing: + +**Step 1 –** Configure Data Collecting Account, as described in +[Active Directory Auditing](/docs/1secure/admin/datacollection/activedirectoryauditing/activedirectoryauditing.md) + +**Step 2 –** Configure required protocols and ports, as described in +[Protocols and Ports Required for Monitoring Active Directory, Exchange, and Group Policy](/docs/1secure/configuration/admanual/protocolsandports.md) +topic. + +**Step 3 –** [Enable Secondary Logon Service](/docs/1secure/configuration/admanual/secondarylogonservice.md) on the computer where +Netwrix Cloud Agent resides. diff --git a/docs/1secure/configuration/activedirectory/domainauditpolicies.md b/docs/1secure/configuration/admanual/domainauditpolicies.md similarity index 84% rename from docs/1secure/configuration/activedirectory/domainauditpolicies.md rename to docs/1secure/configuration/admanual/domainauditpolicies.md index 5456e94e7d..a74f4c7b41 100644 --- a/docs/1secure/configuration/activedirectory/domainauditpolicies.md +++ b/docs/1secure/configuration/admanual/domainauditpolicies.md @@ -1,17 +1,14 @@ --- -id: configure-basic-domain-audit-policies title: "Configure Basic Domain Audit Policies" -pagination_label: "Configure Basic Domain Audit Policies" -sidebar_label: "Configure Basic Domain Audit Policies" -sidebar_position: 106 -description: "Learn how to configure basic domain audit policies to track user account and group changes." +description: "Configure Basic Domain Audit Policies" +sidebar_position: 40 --- # Configure Basic Domain Audit Policies Basic audit policies allow tracking changes to user accounts and groups and identifying originating workstations. You can configure advanced audit policies for the same purpose too. See the -[Configure Advanced Audit Policies](/docs/1secure/configuration/activedirectory/advancedpolicy.md) topic for additional information. +[Configure Advanced Audit Policies](/docs/1secure/configuration/admanual/advancedpolicy.md) topic for additional information. **Step 1 –** Open the **Group Policy Management** console on any domain controller in the target domain: navigate to Start > Windows Administrative Tools (Windows Server 2016 and higher) or diff --git a/docs/1secure/configuration/activedirectory/grouppolicymanagementconsole.md b/docs/1secure/configuration/admanual/grouppolicymanagementconsole.md similarity index 83% rename from docs/1secure/configuration/activedirectory/grouppolicymanagementconsole.md rename to docs/1secure/configuration/admanual/grouppolicymanagementconsole.md index abdfef5bd8..9249a24819 100644 --- a/docs/1secure/configuration/activedirectory/grouppolicymanagementconsole.md +++ b/docs/1secure/configuration/admanual/grouppolicymanagementconsole.md @@ -1,10 +1,7 @@ --- -id: group-policy-management-console title: "Group Policy Management Console" -pagination_label: "Group Policy Management Console" -sidebar_label: "Group Policy Management Console" -sidebar_position: 107 -description: "Learn how to install Group Policy Management Console for managing Group Policy across your organization." +description: "Group Policy Management Console" +sidebar_position: 80 --- # Group Policy Management Console diff --git a/docs/1secure/configuration/activedirectory/objectlevel.md b/docs/1secure/configuration/admanual/objectlevel.md similarity index 93% rename from docs/1secure/configuration/activedirectory/objectlevel.md rename to docs/1secure/configuration/admanual/objectlevel.md index 6c72140341..c9d4c5bebd 100644 --- a/docs/1secure/configuration/activedirectory/objectlevel.md +++ b/docs/1secure/configuration/admanual/objectlevel.md @@ -1,10 +1,7 @@ --- -id: configure-object-level-auditing title: "Configure Object-Level Auditing" -pagination_label: "Configure Object-Level Auditing" -sidebar_label: "Configure Object-Level Auditing" -sidebar_position: 108 -description: "Learn how to configure object-level auditing for Domain and Configuration partitions to collect user activity information." +description: "Configure Object-Level Auditing" +sidebar_position: 60 --- # Configure Object-Level Auditing @@ -70,7 +67,7 @@ To perform this procedure, you will need the [ADSI Edit](http://technet.microsoft.com/en-us/library/cc773354(v=ws.10).aspx) utility. In Windows Server 2008 and above, this component is installed together with the AD DS role, or it can be downloaded and installed along with Remote Server Administration Tools. See the -[Install ADSI Edit](/docs/1secure/configuration/activedirectory/adsi.md) topic for additional information on how to install the ADSI Edit +[Install ADSI Edit](/docs/1secure/configuration/admanual/adsi.md) topic for additional information on how to install the ADSI Edit utility. **Step 1 –** On any domain controller in the target domain, navigate to Start>Windows Administrative diff --git a/docs/1secure/configuration/activedirectory/protocolsandports.md b/docs/1secure/configuration/admanual/protocolsandports.md similarity index 88% rename from docs/1secure/configuration/activedirectory/protocolsandports.md rename to docs/1secure/configuration/admanual/protocolsandports.md index dbc7643b3f..012d74ac50 100644 --- a/docs/1secure/configuration/activedirectory/protocolsandports.md +++ b/docs/1secure/configuration/admanual/protocolsandports.md @@ -1,10 +1,7 @@ --- -id: protocols-and-ports-required-for-monitoring-active-directory-exchange-and-group-policy title: "Protocols and Ports Required for Monitoring Active Directory, Exchange, and Group Policy" -pagination_label: "Protocols and Ports Required for Monitoring Active Directory, Exchange, and Group Policy" -sidebar_label: "Protocols and Ports Required for Monitoring Active Directory, Exchange, and Group Policy" -sidebar_position: 109 -description: "Review the complete list of protocols and ports required for monitoring Active Directory, Exchange, and Group Policy." +description: "Protocols and Ports Required for Monitoring Active Directory, Exchange, and Group Policy" +sidebar_position: 90 --- # Protocols and Ports Required for Monitoring Active Directory, Exchange, and Group Policy diff --git a/docs/1secure/configuration/admanual/secondarylogonservice.md b/docs/1secure/configuration/admanual/secondarylogonservice.md new file mode 100644 index 0000000000..ef07bf06a4 --- /dev/null +++ b/docs/1secure/configuration/admanual/secondarylogonservice.md @@ -0,0 +1,16 @@ +--- +title: "Enable Secondary Logon Service" +description: "Enable Secondary Logon Service" +sidebar_position: 70 +--- + +# Enable Secondary Logon Service + +**Step 1 –** On the computer where Netwrix Cloud Agent resides, navigate to **Start** > **Windows +Administrative** Tools (Windows Server 2016 and higher) or Administrative Tools (Windows 2012) **> +Services**. + +**Step 2 –** In the **Services** dialog, locate the **Secondary Logon** service. + +**Step 3 –** Right-click the service and on the **General** tab make sure that **Startup type** for +this service is other than _Disabled_. Startup type can be either _Automatic_ or _Manual_. diff --git a/docs/1secure/configuration/computer/_category_.json b/docs/1secure/configuration/computer/_category_.json new file mode 100644 index 0000000000..26c7e33919 --- /dev/null +++ b/docs/1secure/configuration/computer/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Prepare for Windows File Server Monitoring", + "position": 40, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/1secure/configuration/computer/advancedpolicy.md b/docs/1secure/configuration/computer/advancedpolicy.md index 4b8bf1b29b..094d1b4461 100644 --- a/docs/1secure/configuration/computer/advancedpolicy.md +++ b/docs/1secure/configuration/computer/advancedpolicy.md @@ -1,10 +1,7 @@ --- -id: configure-advanced-audit-policies title: "Configure Advanced Audit Policies" -pagination_label: "Configure Advanced Audit Policies" -sidebar_label: "Configure Advanced Audit Policies" -sidebar_position: 131 -description: "Learn how to configure advanced audit policies to limit event tracking and prevent overfilling of AuditArchive and Security event log." +description: "Configure Advanced Audit Policies" +sidebar_position: 40 --- # Configure Advanced Audit Policies diff --git a/docs/1secure/configuration/computer/eventlog.md b/docs/1secure/configuration/computer/eventlog.md index b7976d4dac..98150ef380 100644 --- a/docs/1secure/configuration/computer/eventlog.md +++ b/docs/1secure/configuration/computer/eventlog.md @@ -1,10 +1,7 @@ --- -id: configure-event-log-size-and-retention-settings title: "Configure Event Log Size and Retention Settings" -pagination_label: "Configure Event Log Size and Retention Settings" -sidebar_label: "Configure Event Log Size and Retention Settings" -sidebar_position: 132 -description: "Learn how to adjust event log settings for proper security log file management and retention." +description: "Configure Event Log Size and Retention Settings" +sidebar_position: 50 --- # Configure Event Log Size and Retention Settings diff --git a/docs/1secure/configuration/computer/fileserversandantivirus.md b/docs/1secure/configuration/computer/fileserversandantivirus.md index 0e0964364e..c5b26eb572 100644 --- a/docs/1secure/configuration/computer/fileserversandantivirus.md +++ b/docs/1secure/configuration/computer/fileserversandantivirus.md @@ -1,10 +1,7 @@ --- -id: file-servers-and-antivirus title: "File Servers and Antivirus" -pagination_label: "File Servers and Antivirus" -sidebar_label: "File Servers and Antivirus" -sidebar_position: 133 -description: "Learn which Netwrix executables to add to your antivirus exclusion list for optimal performance." +description: "File Servers and Antivirus" +sidebar_position: 80 --- # File Servers and Antivirus diff --git a/docs/1secure/configuration/computer/firewallrules.md b/docs/1secure/configuration/computer/firewallrules.md index e8476bd9f7..9f91284d44 100644 --- a/docs/1secure/configuration/computer/firewallrules.md +++ b/docs/1secure/configuration/computer/firewallrules.md @@ -1,10 +1,7 @@ --- -id: configure-windows-firewall-inbound-connection-rules title: "Configure Windows Firewall Inbound Connection Rules" -pagination_label: "Configure Windows Firewall Inbound Connection Rules" -sidebar_label: "Configure Windows Firewall Inbound Connection Rules" -sidebar_position: 134 -description: "Learn how to configure Windows Firewall inbound connection rules on each target computer for proper data collection." +description: "Configure Windows Firewall Inbound Connection Rules" +sidebar_position: 70 --- # Configure Windows Firewall Inbound Connection Rules diff --git a/docs/1secure/configuration/computer/index.md b/docs/1secure/configuration/computer/index.md deleted file mode 100644 index a98918a7df..0000000000 --- a/docs/1secure/configuration/computer/index.md +++ /dev/null @@ -1,105 +0,0 @@ ---- -id: prepare-for-windows-file-server-monitoring -title: "Prepare for Windows File Server Monitoring" -pagination_label: "Prepare for Windows File Server Monitoring" -sidebar_label: "Prepare for Windows File Server Monitoring" -sidebar_position: 130 -description: "Learn the requirements, limitations, protocols, and considerations necessary for Windows File Server data collection." ---- - -# Prepare for Windows File Server Monitoring - -This topic provides the requirements, limitations, protocols, and other considerations necessary for -data collection from the computer while working with Netwrix 1Secure. - -## Check requirements - -Make sure the Windows File Servers you want to monitor meet the requirements listed in the -[Requirements](/docs/1secure/requirements.md#prerequisites-for-data-sources) section. - -## Decide on audit data to collect - -**Step 1 –** Review the list of objects and attributes that can be monitored by Netwrix 1Secure: . - -**Step 2 –** Plan for the file servers and shares you want to audit. Consider the following: - -- If you have multiple file shares frequently accessed by a significant number of users, it is - reasonable to audit object changes only. Tracking all events may result in too much data written - to the audit logs, whereas only some part of it may be of any interest. - - Audit flags must be set on every file share or the whole computer you want to audit. - -- If your file shares are stored within one folder (or disk drive), you can configure audit settings - for this folder only. As a result, you will receive reports on all required access types applied - to all file shares within this folder. - - It is not recommended to configure audit settings for system disks. - -- By default, Netwrix 1Secure will monitor all shares stored in the specified location, except for - hidden shares (both default and user-defined). If you want to monitor user-defined hidden shares, - select the related option in the monitored item settings. - -Administrative hidden shares like default system root or Windows directory (_ADMIN$_), default drive -shares (_D$, E$_), etc. will not be monitored. - -## Review considerations and limitations - -The following considerations and limitations refer to data collection: - -- To collect data from 32-bit operating systems, network traffic compression must be disabled. -- To collect data from Windows Failover Cluster, network traffic compression must be enabled. -- Scale-Out File Server (SOFS) cluster is not supported. - -The following considerations and limitations refer to reporting: - -- For Windows File Servers running Windows Server 2008, changes to the file shares will be reported - without exact initiator's account in the _who_ field— instead, _system_ is reported. -- If a file server is running Windows Server 2008 SP2, Netwrix 1Secure may be unable to retrieve - workstation name for the failed read attempts. -- In the reports and search results, in some cases, Netwrix 1Secure UI displays not the actual time - when the event occurred but data collection time. -- Netwrix 1Secure may report on several unexpected changes with _who_ (initiator's account) reported - as _system_ due to the native Windows File Servers audit peculiarities. If you do not want to see - these changes, exclude them from the audit. See for more information. For example - mass file - removals, when target Windows server generates too many events at a time and the product is unable - to parse their sequences correctly. -- Due to Windows limitations, the _copy/rename/move_ actions on remote file shares may be reported - as two sequential actions: copying – as adding a new file and reading the initial file; - renaming/moving – as removing the initial file and adding a new file with the same name. -- To report on _copy_ actions on remote file shares, make sure that audit of successful read - operations is enabled. See for details. - -## Apply required audit settings - -Depending on your auditing requirements, you may need to audit your file server objects for: - -- Successful read, added, modified, removed, renamed, moved, copied attempts; -- Failed read, added, modified, removed, renamed, moved, copied attempts; - -For that, object-level audit settings and appropriate audit policies should be set up. Besides, the -following should be configured for your Windows file servers: - -- Windows Event log size and retention settings -- Remote registry service -- Inbound connection rules for Windows firewall - -You can apply the required audit settings to your Windows file servers in one of the following ways: - -- Automatically - The current audit settings will be applied automatically. They will be - periodically checked and adjusted if necessary. - See [Data Collecting Account](/docs/1secure/admin/datacollection/datacollectingaccount.md) for - additional information. - -- Manually - Perform the following action to manually apply audit settings to Windows File Servers: - - - Configure Advanced Audit Policies - -## Configure Data Collecting Account - -Follow the instructions in the -[Data Collecting Account](/docs/1secure/admin/datacollection/datacollectingaccount.md) section. - -## Configure required protocols and ports - -Set up protocols and ports as described in the -[Protocols and Ports Required for Monitoring File Servers](/docs/1secure/configuration/computer/protocolsandports.md) section. diff --git a/docs/1secure/configuration/computer/localpolicy.md b/docs/1secure/configuration/computer/localpolicy.md index f9b2740d9e..5cd80fc25d 100644 --- a/docs/1secure/configuration/computer/localpolicy.md +++ b/docs/1secure/configuration/computer/localpolicy.md @@ -1,10 +1,7 @@ --- -id: configure-local-audit-policies title: "Configure Local Audit Policies" -pagination_label: "Configure Local Audit Policies" -sidebar_label: "Configure Local Audit Policies" -sidebar_position: 135 -description: "Learn how to configure local audit policies using the Local Security Policy snap-in." +description: "Configure Local Audit Policies" +sidebar_position: 30 --- # Configure Local Audit Policies diff --git a/docs/1secure/configuration/computer/objectlevel.md b/docs/1secure/configuration/computer/objectlevel.md index 8ecb17232e..3e1ec5ab25 100644 --- a/docs/1secure/configuration/computer/objectlevel.md +++ b/docs/1secure/configuration/computer/objectlevel.md @@ -1,10 +1,7 @@ --- -id: configure-object-level-access-auditing title: "Configure Object-Level Access Auditing" -pagination_label: "Configure Object-Level Access Auditing" -sidebar_label: "Configure Object-Level Access Auditing" -sidebar_position: 136 -description: "Learn how to configure object-level access auditing for comprehensive file server monitoring." +description: "Configure Object-Level Access Auditing" +sidebar_position: 20 --- # Configure Object-Level Access Auditing diff --git a/docs/1secure/configuration/computer/overview.md b/docs/1secure/configuration/computer/overview.md new file mode 100644 index 0000000000..974a7adfcd --- /dev/null +++ b/docs/1secure/configuration/computer/overview.md @@ -0,0 +1,102 @@ +--- +title: "Prepare for Windows File Server Monitoring" +description: "Prepare for Windows File Server Monitoring" +sidebar_position: 40 +--- + +# Prepare for Windows File Server Monitoring + +This topic provides the requirements, limitations, protocols, and other considerations necessary for +data collection from the computer while working with Netwrix 1Secure. + +## Check requirements + +Make sure the Windows File Servers you want to monitor meet the requirements listed in the +[Requirements](/docs/1secure/requirements/prerequisitesfordatasources.md) section. + +## Decide on audit data to collect + +**Step 1 –** Review the list of objects and attributes that can be monitored by Netwrix 1Secure: . + +**Step 2 –** Plan for the file servers and shares you want to audit. Consider the following: + +- If you have multiple file shares frequently accessed by a significant number of users, it is + reasonable to audit object changes only. Tracking all events may result in too much data written + to the audit logs, whereas only some part of it may be of any interest. + + Audit flags must be set on every file share or the whole computer you want to audit. + +- If your file shares are stored within one folder (or disk drive), you can configure audit settings + for this folder only. As a result, you will receive reports on all required access types applied + to all file shares within this folder. + + It is not recommended to configure audit settings for system disks. + +- By default, Netwrix 1Secure will monitor all shares stored in the specified location, except for + hidden shares (both default and user-defined). If you want to monitor user-defined hidden shares, + select the related option in the monitored item settings. + +Administrative hidden shares like default system root or Windows directory (_ADMIN$_), default drive +shares (_D$, E$_), etc. will not be monitored. + +## Review considerations and limitations + +The following considerations and limitations refer to data collection: + +- To collect data from 32-bit operating systems, network traffic compression must be disabled. +- To collect data from Windows Failover Cluster, network traffic compression must be enabled. +- Scale-Out File Server (SOFS) cluster is not supported. + +The following considerations and limitations refer to reporting: + +- For Windows File Servers running Windows Server 2008, changes to the file shares will be reported + without exact initiator's account in the _who_ field— instead, _system_ is reported. +- If a file server is running Windows Server 2008 SP2, Netwrix 1Secure may be unable to retrieve + workstation name for the failed read attempts. +- In the reports and search results, in some cases, Netwrix 1Secure UI displays not the actual time + when the event occurred but data collection time. +- Netwrix 1Secure may report on several unexpected changes with _who_ (initiator's account) reported + as _system_ due to the native Windows File Servers audit peculiarities. If you do not want to see + these changes, exclude them from the audit. See for more information. For example - mass file + removals, when target Windows server generates too many events at a time and the product is unable + to parse their sequences correctly. +- Due to Windows limitations, the _copy/rename/move_ actions on remote file shares may be reported + as two sequential actions: copying – as adding a new file and reading the initial file; + renaming/moving – as removing the initial file and adding a new file with the same name. +- To report on _copy_ actions on remote file shares, make sure that audit of successful read + operations is enabled. See for details. + +## Apply required audit settings + +Depending on your auditing requirements, you may need to audit your file server objects for: + +- Successful read, added, modified, removed, renamed, moved, copied attempts; +- Failed read, added, modified, removed, renamed, moved, copied attempts; + +For that, object-level audit settings and appropriate audit policies should be set up. Besides, the +following should be configured for your Windows file servers: + +- Windows Event log size and retention settings +- Remote registry service +- Inbound connection rules for Windows firewall + +You can apply the required audit settings to your Windows file servers in one of the following ways: + +- Automatically - The current audit settings will be applied automatically. They will be + periodically checked and adjusted if necessary. + See [Data Collecting Account](/docs/1secure/admin/datacollection/overview.md) for + additional information. + +- Manually - Perform the following action to manually apply audit settings to Windows File Servers: + + - Configure Advanced Audit Policies + +## Configure Data Collecting Account + +Follow the instructions in the +[Data Collecting Account](/docs/1secure/admin/datacollection/overview.md) section. + +## Configure required protocols and ports + +Set up protocols and ports as described in the +[Protocols and Ports Required for Monitoring File Servers](/docs/1secure/configuration/computer/protocolsandports.md) section. diff --git a/docs/1secure/configuration/computer/protocolsandports.md b/docs/1secure/configuration/computer/protocolsandports.md index 7a995a22c9..d5dbf66642 100644 --- a/docs/1secure/configuration/computer/protocolsandports.md +++ b/docs/1secure/configuration/computer/protocolsandports.md @@ -1,10 +1,7 @@ --- -id: protocols-and-ports-required-for-monitoring-file-servers title: "Protocols and Ports Required for Monitoring File Servers" -pagination_label: "Protocols and Ports Required for Monitoring File Servers" -sidebar_label: "Protocols and Ports Required for Monitoring File Servers" -sidebar_position: 137 -description: "Review the complete list of protocols and ports required for Netwrix 1Secure file server monitoring." +description: "Protocols and Ports Required for Monitoring File Servers" +sidebar_position: 10 --- # Protocols and Ports Required for Monitoring File Servers diff --git a/docs/1secure/configuration/computer/remoteregistryservice.md b/docs/1secure/configuration/computer/remoteregistryservice.md index 7767ad2b9d..834bfbc3a4 100644 --- a/docs/1secure/configuration/computer/remoteregistryservice.md +++ b/docs/1secure/configuration/computer/remoteregistryservice.md @@ -1,10 +1,7 @@ --- -id: enable-remote-registry-service title: "Enable Remote Registry Service" -pagination_label: "Enable Remote Registry Service" -sidebar_label: "Enable Remote Registry Service" -sidebar_position: 138 -description: "Learn how to enable the Remote Registry service for proper system monitoring and data collection." +description: "Enable Remote Registry Service" +sidebar_position: 60 --- # Enable Remote Registry Service diff --git a/docs/1secure/configuration/configureitinfrastructure.md b/docs/1secure/configuration/configureitinfrastructure.md index 9ef6a4fd11..cfd13ee8f5 100644 --- a/docs/1secure/configuration/configureitinfrastructure.md +++ b/docs/1secure/configuration/configureitinfrastructure.md @@ -1,10 +1,7 @@ --- -id: configure-it-infrastructure-for-auditing-and-monitoring title: "Configure IT Infrastructure for Auditing and Monitoring" -pagination_label: "Configure IT Infrastructure for Auditing and Monitoring" -sidebar_label: "Configure IT Infrastructure for Auditing and Monitoring" -sidebar_position: 150 -description: "This page provides manual configuration options for native audit settings required to collect comprehensive audit data from various data sources." +description: "Configure IT Infrastructure for Auditing and Monitoring" +sidebar_position: 60 --- # Configure IT Infrastructure for Auditing and Monitoring @@ -18,8 +15,8 @@ You can configure your IT Infrastructure for monitoring in one of the following | Data source | Provided connectors | Required configuration | | ----------------- | --------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | --- | --- | --- | --- | --- | --- | ------------------------------------ | ------------------------ | --- | ----------------------------------------------------------- | -------- | --- | --------------------------- | ------------------------ | --- | ------------------------------ | ------------------------ | --- | --------------------------- | ------------------------ | --- | ----------------------------- | ------------------------ | --- | -------- | ------------------------ | --- | -------------------- | ------------------------ | --- | ---------------- | ------------------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --- | --- | --- | --- | --- | --- | ------------------- | --- | --- | ------------- | --- | --- | ---------------- | ----------- | --- | ----------------- | --------------------------- | --- | ------------------------- | --------------------------- | --- | ------------ | --- | --- | ----- | ----------- | --- | ------ | ----------- | --- | ------------- | --- | --- | ------------------------- | ----------- | --- | ------ | --- | --- | --------------------- | ----------- | --- | -------------------------------------------- | --- | --- | ------------- | --- | --- | ---------------- | ----------- | --- | ----------------- | --------------------------- | --- | ------------------------- | --------------------------- | --- | ------------------------- | ----------- | --- | ------------ | --- | --- | ----- | ----------- | --- | ------ | ----------- | --- | ------------- | --- | --- | ------------------------- | ----------- | --- | ------ | --- | --- | --------------------- | ----------- | ---------------------------------------------------------------------------------------------------------------------------------- | --- | --- | --- | --- | --- | --- | ------------- | --- | --- | ----------------- | ----------- | --- | ------------------------- | --------- | --- | ---------------- | --------- | --- | ------------- | --- | --- | ------------------------- | --------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -| Active Directory | Active Directory Activity | In the audited environment: See [Configure Domain for Monitoring Active Directory](/docs/1secure/configuration/activedirectory/admanual.md) for related settings and procedures. On the computer where Netwrix Cloud Agent is installed: - If you have enabled automatic log backup for the Security log of your domain controller, you can instruct Netwrix 1Secure to clear the old backups automatically. For that, use the **CleanAutoBackupLogs** registry key It is recommended that you adjust retention period for the backup files accordingly (default is **50** hours). - To provide for event data collection, the Secondary Logon service must be up and running . Open **Administrative Tools**→**Services**, right-click the **Secondary Logon** service and on the **General** tab make sure that **Startup type** for this service is other than _Disabled_. | +| Active Directory | Active Directory Activity | In the audited environment: See [Configure Domain for Monitoring Active Directory](/docs/1secure/configuration/admanual/admanual.md) for related settings and procedures. On the computer where Netwrix Cloud Agent is installed: - If you have enabled automatic log backup for the Security log of your domain controller, you can instruct Netwrix 1Secure to clear the old backups automatically. For that, use the **CleanAutoBackupLogs** registry key It is recommended that you adjust retention period for the backup files accordingly (default is **50** hours). - To provide for event data collection, the Secondary Logon service must be up and running . Open **Administrative Tools**→**Services**, right-click the **Secondary Logon** service and on the **General** tab make sure that **Startup type** for this service is other than _Disabled_. | | Active Directory | Active Directory Logons | In the audited environment: - The following policies must be set to _"Success"_ and _"Failure"_ for the effective domain controllers policy: - Audit Logon Events - Audit Account Logon Events - The Audit system events policy must be set to _"Success"_ for the effective domain controllers policy. - The Advanced audit policy settings can be configured instead of basic. - The Maximum Security event log size must be set to 4GB. The retention method of the Security event log must be set to _“Overwrite events as needed”_ or _"Archive the log when full"_. - The following Windows Firewall inbound rules must be enabled: - Remote Event Log Management (NP-In) - Remote Event Log Management (RPC) - Remote Event Log Management (RPC-EPMAP) | -| Azure AD | Azure AD Activity Azure AD Logons | No special settings are required. Remember to do the following: Configure Azure AD app as described in [App Registration and Configuration in Microsoft Entra ID](/docs/1secure/configuration/entraid/registerconfig.md) section. | +| Azure AD | Azure AD Activity Azure AD Logons | No special settings are required. Remember to do the following: Configure Azure AD app as described in [App Registration and Configuration in Microsoft Entra ID](/docs/1secure/configuration/registerconfig/registerconfig.md) section. | | Computer | File Server Activity | **In the audited environment** - For a security principal (e.g., Everyone), the following options must be configured in the Advanced Security → Auditing settings for the audited shared folders: | | | | --- | --- | | List Folder / Read Data (Files only) | _"Success"_ and _"Fail"_ | | List Folder / Read Data (This folder, subfolders and files) | _"Fail"_ | | Create Files / Write Data\* | _"Success"_ and _"Fail"_ | | Create Folders / Append Data\* | _"Success"_ and _"Fail"_ | | Write Extended Attributes\* | _"Success"_ and _"Fail"_ | | Delete Subfolders and Files\* | _"Success"_ and _"Fail"_ | | Delete\* | _"Success"_ and _"Fail"_ | | Change Permissions\* | _"Success"_ and _"Fail"_ | | Take Ownership\* | _"Success"_ and _"Fail"_ | Select _"Fail_" only if you want to track failure events, it is not required for success events monitoring. If you want to get only state-in-time snapshots of your system configuration, limit your settings to the permissions marked with \* and set it to _"Success"_ (Apply onto: This folder, subfolders and files). - The following Advanced audit policy settings must be configured: - The Audit: Force audit policy subcategory settings (Windows 7 or later) security option must be enabled. - Depending on your OS version, configure the categories as follows: | | | | --- | --- | | Windows Server 2008 | | | Object Access | | | Audit File Share | _"Success"_ | | Audit File System | _"Success"_ and _"Failure"_ | | Audit Handle Manipulation | _"Success"_ and _"Failure"_ | | Logon/Logoff | | | Logon | _"Success"_ | | Logoff | _"Success"_ | | Policy Change | | | Audit Audit Policy Change | _"Success"_ | | System | | | Security State Change | _"Success"_ | | Windows Server 2008 R2 / Windows 7 and above | | | Object Access | | | Audit File Share | _"Success"_ | | Audit File System | _"Success"_ and _"Failure"_ | | Audit Handle Manipulation | _"Success"_ and _"Failure"_ | | Audit Detailed file share | _"Failure"_ | | Logon/Logoff | | | Logon | _"Success"_ | | Logoff | _"Success"_ | | Policy Change | | | Audit Audit Policy Change | _"Success"_ | | System | | | Security State Change | _"Success"_ | If you want to get only state-in-time snapshots of your system configuration, limit your audit settings to the following policies: | | | | --- | --- | | Object Access | | | Audit File System | _"Success"_ | | Audit Handle Manipulation | "Success" | | Audit File Share | "Success" | | Policy Change | | | Audit Audit Policy Change | "Success" | - The following legacy policies can be configured instead of advanced: - Audit object access policy must set to _"Success"_ and _"Failure"_. - Audit logon events policy must be set to _"Success"_. - Audit system events policy must be set to _"Success"_. - Audit policy change must be set to _"Success"_. - The Security event log maximum size must be set to 4GB. The retention method of the Security event log must be set to _“Overwrite events as needed”_. - The Remote Registry service must be started. - The following inbound Firewall rules must be enabled: - Remote Event Log Management (NP-In)\* - Remote Event Log Management (RPC)\* - Remote Event Log Management (RPC-EPMAP)\* - Windows Management Instrumentation (ASync-In) - Windows Management Instrumentation (DCOM-In) - Windows Management Instrumentation (WMI-In) - Network Discovery (NB-Name-In) - File and Printer Sharing (NB-Name-In) - File and Printer Sharing (Echo Request - ICMPv4-In) - File and Printer Sharing (Echo Request - ICMPv6-In) The rules marked with \* are required only if you do not want to use network traffic compression for auditing. If you plan to audit Windows Server 2019 or Windows 10 Update 1803 without network compression service, make sure the following inbound connection rules are enabled: - Remote Scheduled Tasks Management (RPC) - Remote Scheduled Tasks Management (RPC-EMAP) | -| SharePoint Online | SharePoint Online Activity | No special settings are required. Remember to do the following: Configure Azure AD app as described in [App Registration and Configuration in Microsoft Entra ID](/docs/1secure/configuration/entraid/registerconfig.md). | +| SharePoint Online | SharePoint Online Activity | No special settings are required. Remember to do the following: Configure Azure AD app as described in [App Registration and Configuration in Microsoft Entra ID](/docs/1secure/configuration/registerconfig/registerconfig.md). | diff --git a/docs/1secure/configuration/entraid/permissions.md b/docs/1secure/configuration/entraid/permissions.md deleted file mode 100644 index 83f15abfae..0000000000 --- a/docs/1secure/configuration/entraid/permissions.md +++ /dev/null @@ -1,48 +0,0 @@ ---- -id: microsoft-365-permissions -title: "Microsoft 365 Permissions" -pagination_label: "Microsoft 365 Permissions" -sidebar_label: "Microsoft 365 Permissions" -sidebar_position: 111 -description: "Learn about the permissions required for applications registered in Microsoft Entra ID to audit Microsoft 365 data sources." ---- - -# Microsoft 365 Permissions - -This page lists the permissions required for an application you registered in Microsoft Entra ID to -audit the following Microsoft 365 data sources: - -- Microsoft Entra ID -- SharePoint Online -- Exchange Online - -## Permissions to Audit Microsoft Entra ID - -**NOTE:** The registered application must be assigned to the Global Administrator or Exchange -Administrator role for Microsoft Entra ID state collection. - -| API | Permissions | -| -------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Microsoft Graph | Directory - Directory.Read.All – Read directory data AuditLog - AuditLog.Read.All – Read all audit log data Policy - Policy.Read.All – Read your organization's policies. This permission is required to collect state-in-time reports. | -| Office 365 Management APIs | ActivityFeed - ActivityFeed.Read – Read activity data for your organization | -| Office 365 Exchange Online | Exchange - Exchange.ManageAsApp – Manage Exchange As Application This permission is required to collect state-in-time reports. | - -**NOTE:** To access the Office 365 Exchange Online API, click the **APIs my organization uses** tab -on the Request API Permissions pane and search this API by entering its name in the search box. - -## Permissions to Audit SharePoint Online - -| API | Permissions | -| -------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Microsoft Graph | Sites - Sites.Read.All – Read items in all site collections - Sites.ReadWrite.All – Read and write items in all site collections Directory - Directory.Read.All – Read directory data | -| SharePoint | Sites - Sites.FullControl.All – Have full control of all site collections. This permission is required to collect state-in-time reports. | -| Office 365 Management APIs | ActivityFeed - ActivityFeed.Read – Read activity data for your organization | - -**NOTE:** The Sites.ReadWrite.All permission is only required for SharePoint Online integration (for -example, when you have to save subscriptions to a SharePoint location). - -## Permissions to Audit Exchange Online - -| API | Permissions | -| -------------------------- | --------------------------------------------------------------------------- | -| Office 365 Management APIs | ActivityFeed - ActivityFeed.Read – Read activity data for your organization | diff --git a/docs/1secure/configuration/exchangeonlinenonowner.md b/docs/1secure/configuration/exchangeonlinenonowner.md index d9de29a494..def516ad4a 100644 --- a/docs/1secure/configuration/exchangeonlinenonowner.md +++ b/docs/1secure/configuration/exchangeonlinenonowner.md @@ -1,10 +1,7 @@ --- -id: settings-for-non-owner-mailbox-access-audit-using-application title: "Settings for Non-Owner Mailbox Access Audit: Using Application" -pagination_label: "Settings for Non-Owner Mailbox Access Audit: Using Application" -sidebar_label: "Settings for Non-Owner Mailbox Access Audit: Using Application" -sidebar_position: 113 -description: "This page explains how to configure Microsoft Entra ID app permissions for non-owner mailbox access auditing in Exchange Online." +description: "Settings for Non-Owner Mailbox Access Audit: Using Application" +sidebar_position: 70 --- # Settings for Non-Owner Mailbox Access Audit: Using Application diff --git a/docs/1secure/configuration/index.md b/docs/1secure/configuration/index.md deleted file mode 100644 index add8ed4a5a..0000000000 --- a/docs/1secure/configuration/index.md +++ /dev/null @@ -1,22 +0,0 @@ ---- -id: configure-it-infrastructure-for-auditing-and-monitoring -title: "Configure IT Infrastructure for Auditing and Monitoring" -pagination_label: "Configure IT Infrastructure for Auditing and Monitoring" -sidebar_label: "Configure IT Infrastructure for Auditing and Monitoring" -sidebar_position: 100 -description: "This page explains how to configure native audit settings in your IT infrastructure to ensure comprehensive and reliable audit data collection with Netwrix 1Secure." ---- - -# Configure IT Infrastructure for Auditing and Monitoring - -Netwrix 1Secure relies on native logs for collecting audit data. Therefore, successful change and -access auditing requires a certain configuration of native audit settings in the audited environment -and on the computer where Netwrix Cloud Agent resides. Configuring your IT infrastructure may also -include enabling certain built-in Windows services, etc. Proper audit configuration is required to -ensure audit data integrity, otherwise your change reports may contain warnings, errors or -incomplete audit data. - -You can configure your IT Infrastructure for monitoring in one of the following ways: - -- Automatically when creating a monitoring plan. This is a recommended method. -- Manually. diff --git a/docs/1secure/configuration/logonactivity/_category_.json b/docs/1secure/configuration/logonactivity/_category_.json new file mode 100644 index 0000000000..a8142c0df7 --- /dev/null +++ b/docs/1secure/configuration/logonactivity/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Configure Infrastructure for Monitoring Logon Activity", + "position": 30, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/1secure/configuration/logonactivity/advancedaudit.md b/docs/1secure/configuration/logonactivity/advancedaudit.md index 7c944ba055..fdf54b58fa 100644 --- a/docs/1secure/configuration/logonactivity/advancedaudit.md +++ b/docs/1secure/configuration/logonactivity/advancedaudit.md @@ -1,10 +1,7 @@ --- -id: configure-advanced-audit-policies title: "Configure Advanced Audit Policies" -pagination_label: "Configure Advanced Audit Policies" -sidebar_label: "Configure Advanced Audit Policies" -sidebar_position: 121 -description: "Learn how to configure advanced audit policies for more granular Logon Activity change tracking." +description: "Configure Advanced Audit Policies" +sidebar_position: 10 --- # Configure Advanced Audit Policies diff --git a/docs/1secure/configuration/logonactivity/basicauditpolicies.md b/docs/1secure/configuration/logonactivity/basicauditpolicies.md index 2a904e02e3..e4cb1f1a35 100644 --- a/docs/1secure/configuration/logonactivity/basicauditpolicies.md +++ b/docs/1secure/configuration/logonactivity/basicauditpolicies.md @@ -1,10 +1,7 @@ --- -id: configure-basic-domain-audit-policies title: "Configure Basic Domain Audit Policies" -pagination_label: "Configure Basic Domain Audit Policies" -sidebar_label: "Configure Basic Domain Audit Policies" -sidebar_position: 122 -description: "Learn how to configure basic domain audit policies for tracking user account changes and identifying originating workstations." +description: "Configure Basic Domain Audit Policies" +sidebar_position: 20 --- # Configure Basic Domain Audit Policies diff --git a/docs/1secure/configuration/logonactivity/firewallrules.md b/docs/1secure/configuration/logonactivity/firewallrules.md index bfb60fc9a4..48091d48ba 100644 --- a/docs/1secure/configuration/logonactivity/firewallrules.md +++ b/docs/1secure/configuration/logonactivity/firewallrules.md @@ -1,10 +1,7 @@ --- -id: configure-windows-firewall-inbound-connection-rules title: "Configure Windows Firewall Inbound Connection Rules" -pagination_label: "Configure Windows Firewall Inbound Connection Rules" -sidebar_label: "Configure Windows Firewall Inbound Connection Rules" -sidebar_position: 123 -description: "Learn how to configure Windows Firewall inbound connection rules for successful Logon Activity data collection." +description: "Configure Windows Firewall Inbound Connection Rules" +sidebar_position: 30 --- # Configure Windows Firewall Inbound Connection Rules diff --git a/docs/1secure/configuration/logonactivity/index.md b/docs/1secure/configuration/logonactivity/index.md deleted file mode 100644 index 4778f22eae..0000000000 --- a/docs/1secure/configuration/logonactivity/index.md +++ /dev/null @@ -1,20 +0,0 @@ ---- -id: configure-infrastructure-for-monitoring-logon-activity -title: "Configure Infrastructure for Monitoring Logon Activity" -pagination_label: "Configure Infrastructure for Monitoring Logon Activity" -sidebar_label: "Configure Infrastructure for Monitoring Logon Activity" -sidebar_position: 120 -description: "Learn how to configure your IT infrastructure for monitoring Logon Activity using automatic or manual methods." ---- - -# Configure Infrastructure for Monitoring Logon Activity - -You can configure your IT infrastructure for monitoring Logon Activity in one of the following ways: - -- When creating an organization — select the **Adjust audit settings automatically** option. For - existing organization, you can modify data collection settings for Logon Activity data source. -- To configure your domain manually for monitoring Logon Activity, perform the following procedures: - - [Configure Basic Domain Audit Policies](/docs/1secure/configuration/logonactivity/basicauditpolicies.md) or - [Configure Advanced Audit Policies](/docs/1secure/configuration/logonactivity/advancedaudit.md) - - [Configure Security Event Log Size and Retention Settings](/docs/1secure/configuration/logonactivity/securitylogsize.md) - - [Configure Windows Firewall Inbound Connection Rules](/docs/1secure/configuration/logonactivity/firewallrules.md) diff --git a/docs/1secure/configuration/logonactivity/overview.md b/docs/1secure/configuration/logonactivity/overview.md new file mode 100644 index 0000000000..07e654d60e --- /dev/null +++ b/docs/1secure/configuration/logonactivity/overview.md @@ -0,0 +1,17 @@ +--- +title: "Configure Infrastructure for Monitoring Logon Activity" +description: "Configure Infrastructure for Monitoring Logon Activity" +sidebar_position: 30 +--- + +# Configure Infrastructure for Monitoring Logon Activity + +You can configure your IT infrastructure for monitoring Logon Activity in one of the following ways: + +- When creating an organization — select the **Adjust audit settings automatically** option. For + existing organization, you can modify data collection settings for Logon Activity data source. +- To configure your domain manually for monitoring Logon Activity, perform the following procedures: + - [Configure Basic Domain Audit Policies](/docs/1secure/configuration/logonactivity/basicauditpolicies.md) or + [Configure Advanced Audit Policies](/docs/1secure/configuration/logonactivity/advancedaudit.md) + - [Configure Security Event Log Size and Retention Settings](/docs/1secure/configuration/logonactivity/securitylogsize.md) + - [Configure Windows Firewall Inbound Connection Rules](/docs/1secure/configuration/logonactivity/firewallrules.md) diff --git a/docs/1secure/configuration/logonactivity/securitylogsize.md b/docs/1secure/configuration/logonactivity/securitylogsize.md index 92da230b41..6c36a819c2 100644 --- a/docs/1secure/configuration/logonactivity/securitylogsize.md +++ b/docs/1secure/configuration/logonactivity/securitylogsize.md @@ -1,10 +1,7 @@ --- -id: configure-security-event-log-size-and-retention-settings title: "Configure Security Event Log Size and Retention Settings" -pagination_label: "Configure Security Event Log Size and Retention Settings" -sidebar_label: "Configure Security Event Log Size and Retention Settings" -sidebar_position: 124 -description: "Learn how to configure Security Event Log size and retention settings for proper audit data collection." +description: "Configure Security Event Log Size and Retention Settings" +sidebar_position: 40 --- # Configure Security Event Log Size and Retention Settings diff --git a/docs/1secure/configuration/networktrafficcompression.md b/docs/1secure/configuration/networktrafficcompression.md index 4b2a0ca563..8da415093e 100644 --- a/docs/1secure/configuration/networktrafficcompression.md +++ b/docs/1secure/configuration/networktrafficcompression.md @@ -1,10 +1,7 @@ --- -id: network-traffic-compression title: "Network Traffic Compression" -pagination_label: "Network Traffic Compression" -sidebar_label: "Network Traffic Compression" -sidebar_position: 152 -description: "This page explains how to use network traffic compression to reduce bandwidth usage in distributed deployments and multi-site networks." +description: "Network Traffic Compression" +sidebar_position: 80 --- # Network Traffic Compression diff --git a/docs/1secure/configuration/overview.md b/docs/1secure/configuration/overview.md new file mode 100644 index 0000000000..09a70e899d --- /dev/null +++ b/docs/1secure/configuration/overview.md @@ -0,0 +1,19 @@ +--- +title: "Configure IT Infrastructure for Auditing and Monitoring" +description: "Configure IT Infrastructure for Auditing and Monitoring" +sidebar_position: 30 +--- + +# Configure IT Infrastructure for Auditing and Monitoring + +Netwrix 1Secure relies on native logs for collecting audit data. Therefore, successful change and +access auditing requires a certain configuration of native audit settings in the audited environment +and on the computer where Netwrix Cloud Agent resides. Configuring your IT infrastructure may also +include enabling certain built-in Windows services, etc. Proper audit configuration is required to +ensure audit data integrity, otherwise your change reports may contain warnings, errors or +incomplete audit data. + +You can configure your IT Infrastructure for monitoring in one of the following ways: + +- Automatically when creating a monitoring plan. This is a recommended method. +- Manually. diff --git a/docs/1secure/configuration/registerconfig/_category_.json b/docs/1secure/configuration/registerconfig/_category_.json new file mode 100644 index 0000000000..51c8c62d81 --- /dev/null +++ b/docs/1secure/configuration/registerconfig/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "App Registration and Configuration in Microsoft Entra ID", + "position": 20, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "registerconfig" + } +} \ No newline at end of file diff --git a/docs/1secure/configuration/registerconfig/permissions.md b/docs/1secure/configuration/registerconfig/permissions.md new file mode 100644 index 0000000000..28f74e87e9 --- /dev/null +++ b/docs/1secure/configuration/registerconfig/permissions.md @@ -0,0 +1,45 @@ +--- +title: "Microsoft 365 Permissions" +description: "Microsoft 365 Permissions" +sidebar_position: 10 +--- + +# Microsoft 365 Permissions + +This page lists the permissions required for an application you registered in Microsoft Entra ID to +audit the following Microsoft 365 data sources: + +- Microsoft Entra ID +- SharePoint Online +- Exchange Online + +## Permissions to Audit Microsoft Entra ID + +**NOTE:** The registered application must be assigned to the Global Administrator or Exchange +Administrator role for Microsoft Entra ID state collection. + +| API | Permissions | +| -------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Microsoft Graph | Directory - Directory.Read.All – Read directory data AuditLog - AuditLog.Read.All – Read all audit log data Policy - Policy.Read.All – Read your organization's policies. This permission is required to collect state-in-time reports. | +| Office 365 Management APIs | ActivityFeed - ActivityFeed.Read – Read activity data for your organization | +| Office 365 Exchange Online | Exchange - Exchange.ManageAsApp – Manage Exchange As Application This permission is required to collect state-in-time reports. | + +**NOTE:** To access the Office 365 Exchange Online API, click the **APIs my organization uses** tab +on the Request API Permissions pane and search this API by entering its name in the search box. + +## Permissions to Audit SharePoint Online + +| API | Permissions | +| -------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Microsoft Graph | Sites - Sites.Read.All – Read items in all site collections - Sites.ReadWrite.All – Read and write items in all site collections Directory - Directory.Read.All – Read directory data | +| SharePoint | Sites - Sites.FullControl.All – Have full control of all site collections. This permission is required to collect state-in-time reports. | +| Office 365 Management APIs | ActivityFeed - ActivityFeed.Read – Read activity data for your organization | + +**NOTE:** The Sites.ReadWrite.All permission is only required for SharePoint Online integration (for +example, when you have to save subscriptions to a SharePoint location). + +## Permissions to Audit Exchange Online + +| API | Permissions | +| -------------------------- | --------------------------------------------------------------------------- | +| Office 365 Management APIs | ActivityFeed - ActivityFeed.Read – Read activity data for your organization | diff --git a/docs/1secure/configuration/entraid/registerconfig.md b/docs/1secure/configuration/registerconfig/registerconfig.md similarity index 96% rename from docs/1secure/configuration/entraid/registerconfig.md rename to docs/1secure/configuration/registerconfig/registerconfig.md index 042892ab42..2dacd9c975 100644 --- a/docs/1secure/configuration/entraid/registerconfig.md +++ b/docs/1secure/configuration/registerconfig/registerconfig.md @@ -1,10 +1,7 @@ --- -id: app-registration-and-configuration-in-microsoft-entra-id title: "App Registration and Configuration in Microsoft Entra ID" -pagination_label: "App Registration and Configuration in Microsoft Entra ID" -sidebar_label: "App Registration and Configuration in Microsoft Entra ID" -sidebar_position: 112 -description: "Learn how to configure an app in Microsoft Entra ID to audit Microsoft 365 data sources using modern authentication." +description: "App Registration and Configuration in Microsoft Entra ID" +sidebar_position: 20 --- # App Registration and Configuration in Microsoft Entra ID @@ -60,7 +57,7 @@ Register an application page is displayed. The Overview page for the newly registered application opens. The following settings of the registered application are required while adding a data source in Netwrix 1Secure. See the -[Sources and Connectors](/docs/1secure/admin/organizations/sourcesandconnectors/index.md) topic for +[Sources and Connectors](/docs/1secure/admin/organizations/sourcesandconnectors/overview.md) topic for additional information on adding a data source. It is recommended to copy these settings and keep them safe. @@ -179,7 +176,7 @@ displayed. displayed in the Value column. The client secret value is required while adding a data source in Netwrix 1Secure. See the -[Sources and Connectors](/docs/1secure/admin/organizations/sourcesandconnectors/index.md) topic for +[Sources and Connectors](/docs/1secure/admin/organizations/sourcesandconnectors/overview.md) topic for additional information on adding a data source. **CAUTION:** If you leave this page before copying the key, it cannot be retrieved, and you will diff --git a/docs/1secure/configuration/sqlserver/_category_.json b/docs/1secure/configuration/sqlserver/_category_.json new file mode 100644 index 0000000000..54bdd48c92 --- /dev/null +++ b/docs/1secure/configuration/sqlserver/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "SQL Server", + "position": 50, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/1secure/configuration/sqlserver/configuringtracelogging.md b/docs/1secure/configuration/sqlserver/configuringtracelogging.md index 7f8e873ab5..e966ca01fe 100644 --- a/docs/1secure/configuration/sqlserver/configuringtracelogging.md +++ b/docs/1secure/configuration/sqlserver/configuringtracelogging.md @@ -1,10 +1,7 @@ --- -id: configure-trace-logging title: "Configure Trace Logging" -pagination_label: "Configure Trace Logging" -sidebar_label: "Configure Trace Logging" -sidebar_position: 141 -description: "Learn how to configure and change the default location for SQL Server trace logs." +description: "Configure Trace Logging" +sidebar_position: 30 --- # Configure Trace Logging diff --git a/docs/1secure/configuration/sqlserver/index.md b/docs/1secure/configuration/sqlserver/index.md deleted file mode 100644 index 1b9a62eba9..0000000000 --- a/docs/1secure/configuration/sqlserver/index.md +++ /dev/null @@ -1,37 +0,0 @@ ---- -id: sql-server -title: "SQL Server" -pagination_label: "SQL Server" -sidebar_label: "SQL Server" -sidebar_position: 140 -description: "Learn how to configure SQL Server for monitoring with Netwrix 1Secure using native logs and audit settings." ---- - -# SQL Server - -Netwrix 1Secure relies on native logs for collecting audit data. Therefore, successful change and -access auditing requires a certain configuration of native audit settings in the audited environment -and on the Netwrix 1Secure console computer. It is recommended to configure the IT infrastructure -for automatic monitoring; however, you can also configure it manually if needed. You may also need -to enable certain built-in Windows services, etc. - -Your current audit settings will be checked on each data collection and adjusted if necessary. -Proper audit configuration is required to ensure audit data integrity, otherwise your change reports -may contain warnings, errors, or incomplete audit data. - -## SQL Server Monitoring Scope - -The product collects successful and failed logon attempts for Windows and SQL logons. - -| Logon Type | Action | -| ------------- | --------------------------------- | -| SQL logon | - Successful logon - Failed logon | -| Windows logon | - Successful logon - Failed logon | - -## Next Steps - -Remember to do the following: - -- Configure a Data Collecting Account as described in the - [Permissions for SQL Server Auditing](/docs/1secure/configuration/sqlserver/permissions.md) topic. -- Configure ports as described in the [SQL Server Ports](/docs/1secure/configuration/sqlserver/ports.md) topic. diff --git a/docs/1secure/configuration/sqlserver/overview.md b/docs/1secure/configuration/sqlserver/overview.md new file mode 100644 index 0000000000..8adce74ad9 --- /dev/null +++ b/docs/1secure/configuration/sqlserver/overview.md @@ -0,0 +1,34 @@ +--- +title: "SQL Server" +description: "SQL Server" +sidebar_position: 50 +--- + +# SQL Server + +Netwrix 1Secure relies on native logs for collecting audit data. Therefore, successful change and +access auditing requires a certain configuration of native audit settings in the audited environment +and on the Netwrix 1Secure console computer. It is recommended to configure the IT infrastructure +for automatic monitoring; however, you can also configure it manually if needed. You may also need +to enable certain built-in Windows services, etc. + +Your current audit settings will be checked on each data collection and adjusted if necessary. +Proper audit configuration is required to ensure audit data integrity, otherwise your change reports +may contain warnings, errors, or incomplete audit data. + +## SQL Server Monitoring Scope + +The product collects successful and failed logon attempts for Windows and SQL logons. + +| Logon Type | Action | +| ------------- | --------------------------------- | +| SQL logon | - Successful logon - Failed logon | +| Windows logon | - Successful logon - Failed logon | + +## Next Steps + +Remember to do the following: + +- Configure a Data Collecting Account as described in the + [Permissions for SQL Server Auditing](/docs/1secure/configuration/sqlserver/permissions.md) topic. +- Configure ports as described in the [SQL Server Ports](/docs/1secure/configuration/sqlserver/ports.md) topic. diff --git a/docs/1secure/configuration/sqlserver/permissions.md b/docs/1secure/configuration/sqlserver/permissions.md index b53914f3d9..64e431d9b7 100644 --- a/docs/1secure/configuration/sqlserver/permissions.md +++ b/docs/1secure/configuration/sqlserver/permissions.md @@ -1,10 +1,7 @@ --- -id: permissions-for-sql-server-auditing title: "Permissions for SQL Server Auditing" -pagination_label: "Permissions for SQL Server Auditing" -sidebar_label: "Permissions for SQL Server Auditing" -sidebar_position: 142 -description: "Learn about the account permissions required for SQL Server auditing and data collection." +description: "Permissions for SQL Server Auditing" +sidebar_position: 20 --- # Permissions for SQL Server Auditing diff --git a/docs/1secure/configuration/sqlserver/ports.md b/docs/1secure/configuration/sqlserver/ports.md index 4425b0626f..6abb58b4b0 100644 --- a/docs/1secure/configuration/sqlserver/ports.md +++ b/docs/1secure/configuration/sqlserver/ports.md @@ -1,10 +1,7 @@ --- -id: sql-server-ports title: "SQL Server Ports" -pagination_label: "SQL Server Ports" -sidebar_label: "SQL Server Ports" -sidebar_position: 143 -description: "Review the complete list of protocols and ports required for Netwrix 1Secure SQL Server monitoring." +description: "SQL Server Ports" +sidebar_position: 10 --- # SQL Server Ports diff --git a/docs/1secure/index.md b/docs/1secure/index.md index 16dc678373..410616f01e 100644 --- a/docs/1secure/index.md +++ b/docs/1secure/index.md @@ -1,12 +1,3 @@ ---- -id: 1secure -title: "1Secure" -pagination_label: "1Secure" -sidebar_label: "1Secure" -sidebar_position: 1 -description: "Netwrix 1Secure is a Microsoft Azure-hosted, multi-tenant SaaS application that provides a single location to manage both on-premises and cloud environments." ---- - # 1Secure Netwrix 1Secure is a Microsoft Azure-hosted, multi-tenant SaaS application that provides a single @@ -97,7 +88,7 @@ environment. The time frame for a change may be within a minute up to several ho environment size. You can also review the agent status while adding the organization. See the -[Manage Organizations](/docs/1secure/admin/organizations) topic for more information. +[Manage Organizations](/docs/1secure/admin/organizations/overview.md) topic for more information. ### Updating Netwrix Cloud Agent diff --git a/docs/1secure/install/_category_.json b/docs/1secure/install/_category_.json new file mode 100644 index 0000000000..3351d0ba09 --- /dev/null +++ b/docs/1secure/install/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Installation", + "position": 40, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/1secure/install/installagent.md b/docs/1secure/install/installagent.md index 2182b423aa..769093f15b 100644 --- a/docs/1secure/install/installagent.md +++ b/docs/1secure/install/installagent.md @@ -1,22 +1,14 @@ --- -id: installation -title: "Installation" -pagination_label: "Installation" -sidebar_label: "Installation" -sidebar_position: 4 -description: "This topic describes how to install the Netwrix Cloud Agent for collecting data from your on-premise sources." +title: "Install Agent" +description: "Install Agent" +sidebar_position: 10 --- -# Installation - -Netwrix 1Secure is a cloud product. However, if you want to use an on-premise version, you need to -install an agent for collecting the data from your sources. - -## Install Agent +# Install Agent This topic describes an installation of the agent for collecting the data from your sources. Prior to installing the agent, ensure that all installation requirements have been met. See the -[Netwrix Cloud Agent Software Requirements](/docs/1secure/requirements.md) topic for +[Netwrix Cloud Agent Software Requirements](/docs/1secure/requirements/overview.md) topic for additional information. ## Configure Netwrix Cloud Agent diff --git a/docs/1secure/install/overview.md b/docs/1secure/install/overview.md new file mode 100644 index 0000000000..efa7c0fc5c --- /dev/null +++ b/docs/1secure/install/overview.md @@ -0,0 +1,13 @@ +--- +title: "Installation" +description: "Installation" +sidebar_position: 40 +--- + +# Installation + +Netwrix 1Secure is a cloud product. However, if you want to use an on-premise version, you need to +install an agent for collecting the data from your sources. + +See the following topic for additional information: +- [Install Agent](/docs/1secure/install/installagent.md) \ No newline at end of file diff --git a/docs/1secure/integration/_category_.json b/docs/1secure/integration/_category_.json new file mode 100644 index 0000000000..c4bc4f87b3 --- /dev/null +++ b/docs/1secure/integration/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Integration", + "position": 60, + "collapsed": true, + "collapsible": true, + "link":{ + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/1secure/integrations/connectwise.md b/docs/1secure/integration/connectwise.md similarity index 95% rename from docs/1secure/integrations/connectwise.md rename to docs/1secure/integration/connectwise.md index 262d4a5b2c..cc392c30ad 100644 --- a/docs/1secure/integrations/connectwise.md +++ b/docs/1secure/integration/connectwise.md @@ -1,10 +1,7 @@ --- -id: connectwise title: "ConnectWise" -pagination_label: "ConnectWise" -sidebar_label: "ConnectWise" -sidebar_position: 201 -description: "This page explains how to configure ConnectWise integration to deliver Netwrix 1Secure alerts as tickets for help desk services." +description: "ConnectWise" +sidebar_position: 10 --- # ConnectWise diff --git a/docs/1secure/integration/overview.md b/docs/1secure/integration/overview.md new file mode 100644 index 0000000000..eb42786e6e --- /dev/null +++ b/docs/1secure/integration/overview.md @@ -0,0 +1,26 @@ +--- +title: "Third-party Systems" +description: "Third-party Systems" +sidebar_position: 60 +--- + +# Third-party Systems + +Managed Service Providers use a service ticket to track an issue, usually by someone in an IT role. +Each issue gets its own ticket, and the ticket remains open until the issue is resolved. Once the +issue is resolved, IT closes the ticket. + +There are two ticket-related services Netwrix 1Secure uses - ConnectWise and ServiceNow. The system +shall display the service, which the MSP applies. + +There is also a SharePoint Online integration which you can use for report subscriptions. This +feature is useful when you create the report and deliver it to a specific folder in SharePoint +Online. + +See the following topics for additional information: + +```mdx-code-block +import DocCardList from '@theme/DocCardList'; + + +``` \ No newline at end of file diff --git a/docs/1secure/integrations/servicenow.md b/docs/1secure/integration/servicenow.md similarity index 94% rename from docs/1secure/integrations/servicenow.md rename to docs/1secure/integration/servicenow.md index 2425cbc20a..0289e3481e 100644 --- a/docs/1secure/integrations/servicenow.md +++ b/docs/1secure/integration/servicenow.md @@ -1,10 +1,7 @@ --- -id: servicenow title: "ServiceNow" -pagination_label: "ServiceNow" -sidebar_label: "ServiceNow" -sidebar_position: 202 -description: "This page explains how to configure ServiceNow integration to deliver Netwrix 1Secure alerts as tickets or work notes for help desk services." +description: "ServiceNow" +sidebar_position: 20 --- # ServiceNow diff --git a/docs/1secure/integrations/sharepointonline.md b/docs/1secure/integration/sharepointonline.md similarity index 84% rename from docs/1secure/integrations/sharepointonline.md rename to docs/1secure/integration/sharepointonline.md index c43fcc6bed..07d4eb5f93 100644 --- a/docs/1secure/integrations/sharepointonline.md +++ b/docs/1secure/integration/sharepointonline.md @@ -1,10 +1,7 @@ --- -id: sharepoint-online title: "SharePoint Online" -pagination_label: "SharePoint Online" -sidebar_label: "SharePoint Online" -sidebar_position: 203 -description: "This page explains how to configure SharePoint Online integration for delivering Activity and Risk Assessment Dashboard report subscriptions." +description: "SharePoint Online" +sidebar_position: 30 --- # SharePoint Online @@ -35,23 +32,23 @@ integration. **Step 3 –** In the Configure connection window, specify the required fields: - Client ID – The client ID of the app registered in Microsoft Entra ID. See the - [App Registration and Configuration in Microsoft Entra ID](/docs/1secure/configuration/entraid/registerconfig.md) topic + [App Registration and Configuration in Microsoft Entra ID](/docs/1secure/configuration/registerconfig/registerconfig.md) topic for additional information. - Tenant ID – The tenant ID of the app registered in Microsoft Entra ID. See the - [App Registration and Configuration in Microsoft Entra ID](/docs/1secure/configuration/entraid/registerconfig.md) topic + [App Registration and Configuration in Microsoft Entra ID](/docs/1secure/configuration/registerconfig/registerconfig.md) topic for additional information. - Client Secret – The client secret of the app registered in Microsoft Entra ID. See the - [App Registration and Configuration in Microsoft Entra ID](/docs/1secure/configuration/entraid/registerconfig.md) topic + [App Registration and Configuration in Microsoft Entra ID](/docs/1secure/configuration/registerconfig/registerconfig.md) topic for additional information. See the -[App Registration and Configuration in Microsoft Entra ID](/docs/1secure/configuration/entraid/registerconfig.md) +[App Registration and Configuration in Microsoft Entra ID](/docs/1secure/configuration/registerconfig/registerconfig.md) topic for additional information. **Step 4 –** Click **Finish**. **NOTE:** You must firstly add a Sites.ReadWrite.All permission in your Microsoft Entra admin -center. See the [ Microsoft 365 Permissions](/docs/1secure/configuration/entraid/permissions.md) topic for +center. See the [ Microsoft 365 Permissions](/docs/1secure/configuration/registerconfig/permissions.md) topic for additional information. The SharePoint Online integration is added now. The status displays "Ok" in green. diff --git a/docs/1secure/integrations/index.md b/docs/1secure/integrations/index.md deleted file mode 100644 index 9c1da52fce..0000000000 --- a/docs/1secure/integrations/index.md +++ /dev/null @@ -1,29 +0,0 @@ ---- -id: third-party-systems -title: "Third-party Systems" -pagination_label: "Third-party Systems" -sidebar_label: "Third-party Systems" -sidebar_position: 200 -description: "This page explains the third-party integrations available with Netwrix 1Secure, including ConnectWise, ServiceNow, and SharePoint Online." ---- - -# Third-party Systems - -Managed Service Providers use a service ticket to track an issue, usually by someone in an IT role. -Each issue gets its own ticket, and the ticket remains open until the issue is resolved. Once the -issue is resolved, IT closes the ticket. - -There are two ticket-related services Netwrix 1Secure uses - ConnectWise and ServiceNow. The system -shall display the service, which the MSP applies. - -There is also a SharePoint Online integration which you can use for report subscriptions. This -feature is useful when you create the report and deliver it to a specific folder in SharePoint -Online. - -See the following topics for additional information: - -```mdx-code-block -import DocCardList from '@theme/DocCardList'; - - -``` \ No newline at end of file diff --git a/docs/1secure/netwrix1securedocumentation/_category_.json b/docs/1secure/netwrix1securedocumentation/_category_.json new file mode 100644 index 0000000000..45284a7601 --- /dev/null +++ b/docs/1secure/netwrix1securedocumentation/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Netwrix 1Secure Documentation", + "position": 10, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/1secure/requirements.md b/docs/1secure/requirements.md deleted file mode 100644 index 7f958c7644..0000000000 --- a/docs/1secure/requirements.md +++ /dev/null @@ -1,69 +0,0 @@ ---- -id: requirements -title: "Requirements" -pagination_label: "Requirements" -sidebar_label: "Requirements" -sidebar_position: 2 -description: "This topic provides the requirements for installing Netwrix Cloud Agent and the prerequisites for configuring data sources to collect data from various environments." ---- - -# Requirements - -This topic provides the requirements for installing Netwrix Cloud Agent and the prerequisites for -configuring data sources to collect data from various environments. - -## Prerequisites for Data Sources - -This section lists platforms and systems that can be monitored with Netwrix 1Secure. - -| Data source | Supported Versions | -| ------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Active Directory (including Logon Activity) | Domain Controller OS versions: - Windows Server 2022 - Windows Server 2019 - Windows Server 2016 - Windows Server 2012 R2 | -| Microsoft Entra ID | Microsoft Entra ID version provided within Microsoft Office 365 You may need to take some preparatory steps, depending on the authentication method you want to use for collecting Azure AD and Office 365 data. See the [App Registration and Configuration in Microsoft Entra ID](/docs/1secure/configuration/entraid/registerconfig.md) topic for additional information. | -| Computer (Windows File Server) | - Windows Server OS: - Windows Server 2022 - Windows Server 2019 - Windows Server 2016 - Windows Server 2012 R2 - Windows Desktop OS (32 and 64-bit): - Windows 10 - Windows 8.1 - Windows 7 Consider the following: - To collect data from 32-bit operating systems, network traffic compression must be disabled. - To collect data from Windows Failover Cluster, network traffic compression must be enabled. - Scale-Out File Server (SOFS) cluster is not supported. | -| SharePoint Online | Azure Active Directory version provided within Microsoft Office 365 You may need to take some preparatory steps, depending on the authentication method you want to use for collecting SharePoint Online and One Drive for Business. See the [App Registration and Configuration in Microsoft Entra ID](/docs/1secure/configuration/entraid/registerconfig.md) topic for additional information. | -| Exchange Online | Azure Active Directory version provided within Microsoft Office 365 You may need to take some preparatory steps, depending on the authentication method you want to use for collecting Exchange Online. See the [App Registration and Configuration in Microsoft Entra ID](/docs/1secure/configuration/entraid/registerconfig.md) topic for additional information. | - -## Netwrix Cloud Agent Software Requirements - -**CAUTION:** You would generally need only one Netwrix Cloud Agent per audited on-premises AD -domain. In case you have both Netwrix Auditor and Netwrix 1Secure auditing the same domain, make -sure that only one or none of the products has network traffic compression service enabled for any -of the audited sources. - -For its correct installation Netwrix Cloud Agent needs the following software requirements: - -- Windows Server OS (strongly recommended): - - - Windows Server 2022 - - Windows Server 2019 - - Windows Server 2016 - - Windows Server 2012 R2 - -- Windows Desktop OS (64-bit): - - - Windows 10 - - Windows 11 - -- .NET Framework 4.8 and above (in the monitored environment as well) -- Windows Installer 3.1 and above -- Windows PowerShell 3.0 and above - -The machine where you plan to deploy the agent must meet the requirements listed below. - -| Hardware component | Evaluation, PoC or starter environment | Regular environment (up to 1m Activity Records/day) | Large environment (1-10m Activity Records/day) | XLarge environment (10m Activity Records/day or more) | -| ------------------ | -------------------------------------- | --------------------------------------------------- | ---------------------------------------------- | ----------------------------------------------------- | -| Processor | 2 cores | 4 cores | 8 cores | 16 cores | -| RAM | 8 GB | 8 GB | 16 GB | 64 GB | -| Disk space | 200 GB—System drive | 200 GB—System drive | 2 TB—System drive | 1 TB + 1 TB per year —System drive | -| Others | — | — | Network capacity 1 Gbit | Network capacity 1 Gbit | - -## Requirements for outbound communications with a Netwrix Cloud Agent - -To review the security incorporated by the agent in your system, examine the target URL in the -Configuration.xml file, which is located on the agent host at: - -`C:\ProgramData\Netwrix Cloud Agent\AgentCore\ConfigServer\Configuration.xml` - -You must also open the outbound TCP port 443 on the server where the Netwrix Cloud Agent resides. -See the [Install Agent](/docs/1secure/install/installagent.md) topic \ No newline at end of file diff --git a/docs/1secure/requirements/CloudAgentRequirements.md b/docs/1secure/requirements/CloudAgentRequirements.md new file mode 100644 index 0000000000..6f21885de7 --- /dev/null +++ b/docs/1secure/requirements/CloudAgentRequirements.md @@ -0,0 +1,49 @@ +--- +title: "Netwrix Cloud Agent Software Requirements" +description: "Netwrix Cloud Agent Software Requirements" +sidebar_position: 20 +--- + +# Netwrix Cloud Agent Software Requirements + +**CAUTION:** You would generally need only one Netwrix Cloud Agent per audited on-premises AD +domain. In case you have both Netwrix Auditor and Netwrix 1Secure auditing the same domain, make +sure that only one or none of the products has network traffic compression service enabled for any +of the audited sources. + +For its correct installation Netwrix Cloud Agent needs the following software requirements: + +- Windows Server OS (strongly recommended): + + - Windows Server 2022 + - Windows Server 2019 + - Windows Server 2016 + - Windows Server 2012 R2 + +- Windows Desktop OS (64-bit): + + - Windows 10 + - Windows 11 + +- .NET Framework 4.8 and above (in the monitored environment as well) +- Windows Installer 3.1 and above +- Windows PowerShell 3.0 and above + +The machine where you plan to deploy the agent must meet the requirements listed below. + +| Hardware component | Evaluation, PoC or starter environment | Regular environment (up to 1m Activity Records/day) | Large environment (1-10m Activity Records/day) | XLarge environment (10m Activity Records/day or more) | +| ------------------ | -------------------------------------- | --------------------------------------------------- | ---------------------------------------------- | ----------------------------------------------------- | +| Processor | 2 cores | 4 cores | 8 cores | 16 cores | +| RAM | 8 GB | 8 GB | 16 GB | 64 GB | +| Disk space | 200 GB—System drive | 200 GB—System drive | 2 TB—System drive | 1 TB + 1 TB per year —System drive | +| Others | — | — | Network capacity 1 Gbit | Network capacity 1 Gbit | + +## Requirements for outbound communications with a Netwrix Cloud Agent + +To review the security incorporated by the agent in your system, examine the target URL in the +Configuration.xml file, which is located on the agent host at: + +`C:\ProgramData\Netwrix Cloud Agent\AgentCore\ConfigServer\Configuration.xml` + +You must also open the outbound TCP port 443 on the server where the Netwrix Cloud Agent resides. +See the [Install Agent](/docs/1secure/install/installagent.md) topic \ No newline at end of file diff --git a/docs/1secure/requirements/_category_.json b/docs/1secure/requirements/_category_.json new file mode 100644 index 0000000000..8a00596580 --- /dev/null +++ b/docs/1secure/requirements/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Requirements", + "position": 20, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/1secure/requirements/overview.md b/docs/1secure/requirements/overview.md new file mode 100644 index 0000000000..89b20e8f11 --- /dev/null +++ b/docs/1secure/requirements/overview.md @@ -0,0 +1,14 @@ +--- +title: "Requirements" +description: "Requirements" +sidebar_position: 20 +--- + +# Requirements + +This topic provides the requirements for installing Netwrix Cloud Agent and the prerequisites for +configuring data sources to collect data from various environments. + +See the following topics for additional information: +- [Agent Software Requirements](/docs/1secure/requirements/CloudAgentRequirements.md) +- [Prerequisites for Data Sources](/docs/1secure/requirements/prerequisitesfordatasources.md) diff --git a/docs/1secure/requirements/prerequisitesfordatasources.md b/docs/1secure/requirements/prerequisitesfordatasources.md new file mode 100644 index 0000000000..aeb4f46318 --- /dev/null +++ b/docs/1secure/requirements/prerequisitesfordatasources.md @@ -0,0 +1,17 @@ +--- +title: "Prerequisites for Data Sources" +description: "Prerequisites for Data Sources" +sidebar_position: 10 +--- + +# Prerequisites for Data Sources + +This section lists platforms and systems that can be monitored with Netwrix 1Secure. + +| Data source | Supported Versions | +| ------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Active Directory (including Logon Activity) | Domain Controller OS versions: - Windows Server 2022 - Windows Server 2019 - Windows Server 2016 - Windows Server 2012 R2 | +| Microsoft Entra ID | Microsoft Entra ID version provided within Microsoft Office 365 You may need to take some preparatory steps, depending on the authentication method you want to use for collecting Azure AD and Office 365 data. See the [App Registration and Configuration in Microsoft Entra ID](/docs/1secure/configuration/registerconfig/registerconfig.md) topic for additional information. | +| Computer (Windows File Server) | - Windows Server OS: - Windows Server 2022 - Windows Server 2019 - Windows Server 2016 - Windows Server 2012 R2 - Windows Desktop OS (32 and 64-bit): - Windows 10 - Windows 8.1 - Windows 7 Consider the following: - To collect data from 32-bit operating systems, network traffic compression must be disabled. - To collect data from Windows Failover Cluster, network traffic compression must be enabled. - Scale-Out File Server (SOFS) cluster is not supported. | +| SharePoint Online | Azure Active Directory version provided within Microsoft Office 365 You may need to take some preparatory steps, depending on the authentication method you want to use for collecting SharePoint Online and One Drive for Business. See the [App Registration and Configuration in Microsoft Entra ID](/docs/1secure/configuration/registerconfig/registerconfig.md) topic for additional information. | +| Exchange Online | Azure Active Directory version provided within Microsoft Office 365 You may need to take some preparatory steps, depending on the authentication method you want to use for collecting Exchange Online. See the [App Registration and Configuration in Microsoft Entra ID](/docs/1secure/configuration/registerconfig/registerconfig.md) topic for additional information. \ No newline at end of file diff --git a/docs/1secure/security.md b/docs/1secure/security.md deleted file mode 100644 index 344a44362f..0000000000 --- a/docs/1secure/security.md +++ /dev/null @@ -1,95 +0,0 @@ ---- -id: security -title: "Security" -pagination_label: "Security" -sidebar_label: "Security" -sidebar_position: 3 -description: "Netwrix 1Secure implements multiple layers of security to protect your data and ensure compliance with industry standards." ---- - -# Security - -Netwrix 1Secure implements multiple layers of security to protect your data and ensure compliance with industry standards. - -## Physical Security - -Netwrix 1Secure runs on Microsoft Entra infrastructure. Click -[here](https://azure.microsoft.com/en-us/overview/trusted-cloud/) to learn more about Entra cloud -security, or click [here](https://azure.microsoft.com/en-us/overview/trusted-cloud/compliance/) to -view all Entra compliance certifications. - -## Network Security - -The Azure SQL database used to store the data is isolated from direct access. We use firewall rules -that prevent database access to the API backend services running in Microsoft Entra ID. - -All API access happens on behalf of specific user accounts in Microsoft Entra ID. - -## Access Control - -Netwrix 1Secure is a multi-tenant cloud application. All data is segregated by tenants and access -control is enforced. - -Only the users who you explicitly add to your organization in Netwrix 1Secure get to see your -dashboards in the product. User access is set up using a customer Azure AD account. You can further -protect access using Azure AD support for Multi-Factor Authentication (MFA). Thus, when users get -deprovisioned from their corporate directories they also automatically lose access to Netwrix -1Secure. - -Netwrix employees who have administrative access to the Azure deployment to maintain the application -only do so under their own Netwrix corporate accounts and all their activity is audited. - -## Data Security - -### Data at rest - -Data is persistently stored within the Azure SQL Database in the region you select when creating -your account. All data stored in the database is encrypted with an AES 256-bit encryption algorithm. - -### Data in transit - -Data will be transferred between the system components in a few different ways: - -- Agent -> API -- API -> SQL Database -- SQL Database -> Application -- Application -> Browser (User) - -Data is always encrypted in transit, and connections are made over HTTPS to prevent eavesdropping. - -### Data Retention Period - -Data retention is the practice of storing and managing your data and records for a designated period -of time. A data retention period refers to the amount of time that a company or an organization -holds onto your information. Netwrix 1Secure provides data retention for 1 rolling year by default. - -## Compliance - -Netwrix 1Secure uses Azure datacenters in your region of choice. Microsoft provides the highest -levels of security for these datacenters including compliance to the following standards: General -Data Protection Regulation (GDPR), ISO 27001, HIPAA, FedRAMP, SOC 1 and SOC 2, as well as -country-specific standards, including Australia IRAP, UK G-Cloud, and Singapore MTCS. - -For more information, visit -[https://azure.microsoft.com/en-us/overview/trusted-cloud/compliance/](https://azure.microsoft.com/en-us/overview/trusted-cloud/compliance/) - -## Customer Data Privacy - -All customers access Netwrix 1Secure via the same address: - -- [https://1secure.netwrix.com/](https://1secure.netwrix.com/) - -However, based on your selection at account signup / creation, your data is stored in one of the -following Microsoft Azure regions: - -- If you select the Americas, your data is stored in the Microsoft Azure region known as "West - Central US". -- If you select Europe/Africa, your data is stored in the Microsoft Azure region known as "West - Europe". - -The region is selected by the user who is signing up for the product. We create a tenant for your -organization in that region and guarantee that all your data always stays within that region. - -If your company is split across multiple regions, you can select the region where the headquarters -are located or, alternatively, have a separate tenant for each region. Please note that in this case -Netwrix 1Secure will not provide a company-wide risk score. \ No newline at end of file diff --git a/docs/1secure/security/_category_.json b/docs/1secure/security/_category_.json new file mode 100644 index 0000000000..3c06f14eea --- /dev/null +++ b/docs/1secure/security/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Security", + "position": 70, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/1secure/security/accesscontrol.md b/docs/1secure/security/accesscontrol.md new file mode 100644 index 0000000000..e45b746027 --- /dev/null +++ b/docs/1secure/security/accesscontrol.md @@ -0,0 +1,19 @@ +--- +title: "Access Control" +description: "Access Control" +sidebar_position: 30 +--- + +# Access Control + +Netwrix 1Secure is a multi-tenant cloud application. All data is segregated by tenants and access +control is enforced. + +Only the users who you explicitly add to your organization in Netwrix 1Secure get to see your +dashboards in the product. User access is set up using a customer Azure AD account. You can further +protect access using Azure AD support for Multi-Factor Authentication (MFA). Thus, when users get +deprovisioned from their corporate directories they also automatically lose access to Netwrix +1Secure. + +Netwrix employees who have administrative access to the Azure deployment to maintain the application +only do so under their own Netwrix corporate accounts and all their activity is audited. \ No newline at end of file diff --git a/docs/1secure/security/compliance.md b/docs/1secure/security/compliance.md new file mode 100644 index 0000000000..ca7a5d1172 --- /dev/null +++ b/docs/1secure/security/compliance.md @@ -0,0 +1,15 @@ +--- +title: "Compliance" +description: "Compliance" +sidebar_position: 10 +--- + +# Compliance + +Netwrix 1Secure uses Azure datacenters in your region of choice. Microsoft provides the highest +levels of security for these datacenters including compliance to the following standards: General +Data Protection Regulation (GDPR), ISO 27001, HIPAA, FedRAMP, SOC 1 and SOC 2, as well as +country-specific standards, including Australia IRAP, UK G-Cloud, and Singapore MTCS. + +For more information, visit +[https://azure.microsoft.com/en-us/overview/trusted-cloud/compliance/](https://azure.microsoft.com/en-us/overview/trusted-cloud/compliance/) \ No newline at end of file diff --git a/docs/1secure/security/customerdataprivacy.md b/docs/1secure/security/customerdataprivacy.md new file mode 100644 index 0000000000..21368c9277 --- /dev/null +++ b/docs/1secure/security/customerdataprivacy.md @@ -0,0 +1,26 @@ +--- +title: "Customer Data Privacy" +description: "Customer Data Privacy" +sidebar_position: 20 +--- + +# Customer Data Privacy + +All customers access Netwrix 1Secure via the same address: + +- [https://1secure.netwrix.com/](https://1secure.netwrix.com/) + +However, based on your selection at account signup / creation, your data is stored in one of the +following Microsoft Azure regions: + +- If you select the Americas, your data is stored in the Microsoft Azure region known as "West + Central US". +- If you select Europe/Africa, your data is stored in the Microsoft Azure region known as "West + Europe". + +The region is selected by the user who is signing up for the product. We create a tenant for your +organization in that region and guarantee that all your data always stays within that region. + +If your company is split across multiple regions, you can select the region where the headquarters +are located or, alternatively, have a separate tenant for each region. Please note that in this case +Netwrix 1Secure will not provide a company-wide risk score. \ No newline at end of file diff --git a/docs/1secure/security/datasecurity.md b/docs/1secure/security/datasecurity.md new file mode 100644 index 0000000000..61eb091c64 --- /dev/null +++ b/docs/1secure/security/datasecurity.md @@ -0,0 +1,29 @@ +--- +title: "Data Security" +description: "Data Security" +sidebar_position: 40 +--- + +# Data Security + +## Data at rest + +Data is persistently stored within the Azure SQL Database in the region you select when creating +your account. All data stored in the database is encrypted with an AES 256-bit encryption algorithm. + +## Data in transit + +Data will be transferred between the system components in a few different ways: + +- Agent -> API +- API -> SQL Database +- SQL Database -> Application +- Application -> Browser (User) + +Data is always encrypted in transit, and connections are made over HTTPS to prevent eavesdropping. + +## Data Retention Period + +Data retention is the practice of storing and managing your data and records for a designated period +of time. A data retention period refers to the amount of time that a company or an organization +holds onto your information. Netwrix 1Secure provides data retention for 1 rolling year by default. \ No newline at end of file diff --git a/docs/1secure/security/overview.md b/docs/1secure/security/overview.md new file mode 100644 index 0000000000..708699990b --- /dev/null +++ b/docs/1secure/security/overview.md @@ -0,0 +1,23 @@ +--- +title: "Security" +description: "Security" +sidebar_position: 70 +--- + +# Security + +Netwrix 1Secure implements multiple layers of security to protect your data and ensure compliance with industry standards. + +## Physical Security + +Netwrix 1Secure runs on Microsoft Entra infrastructure. Click +[here](https://azure.microsoft.com/en-us/overview/trusted-cloud/) to learn more about Entra cloud +security, or click [here](https://azure.microsoft.com/en-us/overview/trusted-cloud/compliance/) to +view all Entra compliance certifications. + +## Network Security + +The Azure SQL database used to store the data is isolated from direct access. We use firewall rules +that prevent database access to the API backend services running in Microsoft Entra ID. + +All API access happens on behalf of specific user accounts in Microsoft Entra ID. diff --git a/docs/directorymanager/11.1/about/_category_.json b/docs/directorymanager/11.1/about/_category_.json new file mode 100644 index 0000000000..55497ef024 --- /dev/null +++ b/docs/directorymanager/11.1/about/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Installation", + "position": 30, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "about" + } +} \ No newline at end of file diff --git a/docs/directorymanager/11.1/about/about.md b/docs/directorymanager/11.1/about/about.md new file mode 100644 index 0000000000..738030fb74 --- /dev/null +++ b/docs/directorymanager/11.1/about/about.md @@ -0,0 +1,14 @@ +--- +title: "Installation" +description: "Installation" +sidebar_position: 30 +--- + +# Installation + +The Directory Manager installer auto detects the prerequisite software and Windows features that +Directory Manager requires, and installs them without any manual intervention. This has practically +simplified Directory Manager installation, reduced workloads, and diminished installation time. + +Furthermore, Directory Manager configuration and upgrade has been seamlessly integrated into the +installation experience. diff --git a/docs/directorymanager/11.1/about/configure/_category_.json b/docs/directorymanager/11.1/about/configure/_category_.json new file mode 100644 index 0000000000..d50e6b1f43 --- /dev/null +++ b/docs/directorymanager/11.1/about/configure/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Configuration", + "position": 20, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/directorymanager/11.1/about/configure/configure.md b/docs/directorymanager/11.1/about/configure/configure.md new file mode 100644 index 0000000000..b3eb271834 --- /dev/null +++ b/docs/directorymanager/11.1/about/configure/configure.md @@ -0,0 +1,48 @@ +--- +title: "Configuration Tool" +description: "Configuration Tool" +sidebar_position: 10 +--- + +# Configuration Tool + +You can configure Directory Managerimmediately after installing it. + +Step 1 – Run the Configuration Tool in one of the following ways: + +- To configure Directory Managerright after installation, click **Next** on the **Run Configuration + Tool** page. See the [Installation Tool](/docs/directorymanager/11.1/about/installer/install.md) topic. +- When Directory Manager is installed, the Configuration Tool is also installed as a separate + program on the machine. Launch the Directory Manager Configuration Tool from the Windows Start + screen. + +In either case, the tool opens to the **Introduction** page. + +![Introduction page](/img/product_docs/directorymanager/11.1/install/configure/intro.webp) + +Step 2 – Read the welcome message and click **Next**. + +![Create new server page](/img/product_docs/directorymanager/11.1/install/configure/select_to_create_a_new_server-new.webp) + +Step 3 – To configure a Directory Manager server or a Directory Manager client, select the relevant +option. + +- **Configure a new GroupID server with new or existing database** – configures the Directory + Manager server and the Directory Manager Data Service on the machine where Directory Manager is + being installed. + + It also configures the Directory Manager Elasticsearch Service as a master node for the + Elasticsearch service cluster to support load balancing. See the + [Configure a New Directory Manager Server with a New or an Existing Database](/docs/directorymanager/11.1/about/configure/gidserver.md) + topic for additional information. + +- **Configure a new GroupID 11 server to add it into an existing GroupID 11 cluster with an existing + database** – configures a Directory Manager server that has its own Data Service. This data + service gets the configurations (paraphrase and database settings) of the Data Service deployed + for another Directory Manager server in your environment. + + This option also configures the Directory Manager Elasticsearch Service as a slave node to the + master node for the Elasticsearch Service cluster configured on the Directory Manager server. + See the + [Configure a new Directory Manager server to add it to an existing Directory Manager 11 cluster with an existing database](/docs/directorymanager/11.1/about/configure/database.md) + topic for additional information. diff --git a/docs/directorymanager/11.1/about/configure/database.md b/docs/directorymanager/11.1/about/configure/database.md new file mode 100644 index 0000000000..bcc934541c --- /dev/null +++ b/docs/directorymanager/11.1/about/configure/database.md @@ -0,0 +1,202 @@ +--- +title: "Configure a new Directory Manager server to add it to an existing Directory Manager 11 cluster with an existing database" +description: "Configure a new Directory Manager server to add it to an existing Directory Manager 11 cluster with an existing database" +sidebar_position: 30 +--- + +# Configure a new Directory Manager server to add it to an existing Directory Manager 11 cluster with an existing database + +While installing Directory Manager, you can choose to create a Directory Managerserver with load +balancing support, where load will be balanced in real time with multiple Data Services, portals and +Elasticsearch instances. + +This option also configures the Directory Manager Elasticsearch Service as a slave node to the +master node for the Elasticsearch Service cluster configured on the Directory Manager server. + +To configure a Directory Manager server with existing database: + +Step 1 – On the Select to create new server or use existing server page of the Configuration Tool, +select [Configure a New Directory Manager Server with a New or an Existing Database](/docs/directorymanager/11.1/about/configure/gidserver.md) +option. See Step 3 on the [Configuration Tool](/docs/directorymanager/11.1/about/configure/configure.md) topic. + +Step 2 – Click **Next**. + +![database_settings](/img/product_docs/directorymanager/11.1/install/configure/databasesettings.webp) + +Step 3 – In the SQL Server list, select the SQL Server to use with this new Directory Manager +Server. The SQL Server must be the same used with the master node of Directory Manager. + +If the required server does not appear in the list, make sure that the SQL Server Browser service is +running on the SQL Server machine and then click the **Refresh** button. + +Step 4 – In the Authentication list, select an authentication mode to be used when connecting to the +SQL Server database. Modes are: + +- SQL Server Authentication - To set SQL Server to work with Directory Manager using an SQL Server + account. See the [Authentication Modes](/docs/directorymanager/11.1/about/configure/setupauthentication.md) topic for + additional information. +- Windows Authentication - To set SQL Server to work with Directory Manager using a Windows user + account. See the [Authentication Modes](/docs/directorymanager/11.1/about/configure/setupauthentication.md) topic for + additional details. + +Step 5 – Depending on the authentication mode selected, do the following: + +- For SQL Server Authentication: enter the user name and password of the selected SQL Server in the + **SQL Username** and **SQL Password** boxes. +- For Windows Authentication: User name and password fields will be disabled with Windows + Authentication. The logged-in user credentials will be populated here. + +Step 6 – In the SQL Database box, specify name of the SQL database being used by the master +Directory Manager node. This new Directory Manager instance will use the same database. + +NOTE: While configuring a new Directory Manager machine with an existing database option, the Copy +Database button has no relevance here. + +Step 7 – Click **Next**. + +![License page](/img/product_docs/directorymanager/11.1/install/configure/license_w_existing_db_option.webp) + +Step 8 – On the License page, license information of Directory Manager installed on the master node +is displayed. A valid license and key enable the Next button. If the Next button remains disabled, +check your entries for errors. + +Step 9 – Click **Next**. + +![GroupID Service Configurations](/img/product_docs/directorymanager/11.1/install/configure/servicesconfiguration.webp) + +Step 10 – Directory Manager requires two services: + +- Directory Manager Data Service: This is a web-based service that Directory Manager uses to + communicate with Microsoft SQL Server for storing and fetching data in the database. +- Directory Manager Security Service: This is also a web-based service that Directory Manager uses + to: + + - Authenticate and authorize users on different Directory Manager functionalities in accordance + with their roles. + - Encrypt and decrypt data that Directory Manager Data Service stores and fetches from the SQL + database. + + To deploy these services, the Configuration Tool creates and configures a new website in IIS + with the name _GroupIDSite11_. By default, it binds this site to any of the available ports. + However, if you have a different preference, you can change the port. + + Click **Advanced Options** and enter the port in the Port Number box. + +- Replication service: This service replicates object attributes from the provider (such as Active + Directory) to Elasticsearch. +- Admin Center: Admin Center is a web-based application that can be accessed over the Internet and + Intranet. + +NOTE: This Directory Manager instance will use Email and Scheduler services of the selected cluster. + +Step 11 – Click **Next**. + +![Elasticsearch Settings page](/img/product_docs/directorymanager/11.1/install/configure/elasticsearchsettings.webp) + +Step 12 – Directory Manager provides the following two options for Elasticsearch configuration. +Select the relevant option: + +- Let Directory Managerinstall and manage Elasticsearch: If you select this option, Directory + Manager Configuration Tool will install Elasticsearch. It presents you default configuration of + Elasticsearch cluster it will create: + + ![Select Elastic Cluster page](/img/product_docs/directorymanager/11.1/install/configure/select_cluster_w_existing_db_option.webp) + + 1. Cluster Name: lists all the clusters defined so far. Select one to create an Elasticsearch + node within the selected cluster. + 2. Port: the default port for Elasticsearch API communication. Modify the port number if the + mentioned default port is not available. + 3. TCP Port: the default port for communication between nodes within the cluster. Modify the + port number if the mentioned default port is not available. + + NOTE: Make sure that the specified ports are available and unblocked. + + I will install and manage Elasticsearch myself: If you select this option, the following page is + displayed: + + ![Elasticsearch settings page](/img/product_docs/directorymanager/11.1/install/configure/elasticsearchsettings-2.webp) + + Provide configurations of Elasticsearch you want to use with Directory Manager: + + - Elasticsearch URL: URL for accessing the Elasticsearch. + - Elasticsearch Username: service account for Elasticsearch. + - Elasticsearch Password: password of the Elasticsearch service account. + +Step 13 – Click **Next**. + +![Service Account Settings page](/img/product_docs/directorymanager/11.1/install/configure/service_account_settings_w_existing_db.webp) + +NOTE: If you configure a Group Managed Service Account (gMSA) as an App Pool service account then +the Directory ManagerConfiguration tool will add this account in the local administrators and +IIS_IUSRS groups. + +NOTE: If you configure a normal user account as an App Pool service account and an AD identity store +is created with a gMSA service account, then the App Pool service account must have the +_PrincipalsAllowedToRetrieveManagedPassword_ property. The App Pool service account also must be a +member of Backup Operators and IIS_IUSRS groups. + +Step 14 – On the Service Account Settings page, specify the service account to use for the Directory +Manager app pool in IIS and Windows services. + +- Use a domain account or a Group Managed Service Account (gMSA). +- The account must be a member of the Administrators group or both the Backup Operators and + IIS_IUSRS groups. +- The account you specify will be used to manage the Directory Manager app pool in IIS. Directory + Manager Data Service, Security Service, and the portals run under the app pool. +- By default, a local account, GroupIDSSuser, is set for the Directory Manager app pool, but you + cannot proceed unless you change it to a domain account or gMSA. +- You can specify a local account (with local administrator rights) in app pool for a machine that + is not joined to any domain (this applies to an Microsoft Entra ID identity store only). + + NOTE: For Directory Manager App Pool, a domain account can be used for a machine joined to a + domain. + + NOTE: Before you use a Group Managed Service Account, make sure that: + + - Key Distribution Service (KDS) is enabled on the Directory Manager machine. + - Microsoft AD module for PowerShell is installed on the machine. + +Step 15 – You can specify a service accounts for the app pool in any of the following ways: + +- Use an existing account: Click **Browse**. + + ![Find Service Account page](/img/product_docs/directorymanager/11.1/install/configure/findserviceaccount.webp) + + On the Find Service Account dialog box, search and select the required account and click **OK**. + +- Create a new service account: Click the **Create New** button on the Service Account Setting page. + + ![Create a new service account page](/img/product_docs/directorymanager/11.1/install/configure/createserviceaccount.webp) + + On the Create Service Account dialog box, select the kind of account you want to create. Enter a + name, container and password for the account. Click **Create**. + + NOTE: The logged-in user must have appropriate rights to create a new account. + + NOTE: If Key Distribution Service (KDS) is not configured in the environment, a warning will be + displayed that you cannot use a Group Managed Service Account. + +Step 16 – Provide password for the App Pool service account (except for a Group Managed Service +Account) in the Password box. + +Step 17 – Click **Configure**. + +![Configuring GroupID ](/img/product_docs/directorymanager/11.1/install/configure/configuring.webp) + +Step 18 – The next page displays the progress while a Directory Manager server is configured on the +machine. While configuring the machine, the Configuration Tool checks the application’s signing key +status and update it according to your Directory Manager environment. See the +[Update Signing Key](/docs/directorymanager/11.1/about/configure/signingkeyinfo.md) topic for information how Configuration Tool will update +Directory Manager's Signing Key. + +Step 19 – This completes the configuration of Directory Manager as a slave node on your machine. +Click **Launch GroupID** to start using Directory Manager. The Sign In pa ge opens: + +![GroupID Sign In page](/img/product_docs/directorymanager/11.1/install/configure/launchgid.webp) + +To login in to Directory Manager Admin Center for the first time, provide Directory Manager +Administrator user name and password. + +or + +click **Next** to launch the Upgrade wizard for upgrading Directory Manager. diff --git a/docs/directorymanager/11.1/install/configure/gidserver.md b/docs/directorymanager/11.1/about/configure/gidserver.md similarity index 95% rename from docs/directorymanager/11.1/install/configure/gidserver.md rename to docs/directorymanager/11.1/about/configure/gidserver.md index e455edc865..b60e3a4f82 100644 --- a/docs/directorymanager/11.1/install/configure/gidserver.md +++ b/docs/directorymanager/11.1/about/configure/gidserver.md @@ -1,3 +1,9 @@ +--- +title: "Configure a New Directory Manager Server with a New or an Existing Database" +description: "Configure a New Directory Manager Server with a New or an Existing Database" +sidebar_position: 20 +--- + # Configure a New Directory Manager Server with a New or an Existing Database This option configures the Directory Managerserver and the Directory Manager Data Service on the @@ -22,10 +28,10 @@ SQL Server database. Modes are: - SQL Server Authentication - To set SQL Server to work with Directory Managerusing an SQL Server account. See SQL Authentication in - [Authentication Modes](/docs/directorymanager/11.1/requirements/setupauthentication.md) topic. + [Authentication Modes](/docs/directorymanager/11.1/about/configure/setupauthentication.md) topic. - Windows Authentication - To set SQL Server to work with Directory Managerusing a Windows user account. See Windows Authentication in in - [Authentication Modes](/docs/directorymanager/11.1/requirements/setupauthentication.md) topic. + [Authentication Modes](/docs/directorymanager/11.1/about/configure/setupauthentication.md) topic. Step 4 – Depending on the authentication mode selected, do the following: @@ -187,7 +193,7 @@ configured on the machine. While configuring the machine, the Configuration Tool checks the application’s signing key status and update it according to your Directory Manager environment. See the -[Update Signing Key](/docs/directorymanager/11.1/install/configure/signingkeyinfo.md) topic for information how Configuration Tool will update +[Update Signing Key](/docs/directorymanager/11.1/about/configure/signingkeyinfo.md) topic for information how Configuration Tool will update Directory Manager's Signing Key. On successful configuration, the Directory Manager is successfully configured page is displayed and diff --git a/docs/directorymanager/11.1/about/configure/overview.md b/docs/directorymanager/11.1/about/configure/overview.md new file mode 100644 index 0000000000..4073aa45c2 --- /dev/null +++ b/docs/directorymanager/11.1/about/configure/overview.md @@ -0,0 +1,18 @@ +--- +title: "Configuration" +description: "Configuration" +sidebar_position: 20 +--- + +# Configuration + +Use the Configuration Tool to configure a new Directory Manager server. The tool configures: + +- A valid license for Directory Manager +- Scheduling, Email and Replication services +- Elasticsearch settings +- An encryption key to encrypt Directory Manager data +- An SQL Server and database +- Service account for Directory Manager App Pool +- Admin Center +- A default account for Admin Center diff --git a/docs/directorymanager/11.1/requirements/setupauthentication.md b/docs/directorymanager/11.1/about/configure/setupauthentication.md similarity index 96% rename from docs/directorymanager/11.1/requirements/setupauthentication.md rename to docs/directorymanager/11.1/about/configure/setupauthentication.md index 55177aa7e5..d70025ceaa 100644 --- a/docs/directorymanager/11.1/requirements/setupauthentication.md +++ b/docs/directorymanager/11.1/about/configure/setupauthentication.md @@ -1,3 +1,9 @@ +--- +title: "Authentication Modes" +description: "Authentication Modes" +sidebar_position: 50 +--- + # Authentication Modes While setting up Directory Manager, you must select an authentication mode for connecting to SQL diff --git a/docs/directorymanager/11.1/install/configure/signingkeyinfo.md b/docs/directorymanager/11.1/about/configure/signingkeyinfo.md similarity index 86% rename from docs/directorymanager/11.1/install/configure/signingkeyinfo.md rename to docs/directorymanager/11.1/about/configure/signingkeyinfo.md index d6149b256a..31c5d996ec 100644 --- a/docs/directorymanager/11.1/install/configure/signingkeyinfo.md +++ b/docs/directorymanager/11.1/about/configure/signingkeyinfo.md @@ -1,3 +1,9 @@ +--- +title: "Update Signing Key" +description: "Update Signing Key" +sidebar_position: 40 +--- + # Update Signing Key While configuring the Directory Manager machine, the Configuration Tool checks the application’s @@ -38,8 +44,8 @@ configured page as shown in the Single Directory Manager instance section. Step 2 – Export the Signing Key so that the slave node also has the same Signing Key as of the master node. See the -[Export a Signing Key ](/docs/directorymanager/11.1/admincenter/service/securityservice/signkeyutility.md#export-a-signing-key)section -of the [Signing Key Utility](/docs/directorymanager/11.1/admincenter/service/securityservice/signkeyutility.md) topic for +[Export a Signing Key ](/docs/directorymanager/11.1/signin/service/securityservice/signkeyutility.md#export-a-signing-key)section +of the [Signing Key Utility](/docs/directorymanager/11.1/signin/service/securityservice/signkeyutility.md) topic for information on how to export the Signing Key. Step 3 – On the slave node copy the exported Signing Key file into a folder. @@ -85,8 +91,8 @@ is successfully configured page as shown in the Single Directory Manager instanc Step 2 – Export the Signing Key so that the slave nodes of both the clusters also have the same Signing Key as of the master node of cluster A. See the -[Export a Signing Key ](/docs/directorymanager/11.1/admincenter/service/securityservice/signkeyutility.md#export-a-signing-key)section -of the [Signing Key Utility](/docs/directorymanager/11.1/admincenter/service/securityservice/signkeyutility.md) topic for +[Export a Signing Key ](/docs/directorymanager/11.1/signin/service/securityservice/signkeyutility.md#export-a-signing-key)section +of the [Signing Key Utility](/docs/directorymanager/11.1/signin/service/securityservice/signkeyutility.md) topic for information on how to export the Signing Key file. Step 3 – On the slave nodes of Cluster A and Cluster B (_i.e. instances 2 and 4_) copy the exported @@ -110,10 +116,10 @@ Configuration Tool displays the Directory Manager is successfully configured pag disclaimer as shown in the Single Directory Manager instance section. Step 7 – On the master node of Cluster B (_i.e. instance 3_), run the -[Signing Key Utility](/docs/directorymanager/11.1/admincenter/service/securityservice/signkeyutility.md) and import the +[Signing Key Utility](/docs/directorymanager/11.1/signin/service/securityservice/signkeyutility.md) and import the copied Signing Key file using the commandlet given in the -[Import a Signing Key ](/docs/directorymanager/11.1/admincenter/service/securityservice/signkeyutility.md#import-a-signing-key)section -of the [Signing Key Utility](/docs/directorymanager/11.1/admincenter/service/securityservice/signkeyutility.md) topic for +[Import a Signing Key ](/docs/directorymanager/11.1/signin/service/securityservice/signkeyutility.md#import-a-signing-key)section +of the [Signing Key Utility](/docs/directorymanager/11.1/signin/service/securityservice/signkeyutility.md) topic for information on how to import the Signing Key. Remember, after the Signing Key update, your existing schedules will not work as their diff --git a/docs/directorymanager/11.1/about/installer/_category_.json b/docs/directorymanager/11.1/about/installer/_category_.json new file mode 100644 index 0000000000..f662f635f0 --- /dev/null +++ b/docs/directorymanager/11.1/about/installer/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Installer", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "installer" + } +} \ No newline at end of file diff --git a/docs/directorymanager/11.1/install/installer/install.md b/docs/directorymanager/11.1/about/installer/install.md similarity index 88% rename from docs/directorymanager/11.1/install/installer/install.md rename to docs/directorymanager/11.1/about/installer/install.md index 5cd804b851..e64efb0b30 100644 --- a/docs/directorymanager/11.1/install/installer/install.md +++ b/docs/directorymanager/11.1/about/installer/install.md @@ -1,3 +1,9 @@ +--- +title: "Installation Tool" +description: "Installation Tool" +sidebar_position: 30 +--- + # Installation Tool Installing Directory Manager is a simple process; it asks you to agree to the license agreement then @@ -40,5 +46,5 @@ or Click **Close** on the title bar to close the Directory ManagerInstaller and configure Directory Managerlater. -See the [Configuration Tool](/docs/directorymanager/11.1/install/configure/configure.md) topic for additional information on +See the [Configuration Tool](/docs/directorymanager/11.1/about/configure/configure.md) topic for additional information on configuring Directory Manager. diff --git a/docs/directorymanager/11.1/install/installer/installer.md b/docs/directorymanager/11.1/about/installer/installer.md similarity index 80% rename from docs/directorymanager/11.1/install/installer/installer.md rename to docs/directorymanager/11.1/about/installer/installer.md index 1513b23987..93f8a517d4 100644 --- a/docs/directorymanager/11.1/install/installer/installer.md +++ b/docs/directorymanager/11.1/about/installer/installer.md @@ -1,13 +1,19 @@ +--- +title: "Installer" +description: "Installer" +sidebar_position: 10 +--- + # Installer To install Directory Manager, you have to run the following tools in the given order: -- **[Preparation Tool](/docs/directorymanager/11.1/install/installer/preparationtool.md)** - Detects and instals the prerequisite software and +- **[Preparation Tool](/docs/directorymanager/11.1/about/installer/preparationtool.md)** - Detects and instals the prerequisite software and Windows features that Directory Manager requires. -- **[Installation Tool](/docs/directorymanager/11.1/install/installer/install.md)** - Installs Directory Manager. +- **[Installation Tool](/docs/directorymanager/11.1/about/installer/install.md)** - Installs Directory Manager. -- **[Configuration Tool](/docs/directorymanager/11.1/install/configure/configure.md)** - Configures Directory Manager services, +- **[Configuration Tool](/docs/directorymanager/11.1/about/configure/configure.md)** - Configures Directory Manager services, database, and other components. ## Installation Package diff --git a/docs/directorymanager/11.1/install/installer/preparationtool.md b/docs/directorymanager/11.1/about/installer/preparationtool.md similarity index 97% rename from docs/directorymanager/11.1/install/installer/preparationtool.md rename to docs/directorymanager/11.1/about/installer/preparationtool.md index 19d61ed825..a7651ac0d5 100644 --- a/docs/directorymanager/11.1/install/installer/preparationtool.md +++ b/docs/directorymanager/11.1/about/installer/preparationtool.md @@ -1,3 +1,9 @@ +--- +title: "Preparation Tool" +description: "Preparation Tool" +sidebar_position: 10 +--- + # Preparation Tool The preparation tool installs all prerequisites software on a machine to prepare it for Directory diff --git a/docs/directorymanager/11.1/about/installer/uninstall.md b/docs/directorymanager/11.1/about/installer/uninstall.md new file mode 100644 index 0000000000..6c32b2866e --- /dev/null +++ b/docs/directorymanager/11.1/about/installer/uninstall.md @@ -0,0 +1,100 @@ +--- +title: "Uninstall" +description: "Uninstall" +sidebar_position: 40 +--- + +# Uninstall + +Before you uninstall Directory Manager , make sure that the logged-in user is a member of the local +Administrators group on that machine. + +To uninstall the current Directory Manager version to upgrade to a newer version, follow these +steps: + +1. Click **Start**. +2. Type **Control Panel** and select it. +3. Select **Uninstall a program**. +4. From the **Name** column, right-click **Imanami GroupID `version`**and select **Uninstall**. +5. On the **User Account Control** window, click **Yes**. + +This will uninstall Directory Manager from your machine. + +## Complete Uninstall + +To uninstall Directory Manager completely, remove the Directory Manager folders and registry keys +from your machine. This done, you do not have the option to upgrade to a newer version of Directory +Manager. + +First, uninstall Directory Manager using the steps described above. + +Next, to completely uninstall Directory Manager from your machine, remove: + +- The Directory Manager installation directory +- Other relevant directories +- Registry keys +- Directory Manager Site +- Directory Manager application pools +- Directory Manager certificates + +Remove the Directory Manager installation directory + +1. Go to the location: + X:\Program Files\Imanami + (X represents the Directory Manager installation drive). +2. Delete the directory named GroupID 11.0. + +Remove other relevant directories + +1. On the Windows **Run** dialog box, type the command: + + ``` + %ALLUSERSPROFILE%\Imanami + ``` + +2. From the location referenced by the given command, delete the folder: GroupID 11.0. + +Remove registry keys + +1. Open the **Registry Editor** by typing **regedit** in the Windows **Run** dialog box. +2. Delete the following registry keys: + + ``` + HKEY_LOCAL_MACHINE\SOFTWARE\Imanami\GroupID\Version 11.0 + ``` + +Remove the Directory Manager Site + +Follow these steps to remove the Directory Manager site from IIS: + +1. Open the Internet Information Service console by typing _inetmgr_ in the Windows **Run** dialog + box. +2. Expand the `` node in the console tree and click **Sites**. +3. On the **Sites** page, delete _GroupIDSite11_. + +Remove the Directory Manager applications and services pools + +Follow these steps to remove the Directory Manager Admin Center, app pool, services and portal from +IIS: + +1. Open the Internet Information Service console by typing _inetmgr_ in the Windows **Run** dialog + box. +2. Expand the `` node in the console tree and click **Application Pools**. +3. On the **Application Pools** page, delete all app pools for Directory Manager Admin Center, + applications, portals and services. + +Remove Directory Manager Certificates + +Follow these steps to remove Directory Manager certificates from IIS: + +1. Open the Internet Information Service console by typing _inetmgr_ in the Windows **Run** dialog + box. +2. Click the `` node in the console tree. On the **Features View** tab, select + **Server Certificates** in the IIS section. +3. Delete these certificates bound to GroupIDSite11 (the site deploying Data Service): + + - GroupIDSecurityService + - Imanami GroupID Certificate + +NOTE: Do not remove these certificates if another Directory Manager version is installed on the +machine. diff --git a/docs/directorymanager/11.1/install/installer/whatprepinstall.md b/docs/directorymanager/11.1/about/installer/whatprepinstall.md similarity index 98% rename from docs/directorymanager/11.1/install/installer/whatprepinstall.md rename to docs/directorymanager/11.1/about/installer/whatprepinstall.md index 36ee51c140..4ac0a1eab9 100644 --- a/docs/directorymanager/11.1/install/installer/whatprepinstall.md +++ b/docs/directorymanager/11.1/about/installer/whatprepinstall.md @@ -1,6 +1,12 @@ +--- +title: "What does the Preparation Tool Install" +description: "What does the Preparation Tool Install" +sidebar_position: 20 +--- + # What does the Preparation Tool Install -When the [Preparation Tool](/docs/directorymanager/11.1/install/installer/preparationtool.md) runs, it installs the following software and Windows +When the [Preparation Tool](/docs/directorymanager/11.1/about/installer/preparationtool.md) runs, it installs the following software and Windows features: | Software | Comments | diff --git a/docs/directorymanager/11.1/install/securityutility.md b/docs/directorymanager/11.1/about/securityutility.md similarity index 98% rename from docs/directorymanager/11.1/install/securityutility.md rename to docs/directorymanager/11.1/about/securityutility.md index 8751fa92b3..5ded9b446e 100644 --- a/docs/directorymanager/11.1/install/securityutility.md +++ b/docs/directorymanager/11.1/about/securityutility.md @@ -1,3 +1,9 @@ +--- +title: "Security Utility" +description: "Security Utility" +sidebar_position: 40 +--- + # Security Utility The NDM11-ADV-2025-014 utility is used to: diff --git a/docs/directorymanager/11.1/about/upgrade/_category_.json b/docs/directorymanager/11.1/about/upgrade/_category_.json new file mode 100644 index 0000000000..e1bde30168 --- /dev/null +++ b/docs/directorymanager/11.1/about/upgrade/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Upgrade", + "position": 30, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/directorymanager/11.1/install/backuprestore.md b/docs/directorymanager/11.1/about/upgrade/backuprestore.md similarity index 98% rename from docs/directorymanager/11.1/install/backuprestore.md rename to docs/directorymanager/11.1/about/upgrade/backuprestore.md index 47632f35b0..416bb0a811 100644 --- a/docs/directorymanager/11.1/install/backuprestore.md +++ b/docs/directorymanager/11.1/about/upgrade/backuprestore.md @@ -1,3 +1,9 @@ +--- +title: "Back Up and Restore GroupID Data" +description: "Back Up and Restore GroupID Data" +sidebar_position: 30 +--- + # Back Up and Restore GroupID Data This topic provides instructions for backing up and restoring the data from previous versions of diff --git a/docs/directorymanager/11.1/install/upgrade/notes.md b/docs/directorymanager/11.1/about/upgrade/notes.md similarity index 95% rename from docs/directorymanager/11.1/install/upgrade/notes.md rename to docs/directorymanager/11.1/about/upgrade/notes.md index dc7bef4ff5..a5210af9d7 100644 --- a/docs/directorymanager/11.1/install/upgrade/notes.md +++ b/docs/directorymanager/11.1/about/upgrade/notes.md @@ -1,3 +1,9 @@ +--- +title: "Notes on Upgrade" +description: "Notes on Upgrade" +sidebar_position: 20 +--- + # Notes on Upgrade Consider the following when upgrading to Directory Manager 11 from GroupID 9 and 10. @@ -17,7 +23,7 @@ The source version file system is required for the following: - When you create a new portal in Directory Manager 11, you can import the advanced settings and design settings of a Self-Service portal from the source version. See step 13 in the - [Create a Portal in Native IIS](/docs/directorymanager/11.1/admincenter/portal/create.md#create-a-portal-in-native-iis) + [Create a Portal in Native IIS](/docs/directorymanager/11.1/signin/applications/portal/create.md#create-a-portal-in-native-iis) topic. - In the source version, you specified a list of attributes to replicate for an identity store. These attributes are saved to a file on the file system. @@ -85,14 +91,14 @@ Step 9 – In the source version, Replication service logs were captured under t no user interface to change this setting. On upgrade to Directory Manager 11, the file logging and Windows logging mode is set to default, i.e., ‘Error’. After upgrade, it is recommended that you go to Replication service settings and change file logging to the ‘Debug’ mode (if required). See the -[Specify Log Settings for a Service](/docs/directorymanager/11.1/admincenter/service/dataservice/manage.md#specify-log-settings-for-a-service) +[Specify Log Settings for a Service](/docs/directorymanager/11.1/signin/service/dataservice/manage.md#specify-log-settings-for-a-service) topic. Step 10 – In the source version, log settings for an identity store inherently applied to Date service logs. On upgrade to Directory Manager 11, these log settings are moved to the Data service, with the file logging mode set to default, i.e., ‘Error’. To change the mode in Directory Manager 11, go to Data service settings and change it as required. See the -[Specify Log Settings for a Service](/docs/directorymanager/11.1/admincenter/service/dataservice/manage.md#specify-log-settings-for-a-service) +[Specify Log Settings for a Service](/docs/directorymanager/11.1/signin/service/dataservice/manage.md#specify-log-settings-for-a-service) topic. Step 11 – The following applies in case of upgrade from GroupID 10 SR1. diff --git a/docs/directorymanager/11.1/about/upgrade/overview.md b/docs/directorymanager/11.1/about/upgrade/overview.md new file mode 100644 index 0000000000..9bddd9d0c6 --- /dev/null +++ b/docs/directorymanager/11.1/about/upgrade/overview.md @@ -0,0 +1,60 @@ +--- +title: "Upgrade" +description: "Upgrade" +sidebar_position: 30 +--- + +# Upgrade + +Directory Manager 11 supports upgrade from the following: + +- GroupID 10.0 +- GroupID 9.0 + +## Prerequisites for Upgrade + +The following must be in place before you run the Upgrade wizard. + +NOTE: In the following text, the term ‘source version’ refers to the GroupID version you are +upgrading from. + +Step 1 – For upgrade on a different box, the source version file system must be present on the +Directory Manager 11 server. For that, do the following: + +1. On the source version server, for example, GroupID 10 server, go + to` [GroupID Installation Drive]:\Program Files\Imanami\` and copy the GroupID 10 folder. +2. Go to the Directory Manager 11 server, create a path as follows, and paste the GroupID 10 folder + there: + + `C:\Program Files\Imanami\` + + On pasting the GroupID 10 folder, it will be as: + `C:\Program Files\Imanami\GroupID 10\` + +Step 2 – The following applies to upgrade on a different box. +If a gMSA is used as the service account for an identity store in the source version, you must +configure that gMSA on the Directory Manager 11 server before you upgrade. +To configure a gMSA, see the +[gMSA for Active Directory](/docs/directorymanager/11.1/requirements/permissions/gmsarequirements.md) topic. + +Step 3 – A disabled identity store in the source version will not be upgraded to Directory +Manager 11. +To upgrade a disabled identity store, you must enable it in the source version before upgrade. Then +disable it in Directory Manager 11 immediately after upgrade. + +Step 4 – To upgrade schedules and Synchronize jobs on a different box, you must run a utility on the +Directory Manager 11 server before running the Upgrade wizard. Contact Netwrix Customer Support for +more info. + +If you forget the passphrase you used to encrypt GroupID data, upgrade is not possible. + +## Upgrade Logs + +Two log files are created on upgrade: + +- File name: UpgradeLog + Path:` X:\Imanami\GroupID 11.0\GroupIDUpgradeTool\` + (X represents the Directory Manager installation drive) +- File name: directorymanager11_Upgrade.log + Path: `C:\ProgramData\Imanami\GroupID 11.0\Upgrade Tool\` + (This file contains debug logs.) diff --git a/docs/directorymanager/11.1/about/upgrade/upgrade.md b/docs/directorymanager/11.1/about/upgrade/upgrade.md new file mode 100644 index 0000000000..ef87a32b47 --- /dev/null +++ b/docs/directorymanager/11.1/about/upgrade/upgrade.md @@ -0,0 +1,194 @@ +--- +title: "Upgrade to Directory Manager 11" +description: "Upgrade to Directory Manager 11" +sidebar_position: 10 +--- + +# Upgrade to Directory Manager 11 + +The topic guides you to upgrade to Directory Manager 11.1 from Directory Manager 10. + +Follow the steps to upgrade. + +Step 1 – To launch the Upgrade wizard, click **Next** on the GroupID Successfully Configured page of +the Configuration Tool. + +OR + +Click **Start** > **Imanami** > **GroupID Upgrade Tool 11.0**. + +![Welcome page](/img/product_docs/directorymanager/11.1/install/upgrade/1-welcome.webp) + +Step 2 – Read the welcome message and click **Next**. + +![2-select_source_version](/img/product_docs/directorymanager/11.1/install/upgrade/2-select_source_version.webp) + +Step 3 – From the Select the previous version to upgrade list, select the Directory Manager version +to upgrade from. + +NOTE: The following steps discuss the upgrade process with Directory Manager 10 as the source +version. The process may vary for different source versions. + +Step 4 – Click **Next**. + +![Select modules to upgrade](/img/product_docs/directorymanager/11.1/install/upgrade/3-select_modules.webp) + +On the Select Modules to upgrade page, select the type of Directory Manager data for upgrade. You +can choose to upgrade all or selective data of the previous version. Options are: + +- Everything – upgrades all data, which covers all options discussed under Custom. +- Custom – choose what data you want to upgrade. On selecting it, the following options are listed, + from where you can choose the data to upgrade. + + ![3-select_modules-custom](/img/product_docs/directorymanager/11.1/install/upgrade/3-select_modules-custom.webp) + + NOTE: If later on, you wish to upgrade specific groups and their history via the Upgrade-Group + commandlet, then you must upgrade the Configuration and History in the first upgrade run. This + will upgrade the history in the database as per Directory Manager 11.1 format and replicates it + to Elasticsearch. Later on, when you upgrade specific groups and their history using the + Upgrade-Group commandlet, that will be done successfully. See the + [Upgrade-Group](/docs/directorymanager/11.1/managementshell/smartgroup/upgradegroup.md) commandlet for additional + information. + + If you want to upgrade configurations, history and all groups using the Directory Manager + Upgrade wizard , then you must select the Configurations, History, and Groups checkboxes. + +Step 5 – Click **Next**. + +Step 6 – If you have an Microsoft Entra ID based identity store in Directory Manager 10, the +following page appears. + +![Microsoft Entra ID Store Upgrade page](/img/product_docs/directorymanager/11.1/install/upgrade/entraidstore.webp) + +Provide the following information: + +- Registered Client Secret on EntraID: provide the client secret value generated against the + certificate uploaded Microsoft Entra Admin Centerwhile registering the Directory + Managerapplication. +- PFX Certificate: Click Browse to navigate to the folder where the certificate is saved. This + certificate must be the same uploaded for the registered Directory Manager app in Microsoft Entra + ID. +- PFX Certificate Password: Provide password of the PFX certificate. + +Step 7 – Click **Next**. + +Step 8 – If in the Directory Manager source version, Office 365 messaging provider is configured in +a Microsoft Entra ID based identity store or in an AD identity store, the Upgrade wizard displays +the following page. + +![ Upgrade wizard Microsoft Entra ID Messaging System page](/img/product_docs/directorymanager/11.1/install/upgrade/entraidmessagingsystem.webp) + +Provide the following information: + +- Client Secret: provide the client secret value generated against the certificate uploaded to + Microsoft Entra Admin Center while registering the Directory Manager application. +- PFX Certificate: Click Browse to navigate to the folder where the certificate is saved. This + certificate must be the same uploaded for the registered Directory Manager app in Microsoft Entra + ID. +- PFX Certificate Password: Provide password of the PFX certificate. + +Step 9 – If any Synchronize jobs exist in Directory Manager 10 or the version you are upgrading +from, then the wizard checks the destination domain set for them. Let's assume you have 5 jobs that +connect to different child domains in a forest with different service accounts and different +messaging providers. + +- If an identity store already exists in Directory Manager 10 for the destination domains that the + jobs connect to, then jobs are moved to the respective identity stores in Directory Manager 11.1. +- When there is no identity store in Directory Manager 10 for the destination domain that the jobs + connect to, the Upgrade wizard reads the FQDN of the destination domains used in the jobs and + tries to create a forest structure. On identifying one, it proceeds to create an identity store + for the forest, requiring you to provide a service account. (The user name and password fields + will be auto populated but you can change them.) All jobs with destination provider for that + forest domain or any of its child domains will be moved to the new identity store. + + ![synchronize_upgrade](/img/product_docs/directorymanager/11.1/install/upgrade/synchronize_upgrade.webp) + + NOTE: The service account you provide here should have at least _read_ permission in the entire + forest, so that all objects from the forest can be replicated to Elasticsearch. + + The wizard does not create a separate identity store for each child domain in the same forest. + In case it cannot determine a forest structure, it creates separate identity stores for each + domain. + +Step 10 – For Synchronize jobs that use Office 365 as messaging provider in Directory Manager 10, +the wizard would require you to provide the PFX certificate. All Synchronize jobs that use Office +365 as messaging provider will be listed on the wizard page. Expand each job and provide the PFX +certificate along with its password. + +![Upgrade wizard Synchronize Messaging System page](/img/product_docs/directorymanager/11.1/install/upgrade/entraidsynmessagingsystem.webp) + +Provide the following information: + +- Certificate: Click Browse to navigate to the folder where the certificate is saved. This + certificate must be the same uploaded for the registered Directory Manager app in Microsoft Entra + ID. +- Password: Provide password of the PFX certificate. +- Client Secret: provide the client secret value generated against the certificate uploaded to + Microsoft Entra Admin Center while registering the Directory Manager application. + +Step 11 – Click **Next**. + +Step 12 – In Directory Manager 10 and earlier versions, reports were generated for the domain that +the Directory Manager server was joined to. During upgrade, the wizard checks if an identity store +for that domain exists or not. + +- If an identity store for that domain exists or if it being created for a Synchronize job in this + upgrade process, Directory Manager will bind the reports to it. +- If an identity store for that domain does not exist, then you have to create an identity store for + it. It must essentially be an Active Directory identity store. The wizard will bind the reports + generated in Directory Manager 10 to the identity store, so you will be able to view them in + Directory Manager 11.1. + ![reports_upgrade](/img/product_docs/directorymanager/11.1/install/upgrade/reports_upgrade.webp) + +NOTE: If no report has been generated in Directory Manager 10, the page related to reports upgrade +will not be displayed. + +Step 13 – During upgrade, Synchronize schedules are also moved to identity stores. +The Upgrade wizard will check the jobs added to a schedule. If the destination in a job is a +directory provider, it will automatically move the schedule to the respective identity store. + +Remember, during upgrade, identity stores are created for destination directory providers of +Synchronize jobs (i.e., for providers that do not have an identity store in the source version). + +Consider the following: + +- If a schedule has Synchronize jobs where one job uses an Active Directory domain (DomainA) as + destination and another job uses a file-based provider as destination, then the schedule will auto + move to the identity store created for DomainA. +- For schedules with Synchronize jobs that use file-based providers as destination, the Upgrade + wizard will display the following page that will list all such schedules. Select an identity store + for each schedule, so that the schedule moves to that identity store. + + ![store_selection_for_schedules](/img/product_docs/directorymanager/11.1/install/upgrade/store_selection_for_schedules.webp) + + The rules stated above also apply to schedules with job collections added to them. + +Step 14 – Click **Next**. + +![Summary page](/img/product_docs/directorymanager/11.1/install/upgrade/5-summary.webp) + +This page displays a complete summary of the data to be copied/upgraded for your selected options. +These options were selected on the Select modules to upgrade page.. + +NOTE: If there are any disabled identity store(s) in the source Directory Manager version, Directory +Manager will not upgrade those identity store(s). However, data of those identity store(s) will +remain intact in the source Directory Manager version. + +Step 15 – Review the summary and click **Next**. + +![Upgrade Progress page](/img/product_docs/directorymanager/11.1/install/upgrade/6-upgrade_process_complete.webp) + +Directory Manager is upgraded while the Upgrade Process displays the upgrade progress. On successful +upgrade, the Upgradce Completed message above the progress bar is displayed. + +Step 16 – Click **Next**. + +![Upgrade Completed page](/img/product_docs/directorymanager/11.1/install/upgrade/7-upgrade_complete.webp) + +The Upgrade Completed page displays the status of features selected for upgrade. + +Step 17 – You can click: + +- View Details: to view log file generated during the Upgrade process. +- Launch GroupID: to start using Directory Manager 11.1. +- Close: to close the Upgrade wizard. diff --git a/docs/directorymanager/11.1/admincenter/datasource/create.md b/docs/directorymanager/11.1/admincenter/datasource/create.md deleted file mode 100644 index 75a1b4269c..0000000000 --- a/docs/directorymanager/11.1/admincenter/datasource/create.md +++ /dev/null @@ -1,422 +0,0 @@ -# Create a Data Source - -You can create Synchronize jobs to synchronize data across different providers. As a prerequisite, -you must create data sources for those providers. - -Data sources are primarily used in Synchronize jobs, but you can also use them in queries to search -for directory objects and in queries for group membership update. - -What do you want to do? - -- Create a Data Source for MS Excel -- Create a Data Source for MS Access -- Create a Data Source for Oracle -- Create a Data Source for SQL Server -- Create a Data Source for a Text/CSV File -- Create a Data Source for ODBC -- Create a Data Source for SCIM - -## Create a Data Source for MS Excel - -Create a data source for an Excel file to establish a connection before using it as a source or -destination in Synchronize jobs, or in queries. Directory Manager enables you to connect to an Excel -file that is placed on a local server or on OneDrive. - -Synchronize supports Microsoft Excel (\*.xls | xlsx) to serve as both a source and destination -provider. Use it as destination in a Synchronize job to export data from a source to a new Excel -worksheet. The schema of the new Excel worksheet is automatically built according to fields that you -select from the source to map to the destination. - -The Directory Manager Installer installs the required components for the MS Excel provider while -installing Directory Manager. However, if you experience any issue, make sure the following are -installed on the Directory Manager server: - -- Microsoft Office 2007 or later -- Data connectivity components found at - [Microsoft Access Database Engine 2016 Redistributable](https://www.microsoft.com/en-us/download/details.aspx?id=54920). - -The Excel file for creating a data source can be placed on a local server or OneDrive. Follow the -steps in the respective section to create a data source. - -- When the Excel File is Located on a Local Server -- When the Excel file is located on OneDrive - -### When the Excel File is Located on a Local Server - -Step 1 – In Admin Center, click **Data Sources** in the left pane. - -Step 2 – On the Data Sources page, click **Create Data Source** in the top right corner. The Create -Data Source page is displayed. - -Step 3 – In the Data Source Type drop-down list, select a provider type to create a data source for. -This list displays the supported providers. Select _Microsoft Excel_. - -Step 4 – Enter a name for the data source in the Name box. - -Step 5 – From the File Server drop-down list, select _Local Server_. - -Step 6 – In the File Path box, provide the path to the MS Excel file you want to create the data -source for. This path should be complete with the file name and extension. For example: -D:\Employee Records\Sheets\EmployeeMedical Records.xlsx - -NOTE: The MS Excel file must be placed either on the machine that Data service is installed on, or a -location that Data service can access. - -Step 7 – In case the file is placed on a network path, enter the network domain or hostname in the -Domain/Hostname box. - -Step 8 – In the User Account and Password boxes, enter the username and password of an account to -access the file on the network path. - -Step 9 – Click **Create Data Source**. -The data source is available on the Excel tab of the Data Sources page. - -### When the Excel file is located on OneDrive - -Step 1 – In Admin Center, click **Data Sources** in the left pane. - -Step 2 – On the Data Sources page, click **Create Data Source** in the top right corner. The Create -Data Source page is displayed. - -Step 3 – In the Data Source Type drop-down list, select a provider type to create a data source for. -This list displays the supported providers. Select _Microsoft Excel_. - -Step 4 – Enter a name for the data source in the Name box. - -Step 5 – From the File Server drop-down list, select _OneDrive_. - -Step 6 – In the Service Account and Service Account Password boxes, enter the username and password -of a service account to access the file on OneDrive. - -Step 7 – In the Registered Application ID on Azure Active Directory box, enter the application ID -assigned to the Directory Manager application when you registered it in Microsoft Entra Admin -Center. - -NOTE: The registered app must have the following API permissions to access files on OneDrive: - -![API permissions](/img/product_docs/directorymanager/11.1/admincenter/datasource/apipermissions.webp) - -Step 8 – In the Registered Tenant ID on Azure Active Directory box, enter the tenant ID assigned to -the Directory Manager application when you registered it in Microsoft Entra Admin Center. - -Step 9 – Enter the name of the file in the **File Name** box. This name should be complete with the -file extension, for example, Employee Contact Details.xlsx - -Step 10 – Click **Create Data Source**. -The data source is available on the Excel tab of the Data Sources page. - -## Create a Data Source for MS Access - -Create a data source for an Access database to establish a connection before using it as a source or -destination in Synchronize jobs, or in queries. Directory Manager enables you to connect to an -Access file that is placed on a local server or on OneDrive. - -Synchronize supports Microsoft Access (.mdb | .accdb) to serve as both a source and destination -provider. - -The MS Access provider supports automatic schema detection. For Synchronize to communicate with this -provider, data connectivity components must be installed on the Directory Manager server. These -components can be found at -[Microsoft Access Database Engine 2016 Redistributable](https://www.microsoft.com/en-us/download/details.aspx?id=54920). - -The Access file for creating a data source can be placed on a local server or OneDrive. Follow the -steps in the respective section to create a data source. - -- When the Access File is Located on a Local Server -- When the Access File is Located on OneDrive - -### When the Access File is Located on a Local Server - -Step 1 – In Admin Center, click **Data Sources** in the left pane. - -Step 2 – On the Data Sources page, click **Create Data Source** in the top right corner. The Create -Data Source page is displayed. - -Step 3 – In the Data Source Type drop-down list, select a provider type to create a data source for. -This list displays the supported providers. Select _Microsoft Access_. - -Step 4 – Enter a name for the data source in the Name box. - -Step 5 – From the File Server drop-down list, select _Local Server_. - -Step 6 – In the File Path box, provide the path to the MS Access database you want to create the -data source for. This path should be complete with the file name and extension. For example: -D:\Employee Records\Databases\Employee Medical Records.accdb - -NOTE: The Access database must be located either on the machine that Data service is installed on, -or a location that Data service can access. - -Step 7 – If the database file is password protected, enter the password in the File Password box. - -Step 8 – In case the file is placed on a network path, enter the network domain or hostname in the -Domain/Hostname box. - -Step 9 – In the User Account and Password boxes, enter the username and password of an account to -access the file on the network path. - -Step 10 – Click **Create Data Source**. -The data source is available on the Access tab of the Data Sources page. - -### When the Access File is Located on OneDrive - -Step 1 – In Admin Center, click **Data Sources** in the left pane. - -Step 2 – On the Data Sources page, click **Create Data Source** in the top right corner. The Create -Data Source page is displayed. - -Step 3 – In the Data Source Type drop-down list, select a provider type to create a data source for. -This list displays the supported providers. Select _Microsoft Access_. - -Step 4 – Enter a name for the data source in the Name box. - -Step 5 – From the File Server drop-down list, select _OneDrive_. - -Step 6 – In the Service Account and Service Account Password boxes, enter the username and password -of a service account to access the file on OneDrive. - -Step 7 – If the database file is password protected, enter the password in the File Password box. - -Step 8 – In the Registered Application ID on Azure Active Directory box, enter the application ID -assigned to the Directory Manager application when you registered it in Microsoft Entra Admin -Center. - -NOTE: The registered app must have the following API permissions to access files on OneDrive: - -![API permissions](/img/product_docs/directorymanager/11.1/admincenter/datasource/apipermissions.webp) - -Step 9 – In the Registered Tenant ID on Azure Active Directory box, enter the tenant ID assigned to -the Directory Manager application when you registered it in Microsoft Entra Admin Center. - -Step 10 – Enter the name of the file in the File Name box. This name should be complete with the -file extension, for example, Employee Medical Records.accdb. - -Step 11 – Click **Create Data Source**. -The data source is available on the Access tab of the Data Sources page. - -## Create a Data Source for Oracle - -You can create a data source for an Oracle server or a specific database on a server. This data -source can be used in queries and as source and destination provider in Synchronize jobs. This -provider supports dynamic schema detection. - -NOTE: Oracle client must be installed to use this provider. Make sure you reboot your computer after -installing the Oracle client. - -Follow the steps to create a data source. - -Step 1 – In Admin Center, click **Data Sources** in the left pane. - -Step 2 – On the Data Sources page, click **Create Data Source** in the top right corner. The Create -Data Source page is displayed. - -Step 3 – In the Data Source Type drop-down list, select a provider type to create a data source for. -This list displays the supported providers. Select _Oracle_. - -Step 4 – Enter a name for the data source in the Name box. - -Step 5 – In the Oracle Server or Service Name box, enter the name of the Oracle service or the -server you want to create the data source for. - -Step 6 – In the Service Account and Service Account Password boxes, provide the username and -password of a service account to connect to the Oracle server. -When using this data source in a Synchronize job, the user will be able to select the databases that -are accessible with these credentials. - -Step 7 – In the Protocol box, specify the protocol to use for connecting to the database(s) on the -Oracle server. For example, TCP or TCP/IP. - -Step 8 – In the HostName box, enter the name of the machine that hosts the Oracle server. - -Step 9 – In the Port Number box, enter the port configured for the Oracle server. This port is used -to communicate with the oracle server. - -Step 10 – In the Database or Schema (optional) box, specify the name of the database you want to -create the data source for. You may also leave this field blank. In that case, all databases on the -specified server will be displayed to the user in a Synchronize job. The user can select a database -as needed. - -Step 11 – Click **Create Data Source**. -The data source is available on the Oracle tab of the Data Sources page. - -## Create a Data Source for SQL Server - -Directory Manager enables you to create a data source for an SQL database. This data source can be -used in queries and as source and destination in Synchronize jobs. This provider supports dynamic -schema detection. - -Follow the steps to create a data source. - -Step 1 – In Admin Center, click **Data Sources** in the left pane. - -Step 2 – On the Data Sources page, click **Create Data Source** in the top right corner. The Create -Data Source page is displayed. - -Step 3 – In the Data Source Type drop-down list, select a provider type to create a data source for. -This list displays the supported providers. Select _SQL Server_. - -Step 4 – Enter a name for the data source in the Name box. - -Step 5 – The SQL database for which you want to create a data source resides on an SQL server. Enter -the name or IP address of this SQL server in the SQL Server Name box. - -Step 6 – By default, SQL authentication is used as an authentication mode to connect to the SQL -server. In this case, the Service Account and Service Account Password boxes are enabled. Enter the -username and password of an SQL server account to connect to the SQL server in the respective boxes. - -Step 7 – To use Windows authentication to connect to the SQL server using a Windows account, select -the **Windows Authentication** check box. With Windows authentication, users are already logged onto -Windows and do not have to log on separately to SQL Server. - -Step 8 – In the SQL Server Database Name box, specify the SQL database to create a data source for. - -Step 9 – Click **Create Data Source**. -The data source is available on the MS SQL Server tab of the Data Sources page. - -## Create a Data Source for a Text/CSV File - -You can create a data source for a comma-separated values (.csv) file or a text (.txt) file. You -must also specify the delimiter used in the file to separate values. - -This data source can be used in queries and only as a source in Synchronize jobs. - -Directory Manager enables you to connect to a text file that is placed on a local server or on -OneDrive. Follow the steps in the respective section to create a data source. - -- When the Text File is Located on a Local Server -- When the Text File is Located on OneDrive - -### When the Text File is Located on a Local Server - -Step 1 – In Admin Center, click **Data Sources** in the left pane. - -Step 2 – On the Data Sources page, click **Create Data Source** in the top right corner. The Create -Data Source page is displayed. - -Step 3 – In the Data Source Type drop-down list, select a provider type to create a data source for. -This list displays the supported providers. Select _Text/CSV_. - -Step 4 – Enter a name for the data source in the Name box. - -Step 5 – From the File Server drop-down list, select _Local Server_. - -Step 6 – In the File Path box, provide the path to the text file you want to create the data source -for. This path should be complete with the file name and extension. For example: -D:\Employee Records\Sheets\Employee Medical Records.csv - -NOTE: The text file must be placed either on the machine that Data service is installed on, or a -location that Data service can access. - -Step 7 – In the Delimiter box, specify the character that is used to separate values in the file. -You can also enter a space as a character. - -Step 8 – In case the file is placed on a network path, enter the network domain or hostname in the -Domain/Hostname box. - -Step 9 – In the User Account and Password boxes, enter the username and password of an account to -access the file on the network path. - -Step 10 – Click **Create Data Source**. -The data source is available on the Text/CSV tab of the Data Sources page. - -### When the Text File is Located on OneDrive - -Step 1 – In Admin Center, click **Data Sources** in the left pane. - -Step 2 – On the Data Sources page, click **Create Data Source** in the top right corner. The Create -Data Source page is displayed. - -Step 3 – In the Data Source Type drop-down list, select a provider type to create a data source for. -This list displays the supported providers. Select _Text/CSV_. - -Step 4 – Enter a name for the data source in the Name box. - -Step 5 – From the File Server drop-down list, select _OneDrive_. - -Step 6 – In the Service Account and Service Account Password boxes, enter the username and password -of a service account to access the file on OneDrive. - -Step 7 – In the Delimiter box, specify the character that is used to separate values in the file. -You can also enter a space as a character. - -Step 8 – In the Registered Application ID on Azure Active Directory box, enter the application ID -assigned to the Directory Manager application when you registered it in Microsoft Entra Admin -Center. - -NOTE: The registered app must have the following API permissions to access files on OneDrive: - -![API permissions](/img/product_docs/directorymanager/11.1/admincenter/datasource/apipermissions.webp) - -Step 9 – In the Registered Tenant ID on Azure Active Directory box, enter the tenant ID assigned to -the Directory Manager application when you registered it in Microsoft Entra Admin Center. - -Step 10 – Enter the name of the file in the File Name box. This name should be complete with the -file extension, for example, “Employee Contact Details.csv”. - -Step 11 – Click **Create Data Source**. -The data source is available on the Text/CSV tab of the Data Sources page. - -## Create a Data Source for ODBC - -Use an ODBC data source to connect to an ODBC-compatible provider, such as databases, directories, -or even files. Examples include SQL server, MS Access files, and Oracle. - -A separate data source should be created for each ODBC-compatible file, database, or directory you -want to use in queries or as source/destination in Synchronize jobs. - -Follow the steps to create a data source. - -Step 1 – In Admin Center, click **Data Sources** in the left pane. - -Step 2 – On the Data Sources page, click **Create Data Source** in the top right corner. The Create -Data Source page is displayed. - -Step 3 – In the Data Source Type drop-down list, select a provider type to create a data source for. -This list displays the supported providers. Select _ODBC_. - -Step 4 – Enter a name for the data source in the Name box. - -Step 5 – Enter the DSN name in the DSN box. Directory Manager uses this name to request a connection -to the ODBC data source. Note the following: - -- For a system DSN, simply provide the name of the DSN. -- For a file DSN, provide the file path with file name and extension. - -Step 6 – Select the **System DSN** or **File DSN** option button to specify the DSN type to use for -connecting to the data source. - -Step 7 – In case the data source is password protected, provide a username and password in the -**Service Account** and **Service Account Password** boxes to access it. -Depending on the data source, you may not necessarily have to provide both a username and password. -For example, an MS Access database may need a password only while an SQL server may require both -username and password. - -Step 8 – Click **Create Data Source**. -The data source is available on the ODBC tab of the Data Sources page. - -## Create a Data Source for SCIM - -Directory Manager supports identity providers, namely Active Directory, Microsoft Entra ID, and -Google Workspace, but it does not support Slack, AWS, JumpCloud, and GitHub. You can create a -SCIM-based data source for these and other providers to use them in queries and as -source/destinations in Synchronize jobs. As a prerequisite, the provider must support SCIM and -expose an endpoint URL that Directory Manager can consume. - -Follow the steps to create a data source. - -Step 1 – In Admin Center, click **Data Sources** in the left pane. - -Step 2 – On the Data Sources page, click **Create Data Source** in the top right corner. The Create -Data Source page is displayed. - -Step 3 – In the Data Source Type drop-down list, select a provider type to create a data source for. -This list displays the supported providers. Select _SCIM_. - -Step 4 – Enter a name for the data source in the Name box. - -Step 5 – In the SCIM Endpoint box, enter the SCIM endpoint URL exposed by the provider for which you -want to create a data source. - -Step 6 – In the Bearer Token box, enter the authentication token you generated in the provider. - -Step 7 – Click **Create Data Source**. -The data source is available on the SCIM tab of the Data Sources page. diff --git a/docs/directorymanager/11.1/admincenter/datasource/manage.md b/docs/directorymanager/11.1/admincenter/datasource/manage.md deleted file mode 100644 index 36ac5bc818..0000000000 --- a/docs/directorymanager/11.1/admincenter/datasource/manage.md +++ /dev/null @@ -1,52 +0,0 @@ -# Manage a Data Source - -Directory Manager enables you to create data sources for various data providers. You can also update -and delete these data sources. - -## Search a Data Source for a Specific Provider - -You can search for a data source built on a particular provider by its name. - -Follow the steps to search a data source. - -Step 1 – In Admin Center, click **Data Sources** in the left pane. - -Step 2 – On the Data Sources page, click the tab for a provider to search for a data source built on -it. - -Step 3 – Enter a search string in the search box and press _Enter_. Data sources that contain the -string in their names are displayed. - -## Update a Data Source - -You can update the details provided for a data source, such as its display name, the service account -credentials to connect to it, and any other info you provided while creating it. - -Follow the steps to update the details for a data source. - -Step 1 – In Admin Center, click **Data Sources** in the left pane. - -Step 2 – On the Data Sources page, click the tab for the provider the data source is built on. - -Step 3 – Click **Edit** for a data source. The **Update Data Source** page is displayed, that -differs by provider. Refer to the steps for creating the respective data source in the -[Create a Data Source](/docs/directorymanager/11.1/admincenter/datasource/create.md) topic to modify the info. - -Step 4 – Click **Update Data Source**. - -## Delete a Data Source - -You can delete a data source to prevent users from using it as source and destination in Synchronize -jobs. - -NOTE: Deleting a data source corrupts all Synchronize jobs, membership queries, and search queries -using that data source. - -Follow the steps to delete a data source. - -Step 1 – In Admin Center, click **Data Sources** in the left pane. - -Step 2 – On the Data Sources page, click the tab for the provider for which you want to delete a -data source. - -Step 3 – Click **Delete** for a data source to delete it. diff --git a/docs/directorymanager/11.1/admincenter/datasource/overview.md b/docs/directorymanager/11.1/admincenter/datasource/overview.md deleted file mode 100644 index d205a681a9..0000000000 --- a/docs/directorymanager/11.1/admincenter/datasource/overview.md +++ /dev/null @@ -1,43 +0,0 @@ -# Data Sources - -You can create data sources in Directory Manager for the following providers, which include -directories, databases, and files: - -- MS Excel -- MS Access -- Oracle -- SQL Server -- Text/CSV (can only be used as a source in a Synchronize job) -- ODBC -- SCIM - -## Where are Data Sources Used? - -Data sources are used in the Directory Manager portal in the following ways: - -As source and destination in Synchronize jobs - -Synchronize jobs enable you to provision objects, deprovision objects, and sync data from one data -source to another. See the [Synchronize](/docs/directorymanager/11.1/portal/synchronize/overview.md) topic for additional -information. - -As external data source for query-based searches - -A Query Designer is used to perform targeted searches in the directory. While creating a search -query, you can combine a data source with the directory to search for specific objects. See the -[Query Based Advanced Search](/docs/directorymanager/11.1/portal/search/querysearch.md) topic for additional information. - -As external data source for membership queries - -A Query Designer enables you to specify membership queries for Smart Groups and Dynasties. When you -specify a data source in the Query Designer, Directory Manager reads records from it and fetches -similar objects from the directory to add to a group's membership. See the -[Query Designer - Database tab](/docs/directorymanager/11.1/portal/group/querydesigner/database.md) topic for additional -information. - -As external data source for query-based searches - -Another Query Designer is used to perform targeted searches in the directory. While creating a -search query, you can combine a data source with the directory to search for specific objects. See -the [Query Based Advanced Search](/docs/directorymanager/11.1/portal/search/querysearch.md) topic for additional -information. diff --git a/docs/directorymanager/11.1/admincenter/entitlement/ad/manage.md b/docs/directorymanager/11.1/admincenter/entitlement/ad/manage.md deleted file mode 100644 index 4b049a3d6c..0000000000 --- a/docs/directorymanager/11.1/admincenter/entitlement/ad/manage.md +++ /dev/null @@ -1,315 +0,0 @@ -# Manage File Servers - -You can specify file servers in an Active Directory identity store to replicate their entitlement -data to Elasticsearch for Directory Manager. You can then manage these entitlements using Directory -Manager. Entitlement data includes the permissions granted on shared files and folders residing on -these file servers. - -You can also manage certain settings for a server, such as change the service account for reading -and managing entitlements and exclude a shared folder on a file server from replication. - -What do you want to do? - -- Specify File Servers for Entitlement Management -- Specify File Servers Outside the Criteria -- Include Future Servers for Entitlement Management -- View the Shared Folders on a File Server -- Exclude a Folder on a Server from Replication -- Connect to a File Server Using a Different Account -- Replicate Permissions Manually -- Exclude a Server From Entitlement Management -- Restore a Server for Entitlement Management - -## Specify File Servers for Entitlement Management - -To select file servers for entitlement management, you have to specify an OU or group as criterion. -Directory Manager fetches server objects from the specified OU or group. Once you save it, you also -get an option to add servers from outside the criterion, such as from a different OU. - -You can also change the criterion, such as specify a different OU or group for fetching file -servers. - -**To specify a criterion for fetching file server(s):** - -1. In Admin Center, click **Identity Stores** in the left pane. -2. On the **Identity Stores** page, click the ellipsis button for an identity store and select - **Edit**. -3. Click **Entitlement** under **Settings** in the left pane to launch the **Entitlement** page. - When no file server is defined, you land on a blank page. -4. Click **Set up File Server(s)**. -5. In the **Search Criteria** area, specify a _group or container_ to fetch the server objects from. - These server objects are essentially joined to the domain the identity store is connected to. - - **Designate a container as criteria:** - - 1. Select the **Container** option button. - 2. By default, the entire directory is selected. To fetch server objects from a specific OU - rather than the entire directory, click the arrow in the box and select an OU. Then click - **Search**. Server objects residing in this OU and its nested OUs are displayed in the - **Included File Servers** area. - - **Designate a group as criteria:** - - 1. Select the **Group** option button. - 2. Enter a search string in the box to search for your required group in the directory. You can - also click **Advanced** to search the group by name, display name, and description. On - selecting a group, all server objects that are members of this group will be displayed in the - **Included File Servers** area. - -6. Click **Save** on the **Entitlement** page. - -#### File Server Details - -The following information is displayed for a file server in the **Included File Servers** area: - -- **Name:** the file server name. -- **User Name:** the user account used to connect to the file server to read and update permissions - on shared files and folders residing on the server. - - - If the service account specified for the identity store is used, the column does not display - anything. - - If you have designated a different account for this purpose, the username of the account is - displayed here. See the Connect to a File Server Using a Different Account topic. - -- **RC Status**: Displays the replication status for the server with respect to the replication - performed by the GroupID Entitlement schedule. Different statuses are: - - - **Request - ![rc_request](/img/product_docs/directorymanager/11.1/admincenter/entitlement/ad/rc_request.webp):** - permission data for the file server has never been replicated to Elasticsearch. - - **Success - ![rc_success](/img/product_docs/directorymanager/11.1/admincenter/entitlement/ad/rc_success.webp):** - permission data for the file server was successfully replicated when the GroupID Entitlement - schedule last ran. - - **Fail - ![rc_fail](/img/product_docs/directorymanager/11.1/admincenter/entitlement/ad/rc_fail.webp):** - replication failed for the server due to an error. - - **Running - ![rc_running](/img/product_docs/directorymanager/11.1/admincenter/entitlement/ad/rc_running.webp):** - the GroupID Entitlement schedule is running and replication is in progress. - -- **Last Replicated**: the date and time the GroupID Entitlement schedule last replicated - entitlement data for the file server to Elasticsearch. _N/A_ is displayed when the file server has - never been replicated. -- **Status**: Click **Get Status** to check the status of the file server, represented by the - following colors: - - - Red: The server is inactive, decommissioned, or cannot be accessed. - - Green: The server is active and accessible. - -- **Actions**: Click the ellipsis button in the **Actions** column and do one of the following: - - - Click **Edit** to view the shared folders residing on the server, include/exclude a folder for - entitlement management, and change the service account used to connect to the server for - reading and updating entitlements. - - Click **Add to Exclude Server List** to exclude the file server from entitlement management. - Directory Manager does not read and display entitlement data for an excluded server. - -#### Search File Servers - -The _Search Filters_ area is available in both the **Included File Servers** and **Excluded File -Servers** sections. Use it to search for a file server in the respective listing. - -1. Click on the _Search Filters_ bar to expand the filter area. -2. Specify a filter expression to search a server by name. - - 1. Select _Name_ in the **Attributes** drop-down list. This is the only attribute available for - performing a search. - 2. Select an option in the **Operators** drop-down list. - - - _Is exactly:_ Displays the server with exactly the same name as you enter in the **Value** - box. - - _Contains:_ Displays the servers whose names contain the text you enter in the **Value** - box. - - _Starts with:_ Displays the servers whose names start with the text you enter in the - **Value** box. - - _Ends with:_ Displays the servers whose names end with the text you enter in the **Value** - box. - - 3. Enter a string in the **Value** box. - -3. Click **Apply**. The file servers listing displays the servers that match the criterion. - -## Specify File Servers Outside the Criteria - -Directory Manager allows you to specify a group or container as criterion to fetch file servers from -there for entitlement management. But since only a single group or container can be specified as -criterion, there may be a situation where you want to specify a server from outside this criterion. -To facilitate this, Directory Manager enables you to search and select file servers in the domain -for entitlement management. - -**To specify a file server outside of criteria:** - -1. In Admin Center, click **Identity Stores** in the left pane. -2. On the **Identity Stores** page, click the ellipsis button for an identity store and select - **Edit**. -3. Click **Entitlement** under **Settings** in the left pane. -4. On the **Entitlement** page, click **Include Servers other than Criteria**. -5. The **Find Servers** dialog box, by default, displays file servers from the entire directory that - reside outside the container or group specified as criteria. Click in the box and select an OU to - narrow down the server listing. - Select the check boxes for the file server(s) to include them for entitlement management. -6. Click **Save**. The selected servers are displayed in the **Included File Servers** area on the - **Entitlement** page. -7. Click **Save**. - -## Include Future Servers for Entitlement Management - -1. In Admin Center, click **Identity Stores** in the left pane. -2. On the **Identity Stores** page, click the ellipsis button for an identity store and select - **Edit**. -3. Click **Entitlement** under **Settings** in the left pane. -4. On the **Entitlement** page, select the **Include all future servers** check box to ensure that - all server objects that are added to the group/container (specified in the **Search Criteria** - area) in the future are automatically displayed in the **Included File Servers** area for - entitlement data replication. -5. Click **Save**. - -## View the Shared Folders on a File Server - -1. In Admin Center, click **Identity Stores** in the left pane. -2. On the **Identity Stores** page, click the ellipsis button for an identity store and select - **Edit**. -3. Click **Entitlement** under **Settings** in the left pane. -4. In the **Included File Servers** area on the **Entitlement** page, click the ellipsis button for - a server and select **Edit**. On the **Edit Server** dialog box: - - - The **Server Shares** area displays the shared folders on the server. - - The name of the [GroupID Entitlement Schedule](/docs/directorymanager/11.1/admincenter/schedule/entitlement.md) that computes - the permissions on shared files and folders residing on the server and replicates them to - Elasticsearch, is displayed next to **Job**. - -## Exclude a Folder on a Server from Replication - -By default, Directory Manager computes and replicates permissions on all shared files/folders on the -configured servers. You can exclude a folder on a server from this activity. - -When a folder is excluded, its entitlement data replicated to-date is also cleared. - -**To exclude a folder:** - -1. In Admin Center, click **Identity Stores** in the left pane. -2. On the **Identity Stores** page, click the ellipsis button for an identity store and select - **Edit**. -3. Click **Entitlement** under **Settings** in the left pane. -4. In the **Included File Servers** area on the **Entitlement** page, click the ellipsis button for - a server and select **Edit**. -5. On the **Edit Server** dialog box, the **Server Shares** area displays the shared folders on the - server. Clear the check box for a folder to exclude it from replication and click **Apply - Changes**. -6. Click **Save** on the **Entitlement** page. - -## Connect to a File Server Using a Different Account - -By default, the service account specified for the identity store is used to connect to a file server -for reading and managing the effective permissions assigned to objects on the shared folders. You -can designate a different account for this activity. - -**To change the service account for a file server:** - -1. In Admin Center, click **Identity Stores** in the left pane. -2. On the **Identity Stores** page, click the ellipsis button for an identity store and select - **Edit**. -3. Click **Entitlement** under **Settings** in the left pane. -4. In the **Included File Servers** area on the **Entitlement** page, click the ellipsis button for - a server and select **Edit**. -5. On the **Edit Server** dialog box, you can change the service account used to connect to the - server for reading and updating permissions. The - [GroupID Entitlement Schedule](/docs/directorymanager/11.1/admincenter/schedule/entitlement.md), - [Entitlement Scope Schedule](/docs/directorymanager/11.1/admincenter/schedule/entitlementscope.md), and - [Entitlement Temporary Permissions Schedule](/docs/directorymanager/11.1/admincenter/schedule/entitlementtemporarypermissions.md) - run in the context of the account specified here. - - - The **Use Identity Store Service Account** check box is selected by default, indicating that - the service account specified for the identity store is used to connect to the server. - - To change the account, clear the **Use Identity Store Service Account** check box and specify - the credentials of an account in the **User name** and **Password** boxes. This account must - have elevated permissions to manage the effective NTFS permissions for the shared resources on - the server. - On changing the credentials, use the **Reconnect** button to test the connectivity and fetch - the shared folders again with the given credentials. - -6. Click **Apply Changes**. -7. Click **Save** on the **Entitlement** page. - -## Replicate Permissions Manually - -After adding a file server for entitlement management, it is essential to replicate object -permissions from the file server to Elasticsearch. - -The [GroupID Entitlement Schedule](/docs/directorymanager/11.1/admincenter/schedule/entitlement.md) runs on a set frequency to -replicate the effective NTFS permission for the file servers. You can also run this schedule any -time manually for a specific file server or all file servers listed in the **Included File Servers** -section on the **Entitlement** page. - -**To replicate permissions manually:** - -1. In Admin Center, click **Identity Stores** in the left pane. -2. On the **Identity Stores** page, click the ellipsis button for an identity store and select - **Edit**. -3. Click **Entitlement** under **Settings** in the left pane. -4. On the **Entitlement** page, you can manually replicate permissions for one or all file servers. - - - **To replicate permissions for a server:**Select a file server in the **Included File - Servers** area and click **Replicate**. - - **To replicate permissions for multiple servers:**In the **Included File Servers** area, - select the check boxes for the servers you want to replicate. To replicate all servers, select - the check box in the header row. This displays the following icons: - - **![replicate_permissions](/img/product_docs/directorymanager/11.1/admincenter/entitlement/ad/replicate_permissions.webp)** - - Either click the **Replicate** icon or the **Replicate** button. - - This triggers the GroupID Entitlement schedule for the identity store, which computes and - replicates the effective NTFS permissions granted to directory objects on shared resources on - the server(s). This process may take some time. - - The **Last Replicated** column displays the date and time the GroupID Entitlement schedule last - ran. - -## Exclude a Server From Entitlement Management - -You can exclude a file server in the identity store from replication and entitlement management. - -**To exclude a file server:** - -1. In Admin Center, click **Identity Stores** in the left pane. -2. On the **Identity Stores** page, click the ellipsis button for an identity store and select - **Edit**. -3. Click **Entitlement** under **Settings** in the left pane. -4. On the **Entitlement** page, you can exclude one or more servers. - - - **To exclude a server:**In the **Included File Servers** area, click the ellipsis button for a - server and select **Add to Exclude Server List**. The server is moved to the **Excluded File - Servers** area. - - **To exclude multiple servers:** - - In the **Included File Servers** area, select the check boxes for the servers you do not - want to replicate. To exclude all servers, select the check box in the header row. This - displays the following icons: - - ![replicate_permissions](/img/product_docs/directorymanager/11.1/admincenter/entitlement/ad/replicate_permissions.webp) - - Click **Remove**. The servers are moved to the **Excluded File Servers** area. - -5. Click **Save**. - -## Restore a Server for Entitlement Management - -You can restore an excluded server in the identity store for replication and entitlement management. - -**To restore an excluded server:** - -1. In Admin Center, click **Identity Stores** in the left pane. -2. On the **Identity Stores** page, click the ellipsis button for an identity store and select - **Edit**. -3. Click **Entitlement** under **Settings** in the left pane. -4. On the **Entitlement** page, the **Excluded File Servers** area displays the file servers - excluded from replication. Click **Remove** for a server to move it to the **Included File - Servers** area. -5. Click **Save**. - -See Also - -- [Entitlement](/docs/directorymanager/11.1/admincenter/entitlement/overview.md) -- [Manage SharePoint Sites](/docs/directorymanager/11.1/admincenter/entitlement/entraid/manage.md) diff --git a/docs/directorymanager/11.1/admincenter/entitlement/entraid/manage.md b/docs/directorymanager/11.1/admincenter/entitlement/entraid/manage.md deleted file mode 100644 index c13c6ec977..0000000000 --- a/docs/directorymanager/11.1/admincenter/entitlement/entraid/manage.md +++ /dev/null @@ -1,266 +0,0 @@ -# Manage SharePoint Sites - -An Entra ID user, who is: - -- logged-in to the Admin Center - -- a non-MFA user (i.e. multifactor authentication is not enabled for the user) - -An Entra ID user can add and configure SharePoint sites in an Entra ID identity store to replicate -their entitlement data to Elasticsearch for Directory Manager. The user can then manage permissions -on the sites and the document libraries in those sites using Directory Manager. - -The user can also manage certain settings for a site, such as change the service account for reading -and managing permissions and exclude a document library in a site from entitlement management. - -What do you want to do? - -- Specify SharePoint Sites for Entitlement Management -- Include Future Sites for Entitlement Management -- View the Document Libraries in a Site -- Exclude a Document Library from Replication -- Connect to a Site Using a Different Account -- Replicate Permissions Manually -- Exclude a Site from Entitlement Management -- Restore a Site for Entitlement Management - -## Specify SharePoint Sites for Entitlement Management - -Provide the SharePoint admin URL and credentials to connect to SharePoint. Directory Manager fetches -all the sites under it to replicate the permissions on document libraries there. - -Follow the steps to provide the SharePoint Admin URL. - -In Admin Center, click **Identity Stores** in the left pane. - -Step 1 – On the Identify Stores page, click the ellipsis button for an identity store and select -**Edit**. - -Step 2 – Click **Entitlement** under **Settings** in the left pane. The Entitlement page is -displayed. When no SharePoint site is defined, the page is blank. - -Step 3 – Click **Set up SharePoint Site** and then click **Configure New Site**. - -Step 4 – On the Configure New Site dialog box: - -- In the Site URLox, enter the **SharePoint admin URL** to fetch the sites. - -- In the User name and Password boxes, provide the credentials of a service account to connect to - the site for managing entitlements. -- In the Application ID box, provide the application ID assigned to the Directory Manager - application when you registered it in Microsoft Entra Admin Center. -- Click **Add Site**. - The URL of this site is displayed in the SharePoint Admin URL box on the Entitlement page. All - sites under it are displayed in the Included SharePoint sites area. - -Step 5 – Click **Save**. - -#### SharePoint Site Details - -The information displayed for a site in the Included SharePoint Sites area is the same as displayed -for a file server in an Active Directory identity store. Refer to the -[File Server Details ](/docs/directorymanager/11.1/admincenter/entitlement/ad/manage.md#file-server-details) topic for more info. Though in this -case, the User namecolumn displays the username of the account used to connect to the site, and it -is not blank. - -#### Search SharePoint Sites - -Use the _Search Filters_ option in the Included SharePoint Sites area to search for a site in the -listing. The filters are the same as displayed for a file server in an Active Directory identity -store. Refer to the [Search File Servers ](/docs/directorymanager/11.1/admincenter/entitlement/ad/manage.md#search-file-servers) topic for performing -a search. - -## Include Future Sites for Entitlement Management - -Follow the steps to include future sites for entitlement management. - -Step 1 – In Admin Center, click **Identity Stores** in the left pane. - -Step 2 – On the **Identity Stores** page, click the ellipsis button for an identity store and select -**Edit**. - -Step 3 – Click **Entitlement** under **Settings** in the left pane. - -Step 4 – On the **Entitlement** page, select the **Include all Future Sites** check box to ensure -that any new site created under the SharePoint admin URL is automatically fetched and displayed in -the **Included SharePoint Sites** area for permission replication. - -Step 5 – Click **Save**. - -## View the Document Libraries in a Site - -Follow the steps to view the document libraries in a site. - -Step 1 – In Admin Center, click **Identity Stores** in the left pane. - -Step 2 – On the Identify Stores page, click the ellipsis button for an identity store and select -**Edit**. - -Step 3 – Click **Entitlement** under Settings in the left pane. - -Step 4 – In the Included SharePoint Sites area on the **Entitlement** page, click the ellipsis -button for a site and select **Edit**. On the **Edit Site** dialog box: - -- The Site Libraries area displays the document libraries in the site. -- The name of the [GroupID Entitlement Schedule](/docs/directorymanager/11.1/admincenter/schedule/entitlement.md) that computes the - permissions on document libraries in the site and replicates them to Elasticsearch, is displayed - next to **Job**. - -## Exclude a Document Library from Replication - -By default, Directory Manager computes and replicates permissions on all document libraries in the -SharePoint sites that fall under the admin URL. You can exclude a document library in a site from -this activity. - -When a document library is excluded, its entitlement data replicated to-date is also cleared. - -Follow the steps to exclude a document library. - -Step 1 – In Admin Center, click **Identity Stores** in the left pane. - -Step 2 – On the Identify Stores page, click the ellipsis button for an identity store and select -**Edit**. - -Step 3 – Click **Entitlement** under Settings in the left pane. - -Step 4 – In the Included SharePoint Sites area on the **Entitlement** page, click the ellipsis -button for a site and select **Edit**. - -Step 5 – On the Edit Site dialog box, the **Site Libraries** area displays the document libraries in -the site. Clear the check box for a library to exclude it from replication and click **Apply -Changes**. - -Step 6 – Click **Save** on the Entitlement page. - -## Connect to a Site Using a Different Account - -Directory Manager connects to a site using the service account specified while configuring the -SharePoint admin URL for reading and managing the effective permissions assigned to objects on the -document libraries. You can designate a different account for this activity. - -Follow the steps to change the service account for a site. - -Step 1 – In Admin Center, click **Identity Stores** in the left pane. - -Step 2 – On the **Identity Stores** page, click the ellipsis button for an identity store and select -**Edit**. - -Step 3 – Click **Entitlement** under **Settings** in the left pane. - -Step 4 – In the **Included SharePoint Sites** area on the **Entitlement** page, click the ellipsis -button for a site and select **Edit**. - -Step 5 – On the **Edit Site** dialog box, you can change the service account used to connect to the -site for reading and updating permissions. The -[GroupID Entitlement Schedule](/docs/directorymanager/11.1/admincenter/schedule/entitlement.md), -[Entitlement Scope Schedule](/docs/directorymanager/11.1/admincenter/schedule/entitlementscope.md), and -[Entitlement Temporary Permissions Schedule](/docs/directorymanager/11.1/admincenter/schedule/entitlementtemporarypermissions.md) run -in the context of the account specified here. - -- The User name and Password boxes display the credentials of the account used to connect to the - site. You can connect using a different account by providing the credentials of that account. - - Or - -- Select the **Use Identity Store Service Account** check box to use the service account specified - for the identity store to connect to the site. - -The account must have elevated permissions to the Microsoft web applications that host the site in -order to read and manage the effective permissions on the document libraries in the site. -On changing the credentials, use the **Reconnect** button to test the connectivity and fetch the -document libraries again with the given credentials. - -Step 1 – Click **Apply Changes**. - -Step 2 – Click **Save** on the Entitlement page. - -## Replicate Permissions Manually - -After adding the SharePoint admin URL to manage entitlements for document libraries in the sites, it -is essential to replicate object permissions from the SharePoint server to Elasticsearch. - -The [GroupID Entitlement Schedule](/docs/directorymanager/11.1/admincenter/schedule/entitlement.md) runs on a set frequency to -replicate the effective permissions on document libraries in the sites. You can also run this -schedule any time manually for a site listed in the Included SharePoint sites area on the -Entitlementpage. - -Follow the steps to replicate permissions manually. - -Step 1 – In Admin Center, click **Identity Stores** in the left pane. - -Step 2 – On the Identity Stores page, click the ellipsis button for an identity store and select -**Edit**. - -Step 3 – Click **Entitlement** under **Settings** in the left pane. - -Step 4 – On the Entitlement page, you can manually replicate permissions for one or all sites. - -- To replicate permissions for a site – Select a site in the **Included SharePoint Sites** area and - click **Replicate**. -- To replicate permissions for multiple sites – Select the check boxes for the sites you want to - replicate. To replicate all sites, select the check box in the header row. This displays the - following icons: - - ![replicate_permissions](/img/product_docs/directorymanager/11.1/admincenter/entitlement/ad/replicate_permissions.webp) - - Either click the **Replicate** icon or the **Replicate** button. - -This triggers the GroupID Entitlement schedule for the identity store, which computes and replicates -the effective permissions granted to directory objects on document libraries in the site(s). This -process may take some time. -The Last Replicated column displays the date and time the GroupID Entitlement schedule last ran. - -## Exclude a Site from Entitlement Management - -You can exclude a SharePoint site from replication and entitlement management. - -Follow the steps to exclude a site or subsite. **To exclude a site or subsite:** - -Step 1 – In Admin Center, click **Identity Stores** in the left pane. - -Step 2 – On the **Identity Stores** page, click the ellipsis button for an identity store and select -**Edit**. - -Step 3 – Click **Entitlement** under **Settings** in the left pane. - -Step 4 – On the **Entitlement** page, you can exclude one or more sites. - -- **To exclude a site:** - - Click the ellipsis button for a site and select **Add to Exclude Site List**. The site is moved - to the **Excluded SharePoint Sites** area. - -- **To exclude multiple sites:** - - Select the check boxes for the sites you do not want to replicate. To exclude all sites, select - the check box in the header row. This displays the following icons: - - ![replicate_permissions](/img/product_docs/directorymanager/11.1/admincenter/entitlement/ad/replicate_permissions.webp) - - Click **Remove**. The sites are moved to the **Excluded SharePoint Sites** area. - -Step 5 – Click **Save**. - -## Restore a Site for Entitlement Management - -You can restore an excluded SharePoint site for replication and entitlement management. - -Follow the steps to restore an excluded site. - -Step 1 – In Admin Center, click **Identity Stores** in the left pane. - -Step 2 – On the Identify Stores page, click the ellipsis button for an identity store and select -**Edit**. - -Step 3 – Click **Entitlement** under Settings in the left pane. - -Step 4 – On the Entitlement page, the **Excluded SharePoint Sites** area displays the sites excluded -from replication. -Click **Remove** for a site to move it to the **Included SharePoint Sites** area. - -Step 5 – Click **Save**. - -See Also - -- [Entitlement](/docs/directorymanager/11.1/admincenter/entitlement/overview.md) -- [Manage File Servers](/docs/directorymanager/11.1/admincenter/entitlement/ad/manage.md) diff --git a/docs/directorymanager/11.1/admincenter/entitlement/overview.md b/docs/directorymanager/11.1/admincenter/entitlement/overview.md deleted file mode 100644 index 435a4ab432..0000000000 --- a/docs/directorymanager/11.1/admincenter/entitlement/overview.md +++ /dev/null @@ -1,107 +0,0 @@ -# Entitlement - -Directory Manager Entitlement enables you to stay informed on the permissions assigned to objects -residing on your Active Directory servers and SharePoint sites. - -## Entitlement for Active Directory - -With Entitlement, you can view and update the effective NTFS permissions assigned to a user or group -on shared files and folders, that reside on a file server in your environment. You can: - -- Select an object, such as a user or group, to view and update the permissions assigned to it on - shared files and folders residing on a server. -- Select a file or folder to view a list of objects that have been granted permissions to it. You - can also add and remove objects from the permissions list of the file or folder as well as update - the permissions. - -Entitlement types include: - -- Explicit permissions -- Inherited permissions from a folder - -To facilitate entitlement management for an Active Directory identity store in Directory Manager, do -the following: - -- Specify one or more file servers in identity store configurations. -- Compute the permissions assigned to directory objects on the shared files and folders on those - file server(s), and replicate those permissions to Elasticsearch. -- View and manage entitlements in the Entitlement section of the Directory Manager portal. - -See the [Manage File Servers](/docs/directorymanager/11.1/admincenter/entitlement/ad/manage.md) topic for additional information. - -## Entitlement for SharePoint - -With Entitlement, you can view and manage the effective permissions for a user or group on document -libraries in a SharePoint site. You can: - -- Select an object, such as a user or group, to view and update the levels and permissions assigned - to it on document libraries in a site. -- Select a file or folder to view a list of objects that have been granted permissions to it. You - can also add and remove objects from the permissions list of the file or folder as well as update - the permissions. - -Permission types include: - -- Explicit permissions -- Inherited permissions from a document library - -To facilitate entitlement management for a Microsoft Entra ID identity store in Directory Manager, -do the following: - -- Specify the admin URL for SharePoint in identity store configurations to fetch the sites. -- Compute the permissions assigned to directory objects on the document libraries in those sites, - and replicate those permissions to Elasticsearch. -- View and manage entitlements in the Entitlement section of the Directory Manager portal. - -See the [Manage SharePoint Sites](/docs/directorymanager/11.1/admincenter/entitlement/entraid/manage.md) topic for additional information. - -## Perpetual Entitlements vs Temporary Entitlements - -Using Directory Manager, you can manage entitlements in the following ways: - -- **Assign and revoke permissions on a perpetual basis** - When a permission is assigned - perpetually, it continues to apply until you choose to revoke it. Similarly, when a permission is - revoked perpetually, it stays so until you choose to reapply it. -- **Assign and revoke permissions on a temporary basis** - A temporary permission is one with a - start and end date specified. In case of temporary assignment, Directory Manager auto assigns the - permission on the start date and revokes it on the end date. Similarly, for temporary removal, - Directory Manager revokes the permission on the start date and reassigns it on the end date. - -## Entitlement Schedules - -When you add the first server or site for entitlement management, the following three schedules are -automatically created in the identity store: - -- [GroupID Entitlement Schedule](/docs/directorymanager/11.1/admincenter/schedule/entitlement.md) - replicates object permissions on file - servers and SharePoint sites for an Active Directory and Microsoft Entra ID identity store - respectively. It performs a complete replication. -- [Entitlement Scope Schedule](/docs/directorymanager/11.1/admincenter/schedule/entitlementscope.md) - replicates changes made to object - permissions on file servers and SharePoint sites using Directory Manager. -- [Entitlement Temporary Permissions Schedule](/docs/directorymanager/11.1/admincenter/schedule/entitlementtemporarypermissions.md) - - updates the temporary permissions for objects on file servers and SharePoint sites. - -## What is Replication? - -When a file server/SharePoint site is added for entitlement management, an essential task is to -replicate object permissions from the file server or SharePoint site to the Elasticsearch -repository. The GroupID Entitlement schedule for an identity store performs this replication, which -involves the following: - -- Directory Manager first computes the effective NTFS permissions granted to directory objects on - shared files and folders at granular level. For SharePoint sites, it computes the permissions - granted to objects on document libraries. -- The Data service then replicates this data to Elasticsearch. - -The GroupID Entitlement schedule auto runs at a set frequency, but you can also run it manually for -a file server or SharePoint site. Directory Manager time stamps the last time permissions were -replicated. - -## Entitlement-related Permissions for Security Roles - -You can grant permissions to security roles in an identity store on the Entitlement section in the -Directory Manager portal. Based on these permissions, role members can performs different actions, -such as navigate file servers and SharePoint sites, grant permissions to objects on shared -resources, revoke permissions, and more. - -Entitlement-related permissions for a security role are discussed in the -[Entitlement](/docs/directorymanager/11.1/admincenter/securityrole/permissions.md#entitlement) topic. diff --git a/docs/directorymanager/11.1/admincenter/general/changepassword.md b/docs/directorymanager/11.1/admincenter/general/changepassword.md deleted file mode 100644 index 67855ff8de..0000000000 --- a/docs/directorymanager/11.1/admincenter/general/changepassword.md +++ /dev/null @@ -1,32 +0,0 @@ -# Change your Password - -You can change the password of your identity store account. After changing it, use the new password -to sign into Directory Manager and other applications that use your domain account. - -You can change password according to the password policy the administrator has enabled for the -identity store. The administrator can either enable -[Directory Manage Password Policy ](/docs/directorymanager/11.1/admincenter/securityrole/policy/password.md) or Netwrix Password Policy -Enforcer policies for the identity store. - -## Change your Password - -Follow the steps to change your password. - -Step 1 – In Admin Center, click your name in the top right corner and select **Change Password**. - -Step 2 – On the Change Password page, enter your current password in the **Current Password** box. -By default, password characters are represented by dots. Use the toggle button in the box to show or -hide characters. - -Step 3 – Enter a new password in the **New Password** and **Confirm Password** boxes. The new -password must conform to the rules of the applied password policy for the identity store. - -Step 4 – Click **Change Password**. - -NOTE: MFA enabled Microsoft Entra ID users cannot change their passwords in Directory Manager. If -they try to use the option, the following message is displayed:. - -![Admin Center Change Password error message for an Entra ID user](/img/product_docs/directorymanager/11.1/admincenter/general/changepassword.webp) - -If the user's account is a master account, password of its child accounts also cannot be changed in -Directory Manager. diff --git a/docs/directorymanager/11.1/admincenter/general/dashboard.md b/docs/directorymanager/11.1/admincenter/general/dashboard.md deleted file mode 100644 index b81968f9b5..0000000000 --- a/docs/directorymanager/11.1/admincenter/general/dashboard.md +++ /dev/null @@ -1,176 +0,0 @@ -# Dashboard - -The Admin Center dashboard is a data visualization tool that displays widgets for performance -analytics, alerts, and reporting on Directory Manager and identity stores on a single page. - -In Admin Center, click **Dashboard** in the left pane. The dashboard displays the following cards -with aggregated data from all identity stores built on Active Directory, Microsoft Entra ID, Google -Workspace, and Generic LDAP, as well as individual identity stores. - -![dashboard](/img/product_docs/directorymanager/11.1/admincenter/general/dashboard.webp) - -The dashboard displays the following information: - -- Basic Information -- Elasticsearch Service -- Objects Modified in Last 24 Hours -- Failed Notifications -- Upcoming Schedules -- Replication Status of Identity Stores -- Enrollment Summary -- Auth Summary -- Activity Summary - -## Basic Information - -This card displays the following information: - -- **Server Name:** The name of the Directory Manager server machine. -- **Database Server:** The name of the SQL server machine hosting the Directory Manager database. -- **Database Name:** The name of the Directory Manager database. - -## Elasticsearch Service - -This card displays the following information about the Elasticsearch service: - -- **Cluster:** The name of the Elastic cluster the Directory Manager Elasticsearch node is joined - to. -- Elasticsearch service status, which can be: - - - **Running** - indicates that the service is up and running. - - **Stopped** - indicates that the Directory Manager Elasticsearch node has run into issues. You - must troubleshoot it for Directory Manager to work. - -## Objects Modified in Last 24 Hours - -This card displays the number of users, groups, mailboxes, and contacts modified in the directory -during the last 24 hours. This count represents the modifications done using Directory Manager and -directly in the directory. - -Information is displayed individually for each identity store. Select an identity store from the -list next to the card name to view the data for it. - -## Failed Notifications - -This card displays the count for failed notifications, i.e., the Directory Manager-generated -notifications that could not be delivered for any reason, such as when the SMTP server is down or -the recipient’s address is incorrect. - -Click **View All** to go to the **Notification Queue** page, where you can view the failed -notifications in detail. See the [Manage the Notification Queue](/docs/directorymanager/11.1/admincenter/notification/queue.md) topic. - -## Upcoming Schedules - -Multiple schedules can be defined for an identity store. This card displays the number of schedules -that will run in the next 24 hours. The card also displays the data and time the next schedule will -run. - -You can: - -- View the details of upcoming schedules for all identity stores in Directory Manager. -- View the details of upcoming schedules for an identity store individually. - -Select an identity store from the list next to the card name to view the upcoming schedules for it -or select _All Identity Stores_ to view the upcoming schedules for all identity stores. - -Click **View All** to view a list of the upcoming schedules with their names, the next date and time -of schedule run, and the identity store they belong to. - -![image38](/img/product_docs/directorymanager/11.1/admincenter/general/image38.webp) - -## Replication Status of Identity Stores - -This card lists the identity stores for Active Directory, Microsoft Entra ID, Google Workspace, and -Generic LDAP defined in Directory Manager, along with their replication status, which can be: - -- **Successful:** Indicates that identity store objects are successfully replicated. -- **Failed:** Indicates that identity store objects have failed to replicate either because the - Replication service did not run as scheduled or an error occurred during replication. -- **Never Replicated:** Indicates that the identity store is never replicated. - -## Enrollment Summary - -This card employs a bar graph to display the enrollment stats and trends for an identity store. It -shows the number of user accounts enrolled using each of the authentication types (including -accounts enrolled by end-users and by helpdesk for end-users). - -Consider the following: - -- You can view enrollment data for an identity store individually or view aggregated data for all - identity stores in Directory Manager. Select an identity store from the list next to the card name - to view the enrollment data for it or select _All Identity Stores_ to view the data for all - identity stores. -- Hover the mouse over a bar to view the number of users enrolled with the specific authentication - type. Click a bar to launch the **Helpdesk** page, that displays a list of users enrolled with - that authentication type. See the - [View Users' Information](/docs/directorymanager/11.1/admincenter/helpdesk/operation/search.md#view-users-information) topic for - details on the information displayed for a user. (Notice that the **Filter(s)** dialog box - displays the selected authentication type in the **Enrolled With** box.) -- By default, data is displayed for the last one month. You can view enrollment data for any - specific period. Click the tile showing the time period to launch the calendar. Use it to specify - a date range to view the data. - -## Auth Summary - -This card employs a pie chart to display the authentication stats and trends for an identity store, -i.e., the number of successful and failed authentication attempts made by identity store users in -Directory Manager. Information is based on: - -- Authentication attempts made using authentication types for second factor authentication. -- Authentication attempts made using authentication types for multifactor authentication. -- Sign in attempts made using username and password. - -The pie chart is highly interactive. You can: - -- Hover the mouse over an arc to view the successful or failed authentication attempt count. -- Click the arc for successful or failed attempts to view successful/failed authentication attempts - for each authentication type. Another pie chart appears to display the authentication types used - in the authentication attempt. Click this chart to navigate to the **History** tab of the - **Helpdesk** page to view the logged history for the authentication attempts with the respective - authentication type. See the [History in Helpdesk](/docs/directorymanager/11.1/admincenter/helpdesk/history.md) topic. - -Consider the following: - -- You can view authentication data for an identity store individually or view aggregated data for - all identity stores in Directory Manager. Select an identity store from the list next to the card - name to view the auth data for it or select _All Identity Stores_ to view the data for all - identity stores. -- By default, data is displayed for the last one week. You can view authentication data for any - specific period. Click the tile showing the time period to launch the calendar. Use it to specify - a date range to view the data. - -See the [Authentication Policy](/docs/directorymanager/11.1/admincenter/identitystore/configure/authpolicy.md) topic for a list of -supported authentication types. - -## Activity Summary - -This card employs a bar graph to display the number of times the following activities were performed -in an identity store by both helpdesk and end-users: - -- Password change -- Password reset -- Account unlock -- Link account -- Unlink account -- Enroll account - -Consider the following: - -- You can view data for these activities for an identity store individually or view aggregated data - for all identity stores in Directory Manager. Select an identity store from the list next to the - card name to view the activity summary for it or select _All Identity Stores_ to view the data for - all identity stores. -- To view a list of users who used a function on a particular date, click the relevant data point on - the function line. A list of users is displayed on the **History** tab of the **Helpdesk** page. - See the [History in Helpdesk](/docs/directorymanager/11.1/admincenter/helpdesk/history.md) topic. (Notice that the **Filter(s)** dialog - box displays the selected function in the **Action Type** box.) -- By default, data is displayed for the last one week. You can view activity summary for any - specific period. Click the tile showing the time period to launch the calendar. Use it to specify - a date range to view the data. -- By default, data for all the activities is displayed. Click an activity name at the bottom of the - graph to hide its data. The name is struck out, indicating that data for the activity is not - depicted on the graph. Click the activity name again to display its data on the graph. - -**See Also** - -- [Navigation](/docs/directorymanager/11.1/admincenter/general/navigation.md) diff --git a/docs/directorymanager/11.1/admincenter/general/history.md b/docs/directorymanager/11.1/admincenter/general/history.md deleted file mode 100644 index b3cc2b89da..0000000000 --- a/docs/directorymanager/11.1/admincenter/general/history.md +++ /dev/null @@ -1,89 +0,0 @@ -# Admin Center History - -Directory Manager auto tracks the following actions performed in Admin Center: - -- Creation and deletion of identity store -- Creation and deletion of SMS gateway accounts -- Creation and deletion of applications, namely Directory Manager portal, Data service, and Security - service -- Addition and removal of security questions in the global question pool -- Changes to global replication settings -- Manual sending and deletion of notifications in the notification queue -- Modifications to notification templates - -History can be viewed using the **History** node in Admin Center. You can: - -- Annotate a history action that you have performed. These annotations may explain the reason for - performing an action. -- Narrow down the history items using filters. -- Export history data to Microsoft Excel, CSV, and XML formats. - -See the [History in Directory Manager](/docs/directorymanager/11.1/admincenter/history.md) and -[Event Logging](/docs/directorymanager/11.1/admincenter/identitystore/history/eventlogging.md) topics for additional information. - -What do you want to do? - -- View Admin Center History -- Annotate History Items -- Export Admin Center History - -## View Admin Center History - -You can view the history data that Directory Manager auto tracks for high level actions performed in -Admin Center. - -To view history: - -1. In Admin Center, click **History** in the left pane. - The **Admin Center History** page displays history data in a descriptive, concise, and - user-friendly manner. Items are sorted according to the date and time, with the most recent at - the top. -2. Click a history item to view its details. The **History Details** dialog box displays the - following: - - **Object Name:** The name of the object the action was performed on. - - **Who:** The name of the user who performed the action. - - **Where:** The name of the computer the action was performed on. - - **When:** The date and time of the action. - - **Added Item(s):** A short description of the action. - - **Removed Item(s):** This box is displayed for actions showing deletion. It displays a short - description of the action. -3. The **Add Note** button is available if you performed this action. See - [Annotate History Items](/docs/directorymanager/11.1/admincenter/identitystore/history/details.md#annotate-history-items) to manage - notes. -4. Click **Close**. - -### Filter History Data - -Filters on the **Admin Center History** page are similar to those on the **Identity Store History** -page. Refer to the [Filter History Data](/docs/directorymanager/11.1/admincenter/identitystore/history/view.md#filter-history-data) topic -to apply the filters. - -### Navigate the History Data - -Navigation options on the **Admin Center History** page are similar to those on the **Identity Store -History** page. Refer to the -[Navigate Through History Items](/docs/directorymanager/11.1/admincenter/identitystore/history/view.md#navigate-through-history-items) -topic for help. - -## Annotate History Items - -1. In Admin Center, click **History** in the left pane. -2. On the **Admin Center History** page, click a history item and proceed to add a note. See the - [Annotate History Items](/docs/directorymanager/11.1/admincenter/identitystore/history/details.md#annotate-history-items) topic for - details. - -## Export Admin Center History - -You can export Admin Center history to Microsoft Excel, CSV, and XML formats. - -**To export history:** - -1. In Admin Center, click **History** in the left pane. -2. On the **Admin Center History** page, click **Export History**. -3. On the **Export History** dialog box, enter a name for the history file in the **Name** box or - leave it to default. -4. Select a format for the history file in the **Format** drop-down list. Available formats are - Excel, CSV, and XML -5. Click **Export History**. The file is saved at the download location specified in browser - settings. -6. A message is displayed that history data is successfully exported. Click **OK**. diff --git a/docs/directorymanager/11.1/admincenter/general/licensing.md b/docs/directorymanager/11.1/admincenter/general/licensing.md deleted file mode 100644 index 27eb6317b6..0000000000 --- a/docs/directorymanager/11.1/admincenter/general/licensing.md +++ /dev/null @@ -1,111 +0,0 @@ -# Licensing - -You can license Directory Manager under one or more of these license types: - -- **Suite** - enables access to all Directory Manager functionality and its clients, including the - Directory Manager portal, Management Shell, and APIs. -- **Group Management** - enables access to all the group management features in Directory Manager, - except those licensed under add-ons. -- **User Management** - enables access to all the user management features in Directory Manager, - except those licensed under add-ons. -- **Password Management** - enables access to password management functions in Directory Manager, - that are: - - - Account unlock and password reset by both end users and helpdesk - - Multifactor authentication - - Second way authentication - -- **Add-ons** - licenses for the following add-ons are available: - - - **API** - separate licenses are required for user-specific and group-specific APIs. - - **Workflow** - enables you to create new workflows, update existing workflows, specify a - default approver, and delete workflow requests. Separate licenses are required for - user-specific and group-specific workflows. - - **Workflow Acceleration** - enables you to use the workflow approver acceleration function. - Separate licenses are required to accelerate user-specific and group-specific workflows. - - **Management Shell** - separate licenses are required for user-specific and group-specific - cmdlets. - - **Entitlement** - separate licenses are required to manage entitlements for users and groups. - - **Synchronize Jobs** - separate licenses are required for user-specific and group-specific - Synchronize jobs. - - **Group Lifecycle** - required to run the Group Lifecycle schedule in the identity stores. - - **Dynamic Groups** - required to create and manage Smart Groups and Dynasties in Directory - Manager. - - **Power Automate** - enables you to integrate Directory Manager workflows with Power Automate - flows. Separate licenses are required for integrating user-specific and group-specific - workflows. - - **Group Usage Service** - required to run the Group Usage Service schedule in the identity - stores. - - **Group Attestation** - required to enable the group attestation function in the identity - stores. - - **Linked Identity Stores** - required to manage identical user objects and identical group - objects in the identity store(s). It works as follows with other Directory Manager licenses: - - - **Suite License**: enables the linked identity stores feature fully functional. You can - manage your linked identities. In case of an Active Directory identity store and Microsoft - Entra ID identity store link, you can manage entitlements of File Servers and SharePoint - sites also. - - **Group Management license**: enables you to manage identical groups in the linked - identity store(s) and auto sync them. - - **User Management license**: enables you to manage identical user objects in the linked - identity store(s) and auto sync them. - - **Password Management license**: the linked identity stores feature works in preview mode. - -A license is valid for a period of 12 months. - -NOTE: All the above licenses are also available for a trial period. - -NOTE: Licenses for certain add-ons are dependent on other licenses, such as the Group Attestation -license is dependent on the Group Usage Service license, which in turn is dependent on the Group -Management license. - -What happens when your license expires - -When a license expires, its respective functions get read-only but you can configure certain -settings, such as create identity stores, create data sources, and define replication settings. -Moreover, unlicensed functions are displayed with a yellow icon next to them. On hovering the mouse -over the icon, a message is displayed with two buttons: **Learn more** and **Upgrade**. Both buttons -redirect you to the -[Group and User Management Software from Netwrix](https://www.netwrix.com/group_and_user_management_software.html) -page, where you can learn more about Directory Manager and purchase or renew your Directory Manager -licenses. - -## Add a License - -1. In Admin Center, click **Settings** at the bottom of the left navigation pane. -2. On the **Licensing Settings** tab of the **GroupID Settings** page, click **Add New License**. -3. Enter a valid license number and key for your product copy in the respective boxes. A valid - license and key enable the **Add License** button; if it remains disabled, check your entries for - errors. -4. Click **Add License**. - - License details are displayed on the **Licensing Settings** tab as: - - - **Status:** the license status as _Valid_ or _Expired_ - - **Module:** the license type, such as _Suite_ or _Group Management_ - - **Expire:** the expiration date of the license - - **License(s):** the number of users covered under the license - - **Actions:** displays the _Edit_ and _Delete_ icons, enabling you to update or remove the - license accordingly. - -5. If you have multiple Directory Manager licenses, repeat steps 2 – 4 for each license. - -## Update a License - -1. In Admin Center, click **Settings** at the bottom of the left navigation pane. -2. On the **Licensing Settings** tab of the **GroupID Settings** page, click **Edit** for a license - in the **Actions** column to update it. -3. On the **Update/Replace License** dialog box, update the license number and key. -4. Click **Update** to save the changes. - -## Remove a License - -On removing a license, users lose all access to the functionality covered under the license. - -NOTE: A dependent license is rendered ineffective when you remove its parent license. - -To remove a license: - -1. In Admin Center, click **Settings** at the bottom of the left navigation pane. -2. On the **Licensing Settings** tab of the **GroupID Settings** page, click **Delete** for a - license in the **Actions** column to remove it. diff --git a/docs/directorymanager/11.1/admincenter/helpdesk/history.md b/docs/directorymanager/11.1/admincenter/helpdesk/history.md deleted file mode 100644 index 1dd1e596b8..0000000000 --- a/docs/directorymanager/11.1/admincenter/helpdesk/history.md +++ /dev/null @@ -1,163 +0,0 @@ -# History in Helpdesk - -Directory Manager tracks the following actions performed by end-users and helpdesk users in an -identity store and displays them as history to helpdesk users: - -- Unenroll account -- Sending of secure link for password reset by helpdesk -- Change Password -- Reset Password -- Unlock Account -- Link Account -- Unlink Account -- Enroll account -- Authenticate with password, authentication types, or any other medium - -History can be used for audit and analysis, such as how many users changed their passwords in the -last x days, reset their passwords using secure link, and more. It can also be used to verify the -identity of a user through the last action he or she performed. - -What do you want to do? - -- View History in Helpdesk - - Switch History Layouts -- Search History -- Export History to a File - -## View History in Helpdesk - -1. In Admin Center, click **Helpdesk** in the left pane. -2. On the **Helpdesk** page, click the **History** tab. - This tab displays the tracked history actions for all identity stores in Directory Manager. Use - the pagination options at the bottom of the listing to navigate through records. - - To search for specific records, see the Search History topic. - -### Switch History Layouts - -You can view history in two layouts: - -- **Basic view:** displays history in a friendly, descriptive manner. -- **Administrative view:** displays history in tabular form. - -In both layouts, click **Details** for an item to view more details. - -You can also export history to MS Excel, CSV, and XML formats. - -To Switch Layouts: - -- In the Basic view, click the **Switch to Administrative View** button to view history in - Administrative layout. -- In the Administrative view, the button changes to **Switch to Basic View**. Click it to view - history in Basic layout. - -#### View History in Basic Layout - -By default, the **History** tab of the **Helpdesk** page displays history in the Basic view, that -lists the tracked actions in meaningful sentences. - -Click **Details** for a history item to launch the **History Details** dialog box that displays the -following: - -- **Display name:** the user on whom the action was performed. -- **Identity store:** the identity store the action was performed in. -- **Action:** the action performed. -- **Authentication type:** the authentication type(s) used by the user to authenticate in order to - perform the action. For some actions performed by helpdesk, such as sending a secure link for - password reset, no authentication type is displayed. For other actions such as _unenroll_, the - authentication type for which the end user is unenrolled will be displayed. -- **Status:** whether the action was performed successfully or not. -- **Date/Time:** the date and time the action was performed. -- **Performed by:** the user who performed the action. -- **Client name:** the name of the Directory Manager client the action was performed from. -- **Helpdesk action:** whether the action was performed through helpdesk or not. -- **Machine name:** the name of the machine the action was performed from. -- **IP:** the IP address of the machine the action was performed from. -- **Browser:** the name of the browser used to perform the action. -- **Device type:** the device type used to perform the action, such as PC/laptop or mobile. - -Click **Close** to close the dialog box. - -#### View History in Administrative Layout - -The Administrative layout displays history in a table. On the **History** tab of the **Helpdesk** -page, click **Switch to Administrative View**. - -The following information is displayed for a record: - -- **Name:** The name of the user the action was performed on -- **Client Name:** the name of the Directory Manager client the action was performed from. -- **Identity Store:** The identity store the action was performed in -- **Action:** The action performed -- **Date:** The date and time the action was performed on - -Click **Details** for a history item to view its details on the **History Details** dialog box. See -the View History in Helpdesk topic for a discussion of the dialog box. - -Use the pagination options at the bottom of the listing to navigate through records. - -Sort the Listing - -History records on the **History** tab of the **Helpdesk** page are sorted in chronological order, -with the latest action at the top. - -You can sort the listing in the Administrative view by any column name in the header row. Click a -column name to sort the listing by that attribute. An arrow appears next to the column name. - -- The upward arrow head indicates that the list is sorted in ascending order. -- The downward arrow head indicates that the list is sorted in descending order. - -Click the arrow to change the order from ascending to descending and vice versa. - -## Search History - -You can search for history records in all the identity stores or specific identity stores. Simply -enter the name of a user to view all actions performed for it, be it by that same user or another -user, such as helpdesk. You can also create a filter based on multiple attributes to search for -specific records. - -To perform a search: - -1. In Admin Center, click **Helpdesk** in the left pane. -2. On the **Helpdesk** page, click the **History** tab. -3. On the **History** tab, the following search options are available: - - - **Identity Store list** - To get the history records for one or specific identity stores, - click in the **Identity Store** box and select the check boxes for the identity stores you - want to view the history for. - - **Search box to search for records specific to a user** - In the _Search_ box, enter a user’s - full name or part of a name and press _Enter_. Directory Manager displays all history actions - that are performed by or performed on the user. - - **Search filter** - Click **Filter**. On the **Filter(s)** dialog box, you can search the - history data using the available filters individually or in combination. - - - **Date Logged:** Specify a time period to view history data for. Click in the box and use - the calendar for selecting a date range. - - **Performed By:** Specify whether you want to view the actions performed by end users, - helpdesk users, or both. - - **Device Type:** Specify a device type (PC/laptop, mobile, or both) to view actions that - have been performed using that device type. - - **Status:** Specify whether you want to view successful actions, failed actions, or both - successful and failed actions - - **Action Type:** Select an action to view the history records for it. On selecting - _Enrollment_ or _Authenticate_, another drop-down list is displayed that lists the - authentication types. Select an option to view the enrollment or authentication actions - performed using that specific type. - - Click **Apply**. History records matching the given criteria are displayed. - -## Export History to a File - -1. In Admin Center, click **Helpdesk** in the left pane. -2. On the **Helpdesk** page, click the **History** tab. -3. On the **History** tab, you can export all history records in all identity stores to a file or - filter the listing to export specific records only. To narrow down records, see the Search - History topic. -4. Click **Export History** and select a file format in the list to export history data to. - The file is saved to the download location specified in your browser settings. - -**See Also** - -- [Dashboard](/docs/directorymanager/11.1/admincenter/general/dashboard.md) -- [Search Users](/docs/directorymanager/11.1/admincenter/helpdesk/operation/search.md) -- [History in Directory Manager](/docs/directorymanager/11.1/admincenter/history.md) diff --git a/docs/directorymanager/11.1/admincenter/helpdesk/operation/export.md b/docs/directorymanager/11.1/admincenter/helpdesk/operation/export.md deleted file mode 100644 index 9112aabb37..0000000000 --- a/docs/directorymanager/11.1/admincenter/helpdesk/operation/export.md +++ /dev/null @@ -1,23 +0,0 @@ -# Export Users' List to a File - -You can export users' information to an Excel, XML, or CSV file. - -What do you want to do? - -- Export Users - -## Export Users - -1. In Admin Center, click **Helpdesk** in the left pane. -2. The **Helpdesk** page opens to the **Helpdesk Operations** tab. You can export all users in all - identity stores to a file or filter the listing to export specific users only. To filter the - list, see the [Search Users](/docs/directorymanager/11.1/admincenter/helpdesk/operation/search.md) topic. -3. Select the check boxes for the users you want to export or click the check box in the header row - to select all users. Then click **Export**. -4. Select a file format in the list. The file is saved to the download location specified in your - browser settings. - -**See Also** - -- [Helpdesk](/docs/directorymanager/11.1/admincenter/helpdesk/overview.md) -- [Helpdesk Operations](/docs/directorymanager/11.1/admincenter/helpdesk/operation/overview.md) diff --git a/docs/directorymanager/11.1/admincenter/helpdesk/operation/overview.md b/docs/directorymanager/11.1/admincenter/helpdesk/operation/overview.md deleted file mode 100644 index 8105cba0ef..0000000000 --- a/docs/directorymanager/11.1/admincenter/helpdesk/operation/overview.md +++ /dev/null @@ -1,10 +0,0 @@ -# Helpdesk Operations - -Helpdesk users can perform the following actions in Admin Center: - -- [Reset Passwords](/docs/directorymanager/11.1/admincenter/helpdesk/operation/resetpassword.md) -- [Unlock Accounts](/docs/directorymanager/11.1/admincenter/helpdesk/operation/unlockaccount.md) -- [Notify Users to Enroll](/docs/directorymanager/11.1/admincenter/helpdesk/operation/asktoenroll.md) -- [Unenroll a User](/docs/directorymanager/11.1/admincenter/helpdesk/operation/unenroll.md) -- [Search Users](/docs/directorymanager/11.1/admincenter/helpdesk/operation/search.md) -- [Export Users' List to a File](/docs/directorymanager/11.1/admincenter/helpdesk/operation/export.md) diff --git a/docs/directorymanager/11.1/admincenter/helpdesk/operation/resetpassword.md b/docs/directorymanager/11.1/admincenter/helpdesk/operation/resetpassword.md deleted file mode 100644 index 8b228c610b..0000000000 --- a/docs/directorymanager/11.1/admincenter/helpdesk/operation/resetpassword.md +++ /dev/null @@ -1,119 +0,0 @@ -# Reset Passwords - -Admin Center provides a variety of options to helpdesk users for resetting passwords and then -communicating them to users. - -NOTE: You can reset passwords of unenrolled users if (a) the **Reset Any Password** permission has -been granted to your role and (b) the Helpdesk policy for your role is set to the unrestricted mode. - -Helpdesk users may have to authenticate end users before resetting their passwords. See the -[Helpdesk Policy ](/docs/directorymanager/11.1/admincenter/helpdesk/overview.md#helpdesk-policy) topic. - -What do you want to do? - -- Reset Passwords in Unrestricted Mode -- Reset Passwords in Restricted Mode - -## Reset Passwords in Unrestricted Mode - -1. In Admin Center, click **Helpdesk** in the left pane. -2. The **Helpdesk** page opens to the **Helpdesk Operations** tab. Locate your required user. To - search for a user, see the[Search Users](/docs/directorymanager/11.1/admincenter/helpdesk/operation/search.md) topic. -3. Click the ellipsis button for the user and select **Reset Password**. For enrolled users, the - **Reset Password** dialog box has two pages: **Authenticate** and **Reset**. Under the - unrestricted mode, you can skip the former and move to the **Reset** page. For unenrolled users, - only the **Reset** page is available. - Use the **History** button to view user history, i.e., the actions performed on the user and by - the user. This history is specific to helpdesk functions, as listed in the - [History in Helpdesk](/docs/directorymanager/11.1/admincenter/helpdesk/history.md) topic. -4. The **Reset** page displays the user name, the identity store where this user resides, the last - time the user changed his or her password, and the lock status of the account. In case the user - has linked his or her accounts that exist in different identity stores, this page displays all - linked accounts that require a password reset. - Select an account to reset its password. -5. Depending on the password reset method enforced for your role, you can reset the password and - communicate the new password to the user, or you can generate a secure link and send it to the - user for resetting the password. - - - The **New Password** tab is displayed if you are authorized to generate a new password and - send it to the user. - - The **Secure Link** tab is displayed if you are authorized to send a secure link to the user. - - Both tabs are displayed if you are authorized to choose any password reset method. - -6. On the **New Password** tab: - - - Enter a password of your choice in the **Password** box or click **Generate Password** to - generate a random password. - - Select the user's mobile number and/or email address in the **Select Mobile** and **Select - Email** boxes to send the new password to the user by SMS or email or both. - -7. On the **Secure Link** tab: - - - Select the user's mobile number and/or email address in the **Select Mobile** and **Select - Email** boxes to send the secure link to the user by SMS or email or both. The user must click - this link to reset his or her password. - -8. Click **Reset Password**. - -## Reset Passwords in Restricted Mode - -In the restricted mode, you will not be able to reset passwords for unenrolled users. Further, you -could be restricted to: - -- Reset passwords of enrolled users residing in a specific OU. -- Authenticate enrolled users through the multifactor authentication policy applicable to the user - before resetting their passwords. The Security Questions authentication type may be mandatory. - -See the [Helpdesk Policy](/docs/directorymanager/11.1/admincenter/securityrole/policy/helpdesk.md) topic. - -**To reset a password in restricted mode:** - -1. In Admin Center, click **Helpdesk** in the left pane. -2. The **Helpdesk** page opens to the **Helpdesk Operations** tab. Locate your required user. To - search for a user, see the[Search Users](/docs/directorymanager/11.1/admincenter/helpdesk/operation/search.md) topic. -3. Click the ellipsis button for the user and select **Reset Password**. The **Reset Password** - dialog box has two pages: **Authenticate** and **Reset**. - Use the **History** button to view user history, i.e., the actions performed on the user and by - the user. This history is specific to helpdesk functions, as listed in the - [History in Helpdesk](/docs/directorymanager/11.1/admincenter/helpdesk/history.md) topic. -4. The **Authenticate** page displays the authentication type(s) the user's account is enrolled - with. You could be restricted to authenticate the user according to the authentication policy - that applies to the user. - Click the plus sign for an authentication type to expand it. - - - **Security Question** - - 1. Get the answers to the questions from the user and enter them in the answer boxes. - 2. Click **Verify** for each answer to verify it. - - - **Mobile** - - 1. The mobile number with which the user’s account is enrolled is displayed in the box. - Click **Send Code** to send an access code to the user’s mobile number. - 2. Get this access code from the user and enter it in the box. - 3. Click **Verify**. - - - **Email** - - 1. The email address with which the user's account is enrolled is displayed in the box. - Click **Send Code** to send an access code to the user’s email address. - 2. Get this access code from the user and enter it in the box. - 3. Click **Verify**. - - - **Authenticator** - - 1. Get a valid access code from the user, as displayed to him or her in the Authenticator - app and enter it in the box. - 2. Click **Verify**. - - NOTE: Helpdesk cannot authenticate users with the Link Account, YubiKey, and Windows Hello - authentication types. - -5. Click **Next**. -6. On the **Reset** page, you can reset the password. Follow step 4 and onwards in the Reset - Passwords in Unrestricted Mode topic for details. - -**See Also** - -- [Helpdesk](/docs/directorymanager/11.1/admincenter/helpdesk/overview.md) -- [Helpdesk Operations](/docs/directorymanager/11.1/admincenter/helpdesk/operation/overview.md) diff --git a/docs/directorymanager/11.1/admincenter/helpdesk/operation/search.md b/docs/directorymanager/11.1/admincenter/helpdesk/operation/search.md deleted file mode 100644 index c40ebd7d49..0000000000 --- a/docs/directorymanager/11.1/admincenter/helpdesk/operation/search.md +++ /dev/null @@ -1,58 +0,0 @@ -# Search Users - -Helpdesk users can search for users in specific identity store(s) or all identity stores defined in -Directory Manager. A search filter is also available to help you narrow down your search results. - -What do you want to do? - -- Perform a Search - -## Perform a Search - -1. In Admin Center, click **Helpdesk** in the left pane. -2. The **Helpdesk** page opens to the **Helpdesk Operations** tab. It lists all users from all - identity stores in Directory Manager (notice that _All_ is displayed in the **Identity store** - box). -3. Use the following options to filter users: - - - **Identity store box** - To get users from one or specific identity stores, click in the - **Identity store** box and select the check boxes for the identity stores you want to fetch - users from. - - **Search Users box** - Enter a search text and press _Enter_. Users with the first names, last - names, or email addresses matching the text are filtered and displayed. - - **Search filter** - You can also search users based on enrollment. Click **Filter(s)**. The - **Filter(s)** dialog box is displayed with the following options: - - - **Enrolled with:** click in the box and select the authentication type(s) to restrict - search to users enrolled with any of those authentication types. - - **Not Enrolled with:** click in the box and select the authentication type(s) to restrict - search to users not enrolled with any of those authentication types. - - Click **Apply**. Users matching the given criteria get listed. - -#### View Users' Information - -For a user, the following information is displayed: - -- **Name:** the display name of the user. -- **Store:** the name of the identity store and the domain the user resides in. -- **Is Locked:** displays whether the user account is locked or not. -- **Password Expires On:** the date when the user account password will expire. If the password is - set to _Never Expire_, then _Never Expires_ is displayed here. -- **Last Password Set:** the time since the user last changed their password, for example, 'one year - ago'. For users who never changed their passwords, _Never_ is displayed. -- **Enrolled With:** the authentication types used to enroll the account in the identity store. For - users who have not enrolled their accounts, _Not Enrolled_ is displayed. - -Use the pagination options at the bottom of the listing to navigate through records. - -Click the ellipsis button for a user to perform any of these actions: - -- Reset password -- Unlock account -- Send enrollment reminder -- Unenroll account - -**See Also** - -- [Helpdesk](/docs/directorymanager/11.1/admincenter/helpdesk/overview.md) -- [Helpdesk Operations](/docs/directorymanager/11.1/admincenter/helpdesk/operation/overview.md) diff --git a/docs/directorymanager/11.1/admincenter/helpdesk/operation/unlockaccount.md b/docs/directorymanager/11.1/admincenter/helpdesk/operation/unlockaccount.md deleted file mode 100644 index 4c7402ed7f..0000000000 --- a/docs/directorymanager/11.1/admincenter/helpdesk/operation/unlockaccount.md +++ /dev/null @@ -1,61 +0,0 @@ -# Unlock Accounts - -Administrators can enforce an account lockout policy for a domain that locks a user account after a -certain number of failed login attempts. This secures a machine from unauthorized access. However, -legitimate users may also get locked out; typically because of a typo or they could not recall their -password correctly. - -In such a situation as this, helpdesk users can unlock user accounts in an identity store. - -Helpdesk may have to authenticate users before unlocking their accounts. See the -[Helpdesk Policy ](/docs/directorymanager/11.1/admincenter/helpdesk/overview.md#helpdesk-policy) topic. - -NOTE: You can unlock the account of unenrolled users if (a) the **Unlock Any Account** permission -has been granted to your role and (b) the Helpdesk policy for your role is set to the unrestricted -mode. - -## Unlock User Accounts in Unrestricted Mode - -Step 1 – In Admin Center, click **Helpdesk** in the left pane. - -Step 2 – The Helpdesk page opens to the Helpdesk Operations tab. Locate your required user. To -search for a user, see the[Search Users](/docs/directorymanager/11.1/admincenter/helpdesk/operation/search.md) topic. - -Step 3 – Click the ellipsis button for the user and select **Unlock Account**. For enrolled users, -the Unlock Account dialog box has two pages: Authenticate and Unlock. Under the unrestricted mode, -you can skip the former and move to the **Unlock** page. For unenrolled users, only the Unlock page -is available. -Use the **History** button to view user history, i.e., the actions performed on the user and by the -user. This history is specific to helpdesk functions, as listed in the -[History in Helpdesk](/docs/directorymanager/11.1/admincenter/helpdesk/history.md) topic. - -Step 4 – The Unlock page displays the user name, the identity store where this user resides, the -last time the user changed his or her password, and the lock status of the account. In case the user -has linked his or her accounts that exist in different identity stores, this page displays all -linked accounts that are locked. -To unlock an account, select the check box for it and click **Unlock**. - -## Unlock User Accounts in Restricted Mode - -Step 1 – In Admin Center, click **Helpdesk** in the left pane. - -Step 2 – The Helpdesk page opens to the Helpdesk Operations tab. Locate your required user. To -search for a user, see the[Search Users](/docs/directorymanager/11.1/admincenter/helpdesk/operation/search.md) topic. - -Step 3 – Click the ellipsis button for the user and select **Unlock Account**. The Unlock Account -dialog box has two pages: Authenticate and Unlock. -Use the **History** button to view user history, i.e., the actions performed on the user and by the -user. This history is specific to helpdesk functions, as listed in the -[History in Helpdesk](/docs/directorymanager/11.1/admincenter/helpdesk/history.md) topic. - -Step 4 – The Authenticate page displays the authentication type(s) the user's account is enrolled -with. to authenticate the user, follow step 4 in the -[Reset Passwords in Restricted Mode](resetpassword.md#reset-passwords-in-restricted-mode) topic. - -Step 5 – After authenticating the user, click **Next**. - -Step 6 – The Unlock page displays the user name, the identity store where this user resides, the -last time the user changed his or her password, and the lock status of the account. In case the user -has linked his or her accounts that exist in different identity stores, this page displays all -linked accounts that are locked. -To unlock an account, select the check box for it and click **Unlock**. diff --git a/docs/directorymanager/11.1/admincenter/helpdesk/overview.md b/docs/directorymanager/11.1/admincenter/helpdesk/overview.md deleted file mode 100644 index 802553fb63..0000000000 --- a/docs/directorymanager/11.1/admincenter/helpdesk/overview.md +++ /dev/null @@ -1,70 +0,0 @@ -# Helpdesk - -The Admin Center Helpdesk section enables administrators and helpdesk users to perform -helpdesk-specific tasks, such as: - -- Unlock user accounts and reset passwords on behalf of users in an identity store. -- Notify users to enroll their accounts. -- Unenroll user accounts from identity stores. -- View users' activities, such as enrollment, authentication, account unlock, and password-related - functions. Toast notifications and history tracking are also enabled for these actions. See the - [Helpdesk Operations](/docs/directorymanager/11.1/admincenter/helpdesk/operation/overview.md) topic for additional information. - -NOTE: The Admin Center for helpdesk role is available in Helpdesk mode only. By default, only the -Helpdesk node of Admin Center is visible to the Helpdesk role members. The administrator can also -restrict access of a security role by selecting the Helpdesk Role check box on the Security Role -page. See the [Create a Security Role](/docs/directorymanager/11.1/admincenter/securityrole/create.md) topic for additional information. - -## Helpdesk Permissions - -A security role must have the following permissions in an identity store to perform -helpdesk-specific functions: - -- Reset Any Password -- Unlock Any Account -- Unenroll - -See [Password Management](/docs/directorymanager/11.1/admincenter/securityrole/permissions.md#password-management) in the -[Security Role – Permissions](/docs/directorymanager/11.1/admincenter/securityrole/permissions.md) topic. - -## Helpdesk Policy - -The administrator can define a Helpdesk policy for a user role in an identity store. This policy -mainly defines whether helpdesk role members should operate under the restricted or unrestricted -mode to perform the account unlock and reset password functions. - -NOTE: In unrestricted mode, helpdesk can unlock accounts and reset passwords of both enrolled and -unenrolled users. In restricted mode, helpdesk can perform these functions for enrolled users only. - -See the [Helpdesk Policy](/docs/directorymanager/11.1/admincenter/securityrole/policy/helpdesk.md) topic. - -## Helpdesk Analytics - -The dashboard in Admin Center offers insightful information to the administrator and helpdesk on -users' activities (such as enrollment, account unlock, and password reset) in an identity store. - -The dashboard displays the following helpdesk-specific cards: - -- [Enrollment Summary](/docs/directorymanager/11.1/admincenter/general/dashboard.md#enrollment-summary): displays the number of enrolled - users in an identity store. -- [Auth Summary](/docs/directorymanager/11.1/admincenter/general/dashboard.md#auth-summary): displays information about failed and - successful authentication attempts for each authentication type. -- [Activity Summary](/docs/directorymanager/11.1/admincenter/general/dashboard.md#activity-summary): displays a summary of users' - activities related to password change, password reset, account unlock, and enrollment. - -## Desktop Notifications - -You can enable desktop notification for Directory Manager in browser settings. In this way, a user -signed into Admin Center on the respective machine will receive desktop notifications when an -end-user performs any of the following actions in the Directory Manager portal: - -- Resets account password -- Changes account Password -- Unlocks Account -- Links Account -- Unlinks Account -- Enrolls account -- Authenticates with password, authentication types, or any other medium - -These actions are also logged in helpdesk history. See the [History in Helpdesk](/docs/directorymanager/11.1/admincenter/helpdesk/history.md) topic -for additional information. diff --git a/docs/directorymanager/11.1/admincenter/history.md b/docs/directorymanager/11.1/admincenter/history.md deleted file mode 100644 index a24bd25f5e..0000000000 --- a/docs/directorymanager/11.1/admincenter/history.md +++ /dev/null @@ -1,61 +0,0 @@ -# History in Directory Manager - -In Directory Manager, history is tracked for: - -- Admin Center - Actions performed in Admin Center, such as creating identity stores, SMS gateway - accounts, changes to notification templates, and more. See the - [Admin Center History](/docs/directorymanager/11.1/admincenter/general/history.md) topic to view the history. -- Helpdesk - Helpdesk-specific actions, such as account unlock and enrollment. See the - [History in Helpdesk](/docs/directorymanager/11.1/admincenter/helpdesk/history.md) topic to view the history. -- Identity store configurations - Changes made to identity store configurations, including changes - to security roles and workflows. See the [Identity Store History](/docs/directorymanager/11.1/admincenter/identitystore/history/view.md) - topic to view the history. -- Identity store objects - Modifications made to objects in an identity store, such as creating - objects, updating attributes for an object, etc. It includes modifications made through: - - - Directory Manager portal (whether manually, through Synchronize jobs. or changes to object - entitlements) - - Management Shell cmdlets - - Admin Center (actions performed by schedules only) - - Directory Manager APIs - - See the [History](/docs/directorymanager/11.1/portal/history/overview.md) topic to view this history. - -Enable History Tracking - -History for Admin Center and helpdesk is tracked by default and you cannot disable it. - -However, history for identity store configurations and objects is disabled by default. You can -enable it for an identity store as well as choose to track all or specific actions. See the -[Configure History Tracking](/docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/historytracking.md) topic. - -Where is History Displayed? - -- History for Admin Center, helpdeak, and identity store configurations is displayed in Admin - Center, each displayed on separate pages. -- History for identity store objects is displayed in the Directory Manager portal. - -History Retention - -The _history retention_ setting for an identity store enables you to choose whether you want to keep -history data forever or for a specific period. See the -[Retain Complete History Data](identitystore/configure/directoryservice/historytracking.md#retain-complete-history-data) -and -[Retain History for a Specific Period](identitystore/configure/directoryservice/historytracking.md#retain-history-for-a-specific-period) -topics. Your desired setting applies to all history tracked for the respective identity store, -including that tracked for helpdesk and Admin Center. - -NOTE: Actions tracked under Admin Center history are independent of an identity store. In this case, -history retention settings apply to a history item in the context of the identity store selected by -the user to log into Admin Center to perform that action. -**Example:** UserA selects IdentityStoreA to sign into Admin Center and creates an SMS gateway -account. This user then selects IdentityStoreB to sign into Admin Center and creates a Directory -Manager portal. Both actions are logged in Admin Center history. However, history retention setting -of IdentityStoreA will apply to the SMS gateway account creation action and that of IdentityStoreB -will apply to the Directory Manager portal creation action. - -Event Logging - -In addition to history tracking, Directory Manager provides event logging, which includes file -logging and Windows logging for Directory Manager clients and services. See the -[Event Logging](/docs/directorymanager/11.1/admincenter/identitystore/history/eventlogging.md) topic. diff --git a/docs/directorymanager/11.1/admincenter/identitystore/configure.md b/docs/directorymanager/11.1/admincenter/identitystore/configure.md deleted file mode 100644 index fde6edc076..0000000000 --- a/docs/directorymanager/11.1/admincenter/identitystore/configure.md +++ /dev/null @@ -1,95 +0,0 @@ -# Configure an Identity Store - -Various configurations can be defined for an identity store. - -**To manage configurations:** - -1. In Admin Center, click **Identity Stores** in the left pane. -2. On the **Identity Stores** page, click the ellipsis button for an identity store and select - **Edit**. -3. You can configure the following for an identity store: - - - Identity Store-specific Configurations - - Security Roles - - Replication Settings - - Identity Store History - - Workflows - - Entitlements - - Schedules - -## Identity Store-specific Configurations - -The following configurations have to be defined for an identity store: - -- An SMTP server for sending email notifications. See the - [Configure an SMTP Server](/docs/directorymanager/11.1/admincenter/identitystore/configure/smtpserver.md) topic. -- Authentication types and policies. See the [Authentication Policy](/docs/directorymanager/11.1/admincenter/identitystore/configure/authpolicy.md) topic. -- A group life cycle policy that controls the expiry and deletion of groups in the identity store. - See the [Manage Group Lifecycle Settings](/docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/grouplifecycle.md) topic. -- Membership life cycle policies for static groups. See the - [Manage Membership Life Cycle Policies](/docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/membershiplifecycle.md) topic. -- Inheritance settings for Dynasties. See the - [Manage Dynasty Settings](/docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/dynastysettings.md) topic. -- Group update and membership settings. See the - [Manage Group Membership Settings](/docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/outofbounds.md) topic. -- Group name prefixes, which are used to append group names. See the - [Group Name Prefixes](/docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/prefixes.md) topic. -- Settings for history tracking. See the - [Configure History Tracking](/docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/historytracking.md) topic. -- A messaging provider so that mail-enabled objects can be created in the identity store. See the - [Configure a Messaging Provider](/docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/messagingprovider.md) topic. -- Profile validation settings to ensure the accuracy of users’ information in the directory. See the - [Configure User Profile Validation](/docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/profilevalidation.md) topic. -- Circular reference settings for object update. See the - [Manage Circular Reference ](/docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/circularreference.md)topic. -- Password restrictions and rules for setting identity store passwords. See the - [Configure Password Options](/docs/directorymanager/11.1/admincenter/identitystore/configure/security/passwordoptions.md) topic. - -## Security Roles - -An identity store has security roles defined for it, and only role members can access Directory -Manager. See the [Security Roles](/docs/directorymanager/11.1/admincenter/securityrole/overview.md) topic. - -You can specify the following configurations for a role: - -- Assign permissions on different Directory Manager functions. See the - [Security Role – Permissions](/docs/directorymanager/11.1/admincenter/securityrole/permissions.md) topic. -- Specify policies for roles. See the [Security Role Policies](/docs/directorymanager/11.1/admincenter/securityrole/policy/overview.md) - topic. - -## Replication Settings - -The Replication service is responsible for replicating objects that are created or modified directly -on the directory server, to the Elasticsearch repository. You can specify the attributes for the -Replication Service to replicate from the provider to the Elasticsearch repository. - -See the [Manage Local Replication Settings](/docs/directorymanager/11.1/admincenter/identitystore/replication.md) topic for details. - -## Identity Store History - -You can view the changes made to an identity store’s configurations, workflows, and security roles -in an identity store. See the [Identity Store History](/docs/directorymanager/11.1/admincenter/identitystore/history/view.md) topic. - -## Workflows - -Workflows are a built-in auditing system to ensure that changes made to directory objects are -approved by an authorized user before they are committed to the directory. - -You can define different workflows for an identity store. For example, you can define a workflow -that triggers when a user creates a group in the directory using Directory Manager. See the -[Workflows](/docs/directorymanager/11.1/admincenter/workflow/overview.md) topic for details. - -## Entitlements - -Specify file servers in Active Directory and SharePoint sites to view and update the permissions -assigned to objects on shared resources. See the [Entitlement](/docs/directorymanager/11.1/admincenter/entitlement/overview.md) topic. - -## Schedules - -Define schedules to auto execute different Directory Manager functions, such as group expiry and -deletion, Smart Group membership update, temporary additional manager assignment to users, and more. -See the [Schedules](/docs/directorymanager/11.1/admincenter/schedule/overview.md) topic. - -**See Also** - -- [Manage an Identity Store](/docs/directorymanager/11.1/admincenter/identitystore/manage.md) diff --git a/docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/grouplifecycle.md b/docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/grouplifecycle.md deleted file mode 100644 index 3d8e153f64..0000000000 --- a/docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/grouplifecycle.md +++ /dev/null @@ -1,292 +0,0 @@ -# Manage Group Lifecycle Settings - -Directory Manager can effectively manage group life cycle through all stages, from creation to -deletion. It enables you to define the following setting to control the group life cycle in an -identity store: - -- A default expiry policy for groups -- Exclude groups from expiration and deletion -- Prevent the expiry of security groups -- Wait period for deleting expired groups -- Group usage life cycle -- Group attestation -- Notifications for expiring groups - -Of these, only the first setting, i.e., the group expiry policy, can be changed for individual -groups. All other settings apply to all groups in the identity store and cannot be changed for -individual groups. - -The Group Life Cycle schedule defined for the identity store is responsible for applying the group -life cycle settings to groups. This schedule runs on containers you specify as its targets, to -process the groups that reside therein. Groups that reside outside of the target containers will not -be processed by the schedule; hence, the group life cycle policy is not applied to them. See the -[Group Life Cycle Schedule](/docs/directorymanager/11.1/admincenter/schedule/grouplifecycle.md) topic. - -NOTE: Before you specify a group life cycle policy for a Microsoft Entra ID identity store, see the -[Group Expiration Policy](/docs/directorymanager/11.1/admincenter/identitystore/advsentraid.md#group-expiration-policy) section in the -[Microsoft Entra ID vs. Active Directory Identity Stores](/docs/directorymanager/11.1/admincenter/identitystore/advsentraid.md) topic. - -What do you want to do? - -- Set a Default Expiry Policy for Groups -- Apply Policy on Specific Containers -- Exempt Security Groups from Expiry -- Auto Delete Expired Groups -- Enable Group Usage Lifecycle -- Enable Group Attestation -- Set Group Expiry Notifications - -## Set a Default Expiry Policy for Groups - -The expiry policy specifies the period for which a group remains active. When the period ends, the -group expires. - -When a group is created, it inherits the default expiry policy, but you can change it for individual -groups. The Group Life Cycle schedule executes the Group Lifecycle policy as defined for the -identity store, but monitors group expiry dates as determined by each group’s expiry policy. This -job expires groups according to their respective expiry policy. - -**To set a default expiry policy:** - -1. In Admin Center, click **Identity Stores** in the left pane. -2. On the **Identity Stores** page, click the ellipsis button for an identity store and select - **Edit**. -3. Click **Configurations** under **Settings** in the left pane. Then click **Group Lifecycle**. -4. In the **Default Expiration Policy** drop-down list on the **Group Lifecycle** page, select an - expiration criterion that you want to set as default. Options are: - - - Never Expire - - Expire Every 30 Days - - Expire Every 60 Days - - Expire Every 90 Days - - Expire Every 120 Days - - Expire Every 6 Months - - Expire Every Year - - Other: On selecting this, two boxes are displayed. Select a unit of time (years, months, days) - from the second list and specify a number in the first box to set a custom period for group - expiration. - -5. Click **Save**. - -## Apply Policy on Specific Containers - -By default, the Group Life Cycle schedule evaluates all groups that reside in the container(s) -specified as its targets, and processes them according to the group lifecycle policy. However, you -can exempt containers from the Group Life Cycle schedule, so that it does not process the groups in -those containers. - -**To limit the policy to specific containers:** - -1. In Admin Center, click **Identity Stores** in the left pane. -2. On the **Identity Stores** page, click the ellipsis button for an identity store and select - **Edit**. -3. Click **Configurations** under **Settings** in the left pane. Then click **Group Lifecycle**. -4. On the **Group Lifecycle** page, select one of the following options: - - - **Do not apply policy on following containers** - - 1. Select this option and click **Add/Modify Container(s)**. - 2. On the **Add Container(s)** dialog box, select the containers you want to exempt from the - Group Lifecycle policy settings and click **Add**. The selected containers are displayed - in the **Container(s)** area. The Group Life Cycle schedule will not process the groups - in these containers even when they are set as its targets. - - - **Apply policy only on following containers** - - 1. Select this option and click **Add/Modify Container(s)**. - 2. In the **Add Container(s)** dialog box, select the container(s) you want to apply the - Group Lifecycle policy to, and click **Add**. The selected containers are displayed in - the **Container(s)** area. The Group Life Cycle schedule will only process groups in - these containers in the identity store. - -5. Click **Save**. - -NOTE: If a container is set as target in a Group Life Cycle schedule while it is also listed as an -exempted container in the Group Lifecycle policy, the schedule does not process it. As a result, -different aspects of the Group Lifecycle policy, such as group expiry and group attestation does not -apply to groups in the container. - -## Exempt Security Groups from Expiry - -By default, security group expiration is disabled, indicating that security groups in the identity -store cannot be expired either manually or by the Group Life Cycle schedule. You must enable it to -expire security groups. - -When a security group expires, its membership is cleared. However, Directory Manager keeps a backup -of its membership in the database. - -NOTE: In a Microsoft Entra ID identity store, the security group expiry option also applies to -Office 365 groups. - -**The security group expiration paradox** - -A security group may grant or restrict access to network resources to its members. Enabling security -group expiry may pose a problem; the members of an expired security group will get undesired access -to network resources, or will be denied access to resources that were assigned to it. - -To manage this, make sure your critical security groups reside in the OU that the expiry policy does -not apply to. Use the **Do not apply policy on following containers** option to set the OU aside -(see the Apply Policy on Specific Containers topic). In this way, those groups will not expire even -if you enable the expiry of security groups. - -**To enable security group expiry:** - -1. In Admin Center, click **Identity Stores** in the left pane. -2. On the **Identity Stores** page, click the ellipsis button for an identity store and select - **Edit**. -3. Click **Configurations** under **Settings** in the left pane. Then click **Group Lifecycle**. -4. On the **Group Lifecycle** page, select the **Expire Security Groups** check box to allow the - expiry of security groups in the identity store. (Security groups can be expired manually and by - the Group Life Cycle schedule.) - Clear the check box to prevent the expiry of security group. -5. Click **Save**. - -## Auto Delete Expired Groups - -You can set Directory Manager to auto delete expired groups x number of days after expiry. These -wait days apply to both auto expired and manually expired groups. The Group Life Cycle schedule is -responsible for deleting expired groups. These auto deleted groups are called logically deleted -groups. - -**To set wait days:** - -1. In Admin Center, click **Identity Stores** in the left pane. -2. On the **Identity Stores** page, click the ellipsis button for an identity store and select - **Edit**. -3. Click **Configurations** under **Settings** in the left pane. Then click **Group Lifecycle**. -4. On the **Group Lifecycle** page, select the **Delete Expired Groups** check box and type the - number of days after which you want an expired group to be deleted, starting from the expiry - date. -5. Click **Save**. - -## Enable Group Usage Lifecycle - -You can set the expiry of mail-enabled distribution groups based on their usage. It is as: - -- If an expiring group is used in the last x number of days, it will be renewed by reapplying the - expiry policy to it. -- If a group is not used in the last x number of days, its life will be reduced to 7 days. - -The Group Usage Service schedule time stamps each mail-enabled distribution group with respect to -its last usage. The Group Life Cycle schedule extends or reduces the life of a group based on this -information. - -**To enable group usage lifecycle:** - -1. In Admin Center, click **Identity Stores** in the left pane. -2. On the **Identity Stores** page, click the ellipsis button for an identity store and select - **Edit**. -3. Click **Configurations** under **Settings** in the left pane. Then click **Group Lifecycle**. -4. On the **Group Lifecycle** page, use the toggle button for **Extend** **or reduce the life of - mail-enabled groups** to enable group usage lifecycle. -5. Select one of the following options: - - - **Extend group life if used in last x Days:** select this option button and specify x number - of days in the box to prevent your active mail-enabled distribution groups from expiry. If an - expiring group is used in the last x number of days, the Group Life Cycle schedule will renew - it by reapplying its expiry policy. - - **Reduce group life if not used in last x Days:** select this option button and specify x - number of days in the box to reduce the life of mail-enabled distribution groups that have not - received any email in the last x number of days. - - By default, this setting works for groups that are idle for 60 days since their creation, - last renewal, or last usage. You can change the number of days anywhere from 1 to 360. The - Group Life Cycle schedule will reduce the life of such groups to 7 days and send an email - notification to the group owner or the default approver (for groups without owners), - informing them of the approaching expiry. See the - [Specify a Default Approver](/docs/directorymanager/11.1/admincenter/workflow/advancedsettings.md#specify-a-default-approver) - topic. - -6. Click **Save**. - -## Enable Group Attestation - -You can enforce group owners to review and validate the attributes and membership of expiring groups -before renewing them. While enabling group attestation, consider the following: - -- Group attestation does not apply to groups that have ‘Never Expire’ as their expiry policy. -- The Membership Life Cycle schedule must be defined for the identity store. -- Group attestation does not apply to excluded containers. See the Apply Policy on Specific - Containers topic. -- With group attestation enabled, the Group Usage Lifecycle settings cannot be applied. If those - settings are already defined, they get disabled when you enable group attestation. See the the - Enable Group Usage Lifecycle topic. -- For attestation, group owners must use the Directory Manager portal. -- In the default portal template, a few fields (attributes) for group attestation are specified. You - can add and remove fields to include those that you want group owners to validate and update. -- In case of a Dynasty, parent and child Dynasties have to be attested individually. Child Dynasties - include both middle and leaf Dynasties. However, child Dynasties cannot be renewed after - attestation, as they are renewed with their respective parent Dynasty. -- When attesting the membership of a parent Dynasty, child Dynasty, or a Smart Group, the members - list does not include group objects for attestation. Only users and contacts are displayed. When - attesting static groups, however, the members list also includes groups for attestation. - -**To enable group attestation:** - -1. In Admin Center, click **Identity Stores** in the left pane. -2. On the **Identity Stores** page, click the ellipsis button for an identity store and select - **Edit**. -3. Click **Configurations** under **Settings** in the left pane. Then click **Group Lifecycle**. -4. On the **Group Lifecycle** page, use the toggle button for **Enforce group owners to attest - expiring groups** to enable group attestation for the identity store. -5. Select the **Enforce user to verify each member** check box to enforce group owners to verify - each group member one by one (by individually specifying the status of each member as _active_ or - _inactive_). When this check box is not selected, group owners can select all members in a single - click and specify their status as _active or inactive_. -6. You can specify the duration for which inactive members remain in group membership. - - - Select the **Specify member inactive period** check box and specify a duration in days (for - example, 5). When the status of a member is set to _inactive_, he or she is instantly removed - from group membership in the directory. In Directory Manager, however, he or she remains a - group member till the specified number of days, starting from the inactivation date. During - this period, the member can be activated (added back to group membership). If the member is - not activated, the Membership Life Cycle schedule removes it from group membership in - Directory Manager when the specified number of days lapse. - - If you want inactive members to be instantly removed from group membership in the directory - and in Directory Manager, do one of the following: - - - Select the **Specify member inactive period** check box and specify ‘0’ in the box. - - Do not select the **Specify member inactive period** check box. - -7. Click **Save**. - -## Set Group Expiry Notifications - -You can choose to send email notifications 1 day, 7 days, or 30 days before a group expires, to -inform the group owners (or the default approver when the group has no primary or additional owners) -about the approaching expiry. - -**To set group expiry notifications:** - -1. In Admin Center, click **Identity Stores** in the left pane. -2. On the **Identity Stores** page, click the ellipsis button for an identity store and select - **Edit**. -3. Click **Configurations** under **Settings** in the left pane. Then click **Group Lifecycle**. -4. In the **Notification Options** section on the **Group Lifecycle** page, select any of the - following options to specify when group expiry notifications should be sent: - - - 1 day before group expiration - - 7 days before group expiration - - 30 days before group expiration - -5. Click **Save**. - -**Group expiry notifications and the Group Lifecycle schedule** - -The Group Life Cycle schedule handles group expiry notifications as follows: - -- When no option is selected for expiry notifications, the schedule expires the groups in the - identity store without notifying anyone. -- When notifications are enabled, the schedule notifies the primary and additional owners of the - group, or the default approver (in case the group has no owner) about the approaching expiry. In - case the notification could not be sent or no recipient is available, the schedule extends the - expiry date of the group by 7 days on the group’s expiry day. It continues to do so until the - notification is sent. -- When the **1 day before group expiration** option is selected for sending notifications and the - Group Life Cycle schedule evaluates the group for the first time a day before its expiration date, - Directory Manager will extend the group’s expiration date by 7 days. - -**See Also** - -- [Schedules](/docs/directorymanager/11.1/admincenter/schedule/overview.md) -- [ Group Expiry and Deletion](/docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/groupexpirydeletion.md) diff --git a/docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/membershiplifecycle.md b/docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/membershiplifecycle.md deleted file mode 100644 index ac4e4a06ef..0000000000 --- a/docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/membershiplifecycle.md +++ /dev/null @@ -1,271 +0,0 @@ -# Manage Membership Life Cycle Policies - -A membership lifecycle policy enables you to specify a period, so that all members added or removed -from specific group(s) during that period are treated as temporary addition or removal respectively. - -You can define a membership policy for groups and OUs. In case of an OU, the policy applies to all -groups in that OU. The Membership Life Cycle schedule is responsible for applying membership -lifecycle policies to groups. - -NOTE: Membership lifecycle policies apply to static groups only. You cannot specify system critical -objects, Smart Groups, and Dynasties as target groups in a policy. - -NOTE: When Smart Groups and Dynasties reside in a target OU, Directory Manager does not process -them. - -## Types of Membership Lifecycle Policies - -You can define two types of membership life cycle policies: - -- **Add temporary** - Users added to group membership during a specified period will be temporary - members, to be removed from membership at the end of the period. If this policy is extended to - existing group members, then all members (including permanent members) will be removed from group - membership when the period ends. -- **Remove temporary** - Users added to group membership during a specified period will be - temporarily removed on addition, to be permanently added to group membership at the end of the - period. If this policy is extended to existing group members, then all members (including - permanent members) will be temporarily removed from group membership for the specified period. At - the end of the period, they will be added back as permanent members. - -## Key Features - -Some main features of the membership lifecycle policies are: - -- **Groups with nested membership** - If a policy is applied to a group with nested membership, it - does not affect nested membership. For an OU with nested OUs, the policy applies to all nested - OUs. -- **Groups with different settings for individual members** - When a policy is applied to a group - having members with temporary addition or removal applied to them individually, then individual - member settings take precedence over the group policy. Temporary addition or removal applied to - individual members remains intact when you remove a policy from a group or OU. -- **Single policy rule** - A single policy can be applied to a group or an OU at a time. Hence, a - group or OU cannot be set as the target in more than one policy. If you apply a policy to an OU - that contains a group with a different policy already applied to it, then the group policy would - be effective. -- **Notifications** - Directory Manager generates notifications when users are temporarily added or - removed from a group’s membership. See the - [Manage Membership Life Cycle Notifications](/docs/directorymanager/11.1/admincenter/identitystore/configure/smtpserver.md#manage-membership-life-cycle-notifications) - topic. - -What do you want to do? - -- Specify an ‘Add Temporary’ Membership Policy -- Specify a ‘Remove Temporary’ Membership Policy -- Edit a Policy -- Reapply a Policy -- Delete a Policy - -## Specify an ‘Add Temporary’ Membership Policy - -An _add temporary_ membership policy states that all members added to the target groups during a -certain period will be temporary. When the period ends, they will be removed from group membership. - -**To define a policy:** - -1. In Admin Center, click **Identity Stores** in the left pane. -2. On the **Identity Stores** page, click the ellipsis button for an identity store and select - **Edit**. -3. Click **Configurations** under **Settings** in the left pane. Then click **Membership Life - Cycle**. - The **Group/OU Based Membership Lifecycle** page displays any group/OU based membership policy - already defined. -4. Click **Add**; the **Add Group/OU Based Membership Lifecycle Policy** dialog box is displayed. -5. In the **Membership Type** drop-down list, select _Add Temporary_. -6. To specify a duration for the policy, select one of these options: - - - Click **Days** and in the box below, specify the number of days the policy will apply to - target group(s), starting from today. - - Click **Custom** and specify a date range in the **Starting Date** and **Ending Date** boxes. - The starting date must be the current or future date. - -7. Specify groups and OUs to apply the policy to. - - - In the **Add Group and OU to Membership Policy** area, enter a search string in the box. Group - and OU names starting with the string are displayed as you type. Click **Add** for an object - to add it to the policy. - - Or - - - Click **Advanced** to search an object by different parameters, such as name, display name, - and email. - - The selected objects are displayed with their type (can be group or OU), display name, and - distinguished name. - - - For a container, the policy applies to all groups residing in it and its sub-containers. - - For a group, the policy does not apply to any groups that are nested into your selected - group(s). - - To remove an object, click **Remove** for it. - -8. Click **Add**. -9. On the **Apply Policy to Existing Members** message box, do one of the following: - - - Click **Yes** to extend the policy to include the target groups’ existing membership. All - members of the target group(s) convert to temporary at the start of the period, and get - removed from the respective group(s) when the period ends. Simply put, a group’s membership - will be emptied when the period ends. Membership change is also logged in the group’s history. - - Click **No** to apply the policy to new members only and exempt existing members. - -10. The policy is displayed on the **Group/OU Based Membership Life Cycle** page. Click **Save**. - To view the impact of the policy, go to the properties of a target group in the Directory - Manager portal. - -## Specify a ‘Remove Temporary’ Membership Policy - -A _remove temporary_ policy states that all members added to the target group(s) during a certain -period will be temporarily removed from membership. When the period ends, those members would be -added back as permanent members. - -**To define a policy:** - -1. In Admin Center, click **Identity Stores** in the left pane. -2. On the **Identity Stores** page, click the ellipsis button for an identity store and select - **Edit**. -3. Click **Configurations** under **Settings** in the left pane. Then click **Membership Life - Cycle**. - The **Group/OU Based Membership Life Cycle** page displays any group/ OU based membership policy - already defined. -4. Click **Add**; the **Add Group/OU Based Membership Lifecycle Policy** dialog box is displayed. -5. In the **Membership Type** drop-down list, select _Remove Temporary_. -6. To specify a duration for the policy, select one of these options: - - - Click **Days** and in the box below, specify the number of days the policy will apply to - target group(s), starting from today. - - Click **Custom** and specify a date range in the **Starting Date** and **Ending Date** boxes. - The starting date must be the current or future date. - -7. Specify groups and OUs to apply the policy to. - - - In the **Add Group and OU to Membership Policy** area, enter a search string in the box. Group - and OU names starting with the string are displayed as you type. Click **Add** for an object - to add it to the policy. - - Or - - - Click **Advanced** to search an object by different parameters, such as name, display name, - and email. - - The selected objects are displayed with their type (can be group or OU), display name, and - distinguished name. - - - For a container, the policy applies to all groups residing in it and its sub-containers. - - For a group, the policy does not apply to any groups that are nested into your selected - group(s). - - To remove an object, click **Remove** for it. - -8. Click **Add**. -9. On the **Apply Policy to Existing Members** message box, do one of the following: - - - Click **Yes** to extend the policy to include the target groups’ existing membership. All - membership of the target group(s) is temporarily removed at the start of the period, and is - added back as permanent members when the period ends. Membership change is also logged in the - group’s history. - - Click **No** to apply the policy to new members only and exempt existing members. - -10. The policy is displayed on the **Group/OU Based Membership Life Cycle** page. Click **Save**. - To view the impact of the policy, go to the properties of a target group in the Directory - Manager portal. - -## Edit a Policy - -You can edit a policy to change its details. - -Let’s assume you have an ‘add temporary’ policy with May 1 and May 31 set as starting and ending -dates. By May 14, User A and User B are added as temporary members, to be removed from membership on -May 31. - -On May 15, you change the policy’s ending date to May 20. The new ending date will apply to members -that are added to the group hence onwards; it does not apply to User A and User B, who will still be -removed on May 31. However, if the policy is applied to existing members, User A and User B will -also be removed from membership on May 20. - -**To edit a policy:** - -1. In Admin Center, click **Identity Stores** in the left pane. -2. On the **Identity Stores** page, click the ellipsis button for an identity store and select - **Edit**. -3. Click **Configurations** under **Settings** in the left pane. Then click **Membership Life - Cycle**. -4. On the **Group/OU Based Membership Life Cycle** page, click the ellipsis button for a policy and - select **Edit**. -5. Make the required changes to the policy on the **Edit Group/OU Based Membership Lifecycle - Policy** dialog box. - - - For an _add temporary_ policy, follow step 5 and onwards in the Specify an ‘Add Temporary’ - Membership Policy topic. - - For a _remove temporary_ policy, follow step 5 and onwards in the Specify a ‘Remove Temporary’ - Membership Policy topic. - -6. On the **Group/OU Based Membership Life Cycle** page, click **Save**. - -## Reapply a Policy - -You need to reapply a policy when: - -- A new group is created in the policy’s target OU through the identity provider, such as Active - Directory. To extend the policy to the new group, you have to reapply it. -- A group is moved to a target OU using Directory Manager or the identity provider. - -You do not need to reapply a policy when a new group is created in the policy’s target OU through -Directory Manager. In this case, the policy is automatically applied. - -Consider the following: - -- If a policy has been defined for future dates and you add a group to a target OU before the start - date, you must reapply the policy. Reapplying a policy when no group has been added to a target OU - has no impact. -- If you add a group to a target OU of a policy that is currently active, you must reapply it to - extend the policy to that group. -- When you reapply a policy after its effective dates, it has no impact. - **Example:** Let’s assume a policy is active from Jan. 20-31. Reapplying it on Feb 1 will have no - impact.\ - -NOTE: When you move a group from a target OU in a policy (OUA) to an OU that is not the target of -any policy (OUB), the policy applied to the group in OUA will continue to apply to till its end -date. - -**To reapply a policy:** - -1. In Admin Center, click **Identity Stores** in the left pane. -2. On the **Identity Stores** page, click the ellipsis button for an identity store and select - **Edit**. -3. Click **Configurations** under **Settings** in the left pane. Then click **Membership Life - Cycle**. -4. On the **Group/OU Based Membership Life Cycle** page, click the ellipsis button for a policy and - select **Reapply**. -5. On the **Reapply Membership Lifecycle Policy** dialog box, click **Yes** to reapply the policy to - the target groups’ new and existing members or **No** to close the dialog box without reapplying - the policy. -6. Click **Save**. - -## Delete a Policy - -Deleting a membership lifecycle policy has the following impact: - -- When a policy is deleted before or after its effective dates, it has no impact. -- When a policy is deleted during its effective dates, all members of the target groups and those of - groups in the target OUs become permanent members of the respective groups. - -To delete a policy: - -1. In Admin Center, click **Identity Stores** in the left pane. -2. On the **Identity Stores** page, click the ellipsis button for an identity store and select - **Edit**. -3. Click **Configurations** under **Settings** in the left pane. Then click **Membership Life - Cycle**. -4. On the **Group/OU Based Membership Life Cycle** page, click the ellipsis button for a policy and - select **Delete**. -5. The **Delete Membership Lifecycle Policy** message box is displayed. - - - On clicking **Yes**, all members of the target groups and those of groups in the target OUs - become permanent members of the respective groups and the policy is deleted. - - On clicking **No**, the policy is not deleted and continues to apply to the target groups and - OUs. - -6. Click **Save**. - -**See Also** - -- [Membership Life Cycle Schedule](/docs/directorymanager/11.1/admincenter/schedule/membershiplifecycle.md) diff --git a/docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/ppe/messages.md b/docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/ppe/messages.md deleted file mode 100644 index 83a8142c98..0000000000 --- a/docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/ppe/messages.md +++ /dev/null @@ -1,38 +0,0 @@ -# Set up messages for your users - -Each Password Policy Enforcer password policy has multiple message templates, one for each of the -Password Policy messages. - -- Password Policy – Displays the password policy guidelines on that have the Netwrix Password Policy - Enforcer installed. -- [POLICY] – Customize the text for the active rules. -- [LIVE_POLICY] – Password Policy messages can be configured to display live feedback for the active - rules to users as they reset or change their passwords. This feature enables users to see if their - passwords meet the requirements of the policy set by the organization. -- Rejection Reason – Displays why an intended password was rejected. -- Generic Rejection – Displays if Password Policy Enforcer does not have a specific reason for the - rejection, generally because the password does not comply with the Windows password policy - -Follow the steps to set up message template for active rules. - -Step 1 – In Admin Center, click **Identity Stores** in the left pane. - -Step 2 – On the Identity Stores page, click the **ellipsis** button for an identity store and select -**Edit**. - -Step 3 – Click **Configurations** under Settings in the left pane. Then click **PPE Policies**. The -PPE Policies page is displayed. - -Step 4 – Click the **three vertical dots** icon next to the policy , click **Edit**. - -Or - -Click on a policy name to open the policy configuration page. - -Step 5 – Open the **Messages** tab. - -Step 6 – Select the message language from the drop-down list. You can set messages for multiple -languages. - -Step 7 – Edit the message templates in the Password policy, [POLICY], [LIVE_POLICY], Rejection -Reason, and Generic rejection messages. diff --git a/docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/ppe/overview.md b/docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/ppe/overview.md deleted file mode 100644 index 5b2489d853..0000000000 --- a/docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/ppe/overview.md +++ /dev/null @@ -1,122 +0,0 @@ -# Netwrix Password Policy Enforcer Policies - -Netwrix Password Policy Enforcer (PPE) helps secure your network by ensuring users set strong -passwords. You can now enforce PPE policies to Active Directory domain accounts when they change and -reset their passwords in Directory Manager. - -Remember, You can only use PPE policies in Directory Manager when Password Policy Enforcer 11 is -deployed on your domain controller. - -The PPE policies use rules to decide if it should accept or reject a password. You can assign these -policies to users, groups, and containers (Organizational Units). You can also: - -- define a different set of rules for passphrases -- define a default password character set -- Select a template based on the requirements of the most popular regulatory frameworks -- provide the name of an executable you want to execute upon change and reset password functions in - Directory Manager. - -Directory Manager also has its Password policy which can be defined at an identity store level and -for a particular security role in that identity store. At one point in time, you can either apply -Directory Manager Password policy or PPE policies. See the -[Directory Manage Password Policy ](/docs/directorymanager/11.1/admincenter/securityrole/policy/password.md)for additional -information. - -In Directory Manager, you can - -- Add a PPE Policy -- Edit a PPE Policy -- Delete a PPE Policy - -## Add a PPE Policy - -Follow these steps to add a new policy - -Step 1 – In Admin Center, click **Identity Stores** in the left pane. - -Step 2 – On the Identity Stores page, click the **ellipsis** button for an identity store and select -**Edit**. - -Step 3 – Click **Configurations** under Settings in the left pane. Then click **PPE Policies**. The -PPE Policies page is displayed. - -Step 4 – Select the domain of the connected identity store from the **Select Domain** box for which -you wish to add a policy. No PPE policies found message is displayed on the page if no policy is -defined so far. - -Step 5 – Click the **Add Policy** button. - -Step 6 – Password Policy Enforcer contains the out-of-the-box policy templates based on the -requirements of the most popular regulatory frameworks. Select one of the following: - -- Policy – Blank policy with no configurations -- CIS Password Policy Guide – Center for Internet Security (CIS) Password Policy Guide – See the - [CIS Password Policy Guide ](https://www.cisecurity.org/insights/white-papers/cis-password-policy-guide)article - for additional information. -- CIS Password Policy Guide MFA – Center for Internet Security (CIS) Password Policy Guide MFA – See - the - [CIS Password Policy Guide](https://www.cisecurity.org/insights/white-papers/cis-password-policy-guide) - article for additional information. -- CISA – Cybersecurity Information Sharing Act (CISA) -- CJIS – minal Justice Information Services (CJIS) Security Policy -- CMMC – Cybersecurity Maturity Model Certification (CMMC) -- DFARS – Defense Federal Acquisition Regulation Supplement (DFARS) - -After the selection of a policy template, the Add Policy page is displayed. - -Step 7 – Click **Add**. -The policy gets listed on PPE Policies page by the name of the template selected while adding the -policy. See the [Set up policy properties](/docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/ppe/policyproperties.md) topic for additional information on -renaming a policy. - -## Edit a PPE Policy - -Once you add a Password Policy Enforcer policy either on the basis of a blank template or on the -basis of pre-configured template, you can edit the policy as per your needs. - -Follow the steps to edit a PPE policy. - -Step 1 – In Admin Center, click **Identity Stores** in the left pane. - -Step 2 – On the Identity Stores page, click the **ellipsis** button for an identity store and select -**Edit**. - -Step 3 – Click **Configurations** under Settings in the left pane. Then click **PPE Policies**. The -PPE Policies page is displayed. - -Step 4 – Click the **three vertical dots** icon next to the policy , you want to edit and click -**Edit**. - -Step 5 – The Edit Policy page displays, while editing you can - -- [Set up Rules](/docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/ppe/rules/overview.md) -- [Assign Policies to Users, Groups & Containers](/docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/ppe/usersgroups.md) -- [Enable the use of an optional passphrase](/docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/ppe/passphrases.md) -- [Set up policy properties](/docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/ppe/policyproperties.md) -- [Set up messages for your users](/docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/ppe/messages.md) - -Step 6 – After setting up the policy, click **Update**. - -When users of the specified domain reset or change their password, they can only do that as per the -settings of the applied PPE policy. - -## Delete a PPE Policy - -If a PPE policy is no longer needed, you can delete it. - -Follow the steps to delete a PPE policy - -Step 1 – In Admin Center, click **Identity Stores** in the left pane. - -Step 2 – On the Identity Stores page, click the **ellipsis** button for an identity store and select -**Edit**. - -Step 3 – Click **Configurations** under Settings in the left pane. Then click **PPE Policies**. The -PPE Policies page is displayed. - -Step 4 – Click the **three vertical dots** icon against the policy you intend to delete. - -Step 5 – Select **Delete.** A warning confirmation is displayed when you delete a policy. - -When you delete a policy from Directory Manager it is deleted from the policy OU of Password Policy -Enforcer on the domain the policy will not be available to PPE users as well. diff --git a/docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/ppe/passphrases.md b/docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/ppe/passphrases.md deleted file mode 100644 index 4ae41e70fd..0000000000 --- a/docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/ppe/passphrases.md +++ /dev/null @@ -1,39 +0,0 @@ -# Enable the use of an optional passphrase - -Passphrases have gained popularity in recent years as they can be more difficult to crack and easier -to remember than passwords. The difference between passwords and passphrases is their length. -Passwords are rarely longer than 15 characters, but passphrases commonly contain 20 or more -characters. - -Complexity and dictionary rules are less important for passphrases as passphrases rely primarily on -length for security. You may want to relax some password policy requirements for passphrases. - -Step 1 – In Admin Center, click **Identity Stores** in the left pane. - -Step 2 – On the Identity Stores page, click the **ellipsis** button for an identity store and select -**Edit**. - -Step 3 – Click **Configurations** under Settings in the left pane. Then click **PPE Policies**. The -PPE Policies page is displayed. - -Step 4 – Click the **three vertical dots** icon next to the policy , click **Edit**. - -Or - -Click on a policy name to open the policy configuration page. - -Step 5 – Open the **Passphrase** tab. - -Step 6 – Select the number of characters the password must contain before the selected rules are -disabled. - -Step 7 – Select the rules to be disabled. - -Disabled rules are not counted when calculating the compliance level, but Password Policy Enforcer -accepts passphrases that comply with all enabled rules, irrespective of the compliance level. This -ensures that passphrases can be used, even if they do not meet the compliance level when Password -Policy Enforcer is configured to disable one or more rules for passphrases. - -NOTE: Opinions differ on how long a passphrase needs to be. Even a 30 character passphrase can be -weaker than a well-chosen password. Do not disable too many rules under the assumption that length -alone makes up for the reduced complexity. diff --git a/docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/ppe/rules/maximum_age_rule.md b/docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/ppe/rules/maximum_age_rule.md deleted file mode 100644 index 911b3cef54..0000000000 --- a/docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/ppe/rules/maximum_age_rule.md +++ /dev/null @@ -1,84 +0,0 @@ -# Age (Max) Rule - -The Maximum Age rule forces users to change their passwords regularly. This decreases the likelihood -of an attacker discovering a password before it changes. This rule can only be enforced by PPE -policies. - -- Enable/Disable button – Enable the **Age (Max)** rule button to enable the Maximum Age rule. - -- Users must change password after days – Choose a value from the drop-down list to specify how many - days must elapse before passwords expire. - -- Delay expiration by `<_number of days_>` if the password contains `<_number of characters_>` or - more characters – You can encourage users to choose longer passwords by extending the lifetime of - their password if it exceeds a certain length. To enable this feature, choose a higher value from - the number of days drop-down list and a minimum length from the number of characters drop-down - list. Passwords that contain the required number of characters do not expire until the number of - days (higher) days value. If both days values (i.e. number of days in Users must change password - after days and number of days in this in this field) are identical, then passwords will expire - after the specified number of days, irrespective of length. - - NOTE: When the Maximum Age rule is configured to delay the expiry of longer passwords, it - creates an Active Directory security group called "PPE Extended Maximum Age Users". Password - Policy Enforcer uses this group to identify which users are eligible for a delayed password - expiry. Users are added and removed from the group automatically. You can move and rename this - group, but do not change the pre-Windows 2000 name. Contact Netwrix support if you must change - the pre-Windows 2000 name. Change a Password Policy Enforcer configuration setting (any setting) - after moving or renaming the group to trigger a cache update in Password Policy Enforcer. - Password Policy Enforcer recreates this group if you delete it. To stop creating a group, make - the two days values equal in all policies. - -- Mode – Mode Choose a value from the Mode drop-down list to specify how Password Policy Enforcer - handles expired passwords. The Standard mode forces all users with expired passwords to change - their password during logon. The Transitional modes force a percentage of users with expired - passwords to change their password during logon. The Warning mode warns users that their password - has expired without forcing them to change it. - - Use the Warning and Transitional modes to gradually introduce a new password policy. These modes - reduce the number of forced password changes, allowing the help desk to deal with any extra - calls relating to the new policy. Switch to the Standard mode after most users have had a chance - to change their password. - - It takes approximately 50 days for all users with expired passwords to be forced to change them - in the 2% Transitional mode (2% every day). The 5% Transitional mode reduces this to 20 days, - and the 10% Transitional mode further reduces it to 10 days. The selection algorithm is - randomized, so these are estimates only. You must switch to the Standard mode to ensure that all - old passwords will expire. - - Users with expired passwords are always prompted to change their password, even in the - Transitional and Warning modes. Users can ignore the prompt to change their password unless they - are being forced to change it. - - NOTE: The password expiry prompt is a Windows client feature, and is displayed even if the - Password Policy Client is not installed. Windows clients display the prompt 5 days before - passwords expire by default. You can alter this behavior in the Windows Group Policy security - settings. See the - [Interactive logon: Prompt user to change password before expiration](https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/interactive-logon-prompt-user-to-change-password-before-expiration) - Microsoft article for additional information. - - Password Policy Enforcer expires passwords at 1:00 AM every day on the domain controller holding - the PDC emulator operations master role. It sets "User must change password at next logon" for - users whose password has expired, or is due to expire on that day. Password Policy Enforcer does - not expire passwords if the Maximum Age rule is in Warning mode, or for users with "Password - never expires" set in Active Directory. Some passwords will not expire immediately when the - Maximum Age rule is in a Transitional mode. - -## Set up Email - -Click the **Set up email** to configure the e-mail message options. - -Type the _name_ and _email address_ you wish to appear in the email's From field in the From text -box. The correct format is "Display Name" `` - -Type the text for the email's **Subject** field in the Subject text box. - -Type the _body_ of the email in the large text box. - -### Set up SMTP - -Currently not supported . - -## Expired Password Log - -If you want to record every event of an expired password in a log check the Log event for every -expired password check box. It will record the event in a log named at the following path. diff --git a/docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/ppe/rules/minimum_age_rule.md b/docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/ppe/rules/minimum_age_rule.md deleted file mode 100644 index f982378816..0000000000 --- a/docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/ppe/rules/minimum_age_rule.md +++ /dev/null @@ -1,11 +0,0 @@ -# Age (Min) Rule - -The Minimum Age rule stops users from quickly cycling through a series of passwords in order to -evade the History and Similarity rules. This rule can only be enforced by domain policies. - -- Enable the **Age (Min)** button to enable the Minimum Age rule. - -- Select the number of days before a user can change their password. - -NOTE: The Minimum Age rule is unique because users cannot comply with it by choosing a different -password; they must wait until the required number of days has elapsed. diff --git a/docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/ppe/rules/overview.md b/docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/ppe/rules/overview.md deleted file mode 100644 index 2f700a5924..0000000000 --- a/docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/ppe/rules/overview.md +++ /dev/null @@ -1,89 +0,0 @@ -# Set up Rules - -Netwrix Password Policy Enforcer uses rules to decide if it should accept or reject a password. Each -policy has rules that are configured independently of the rules in other policies. - -Follow the steps to define rules a PPE policy - -Step 1 – The Rules tab opens by default and the following rules are listed in the left pane. - -- [Age (Max) Rule](/docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/ppe/rules/maximum_age_rule.md) -- [Age (Min) Rule](/docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/ppe/rules/minimum_age_rule.md) -- [Characters (Complexity) Rule](/docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/ppe/rules/complexityrule.md) -- [Character (Granular) Rules](/docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/ppe/rules/characterrules.md) -- [Compromised Rule](/docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/ppe/rules/compromisedrule.md) -- [Dictionary Rule](/docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/ppe/rules/dictionaryrule.md) -- [History Rule](/docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/ppe/rules/historyrule.md) -- [Length Rule](/docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/ppe/rules/lengthrule.md) -- [Patterns Rule](/docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/ppe/rules/patternsrule.md) -- [Repetition Rule](/docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/ppe/rules/repetitionrule.md) -- [Similarity Rule](/docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/ppe/rules/similarityrule.md) -- [Unique Characters Rule](/docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/ppe/rules/uniquecharacters.md) - -A button beside a rule indicates that the rule is enabled (being enforced) or not. Click a rule to -set the rule's properties and save it. - -Prior to setting up the rules for the policy, review the sections on Detecting Character -Substitutionand Tolerance . - -## Detecting Character Substitution - -Character substitution is a technique used by some users to improve password quality. They replace -some alphabetic characters with non-alphabetic characters that have a similar appearance. For -example, "sold" becomes "$old". Many of these substitutions are well known and do little to improve -password strength. - -Some Password Policy Enforcer rules have a Detect Character Substitution check box. When this check -box is selected, Password Policy Enforcer tests passwords with, and without character substitution. -This stops users from circumventing the rule by substituting some characters. Password Policy -Enforcer detects these common character substitutions: - -| Original | Substituted | -| -------- | -------------- | -| A a | `^ @` | -| B b | `8` | -| C c | `( or { < [` | -| D d | `) or } > ]` | -| E e | `3` | -| G g | `6 or 9` | -| I i | `! or 1` | -| O o | `0 or (zero)` | -| S s | `$ or 5` | -| T t | `+ or 7` | -| Z z | `2` | - -## Tolerance - -Some Password Policy Enforcer rules have a Tolerance drop-down list that allows you to control how -strictly the rule is enforced. Tolerance is normally expressed as the maximum allowable number of -consecutive matching characters in the password and some other parameter. Password Policy Enforcer -rejects a password if the specified tolerance is exceeded. For example, the logon name -"mary**jones**", and the password "**Jones**town" contain five consecutive matching characters -(shown in bold type). Password Policy Enforcer will reject this password if the tolerance for the -User Logon Name rule is four (or lower), and accept it if the tolerance is five (or higher). - -The User Logon Name, User Display Name, Similarity, and Character Patter rules have an Auto -tolerance option. Setting the tolerance to Auto instructs Password Policy Enforcer to only reject -passwords that contain the entire parameter being compared. This is very useful when the length of -the comparison parameter is unknown. For example, if you want Password Policy Enforcer to reject -passwords that contain the user's entire logon name, then you cannot specify a fixed tolerance -unless all logon names have the same length. Setting the tolerance to Auto allows Password Policy -Enforcer to calculate an appropriate tolerance during every password change. - -Password Policy Enforcer sets the tolerance to the length of the comparison parameter minus one. The -table below shows some parameter values and the calculated tolerance. Password Policy Enforcer -rejects a password if it contains all the text in the Value column (or a derivative of it if -character substitution detection or bi-directional analysis is enabled). - -| Rule | Parameter | Value | Tolerance | -| ----------------- | ----------------- | ---------- | --------- | -| User Logon Name | Logon name | maryjones | 8 | -| User Display Name | Display name | Mary Jones | 9 | -| Similarity | Current password | oldpass | 6 | -| Character Pattern | Character pattern | abcdefgh | 7 | - -Password Policy Enforcer's Auto tolerance calculation has a minimum limit to stop passwords from -being rejected when the comparison parameter is very short. The limit is set to two characters by -default, so Password Policy Enforcer accepts passwords that contain the parameter value if the -comparison parameter only contains one or two characters. Contact Netwrix support if you need to -change the minimum limit. diff --git a/docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/ppe/usersgroups.md b/docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/ppe/usersgroups.md deleted file mode 100644 index 54ea1c933a..0000000000 --- a/docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/ppe/usersgroups.md +++ /dev/null @@ -1,102 +0,0 @@ -# Assign Policies to Users, Groups & Containers - -Password Policy Enforcer uses policy assignments to decide which policy to enforce for each user. -Domain policies can be assigned to users, groups, and containers (Organizational Units). - -Step 1 – In Admin Center, click **Identity Stores** in the left pane. - -Step 2 – On the Identity Stores page, click the **ellipsis** button for an identity store and select -**Edit**. - -Step 3 – Click **Configurations** under Settings in the left pane. Then click **PPE Policies**. The -PPE Policies page is displayed. - -Step 4 – Click the **three vertical dots** icon next to the policy , click **Edit**. - -Or - -Click on a policy name to open the policy configuration page. - -Step 5 – Open the **Users & Groups** tab. - -Assign Policies to Users - -Step 6 – When a domain policy is assigned to a user, Password Policy Enforcer stores the user's -information in the configuration. The assignment remains valid even if the user is renamed. - -1. Click **+Add User** to add user(s) you want to apply policy on. -2. On the Add Object(s) dialog box, select a container from the **Search Container** drop down list. -3. By default, the Include Sub-Contaners check box is selected. If you do not want to apply the - policy on the users in the sub-containers, uncheck it. -4. Click **Advanced**, to search users using the search fields displayed such as Name, Display Name, - First Name, Last Name and so on. -5. Click **Search**. Users matching the given criteria get listed. -6. Click the **Add** button next to the users name listed on the page. -7. After adding all the required users from the search list, Click **Add** on the Add Objects dialog - box. -8. The selected users get listed in the Users box. You can remove a user from the list by clicking - the cross (x) icon next to its name. - -Assign Policies to Groups - -Step 7 – When a domain policy is assigned to a group, Password Policy Enforcer stores the group's -information in the configuration. The assignment remains valid even if the group is renamed. -Password Policy Enforcer enforces the policy for all members of the group as well as any nested -groups. For example, if the Helpdesk group is a member of the Info Tech group, then any policy -assigned to the Info Tech group also applies to the members of the Helpdesk group. If this behavior -is not desired, then you can assign a different policy to the Helpdesk group. - -1. Click **+Add Group** to add groups for the policy assignment. -2. On the Add Object(s) dialog box, select a container from the **Search Container** drop down list. -3. By default, the Include Sub-Contaners check box is selected. If you do not want to apply the - policy on the groups in the sub-containers, uncheck it. -4. Click **Advanced**, to search groups using the Name, Display Name, and Description fields. -5. Click **Search**. Groups matching the given criteria get listed. -6. Click the **Add** button next to the users name listed on the page. -7. After adding all the required groups from the search list, Click **Add** on the Add Objects - dialog box. -8. The selected groups get listed in the Groups box. You can remove a group from the list by - clicking the cross (x) icon next to its name. - -Assign Policies to Containers - -Step 8 – When a policy is assigned to a container, Password Policy Enforcer enforces the policy for -all users in the container as well as any child containers. For example, if the Helpdesk and -Managers OUs are children of the Info Tech OU, then any policy assigned to the Info Tech OU also -applies to the two child OUs. If this behavior is not desired, then you can assign a different -policy to a child OU. - -NOTE: Different assignment types can be used for a single policy. For example, you may assign users -to a policy by both OU and group at the same time. - -1. Click **+Add Container** to add groups for the policy assignment. -2. On the Add Container (s) dialog box, click **+** to expand the Entire Directory. -3. Select the check box before the domain name to select the entire directory or select desired - containers you You can remove a containervfrom the list by clicking the cross (x) icon next to - its name. - -Step 9 – Click **Update**. - -## Policy Assignment Conflicts - -A policy assignment conflict occurs when more than one policy is assigned to a user. Password Policy -Enforcer can resolve these conflicts and choose one policy for each user. - -Password Policy Enforcer first tries to resolve a policy assignment conflict by examining the -assignment type. Assignments by user take precedence over assignments by group, which in turn take -precedence over assignments by container. For example, if Policy A is assigned to a user by group, -and Policy B is assigned to the same user by container, then Password Policy Enforcer enforces -Policy A because assignments by group take precedence over assignments by container. - -If all the policies are assigned to the user by container, then Password Policy Enforcer enforces -the policy that is assigned to the nearest parent container. For example, if Policy A is assigned to -the Users OU, and Policy B is assigned to the Users\Students OU, then Password Policy Enforcer -enforces Policy B for all users in the Users\Students and Users\Students\Science OUs because it is -the policy assigned to the nearest parent container. - -If a policy assignment conflict still exists, then Password Policy Enforcer checks the priority of -each remaining policy, and enforces the policy with the highest priority. See the Manage Policies -topic for a diagrammatic representation of this algorithm. - -Click **Test Policy** and expand the **View log** to see which policy Password Policy Enforcer -enforces for a particular user. diff --git a/docs/directorymanager/11.1/admincenter/identitystore/configure/security/securityquestions.md b/docs/directorymanager/11.1/admincenter/identitystore/configure/security/securityquestions.md deleted file mode 100644 index 798663944d..0000000000 --- a/docs/directorymanager/11.1/admincenter/identitystore/configure/security/securityquestions.md +++ /dev/null @@ -1,54 +0,0 @@ -# Manage the Local Question Pool - -When you create a new identity store, four questions from the global question pool are added to the -identity store’s local pool by default. A local pool is maintained individually by each identity -store. You can modify a local pool by (a) adding questions from the global question pool, (b) adding -questions of your choice (questions that are not in the global pool), and (c) by removing questions -from it. - -To enroll using security questions, identity store users must select a certain number of questions -from the local pool and provide answers. - -What do you want to do? - -- Add a Question to the Local Pool from the Global Pool -- Add a Question of your Choice to the Local Pool -- Remove a Question from the Local Pool - -## Add a Question to the Local Pool from the Global Pool - -1. In Admin Center, click **Identity Stores** in the left pane. -2. On the **Identity Stores** page, click the ellipsis button for an identity store and select - **Edit**. -3. Click **Configurations** under **Settings** in the left pane. Then click **Security Questions**. -4. On the **Security Questions** page, click in the box at the top and select a security question - from the list of global security questions. You can also type a search string to filter the - questions containing the string. After selecting a question, click **Add**. The question is added - to the **Questions** list. -5. Click **Save**. - -## Add a Question of your Choice to the Local Pool - -1. In Admin Center, click **Identity Stores** in the left pane. -2. On the **Identity Stores** page, click the ellipsis button for an identity store and select - **Edit**. -3. Click **Configurations** under **Settings** in the left pane. Then click **Security Questions**. -4. On the **Security Questions** page, click in the box at the top and type a security question. - Then click **Add**. The question is added to the **Questions** list. -5. Click **Save**. - -## Remove a Question from the Local Pool - -1. In Admin Center, click **Identity Stores** in the left pane. -2. On the **Identity Stores** page, click the ellipsis button for an identity store and select - **Edit**. -3. Click **Configurations** under **Settings** in the left pane. Then click **Security Questions**. -4. On the **Security Questions** page, click **Remove** for a security question to remove it from - the local pool. To remove all questions, click **Remove All**. -5. Click **Save**. - Deleting a question does not impact the users currently enrolled with the question. - -**See Also** - -- [Manage the Global Question Pool ](/docs/directorymanager/11.1/admincenter/general/globalpool.md) -- [Set up Authentication via Security Questions](/docs/directorymanager/11.1/admincenter/setupauth/securityquestions.md) diff --git a/docs/directorymanager/11.1/admincenter/identitystore/create.md b/docs/directorymanager/11.1/admincenter/identitystore/create.md deleted file mode 100644 index eae2e9df9e..0000000000 --- a/docs/directorymanager/11.1/admincenter/identitystore/create.md +++ /dev/null @@ -1,204 +0,0 @@ -# Create an Identity Store - -To perform group and identity management operations in an identity provider using Directory Manager, -the first step is to create an identity store for that provider. - -You can create identity stores for the following providers: - -- Active Directory -- Microsoft Entra ID -- Generic LDAP -- Google Workspace - -To create an identity store, you have to specify an identity provider and its connection details. - -After creating an identity store, you must configure certain settings for it. These configurations -are discussed in the [Configure an Identity Store](/docs/directorymanager/11.1/admincenter/identitystore/configure.md) topic. - -## Create an Identity Store for Active Directory - -Follow the steps to create an identity store for Active Directory. - -Step 1 – In Admin Center, click **Identity Stores** in the left pane. - -Step 2 – On the Identity Stores page, click **Create Identity Store** in the top right corner. - -Step 3 – On the Create Identity Store page, use the Store Type drop-down list to select an identity -provider to create an identity store for. -This list displays the supported providers. By default, Active Directory is selected. Fields on this -page vary, depending on the provider you select. - -Step 4 – Enter a name for the identity store in the Name box. - -Step 5 – In the Domain Name box, enter the fully qualified name of the Active Directory domain you -want to create the identity store for. - -Step 6 – In theService Accout box, enter the username of a service account or a group managed -service account (gMSA) to connect to Active Directory. - -- For a service account – The service account must have sufficient privileges on the provider to - facilitate group and identity management operations using Directory Manager. The minimum - permissions the service account requires for Active Directory are discussed in the - [Service Account for Active Directory and Exchange](/docs/directorymanager/11.1/requirements/permissions/adserviceaccount.md) - topic. -- For a gMSA – If you provide a service account with - ‘$’ as its last character (as in MyAdminAccounts$), Directory Manager entertains it as a Group - Managed Service Account (gMSA). To use a gMSA to connect an identity store to Active Directory, - make sure the gMSA is configured properly and has sufficient permissions. See the - [gMSA for Active Directory](/docs/directorymanager/11.1/requirements/permissions/gmsarequirements.md) topic. - -Step 7 – In the **Service Account Password** box, enter the service account password. -Skip this box for a gMSA. - -Step 8 – Select the **SSL Enabled** check box if the directory server is LDAP over SSL enabled. - -NOTE: Directory Manager 11 supports LDAPS; however, the Replication Service will still connect to -the domain controller via the LDAP 389 port. Hence, both LDAP and LDAPS protocols must be enabled on -the domain controller. - -Step 9 – Click **Create Identity Store**. The **Replicate Identity Store** message is displayed. -Select: - -- Later – replicates all the objects to Elasticsearch at the next due replication time as per the - replication settings. -- Replicate Now – replicates all the objects to Elasticsearch now. - -The identity store is available on the Identity Stores page. You can specify different -configurations for it. - -## Create an Identity Store for Microsoft Entra ID - -In Admin Center, click **Identity Stores** in the left pane. - -Step 1 – On the Identity Stores page, click **Create Identity Store** in the top right corner. - -Step 2 – On the Identity Stores page, use the Store Type drop-down list to select an identity -provider to create an identity store for. -This list displays the supported providers. Select _Microsoft Azure_. - -Step 3 – Enter a name for the identity store in the Name box. - -Step 4 – From the Cloud drop-down list, select the cloud where your Microsoft Entra ID tenant -exists. - -Step 5 – In the Domain Name box, enter the fully qualified name of the Microsoft Entra ID domain you -want to create the identity store for. - -Step 6 – Specify the path to the .pfx certificate in the PFX Certificate box. For that, click -**Choose File** and browse for the file. Select it and click **Open**. -As a prerequisite, the .pfx certificate must be generated on the Directory Manager machine. See the -[Certificate for Entra ID Authentication ](/docs/directorymanager/11.1/configureentraid/register/modauth.md)topic for -information on generating a certificate and then converting it into the .pfx format. - -Step 7 – In the PFX Certificate Password box, enter the password that was created while exporting -the .pfx certificate. - -Step 8 – In the Registered Application ID on Azure Active Directory box, enter the application ID -assigned to the Directory Manager application when you registered it in Microsoft Entra Admin -Center. - -Step 9 – In the **Registered Client Secret on EntraID** box, provide the client secret value -generated against the certificate uploaded to Microsoft Entra Admin Center while registering the -Directory Manager application. - -Step 10 – If you bind a custom domain with your Microsoft Entra ID tenant and create an identity -store for Microsoft Entra ID using the credentials of that custom domain, then you must provide the -name of the primary domain in the **Primary Domain Name** box, so that the _write_ operations are -not affected. - -Step 11 – Click **Create Identity Store**. The Replicate Identity Store message is displayed. -Select: - -- Later – replicates all the objects to Elasticsearch at the next due replication time as per the - replication settings. -- Replicate Now – replicates all the objects to Elasticsearch now. - -The identity store is available on the Identify Stores page. You can specify different -configurations for it. - -NOTE: Microsoft’s throttling policy restricts an application (such as Directory Manager) to create a -maximum of 3 concurrent sessions with Microsoft Entra ID. With this in view, Directory Manager -allows only one active session at any given time, which is used by Data service and Replication -service. - -## Create an Identity Store for Generic LDAP - -Create a Generic LDAP identity store to connect to any LDAP version 3-compliant directory server, -such as Sun ONE directory server. This provider does not support dynamic schema detection. The -schema included for this provider mostly contains commonly used fields. - -Follow the steps to create an identity store - -Step 1 – In Admin Center, click **Identity Stores** in the left pane. - -Step 2 – On the **Identity Stores** page, click **Create Identity Store** in the top right corner. - -Step 3 – On the **Create Identity Store** page, use the **Store Type** drop-down list to select an -identity provider to create an identity store for. -This list displays the supported providers. Select _Generic LDAP_. - -Step 4 – Enter a name for the identity store in the **Name** box. - -Step 5 – In the **Hostname** box, enter the fully qualified domain name or IP address of the machine -that hosts the generic LDAP server. - -Step 6 – In the **Port Number** box, enter the port on which LDAP is running. This port is used to -communicate with the host machine. - -Step 7 – In the **Domain Name** box, enter the fully qualified name of the domain you want to create -the identity store for. - -Step 8 – In the **Service Account** box, enter the fully qualified username of a service account -(for example, CN=Admin,CN=Users,DC=Imanami,DC=COM) to connect to _Generic LDAP_. The service account -must have sufficient privileges on the provider to facilitate group and identity management -operations using Directory Manager. - -Step 9 – In the **Service Account Password** box, enter the service account password. - -Step 10 – Click **Create Identity Store**. The **Replicate Identity Store** message is displayed. -Select: - -- Later – replicates all the objects to Elasticsearch at the next due replication time as per the - replication settings. -- Replicate Now – replicates all the objects to Elasticsearch now. - -The identity store is available on the Identity Stores page. You can specify different -configurations for it. - -## Create an Identity Store for Google Workspace - -Step 1 – In Admin Center, click **Identity Stores** in the left pane. - -Step 2 – On the Identify Stores page, click **Create Identity Store** in the top right corner. - -Step 3 – On the Create Identity Store page, use the Store Type drop-down list to select an identity -provider to create an identity store for. -This list displays the supported providers. Select _Google Workspace_. - -Step 4 – Enter a name for the identity store in the **Name** box. - -Step 5 – In the Service Account box, enter the service account name assigned to you when you created -your Google Workspace account. - -Step 6 – In the Admin Username box, enter the username of an authorized user account to connect to -the provider. -The account must have the _Super Admin_ role in Google Workspace to facilitate group and identity -management operations using Directory Manager. - -Step 7 – In theAPI Keybox, enter the API key generated for your account in Google Workspace. -To generate the key, see -[Create access credentials](https://developers.google.com/workspace/guides/create-credentials). - -Step 8 – Specify the path to the p12 key file in the P12 Certificatebox. For that, click **Choose -File** and browse for the file. Select it and click **Open**. -As a prerequisite, the p12 key file for your account must be generated in Google Cloud Console and -downloaded to a machine. - -Step 9 – Click **Create Identity Store**. The Replicate Identity Store message is displayed. Select: - -- Later – replicates all the objects to Elasticsearch at the next due replication time as per the - replication settings. -- Replicate Now – replicates all the objects to Elasticsearch now. - -The identity store is available on the Identity Stores page. You can specify different -configurations for it. diff --git a/docs/directorymanager/11.1/admincenter/identitystore/history/details.md b/docs/directorymanager/11.1/admincenter/identitystore/history/details.md deleted file mode 100644 index 2de20bf3ee..0000000000 --- a/docs/directorymanager/11.1/admincenter/identitystore/history/details.md +++ /dev/null @@ -1,69 +0,0 @@ -# History Item Details - -Details of a history item are displayed on the **History Details** dialog box. If the target -attribute is single-valued, the old and new values of the attribute are shown. For multi-valued -attributes, the lists of added items and removed items are displayed. - -Information includes: - -- **Attribute Modified** - The name of the target attribute. -- **Object Name** - The name of the Directory Manager function this history item pertains to. For - example, if it pertains to a workflow, the name of the workflow is displayed here. -- **Who** - The name of the user who performed the action. -- **Where** - The name of the computer the action was performed on. -- **When** - The date and time of the action. - -The following lists are available when the target attribute is multi-valued: - -- **Added Item** - A list of values that were added to the multi-value attribute. -- **Removed Items** - A list of values that were removed from the multi-value attribute. - -The following lists are available when the target attribute is single-valued: - -- **Old Value** - The value before the action was performed. -- **New Value** - The value after the action was performed. - -## Annotate History Items - -Directory Manager enables a user to add notes to history actions that he or she performed. A note -may explain the reason for an action, such as why he or she changed the security type for a group. -Only the user who added a note can update it. Other users can view it, but they cannot edit it or -add comments. - -On the **History Details** dialog box, one of the following is available to you: - -- **The Add Note button** - When you are the user who performed the action that logged this history - item, and you haven’t added any note yet. -- **The Save Note button** - When you are the user who performed the action that logged this history - item and you have already added a note. -- **The note text** - When the user who performed the action has added a note. -- **None of the above** - When you are not the user who performed the action and the user performing - the action has not added any note. - -### Add a Note - -Notes can be added to history items logged for an identity store. Only the user (i.e., the doer of -the action) can add and update notes. - -**To add a note:** - -1. Click **Add Note** to add a note to the history item. The **Note** text box is displayed. -2. Type a note for the history item. Your note can have a maximum of 500 characters. -3. Click **Save Note**. On the **History** page, the annotated item is displayed with a **View - Note** button next to it. This helps distinguish annotated items from non-annotated items. - -### Edit a Note - -1. On the **History Details** dialog box, the **Note** box displays your note for the history item. - Make the required changes to the text. -2. Click **Save Note**. - -### Remove a Note - -On the **History Details** dialog box, the **Note** box displays your note. Remove it and click -**Save Note**. - -**See Also** - -- [Identity Store History](/docs/directorymanager/11.1/admincenter/identitystore/history/view.md) -- [Admin Center History](/docs/directorymanager/11.1/admincenter/general/history.md) diff --git a/docs/directorymanager/11.1/admincenter/identitystore/link/manage.md b/docs/directorymanager/11.1/admincenter/identitystore/link/manage.md deleted file mode 100644 index e393272868..0000000000 --- a/docs/directorymanager/11.1/admincenter/identitystore/link/manage.md +++ /dev/null @@ -1,228 +0,0 @@ -# Manage Identity Store Links - -You can link identity stores built on the supported identity providers in Directory Manager. In this -way, identical user and group objects existing in multiple identity stores (domains) can be linked -together and auto synced. Directory Manager further enables you to manage these linked identity -stores. - -What do you want to do? - -- Link Two Identity Stores -- View the Identity Store Links -- Edit a Link -- Disable or Enable a Link -- Delete a Link - -## Link Two Identity Stores - -1. In Admin Center, click **Identity Stores** in the left pane. -2. On the **Identity Stores** page, click **Link Identity Stores Now** in the **Identity Store - Links** area. In case a link already exists, the **Create Identity Store Link** button is - available. -3. On the **Link Identity Stores** page, click **Add**. The **Add Identity Stores** dialog box lists - all the Active Directory and Microsoft Entra ID identity stores created in Directory Manager. -4. Select two identity stores and click **Add 2 Stores**. The selected identity stores are displayed - on the **Link Identity Stores** page. -5. Next, you have to specify the attributes for linking user and group objects in the identity - stores. Separate filter expressions for user and group objects have to be created for this - purpose. - - - To create a filter expression for linking user objects, click **Users**. - - To create a filter expression for linking group objects, click **Groups**. - - The **Add Filter for Users** or **Add Filter for Groups** pane is displayed. - -6. For mapping, follow these steps: - - 1. Click **Add Filter** to create a filter expression to map objects. - - - The first list displays schema attributes from the first identity store. - - Next you have one condition, i.e., _Is Exactly_. - - The third list displays schema attributes from the second identity store. - - Select a schema attribute from the first and third lists to map them. Users with identical - values for both attributes in the respective identity stores will be linked. - - 2. (Optional) You can add more clauses to enhance the filter. These clauses must be joined by a - logical ‘and’ or ‘or’. - - Click **Add More Filters**. - - Select a schema attribute from the first and third lists to map them, with _Is Exactly_ as - the condition. - - Select two clauses and then group them by inserting a logical ‘and’ or ‘or’. - To select a clause, click the down arrow next to it and choose **Select row**. On - selecting the second clause, _AND_ and _OR_ are displayed. Select an option to group the - clauses. - You can add as many clauses as required. Moreover, you can group and regroup clauses. - Users that satisfy the filter expression will be linked. - 3. On clicking the operator, a menu is displayed with the following options: - - - **Select Group / Deselect Group:** This option is not relevant when there is only one - group containing multiple clauses. It is relevant when you have two or more groups. Click - it to select the respective group. Then select another group to bind them with a logical - AND/OR. - - **Ungroup:** Removes the logical AND/OR to ungroup the clauses in the filter expression. - In case the operator binds two groups, this option removes the operator to ungroup them. - - **Change to AND/OR**: Changes the logical AND to OR and vice versa. - - **Add Clause:** Adds a new clause to the filter. - - **Delete:** Deletes the operator along with all the clauses that the operator joins. - - 4. Notice the two buttons: **Clear** and **Preview**, at the top of the filter expression. - - - **Clear:** Clears the entire filter expression, thereby deleting all attribute mappings. - - **Preview:** Launches the **Preview Results** dialog box, where you can view identical - user objects in the identity stores, based on the filter expression. - On the **Preview Results** dialog box, enter the name of an object (user or group) in the - first box, select an identity store, and click **Preview**. - - - For an Active Directory identity store, Directory Manager looks up the values of the - name, sAMAccountName, objectGUID, and distinguishedName attributes to match the string - using the _Is exactly_ operator. - - For a Microsoft Entra ID identity store, Directory Managerlooks up the values of the - userPrinicipalName, ObjectGUID, distinguishedName, and name (which is equivalent to - display name) attributes to match the string using the _Is exactly_ operator. - Note that Microsoft Entra ID does not contain the distinguishedName attribute; however - it is available as a pseudo attribute in Directory Manager and its value is the same - as that of the distinguishedName attribute in Active Directory. - - The **Preview Results** dialog box displays the user object found in the selected - identity store on the basis of the search string. Next to it, one of the following is - displayed: - - - The user object identical to it in the other identity store. This is fetched on the - basis of the mapped attributes. The display name and distinguished name of the user - are displayed in both identity stores. - - If no identical object is found, nothing is displayed next to the user. - - If multiple identities of a user are found in the other identity store, then a - **Multiple Objects** link is displayed. Click it to open a popup that lists all - identical objects for the user found in the other identity store. - - If, on the **Preview Results** dialog box, you do not enter a user name but simply - select an identity store and click **Preview**, all user objects from the selected - identity store are displayed along with their linked identities in the other identity - store. If the process takes too long, you can click the orange button at the bottom to - terminate the process. - - 5. Click **Add Filter for Users** in the bottom right corner of the **Add Filter for Users** or - **Add Filter for Groups** pane. - - NOTE: If you have added multiple clauses but do not group them using the AND/OR operator, - Directory Manager auto groups them using AND. Similarly, if you add two groups of clauses - but do not group them using the AND/OR operator, Directory Manager auto groups them using - AND. - - The filter is added and displayed on the **Link Identity Stores** page. - You can specify one filter expression for the user object and one filter expression for the - group object. - - 6. Click **Add Filter Scope** to specify a container for linked identities Directory Manager to - link and sync later on when they are updated. New objects are also created in this container. - -7. Click **Create Link** to save the link. - - NOTE: An identity store link is effective when the two identity stores linked together are also - associated with a Directory Manager portal, say Portal A. If a portal does not exist with both - identity store associated with it, a message is displayed to alert you to it. - - The link is displayed on the **Identity Stores** page. - -## View the Identity Store Links - -All identity store links created in Directory Manager are displayed under **Identity Store Links** -on the **Identity Stores**page. - -**To view the links:** - -1. In Admin Center, click **Identity Stores** in the left pane. - On the **Identity Stores** page, each card under **Identity Store Links** represents a distinct - link between two identity stores. The following information is displayed for a link: - - - The names of the two linked identity stores and the identity providers they have been created - on. - - The object types that are linked, i.e., user and group. - - The link status, displayed in the top right corner of the card. A link can have one of the - following statuses: - - - **Healthy** - Indicates that both the identity stores are fully functional with - replication occurring regularly. - - **Errors** - Indicates that one or both the identity stores have run into errors due to - replication or connectivity issues. Check the concerned identity store to resolve the - issue. You will notice that the card for the respective identity store also shows ‘Error’ - as status. - -2. Click the ellipsis button to launch a shortcut menu with the following options: - - - **Edit:** launches the **Link Identity Stores** page, where you can update the link. - - **Disable:** disables the link between the two identity stores. - - **Delete:** deletes the link. - -## Edit a Link - -A link between two identity stores involves (a) two identity stores (b) a filter that identifies -identical user objects in the identity stores to link them, and (c) a filter that identifies -identical group objects in the identity stores to link them. - -You can edit a link to: - -- Replace an identity store in the link -- Update the filter expression for a user or group object -- Remove the filter expression for a user or group object - -**To edit a link:** - -1. In Admin Center, click **Identity Stores** in the left pane. - On the **Identity Stores** page, each card under **Identity Store Links** represents a distinct - link between two identity stores. -2. Click the ellipsis button on a card and select **Edit**. - The **Link Identity Stores** page opens, displaying the linked identity stores and the filters. - - - **Replace an identity store** - To change the identity store(s) in the link, either click - **Edit** next to the identity stores’ names. On the **Add Identity Stores** dialog box, select - the identity stores to replace the existing ones. Then click **Add 2 Stores**. - When one or both identity stores are replaced, the filter expression is automatically removed. - You must create a new filter expression to establish a link between the identity stores. - - **Modify the filter expression for user or group object** - Click **Edit** on the filter card - for the user or group object. The **Add Filter** pane is displayed, where you can update the - filter expression. Follow step 6a-e in the Link Two Identity Stores topic to update the filter - expression. - Modifying the filter expression for the user or group object breaks the link for the - respective objects in the linked identity stores. Objects will be relinked on the basis of the - new filter expression and will be synced accordingly in the Directory Manager portal. - - **Delete a filter expression** - Click **Remove** on the filter card for a user or group - object to delete it. Deleting the filter expression for the user or group object breaks the - link for the respective objects in the linked identity stores. - - NOTE: At least one filter expression for the user object and one filter expression for the - group object must exist for the identity store link. Else changes will not be saved. - -3. After making the required changes, click **Update Link**. - -## Disable or Enable a Link - -When you disable a link between two identity stores, it becomes inactive and the objects in the -identity stores are not linked anymore in the Directory Manager portal. - -A disabled link can be enabled again to relink objects in the identity stores. - -**To disable a link:** - -1. In Admin Center, click **Identity Stores** in the left pane. - On the **Identity Stores** page, each card under **Identity Store Links** represents a distinct - link between two identity stores. -2. Click the ellipsis button on a card and select **Disable** to disable the link. - Click the ellipsis button for a disabled link and select **Enable** to reactivate it. - -## Delete a Link - -When you delete a link between two identity stores, the objects in the identity stores are not -linked anymore in the Directory Manager portal. - -**To delete a link:** - -1. In Admin Center, click **Identity Stores** in the left pane. - On the **Identity Stores** page, each card under **Identity Store Links** represents a distinct - link between two identity stores. -2. Click the ellipsis button on a card and select **Delete** to delete the link. - -**See Also** - -- [Link Identity Stores](/docs/directorymanager/11.1/admincenter/identitystore/link/overview.md) diff --git a/docs/directorymanager/11.1/admincenter/identitystore/link/overview.md b/docs/directorymanager/11.1/admincenter/identitystore/link/overview.md deleted file mode 100644 index 18142a3019..0000000000 --- a/docs/directorymanager/11.1/admincenter/identitystore/link/overview.md +++ /dev/null @@ -1,124 +0,0 @@ -# Link Identity Stores - -You can link identity stores in Directory Manager. In this way, identical user and group objects -existing in multiple identity stores (domains) can be linked together and auto synced. - -For example, you can create a link between the following types of identity stores: - -- Two Active Directory identity stores -- An Active Directory identity store and a Microsoft Entra ID identity store -- Two Microsoft Entra ID identity stores -- An Active Directory identity store and a Google Workspace identity store - -NOTE: (1) Two identity stores built on the same domain cannot be linked. -(2) An identity store must be replicated in Directory Manager before it can be linked. - -## Linked Identity Stores and the Directory Manager Portal - -Linking, in itself, is not effective until the identity stores joined via linking are associated -with a Directory Manager portal, say Portal_A. Consider the following: - -- The administrator links IdentityStoreA and identityStoreB. -- The administrator creates a portal, Portal_A, and associates both the linked identity stores with - it. -- This enables portal users to view data from IdentityStoreA and identityStoreB at the same time, - rather than having to switch identity stores. Users can also filter data for identical objects in - both the identity stores. - Users can choose to view data for a single identity store or switch to the ‘linked’’ mode to view - data simultaneously from both the linked identity stores. - -When only IdentityStoreA or IdentityStoreB is associated with Portal_A, the linking between the two -identity stores serves no purpose. - -### Benefits of Running the Portal Under the ‘Linked’ Mode - -A portal running under the ‘linked’ mode is effectively connected to all the linked identity stores -that are associated with it. You can access objects in different identity stores in a single -instance of the portal, rather than having to log out and connect the portal to another identity -store. - -The following portal functions are impacted under the ‘linked’ mode: - -- When a user performs a search, results are fetched from all the linked identity stores. -- When an action is performed on a user or group object, it is replicated to all the identical - objects in the linked identity store(s). In this way, identical user and group objects in the - linked identity stores are auto synced. Consider the following: - - - When you create a static group, its identical static group is created in a linked identity - store. - - When you create a Smart Group, its identical group is created as a static group in a linked - identity store. - - When you create a mail-enabled group, an identical simple group is created in a linked - identity store. - - When you create a mailbox or a mail-enabled user, an identical simple user is created in a - linked identity store. - - When you delete a user or group object in an identity store, its linked object(s) are also - deleted. - - When you update the properties of a user or group object, those same properties are also - updated for its linked object(s) in the linked identity store(s). - - When you execute the query for a Smart Group to update it, its linked Smart Group(s) will not - be auto updated. - - When you upgrade a static group (say, GroupA) to a Smart Group, the linked static group(s) - (say, GroupB and GroupC) in the linked identity store(s) will not be upgraded to Smart Groups. - -- Group listings in the portal (namely All Groups, My Groups, and Deleted Groups) display the groups - from all the linked identity stores. Users can select groups from any identity store to perform an - action in bulk, such as expire them. -- User listings in the portal, such as My Direct Reports, display user objects from all the linked - identity stores. Users can select user objects from any identity store to perform an action in - bulk, such as terminate them. -- For entitlements, the portal shows Active Directory file server and SharePoint permissions from - all the linked identity stores. - -When the logged-in user exists in multiple linked identity stores, he or she can perform actions in -an identity store according to his or her role and permissions in the respective identity store. For -example, if the user is an administrator in IdentityStoreA and a standard user in IdentityStoreB, he -or she can perform administrative actions on groups in IdentityStoreA only, even though the group -listing displays all groups from both the linked identity stores. - -## How to Link Two Identity Stores - -Linking two identity stores follows a simple and straight-forward process: - -- Select the required identity stores. -- Create a filter expression to map attributes. Select a schema attribute from IdentityStoreA and - another from IdentityStoreB. This mapping establishes a link between the two identity stores. - You can also create an advanced filter expression by adding multiple clauses to the filter (where - each clause is a one-to-one mapping of attributes) and joining them with the ‘and’ or ‘or’ - operator. - You have to create a separate filter expression for user and group objects. -- When two objects have the same value for the mapped attributes in the two identity stores, - Directory Manager identifies them as identical objects, and hence links them. - -For example, to link IdentityStoreA to IdentityStoreB, select the displayName and cn attributes from -IdentityStoreA and IdentityStoreB respectively to map them. Now when an object has _Mary Jones_ as -value for the distinguishedname attribute in dentityStoreA and an object has _Mary Jones_ as value -for the cn attribute in dentityStoreB, Directory Manager identifies them as identical objects -existing in two distinct directories, and links them. - -RECOMMENDED: For mapping, always use attributes that store unique values. - -## How to Link Multiple Identity Stores - -You can link more than two identity stores; in fact, Directory Manager empowers you to link identity -stores created for Directory Manager supported providers. - -You cannot just create one link to link multiple identity stores. Rather, if you want to link three -identity stores, you will have to create two links; to link four identity stores, create three -links, and so on. Each link involves two identity stores, thereby creating a chain of linked -identity stores. - -Here is how it works: - -- Link two identity stores, IdentityStoreA and IdentityStoreB, by following the discussion in the - How to Link Two Identity Stores topic. - Directory Manager now considers this link as one entity. Let’s call it Entity1. -- Next, link IdentityStoreA or IdentityStoreB to IdentityStoreC using the same method. - This establishes a link between Entity1 and IdentityStoreC. - -In this way, you can create a chain of links between identity stores. - -**See Also** - -- [Identity Stores](/docs/directorymanager/11.1/admincenter/identitystore/overview.md) -- [Manage Identity Store Links](/docs/directorymanager/11.1/admincenter/identitystore/link/manage.md) diff --git a/docs/directorymanager/11.1/admincenter/identitystore/manage.md b/docs/directorymanager/11.1/admincenter/identitystore/manage.md deleted file mode 100644 index 2e6f319cc9..0000000000 --- a/docs/directorymanager/11.1/admincenter/identitystore/manage.md +++ /dev/null @@ -1,225 +0,0 @@ -# Manage an Identity Store - -Once you create and configure an identity store, you can perform group and identity management -operations in the identity provider using Directory Manager. - -What do you want to do? - -- View Identity Store Details -- Enable or Disable an Identity Store -- Update General Info for an Identity Store -- Exclude an Active Directory Domain from Replication -- Set DC Priority for an Active Directory Identity Store -- Delete an Identity Store - -## View Identity Store Details - -In Admin Center, click **Identity Stores** in the left pane. The **Identity Stores** page displays -the identity stores created in Directory Manager. - -The card for an identity store displays the following information: - -| Info | Description | -| ------------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Basic info | The display name of the identity store and the identity provider it is built on, such as Active Directory. | -| Identity store status | The status is displayed on the top right corner of the card. An identity store has one of the following statuses: - **Healthy:** Indicates that the identity store is fully functional. Hover the mouse over the status to view the factors used to determine health. - **Errors:** Indicates that the identity store has run into one or both of the following errors: - It cannot connect to the identity provider using the service account provided on the **Identity Store Details** page. - Data from the provider is not replicated to Elasticsearch within the required time interval. The last replication time and date is displayed at the bottom of the card. Hover the mouse over the status to view the reason for the _Errors_ status. | -| History | Indicates whether history tracking for the identity store is enabled or disabled. See the [Configure History Tracking](/docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/historytracking.md) topic to enable or disable history tracking. | -| MFA | Indicates whether second factor authentication is enabled for security roles in the identity store. See the [Configure Second Factor Authentication](/docs/directorymanager/11.1/admincenter/setupauth/sfa.md) topic. One of the following is displayed for MFA: - **Available for x/x roles:** Indicates the number of security roles that second factor authentication is enabled for, out of the total security roles in the identity store. For example, 1/3 indicates that there are 3 security roles defined for the identity store and second factor authentication is enabled for one of those roles. - **Not Available:** Indicates that second factor authentication is not enabled for any security role in the identity store. | -| Last replication date and time | The last run date and time of the Replication service. If the service does not run at the specified interval, the identity store status changes to **Errors**. | -| Ellipsis | Click it to launch a shortcut menu with the following options: - **Edit:** launches the identity store properties page, where you can manage identity store settings, workflows, security roles, replication attributes, and more. See the [Configure an Identity Store](/docs/directorymanager/11.1/admincenter/identitystore/configure.md) topic. - **Disable:** disables the identity store. - **Replicate Objects:** runs the Replication service to replicate object data in the identity store. See the [Force Run the Replication Service (for Object Replication)](replication.md#force-run-the-replication-service-for-object-replication) topic. - **Replicate Deleted Objects:** runs the Replication service to remove those objects from Elasticsearch that have been deleted from the identity provider. See the [Force Run the Replication Service (for Deleting Objects)](replication.md#force-run-the-replication-service-for-deleting-objects) topic. - **Delete:** deletes the identity store from Directory Manager. | - -## Enable or Disable an Identity Store - -When you disable an identity store, all users logged into Directory Manager with that store are -logged out, and the identity store is unavailable for operations. - -You can disable an identity store in any of the following ways. However, a disabled identity store -can be enabled using **Method 1** only. - -**Method 1: Enable or disable an identity store** - -1. In Admin Center, click **Identity Stores** in the left pane. -2. On the **Identity Stores** page, click the ellipsis button for an identity store and select - **Enable** or **Disable**. - -**Method 2: Disable an identity store** - -1. In Admin Center, click Identity Stores in the left pane. -2. On the **Identity Stores** page, click the ellipsis button for an identity store and select - **Edit**. -3. On the **Identity Store Details** page, use the toggle button in the top right to disable the - identity store. -4. Click **Save**. - -## Update General Info for an Identity Store - -You can change the display name for an identity store, add a description for it, change the service -account credentials to connect to the identity provider, and update any other information you -provided while creating it. - -**To update the info:** - -1. In Admin Center, click **Identity Stores** in the left pane. -2. On the **Identity Stores** page, click the ellipsis button for an identity store and select - **Edit**. -3. On the **Identity Store Details** page, update the required information on the **General** tab. - This page differs by provider. Refer to the steps for creating the respective provider in the - [Create an Identity Store](/docs/directorymanager/11.1/admincenter/identitystore/create.md) topic for more information. -4. Click **Save**. - -## Exclude an Active Directory Domain from Replication - -By default, Directory Manager replicates the domain specified for the identity store and its child -domains. You can exclude a domain or a child domain from replication, in which case the Replication -service will not replicate it. See the [Elasticsearch and Replication ](/docs/directorymanager/11.1/admincenter/replication/overview.md) -topic. - -You can still create and manage objects in an excluded domain using Directory Manager. - -**To exclude a domain:** - -1. In Admin Center, click **Identity Stores** in the left pane. -2. On the **Identity Stores** page, click the ellipsis button for an identity store and select - **Edit**. -3. On the **Identity Store Details** page, click the **Connection** tab. -4. In the **Excluded Domains** areas, select the check boxes for the domains you want to exclude - from replication. - To select all domains, select the check box in the header area. -5. Click **Save**. - -## Set DC Priority for an Active Directory Identity Store - -You can select a domain controller in an Active Directory domain to work with Directory Manager. -Data service and Replication service will connect to this domain controller to perform their -respective operations in the domain. In this way, you can ensure that the selected domain controller -is always available with minimum downtime. - -To understand how the DC priority function works, let’s assume the following: - -- gene.local is your parent domain with two child domains. -- You have four domain controllers in the parent domain: DC_N, DC_S, DC_E, and DC_W. -- You also have two domain controllers in each of the two child domains. - -You can set a separate DC priority list for the parent domain and each of the child domains. - -To create a DC priority list for a domain, list the domain controllers in the order of priority. -Let’s say you set priority for the parent domain as: - -Priority 1:     DC_E -Priority 2:    DC_S -DC_N and DC_W are not included in your priority list. - -When the Data service restarts for reasons such as IIS restart, it does the following: - -- The Data service attempts to connect to the first domain controller in the priority list, i.e., - DC_E. -- If DC_E is not available, the Data service attempts to connect to the second domain controller in - the priority list, i.e., DC_S. -- If DC_S is not available either, the Data service will resort to the normal lookup process. - -Normal lookup process for Data service - -Data service makes a connection with a domain controller through the System.DirectoryServices API. -It sends a request to the API, which, in turn, connects to any domain controller in the domain. In -this way, Data Service communicates with the domain controller to perform the required function. - -System.DirectoryServices does not evaluate the domain controller in the DC priority list for -creating a connection. Hence, in the above example, the API will connect to DC_N or DC_W. - -“Server Not Operational” error - -When Data service connects to a domain controller (say DC_E), it caches the domain logon information -and uses it to create all subsequent sessions with the domain controller. Hence it does not iterate -on the DC priority list every time it has to create a session. - -In case DC_E is down, the ‘Server Not Operational” error will be displayed in Directory Manager. It -indicates that Data service has lost connection with the domain and needs to re-establish a -connection. - -To resolve the error, restart IIS. In this way, Data service will make a connection again using the -process discussed above. It will connect to a different domain controller and cache the domain logon -information (and continue to make a session with this domain controller unless Data service is -restarted). - -DC priority and Replication - -Every time the Replication service is triggered, it consults the DC priority list to connect to a -domain controller for replication. If it is unable to connect to any domain controller in the -priority list, it reverts to the normal lookup process to connect to a domain controller in the -domain. - -In a nutshell - -- If DC priority is defined for a domain, Data service and Replication service will connect to a - domain controller in the domain using the defined DC priority list. If no domain controller in the - list is available, the services will rely on the normal lookup process to connect to a domain - controller in the domain. -- If DC priority is not defined for a domain, Data service and Replication service will connect to - it using the normal lookup process. - -**To set DC priority for a domain:** - -1. In Admin Center, click **Identity Stores** in the left pane. -2. On the **Identity Stores** page, click the ellipsis button for an identity store and select - **Edit**. -3. On the **Identity Store Details** page, click the **Connection** tab. The **DC Priority** area - displays two options: - - - **Set default priority:** This tile is selected by default and indicates that no DC priority - is set for the identity store domain. As a result, Data service and Replication service will - connect to it using the normal lookup process. - - **Choose my own priority:** Select this tile to set a DC priority list for the identity store - domain and its child domains, if any. - -4. On selecting the **Choose my own priority** tile, the following fields are displayed: - - 1. **Select Domain:** This drop-down list displays the identity store domain and its child - domains, if any. Excluded domains are not listed. Select a domain to define a DC priority - list for it. - Note that each domain in the list has either _Priority set_ or _Default Priority_ displayed - next to it. - - - _Priority set:_ indicates that DC priority has been defined for the domain, even if it is - set for one DC and not for all DCs in the domain. - - _Default Priority:_ indicates that priority has not been set for any DC in the domain. - - 2. The table displays the domain controllers in the selected domain. The **DC Name** column - displays the name of the DC while the **Priority** column displays the priority assigned to - it, with ‘1’ being the highest priority. When no priority is assigned to a DC, _Not set_ is - displayed for it. - You can choose to assign priority to selected DCs in the domain. For example, if a domain has - 4 DCs, you can set priority for two and leave the rest. - - - To assign priority to a domain controller, click **Set priority** for it. The **Priority** - column displays the priority assigned to it. To revoke priority, click **Reset priority**. - - To change the priority for a DC, click in the row, hold down the left mouse button, and - drag to change its position in the list. By default, "1" is assigned as priority to the - first DC in the list, followed by '2' to the second DC in the list, and so on. - - To revoke priority for all DCs in the domain, click **Reset all to default**. With this, - _Default Priority_ is displayed next to the domain in name in the **Select Domain** - drop-down list. - -5. Click **Save**. - -NOTE: When you change the DC priority for a domain or a child domain, it takes effect instantly. -Data service reestablishes a connection with a DC based on new priority. - -## Delete an Identity Store - -You can delete an identity store with all its configurations. As a result, Directory Manager cannot -be connected to that identity store, nor can it be used in a Synchronize job. - -NOTE: You cannot delete an identity store that has been linked to another identity store. You must -first delete the link(s) before deleting the identity store. - -**To delete an identity store:** - -1. In Admin Center, click **Identity Stores** in the left pane. -2. On the **Identity Stores** page, click the ellipsis button for an identity store and select - **Delete**. - -**See Also** - -- [Identity Stores](/docs/directorymanager/11.1/admincenter/identitystore/overview.md) -- [Configure an Identity Store](/docs/directorymanager/11.1/admincenter/identitystore/configure.md) -- [Replication Service](/docs/directorymanager/11.1/admincenter/service/replicationservice.md) diff --git a/docs/directorymanager/11.1/admincenter/identitystore/overview.md b/docs/directorymanager/11.1/admincenter/identitystore/overview.md deleted file mode 100644 index 77ffef2b15..0000000000 --- a/docs/directorymanager/11.1/admincenter/identitystore/overview.md +++ /dev/null @@ -1,37 +0,0 @@ -# Identity Stores - -Directory Manager enables you to create an identity store on an identity provider and perform -different functions in that provider through the identity store. These functions include: - -- Group management tasks, such as creating groups, scheduling group updates, and expiring groups. -- User management tasks, such as creating users and mailboxes, managing users’ profiles, and - managing direct reports. -- Bulk user provisioning and deprovisioning in an identity provider, database or even a file, such - as an Excel file. -- Entitlement related tasks, such as updating the effective NTFS permissions for shared resources on - a file server. -- Reporting and analytics. - -Directory Manager supports the following identity providers for creating an identity store, to -perform identity and access management tasks: - -- Active Directory -- Microsoft Entra ID -- Generic LDAP -- Google Workspace - -Identity stores created for these providers can also be used as source and destination in -Synchronize jobs for bulk user management tasks. - -You can also link Active Directory and Microsoft Entra ID identity stores to sync identical objects -there. - -NOTE: You can define a custom identity store for non-supported identity providers in Directory -Manager. Contact Netwrix Client Services for support. - -**See Also** - -- [Create an Identity Store](/docs/directorymanager/11.1/admincenter/identitystore/create.md) -- [Manage an Identity Store](/docs/directorymanager/11.1/admincenter/identitystore/manage.md) -- [Configure an Identity Store](/docs/directorymanager/11.1/admincenter/identitystore/configure.md) -- [Link Identity Stores](/docs/directorymanager/11.1/admincenter/identitystore/link/overview.md) diff --git a/docs/directorymanager/11.1/admincenter/notification/overview.md b/docs/directorymanager/11.1/admincenter/notification/overview.md deleted file mode 100644 index 3e9ecf5fcd..0000000000 --- a/docs/directorymanager/11.1/admincenter/notification/overview.md +++ /dev/null @@ -1,20 +0,0 @@ -# Notifications - -Directory Manager generates email notifications whenever certain events are triggered. The -notifications are sent to administrators, object owners and other specified recipients. - -To enable notifications, you must define an SMTP server for an identity store. Admin Center and the -Directory Manager portal, use the SMTP server for the respective identity store to send email -notifications. - -Templates for all kinds of email notifications are predefined in Directory Manager. These are -available in different languages, enabling you to customize a notification template for any -language. - -Since notification templates are global and work for all identity stores, any customization to a -template would change that notification for all identity stores. - -Directory Manager also features an email service that maintains a queue of all notification requests -generated by different identity stores, and sends them one by one. This is especially helpful when -the SMTP server for an identity store is down, as notifications stay in the queue until they are -delivered when the SMTP server is up again. diff --git a/docs/directorymanager/11.1/admincenter/portal/applications.md b/docs/directorymanager/11.1/admincenter/portal/applications.md deleted file mode 100644 index a9bdbc4b86..0000000000 --- a/docs/directorymanager/11.1/admincenter/portal/applications.md +++ /dev/null @@ -1,16 +0,0 @@ -# Directory Manage Applications - -Using Admin Center, you can create and manage the following Directory Manager applications: - -- [ Directory Manager Portal](/docs/directorymanager/11.1/admincenter/portal/overview.md) -- [Data Service](/docs/directorymanager/11.1/admincenter/service/dataservice/overview.md) -- [Security Service](/docs/directorymanager/11.1/admincenter/service/securityservice/overview.md) - -Moreover, you can manage some basic deployment and log settings for the following applications: - -- [Admin Center](/docs/directorymanager/11.1/admincenter/service/admincenter.md) -- [Replication Service](/docs/directorymanager/11.1/admincenter/service/replicationservice.md) -- [Email Service](/docs/directorymanager/11.1/admincenter/service/emailservice.md) -- [Scheduler Service](/docs/directorymanager/11.1/admincenter/service/schedulerservice.md) - -See the [Services](/docs/directorymanager/11.1/admincenter/service/overview.md) topic for additional information. diff --git a/docs/directorymanager/11.1/admincenter/portal/create.md b/docs/directorymanager/11.1/admincenter/portal/create.md deleted file mode 100644 index 3c99e61f01..0000000000 --- a/docs/directorymanager/11.1/admincenter/portal/create.md +++ /dev/null @@ -1,447 +0,0 @@ -# Create a Portal - -Admin Center lets you quickly build and deploy a web-based portal named Directory Manager portal, -for end-users to carry out user, group, and entitlement management tasks. Users can also view -detailed reports on the current state and health of the directory. - -You can create multiple Directory Manager portals as well as create multiple instances for a portal. - -You can also create a Self-Service Password Reset portal (SSPR), which is a kind of Directory -Manager portal that only facilitates password-related functions. - -## Host a Portal - -A portal is hosted on a web server, with native IIS, remote IIS, and Docker as the supported -servers. - -- IIS Deployment - Your Directory Manager portal is hosted within a site in IIS. To launch IIS, see - [Opening IIS Manager](https://learn.microsoft.com/en-us/previous-versions/iis/6.0-sdk/ms525920(v=vs.90)). - - ![in_iis](/img/product_docs/directorymanager/11.1/admincenter/portal/in_iis.webp) - -- Docker Deployment - For a Docker deployment, make sure you have a running instance of Docker - daemon in your environment. A portal runs within a container in Docker. - -## Deploy Multiple Instances of a Portal - -For load balancing and high availability, Directory Manager facilitates you to create multiple -Directory Manager portals, and even create multiple instances of the same portal. You may host -different instances on different web servers. For example, you can create two instances of a portal -while hosting one in native IIS and another in remote IIS. - -Multiple instances of a portal share the same design settings and the same server settings, except -that each instance has its own deployment settings. A change to the shared settings propagates to -all deployment instances. - -As multiple Data services and Security services can be created in Directory Manager, you can bind a -different Data service and Security service with each deployment instance of a portal. In this way, -different instances use different services for improved response times and load balancing. - -What do you want to do? - -- Create a Portal in Native IIS -- Create a Portal in Remote IIS -- Create a Portal in Docker -- Create a Self-Service Password Reset Portal -- Deploy Another Instance of a Portal -- Create a Portal by Copying an Existing Portal -- View the Details of a Portal -- Launch a Portal - -## Create a Portal in Native IIS - -When you create a portal in native IIS, Directory Manager does the following: - -- It creates a directory with the portal's name at the following physical path on the Directory - Manager server, and copies the portal files from its template directory to the new portal - directory: - X:\Program Files\Imanami\GroupID 11.0\GroupIDPortal\Inetpub\ - (X represents the Directory Manager installation drive) -- It also creates a virtual directory for the portal in your desired IIS site. - -The portal runs within a virtual directory in native IIS while the portal files are physically -located on disk. - -**To create a portal:** - -1. In Admin Center, click **Applications** in the left pane. -2. Click **Add Application**. -3. On the next page, select **GroupID Portal** and click **Next step**. -4. On the **Create GroupID Application** page, make sure the **IIS** tile is selected. -5. In the **Application Name** box, enter a unique name for the portal or use the default name. The - portal is displayed with this name in Directory Manager. -6. In the **Deployment Name** box, enter a deployment name for the portal. This name is used to - indicate the deployment instance for the portal in Directory Manager. - A portal can have multiple deployments, for example, one in IIS and another in Docker. - The application name and deployment name are displayed on the portal card on the **GroupID - Portal** tab. - - ![portal_card](/img/product_docs/directorymanager/11.1/admincenter/portal/portal_card.webp) - -7. In the **IIS Application Name** box, enter an IIS deployment name for the portal. This name - should be unique for each portal deployed in IIS. - - - The IIS application name is used to name the portal's directory in IIS and its physical - directory under **X:\Program Files\Imanami\GroupID 11.0\GroupIDPortal\Inetpub** on the - Directory Manager server. - (X represents the Directory Manager installation drive) - - This IIS application name is also appended to the web server address to construct the URL that - users click to access this deployment instance of the portal. For example: - `https://web-server-name:port/IIS-application-name` - Hence, a different URL is constructed for each deployment of a portal in IIS. - -8. In the **IIS Site** drop-down list, select a website to host the portal files. The list displays - the websites defined on the native IIS server. _GroupIDSite11_ is the default selection. -9. In the **Service Endpoints** area, bind a Data service and a Security service with the portal. - - 1. In the **Data Service** drop-down list, select a Data service for the portal to use. The list - contains all Data services defined in Directory Manager. - 2. In the **Security Service** drop-down list, select a Security service for the portal to use. - Thelist contains all Security services defined in Directory Manager. - -10. In the **Support Information** area, enter internal contact information and resource links for - the portal's users to obtain help while using the portal. - A portal includes a **Contact** link and a **Help** icon on its web interface. The **Contact** - link launches an email application to send an email to a user or helpdesk for inquiries or - support. The **Help** icon launches the online help for the portal in a new browser window. Both - links are customizable, and their target email address or web address is specified in the - **Support Information** area. - - 1. In the **Support group or administrator's email address** box, enter the email address of a - group or user to redirect user queries to. This email address is mapped to the **Contact** - link in the portal. - 2. In the **Help URL** box, specify the address of your company's internal support website or - the portal's help page, where portal users can find support material or report a problem. By - default, this box displays the URL of the portal's help published by Netwrix. - This URL is mapped to the **Help** icon in the portal. - -11. (Optional) Select the **Password Center Mode** check box to create this portal as a Self-Service - Password Reset portal (SSPR). A SSPR portal does not offer the standard functions of a Directory - Manager portal, such as group management, user management, or entitlement management, but is - exclusively dedicated to password-relation activities. This portal enables users to manage their - directory account passwords, i.e., the password for the account they use to access their - workstations and other Microsoft services. Users can change and reset their passwords, as well - as unlock their accounts. They can also enroll their accounts in Directory Manager and link - accounts in different identity stores. - - The SSPR portal does not have design settings and advanced settings, like a standard Directory - Manager portal has. For this reason, the following configurations are not available on selecting - the **Password Center Mode** check box: - - - The **Import Design** option for identity stores in the Select Identity Stores area - - The Advanced Settings area - - NOTE: Directory Manager does not support the upgrade of a Password Center portal (from a - previous version) to an SSPR portal. You have to create the SSPR portal as a new portal. - -12. In the **Select Identity Stores** area, select the check boxes for the identity stores you want - to associate with the portal. Users in the associated identity stores can sign into the portal - to manage directory objects, their directory profiles, and more. - While associating identity store(s), you may get the following message: - - ![linked_message](/img/product_docs/directorymanager/11.1/admincenter/portal/linked_message.webp) - - This relates to the scenario when identity stores in Directory Manager have been linked, as - discussed in the - [Linked Identity Stores and the Directory Manager Portal](/docs/directorymanager/11.1/admincenter/identitystore/link/overview.md#linked-identity-stores-and-the-directory-manager-portal) - topic. Hence, when two identity stores, IdentityStoreA and IdentityStoreB, are linked and you - associate IdentityStoreA with the portal, this message is displayed. It alerts you to associate - the second identity store in the linked pair (dentityStoreB) with the portal too, in order to - benefit from the linking. - -13. Each identity store associated with a portal has its own set of design settings, as listed in - the [Design a Portal with Display Types](/docs/directorymanager/11.1/admincenter/portal/displaytype/overview.md) topic. - - If you are upgrading to Directory Manager 11 from GroupID 9 or GroupID 10, you can import the - design settings for an identity store from a Self-Service portal in a previous version - as an - alternate to defining these settings from scratch. Following are the details of the file - containing identity store design settings for a Self-Service portal in GroupID 9 and 10: - - **Design file name:** ``..xml. - - For example: ADStore.xml - A separate design file exists for each identity store linked with a Self-Service portal. - - **File location in GroupID 9/10:** [GroupID installation drive]:\Program Files\Imanami\GroupID - `version`\SelfService\Inetpub\<portal name>\Design\ - For example: C:\Program Files\Imanami\GroupID 10.0\SelfService\Inetpub\TestPortal\Design\ - - Similarly, a separate file exists for each linked combo created in the Self-Service portal. - **Linked combo file name:** The file has the same name as that of the linked combo in the - portal.for example, Country-State.xml - **File location in GroupID 9/10:** All linked combo files, regardless of the identity store they - are used for, are available at the following path: - [GroupID installation drive]:\Program Files\Imanami\GroupID - `version`\SelfService\Inetpub\<portal name>\Web\LinkedCombo\ - For example: C:\Program Files\Imanami\GroupID - 10.0\SelfService\Inetpub\TestPortal\Web\LinkedCombo\ - - **To import the design file and linked combo file(s), do the following:** - - 1. As a prerequisite to Directory Manager 11 upgrade, the folder structure for the source - version was copied to the Directory Manager 11 server. In this case, the design and linked - combo files for all portals in the previous version are already available on the machine. - Else copy the above mentioned files for the respective identity stores associated with the - Self-Service portal, and place them on your local machine or a shared network location. - 2. In he **Select Identity Stores** area, click **Import Design** next to an identity store name - to import the design file for it. - 3. Browse for the file to select and import it. The import process takes a while. - Each identity store associated with a Self-Service portal has its own design file, so make - sure you import the correct file. For example, if Identity Store A is associated with two - Self-Service portals, then these will be two different design files for the same identity - store, though at different locations. - 4. After the file is uploaded, a message is displayed, showing the number of linked combos - defined in the imported design settings and prompting you to import the respective linked - combo files. - Browse to the location of the linked combo files and import those that represent the linked - combos defined in the design settings. - -14. A portal has certain advanced settings defined for it, as discussed in the - [Manage Advanced Settings](/docs/directorymanager/11.1/admincenter/portal/server/advanced.md) topic. - If you are upgrading to Directory Manager 11 from GroupID 9 or GroupID 10, you can import the - advanced settings of a Self-Service portal from a previous version as an alternate to defining - settings from scratch. Following are the details of the file containing advanced settings for a - Self-Service portal in GroupID 9 and 10: - - **File name:** server.xml. A separate file exists for each Self-Service portal. - **File location in GroupID 9/10:** [GroupID installation drive]:\Program Files\Imanami\GroupID - `version`\SelfService\Inetpub\<portal name>\ - For example: C:\Program Files\Imanami\GroupID 10.0\SelfService\Inetpub\TestPortal\ - - **To import the file, do the following:** - - 1. As a prerequisite to Directory Manager 11 upgrade, the folder structure for the source - version was copied to the Directory Manager 11 server. In this case, the server.xml file for - all portals in the previous version is already available on the machine. Else copy the - server.xml file for the Self-Service portal whose advanced settings you want to import, and - place it on your local machine or a shared network location. - 2. On the **Create GroupID Application** page, click **Import Settings** in the **Advanced - Settings** area. - 3. Browse for the file to select and import it. The import process takes a while. - -15. Click **Create Application**. - The new portal is displayed on the **GroupID Portal** tab. You can differentiate between a - standard Directory Manager portal and a SSPR portal from the portal logo, as each portal type - has its own logo. - -## Create a Portal in Remote IIS - -You can host a portal within a site in remote IIS. For this, you need to connect with the Microsoft -IIS Administration API running on the remote IIS machine. - -When you create a portal in remote IIS, Directory Manager does the following: - -- It creates a virtual directory for the portal in a preconfigured site in remote IIS. -- It creates a physical directory for the portal in the folder that is mapped to this preconfigured - site. - -The portal runs within a virtual directory in remote IIS while the portal files are physically -located on disk. - -To learn about the remote IIS settings and configurations before hosting a portal, see -the[Prerequisites for Deployments in Remote IIS](/docs/directorymanager/11.1/admincenter/portal/remoteiisprerequisites.md) topic. - -**To create a portal:** - -1. In Admin Center, click **Applications** in the left pane. -2. Click **Add Application**. -3. On the next page, select **GroupID Portal** and click **Next step**. -4. On the **Create GroupID Application** page, select the **Remote IIS** tile. -5. In the **Application Name** box, enter a unique name for the portal or use the default name. The - portal is displayed in Directory Manager with this name. -6. In the **Deployment Name** box, enter a deployment name for the portal. This name is used to - indicate the deployment instance for the portal in Directory Manager. A portal can have multiple - deployments, for example, one in IIS and another in Docker. - The application name and deployment name are displayed on the portal card on the **GroupID - Portal** tab. -7. In the **API URL** box, enter the URL of the API to use for communicating with the remote IIS - server. - Make sure the - [Microsoft IIS Administration API](https://learn.microsoft.com/en-us/iis-administration/) is - installed as a Windows service on the remote IIS machine. Fetch the URL of this API from remote - IIS and provide it here to enable communication. -8. In the **Access Token** box, enter the access token to allow Admin Center to access the Microsoft - IIS Administration API. This access token is generated from the Microsoft IIS Administration - API's interface. -9. In the **Username** and **Password** boxes, enter the credentials of a Windows account to - communicate with the API. This account must have access to the remote IIS machine, with - sufficient permissions to enable you to create and manipulate objects in IIS. -10. In the **IIS Application Name** box, enter an IIS deployment name for the portal. This name - should be unique for each portal deployed within the same site in remote IIS. - - - The IIS application name is used to name the portal's directory in the IIS site and its - physical directory on the remote IIS machine. The physical directory is created within the - folder that is mapped to the preconfigured site, and portal files are copied to it. - - This IIS application name is also appended to the web server address to construct the URL that - users click to access this deployment instance of the portal. For example: - `https://web-server-name:port/IIS-application-name` - Hence, a different URL is constructed for each deployment of a portal in remote IIS. - -11. On providing the above information, the **Website** drop-down list displays the sites defined on - the remote IIS server. Select the site that you have configured with the appropriate permissions - for Directory Manager. -12. To enter information in the **Service Endpoints**, **Support Information**, **Password Center - Mode**, **Select Identity Stores**, and **Advanced Settings** areas and create the portal, - follow the steps in the Create a Portal in Native IIS topic, starting at step 9. - -## Create a Portal in Docker - -Directory Manager enables you to host a portal in Docker. For this, you need to connect with the API -running on a Docker deamon in your environment, so that Directory Manager can create a container for -the portal there and run the portal from within that container. - -For an overview on application deployment in Docker, see the -[Prerequisites for Deployments in Docker](/docs/directorymanager/11.1/admincenter/portal/dockerprerequisites.md) topic. - -NOTE: To host the portal, Docker daemon should be configured to run Windows containers. - -**To create a portal:** - -1. In Admin Center, click **Applications** in the left pane. -2. Click **Add Application**. -3. On the next page, select **GroupID Portal** and click **Next step**. -4. On the **Create GroupID Application** page, select the **Docker** tile. -5. In the **Application Name** box, enter a unique name for the portal or use the default name. The - portal is displayed in Directory Manager with this name. -6. In the **Deployment Name** box, enter a deployment name for the portal. This name is used to - indicate the deployment instance for the portal in Directory Manager. A portal can have multiple - deployments, for example, one in IIS and another in Docker. - The application name and deployment name are displayed on the portal card on the **GroupID - Portal** tab. -7. In the **Port** box, enter the port for the host machine to map the container to host ports. By - default, the container port is 443. - This enables network access to the portal in Docker over this port. -8. In the **Service URL** box, enter the API URL to use for accessing and communicating with Docker - Engine. - On installing Docker Engine, you must expose an API over TCP on the same machine to enable - communication with Directory Manager. - The URL you provide in the **Service URL** box identifies the Docker deamon where you want to - host the portal. -9. In the **Container Name** box, enter a name for the container that is created in Docker for - deploying the portal. -10. For entering information in the **Service Endpoints**, **Support Information**, **Password - Center Mode**, **Select Identity Stores**, and **Advanced Settings** areas and create the - portal, follow the steps in the Create a Portal in Native IIS topic, starting at step 9. - -## Create a Self-Service Password Reset Portal - -A Directory Manager portal can be created as a Self-Service Password Reset portal (SSPR in native -IIS, remote IIS, and Docker. A SSPR portal only provides password management functions to end-users. - -Creating an SSPR portal is similar to creating a standard Directory Manager portal; you only have to -select the **Password Center Mode** check box on the Create GroupID Application page. For details, -see Step 11 in the he Create a Portal in Native IIS topic. - -NOTE: Directory Manager does not support the upgrade of a Password Center portal (from a previous -version) to an SSPR portal. You have to create the SSPR portal as a new portal. - -## Deploy Another Instance of a Portal - -You can deploy more than one instance of a portal. Instances can be deployed in different web -servers, for example, one in IIS, another in remote IIS, and yet another in Docker. For more on how -instances work, see the Deploy Multiple Instances of a Portal topic. - -To deploy a new instance, you have to provide deployment details only. All instances share the same -server and design configurations, while only deployment details differ. For example, all instances -serve the same identity stores and have the same display and search-related configurations. Changing -a shared setting propagates to all deployment instances of the portal. - -NOTE: A SSPR portal does not have design settings. Hence, only server settings are shared across -multiple instances. - -**To deploy an instance:** - -1. In Admin Center, select **Applications** in the left pane. -2. On the **GroupID Portal** tab, click the ellipsis button for a portal and select **Deploy Another - Instance**. -3. On the **Deploy Another Instance** page, select the **IIS**, **Remote IIS**, or **Docker** tile - to indicate the web server where you want to deploy the instance. - The **Application Name** field displays the name of the portal as read-only. -4. Fields on the page vary, depending on the web server selected. In any case, the **Support - Information**, **Select Identity Stores**, and **Advanced Settings** areas are not available, as - they remain the same for all instances. - - - To deploy an instance in native IIS, follow steps 6-9 in the Create a Portal in Native IIS - topic. - - To deploy an instance in remote IIS, follow steps 6-12 in the Create a Portal in Remote IIS - topic. - - To deploy an instance in Docker, follow steps 6-10 in the Create a Portal in Docker topic. - -5. After entering the required information, click **Deploy Instance**. - The new instance is displayed on the portal's card. - -## Create a Portal by Copying an Existing Portal - -You can create a new portal by copying an existing portal. All server and design configurations of -the template portal are duplicated to the new portal. Deployment details are not duplicated, so you -can choose to deploy the new portal in any of the supported web servers. Consider the following: - -- You can create a SSPR portal by copying a standard Directory Manager portal. In this case, the - design settings of the base portal are not duplicated as the SSPR portal does not have design - settings. -- You can create a standard Directory Manager portal by copying a SSPR portal. As the SSPR portal - does not have design settings, the new portal is created with the default design settings. You can - modify them as needed. - -**To create a portal:** - -1. In Admin Center, select **Applications** in the left pane. -2. On the **GroupID Portal** tab, click the ellipsis button for a portal and select **Copy**. - The **Copy GroupID Application** page is displayed; populated with the following settings of the - copied portal: - - - The Data service and Security service linked to the portal - - The support information for the portal, i.e., the admin/helpdesk contact email address and the - portal's help URL - - The identity store(s) associated with the portal - -3. You can deploy the new portal in native IIS, remote IIS, or Docker. - - - To specify settings for a native IIS deployment, follow the instructions in the Create a - Portal in Native IIS topic, beginning at step 4. - - To specify settings for a remote IIS deployment, follow the instructions in the Create a - Portal in Remote IIS topic, beginning at step 4. - - To specify settings for a Docker deployment, follow the instructions in the Create a Portal in - Docker topic, beginning at step 4. - -## View the Details of a Portal - -1. In Admin Center, click **Applications** in the left pane. - The **GroupID Portal** tab displays the portals that you have created. -2. The card for a portal displays the following information: - - | Info | Description | - | -------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | - | Name | The name given to the portal. Next to the portal name is the portal logo, which enables you to differentiate between a standard Directory Manager portal and a SSPR portal, as each portal type has its own logo. | - | Identity Stores | The names of the identity stores the portal serves. | - | Deployment Instances | Displays the deployment instance(s) of the portal as tiles. A tile shows the deployment name of the instance and the web server where it is deployed. | - | Status | A portal has one of the following statuses: - **Running:** Indicates that the portal is up and running. - **Stopped:** Indicates that Directory Manager is unable to communicate with the portal. To troubleshoot, go to the web server where the portal is deployed and make sure the portal is running. - **Error:** Any issue other than _stopped_ is categorized as _error_. In this case, contact your system administrator. | - | Launch Application | Click this link to launch the portal. When multiple deployments of a portal are available, select the tile for a deployment instance and click this link to launch that instance. | - | Ellipsis | Click it to launch a shortcut menu with the following options: - **Settings:** Launches the portal settings page, where you can manage server and design settings. - **Server Settings:** Includes the deployment details of each portal instance, the help URL for the portal, the identity stores linked with the portal, and more. - **Design settings:** These settings relate to the portal's user interface. - **Deploy Another Instance:** Enables you to deploy another instance of the portal. - **Copy:** Enables you to create a new portal by copying the settings of this portal. - **Delete:** Deletes the portal. | - -You may notice a portal with an orange card and an orange icon on the card. On hovering the mouse -over the icon, the tooltip says that _linked mode will not be allowed_. This relates to the scenario -when identity stores in Directory Manager have been linked, as discussed in the -[Linked Identity Stores and the Directory Manager Portal](/docs/directorymanager/11.1/admincenter/identitystore/link/overview.md#linked-identity-stores-and-the-directory-manager-portal) -topic. Hence, when two identity stores, IdentityStoreA and IdentityStoreB, are linked and you -associate IdentityStoreA with the portal, the portal card appears in orange. It informs you to -associate the second identity store in the linked pair (dentityStoreB) with the portal too, in order -to benefit from the linking. - -## Launch a Portal - -1. In Admin Center, select **Applications** in the left pane. -2. On the **GroupID Portal** tab, click **Launch Application** on a portal's card to launch it. - - When multiple deployments of a portal are available, select a deployment instance on the card - and click **Launch Application** to launch that instance. - - Provide the URL of an instance to your users so they can access the portal. You can either copy - the URL from the address bar or from a portal's deployment settings. See the - [View the Launch URL for an Instance](server/nativeiis.md#view-the-launch-url-for-an-instance) - topic. - -**See Also** - -- [Directory Manage Applications](/docs/directorymanager/11.1/admincenter/portal/applications.md) -- [ Directory Manager Portal](/docs/directorymanager/11.1/admincenter/portal/overview.md) diff --git a/docs/directorymanager/11.1/admincenter/portal/displaytype/custom.md b/docs/directorymanager/11.1/admincenter/portal/displaytype/custom.md deleted file mode 100644 index 40d0131fd7..0000000000 --- a/docs/directorymanager/11.1/admincenter/portal/displaytype/custom.md +++ /dev/null @@ -1,49 +0,0 @@ -# Define Custom Display Types - -In Directory Manager, several predefined custom display types are used in the default portal -template. To customize the portal, you can use the predefined custom display types as well as define -new ones. - -- [Text Box Display Type](/docs/directorymanager/11.1/admincenter/portal/displaytype/textbox.md) -- [Drop-down List Display Type](/docs/directorymanager/11.1/admincenter/portal/displaytype/dropdownlist.md) -- [Linked Field Drop-down List Display Type](/docs/directorymanager/11.1/admincenter/portal/displaytype/linkeddropdown.md) -- [Image Display Type](/docs/directorymanager/11.1/admincenter/portal/displaytype/image.md) -- [Grid Display Type](/docs/directorymanager/11.1/admincenter/portal/displaytype/grid.md) -- [Radio Button Display Type](/docs/directorymanager/11.1/admincenter/portal/displaytype/radio.md) -- [Multiline Textbox Display Type](/docs/directorymanager/11.1/admincenter/portal/displaytype/multilinetextbox.md) -- [Multi-Valued Control Display Type](/docs/directorymanager/11.1/admincenter/portal/displaytype/multivaluedcontrol.md) -- [Linked Combo Display Type](/docs/directorymanager/11.1/admincenter/portal/linkedcombo/overview.md) - -## How to Implement Display Types - -On the Search Forms, Properties, Create Object, and Property Validation pages in a portal’s design -settings, select a schema attribute and a display type to link them. - -On linking, the display type is rendered on the portal’s page; enabling users to view or specify a -value for the linked attribute. - -## Delete a Custom Display Type - -You can delete custom display types, including linked combos. - -NOTE: You cannot delete a custom display type that has been linked to a field in the portal. - -To delete a custom display type: - -1. In Admin Center, select **Applications** in the left pane. - On the **GroupID Portal** tab, a portal's card displays its info. -2. Click the ellipsis button for a portal and select **Settings**. -3. Select an identity store under **Design Settings** to delete a custom display type for it. - All identity stores associated with the portal are listed under **Design Settings**. You can - design a different portal for each of these. -4. Click **Custom Display Types** in the left pane. - - - On the **Simple Types** tab, click **Delete** for a custom display type to delete it. - - On the **Linked Combo Types** tab, click **Delete** for a linked combo to delete it. - -5. Click **Save**. - -**See Also** - -- [Design a Portal with Display Types](/docs/directorymanager/11.1/admincenter/portal/displaytype/overview.md) -- [Display Type Categories](/docs/directorymanager/11.1/admincenter/portal/displaytype/categories.md) diff --git a/docs/directorymanager/11.1/admincenter/portal/displaytype/overview.md b/docs/directorymanager/11.1/admincenter/portal/displaytype/overview.md deleted file mode 100644 index f57f0c85c3..0000000000 --- a/docs/directorymanager/11.1/admincenter/portal/displaytype/overview.md +++ /dev/null @@ -1,54 +0,0 @@ -# Design a Portal with Display Types - -Display types enable you to control the layout and appearance of a Directory Manager portal and its -pages. They also enable you to expose the required functionality and data fields in the portal. - -You can associate multiple identity stores with a portal and design a different portal for each -identity store. Adding links to the navigation bar, adding pages to the portal, and adding fields to -pages are some customization examples. In this way, the portal offers a different design and -functionality for each associated identity store. - -You can customize the following for a portal: - -- **Search Forms:** control the fields to be displayed on different search forms and search result - pages in a portal. See the [Customize Search Forms](/docs/directorymanager/11.1/admincenter/portal/design/form/searchforms.md) and - [Customize Search Results](/docs/directorymanager/11.1/admincenter/portal/design/form/searchresults.md) topics. -- **Quick Search:** control the schema attributes for quick search to run on. See the - [Customize Quick Search](/docs/directorymanager/11.1/admincenter/portal/design/form/quicksearch.md) topic. -- **Properties:** control what properties of directory objects you want to display in a portal. See - the [Customize Properties Pages](/docs/directorymanager/11.1/admincenter/portal/design/objectproperties.md) topic. -- **Toolbars:** customize the buttons on the portal toolbars. See the - [Customize the Toolbars](/docs/directorymanager/11.1/admincenter/portal/design/toolbars.md) topic. -- **Navigation Bar:** customize the left navigation bar in a portal. See the - [Customize the Navigation Bar](/docs/directorymanager/11.1/admincenter/portal/design/navigationbar.md) topic. -- **Bad Words List:** restrict users from entering bad or offensive words while using a portal. See - the [Manage the Bad Words List](/docs/directorymanager/11.1/admincenter/portal/design/badwords.md) topic. -- **Import/Export Attributes:** specify schema attributes to be used for importing/exporting members - and additional owners for groups. See the - [Specify Attributes for Import/Export of Group Owners and Members](/docs/directorymanager/11.1/admincenter/portal/design/importexport.md): - topic. -- **Create Object Wizards:** control the schema attributes displayed in the portal for creating - different object types. See the - [Customize the Create Object Wizards](/docs/directorymanager/11.1/admincenter/portal/design/createobject.md) topic. -- **Query Attributes:** control which schema attributes to display in the portal for creating - queries for Smart Groups ad Dynasties. See the - [ Specify Smart Group Query Attributes](/docs/directorymanager/11.1/admincenter/portal/design/queryattributes.md) topic. -- **Property Validation:** manage the schema attributes for user profile validation and group - attestation. See the [Manage Property Validation Attributes](/docs/directorymanager/11.1/admincenter/portal/design/propertyvalidation.md) - topic. -- **Organizational Hierarchy:** specify user attributes for display on the organizational hierarchy - chart. See the - [Specify Attributes for Organizational Hierarchy](/docs/directorymanager/11.1/admincenter/portal/design/organizationalhierarchy.md) topic. -- **Card View:** specify the attributes to be displayed on an object card. See the - [Specify Attributes for the Object Card](/docs/directorymanager/11.1/admincenter/portal/design/objectcard.md) topic. -- **Object List View:** specify the attributes to be displayed for similar groups on the **Similar - Groups** tab in group properties. See the - [Specify Attributes for Object List View](/docs/directorymanager/11.1/admincenter/portal/design/objectlist.md) topic. - -NOTE: Design settings are available for a standard Directory Manager portal, and not for a -Self-Service Password Reset portal. - -**See Also** - -- [Display Type Categories](/docs/directorymanager/11.1/admincenter/portal/displaytype/categories.md) -- [Define Custom Display Types](/docs/directorymanager/11.1/admincenter/portal/displaytype/custom.md) diff --git a/docs/directorymanager/11.1/admincenter/portal/linkedcombo/details.md b/docs/directorymanager/11.1/admincenter/portal/linkedcombo/details.md deleted file mode 100644 index 8fb2aaf8c1..0000000000 --- a/docs/directorymanager/11.1/admincenter/portal/linkedcombo/details.md +++ /dev/null @@ -1,30 +0,0 @@ -# Linked Combo Type - Details - -Enter the following details about the linked combo on the **Details** page of the **Linked Combo -Display Type** wozard: - -1. Enter a name for the linked combo in the **Linked Combo Name** box. - You cannot change the name of a custom display type once you have created it. -2. Next, specify the data source for the linked combo. You can either use an already uploaded file - or upload a new one. - - - Use the **Available Data Sources** drop-down list to select an already uploaded file. This may - be required, for example, when your source file contains the data and relationships for - several fields, and you want to manage those relationships using multiple linked combos rather - than one combo. Hence the need to upload the same file for multiple linked combos. - The list displays all the data source files previously used to create linked combos for this - portal. To export a file, select it and click **Export**. The file is saved to the download - location set in your browser settings. - - To upload a new file, click **Browse** next to the **File Name** box and select the XML or - Microsoft Excel file containing the data to populate the linked combo and the display types - linked to it. - - If the source file is a Microsoft Excel (.xls or .xlsx) file, Directory Manager automatically - creates its XML version to process it. To learn about the Excel file format, see the - [Excel Data File Format](/docs/directorymanager/11.1/admincenter/portal/linkedcombo/fileformat.md) topic. - -3. Click **Next**. - -See Also - -- [Linked Combo Display Type](/docs/directorymanager/11.1/admincenter/portal/linkedcombo/overview.md) diff --git a/docs/directorymanager/11.1/admincenter/portal/linkedcombo/overview.md b/docs/directorymanager/11.1/admincenter/portal/linkedcombo/overview.md deleted file mode 100644 index fcc17b6db9..0000000000 --- a/docs/directorymanager/11.1/admincenter/portal/linkedcombo/overview.md +++ /dev/null @@ -1,173 +0,0 @@ -# Linked Combo Display Type - -A linked combo is a custom display type that you can link to other display types on a portal page. -When a user selects a value from a linked combo, the values for the display types linked to it are -populated accordingly. A common application of the linked combo involves the _country, state_, and -_city_ fields. When a user selects a country, the _state_ field changes to display the states in -that country. On selecting a state, the city field displays the cities in that state. - -In the default portal template, one linked combo display type _CountryState_ is defined, that -establishes a relationship between the country and state fields. Selecting a country populates the -_State_ list. - -A linked combo display type also allows for more complex linking between fields, such as would be -needed to link the office, city, state, and country fields. Relationships can be extended to any -level. You can define one linked combo display type to manage these relationships, or simplify the -task by defining multiple combos, for example: - -- The first linked combo establishes a relationship between the country and state fields. -- The second linked combo establishes a relationship between the state and city fields. -- The third establishes a relationship between the city and office fields. - -Before creating a linked combo, you must create and maintain an external data file containing the -data and relationships for the required fields. The data source file is used to populate the linked -combo and the fields linked to it. - -NOTE: When defining a linked combo, consider the following: - -- You can define multiple linked combos for an object, provided that different attributes are used - for the combos. For example, you define a linked combo for the user object using the company, - department, and title attributes. To define another combo for the user object, you cannot use any - of the previously used attributes. -- For two different object types, you can use the same attributes in different linked combos. - -#### Linked Combo Data File - -The linked combo requires an XML file that contains the data for the display type itself and the -other display types that will be linked to it. Directory Manager also supports the Microsoft Excel -file format (.xls or .xlsx), that it automatically converts to XML. The data in the Excel file must -be in a specific format for Directory Manager to process it. - -For information about the Excel file format, see the [Excel Data File Format](/docs/directorymanager/11.1/admincenter/portal/linkedcombo/fileformat.md) topic. - -NOTE: If data in the source file is updated, you must reload the file for changes to take effect. - -## Define a Linked Combo Display Type - -1. In Admin Center, select **Applications** in the left pane. - On the **GroupID Portal** tab, a portal's card displays its info. -2. Click the ellipsis button for a portal and select **Settings**. -3. Select an identity store under **Design Settings** to define a custom display type for it. - All identity stores associated with the portal are listed under **Design Settings**. You can - design a different portal for each of these. -4. Click **Custom Display Types** in the left pane. -5. On the **Custom Display Types** page, click the **Linked Combo Types** tab. -6. Click **Add** to define a linked combo display type. -7. Complete the pages of the **Linked Combo Display Type** wizard. - - 1. On the **Details** page, provide the source data file. See the - [Linked Combo Type - Details](/docs/directorymanager/11.1/admincenter/portal/linkedcombo/details.md) topic for more info. - 2. On the **Schema** page, define the parent-child relationship between fields. See the - [Linked Combo Type - Schema](/docs/directorymanager/11.1/admincenter/portal/linkedcombo/schema.md) topic for details. - -8. Click **OK**. -9. Click **Save** on the **Custom Display Types** page. - The linked combo display type is listed on the **Linked Combo Types** tab. - -## Implement a Linked Combo - -To use a linked combo in a portal, do the following: - -1. Link a linked combo display type to a schema attribute on the **Search Forms**, **Properties**, - **Create Object**, or **Property Validation** page in Design settings. The linked combo is - rendered as a drop-down list in the portal. - On the **Schema** page of the **Linked Combo Display Type** wizard, you selected an expression - (representing a data column in the source Excel workbook) in the **Type binding expression** - drop-down list. Each record in this column will be displayed as a value in the drop-down list in - the portal. When a user selects a value, it will be stored as the value of the schema attribute - mapped to the linked combo display type. -2. The fields listed in the **Linked Field** list on the **Schema** page are already mapped to - schema attributes. For all fields that you use in a linked combo, one of the following cases - apply: - - - If a field’s schema attribute is already rendered as a field on the same portal page, it auto - connects to the linked combo. Values in this field are displayed with respect to the - expression mapped to it on the **Schema** page. - Let’s assume you select a field, Country, in the _Linked Field_ list, which is mapped to the - “co” attribute in Active Directory. You link it to the ‘Country Name’ column in the source - file. This column contains the names of all the countries in the world. - Now in the default portal template, the ‘co’ attribute is already rendered as a drop-down list - on the _General_ tab in user properties and displays the names of Asian countries. When you - apply your linked combo (containing the Country field) on the General tab, it auto-connects to - the ‘co’ attribute and replaces its values (the list of Asian countries) with the values from - the source data file (the names of all countries of the world). - - If a field’s schema attribute is not previously used on the same portal page as the linked - combo, the field will not be displayed in the portal. You must link this attribute to a - display type and render it on the same portal page as the linked combo. Values in this field - will be displayed with respect to the expression mapped to it on the **Schema** page. - - In any case, set the display type of each field in a linked combo to a _Textbox_ or _Dropdown_ - list, depending on the kind of values it would hold. - -### Example Case for Implementing a Linked Combo - -In this example, we will link a linked combo display type to the Company attribute (field) on the -General tab of the user properties page in the portal. Next, we will present how the fields used in -the linked combo should be rendered on the General tab, so that the fields are connected. - -#### Step 1: Link a Linked Combo to a Schema Attribute - -1. In Admin Center, select **Applications** in the left pane. -2. Click the ellipsis button for a portal and select **Settings**. -3. Select an identity store under **Design Settings.** -4. In the left pane, click **Properties**. -5. On the **Properties** page, select _User_ in the **Select Directory Object** list. -6. The names of all tabs on the portal’s user properties page are listed under **Name**. To render - the linked combo on the **General** tab, click **Edit** for it. -7. On the **Edit Design Category** pane, let’s link the _Company_ field to the linked combo. Click - **Edit** for the _Company_ field. -8. On the **Edit Field** pane, select a schema attribute to map your linked combo to, and in the - **Display Type** drop-down list, select your linked combo display type. -9. Click **OK** on the panes to close them. -10. Click **Save** on the **Custom Display Types** page. - -The _Company_ field would be displayed as a drop-down list on the _General_ tab of the user -properties page in the portal. Values in this list will be populated from the combo’s source data -file, with respect to the expression selected in the **Type Binding Expression** drop-down list on -the **Linked Combo Display Type** wizard. - -#### Step 2: Render the Linked Fields in the Combo on the Portal - -If the fields defined in a linked combo are already rendered on the same portal page as the linked -combo, make sure that the appropriate display type is used for them. Some examples are shown in the -table below. - -On the other hand, if the fields defined in a linked combo are not available on the same portal page -as the linked combo, you must create the fields first. These fields must be linked to the same -schema attributes as the combo’s fields are linked with, and an appropriate display type must be set -for them. The following table shows an example of the field names and the display types to set for -them. - -| Field | Display Type to use | Notes | -| ------- | ------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Country | Drop-down list | Create a Drop-down List display type and use it for this field or use the default drop-down list, lstCountry. lstCountry has values defined for it, which may produce undesirable results. | -| State | Drop-down list | Create a Drop-down List display type and use it for this field or use the default drop-down list, lstState. | -| City | Drop-down list | Create a Drop-down List display type and use it for this field or use the default drop-down list, lstCity. | -| Address | Text box | Use a simple text box display type with this field | -| Zip | Text box | Use a simple text box display type with this field or use the default textbox display type, maskZIPCode. This default display type comes with a validation check that ensures that users enter the zip code in the required format. | - -## Reload the Source Data File - -When you update data in the source file, you must also reload the file for changes to take effect. - -**To reload the file:** - -1. In Admin Center, select **Applications** in the left pane. - On the **GroupID Portal** tab, a portal's card displays its info. -2. Click the ellipsis button for a portal and select **Settings**. -3. Select an identity store under **Design Settings** to define a custom display type for it. - All identity stores associated with the portal are listed under **Design Settings**. You can - design a different portal for each of these. -4. Click **Custom Display Types** in the left pane. -5. On the **Custom Display Types** page, click the **Linked Combo Types** tab. -6. Click **Edit** for a linked combo to reload the source data file for it. The **Linked Combo - Display Type** wizard is displayed. -7. On the **Details** page, click **Browse** to select the file to load. Then click **Next**. -8. On the **Schema** page, make changes to the relationships, if required, and click **OK**. - See the [Linked Combo Type - Schema](/docs/directorymanager/11.1/admincenter/portal/linkedcombo/schema.md) topic for details. -9. Click **Save** on the **Custom Display Types** page. - -**See Also** - -- [Display Type Categories](/docs/directorymanager/11.1/admincenter/portal/displaytype/categories.md) -- [Define Custom Display Types](/docs/directorymanager/11.1/admincenter/portal/displaytype/custom.md) diff --git a/docs/directorymanager/11.1/admincenter/portal/overview.md b/docs/directorymanager/11.1/admincenter/portal/overview.md deleted file mode 100644 index 7fc0b9c6e8..0000000000 --- a/docs/directorymanager/11.1/admincenter/portal/overview.md +++ /dev/null @@ -1,70 +0,0 @@ -# Directory Manager Portal - -A Directory Manager portal represents a virtual link with the directory. Using it, users can do the -following in an identity store: - -- Search the directory. -- Perform group management tasks, such as create and update their groups; join and leave groups; - attest, expire and renew groups, and more. -- Carry out user management tasks, such as create, update, and delete users in the directory. Users - can maintain and update their profiles, change their passwords, manage their accounts, manage - their direct reports, and more. -- Synchronize data between a source and a destination, such as directories, files, and databases. -- Manage user and group entitlements to shared resources on file servers and SharePoint sites. -- Approve and deny workflow requests. -- Generate hundreds of insightful reports on Active Directory, Microsoft Entra ID, Exchange, and - Office 365 objects (groups, users, mailboxes, contacts, computers, and servers). -- View history data for directory objects that are created, updated, or deleted in the directory - using Directory Manager. - -Delegating group and user management tasks to end-users reduces the workload on IT administrators -and helpdesk, as users are empowered to manage their groups and direct reports without assistance -from an administrator. Moreover, when users maintain and update their profile information, data is -more accurate and reliable. - -Administrators can maintain complete control over data integrity, as they can implement fine-grained -controls and policies that determine what users can view and change using the Directory Manager -portal. They can also define workflows for an identity store, that serve as a built-in auditing -system to ensure that users enter correct data before changes are committed to the directory. - -A Directory Manager portal can be linked with multiple identity stores, thus eliminating the need to -create a separate portal for each identity store. Users can select an identity store while signing -in. - -## Self-Service Password Reset Portal (SSPR) - -A Self-Service Password Reset portal is a type of Directory Manager portal that only facilitates -password-related functions. This portal enables users to manage their directory account passwords, -i.e., the password for the account they use to access their workstations and other Microsoft -services. Users can change and reset their passwords, as well as unlock their accounts. They can -also enroll their accounts in Directory Manager and link accounts in different identity stores. - -NOTE: Directory Manager does not support the upgrade of a Password Center portal (from a previous -version) to an SSPR portal. You have to create the SSPR portal as a new portal. - -## Linked Identity Stores and the Portal - -The administrator can link two or more identity stores in Directory Manager. As a prerequisite for -linking, the identity stores must be built on Active Directory or Microsoft Entra ID domains. The -purpose is to link identical objects in different domains. - -To learn about linked identity stores and how they work in a Directory Manager portal, see the -[Linked Identity Stores and the Directory Manager Portal](/docs/directorymanager/11.1/admincenter/identitystore/link/overview.md#linked-identity-stores-and-the-directory-manager-portal) -topic. - -## Notifications in the Portal - -A Directory Manager portal can send email notifications to designated recipients when a user makes a -change to objects in an identity store. To specify notification recipients, see the -[Specify Notification Recipients](/docs/directorymanager/11.1/admincenter/identitystore/configure/smtpserver.md#specify-notification-recipients) -topic. - -By default, notifications are sent to users in the English language. However, a user can opt to -receive notifications in a supported language by personalizing the language settings from the -**Settings** panel in the portal. - -**See Also** - -- [Directory Manage Applications](/docs/directorymanager/11.1/admincenter/portal/applications.md) -- [Create a Portal](/docs/directorymanager/11.1/admincenter/portal/create.md) -- [Delete a Portal](/docs/directorymanager/11.1/admincenter/portal/delete.md) diff --git a/docs/directorymanager/11.1/admincenter/portal/server/advanced.md b/docs/directorymanager/11.1/admincenter/portal/server/advanced.md deleted file mode 100644 index 5dbb07c8fb..0000000000 --- a/docs/directorymanager/11.1/admincenter/portal/server/advanced.md +++ /dev/null @@ -1,72 +0,0 @@ -# Manage Advanced Settings - -Advanced settings allow you to customize the functionality and appearance of a portal. For example, -you can set the default landing page, change the portal logo, show or hide the help link, display -enrollment reminders, and more. - -NOTE: Advanced settings are available for a standard Directory Manager portal, and not for a -Self-Service Password Reset portal. - -Default values for all advanced settings are specified for a portal. You can update any setting as -required. You can also import these advanced settings for a portal from a previous Directory Manager -version. See step 14 in the -[Create a Portal in Native IIS](/docs/directorymanager/11.1/admincenter/portal/create.md#create-a-portal-in-native-iis) topic. - -You can manage the following advanced settings for a portal: - -- Portal & Search -- Listings Display -- Miscellaneous - -## Portal & Search - -| Setting | Description | -| --------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Portal Logo | Use the default Directory Manager portal logo or a logo of your choice for display in the portal. - Click **Change** to select and upload a logo of your choice. - Click **Reset** to revert to the default logo. | -| Default Startup Page | Specify a landing page for the portal. By default, the _Welcome_ page is set as the start page. You can change it to one that your users frequently visit. You can change the start page to any of these pages: - Welcome - My Groups - My Memberships - My Expired Groups - My Expiring Groups - My Deleted Groups - My Smart Groups - My Dynasties - Search - My Profile - My Direct Reports - Change My Password - Reset Password - Request Inbox - My Requests - Link Account - Entitlement - History - Reports - Synchronize NOTE: Individual users can personalize this setting from the Settings panel in the portal. | -| Search Default | Set the default selection in the portal’s _Search Directory_ box, which is available on the _Groups_, _Users_, and _Advanced Search_ pages as well as on the _Find_ dialog box. Options are: - **Global Catalog:** Selecting this option shows “_Entire Directory_” selected in the _Search Directory_ box. Also, expanding the list displays the Entire Directory check box selected instead of the logged-on domain. Select this option when most of the searches that portal users perform are based on the global catalog. - **Domain:** The _Search Directory_ box shows the domain of the identity store the portal is connected to. Users can expand the list to select any other option. NOTE: Individual users can personalize this setting from the Settings panel in the portal. | -| Sort Search | Set the field name (column header) for sorting listings and search results in the portal, such as listings on the All Groups, My Groups, and Users pages, and searches performed using Advanced Search and the Find dialog box. In the **Sort Search** field, specify an attribute to use for sorting listings and search results. By default, the displayName attribute is specified, indicating that listings and search results are sorted by this attribute in ascending order. If you specify an attribute that is not used as a column header in a listing or search results, Directory Manager sorts it on the basis of the default attribute, i.e., _displayName_. | -| Find Dialog / Look For | Select any or all the **Users**, **Groups**, and **Contacts** check boxes to specify the type of objects that can be searched using the portal’s _Find_ dialog box. You can launch the _Find_ dialog box from multiple portal pages to search for objects to designate as owners, managers, additional owners, members, and more. By default, the _Find_ dialog box searches for all types of objects, including users, contacts, and groups. Use this setting to limit the _Find_ feature to specific object types. For example, select the **Users** check box to limit users to search for the _User_ objects only. | -| Request Inbox Page Size | Specify a value in the 5 to 1000 range to set the number of workflow request items to display on the portal’s **All Requests**, **My Requests** and **Request Inbox** pages. Setting zero or a negative number displays all workflow requests. By default, these pages display 20 request items at a time. When setting the page size, consider the volume of request traffic generated by your users. Showing all or many workflow requests increases page load time and response time. | -| Toolbar Default Most Recent Used Object Count | Specify a value in the 1 to 9 range to set the number of most recently used objects to display in the portal’s _quick search_ box. The _quick search_ box is displayed at the top of each page in the portal. Clicking in it displays objects that the logged-on user recently viewed. Clicking an object opens its properties. NOTE: Individual users can personalize this setting from the Settings panel in the portal. | -| Default Search Page Size | Specify a value in the 5 to 1000 range to set the maximum number of list objects to display on a portal page. Many portal pages display lists of objects. Examples are the **My Groups** and **Users** pages. By default, all list views display 25 objects per page. When setting the page size, consider available network bandwidth and server resources, as the greater the number, the higher the potential for increased page load time and slow response time. NOTE: Individual users can personalize this setting from the **Settings** panel in the portal. | -| Autocomplete Quick Search | Specify whether to turn on search predictions for the portal’s _quick search_. The _quick search_ box is displayed at the top of every page in the portal. Search predictions are possible search terms related to the term the user is typing as search string. - Enable the toggle button to turn on search predictions for quick search in the portal. The portal will show matched items as users type a search string. - Disable the toggle button to turn off search predictions. | - -## Listings Display - -| Setting | Description | -| ----------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Display Nested Ownership | Controls whether to display nested ownership on the portal’s **My Groups** page. It applies to all listings on the page except **My Memberships**. - When the toggle button is disabled, the **My Groups** page displays groups for which the logged-in user is the primary owner, additional owner, or Exchange additional owner. - When enabled, the **My Groups** page also displays groups with nested ownership. Example: the logged-in user is a member of Group A, and Group A is an owner of Group B. When this setting is enabled, the **My Groups** page also shows Group B as the logged-in user is its nested owner. | -| Display Groups in My Groups | Controls whether to display the groups for which the logged-on user is an additional owner, on the portal’s **My Groups** tab. By default, the tab displays the groups that the logged-on user is the primary owner. Enable this setting to include groups for which the logged-on user is an additional owner. | -| Display Groups in My Deleted Groups | Controls whether to display the deleted groups for which the logged-on user is an additional owner, on the portal’s **My Deleted Groups** tab. By default, the tab displays the groups that the logged-on user is the primary owner. Enable this setting to include deleted groups for which the logged-on user is an additional owner. | -| Display Groups in My Expired Groups | Controls whether to display the expired groups for which the logged-on user is an additional owner, on the portal’s **My Expired Groups** tab. By default, the tab displays the groups that the logged-on user is the primary owner. Enable this setting to include expired groups for which the logged-on user is an additional owner. | -| Display Groups in My Expiring Groups | Controls whether to display the expiring groups for which the logged-on user is an additional owner, on the portal’s **My Expiring Groups** tab. By default, the tab displays the groups that the logged-on user is the primary owner. Enable this setting to include expiring groups for which the logged-on user is an additional owner. | -| Display Groups in My Smart Groups | Controls whether to display the Smart Groups for which the logged-on user is an additional owner, on the portal’s **My Smart Groups** tab. By default, the tab displays the groups that the logged-on user is the primary owner. Enable this setting to include Smart Groups for which the logged-on user is an additional owner. | -| Display Groups in My Dynasties | Controls whether to display the Dynasties for which the logged-on user is an additional owner, on the portal’s **My Dynasties** tab. By default, the tab displays the Dynasties that the logged-on user is the primary owner. Enable this setting to include Dynasties for which the logged-on user is an additional owner. Note that this setting applies individually to parent, middle, and leaf Dynasties. | -| Display Additional Manager Direct Reports | Controls whether to display the direct reports for whom the logged-on user is an additional manager, on the portal’s **My Direct Reports** tab. By default, the tab displays the direct reports that the logged-on user is the primary manager. Enable this setting to include direct reports for whom the logged-on user is an additional manager. | - -NOTE: Individual users can personalize all except the _Display Nested Ownership_ setting from the -**Settings** panel in the portal. - -## Miscellaneous - -| Setting | Description | -| --------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Use Contains Filter | Controls the filter that the search function on the portal’s _Advanced Search_ page and the _Find_ dialog box should use while searching objects. - By default, the setting is disabled, implying that when a user enters a search string, the portal searches the directory on the “starts with” basis. For example, if a user enters “Sam” in the _First Name_ box on the Advanced Search page, the portal searches the directory for all objects having first names starting with “Sam". - When you enable the setting, it changes the filter to "Contains”, which returns objects with the string "Sam" anywhere in the first name. | -| Hide Help Link | Controls whether to display the Help icon in the portal. This icon opens the portal help in a new browser window, where portal users can find support content or report their problems. - Enable the setting to display the **Help** icon in the portal. - Disable the setting to hide the **Help** icon. In this case, users will not be able to access the portal’s help pages. | -| Enrollment Reminder | Controls whether to display a reminder with redirect to the **Enroll My Account** page to unenrolled users when they sign into the portal. Enabling the setting initiates these events: 1. On signing in, the landing page displays an information bar requesting the user to enroll his or her account. (The user can ignore the request.) 2. Clicking the bar redirects the user to the **Enroll My Account** page. Disabling the setting does not display the information bar for account enrollment. | -| Suggest Owner/Manager | Set the portal to suggest owners for orphan groups and managers for users without managers. Enable the setting to allow Directory Manager to suggest a primary owner for an orphan group (on the **Owner** tab in group properties) and a primary manager for a user without one (on the **Organization** tab in user properties). - The manager is suggested with respect to the user’s department (say, User A); if the department is not specified, manager suggestion does not work. Directory Manager checks the primary managers of all users who have the same department as User A, and the user who shows up most as a manager is suggested as User A’s primary manager. - The owner is suggested with respect to the group’s membership; Directory Manager checks the managers of group members and the user who shows up most as a manager is suggested as the group owner. This user may or may not be a member of the group. For example, when 40 members of Group A have User A as their manager and 38 members have User B as manager, User A is suggested as Group A’s primary owner. Disable the setting to turn off the owner/manager suggestion function. | - -## Update a Setting - -1. In Admin Center, select **Applications** in the left pane. - On the **GroupID Portal**tab, a portal card displays its info. -2. Click the ellipsis button for a portal and select **Settings**. -3. Click **Advanced Settings** under **Server Settings**. -4. On the **Advanced Settings** page, navigate to the required setting and update it. - - - To change general portal settings, see the Portal & Search table. - - To change display settings for groups, see the Listings Display table. - - To manage other settings, see the Miscellaneous table. - -5. Click **Save**. diff --git a/docs/directorymanager/11.1/admincenter/portal/server/general.md b/docs/directorymanager/11.1/admincenter/portal/server/general.md deleted file mode 100644 index a0c622d4c9..0000000000 --- a/docs/directorymanager/11.1/admincenter/portal/server/general.md +++ /dev/null @@ -1,88 +0,0 @@ -# Manage General Server Settings - -You can manage general server settings for a portal, such as change its display name, associate -identity stores with it, and view its various deployments. - -## Change a Portal's Display Name - -A portal is assigned an _application name_ during creation, which is used as it's display name in -Directory Manager. On changing it, the portal is displayed with the new name. - -**To change a portal's display name:** - -1. In Admin Center, select **Applications** in the left pane. - On the **GroupID Portal** tab, a portal card displays its info, including its name. You can - differentiate between a standard Directory Manager portal and a SSPR portal from the portal logo, - as each portal type has its own logo. -2. Click the ellipsis button for a portal and select **Settings**. -3. On the **General Settings** page, enter a new name for the portal in the **Application Name** - box. -4. Click **Save**. - -## Associate Identity Stores with a Portal - -You must associate one or more identity stores with a portal. When signing into the portal, a user -must select an identity store to connect to, for performing group and identity management operations -for that identity store. Similarly, when signing into the Self-Service Password Reset portal (SSPR), -a user must select an identity store to connect to, for performing password management functions. - -**To associate an identity store:** - -1. In Admin Center, select **Applications** in the left pane. - On the **GroupID Portal** tab, a portal card displays its info, including the identity stores - associated with it. You can differentiate between a standard Directory Manager portal and a SSPR - portal from the portal logo, as each portal type has its own logo. -2. Click the ellipsis button for a portal and select **Settings**. -3. The **Identity Stores** area on the **General Settings** page lists the identity stores in - Directory Manager. It displays the provider type the identity store is created for, and whether - the identity store is enabled. - - - Select the check box for an identity store to associate it with the portal. - - Clear the check box for an identity store to dissociate it. - - All instances of this portal serve the identity store(s) you select here. - -4. Click **Save.** - -NOTE: You may observe the following message on the **Server Settings – General** page: - -![linked_message](/img/product_docs/directorymanager/11.1/admincenter/portal/linked_message.webp) - -It relates to the scenario when identity stores in Directory Manager have been linked, as discussed -in the -[Linked Identity Stores and the Directory Manager Portal](/docs/directorymanager/11.1/admincenter/identitystore/link/overview.md#linked-identity-stores-and-the-directory-manager-portal) -topic. Hence, when two identity stores, IdentityStoreA and IdentityStoreB, are linked and you -associate IdentityStoreA with the portal, this message is displayed. It alerts you to associate the -second identity store in the linked pair (dentityStoreB) with the portal too, in order to benefit -from the linking. - -## View the Deployment(s) for a Portal - -A portal can have multiple deployments in the same or different web servers. You can update certain -settings for each deployment instance of a portal. - -**To view a portal’s deployment instances:** - -1. In Admin Center, select **Applications** in the left pane. - On the **GroupID Portal** tab, a portal card displays its info, including all its deployment - instances. You can differentiate between a standard Directory Manager portal and a SSPR portal - from the portal logo, as each portal type has its own logo. -2. Click the ellipsis button for a portal and select **Settings**. -3. Click **Deployments** under **Server Settings**. -4. The **Deployment Settings** page has varying tabs, depending on the deployment instances of the - portal. - - - The **IIS** tab is available when one or more portal instances are deployed in native IIS. - Select an instance to view the name of the instance directory in IIS, the IIS site that hosts - the instance, the URL for the instance, the Data service and Security service associated with - the instance, and logging levels. See the - [Manage Settings for a Native IIS Deployment](/docs/directorymanager/11.1/admincenter/portal/server/nativeiis.md) topic for details. - - The **Remote IIS** tab is available when one or more portal instances are deployed in remote - IIS. Select an instance to view the Microsoft IIS Administration API URL and access token that - Directory Manager uses to communicate with the remote IIS server, the credentials used to - communicate with the API, the site that hosts the instance, the Data service and Security - service associated with the instance, and logging levels. See the - [Manage Settings for a Remote IIS Deployment](/docs/directorymanager/11.1/admincenter/portal/server/remoteiis.md) topic for details. - - The **Docker** tab is available when one or more portal instances are deployed in Docker. - Select an instance to view the port and Service URL used for deployment. See the - [Manage Settings for a Docker Deployment](/docs/directorymanager/11.1/admincenter/portal/server/docker.md) topic for details. diff --git a/docs/directorymanager/11.1/admincenter/portal/server/overview.md b/docs/directorymanager/11.1/admincenter/portal/server/overview.md deleted file mode 100644 index dc10699553..0000000000 --- a/docs/directorymanager/11.1/admincenter/portal/server/overview.md +++ /dev/null @@ -1,34 +0,0 @@ -# Server Settings - -A Directory Manager portal is deployed as a web application on a web server (native IIS, remote IIS, -or Docker). You can manage the following server-related settings for a portal: - -- Change a portal’s name (i.e., the application name given to the portal). -- Associate identity stores with a portal. -- Update support information for the portal, i.e., the contact email address and the portal’s help - URL. -- Specify search-related, group-related, and other advanced settings for a portal. - - NOTE: Advanced settings are available for a standard Directory Manager portal, but not for a - Self-Service Password Reset portal. - -You can also view the deployment details for all instances of a portal and do the following: - -- Start or stop an instance. -- Configure Windows logging and file logging for an instance. -- Delete an instance. -- Move a portal instance under a different site in IIS. - -NOTE: On changing some of these settings, the portal’s session ends and all connected users are -logged out. When accessed again, the portal runs under the new configurations. - -**See Also** - -- [Create a Portal](/docs/directorymanager/11.1/admincenter/portal/create.md) -- [Manage General Server Settings](/docs/directorymanager/11.1/admincenter/portal/server/general.md) -- [Manage Settings for a Native IIS Deployment](/docs/directorymanager/11.1/admincenter/portal/server/nativeiis.md) -- [Manage Settings for a Remote IIS Deployment](/docs/directorymanager/11.1/admincenter/portal/server/remoteiis.md) -- [Manage Settings for a Docker Deployment](/docs/directorymanager/11.1/admincenter/portal/server/docker.md) -- [Manage Log Settings](/docs/directorymanager/11.1/admincenter/portal/server/log.md) -- [Add Support for a Portal](/docs/directorymanager/11.1/admincenter/portal/server/support.md) -- [Manage Advanced Settings](/docs/directorymanager/11.1/admincenter/portal/server/advanced.md) diff --git a/docs/directorymanager/11.1/admincenter/replication/overview.md b/docs/directorymanager/11.1/admincenter/replication/overview.md deleted file mode 100644 index 268e29a87b..0000000000 --- a/docs/directorymanager/11.1/admincenter/replication/overview.md +++ /dev/null @@ -1,67 +0,0 @@ -# Elasticsearch and Replication - -Searches performed in Directory Manager are catered through Elasticsearch. - -Elasticsearch relies on two services: - -- **Elasticsearch Service** is responsible for searching the Elasticsearch repository and displaying - search results when a search is performed through Directory Manager. If this service stops, - Elasticsearch will not work. -- **Replication Service** is responsible for replicating attributes of the following objects from - the provider (such as Active Directory) to Elasticsearch. - - - Group - - User - - Contact - - Computers - - Organizational Unit - -The [Replication Service](/docs/directorymanager/11.1/admincenter/service/replicationservice.md) only replicates changes that are made to -these objects on the directory server. Changes made to these objects using Admin Center, Directory -Manager portal, or Management Shell, are directly saved in the Elasticsearch repository and -replicated to the Directory Manager database by the Data service. See the -[Data Service](/docs/directorymanager/11.1/admincenter/service/dataservice/overview.md) topic. - -Synchronize directly updates objects in the directory. As soon as objects are provisioned, -de-provisioned, or updated in the directory using Synchronize, the Replication service replicates -them to Elasticsearch. - -Synchronize history is saved to Elasticsearch when Active Directory, Microsoft Entra ID, Generic -LDAP, or Google Workspace is the destination provider in the respective Synchronize job. This -history is replicated to the Directory Manager database by the Data s ervice. - -NOTE: The **Recycle Bin** in the Directory Manager portal fetches data from the directory server and -not from Elasticsearch. - -## Replication Settings - -In Admin Center, you can specify settings for the Replication service at the global and local -levels. Global settings apply to all identity stores in Directory Manager while local settings are -specific to an identity store. - -- At the global level, you can schedule the service to run every x minutes to replicate object - attributes to Elasticsearch. You can also manually restore object data to Elasticsearch. See the - [Manage Global Replication Settings](/docs/directorymanager/11.1/admincenter/replication/settings.md) topic. -- For an identity store, you can specify the object attributes the service should replicate to - Elasticsearch. See the [Manage Local Replication Settings](/docs/directorymanager/11.1/admincenter/identitystore/replication.md) topic. - -NOTE: The Replication service does not replicate excluded domains for an identity store. See the -[Exclude an Active Directory Domain from Replication](/docs/directorymanager/11.1/admincenter/identitystore/manage.md#exclude-an-active-directory-domain-from-replication) -topic. - -## Replication Service Logs - -Logs for the Replication service are stored in the folder for the service on the Directory Manager -server. - -To view the logs: - -1. Launch IIS on the Directory Manager server and navigate to: - …\Sites\GroupIDSite11\GroupIDReplicationService -2. Right-click this folder and select **Explore**. -3. Locate the **Logs** folder to read the logs. - -Events are logged in a text file. When the file size reaches 100 MB, Directory Manager archives it -in the same directory by replacing the file extension with the suffix .Log.X and then creating a new -text file with the original name. X in .Log.X is a number from 1 to 10 representing the archiving -order; where ‘1’ denotes the most recent file. diff --git a/docs/directorymanager/11.1/admincenter/replication/settings.md b/docs/directorymanager/11.1/admincenter/replication/settings.md deleted file mode 100644 index 8d8823c173..0000000000 --- a/docs/directorymanager/11.1/admincenter/replication/settings.md +++ /dev/null @@ -1,300 +0,0 @@ -# Manage Global Replication Settings - -The Replication service is responsible for replicating attributes of the group, user, contact, -computer, and organizational unit objects from a provider (such as Active Directory) to -Elasticsearch. - -You can configure certain settings for the Replication service in Admin Center. You can schedule it -to run every x minutes, force run it at any time, set a threshold for triggering replication error -notifications, and view the Elasticsearch health status. - -On every successful run of the Replication service, Directory Manager generates the replication -status of object types for each domain in an identity store and alerts you to any errors that may -have occurred during the replication process. - -NOTE: The Replication service does not replicate excluded domains for an identity store. See the -[Exclude an Active Directory Domain from Replication](/docs/directorymanager/11.1/admincenter/identitystore/manage.md#exclude-an-active-directory-domain-from-replication) -topic. - -### How to Resolve Replication Errors - -Possible actions to eliminate replication errors are: - -- Make sure the Replication service and Elasticsearch service are running. -- Make sure Search Guard or any other security plugin you use for Elasticsearch is operational. -- Consult the Replication service logs. They provide elaborate information about the object type in - the specific domain of the identity store the error occurred for, and whether that error comes - from the identity provider or Elasticsearch. See the - [Replication Service Logs](overview.md#replication-service-logs) topic. - -What do you want to do? - -- Monitor Elasticsearch Health Status -- Specify a Replication Interval for Objects -- Force Run the Replication Service (for Object Replication) -- View the Replication Status for Objects -- Specify Interval for Deleting Tombstone Objects -- Force Run the Replication Service (for Deleting Objects) -- Restore Object Data to Elasticsearch -- Clear Unused Indices -- Change the Search Guard Password -- Set a Threshold to Trigger Replication Error Notifications - -## Monitor Elasticsearch Health Status - -Directory Manager enables you to monitor the Elasticsearch service for the following: - -- The status of the Elasticsearch service. See the - [Elasticsearch Service](/docs/directorymanager/11.1/admincenter/general/dashboard.md#elasticsearch-service) card on the Admin Center - dashboard. -- Elasticsearch cluster health stats, which include: - - - Cluster name, health status, node info and shards info - - Cluster indices information, like health, number of documents, and status - -Directory Manager checks if the Elasticsearch service is running, if all nodes are working, and if -the cluster is intact. It also checks the health of each index. - -**To view Elasticsearch health status:** - -1. In Admin Center, click **Replication** in the left pane. -2. On the **Replication** page, click **Elasticsearch Health Monitor**. - - ![es_health_monitor](/img/product_docs/directorymanager/11.1/admincenter/replication/es_health_monitor.webp) - - This dialog box lists the Elasticsearch clusters in your environment, with the following - information for each cluster: - - - **Health:** the cluster health status denoted by the following colors: - - - Green – the service is running and the cluster is intact. Moreover, two or more nodes - exist within the cluster. - - Yellow – the cluster is running but with warnings. It also indicates that a single node - exists within the cluster. Elasticsearch recommends a three-node topology for improved - performance and high availability. - - Red – the service has stopped or the cluster is broken (for reasons such as network - connectivity. - - - **Nodes:** the number of nodes in the cluster. - - **Master:** the name of the master node in the cluster. - -3. To refresh the information displayed, click the **Refresh** icon. -4. Click a cluster name to view it in detail. - - ![cluster_info](/img/product_docs/directorymanager/11.1/admincenter/replication/cluster_info.webp) - - This dialog box displays the total number of nodes in the cluster. Each node is represented by a - card, that displays the following for the node: - - - The name of the node - - The system resources the node uses, such as hard disk space, RAM, and heap size - - Node health with respect to disk space usage, denoted by the following colors: - - - Green – when hard disk space usage is 79.99% or less - - Yellow – when hard disk space usage is 80-89.99% - - Red – when hard disk space usage is 90% or more - -5. The indices in the cluster are listed in the gird. - - - The **Name** column displays the names of the indices. - - The **Health** column displays the health of the index, which is denoted by the following - colors: - - - Green – the index is replicated to all nodes within the cluster. - - Yellow – the index is replicated to some but not all nodes within the cluster. - - Red – the index is not replicated to any node within the cluster. - - - The **Document** column shows the number of documents in the index. - -6. Click the back arrow to return to the **Elasticsearch Health Monitor** dialog box. - -## Specify a Replication Interval for Objects - -The Replication service interval applies to all identity stores defined in Admin Center. Object -attributes to be replicated are specified in the respective identity store settings. See the -[Manage Local Replication Settings](/docs/directorymanager/11.1/admincenter/identitystore/replication.md) topic. - -**To set global replication interval:** - -1. In Admin Center, click **Replication** in the left pane. -2. On the **Replication** page, the **Replication Service Interval** card displays: - - - the date and time the Replication service last ran - - the date and time the service will run next - - the interval (in minutes) between each run of the service - -3. By default, the interval is set to 10 minutes, which indicates that the service is triggered - every 10 minutes. In this way, changes made to objects in the directory during the last 10 - minutes are replicated to Elasticsearch. In Active Directory, the _whenChanged_ attribute stores - the time and date the object was last changed. This service checks the value of this attribute - and replicates any changes to Elasticsearch. - To change the interval, click **Edit** next to **Service Interval** on the on the **Replication - Service Interval** card. Specify the interval (in minutes) between each run of the service and - click the check mark. - -## Force Run the Replication Service (for Object Replication) - -1. In Admin Center, click **Replication** in the left pane. -2. On the **Replication** page, click **Force Replication Now** on the **Replication Service - Interval** card to run the Replications service instantly. - Changes made to objects in the directory between the last and current run are replicated to - Elasticsearch. Force-starting the service has no impact on the interval set in the **Service - Interval** box for triggering the service. - -## View the Replication Status for Objects - -After every run of the Replication service, you can view the replication status of each object type -for each domain in an identity store. You can view which object types were successfully replicated -and which ones failed to replicate. - -**To view the replication status:** - -1. In Admin Center, click **Replication** in the left pane. -2. On the **Replication** page, click **Advanced Replication Status**. The **Advanced Replication - Status** dialog box displays the status of object types for each domain in an identity store. - - 1. The domains or object types that failed to replicate in the last run of the Replication - service are displayed in red. Reasons could be inaccessibility or partial failure. - Replication errors are brought to the administrator’s notice in the following ways: - - - On the **Identity Stores** page, the card for the identity store turns red and _Errors_ is - displayed as the identity store status. - - A notification is sent to relevant personnel. See the Set a Threshold to Trigger - Replication Error Notifications topic. - - These alerts are triggered when replication fails in the last run of the Replication - service, or if the service does not run at the required triggering interval. To resolve - replication errors, see the How to Resolve Replication Errors topic. - - 2. The ‘Never replicated’ status indicates that the particular object type is not replicated - yet. Similarly, a child domain that is not being used will have its status marked in red. To - avoid these recurring errors, set the dates for these objects to a distant future date in the - Directory Manager database. Or you can exclude a domain from replication. See the - [Exclude an Active Directory Domain from Replication](/docs/directorymanager/11.1/admincenter/identitystore/manage.md#exclude-an-active-directory-domain-from-replication) - topic. - -## Specify Interval for Deleting Tombstone Objects - -Objects that are deleted from the directory must also be removed from Elasticsearch. For this -purpose, you can specify a triggering interval for the Replication service to remove tombstone -objects from the Elasticsearch repository. By default, the interval is set to 60 minutes, indicating -that the service is triggered every 60 minutes. As a result, objects deleted in the directory during -the last 60 minutes are removed from Elasticsearch. - -To identify objects that have been deleted in the directory but exist in Elasticsearch, the -Replication service compares the objects in both, and deletes objects that do not exist in the -directory anymore. - -**To specify an interval:** - -1. In Admin Center, click **Replication** in the left pane. -2. On the **Replication** page, the **Deleted Objects Replication Interval** card displays: - - - the date and time the Replication service last ran to remove tombstone objects from - Elasticsearch - - the date and time the service will run again - - the interval (in minutes) between each run of the service - -3. By default, the interval is set to 60 minutes, which indicates that the service is triggered - every 60 minutes. In this way, objects that are deleted in the directory during the last 60 - minutes are removed from Elasticsearch. - To change the interval, click **Edit** next to **Service Interval** on the **Deleted Objects - Replication Interval** card. Specify the interval (in minutes) between each run of the service - and click the check mark. This Replication service interval applies to all identity stores in - Directory Manager. - -## Force Run the Replication Service (for Deleting Objects) - -1. In Admin Center, click **Replication** in the left pane. -2. On the **Replication** page, click **Force Replication Now** on the **Deleted Objects Replication - Interval** card to run the Replication service instantly. - Objects deleted in the directory between the last and current run of the service, will be removed - from Elasticsearch. Force-starting the service has no impact on the interval set in the **Service - Interval** box for triggering the service. - -## Restore Object Data to Elasticsearch - -You may need to restore object data to Elasticsearch. The restore object data function restores the -following for all identity stores in Directory Manager: - -- the current attribute values of objects (groups, users, contacts, computers, and OUs) from the - provider (for example, Active Directory) -- the Directory Manager pseudo attributes of these objects from the Directory Manager database to - Elasticsearch - -**To restore object data:** - -1. In Admin Center, click **Replication** in the left pane. -2. On the **Replication** page, click **Restore Now** in the **Restore Objects Data** area to - restore data to Elasticsearch. - -## Clear Unused Indices - -Directory Manager stores object attributes and their values in Elasticsearch, where each object type -in an identity store is distinctly indexed. In a situation where an identity store is deleted from -Directory Manager, its indices are not required anymore. So, you can clear them from Elasticsearch -to avoid glut. - -**To clear unused indices:** - -1. In Admin Center, click **Replication** in the left pane. -2. On the **Replication** page, click **Clear Now** in the **Clear Unused Indices** area. The system - checks if there exist any indices in Elasticsearch for an identity store that no longer exists in - Directory Manager. -3. The **Delete Unused Indices** dialog box displays the indices that will be deleted from - Elasticsearch. Click **Delete** to proceed or click **Don't Delete** to close the dialog box - without clearing the indices. - In case no unused indices are found, a notification pops up in the bottom right corner to inform - that no unused indices were found. - -## Change the Search Guard Password - -Search Guard is a security plugin used to induce an authentication mechanism in Elasticsearch. The -option to change the Search Guard password is available when you install and manage Elasticsearch -with Directory Manager. Users who use their own instance of Elasticsearch cannot change the Search -Guard password using Directory Manager. - -You can change the password of the admin account that Directory Manager uses to access -Elasticsearch. - -**To change the password:** - -1. In Admin Center, click **Replication** in the left pane. -2. On the **Replication** page, click **Change Password** in the **Search Guard Settings** area. -3. On the **Change Password** dialog box, provide the current password for the Search Guard admin - account in the **Your current password** box. -4. Specify a new password in the **New Password** and **Confirm Password** boxes. -5. Click **Change Password**. - -## Set a Threshold to Trigger Replication Error Notifications - -The Replication service runs every x minutes to replicate objects in an identity store. In case it -fails to replicate during a run, a replication error is displayed, as discussed in the View the -Replication Status for Objects topic. - -Directory Manager generates notifications to alert administrators to replication errors. By default, -the triggering threshold is set to ‘3 attempts’, which means that notifications will be sent when -errors occur in three consecutive runs of the Replication service. You can change the threshold -value as required. - -Replication error notifications are sent to recipients whose email addresses are specified in the -_To_ and _CC_ boxes on the **Notifications** page. See the -[Specify Notification Recipients](/docs/directorymanager/11.1/admincenter/identitystore/configure/smtpserver.md#specify-notification-recipients) -topic. - -**To set a triggering threshold:** - -1. In Admin Center, click **Replication** in the left pane. -2. On the **Replication** page, the **Replication Error Notification** area displays ‘3 Attempts’ as - the default threshold for initiating notifications. This means that notifications will be sent - when three consecutive runs of the replication service result in error. Notifications will not be - sent when errors occur say, in two consecutive runs but no error shows in the third consecutive - run. - To change the threshold value, click **Edit**. Specify a threshold value to trigger replication - error notifications and click the check mark. - -**See Also** - -- [Elasticsearch and Replication ](/docs/directorymanager/11.1/admincenter/replication/overview.md) -- [Manage Local Replication Settings](/docs/directorymanager/11.1/admincenter/identitystore/replication.md) -- [Replication Service](/docs/directorymanager/11.1/admincenter/service/replicationservice.md) diff --git a/docs/directorymanager/11.1/admincenter/schedule/entitlement.md b/docs/directorymanager/11.1/admincenter/schedule/entitlement.md deleted file mode 100644 index e791338c05..0000000000 --- a/docs/directorymanager/11.1/admincenter/schedule/entitlement.md +++ /dev/null @@ -1,98 +0,0 @@ -# GroupID Entitlement Schedule - -An Entitlement schedule is automatically created for an identity store when: - -- A server is added for permission analysis on the Entitlement page in an Active Directory identity - store. See the [Manage File Servers](/docs/directorymanager/11.1/admincenter/entitlement/ad/manage.md) for additional information on - adding a server. - - Or - -- A SharePoint site is added for permission analysis on the Entitlement page in a Microsoft Entra ID - identity store. See the [Manage SharePoint Sites](/docs/directorymanager/11.1/admincenter/entitlement/entraid/manage.md) topic for - additional information on adding a SharePoint site. - -By default, the schedule runs weekly to compute permissions on shared files and folders residing on -the specified servers (for Active Directory), and the document libraries present in the specified -sites (for SharePoint). It then replicates these permissions to Elasticsearch, enabling users to -view, manage and update these permissions in the Directory Manager portal. - -On the very first run of the Entitlement schedule, it computes all permissions from scratch and -performs a complete replication. On each next run, it will create a parallel index for that specific -server/SharePoint site index with the suffix \_replication which computes all permissions from -scratch. In the meantime, user can perform actions on Directory Manager Entitlement. The actions -performed during this parallel replication are committed directly at the provider and stored in the -database. These changes are then immediately committed to elastic after the replication is complete. - -The scope schedule changes are replicated after the new index is done replicating permissions from -the server/SharePoint. When this parallel index gets completely replicated, it becomes the new -primary index for this server/SharePoint site and the \_replication index is deleted from indices. - -The GroupID Entitlement schedule runs in the context of the following accounts: - -- For file servers, the schedule runs in the context of the service account defined for the identity - store. In case you specify a different account for a file server, the schedule runs in the context - of the changed account. See the - [Connect to a File Server Using a Different Account](/docs/directorymanager/11.1/admincenter/entitlement/ad/manage.md#connect-to-a-file-server-using-a-different-account) - topic. -- For a SharePoint site, the schedule runs in the context of the account you specified to connect to - the SharePoint admin site. In case you specify a different account for a site, the schedule runs - in the context of the changed account. See the - [Connect to a Site Using a Different Account](/docs/directorymanager/11.1/admincenter/entitlement/entraid/manage.md#connect-to-a-site-using-a-different-account) - topic. - -You cannot create or delete a GroupID Entitlement schedule; only edit the existing schedule. - -## Update the Schedule - -Follow the steps to update the GroupID Entitlement schedule. - -Step 1 – In Admin Center, click **Identity Stores** in the left pane. - -Step 2 – On the Identity Stores page, click the ellipsis button for an identity store and select -**Edit**. - -Step 3 – Click **Schedules** under Settings in the left pane. - -Step 4 – On the Schedules page, click the plus sign next to **GroupID Entitlement**. Then click the -ellipsis button for the schedule and select **Edit**. - -Step 5 – On the Edit Schedule page, the Schedule Name and Name Preview boxes display the name of the -schedule as read-only. The name format is -`_Entitlement_`. - -Step 6 – In the Scheduler Service Name drop-down list, select a Scheduler service that would be -responsible for triggering this schedule. The number of services displayed in the list depend on the -number of nodes in all Elasticsearch clusters in the environment, as each node has its own Scheduler -service. See the [Scheduler Service](/docs/directorymanager/11.1/admincenter/service/schedulerservice.md) topic for additional -information. - -Please note the following while selecting a Scheduler service: - -- The Scheduler service for the Directory Manager instance on which you are creating the schedule is - selected by default. However, you can select the Scheduler service of another instance as well. - -- The Scheduler service can be changed even after creating the schedule. Upon the next run, the - schedule will be triggered by the newly-selected Scheduler service. - -- If the selected Scheduler service fails to trigger the schedule, then no other Scheduler service - can be selected automatically. - -- If a schedule is run manually on the Admin Center, then the Scheduler service of that instance - will be used. - -Step 7 – The **Triggers** area displays the default triggering frequency for the schedule. - -- To change a trigger, click **Edit** for it. -- To add a new trigger, click **Add Trigger**. - -Step 8 – Follow step 11 in the -[Create a Group Usage Service Schedule](groupusageservice.md#create-a-group-usage-service-schedule) -topic to manage triggers. - -Step 9 – After making the changes, click **Update Schedule**. - -Step 10 – On the Schedules page, click **Save**. -For general schedule info, see the -[View the Schedules in an Identity Store ](manage.md#view-the-schedules-in-an-identity-store) topic -for additional information. diff --git a/docs/directorymanager/11.1/admincenter/schedule/grouplifecycle.md b/docs/directorymanager/11.1/admincenter/schedule/grouplifecycle.md deleted file mode 100644 index 7b556b9709..0000000000 --- a/docs/directorymanager/11.1/admincenter/schedule/grouplifecycle.md +++ /dev/null @@ -1,99 +0,0 @@ -# Group Life Cycle Schedule - -Directory Manager enables you to define group lifecycle settings for an identity store. See the -[Manage Group Lifecycle Settings](/docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/grouplifecycle.md) -topic for additional information. Based on these settings, the Group Lifecycle schedule expires and -logically deletes groups in the identity store on a scheduled basis, keeping your directory clean -and preventing group glut. - -While creating a Group Lifecycle schedule, you have to specify a job triggering criterion, the -containers the job will process, and notification options. - -The Group Lifecycle schedule performs the following main functions: - -- Expires and logically delete groups according to their respective expiry policies. See the - [ Group Expiry and Deletion](/docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/groupexpirydeletion.md) - topic for additional information. -- Sends email notifications to relevant personnel before expiring a group. Also initiates - notifications for group attestation. -- Extends or reduces the life of mail-enabled distribution groups based on their usage. -- Initiates group attestation for expiring groups. - -## Create a Group Life Cycle Schedule - -Step 1 – In Admin Center, click **Identity Stores** in the left pane. - -Step 2 – On the Identity Stores page, click the ellipsis button for an identity store and select -**Edit**. - -Step 3 – Click **Schedules** under Settings in the left pane. - -Step 4 – On the Schedules page, click **Add Schedule** and select **Group Life Cycle Job**. -The Create Schedule page is displayed. - -Step 5 – In the Schedule Name box, enter a name for the schedule. - -Step 6 – The Name Preview box displays the schedule name prefixed with \_Glm\_\_; the schedule is -displayed with this name in email notifications. - -Step 7 – Select a Directory Manager portal URL in the Portal URL drop-down list to include it in -notifications generated for this schedule. Users are redirected to this portal to perform any -necessary action. - -Step 8 – In the Scheduler Service Name drop-down list, select a Scheduler service that would be -responsible for triggering this schedule. The number of services displayed in the list depend on the -number of nodes in all Elasticsearch clusters in the environment, as each node has its own Scheduler -service. See the [Scheduler Service](/docs/directorymanager/11.1/admincenter/service/schedulerservice.md) topic for additional -information. - -Please note the following while selecting a Scheduler service: - -- The Scheduler service for the Directory Manager instance on which you are creating the schedule is - selected by default. However, you can select the Scheduler service of another instance as well. - -- The Scheduler service can be changed even after creating the schedule. Upon the next run, the - schedule will be triggered by the newly-selected Scheduler service. - -- If the selected Scheduler service fails to trigger the schedule, then no other Scheduler service - can be selected automatically. - -- If a schedule is run manually on the Admin Center, then the Scheduler service of that instance - will be used. - -Step 9 – You can specify containers as targets for the schedule. To do so, follow step 9 in the -[Create a Group Usage Service Schedule](groupusageservice.md#create-a-group-usage-service-schedule) -topic. The schedule will process all groups in the containers and their sub-containers listed in the -Target(s) area in keeping with the Group Lifecycle settings for the identity store. - -NOTE: In Group Lifecycle settings, the administrator can specify container(s) for exclusively -applying or not applying the Group Life cycle policy. See the -[Apply Policy on Specific Containers](/docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/grouplifecycle.md#apply-policy-on-specific-containers) -topic. With containers specified in the Target(s) area, there may be a conflict or overlapping of -containers, in which case, the Group Lifecycle settings take precedence. - -Step 10 – Click **Add Triggers** in the Triggers area to specify a triggering criterion for the -schedule, that, when met, starts the execution of the schedule. Follow step 11 in the -[Create a Group Usage Service Schedule](groupusageservice.md#create-a-group-usage-service-schedule) -topic to manage triggers. - -Step 11 – Click **Add Authentication** in the Authentication area to specify an account for running -the schedule in the identity store. Follow step 12 in the -[Create a Group Usage Service Schedule](groupusageservice.md#create-a-group-usage-service-schedule) -topic for additional information. - -Step 12 – To set notifications for the schedule, click **Notifications**. - -1. On the Notifications dialog box, select the **Send group life extension notification** check box - to send email notifications to a group’s primary and additional owners when the job extends the - life of a group, based on group usage settings in the Group Lifecycle policy. For group usage - settings, see the - [Enable Group Usage Lifecycle](/docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/grouplifecycle.md#enable-group-usage-lifecycle) - topic for additional information. -2. Click **Save**. - -Step 13 – On the Create Schedule page, click **Create Schedule**. - -Step 14 – On the Schedules page, click **Save**. -The schedule is displayed under Group Life Cycle. See the -[View the Schedules in an Identity Store ](manage.md#view-the-schedules-in-an-identity-store) topic -for additional information. diff --git a/docs/directorymanager/11.1/admincenter/schedule/manage.md b/docs/directorymanager/11.1/admincenter/schedule/manage.md deleted file mode 100644 index 90b253902b..0000000000 --- a/docs/directorymanager/11.1/admincenter/schedule/manage.md +++ /dev/null @@ -1,234 +0,0 @@ -# Manage Schedules - -Directory Manager enables you to run, modify, disable, and delete the schedules defined for an -identity store. - -## View the Schedules in an Identity Store - -Follow the steps to view the schedules in an identity store. - -Step 1 – In Admin Center, click **Identity Stores** in the left pane. - -Step 2 – On the Identity Stores page, click the ellipsis button for an identity store and select -**Edit**. - -Step 3 – Click **Schedules** under Settings in the left pane. - -Step 4 – On the Schedules page, click the plus sign next to a job name to view the schedules defined -for it. -The following is displayed for a schedule: - -| Label | Description | -| --------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -| Enable | Shows whether a schedule is enabled or disabled. Use the toggle button next to a schedule to disable an enabled schedule and vice versa. Directory Manager does not execute a disabled schedule. | -| Job Name | The name of a schedule. | -| Target(s) | The group(s) and container(s) that a schedule processes. | -| Last Run | The date and time a schedule last ran. | -| Next Run | The next date and time a schedule will run. | -| Actions | Click the ellipsis button for a schedule in the **Actions** column and select an option: - Edit – To update the schedule's settings, such as targets, triggers, and notifications. - Delete – To delete a schedule. - Run – To manually run a schedule instantly. - Terminate – To manually terminate a running schedule instantly. This option is available for schedules that are currently running. | - -### Search a Schedule - -Directory Manager enables you to search for a schedule by different attributes, such as job name, -job target, last run time, the kind of notifications set for a job and the user name used for -authentication in a job. - -Follow the steps to apply a filter. - -Step 1 – On the Schedules page, expand the Schedule Filters area by clicking the plus sign. - -Step 2 – In the _Select a Filter_ box, select an attribute to filter schedules. - -Step 3 – In the _Select an Operator_ drop-down list, select an operator to apply to the selected -attribute. This drop-down displays the operators on the basis of the selected attribute. Available -operators are: - -| Condition | Description | -| ------------------- | --------------------------------------------------------------------------------------------------------------------------- | -| Starts with | Returns everything that starts with the value. | -| Does not start with | Returns everything that does not start with the value. | -| Ends with | Returns everything that ends with the value. Searching with this condition is resource-intensive for the directory. | -| Does not end with | Returns everything that does not end with the value. Searching with this condition is resource-intensive for the directory. | -| Is exactly | Returns everything that matches the value. | -| Is not | Returns everything that does not match the value. | -| Contains | Returns everything that contains the value. Searching with this condition is resource-intensive for the directory. | -| Not contain | Returns everything that does not contain the value. Searching with this condition is resource-intensive for the directory. | -| Present | Returns everything that has a value. | -| Not present | Returns everything that does not have a value. | -| Greater or equal | Returns everything with a value greater than or equal to the given value. | -| Less or equal | Returns everything with a value lesser than or equal to the given value. | - -Step 4 – In the _Select a Value_ box, specify a value for the attribute. The selected attribute and -operator determine the kind of value that can be entered in this box. For some operators, such as -_Present_ and _Not Present_, this field is not available. These operators check if a value for the -attribute is present or not. - -- To add more filters – On adding a filter, the next row is displayed, so you can add another - filter. -- To remove a filter row – To remove a filter row, click **Remove** for it. -- To remove the filter – To remove all the filter rows, click **Clear**. - -Step 5 – To apply the filter, click **Apply**. With multiple filters, schedules that satisfy all the -filters are displayed. - -## Enable/Disable a Schedule - -Follow the steps to enable/disable a schedule. - -Step 1 – In Admin Center, click **Identity Stores** in the left pane. - -Step 2 – On the Identity Stores page, click the ellipsis button for an identity store and select -**Edit**. - -Step 3 – Click **Schedules** under Settings in the left pane. - -Step 4 – On the Schedules page, click the plus sign for a job to view the schedules defined for it. - -Step 5 – Use the Enable toggle button for a schedule to enable or disable it. -A disabled schedule is not executed in the identity store. - -Step 6 – Click **Save**. - -## Update Triggers for a Schedule - -A trigger is a criterion that, when met, starts the execution of a schedule. - -Follow the steps to update triggers for a schedule. - -Step 1 – In Admin Center, click **Identity Stores** in the left pane. - -Step 2 – On the Identity Stores page, click the ellipsis button for an identity store and select -**Edit**. - -Step 3 – Click **Schedules** under Settings in the left pane. - -Step 4 – On the Schedules page, click the plus sign for a job to view the schedules defined for it. - -Step 5 – Click the ellipsis button for a schedule and select **Edit**. - -Step 6 – On the Edit Schedule page, the Triggers area displays the trigger(s) set for the schedule. - -- To update a trigger, click **Edit** for it. -- To add a new trigger, click **Add Trigger**. -- To remove a trigger, click **Remove** for it. - -Follow step 11 in the [Group Usage Service Schedule](/docs/directorymanager/11.1/admincenter/schedule/groupusageservice.md) topic to manage triggers. - -Step 7 – Click **Update Schedule**. - -Step 8 – Click **Save** on the Schedules page. - -## Update Targets for a Schedule - -Targets in a schedule are the objects processed by that schedule. - -Follow the steps to update the targets. - -Step 1 – In Admin Center, click **Identity Stores** in the left pane. - -Step 2 – On the Identity Stores page, click the ellipsis button for an identity store and select -**Edit**. - -Step 3 – Click **Schedules** under Settings in the left pane. - -Step 4 – On the Schedules page, click the plus sign for a job to view the schedules defined for it. - -Step 5 – Click the ellipsis button for a schedule and select **Edit**. - -Step 6 – On the Edit Schedule page, the Target(s) area displays the target objects for the -schedule. -Target types differ for different schedule types. For example, you can set containers as targets for -a Group Lifecycle schedule; and jobs and job collections for a Synchronize schedule. Other -schedules, such as a User Lifecycle schedule, may not require a target, as they execute certain -functions for an identity store. - -- To add a target object to a schedule, refer to the instructions for the respective schedule. -- To remove a target object, click **Remove** for it. -- To remove all target objects, click **Remove All**. - -Step 7 – Click **Update Schedule**. - -Step 8 – Click **Save** on the Schedules page. - -## Update Notification Settings for a Schedule - -Follow the steps to update notification settings for a schedule. - -Step 1 – In Admin Center, click **Identity Stores** in the left pane. - -Step 2 – On the Identity Stores page, click the ellipsis button for an identity store and select -**Edit**. - -Step 3 – Click **Schedules** under Settings in the left pane. - -Step 4 – On the Schedules page, click the plus sign for a job to view the schedules defined for it. - -Step 5 – Click the ellipsis button for a schedule and select **Edit**. - -Step 6 – On the Edit Schedule page, click the **Notifications** button to update notification -settings for the schedule. -Notification settings differ for different schedule types. For example, a Smart Group Update -schedule has a different set of notification options from a Group Lifecycle schedule. Other -schedules, such as the Directory Manager Entitlement and Workflow Acceleration schedules, do not -have notification settings. -To manage the notification settings for a schedule, refer to the instructions for the respective -schedule. - -Step 7 – Click **Update Schedule**. - -Step 8 – Click **Save** on the Schedules page. - -## Run a Schedule Instantly - -Follow the steps to run a schedule instantly. - -Step 1 – In Admin Center, click **Identity Stores** in the left pane. - -Step 2 – On the Identity Stores page, click the ellipsis button for an identity store and select -**Edit**. - -Step 3 – Click **Schedules** under Settings in the left pane. - -Step 4 – On the Schedules page, click the plus sign for a job to view the schedules defined for it. - -Step 5 – Click the ellipsis button for a schedule and select **Run** to execute it instantly. - -## Terminate a Running Schedule - -You can terminate a schedule that is currently running in an identity store. On termination, objects -that have already been processed by the schedule will not be reverted while the remaining stay -unprocessed. - -Follow the steps to terminate a running schedule. - -Step 1 – In Admin Center, click **Identity Stores** in the left pane. - -Step 2 – On the Identity Stores page, click the ellipsis button for an identity store and select -**Edit**. - -Step 3 – Click **Schedules** under Settings in the left pane. - -Step 4 – On the Schedules page, click the plus sign for a job to view the schedules defined for it. - -Step 5 – Click the ellipsis button for a currently running schedule and select **Terminate** to stop -it instantly. - -## Delete a Schedule - -Follow the steps to delete a schedule. - -Step 1 – In Admin Center, click **Identity Stores** in the left pane. - -Step 2 – On the Identity Stores page, click the ellipsis button for an identity store and select -**Edit**. - -Step 3 – Click **Schedules** under Settings in the left pane. - -Step 4 – On the Schedules page, click the plus sign for a job to view the schedules defined for it. - -Step 5 – Click the ellipsis button for a schedule and select **Delete**. -The Delete option is not available for system-defined schedules. - -Step 6 – On the Delete Schedule dialog box, click **Delete**. - -Step 7 – Click **Save** on the Schedules page. diff --git a/docs/directorymanager/11.1/admincenter/schedule/membershiplifecycle.md b/docs/directorymanager/11.1/admincenter/schedule/membershiplifecycle.md deleted file mode 100644 index 91d75dba46..0000000000 --- a/docs/directorymanager/11.1/admincenter/schedule/membershiplifecycle.md +++ /dev/null @@ -1,105 +0,0 @@ -# Membership Life Cycle Schedule - -The Membership Life Cycle schedule updates the temporary membership of groups in an identity store. -It performs the following functions: - -- Group owners (primary owner, additional owners, and Exchange additional owners) can set a start - and end date to: - - - Add an object as a temporary member of a group - - Remove a member for a temporary period from group membership - - The Membership Life Cycle schedule temporarily adds and removes an object from group membership - on the specified dates. - -- Managers and peers can join and leave a group temporarily on behalf of other users. When the - Membership Life Cycle schedule runs, it adds and removes those users from group membership on the - specified dates. -- The Membership Life Cycle schedule executes the Membership Life Cycle policy for the identity - store. See the - [Manage Membership Life Cycle Policies](/docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/membershiplifecycle.md) - topic. -- The schedule also removes members when group owners inactivate them during group attestation. See - the - [Enable Group Attestation](/docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/grouplifecycle.md#enable-group-attestation) - topic. - -Let’s assume that the Membership Life Cycle schedule is scheduled to run once a week, say Mondays. -If an object is to be added to group membership for three days - Wednesday till Friday, it will not -be added. This happens because the Membership Life Cycle schedule did not run on the specific days -for temporary membership update. Make sure that the schedule is set to run at a frequency that meets -your temporary membership requirements. - -Directory Manager generates notifications when the Membership Life Cycle schedule adds or removes -users from group membership. See the -[Manage Membership Life Cycle Notifications](/docs/directorymanager/11.1/admincenter/identitystore/configure/smtpserver.md#manage-membership-life-cycle-notifications) -topic. - -## Create a Membership Life Cycle Schedule - -Follow the steps to create a Membership Life Cycle Schedule. - -Step 1 – In Admin Center, click **Identity Stores** in the left pane. - -Step 2 – On the Identity Stores page, click the ellipsis button for an identity store and select -**Edit**. - -Step 3 – Click **Schedules** under Settings in the left pane. - -Step 4 – On the Schedules page, click **Add Schedule** and select **Membership Life Cycle Job**. The -Create Schedule page is displayed. - -Step 5 – In the Schedule Name box, enter a name for the schedule. - -Step 6 – The Name Preview box displays the schedule name prefixed with \_MembershipLifeCycle\_\_; -the schedule is displayed with this name in email notifications. - -Step 7 – Select a Directory Manager portal URL in the Portal URL drop-down list to include it in -notifications generated by the schedule. Users are redirected to this portal to perform any -necessary action. - -Step 8 – In the Scheduler Service Name drop-down list, select a Scheduler service that would be -responsible for triggering this schedule. The number of services displayed in the list depend on the -number of nodes in all Elasticsearch clusters in the environment, as each node has its own Scheduler -service. See the [Scheduler Service](/docs/directorymanager/11.1/admincenter/service/schedulerservice.md) topic for additional -information. - -Please note the following while selecting a Scheduler service: - -- The Scheduler service for the Directory Manager instance on which you are creating the schedule is - selected by default. However, you can select the Scheduler service of another instance as well. - -- The Scheduler service can be changed even after creating the schedule. Upon the next run, the - schedule will be triggered by the newly-selected Scheduler service. - -- If the selected Scheduler service fails to trigger the schedule, then no other Scheduler service - can be selected automatically. - -- If a schedule is run manually on the Admin Center, then the Scheduler service of that instance - will be used. - -Step 9 – You can specify containers as targets for the schedule. The schedule will process all -groups in these containers and their sub-containers. To specific containers as target, follow step 9 -in the -[Create a Group Usage Service Schedule](groupusageservice.md#create-a-group-usage-service-schedule) -topic for additional information. - -NOTE: Membership Lifecycle policies are not applied to OUs specified here. Target OUs and groups are -set in the respective policy. - -Step 10 – Click **Add Triggers** in the Triggers area to specify a triggering criterion for the -schedule, that, when met, starts the execution of the schedule. Follow step 11 in the -[Create a Group Usage Service Schedule](groupusageservice.md#create-a-group-usage-service-schedule) -topic to add triggers. - -Step 11 – Click **Add Authentication** in the Authentication area to specify an account for running -the schedule in the identity store. Follow step 12 in the -[Create a Group Usage Service Schedule](groupusageservice.md#create-a-group-usage-service-schedule) -topic for additional information. - -Step 12 – On the Create Schedule page, click **Create Schedule**. - -Step 13 – On the Schedules page, click **Save**. -The schedule is displayed under **Membership Life Cycle**. See the -[View the Schedules in an Identity Store ](manage.md#view-the-schedules-in-an-identity-store) topic -for additional information. diff --git a/docs/directorymanager/11.1/admincenter/schedule/overview.md b/docs/directorymanager/11.1/admincenter/schedule/overview.md deleted file mode 100644 index 5af15a4821..0000000000 --- a/docs/directorymanager/11.1/admincenter/schedule/overview.md +++ /dev/null @@ -1,72 +0,0 @@ -# Schedules - -The scheduling feature in Directory Manager enables you to perform several operations by creating -scheduled jobs for an identity store. These schedules auto run at the specified day, time, and -frequency. - -## Schedules for Active Directory, Google Workspae, and Generic LDAP Identity Stores - -You can define the following schedules for an identity store: - -- A [Group Usage Service Schedule](/docs/directorymanager/11.1/admincenter/schedule/groupusageservice.md) monitors group usage and time stamps groups - with the date and time they were last used. -- A [Group Life Cycle Schedule](/docs/directorymanager/11.1/admincenter/schedule/grouplifecycle.md) expires and deletes groups according to their - expiry policy. It executes the Group Lifecycle policy for the identity store. -- A [History Retention Schedule](/docs/directorymanager/11.1/admincenter/schedule/historyretention.md) archives identity store history data in - Directory Manager. -- A [GroupID Entitlement Schedule](/docs/directorymanager/11.1/admincenter/schedule/entitlement.md) replicates object permissions on file servers and - SharePoint sites for an Active Directory and Microsoft Entra ID identity store respectively. -- An [Entitlement Scope Schedule](/docs/directorymanager/11.1/admincenter/schedule/entitlementscope.md) replicates changes made to object permissions - on file servers and SharePoint sites using Directory Manager. -- An [Entitlement Temporary Permissions Schedule](/docs/directorymanager/11.1/admincenter/schedule/entitlementtemporarypermissions.md) updates the - temporary permissions for objects on file servers and SharePoint sites. -- A [Managed By Life Cycle Schedule](/docs/directorymanager/11.1/admincenter/schedule/managedbylifecycle.md) manages the temporary additional owners - for groups and temporary additional managers for users. -- A [Membership Life Cycle Schedule](/docs/directorymanager/11.1/admincenter/schedule/membershiplifecycle.md) updates the temporary membership of - groups. -- An [Orphan Group Update Schedule](/docs/directorymanager/11.1/admincenter/schedule/orphangroupupdate.md) sets the primary owner for an orphan - group. -- A [Reports Schedule](/docs/directorymanager/11.1/admincenter/schedule/reports.md)can automatically generate reports that you link with the - schedule. -- A [Schema Replication Schedule](/docs/directorymanager/11.1/admincenter/schedule/schemareplication.md) replicates the schema of an identity - provider to the Directory Manager database. -- A [Smart Group Update Schedule](/docs/directorymanager/11.1/admincenter/schedule/smartgroupupdate.md)updates Smart Groups and Dynasties. -- A [Synchronize Schedule](/docs/directorymanager/11.1/admincenter/schedule/synchronize.md) can execute Synchronize jobs and job groups at a set - frequency. -- A [User Life Cycle Schedule](/docs/directorymanager/11.1/admincenter/schedule/userlifecycle.md) disables users who do not validate their profiles - within a given period, based on the settings defined for user profile validation. -- A [Workflow Acceleration Schedule](/docs/directorymanager/11.1/admincenter/schedule/workflowacceleration.md) forwards workflow requests to - approvers and auto approves requests according to workflow approver acceleration rules. - -NOTE: Role members with the _Manage Scheduling_ permission in an identity store can create and -manage scheduled jobs. See the -[Modify Role Permissions](/docs/directorymanager/11.1/admincenter/securityrole/manage.md#modify-role-permissions) topic for additional -information. - -Schedules are saved in the Directory Manager database. The GroupIDSchedulerService, created in the -GroupIDSite11 site in native IIS is responsible for initiating schedule runs. - -## Schedules for Microsoft Entra ID Identity Store - -The following schedules are automatically created when their associated configurations are done in -an identity store. - -- Entitlement ([GroupID Entitlement Schedule](/docs/directorymanager/11.1/admincenter/schedule/entitlement.md), - [Entitlement Scope Schedule](/docs/directorymanager/11.1/admincenter/schedule/entitlementscope.md), - [Entitlement Temporary Permissions Schedule](/docs/directorymanager/11.1/admincenter/schedule/entitlementtemporarypermissions.md)) -- [User Life Cycle Schedule](/docs/directorymanager/11.1/admincenter/schedule/userlifecycle.md) -- [History Retention Schedule](/docs/directorymanager/11.1/admincenter/schedule/historyretention.md) -- [Workflow Acceleration Schedule](/docs/directorymanager/11.1/admincenter/schedule/workflowacceleration.md) - -In a Microsoft Entra ID identity provider, the Entra ID user must be logged into the Admin Center -while making configurations of these schedules. The schedules are then run in the context of the -logged in user. The following dialog box displays the username of the logged-in user when you -configure a schedule: - -![entraidscheduleauthenticate](/img/product_docs/directorymanager/11.1/admincenter/schedule/entraidscheduleauthenticate.webp) - -Use the Login with a different user option to provide the credentials of another account to run the -schedule in the identity store is not available for a Microsoft Entra ID identity store. - -NOTE: The existing schedules will continue to work. The SAML provider authentication does not apply -on them. diff --git a/docs/directorymanager/11.1/admincenter/schedule/reports.md b/docs/directorymanager/11.1/admincenter/schedule/reports.md deleted file mode 100644 index 7c3885852c..0000000000 --- a/docs/directorymanager/11.1/admincenter/schedule/reports.md +++ /dev/null @@ -1,108 +0,0 @@ -# Reports Schedule - -Directory Manager can generate reports for an identity store on a scheduled basis. - -You can create a Reports schedule and add reports to it. When the schedule runs, all added reports -are auto generated. The Reports schedule also sends email notifications to the designated -recipients. - -## Create a Reports Schedule - -Follow the steps to create a Reports Schedule. - -Step 1 – In Admin Center, click **Identity Stores** in the left pane. - -Step 2 – On the Identity Stores page, click the ellipsis button for an identity store and select -**Edit**. - -Step 3 – Click **Schedules** under Settings in the left pane. - -Step 4 – On the Schedules page, click **Add Schedule** and select **Reports Job**. The Create -Schedule page is displayed. - -Step 5 – In the Schedule Name box, enter a name for the schedule. - -Step 6 – The Name Preview box displays the schedule name prefixed with \_ReportPortal\_\_; the -schedule is displayed with this name in email notifications. - -Step 7 – In the Scheduler Service Name drop-down list, select a Scheduler service that would be -responsible for triggering this schedule. The number of services displayed in the list depend on the -number of nodes in all Elasticsearch clusters in the environment, as each node has its own Scheduler -service. See the [Scheduler Service](/docs/directorymanager/11.1/admincenter/service/schedulerservice.md) topic for additional -information. - -Please note the following while selecting a Scheduler service: - -- The Scheduler service for the Directory Manager instance on which you are creating the schedule is - selected by default. However, you can select the Scheduler service of another instance as well. - -- The Scheduler service can be changed even after creating the schedule. Upon the next run, the - schedule will be triggered by the newly-selected Scheduler service. - -- If the selected Scheduler service fails to trigger the schedule, then no other Scheduler service - can be selected automatically. - -- If a schedule is run manually on the Admin Center, then the Scheduler service of that instance - will be used. - -Step 8 – To add reports to the schedule, click **Add Report(s)** in the Reports area. The Add -Reports to Schedule dialog box is displayed. - -NOTE: You can only add reports that have been generated in the Directory Manager portal, since the -schedule uses the settings provided there to generate the report. Moreover, you cannot change the -settings here, such as the container and filter settings. - -1. In the Object Category drop-down list, select a report category. Available categories are: _All - Categories, Users, Groups, Contacts and Computers_. In the Directory Manager portal, reports are - classified under these categories. -2. The Reports drop-down list shows all reports in the selected category. On selecting a report, one - of the following happens: - - - The report is displayed in the grid on the dialog box. This is because it has previously been - added, and you do not need to add it again. If the report has been generated multiple times in - the Directory Manager portal, all instances are displayed, since each instance has its own - _title_, _container_, and _filter_ settings. - - If the report is not displayed in the grid, you have to add it using the Add button. (The Add - button gets enabled if this report has been generated in the Directory Manager portal.) - - Notice that when you select a category, a report may get listed in the grid. This is because the - first report in the category is auto selected in the **Reports** drop-down list. If that report - has previously been added, it is displayed in the grid. - -3. The report is listed in the grid on the dialog box with the following info: - - - Report Title – the name given to the report by the user while generating it. - - Report Name – the name of the report in Directory Manager. - - Container – the container the report will fetch results from. This container was specified by - the user while generating the report. - - Filter – the criteria applied to get the results. - - You can add as many reports as required. - -4. Select the check box for a report and click **Add**. The selected reports are displayed in the - Reports area on the Create Schedule page. When this Reports schedule runs, it auto generates all - added reports. - To remove a report , click **Remove** for it. - -Step 9 – Click **Add Triggers** in the Triggers area to specify a triggering criterion for the -schedule, that, when met, starts the execution of the schedule. Follow step 11 in the -[Create a Group Usage Service Schedule](groupusageservice.md#create-a-group-usage-service-schedule) -topic to add triggers. - -Step 10 – Click **Add Authentication** in the **Authentication** area to specify an account for -running the schedule in the identity store. Follow step 12 in the -[Create a Group Usage Service Schedule](groupusageservice.md#create-a-group-usage-service-schedule) -topic for additional information. - -Step 11 – To set up notifications for the schedule, click **Notifications**. - -1. On the Notifications dialog box, enter the email address of recipient(s) to whom you want to send - the reports generated by the schedule. Use a semicolon to separate multiple addresses. -2. Click **Save**. - -Step 12 – On the Create Schedule page, click **Create Schedule**. - -Step 13 – On the Schedules page, click **Save**. -The schedule is displayed under **Reports**. See the -[View the Schedules in an Identity Store ](manage.md#view-the-schedules-in-an-identity-store)topic -for details. diff --git a/docs/directorymanager/11.1/admincenter/schedule/synchronize.md b/docs/directorymanager/11.1/admincenter/schedule/synchronize.md deleted file mode 100644 index b58c1a5f70..0000000000 --- a/docs/directorymanager/11.1/admincenter/schedule/synchronize.md +++ /dev/null @@ -1,74 +0,0 @@ -# Synchronize Schedule - -The Directory Manager scheduling function enables you to set any Synchronize job or job collection -to run automatically. Create a Synchronize schedule and add Synchronize jobs and job collections as -targets. When the schedule runs, the target jobs and job collections are executed. - -## Create a Synchronize Schedule - -Follow the steps to create a Synchronize Schedule. - -Step 1 – In Admin Center, click **Identity Stores** in the left pane. - -Step 2 – On the Identity Stores page, click the ellipsis button for an identity store and select -**Edit**. - -Step 3 – Click **Schedules** under Settings in the left pane. - -Step 4 – On the Schedules page, click **Add Schedule** and select **Synchronize Job**. The Create -Schedule page is displayed. - -Step 5 – In the Schedule Name box, enter a name for the schedule. - -Step 6 – The Name Preview displays the schedule name prefixed with \_SynchronizeJobPortal\_\_; the -schedule is displayed with this name in email notifications. - -Step 7 – In the Scheduler Service Name drop-down list, select a Scheduler service that would be -responsible for triggering this schedule. The number of services displayed in the list depend on the -number of nodes in all Elasticsearch clusters in the environment, as each node has its own Scheduler -service. See the [Scheduler Service](/docs/directorymanager/11.1/admincenter/service/schedulerservice.md) topic for additional -information. - -Please note the following while selecting a Scheduler service: - -- The Scheduler service for the Directory Manager instance on which you are creating the schedule is - selected by default. However, you can select the Scheduler service of another instance as well. - -- The Scheduler service can be changed even after creating the schedule. Upon the next run, the - schedule will be triggered by the newly-selected Scheduler service. - -- If the selected Scheduler service fails to trigger the schedule, then no other Scheduler service - can be selected automatically. - -- If a schedule is run manually on the Admin Center, then the Scheduler service of that instance - will be used. - -Step 8 – Add a Synchronize job or a job collection or both to this schedule. - -- Click **Add Jobs** to add a Synchronize job to this schedule. The Select Jobs to Add dialog box - displays Synchronize jobs. Select one or more jobs and click **Add**. -- Click **Add Job Collection** to add a Synchronize job collection to this schedule. The Select Job - Collections to Add dialog box displays job collections from Synchronize. Select one or more job - collections from the list and click **Add**. - -The selected job(s) and job collection(s) are listed in the Target(s) area. They will be executed -when the schedule runs. -To remove a job or job collection in the Target(s)area, click **Remove** for it. -To remove all target objects, click **Remove All**. - -Step 9 – Click **Add Triggers** in the Triggers area to specify a triggering criterion for the -schedule, that, when met, starts the execution of the schedule. Follow step 11 in the -[Create a Group Usage Service Schedule](groupusageservice.md#create-a-group-usage-service-schedule) -topic to add triggers. - -Step 10 – Click **Add Authentication** in the Authentication area to specify an account for running -the schedule in the identity store. Follow step 12 in the -[Create a Group Usage Service Schedule](groupusageservice.md#create-a-group-usage-service-schedule) -topic for additional information. - -Step 11 – On the Create Schedule page, click **Create Schedule**. - -Step 12 – On the Schedules page, click **Save**. -The schedule is displayed under **Synchronize**. See the -[View the Schedules in an Identity Store ](manage.md#view-the-schedules-in-an-identity-store) topic -for additional information. diff --git a/docs/directorymanager/11.1/admincenter/securityrole/create.md b/docs/directorymanager/11.1/admincenter/securityrole/create.md deleted file mode 100644 index a7f3afe955..0000000000 --- a/docs/directorymanager/11.1/admincenter/securityrole/create.md +++ /dev/null @@ -1,83 +0,0 @@ -# Create a Security Role - -To create a security role for an identity store, you have to specify the following: - -- Criteria - See [Criteria ](/docs/directorymanager/11.1/admincenter/securityrole/manage.md). -- Priority - See [Priority](/docs/directorymanager/11.1/admincenter/securityrole/manage.md). -- Permissions - Permissions refer to the different actions that role members can perform using - Directory Manager, for example, creating directory objects, managing groups, managing scheduled - jobs, managing user profiles, and more. -- Policies - Policies refer to settings that apply to role members. For example, the search policy - limits role members to search for objects in a particular container. - -You can create a role from scratch or by copying an existing role. See the -[Security Roles](/docs/directorymanager/11.1/admincenter/securityrole/overview.md) topic for additional information on security roles. - -NOTE: You can disable a role to prevent its members from accessing Directory Manager. To prevent an -individual role member from accessing Directory Manager, you must remove him or her from the group -or container specified as role criteria. - -What do you want to do? - -- Create a Security Role from Scratch -- Create a Role by Copying an Existing Role - -## Create a Security Role from Scratch - -Follow the steps to create a security role - -Step 1 – In Admin Center, click **Identity Stores** in the left pane. - -Step 2 – On the Identity Stores page, click the ellipsis button for an identity store and select -**Edit**. - -Step 3 – Click **Security Roles** under Settings in the left pane. - -Step 4 – On the **Security Roles** page, click **Add Security Role**. The **Create Security Role** -page is displayed. - -Step 5 – Enter a name for the security role in the **Name** box. - -Step 6 – Enter a brief description for the role in the **Description** box. - -Step 7 – In the **Priority** box, type or select a value in the range, 1-99, to set the role -priority. This should be a unique value for each role in an identity store. - -Step 8 – In the **Criteria** area, specify a criterion to determine role members. For details, see -the [Security Role – Criteria](/docs/directorymanager/11.1/admincenter/securityrole/criteria.md) topic. - -Step 9 – Next, assign group management, user management, and other permissions to the security role. -For details, see the [Security Role – Permissions](/docs/directorymanager/11.1/admincenter/securityrole/permissions.md) topic. - -Step 10 – Select the **HelpDesk Role** checkbox if you want to restrict role members to the Helpdesk -node of Admin Center. - -Step 11 – Click **Create Security Role**. - -Step 12 – Click **Save** on the **Security Roles** page. See the [Manage Security Roles](/docs/directorymanager/11.1/admincenter/securityrole/manage.md) -topic. - -## Create a Role by Copying an Existing Role - -You can use a security role as a template to create a new role. In this case, the criteria, -permissions, and policies of the template role are copied to the new role. - -Follow the steps to copy a role - -Step 1 – In Admin Center, click **Identity Stores** in the left pane. - -Step 2 – On the Identity Stores page, click the ellipsis button for an identity store and select -**Edit**. - -Step 3 – Click **Security Roles** under Settings in the left pane. - -Step 4 – On the **Security Roles** page, click the ellipsis button for the security role you want to -use as template and select **Copy**. The **Copy Security Role** page is displayed. - -Step 5 – Follow steps 5-9 in the Create a Security Role from Scratch topic to update role info and -click **Update Security Role**. - -Step 6 – On the Security Roles page, click **Save**. - -Step 7 – To update the policies for the new role, see the -[Security Role Policies](/docs/directorymanager/11.1/admincenter/securityrole/policy/overview.md) topic. diff --git a/docs/directorymanager/11.1/admincenter/securityrole/manage.md b/docs/directorymanager/11.1/admincenter/securityrole/manage.md deleted file mode 100644 index 582be80448..0000000000 --- a/docs/directorymanager/11.1/admincenter/securityrole/manage.md +++ /dev/null @@ -1,142 +0,0 @@ -# Manage Security Roles - -After creating a security role, you can manage various settings for it, such as tole criteria, -permissions, and policies. - -What do you want to do? - -- View Security Roles -- Enable or Disable a Role -- Change Role Priority -- Criteria  -- Modify Role Permissions -- Define Policies for a Role -- Delete a Role - -## View Security Roles - -1. In Admin Center, click **Identity Stores** in the left pane. -2. On the **Identity Stores** page, click the ellipsis button for an identity store and select - **Edit**. -3. Click **Security Roles** under **Settings** in the left pane. - On the **Security Roles** page, the following information is displayed for a role: - - | Label | Description | - | ------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | - | Enable | Shows whether the security role is enabled or disabled. Use the toggle button for an enabled role to disable it and vice versa. Members of a disabled role cannot access Directory Manager. | - | Display name | The display name of the security role. | - | Priority | Each security role is assigned a value from 1-99, where 1 indicates the highest priority and 99 indicates the lowest priority. Role priority is unique for a role in an identity store. Role priority is used to resolve conflicts when a user has more than one role in Directory Manager. For example, when a user has two roles, Administrator and User, with role priority set to 1 and 25 respectively, then permissions and policies for the higher priority role (i.e., Administrator), will apply when the user logs into Directory Manager. | - | Criteria | Role criteria determines the users the role applies to. You can specify as container or group as criteria for a role. - In case of a container, all users residing in it are assigned the role. - For a group, all group members are assigned the role. | - | Description | A description for the security role. | - | Actions | - Click **Edit** for a security role to update its details, criteria, policies, and permissions. - Click the ellipsis button and select Delete to delete the security role. - Click the ellipsis button and select Copy to create a new security role by copying the respective role. | - -## Enable or Disable a Role - -You can disable a role to prevent its members from signing into Directory Manager. You can also -enable a disabled role to allow its members to access Directory Manager. By default, all new roles -created for an identity store are enabled. - -NOTE: To prevent an individual role member from accessing Directory Manager, you must remove him or -her from the group or container specified as role criteria. - -**To enable or disable a security role:** - -**Method 1:** - -1. In Admin Center, click **Identity Stores** in the left pane. -2. On the **Identity Stores** page, click the ellipsis button for an identity store and select - **Edit**. -3. Click **Security Roles** under **Settings** in the left pane. -4. On the **Security Roles** page, use the **Enable** toggle button for a role to enable or disable - it. -5. Click **Save**. - -**Method 2:** - -1. In Admin Center, click **Identity Stores** in the left pane. -2. On the **Identity Stores** page, click the ellipsis button for an identity store and select - **Edit**. -3. Click **Security Roles** under **Settings** in the left pane. -4. On the **Security Roles** page, click **Edit** for a security role. -5. On the **Update Security Role** page, use the toggle button in the top left corner to enable or - disable the role. -6. Click **Update Security Role**. -7. On the **Security Roles** page, click **Save**. - -## Change Role Priority - -While changing role priority, remember that the priority number must be unique for a role in an -identity store. - -**To change role priority:** - -1. In Admin Center, click **Identity Stores** in the left pane. -2. On the **Identity Stores** page, click the ellipsis button for an identity store and select - **Edit**. -3. Click **Security Roles** under **Settings** in the left pane. -4. On the **Security Roles** page, click **Edit** for a security role. -5. In the **Priority** box on the **Edit Security Role** page, change the value for role priority. - This value must fall in the range, 1-99, where 1 indicates the highest and 99 indicates the - lowest priority. See Priority. -6. Click **Update Security Role**. -7. On the **Security Roles** page, click **Save**. - -## Change Role Criteria - -By changing role criteria , you can specify a different set of users as members of a role. - -**To change role criteria:** - -1. In Admin Center, click **Identity Stores** in the left pane. -2. On the **Identity Stores** page, click the ellipsis button for an identity store and select - **Edit**. -3. Click **Security Roles** under **Settings** in the left pane. -4. On the **Security Roles** page, click **Edit** for a security role. -5. On the **Edit Security Role** page, the **Criteria** area displays the role criteria. Click **Add - Criteria** to change it. On the **Add Criteria** dialog box, update the criteria. See the - [Security Role – Criteria](/docs/directorymanager/11.1/admincenter/securityrole/criteria.md) topic for details. -6. Click **Update Security Role**. -7. On the **Security Roles** page, click **Save**. - -## Modify Role Permissions - -You can update the permissions assigned to a role. - -**To update role permissions:** - -1. In Admin Center, click **Identity Stores** in the left pane. -2. On the **Identity Stores** page, click the ellipsis button for an identity store and select - **Edit**. -3. Click **Security Roles** under **Settings** in the left pane. -4. On the **Security Roles** page, click **Edit** for a security role. -5. On the **Edit Security Role** page, click **Select what members can do** in the **Permissions** - area to change role permissions. -6. On the **Add Permissions** dialog box, select **Allow** for a permission to assign it to the - role. Select **Deny** for a permission to deny it to the role. To learn about the available - permissions, see the [Security Role – Permissions](/docs/directorymanager/11.1/admincenter/securityrole/permissions.md) topic. -7. After assigning the required permissions, click **OK**. -8. Click **Update Security Role**. -9. On the **Security Roles** page, click **Save**. - -## Define Policies for a Role - -To define policies for a security role, see the [Security Role Policies](/docs/directorymanager/11.1/admincenter/securityrole/policy/overview.md) topic. - -## Delete a Role - -When you delete a security role, role members will not be able to access Directory Manager. - -**To delete a role:** - -1. In Admin Center, click **Identity Stores** in the left pane. -2. On the **Identity Stores** page, click the ellipsis button for an identity store and select - **Edit**. -3. Click **Security Roles** under **Settings** in the left pane. -4. On the **Security Roles** page, click the ellipsis button for a security role and select - **Delete** to delete it. -5. Click **Save**. - -See Also - -- [Security Roles](/docs/directorymanager/11.1/admincenter/securityrole/overview.md) -- [Create a Security Role](/docs/directorymanager/11.1/admincenter/securityrole/create.md) diff --git a/docs/directorymanager/11.1/admincenter/securityrole/overview.md b/docs/directorymanager/11.1/admincenter/securityrole/overview.md deleted file mode 100644 index ca1de8b52f..0000000000 --- a/docs/directorymanager/11.1/admincenter/securityrole/overview.md +++ /dev/null @@ -1,61 +0,0 @@ -# Security Roles - -Security roles enable you to control access to Directory Manager and the directory. An identity -store in Directory Manager has the following built-in roles that you can assign to users: - -- **Administrator:** By default, this role has permissions on all functions that can be performed in - an identity store. -- **Helpdesk:** This role is available for helpdesk users, who can reset identity store account - passwords and unlock identity store accounts on behalf of other users. Admin Center for this role, - by default, is available in the Helpdesk mode only. - - NOTE: The Helpdesk role is not available by default for a Microsoft Entra ID identity store. - -- **User:** This role can be assigned to standard users, who can create new groups, manage their - groups, update their directory profiles, and manage their direct reports. - -These roles are highly customizable. You can modify their display name, priority level, permissions, -policies, and more. If the built-in roles do not meet your specific needs, you can create custom -security roles. See the [Manage Security Roles](/docs/directorymanager/11.1/admincenter/securityrole/manage.md) and [Create a Security Role](/docs/directorymanager/11.1/admincenter/securityrole/create.md) -topics for additional information. - -**View security role info** - -To view information about a security role, see the -[View Security Roles](manage.md#view-security-roles) topic. - -**User policies and permissions** - -Settings defined for an identity store apply to all users while role-based permissions and policies -only apply to members of a role. See the -[Configure an Identity Store](/docs/directorymanager/11.1/admincenter/identitystore/configure.md)topic for additional information. - -## Assign Distinct Roles to a User in Directory Manager Clients - -You can assign different roles to a user in different Directory Manager clients. For example, a user -can have the administrator role in Directory Manager Management Shell and the role of a standard -user in a Directory Manager portal. This flexibility is built into security roles using client-based -criteria. See the [Security Role – Criteria](/docs/directorymanager/11.1/admincenter/securityrole/criteria.md) topic. - -Directory Manager clients include: - -- Admin Center -- All Directory Manager portals created using Admin Center -- Directory Manager Management Shell - -Consider the following scenario: - -- For the Administrator role, you allow role members to access one Directory Manager client: - Directory Manager Management Shell. User A is a member of the Administrator role, so it gets - access to Management Shell as an admin. User A cannot access any other Directory Manager client. -- For the User role, you allow role members to access the Directory Manager portal only. User A is a - member of the User role, so it gets access to the portal as a standard user. - -As a result, User A has two different roles in two Directory Manager clients. - -Not only that, a user can also have multiple roles in a Directory Manager client, in which case role -priority is used to determine the access level of the user on the specific client. See -[Priority](/docs/directorymanager/11.1/admincenter/securityrole/manage.md). - -To view the highest priority role of a user with respect to a Directory Manager client, see the -[Check the Roles of a User](/docs/directorymanager/11.1/admincenter/securityrole/checkrole.md) topic. diff --git a/docs/directorymanager/11.1/admincenter/securityrole/permissions.md b/docs/directorymanager/11.1/admincenter/securityrole/permissions.md deleted file mode 100644 index 62fb8cd026..0000000000 --- a/docs/directorymanager/11.1/admincenter/securityrole/permissions.md +++ /dev/null @@ -1,194 +0,0 @@ -# Security Role – Permissions - -You can allow or deny permissions to a security role on different Directory Manager functions. - -On the Create Security Role/Copy Security Role/Update Security Role page, click **Select what -members can do** in the Permissions area to grant permissions to role members. - -By default, all permissions displayed on the Add Permissions dialog box are denied to the new role. -Select the **Allow** option button for a permission to grant it to the role. To deny a permission, -select the **Deny** option button. After assigning the required permissions, click **OK**. - -Permissions are grouped under the following heads, with each tab representing a different head: - -- Users -- Groups -- Admin Center -- Synchronize -- Password Management -- Miscellaneous -- Container -- Entitlement - -## Users - -User-related permissions apply to all the Directory Manager clients that facilitate user management, -such as the Directory Manager portal and Management Shell. - -Click the **Users** tab on the Add Permissions dialog box. - -Permissions are discussed in the following table: - -| | Permissions | Descriptions | -| --- | -------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------ | -| 1. | Create Mailbox | Enables role members to create mailbox-enabled users. | -| 2. | Manage My Direct Reports | Enables role members to update the properties of their respective direct reports and add/remove them from the membership of groups. | -| 3. | Create Contact | Enables role members to create contact objects. | -| 4. | Create User | Enables role members to create users (both mail-enabled and non-mail enabled). | -| 5. | Delete | Enables role members to delete users from the directory. | -| 6. | Join/Leave on behalf of any user | Enables role members to add/remove any user from the membership of groups. | -| 7. | Join/Leave on behalf of Peer | Enables role members to add/remove their peers from the membership of groups. ‘Peers’ refer to users who report to the same manager as the user. | -| 8. | Manage Any Profile | Enables role members to update the profiles of other users. | -| 9. | Manage My Profile | Enables role members to update their directory profiles. | - -Remember, Generalized permissions override limited permissions. Hence, if Manage My Profile is -denied and Manage Any Profile allowed, role members can manage their own profiles as well. - -## Groups - -Group-related permissions apply to all the Directory Manager clients that facilitate group -management, such as the Directory Manager portal and Management Shell. - -Click the **Groups** tab on the Add Permissions dialog box. - -Permissions are discussed in the following table: - -| | Permissions | Descriptions | -| --- | ------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| 1. | Manage My Groups | Enables role members to modify the groups they own as primary owner, additional owner, and Exchange 2013/2016/2019 additional owner. Role members can update group properties, delete groups, expire groups, and more. | -| 2. | Create Static Group | Enables role members to create static (unmanaged) groups. | -| 3. | Create Smart Group | Enables role members to create Smart Groups and Dynasties (managed groups). | -| 4. | Manage Any Group | Enables role members to update the properties of any group, delete any group, expire any group, and more. | - -Remember, Generalized permissions override limited permissions. So, if Manage My Groups is denied -and Manage Any Group allowed, role members can manage all groups, including their own groups. - -## Admin Center - -To manage permissions for Admin Center, click the **Admin Center** tab on the Add Permissions dialog -box. - -Permissions are discussed in the following table: - -| | Permissions | Descriptions | -| --- | ------------------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| 1. | Create Application | Enables role members to create a new application using the **Applications** node in Admin Center: This permission only allows role members to create an application from scratch. They cannot create an application by copying an existing one or create another instance of an application. | -| 2. | Create Data Source | Enables role members to create data sources for Synchronize jobs. | -| 3. | Create Identity Store | Enables role members to create identity stores in Directory Manager. | -| 4. | Manage Admin Center Settings | Enables role members to manage the following in Admin Center settings: - Add and remove question to the global question pool. - Add, edit, and remove Directory Manager licenses. - Download log files for Directory Manager. These options can be accessed by clicking the **Settings** button at the bottom of the left navigation pane in Admin Center. If this permission is denied, role members can view the question pool, licenses, and dump logs function as read-only. | -| 5. | Manage Application Design Settings | Enables role members to update the design settings for an application in Admin Center. Applications can be accessed using the Applications node in the left pane. If this permission is denied, design settings are displayed to role members as read-only. The Manage Applications permission must be granted to the role as a prerequisite to the Manage Application Design Settings permission. | -| 6. | Manage Application Server Settings | Enables role members to update the server settings for an application in Admin Center. Applications can be accessed using the Applications node in the left pane. If this permission is denied, server settings are displayed to role members as read-only. The Manage Applications permission must be granted to the role as a prerequisite to the Manage Application Server Settings permission. | -| 7. | Manage Applications | Enables role members to do the following using the Applications node in Admin Center: - Create new applications by copying an existing application, deploy instances of an application, and delete an application. - View the already created applications as read-only. If you allow this permission to the role while denying the Manage Application Server Settings and Manage Application Design Settings permissions, role members will not be able to update the server and design settings for an application. These settings will be displayed as read-only. To enable them to update the server and design configurations for an application, this permission must be granted as a prerequisite along with the respective permission(s). | -| 8. | Manage Data Source | Enables role members to update and delete the data sources created for Synchronize jobs. | -| 9. | Manage Entitlement | For an Active Directory identity store: Enables role members to specify and manage file servers for entitlement analysis in an Active Directory identity store. For a Microsoft Entra ID identity store: Enables role members to specify and manage SharePoint sites for entitlement analysis in a Microsoft Entra ID identity store. If this permission is denied, the Entitlement page in identity store properties will be read-only for role members. The Manage Identity Store permission must be granted to the role as a prerequisite to the Manage Entitlement permission. | -| 10. | Manage Identity Store | Enables role members to do the following using the Identity Stores node in Admin Center: - Disable and delete identity stores. - View the properties of identity stores as read-only. To enable role members to define and update identity store properties, you must grant the Manage Identity Store permission along with the following identity store-specific permissions: - Manage Entitlement - Manage Identity Store Configurations - Manage Identity Store General Info - Manage Replication - Manage Scheduling - Manage Security Roles - Manage Workflows If you deny any of the above permissions, the respective area in identity store properties will be read-only. | -| 11. | Manage Identity Store Configurations | Enables role members to manage all the configurations for an identity store. These configurations are displayed when you select the **Configurations** option in identity store properties. If this permission is denied, these configurations will be read-only for role members. The Manage Identity Store permission must be granted to the role as a prerequisite to the Manage Identity Store Configurations permission. | -| 12. | Manage Identity Store General Info | Enables role members to: - Update the general info for an identity store, such as the identity store name and the service account used to connect to the provider. - Include/exclude child domains from replication. - Set DC priority. If this permission is denied, the Identity Store Detail page in identity store properties will be read-only for role members. The Manage Identity Store permission must be granted to the role as a prerequisite to the Manage Identity Store General Info permission. | -| 13. | Manage Identity Store Link | Enables role members to create, update, and delete identity store links. | -| 14. | Manage Notifications Editor | Enables role members to manage the Notification Editor in Admin Center, such as search and edit notification templates. The Notification Editor can be accessed in any of the following ways: - Using the Notification Editor button at the bottom of the left navigation pane in Admin Center. - Using the Notification Editor button on the Notification Queue page. If this permission is denied, the following happens: - The Notification Editor button on the Notification Queue page is disabled. - When launched using the Notification Editor button in the navigation pane, the Notification Editor page is displayed as read-only. | -| 15. | Manage Notifications Queue | Enables role members to manage the notification queue in Admin Center, such as resend and delete queued notifications . The Notification Queue page can be accessed using the Notifications node in the left pane. If this permission is denied, role members can only view the page as read-only. | -| 16. | Manage Replication | Enables role members to manage replication in Directory Manager. Role members will be able to manage the following: - Global replication settings on the Replication page, that can be accessed by clicking the Replication node in Admin Center. - Replication settings for an identity store, that are controlled from within that identity store. - Run replication for an identity store from the identity store card pinned on the Identity Stores page. If this permission is denied, the Replication pages for both global and identity store settings will be read-only, while the replication option will not be available on the identity store card. The Manage Identity Store permission must be granted to the role as a prerequisite to the Manage Replication permission. | -| 17. | Manage SAML | Enables role members to access Authenticate and manage: - Directory Manager as an identity provider - Directory Manager as a service provider | -| 18. | Manage Scheduling | Enables role members to create, update, and delete scheduled jobs for the identity store. If this permission is denied, the Scheduling page in identity store properties will be read-only for role members. The Manage Identity Store permission must be granted to the role as a prerequisite to the Manage Scheduling permission. | -| 19. | Manage Security Roles | Enables role members to manage security roles in the identity store, such as create, update, and delete roles. Role members would also be able to manage policies and permissions for roles. If this permission is denied, security roles and their configurations in identity store properties will be read-only for role members. The Manage Identity Store permission must be granted to the role as a prerequisite to the Manage Security Roles permission. | -| 20. | Manage SMS Gateways | Enables role members to create, update, and delete SMS gateway accounts in Admin Center. If this permission is denied, role members can view the gateway accounts as read-only. | -| 21. | Manage Workflows | Enables role members to manage workflows in the identity store, such as create, update, and delete workflows. Role members can also manage advanced workflow settings for the identity store. If this permission is denied, workflows and related settings in identity store properties will be read-only for role members. The Manage Identity Store permission must be granted to the role as a prerequisite to the Manage Workflows permission. | - -## Synchronize - -To manage permissions for Synchronize in the Directory Manager portal, click the **Synchronize** tab -on the Add Permissions dialog box. - -Permissions are discussed in the following table: - -| | Permissions | Descriptions | -| --- | ------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| 1. | Create Job | Enables role members to create Synchronize jobs and job collections in the identity store. | -| 2. | Delete Job | Enables role members to delete the Synchronize jobs and job collections for which they are the owners. To enable them to delete any job, grant the **View Any Job** permission with this permission. | -| 3. | Edit Job | Enables role members to edit Synchronize jobs and job collections in the identity store, such as change field mappings, apply transformations, update notification options, schedule the job run, and add/remove jobs from a job collection. Role members can only edit the jobs and job collections for which they are the owners. To enable them to edit any job, grant the **View Any Job** permission with this permission. | -| 4. | Run Job | Enables role members to manually run the jobs and job collections for which they are the owners. To enable them to run any job, grant the **View Any Job** permission with this permission. | -| 5. | View Any Job | Enables role members to view a list of all jobs and job collections in the identity store, regardless of whether they are the job owner or not. If you only grant this permission to the role, jobs and job collections will be displayed to role members as read-only. To enable them to edit, delete, or run jobs and job collections, this permission must be granted as a prerequisite along with the respective permission(s). | - -## Password Management - -To manage password reset and account unlock permissions, click the **Password Management** tab on -the Add Permissions dialog box. - -End-users can manage their identity store account passwords and unlock their accounts using the -Directory Manager portal while helpdesk users can reset passwords and unlock accounts for other -users through Admin Center. - -Permissions are discussed in the following table: - -| | Permissions | Descriptions | -| --- | --------------------- | ---------------------------------------------------------------------------------------- | -| 1. | Unlock My Account | Enables role members to unlock their identity store account. | -| 2. | Manage Linked Account | Enables role members to link their accounts that exist in different identity stores. | -| 3. | Change My Password | Enables role members to change their identity store account password. | -| 4. | Reset Any Password | Enables helpdesk users to reset the account password for any user in the identity store. | -| 5. | Reset My Password | Enables role members to reset their identity store account password. | -| 6. | Unenroll | Enables helpdesk users to unenroll a user’s identity store account in Directory Manager. | -| 7. | Unlock Any Account | Enables helpdesk users to unlock the identity store account for any user. | - -Remember, Generalized permissions override limited permissions. For example, if Unlock My Account is -denied and Unlock Any Account allowed, role members can unlock all accounts, including their own. - -## Miscellaneous - -To grant permissions on miscellaneous functions in Directory Manager, click the **Misc** tab on the -Add Permissions dialog box. - -Permissions are discussed in the following table: - -| | Permissions | Descriptions | -| --- | -------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| 1. | Enable Login to Service Provider | Enables role members to log into third-party applications using Directory Manager as an identity provider. | -| 2. | Manage All Requests | Enables roles members to approve/deny workflow requests, even when they are not designated as approvers of those requests. | -| 3. | Manage Report | Enables role members to create, edit, and delete reports for the identity store in the Directory Manager portal. Role members will not be able to view and download the reports. | -| 4. | View and Download Report | Enables role members to view and download the reports generated for the identity store in the Directory Manager portal. | - -## Container - -To manage permissions related to containers in the directory, click the **Container** tab on the Add -Permissions dialog box. - -Permissions are discussed in the following table: - -| | Permissions | Descriptions | -| --- | ---------------- | -------------------------------------------------------------------------------- | -| 1. | Create Container | Enables role members to create new containers in the directory (identity store). | - -## Entitlement - -To grant permissions on entitlements in the Directory Manager portal, click the **Entitlement** tab -on the Add Permissions dialog box. - -For an Active Directory identity store, this tab lists the file servers that have been selected for -permissions analysis on the Entitlement page. Click a file server to manage permissions for it. - -Permissions are discussed in the following table: - -| | Permissions | Descriptions | -| --- | ------------------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| 1. | Permission Set | Select the kind of permission set to grant to role members. - Administrative: Grants all the effective NTFS permissions to role members on all the file server shares. - Basic: Enables role members to navigate within the file server to view shared resources and the permissions assigned on them. You can change the permission set for both Administrative and Basic. Use the toggle button for each of the listed permissions to allow or deny it. | -| 2. | Allow user to navigate to this share | Enables role members to navigate this file server and explore the shared resources along with the permissions assigned on them. If this check box is not selected, role members will be able to view basic information about the file server only. They will not be able to navigate the file server to view the shares and permissions. | -| 3. | Add new user / group | Enables role members to search and select users/groups from the directory and grant permissions to them on one or more shares on the file server. The Type column lists the effective NTFS permissions. While adding users, role members will be able to grant permissions that you enable here. | -| 4. | Modify user / group | Enables role members to update the permissions assigned to users and groups on file server shares. The Type column lists the effective NTFS permissions. Role members will only be able to modify the permissions that you enable here. | -| 5. | Remove user / group | Enables role members to remove users and groups from the permission list of shares on the file server. Removed users and groups will not be able to access the respective share on the file server. | - -For a Microsoft Entra ID identity store, this tab lists the SharePoint sites that have been selected -for permissions analysis on the Entitlement page. Click a site to manage permissions for it. - -Permissions are discussed in the following table: - -| | Permissions | Descriptions | -| --- | ------------------------------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| 1. | Permission Set | Select the kind of permission set to grant to role members. - Administrative: Grants all the effective permissions to role members on all the document libraries in the site. - Basic: Enables role members to navigate within the site to view the document libraries and the permissions assigned on them. You can change the permission set for both Administrative and Basic. Use the toggle button for each of the listed permissions to allow or deny it. | -| 2. | Allow user to navigate to this share | Enables role members to navigate this SharePoint site and explore the document libraries along with the permissions assigned on them. If this check box is not selected, role members will be able to view basic information about the site only. They will not be able to navigate the site to view the document libraries and permissions. | -| 3. | Add new user | Enables role members to search and select users from the directory and grant permissions to them on one or more document libraries in the site. The facility to search and select groups is not available. Groups have to be added from SharePoint. Using Directory Manager, role members can manage group permissions. The Type column lists the effective permissions. While adding users, role members will be able to grant permissions that you enable here. | -| 4. | Modify user / group | Enables role members to update the permissions assigned to users and groups on document libraries in the site. The Type column lists the effective permissions. Role members will only be able to modify the permissions that you enable here. | -| 5. | Remove user / group | Enables role members to remove users and groups from the permission list of document libraries in the site. Removed users and groups will not be able to access the respective document library in the site. | - -NOTE: For more information on role permissions, see the -[User Roles in Microsoft Entra ID and Directory Manager ](/docs/directorymanager/11.1/admincenter/identitystore/advsentraid.md#user-roles-in-microsoft-entra-id-and-directory-manager) -topic. diff --git a/docs/directorymanager/11.1/admincenter/securityrole/policy/overview.md b/docs/directorymanager/11.1/admincenter/securityrole/policy/overview.md deleted file mode 100644 index 15343407f8..0000000000 --- a/docs/directorymanager/11.1/admincenter/securityrole/policy/overview.md +++ /dev/null @@ -1,28 +0,0 @@ -# Security Role Policies - -You can define policies for security roles. Along with role permissions, these policies also control -what role members can do in Directory Manager. - -You can define the following policies for a role: - -- [Group Owners Policy](/docs/directorymanager/11.1/admincenter/securityrole/policy/groupowners.md) -- [Group Name Prefixes](/docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/prefixes.md) -- [New Object Policy](/docs/directorymanager/11.1/admincenter/securityrole/policy/newobject.md) -- [Search Policy](/docs/directorymanager/11.1/admincenter/securityrole/policy/search.md) -- [Authentication Policy for Security Roles](/docs/directorymanager/11.1/admincenter/securityrole/policy/authentication.md) -- [Directory Manage Password Policy ](/docs/directorymanager/11.1/admincenter/securityrole/policy/password.md) -- [Netwrix Password Policy Enforcer Policies](/docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/ppe/overview.md) -- [Helpdesk Policy](/docs/directorymanager/11.1/admincenter/securityrole/policy/helpdesk.md) -- [Synchronize Policy](/docs/directorymanager/11.1/admincenter/securityrole/policy/synchronize.md) -- [Membership Object Type Enforcement Policy](/docs/directorymanager/11.1/admincenter/securityrole/policy/membershipobjecttypeenforcement.md) - -NOTE: For users with multiple roles, the policies specified for the highest priority role apply (see -[Priority](/docs/directorymanager/11.1/admincenter/securityrole/manage.md)). The _[Search Policy](/docs/directorymanager/11.1/admincenter/securityrole/policy/search.md)_, _[New Object Policy](/docs/directorymanager/11.1/admincenter/securityrole/policy/newobject.md)_, -and _[Group Name Prefixes](/docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/prefixes.md)_ policy, -however, apply with respect to all assigned roles. For example, if different search containers are -specified for two different roles of a user, that user can search and view objects in both -containers. See the following topics for additional information on security roles: - -- [Security Roles](/docs/directorymanager/11.1/admincenter/securityrole/overview.md) -- [Create a Security Role](/docs/directorymanager/11.1/admincenter/securityrole/create.md) -- [Manage Security Roles](/docs/directorymanager/11.1/admincenter/securityrole/manage.md) diff --git a/docs/directorymanager/11.1/admincenter/securityrole/policy/password.md b/docs/directorymanager/11.1/admincenter/securityrole/policy/password.md deleted file mode 100644 index 52ec55dcd2..0000000000 --- a/docs/directorymanager/11.1/admincenter/securityrole/policy/password.md +++ /dev/null @@ -1,138 +0,0 @@ -# Directory Manage Password Policy - -Using Directory Manager, you can implement a Password policy (a) for an identity store, (b) for -security roles in an identity store, or (c) both at the identity store and role levels. - -- For an identity store, you can specify rules and restrictions for identity store account - passwords. -- For a security role, you can specify validation checks for passwords that role members create for - their identity store accounts using Directory Manager. Hence, password validation checks are - role-specific - -The Password policy also enables you to manage settings related to security questions and account -lockout for security roles in an identity store. - -What do you want to do? - -- Set Password Restrictions and Rules for an Identity Store -- Define Security Question Settings for a Security Role -- Specify an Authentication Lockout Policy for a Security Role -- Specify Password Validation Checks for a Security Role - -## Set Password Restrictions and Rules for an Identity Store - -See the [Configure Password Options](/docs/directorymanager/11.1/admincenter/identitystore/configure/security/passwordoptions.md) -topic. - -## Define Security Question Settings for a Security Role - -You can specify certain settings related to security questions for user roles in an identity store. -As a result, different roles in an identity store can have different settings for the following: - -- the number of questions role members must select to enroll their account in Directory Manager -- the minimum number of characters an answer should contain - -**To specify settings for security questions:** - -1. In Admin Center, click **Identity Stores** in the left pane. -2. On the **Identity Stores** page, click the ellipsis button for an identity store and select - **Edit**. -3. Click **Security Roles** under **Settings** in the left pane. -4. On the **Security Roles** page, click **Edit** for a security role. -5. On the **Edit Security Role** page, click **Specify policies for the members** in the - **Policies** area. -6. On the **Add Policies** pane, click the **Password** tab. - The following settings in the **Password Policies** area relate to security questions: - - | Setting | Description | - | --------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | - | Number of Questions | The number of security questions role members must select while enrolling their accounts in Directory Manager for multifactor authentication or second factor authentication. The default number is 4. Changing the number of security questions for a role has no impact on already enrolled role members unless they update their security questions information. | - | Minimum Answer Length | The minimum number of characters that a role member must type when saving the answer to a security question at the time of account enrollment. Answers with less than the specified number of characters will not be saved. | - -7. Click **OK**. -8. On the **Edit Security Role** page, click **Update Security Role**. -9. On the **Security Roles** page, click **Save**. - -## Specify an Authentication Lockout Policy for a Security Role - -The authentication lockout policy comes into play when users authenticate for multifactor -authentication and second factor authentication in Directory Manager. The policy controls the -following: - -- The consecutive number of times a role member can provide a wrong value for an authentication type - in Directory Manager, after which authentication is disabled. -- The duration for authentication to remain disabled. - -With authentication disabled, role members cannot sign into Directory Manager. - -NOTE: The authentication lockout policy only disables the user account in Directory Manager. It does -not disable it in the provider, such as Active Directory. - -**To specify an authentication lockout policy:** - -1. In Admin Center, click **Identity Stores** in the left pane. -2. On the **Identity Stores** page, click the ellipsis button for an identity store and select - **Edit**. -3. Click **Security Roles** under **Settings** in the left pane. -4. On the **Security Roles** page, click **Edit** for a security role. -5. On the **Edit Security Role** page, click **Specify policies for the members** in the - **Policies** area. -6. On the **Add Policies** pane, click the **Password** tab. - The following settings in the **Password Policies** area control authentication lockout: - - | | Setting | Description | - | --- | ---------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | - | 1. | Failed Authentication Attempts Threshold | The number of consecutive attempts to provide a wrong value for an authentication type. Authentication is disabled for a user when the number of consecutive unsuccessful attempts by him or her reach the number given here. | - | 2. | Account Locked out Duration | The number of minutes to disable authentication in Directory Manager after consecutive unsuccessful attempts to provide the right value for an authentication type. Note the following: - Authentication is automatically enabled after the specified duration. - Else it is enabled when, during the lockout period, the user correctly enters his or her identity store account credentials to sign into Directory Manager. | - -7. Click **OK**. -8. On the **Edit Security Role** page, click **Update Security Role**. -9. On the **Security Roles** page, click **Save**. - -## Specify Password Validation Checks for a Security Role - -Identity providers have password validation and complexity policies defined, and users must follow -them while creating passwords. With Directory Manager, you can extend these policies. - -Directory Manager enables you to specify password validation checks for a security role in an -identity store. This extended policy applies when: - -- Role members change or reset their identity store account passwords using Directory Manager. -- Administrators or helpdesk members reset the identity store account passwords of role members - using the Helpdesk section in Admin Center. - -The policy does not apply when password is reset using the **Reset Password** option in user -properties in the Directory Manager portal. - -**To specify password validation checks:** - -1. In Admin Center, click **Identity Stores** in the left pane. -2. On the **Identity Stores** page, click the ellipsis button for an identity store and select - **Edit**. -3. Click **Security Roles** under **Settings** in the left pane. -4. On the **Security Roles** page, click **Edit** for a security role. -5. On the **Edit Security Role** page, click **Specify policies for the members** in the - **Policies** area. -6. On the **Add Policies** pane, click the **Password** tab. -7. Password validation settings are listed in the **Password Validation Options** area. Select the - check box for a setting to apply it. - - | | Setting | Descriptions | - | --- | --------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------- | - | 1. | Reject User Name in Password | Prevent role members from creating passwords that contain the user's account name. | - | 2. | Reject Display Name in Password | Prevent role members from creating passwords that contain the user's display name. | - | 3. | Reject First Name in Password | Prevent role members from creating passwords that contain the user's first name. | - | 4. | Reject Last Name in Password | Prevent role members from creating passwords that contain the user's last name. | - | 5. | Reject Number as First Character in Password | Prevent role members from creating passwords that begin with a number. | - | 6. | Reject Number as Last Character in Password | Prevent role members from creating passwords that end with a number. | - | 7. | Reject Consecutive Identical Characters in Password | Prevent role members from creating passwords that contain the consecutive use of identical characters. | - | 8. | Enforce Password History (Domain Policy) | Prevent role members from creating passwords that do not satisfy the password policy for password age/history, as defined for the domain. | - -8. Click **OK**. -9. On the **Edit Security Role** page, click **Update Security Role**. -10. On the **Configure Access Control** page, click **Save**. - -**See Also** - -- [Security Roles](/docs/directorymanager/11.1/admincenter/securityrole/overview.md) -- [Security Role Policies](/docs/directorymanager/11.1/admincenter/securityrole/policy/overview.md) diff --git a/docs/directorymanager/11.1/admincenter/securityrole/policy/search.md b/docs/directorymanager/11.1/admincenter/securityrole/policy/search.md deleted file mode 100644 index e98f077e06..0000000000 --- a/docs/directorymanager/11.1/admincenter/securityrole/policy/search.md +++ /dev/null @@ -1,147 +0,0 @@ -# Search Policy - -The Search policy sets the search scope for the Directory Manager portal and Management Shell. - -By default, any search performed by role members returns objects from all containers in the identity -store. Use the Search policy to: - -- Limit the search scope to one container for role members. -- Designate a criterion to limit the objects that role members can search. - -NOTE: Microsoft Entra ID supports a single container only, so the search scope cannot be restricted -container-wise in a Microsoft Entra ID identity store. - -## How does the Search Policy Work? - -Let’s assume you specify a container, localOU, and set the LDAP filter to (Country=United States\*) -for an Active Directory identity store. Now consider these scenarios: - -- When a role member performs a search, Directory Manager looks up the localOU container and - displays objects with the _Country_ attribute set to _United States_. -- If you specify a container only, a search performed by role members returns all matching objects - residing in that container. -- If you specify an LDAP filter only, a search performed by role members displays objects with the - _Country_ attribute set to _United States_ from all containers in the identity store. - -## Impact of the Search Policy on the Portal - -The Search policy has the following impact on the Directory Manager portal: - -- It determines the groups to display in all group listings, such as those on the **All Groups** and - **My Groups** pages. -- It determines the users to display in user listings, namely **My Direct Reports** and **Disabled - Users**. -- It sets the search scope for the Find dialog box. -- It sets the scope for quick search and advanced search. - -What do you want to do? - -- Set the Search Scope to a Specific Container -- Set the Search Scope to all Containers in the Identity Store -- Designate a Criterion for the Search Scope - -## Set the Search Scope to a Specific Container - -1. In Admin Center, click **Identity Stores** in the left pane. -2. On the **Identity Stores** page, click the ellipsis button for an identity store and select - **Edit**. -3. Click **Security Roles** under **Settings** in the left pane. -4. On the **Security Roles** page, click **Edit** for a security role. -5. On the **Edit Security Role** page, click **Specify policies for the members** in the - **Policies** area. -6. On the **Add Policies** pane, click the **Search** tab. -7. Click **Add** next to **Add Container**. -8. On the **Add Container** dialog box, select a container and click **Add**. - Search performed by role members will display objects from this container and its sub-containers. -9. Click **OK**. -10. On the **Edit Security Role** page, click **Update Security Role**. -11. On the **Security Roles** page, click **Save**. - -NOTE: An advanced setting for the Directory Manager portal, _Search Default_, controls the search -scope of the portal. If its value is "Global Catalog", the container specified here is ignored and -the portal shows objects from the entire directory. See the -[Manage Advanced Settings](/docs/directorymanager/11.1/admincenter/portal/server/advanced.md) topic. - -## Set the Search Scope to all Containers in the Identity Store - -When no container is specified as the search scope for an identity store, search performed by role -members fetches objects from all OUs in the identity store. - -**To set the search scope to all containers:** - -1. In Admin Center, click **Identity Stores** in the left pane. -2. On the **Identity Stores** page, click the ellipsis button or an identity store and select - **Edit.** -3. Click **Security Roles** under **Settings** in the left pane. -4. On the **Security Roles** page, click **Edit** for a security role. -5. On the **Edit Security Role** page, click **Specify policies for the members** in the - **Policies** area. -6. On the **Add Policies** pane, click the **Search** tab. -7. In the **Container** area, click **Remove** for a container to remove it. -8. Click **OK**. -9. On the **Edit Security Role** page, click **Update Security Role**. -10. On the **Security Roles** page, click **Save**. - -## Designate a Criterion for the Search Scope - -When you apply a filter criterion, search performed by role members shows objects that match the -criteria. - -**To designate a criterion:** - -1. In Admin Center, click **Identity Stores** in the left pane. -2. On the **Identity Stores** page, click the ellipsis button for an identity store and select - **Edit**. -3. Click **Security Roles** under **Settings** in the left pane. -4. On the **Security Roles** page, click **Edit** for a security role. -5. On the **Edit Security Role** page, click **Specify policies for the members** in the - **Policies** area. -6. On the **Add Policies** pane, click the **Search** tab. -7. In the **Filters** area, click **Add Filter**. -8. A row is displayed for adding a criterion. - - 1. Select a schema attribute in the first drop-down list (for example, _mail_). - 2. Select an operator in the second drop-down list (for example, _Ends with_). - 3. Enter a value for the schema attribute in the third box (for example, _@Netwrix.com_). - - With this filter, search performed by role members will display objects with email addresses - created on the netwrix.com domain. - -Advanced Filter - -You can also define a query by adding more rows and applying the **AND** or **OR** operator to group -them. - -1. After defining two or more filter expressions, select two or more rows and apply one of these - operators: - (To select a row, click the down arrow next to it and click **Select Row**.) - - - **AND:** to display the objects having the specified values for all attributes. - - **OR:** to display objects having the specified value for any one of the attributes. - - ![search_query](/img/product_docs/directorymanager/11.1/admincenter/securityrole/policy/search_query.webp) - -2. Click the ellipsis button for an applied operator to display the context menu, which has the - following options: - - - **Select Group:** to select all rows that make up the query. - - **Ungroup:** to remove the operator and ungroup the rows. - - **Change to OR:** to change the AND operator to OR and vice versa. - - **Add Clause:** to add a new row for specifying another clause for the query. - - **Delete:** to delete the operator along with all the rows that the operator joins. - - You can also: - - - Click **Tree View** to view a list of all queries defined. - - Click **Preview** to preview the search results that will be displayed with this Search - policy, i.e., with the container and filter settings on the **Search** tab. - - Click **Clear** to clear the **Filter** area. - -3. After defining a filter, click **OK**. -4. On the **Edit Security Role** page, click **Update Security Role**. -5. On the **Security Roles** page, click **Save**. - -**See Also** - -- [Security Roles](/docs/directorymanager/11.1/admincenter/securityrole/overview.md) -- [Security Role Policies](/docs/directorymanager/11.1/admincenter/securityrole/policy/overview.md) diff --git a/docs/directorymanager/11.1/admincenter/securityrole/policy/synchronize.md b/docs/directorymanager/11.1/admincenter/securityrole/policy/synchronize.md deleted file mode 100644 index 79592895eb..0000000000 --- a/docs/directorymanager/11.1/admincenter/securityrole/policy/synchronize.md +++ /dev/null @@ -1,237 +0,0 @@ -# Synchronize Policy - -Using Directory Manager, you can create identity stores for several identity providers (such as -Active Directory and Microsoft Entra ID) as well as create data sources for providers such as files -and databases. These identity stores and data sources can be used as source and destination in -Synchronize jobs. Moreover, all object types with all their attributes in an identity store or data -source are available for use. - -Using the Synchronize policy, you can: - -- Allow or disallow a provider to be used as a source in a Synchronize job - You can apply this - setting to all or specific identity stores/data sources created for the provider. For example, you - may have three data sources created for the MS Excel provider. You can choose to prevent a - security role from using the data sources created for MS Excel as a source, or prevent two of the - three data sources from being used as a source in a Synchronize job. -- Allow or disallow a provider to be used as a destination in a Synchronize job - You can apply this - setting to all or specific identity stores/data sources created for the provider. -- Choose the object types that can be created or synced at the destination using a Synchronize job - - This setting is individually defined for each identity store and data source. -- For each object type in an identity store and data source, specify the attributes that will be - available for mapping the source and destination fields in a Synchronize job - This setting is - individually defined for each object type in an identity store and data source. - -These granular controls enable you to drill down from the provider to the attribute level. - -- You can disallow a provider as a whole, or disallow a specific identity store/data source created - for the provider. -- At the next level, you can disallow certain object type(s) in a specific identity store or data - source built on a provider. -- Further down, you can disallow certain attributes for an object type in a specific identity store - or data source built on a provider. - -What do you want to do? - -- Prevent Role Members from Using a Provider as Source or Destination -- Prevent Role Members from Using an Identity Store or Data Source as Source or Destination -- Prevent Role Members from Manipulating Specific Object Type(s) -- Prevent Role Members from Using Specific Attributes for Mapping - -## Prevent Role Members from Using a Provider as Source or Destination - -When creating or modifying a Synchronize job, users can specify any identity store or data source in -Directory Manager as a source and destination. You can prevent role members from using the identity -stores and data sources build on specific provider(s) in a job. - -**To disallow a provider:** - -1. In Admin Center, click **Identity Stores** in the left pane. -2. On the **Identity Stores** page, click the ellipsis button for an identity store and select - **Edit**. -3. Click **Security Roles** under **Settings** in the left pane. -4. On the **Security Roles** page, click **Edit** for a security role. -5. On the **Edit Security Role** page, click **Specify policies for the members** in the - **Policies** area. -6. On the **Add Policies** pane, click the **Synchronize** tab. - This tab lists the providers that can be used as source and destination in Synchronize jobs. - - **Allow a provider to be used as source and destination:** - - - Select the **Source** check box for a provider to enable role members to use the identity - stores/data sources for the provider as source in Synchronize jobs. - - Select the **Destination** check box for a provider to enable role members to use the identity - stores/data sources for the provider as destination in Synchronize jobs. - - **Disallow a provider to be used as source and destination:** - - - Clear the **Source** check box for a provider to prevent role members from using the identity - stores/data sources for it as source in Synchronize jobs. - - Clear the **Destination** check box for a provider to prevent role members from using the - identity stores/data sources for it as destination in Synchronize jobs. - -7. Click **OK**. -8. On the **Edit Security Role** page, click **Update Security Role**. -9. On the **Security Roles** page, click **Save**. - -NOTE: If you disallow a provider as a source, all Synchronize jobs already using an identity -store/data source for that provider as source will become read-only for role members and they will -not be able to run them. Similarly, if you disallow a provider as a destination, all Synchronize -jobs already using an identity store/data source for that provider as destination will become -read-only for role members and they will not be able to run them. - -## Prevent Role Members from Using an Identity Store or Data Source as Source or Destination - -When creating or modifying a Synchronize job, users can specify any identity store or data source in -Directory Manager as a source and destination. You can prevent role members from using a specific -identity store or data source in a job. - -**To disallow an identity store or data source:** - -1. In Admin Center, click **Identity Stores** in the left pane. -2. On the **Identity Stores** page, click the ellipsis button for an identity store and select - **Edit**. -3. Click **Security Roles** under **Settings** in the left pane. -4. On the **Security Roles** page, click **Edit** for a security role. -5. On the **Edit Security Role** page, click **Specify policies for the members** in the - **Policies** area. -6. On the **Add Policies** pane, click the **Synchronize** tab. -7. Click the plus sign for a provider to get a list of the identity stores or data sources created - for it in Directory Manager. - - **To allow an identity store or data source to be used as source and destination:** - - - Select the **Source** check box for an identity store or data source to enable role members to - use it as source in Synchronize jobs. - - Select the **Destination** check box for an identity store or data source to enable role - members to use it as destination in Synchronize jobs. - - **To disallow an identity store or data source to be used as source and destination:** - - - Clear the **Source** check box for an identity store or data source to prevent role members - from using it as source in Synchronize jobs. - - Clear the **Destination** check box for an identity store or data source to prevent role - members from using it as destination in Synchronize jobs. - -8. Click **OK**. -9. On the **Edit Security Role** page, click **Update Security Role**. -10. On the **Security Roles** page, click **Save**. - -NOTE: If you disallow an identity store or data source as a source, all Synchronize jobs already -using it as source will become read-only for role members and they will not be able to run them. -Similarly, if you disallow an identity store or data source as destination, all Synchronize jobs -already using it as destination will become read-only for role members and they will not be able to -run them. - -## Prevent Role Members from Manipulating Specific Object Type(s) - -Using a Synchronize job, users can create and update different object types from a source to a -destination identity store. For an Active Directory identity store, for example, users can create -and update the following object types: - -- User -- Group -- Contact -- Mail-enabled User -- Mailbox-enabled User -- Linked-Mailbox -- Mail-enabled Contact - -You can disallow any of these object types for an identity store. When that identity store is used -as source or destination in a Synchronize job, role members will not be able to create or update the -disallowed objects at the destination. For example, if you disallow the user object type for -IdentityStore_A, role members will not be able to provision, update and deprovision user objects in -identityStore_A through a Synchronize job. - -NOTE: If you disallow an object type in an identity store or data source, all Synchronize jobs -already using that identity store or data source (either as source or destination) while only -provisioning or updating the disallowed object type, will become read-only for role members and they -will not be able to run them. If a job provisions or updates multiple objects, where the disallowed -object is one of the object types it processes, it will run as usual, except that the disallowed -object will not be processed. -**Example:** Suppose you disallow the mailbox object type in IdentityStore_A, when this identity -store is already used as a destination in a Synchronize job that provisions mailbox objects, then -the job will become read-only for role members and they will not be able to run it. -If IdentityStore_A is used as a source or destination in a Synchronize job that provisions multiple -objects types, then the job will run as usual, except that the mailbox object will not be processed. - -For data sources, you can disallow the following to role members as an alternate to object types: - -- Sheets in an Excel workbook -- Tables in an Access, Oracle, and SQL database -- For ODBC, you can disallow tables in case of an SQL database and sheets in case of Excel -- For text/CSV, this does not apply - -**To disallow object types in an identity store or data source:** - -1. In Admin Center, click **Identity Stores** in the left pane. -2. On the **Identity Stores** page, click the ellipsis button for an identity store and select - **Edit**. -3. Click **Security Roles** under **Settings** in the left pane. -4. On the **Security Roles** page, click **Edit** for a security role. -5. On the **Edit Security Role** page, click **Specify policies for the members** in the - **Policies** area. -6. On the **Add Policies** pane, click the **Synchronize** tab. -7. Click the plus sign for a provider to get a list of the identity stores or data sources created - for it in Directory Manager. -8. Click **Edit Object Policies** for an identity store or data source. The next page displays the - object types that can be created in the identity store. For data sources, it displays alternate - options, such as sheets for Excel and tables for databases. - - - Select the **Allow** check box for an object type to enable role members to use it in a - Synchronize job that uses the particular identity store or data source as source or - destination. - - Clear the **Allow** check box for an object type to prevent role members from using it in a - Synchronize job that uses the particular identity store as source or destination. - -9. Click **OK**. -10. On the **Edit Security Role** page, click **Update Security Role**. -11. On the **Security Roles** page, click **Save**. - -## Prevent Role Members from Using Specific Attributes for Mapping - -A Synchronize job makes use of attribute mapping, where object attributes from the source provider -are mapped to attributes of the destination provider to facilitate data syncing. - -Each object type in an identity store has a different set of attributes. By default, all attributes -of the allowed object types in the source and destination identity stores are available for mapping -in a Synchronize job. You can disallow any number of attributes for an object type in an identity -store, so that the disallowed attributes are not available to role members for mapping. - -For data sources, you can disallow the following to role members as an alternate to object -attributes: - -- Columns in an Excel sheet -- Columns in an Access, Oracle, and SQL table -- For ODBC, you can disallow columns in case of an SQL table and columns in case of an Excel sheet -- For text/CSV, each value in the first row, as separated by the delimiter - -**To disallow attributes for an object type in an identity store or data source:** - -1. In Admin Center, click **Identity Stores** in the left pane. -2. On the **Identity Stores** page, click the ellipsis button for an identity store and select - **Edit**. -3. Click **Security Roles** under **Settings** in the left pane. -4. On the **Security Roles** page, click **Edit** for a security role. -5. On the **Edit Security Role** page, click **Specify policies for the members** in the - **Policies** area. -6. On the **Add Policies** pane, click the **Synchronize** tab. -7. Click the plus sign for a provider to get a list of the identity stores or data sources created - for it in Directory Manager. -8. Click **Edit Object Policies** for an identity store or data source. -9. On the next page, click **Edit Attribute Selection** for an object type. This option is available - for the ‘allowed’ object types only. -10. By default, all attributes are selected on the **Edit Attribute Selection** dialog box. Clear - the check box for an attribute to disallow them to role members. Use the search box to search - and locate the required attributes. When done, click **Save Selection**. - Disallowed attributes will not be available to role members for the object type in the identity - store or data source. When this identity store or data source is used as a source or destination - in a Synchronize job that works with the respective object type, the disallowed attributes will - not be available for mapping. -11. Click **OK**. -12. On the **Edit Security Role** page, click **Update Security Role**. -13. On the **Security Roles** page, click **Save**. - -**See Also** - -- [Security Roles](/docs/directorymanager/11.1/admincenter/securityrole/overview.md) -- [Security Role Policies](/docs/directorymanager/11.1/admincenter/securityrole/policy/overview.md) diff --git a/docs/directorymanager/11.1/admincenter/service/admincenter.md b/docs/directorymanager/11.1/admincenter/service/admincenter.md deleted file mode 100644 index 3a355ba374..0000000000 --- a/docs/directorymanager/11.1/admincenter/service/admincenter.md +++ /dev/null @@ -1,63 +0,0 @@ -# Admin Center - -Admin Center enables administrators to configure settings that are used by different functions of -the application and manage Directory Manager clients. - -When multiple instances of Directory Manager are deployed, a separate Admin Center application is -created for each instance in native IIS. - -## View Admin Center Hosting Details - -Follow the steps to view Admin Center Hosting details. - -Step 1 – In Admin Center, click **Applications** in the left pane. - -Step 2 – On the Applications page, click the **Admin Center** tab. -The tab displays Admin Center hosted in native IIS. When multiple Directory Manager instances have -been deployed, you will find multiple Admin Center cards on this tab page, each card representing a -separate instance. See the -[Elasticsearch Clusters, Nodes, and Directory Manager](overview.md#elasticsearch-clusters-nodes-and-directory-manager) -topic. -For details displayed on an Admin Center card, see the table in the -[View Data Service Details](dataservice/manage.md#view-data-service-details) topic for additional -information. - -You cannot create an Admin Center application or delete an existing one from Admin Center tab. - -## Launch Admin Center - -Follow the steps to launch Admin Center. - -Step 1 – In Admin Center, click **Applications** in the left pane. - -Step 2 – On the Admin Center tab, click **Launch Application** on an Admin Center card. -Provide the Admin Center URL to admin and helpdesk users so they can access it. You can either copy -the URL from the address bar or from Admin Center deployment settings. See the See the -[View the Launch URL for a Service](dataservice/manage.md#view-the-launch-url-for-a-service) topic. - -## Change the Application Display Name - -To change the display name of the Admin Center application, see the -[Change a Service’s Display Name](dataservice/manage.md#change-a-services-display-name) topic. -Replace references to the service with Admin Center. - -## View Deployment Settings - -You can view deployment settings for Admin Center, such as the IIS site that hosts it, the IIS -Application name given to it, and the URL to launch it. - -Follow the steps to view deployment settings. - -Step 1 – In Admin Center, click **Applications** in the left pane. - -Step 2 – On the Admin Center tab, click the ellipsis button on an Admin Center card and select -**Settings**. - -Step 3 – Click **Deployments** under Server Settings. The Deployment Settings page is displayed, -where you can view Admin Center deployment details in native IIS. - -## Configure Event Logging - -To configure file logging and Windows logging for Admin Center, see the -[Specify Log Settings for a Service](dataservice/manage.md#specify-log-settings-for-a-service) topic -for additional information. diff --git a/docs/directorymanager/11.1/admincenter/service/dataservice/create.md b/docs/directorymanager/11.1/admincenter/service/dataservice/create.md deleted file mode 100644 index 49b8ce3e5d..0000000000 --- a/docs/directorymanager/11.1/admincenter/service/dataservice/create.md +++ /dev/null @@ -1,152 +0,0 @@ -# Create a Data Service - -You can create a Data service in native IIS, remote IIS, and Docker. - -## Create a Data Service in Native IIS - -When you deploy a Data service in native IIS, Directory Manager does the following: - -- It creates a directory with the Data service’s name at the following physical path on the - Directory Manager server, and copies the service files from its template directory to the new - service directory: - - `X:\Program Files\Imanami\GroupID 11.0\GroupIDDataService\Inetpub\` - - (X represents the Directory Manager installation drive) - -- It also creates a virtual directory for the service in your desired IIS site. - -The Data service runs within a virtual directory in IIS while the service files are physically -located on disk. - -Follow the to create a Data service. - -Step 1 – In Admin Center, click **Applications** in the left pane. - -Step 2 – Click **Add Application**. - -Step 3 – On the next page, select **Data Service** and click **Next step**. - -Step 4 – On the Create Directory Manager Application page, make sure the **IIS** tile is selected. - -Step 5 – In the Application Name box, enter a unique name for the service or use the default name. -The service is displayed with this name in Directory Manager. - -Step 6 – In the Deployment Name box, enter a deployment name for the service. -The application name and deployment name are displayed on the service card. It is as: - -![Data Service Card](/img/product_docs/directorymanager/11.1/admincenter/service/dataservice/dataservicecard.webp) - -Step 7 – In the IIS Application Name box, enter an IIS deployment name for the service. The name -should be unique for each Data service deployed in IIS. -The IIS application name is used to name the service’s directory in IIS and its physical directory -under `X:\Program Files\Imanami\GroupID 11.0\GroupIDDataService\Inetpub\` on the Directory Manager -server. -(X represents the Directory Manager installation drive) - -Step 8 – In the **IIS Site** drop-down list, select a website to host the service files. -The list displays the websites defined on the local IIS server. GroupIDSite11 is the default -selection. - -Step 9 – In the Service Endpoints area, bind an Elasticsearch service, Replication service, and -Scheduler service with the Data service. - -1. In the Elasticsearch Service drop-down list, select an Elasticsearch service to bind to this Data - service. - The list displays the Elasticsearch services running in the environment. Requests sent to the - Data service for performing a search in the Elasticsearch repository will be carried out through - the Elasticsearch service you select here. -2. On selecting an Elasticsearch service, the Replication Service drop-down list displays the - Replication services running on the same machine as the Elasticsearch service. Select a - Replication service to bind to this Data service. - When a user force runs the replication service (whether globally or for a specific identity - store), a request is sent to the Data service, that is then passed on to the Replication service - bound to that Data service. -3. In the Scheduler Service drop-down list, select a scheduler service to bind to this Data service. - The number of services displayed in the list depends on the number of nodes in Directory Manager - clusters, as each node has its own Scheduler service. - This Data service will send requests to the selected Scheduler service to trigger schedule runs. - -Step 10 – Click **Create Application**. -The Data service is created and displayed on the Data Service tab. - -## Create a Data Service in Remote IIS - -You can deploy a Data service within a site in remote IIS. For this, you need to connect with the -Microsoft IIS Administration API running on the remote IIS machine. - -When you create a Data service in remote IIS, Directory Manager does the following: - -- It creates a virtual directory for the service in a preconfigured site in remote IIS. -- It creates a physical directory for the service in the folder that is mapped to this preconfigured - site. - -The Data service runs within a virtual directory in remote IIS while the service files are -physically located on disk. - -To learn about the remote IIS settings and configurations before deploying a service there, see the -[Prerequisites for Deployments in Remote IIS](/docs/directorymanager/11.1/admincenter/portal/remoteiisprerequisites.md) topic. - -Follow the steps to create a Data service. - -Step 1 – In Admin Center, click **Applications** in the left pane. - -Step 2 – Click **Add Application**. - -Step 3 – On the next page, select **Data Service** and click **Next step**. - -Step 4 – On the Create Directory Manager Application page, select the **Remote IIS** tile. - -Step 5 – In the Application Name box, enter a unique name for the Data service or use the default -name. The Data service is displayed in Directory Manager with this name. - -Step 6 – In the Deployment Name box, enter a deployment name for the service. The application name -and deployment name are displayed on the service card. - -Step 7 – To enter information for API URL, Access Token, Username, Password, IIS Application Name, -and Website, refer to steps 7-11 in the -[Create a Portal in Remote IIS](/docs/directorymanager/11.1/admincenter/portal/create.md#create-a-portal-in-remote-iis) topic. Replace -any reference to the portal with the Data service. - -Step 8 – For entering information in the Service Endpoints area, follow steps 9 in the Create a Data -Service in Native IIS topic. - -Step 9 – Click **Create Application**. -The new Data service is displayed on the Data Service tab. - -## Create a Data Service in Docker - -Directory Manager enables you to deploy a Data service in Docker. For this, you need to connect with -the API running on a Docker deamon in your environment, so that Directory Manager can create a -container for the service there and run the service from within that container. - -For an overview on application deployment in Docker, see the -[Prerequisites for Deployments in Docker](/docs/directorymanager/11.1/admincenter/portal/dockerprerequisites.md) topic. - -NOTE: To host the Data service, Docker daemon should be configured to run Windows containers. - -Follow the steps to create a Data service. - -Step 1 – In Admin Center, click **Applications** in the left pane. - -Step 2 – Click **Add Application**. - -Step 3 – On the next page, select **Data Service** and click **Next step**. - -Step 4 – On the Create Directory Manager Application page, select the **Docker** tile. - -Step 5 – In the Application Name box, enter a unique name for the Data service or use the default -name. The Data service is displayed in Directory Manager with this name. - -Step 6 – In the Deployment Name box, enter a deployment name for the service. The application name -and deployment name are displayed on the service card. - -Step 7 – To enter information for Port, Service URL, and Container Name, refer to steps 7-9 in the -[Create a Portal in Docker](/docs/directorymanager/11.1/admincenter/portal/create.md#create-a-portal-in-docker) topic. Replace any -reference to the portal with the Data service. - -Step 8 – For entering information in the Service Endpoints area, follow step 9 in the Create a Data -Service in Native IIS topic. - -Step 9 – Click **Create Application**. -The Data service is created and displayed on the Data Service tab. diff --git a/docs/directorymanager/11.1/admincenter/service/dataservice/manage.md b/docs/directorymanager/11.1/admincenter/service/dataservice/manage.md deleted file mode 100644 index 1bb4f54fa4..0000000000 --- a/docs/directorymanager/11.1/admincenter/service/dataservice/manage.md +++ /dev/null @@ -1,273 +0,0 @@ -# Manage Data Service Settings - -Data services in Directory Manager are displayed on the **Data Service** tab. A card for a service -displays information such as its name and status. - -You can manage several settings for a service, such as: - -- Change the display name of a service -- Start or stop a service -- Configure file logging for a service -- Delete a service - -## View Data Service Details - -Follow the steps to vew Data Service details. - -Step 1 – In Admin Center, click **Applications** in the left pane. - -Step 2 – On the Applications page, click the **Data Service** tab. The Data Service tab page is -displayed, that lists the default Data service created while configuring Directory Manager and any -other Data service that you have created. - -When multiple Directory Manager instances have been deployed, you will find multiple default Data -services on this tab page, as each instance has its own default Data service. See the -[Elasticsearch Clusters, Nodes, and Directory Manager](/docs/directorymanager/11.1/admincenter/service/overview.md#elasticsearch-clusters-nodes-and-directory-manager) -topic. - -Step 3 – The card for a Data service displays the following information: - -| Info | Description | -| -------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Name | The name given to the service. | -| Deployment Instances | Displays the deployment name of the service and the web server where it is deployed. | -| Status | A service has one of the following statuses: - Running – Indicates that the service is up and running. - Stopped – Indicates that Directory Manager is unable to communicate with the service. To troubleshoot, go to the web server where the service is deployed (IIS, remote IIS, or Docker) and make sure the service is running. - Error – Any issue other than _stopped_ is categorized as _error_. Contact your system administrator to resolve it. | -| Launch Application | Click it to launch the service page. - For a Data service, Replication service, Email service, and Scheduler service, a page is displayed that simply shows the status of the service as _running_, _stopped_, or _error_. - For a Security service, the **GroupID Applications** page is displayed. Performing an action on this page will be carried out through the respective Security service. See the [Access your Applications](/docs/directorymanager/11.1/admincenter/general/accessapplications.md) topic. - For Admin Center, this link launches the Admin Center application. | -| Ellipsis | Click it to launch a shortcut menu with the following options: - Settings – launches the service settings page, where you can manage deployment settings and log settings. - Delete – deletes the service. This option is not available for the default services. | - -## Change a Service’s Display Name - -A service is assigned an application name during creation, which is used as it's display name in -Directory Manager. On changing it, the service is displayed with the new name. - -Follow the steps to change the display name. - -Step 1 – In Admin Center, select **Applications** in the left pane. - -Step 2 – On the Applications page, click the tab for the desired service. For example, click the -**Data Service** tab. - -Step 3 – Click the ellipsis button for a service and select **Settings**. - -Step 4 – In the Application Name box on the General Settings page, enter a new name for the service. - -Step 5 – Click **Save**. - -## Start or Stop a Service - -You can start and stop a service deployed in native IIS, remote IIS, and Docker. When you stop a -service, the following happens: - -- For a native IIS deployment, Directory Manager stops the service’s application pool. -- For a remote IIS deployment, Directory Manager stops the site that hosts the service. -- For a Docker deployment, Directory Manager stops the container where the service is deployed. - -Follow the steps to start or stop a service. - -Step 1 – In Admin Center, select **Applications** in the left pane. - -Step 2 – On the Applications page, click the tab for the desired service. For example, click the -**Data Service** tab. - -Step 3 – Click the ellipsis button for a service and select **Settings**. - -Step 4 – Click **Deployments** under Server Settings. -The Deployment Settings page displays the web server (IIS, remote IIS, or Docker) where the service -is deployed. - -Step 5 – The Select Application Deployment drop-down list displays the deployment name of the -service. - -- When the service is running, Stop is displayed next to it. Click it to stop the service. -- When the service is stopped, Start is displayed next to it. Click it to start the service. - -## View the Launch URL for a Service - -Follow the steps to view the launch URL for a service. - -Step 1 – In Admin Center, select **Applications** in the left pane. - -Step 2 – On the Applications page, click the tab for the desired service. For example, click the -**Data Service** tab. - -Step 3 – Click the ellipsis button for a service and select **Settings**. - -Step 4 – Click **Deployments** under Server Settings. -The Deployment Settings page displays the web server (IIS, remote IIS, or Docker) where the service -is deployed. The Select Application Deployment drop-down list displays the deployment name of the -service. - -Step 5 – The Launch URL box on the Deployment Configurations tab displays the URL. Copy and paste it -in the browser to launch the service. See the table in the View Data Service Details topic to -understand what is displayed with this URL. - -## View the Deployment Settings for a Service - -Follow the steps to view the deployment settings for a service. - -Step 1 – In Admin Center, select **Applications** in the left pane. - -Step 2 – On the Applications page, click the tab for the desired service. For example, click the -**Data Service** tab. - -Step 3 – Click the ellipsis button for a service and select **Settings**. - -Step 4 – Click **Deployments** under Server Settings. -The Deployment Settings page displays the web server (IIS, remote IIS, or Docker) where the service -is deployed. The Select Application Deployment drop-down list displays the deployment name of the -service. - -Step 5 – On the Deployment Configurations tab: - -- For a native IIS deployment, you can view the name of the service application in IIS, the site - where it is hosted, the URL to launch the service page, and any other services that this service - uses. -- For a remote IIS deployment, you can view the Microsoft IIS Administration API URL, access token, - and credentials. You can also view the name of the service application in remote IIS, the site - where it is hosted, the URL to launch the service page, and any other services that this service - uses. -- For a Docker deployment, you can view the port and service URL used to communicate with Docker - engine. You can also view the URL to launch the service page, and any other services that this - service uses. - -## Specify Log Settings for a Service - -Directory Manager uses file logging and Windows logging to monitor events from a service. You can -set the logging level for a service to track a specific set of information for it. - -For details on file logging and Windows logging, see the -[File Logging](/docs/directorymanager/11.1/admincenter/portal/server/log.md#file-logging) and -[Windows Logging](/docs/directorymanager/11.1/admincenter/portal/server/log.md#windows-logging) topics. Replace references to the -portal with the respective service. - -NOTE: Windows logging is not available for Data service and Security service. - -### Change the File Logging Level for a Service - -Follow the steps to change the file logging level for a service. - -Step 1 – In Admin Center, click **Applications** in the left pane. - -Step 2 – On the Applications page, click the tab for the desired service. For example, click the -**Data Service** tab. - -Step 3 – Click the ellipsis button for a service and select **Settings**. - -Step 4 – Click **Deployments** under Server Settings. -The Deployment Settings page displays the web server (IIS, remote IIS, or Docker) where the service -is deployed. The Select Application Deployment drop-down list displays the deployment name of the -service. - -Step 5 – Click the **Logging** tab. - -Step 6 – In the File Logging area, select a logging level for the service in the Log Events -drop-down list. -File logging groups events into different levels, based on the type of information captured. See the -table in the -[Change the File Logging Level for a Portal Instance](/docs/directorymanager/11.1/admincenter/portal/server/log.md#change-the-file-logging-level-for-a-portal-instance)topic -for information on the logging levels. Replace references to the portal with the respective service. - -Step 7 – Click **Save**. - -### Turn off File Logging for a Service - -Follow the steps to turn off file logging for a service. - -Step 1 – In Admin Center, click **Applications** in the left pane. - -Step 2 – On the Applications page, click the tab for the desired service. For example, click the -**Data Service** tab. - -Step 3 – Click the ellipsis button for a service and select **Settings**. - -Step 4 – Click **Deployments** under Server Settings. -The Deployment Settings page displays the web server (IIS, remote IIS, or Docker) where the service -is deployed. The Select Application Deployment drop-down list displays the deployment name of the -service. - -Step 5 – Click the **Logging** tab. - -Step 6 – In the File Logging area, select _Off_ in the Log Events drop-down list. - -Step 7 – Click **Save**. - -### Change the Windows Logging Level for a Service - -Follow the steps to change the Windows logging level for a service. - -Step 1 – In Admin Center, click **Applications** in the left pane. - -Step 2 – On the Applications page, click the tab for the desired service. For example, click the -**Replication Service** tab. - -Step 3 – Click the ellipsis button for a service and select **Settings**. - -Step 4 – Click **Deployments** under Server Settings. -The Deployment Settings page displays the web server (IIS, remote IIS, or Docker) where the service -is deployed. The Select Application Deployment drop-down list displays the deployment name of the -service. - -Step 5 – Click the **Logging** tab. - -Step 6 – In the Windows Logging area, select a logging level for the service in the **Log Events** -drop-down list. -Windows logging groups events into different levels, based on the type of information captured. See -the table in the -[Change the File Logging Level for a Portal Instance](/docs/directorymanager/11.1/admincenter/portal/server/log.md#change-the-file-logging-level-for-a-portal-instance)topic -for information on the logging levels. Replace references to the portal with the respective service. - -Step 7 – Click **Save**. - -### Turn Off Windows Logging for a Service - -Follow the steps to turn off Windows logging for a service. - -Step 1 – In Admin Center, click **Applications** in the left pane. - -Step 2 – On the Applications page, click the tab for the desired service. For example, click the -**Replication Service** tab. - -Step 3 – Click the ellipsis button for a service and select **Settings**. - -Step 4 – Click **Deployments** under Server Settings. -The Deployment Settings page displays the web server (IIS, remote IIS, or Docker) where the service -is deployed. The Select Application Deployment drop-down list displays the deployment name of the -service. - -Step 5 – Click the **Logging** tab. - -Step 6 – In the Windows Logging area, select _Off_ in the Log Events drop-down list. - -Step 7 – Click **Save**. - -## Delete a Data Service - -Deleting a Data service removes the following: - -- For a native IIS deployment: - - - The Data service directory under the following location on the Directory Manager server: - X:\Program Files\Imanami\GroupID 11.0\GroupIDDataService\Inetpub\ - (X represents the Directory Manager installation drive) - - The Data service directory from the website in IIS - -- For a remote IIS deployment: - - - The service's directory in the remote IIS site - - The service's physical directory under the folder mapped to the remote IIS site - -- For a Docker deployment: - - The container created in Docker Engine for the Data service - -Follow the steps to delete a Data service. - -Step 1 – In Admin Center, click **Applications** in the left pane. - -Step 2 – On the **Applications** page, click the **Data Service** tab. - -Step 3 – On the **Data Service** tab page, click the ellipsis button for a Data service and select -**Delete**. - -NOTE: You cannot delete the default Data service. You cannot also delete a Data service that has -been linked with a Directory Manager client, such as the Directory Manager portal. diff --git a/docs/directorymanager/11.1/admincenter/service/dataservice/overview.md b/docs/directorymanager/11.1/admincenter/service/dataservice/overview.md deleted file mode 100644 index 2193d94078..0000000000 --- a/docs/directorymanager/11.1/admincenter/service/dataservice/overview.md +++ /dev/null @@ -1,33 +0,0 @@ -# Data Service - -Admin Center lets you quickly create and deploy a Data service. This service is responsible for core -Directory Manager operations, such as communication with identity providers, communications with the -Directory Manager database, object creation and update, and more. - -You can create multiple Data services; the default service is created while configuring Directory -Manager. - -## The Default Data Service - -While configuring Directory Manager using the Configuration Tool, the administrator can create a -Data service and a Security service in native IIS. - -To deploy these services in native IIS, the Configuration Tool creates and configures a new website -named GroupIDSite11 in IIS. By default, it binds this site to any of the available ports; the -administrator can change it if required. The Data service and Security service directories are -created within GroupIDSite11. - -Admin Center uses the default Data service and Security service; you cannot change this binding. - -To view the default services, see the -[View Data Service Details](manage.md#view-data-service-details) topic. - -## Why Create Multiple Data Services? - -For load balancing and high availability, Directory Manager facilitates you to create and maintain -multiple Data services. While creating a Directory Manager portal, you can choose a Data service to -bind to it. In this way, different portals can use different Data services for improved response -times and load balancing. - -Directory Manager enables you to create and deploy a Data service in any of these web servers: -native IIS, remote IIS, and Docker. diff --git a/docs/directorymanager/11.1/admincenter/service/emailservice.md b/docs/directorymanager/11.1/admincenter/service/emailservice.md deleted file mode 100644 index 8516c29727..0000000000 --- a/docs/directorymanager/11.1/admincenter/service/emailservice.md +++ /dev/null @@ -1,41 +0,0 @@ -# Email Service - -The Email service maintains a queue of all email notification generated by the identity stores in -Directory Manager, and sends them one by one through the SMTP server configured for the respective -identity store. - -When the SMTP server for an identity store is down, notifications stay in the queue, until they are -delivered when the server is up again. Successfully delivered emails are removed from the queue. - -For more on the notification queue, see the -[Manage the Notification Queue](/docs/directorymanager/11.1/admincenter/notification/queue.md) topic. - -## View Email Service Details - -Follow the steps to view Email service details. - -Step 1 – In Admin Center, click **Applications** in the left pane. - -Step 2 – On the **Applications** page, click the **Email Service** tab. -The tab displays the default Email service(s) hosted in native IIS. The number of services displayed -on the tab depend on the number of nodes in all Elasticsearch clusters in your environment, as each -node has its own Email service. On each Directory Manager instance, notifications will be generated -for Directory Manager operations and will be queued in Notification queue. All the deployed services -on each Directory Manager instance will check notification queue every 100 second and will send 10 -notifications in Notification queue for processing. - -See the -[Elasticsearch Clusters, Nodes, and Directory Manager](overview.md#elasticsearch-clusters-nodes-and-directory-manager) -topic for additional information. For details displayed on a service card, see the table in the -[View Data Service Details](dataservice/manage.md#view-data-service-details) topic. - -You cannot create a new Email service or delete the existing one. - -## Manage Email Service Settings - -You can manage the following settings for the Email service: - -- [Change a Service’s Display Name](dataservice/manage.md#change-a-services-display-name) -- [Start or Stop a Service](dataservice/manage.md#start-or-stop-a-service) -- [View the Deployment Settings for a Service](dataservice/manage.md#view-the-deployment-settings-for-a-service) -- [Specify Log Settings for a Service](dataservice/manage.md#specify-log-settings-for-a-service) diff --git a/docs/directorymanager/11.1/admincenter/service/overview.md b/docs/directorymanager/11.1/admincenter/service/overview.md deleted file mode 100644 index 2ced06cd9f..0000000000 --- a/docs/directorymanager/11.1/admincenter/service/overview.md +++ /dev/null @@ -1,91 +0,0 @@ -# Services - -Directory Manager services are long-running, non-UI software applications that operate in the -background and run in their own Windows sessions. They are usually started when you boot the machine -they are hosted on, and are scheduled to run in the background to execute some tasks. You can also -start, pause, and stop them manually. - -Directory Manager relies on a few of its own services and third-party services for different -functions. - -## Directory Manager Services - -The following table discusses Directory Manager services. - -| Service | Description | -| ------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Data service | Directory Manager uses it to perform core operations and to communicate with Microsoft SQL Server for storing and fetching data in the database. | -| Security service | - Authenticates and authorizes users on different Directory Manager functions in accordance with their roles. - Encrypts and decrypts data that Directory Manager Data service stores and fetches from the SQL database. | -| Replication service | Replicates attributes of the group, user, contact, computer, and organizational unit object from the provider (such as Active Directory) to the Elasticsearch repository. In case of multiple Elasticsearch clusters, this service is also responsible for syncing data between clusters. | -| Email service | Maintains a queue of all notification requests generated by identity stores, and sends them one by one. | -| Scheduler service | Initiates schedule runs for scheduled jobs defined in Directory Manager. | - -These services run in the context of specific accounts that are different from the logged-on user or -the default computer account. See the Accounts to Run the Servicestopic for details. - -### Where are these Services Hosted? - -Directory Manager services are hosted on a web server, that could be native IIS, remote IIS, and -Docker. - -You can create multiple Data services and Security services while hosting them on different web -servers. For example, you can host one Data service in native IIS and another in Docker. - -- To launch IIS on a machine, see - [Opening IIS Manager](https://docs.microsoft.com/en-us/previous-versions/iis/6.0-sdk/ms525920(v=vs.90)). - -![in_iis](/img/product_docs/directorymanager/11.1/admincenter/portal/in_iis.webp) - -- To open Docker Desktop on Windows, search for Docker and select Docker Desktop in the search - results. - -![indocker](/img/product_docs/directorymanager/11.1/admincenter/service/indocker.webp) - -## Third-party Services - -Directory Manager requires the following third-party services: - -| Service | Description | -| ------------------------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| SQL Server Browser service | This service fetches the SQL servers present in the environment and displays them on the Database Settings page of the Directory Manager Configuration Tool, where you configure a database for Directory Manager. Moreover, Directory Manager stops when this service stops. | -| Key Distribution Service (KDS) | You must enable the Key Distribution Service (KDS) on the Directory Manager server if you want to use Group Managed Service Accounts (gMSA) in Directory Manager. Directory Manager supports a gMSA in various contexts, such as for the Directory Manager app pool and as service account for an identity store. | -| Elasticsearch service | This service is responsible for searching the Elasticsearch repository to display object listings and search results in Directory Manager. If this service stops, Directory Manager will not work. | - -### Where are these Services Hosted? - -Third-party services are created as Windows services in Windows Services Manager: - -To launch the Services Manager, type ‘ services.msc’ in the Run dialog box and click OK. Here is an -example of services in Windows Services Manager. You can start, stop, disable, and delay a service. - -![inwindowsservicesmanager](/img/product_docs/directorymanager/11.1/admincenter/service/inwindowsservicesmanager.webp) - -## Accounts to Run the Services - -The Directory Manager Configuration Tool enables you to specify the service accounts to use for the -Directory Manager app pool and Windows services. - -| Services | Service Account Description | -| --------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Directory Manager App Pool in IIS | Use a domain account or a Group Managed Service Account (gMSA). The account must be a member of the Administrators group or both the Backup Operators and IIS_IUSRS groups. The account is used to manage the Directory Manager app pool in IIS. Data service, Security service, and the portals run under the app pool. For a Microsoft Entra ID identity store, you can specify a local account (with local administrator rights) in app pool for a machine that is not joined to any domain. | -| Windows services | Use a domain account, system user account, or gMSA. The account must be a member of the Backup Operators group. The account is used to run the Windows services for Directory Manager, as discussed in the Third-party Services topic. | - -## Elasticsearch Clusters, Nodes, and Directory Manager - -When you have multiple Elasticsearch clusters in your environment and each cluster has multiple -nodes, you will notice that for each node in a cluster the following are created. - -- An Admin Center -- A Data service -- A Security service -- A Replication service -- A Scheduler service -- An Email service - -Cluster syncing - -To sync data between clusters, Directory Manager uses the Replication service. You have to enable -data sync for at least one Replication service within a cluster to sync the cluster's data to other -clusters. See the -[Enable Elastic Cluster Syncing](replicationservice.md#enable-elastic-cluster-syncing) topic for -additional information. diff --git a/docs/directorymanager/11.1/admincenter/service/replicationservice.md b/docs/directorymanager/11.1/admincenter/service/replicationservice.md deleted file mode 100644 index 7b077dc2ef..0000000000 --- a/docs/directorymanager/11.1/admincenter/service/replicationservice.md +++ /dev/null @@ -1,75 +0,0 @@ -# Replication Service - -The Replication service replicates the attributes of the following objects from the provider (such -as Active Directory) to the Elasticsearch repository. - -- Group -- User -- Contact -- Computers -- Organizational Unit - -For more on the Replication service, see the -[Elasticsearch and Replication ](/docs/directorymanager/11.1/admincenter/replication/overview.md)topic for additional information. - -The service is also responsible for syncing data between the Elasticsearch clusters in your -environment. - -## View Replication Service Details - -Follow the steps to view Replication Service details. - -Step 1 – In Admin Center, click **Applications** in the left pane. - -Step 2 – On the **Applications** page, click the **Service** tab. -The tab displays the default Replication service hosted in native IIS. When multiple Directory -Manager instances have been deployed, you will find multiple default Replication services on this -tab page, as each instance has its own default Replication service. See the -[Elasticsearch Clusters, Nodes, and Directory Manager](overview.md#elasticsearch-clusters-nodes-and-directory-manager) -topic for additional information. -For details displayed on a service card, see the table in the -[View Data Service Details](dataservice/manage.md#view-data-service-details) topic. - -You cannot create a Replication Service or delete an existing one from Admin Center. - -## Manage Replication Service Settings - -You can manage the following settings for a Replication service. - -- [Change a Service’s Display Name](dataservice/manage.md#change-a-services-display-name) -- [Start or Stop a Service](dataservice/manage.md#start-or-stop-a-service) -- [View the Deployment Settings for a Service](dataservice/manage.md#view-the-deployment-settings-for-a-service) -- [Specify Log Settings for a Service](dataservice/manage.md#specify-log-settings-for-a-service) - -## Enable Elastic Cluster Syncing - -In an environment with multiple Elasticsearch clusters, you can choose to sync data between -clusters. You can also specify an interval for syncing. - -NOTE: In Directory Manager, a separate Replication service is created for each node in a cluster. To -enable data syncing between clusters, simply enable the sync option for one Replications service -within each cluster. - -Follow the steps to sync data between clusters. - -Step 1 – In Admin Center, select **Applications** in the left pane. - -Step 2 – On the Applications page, click the **Replication Service** tab. - -Step 3 – Click the ellipsis button for a service and select **Settings**. - -Step 4 – Click **Configurations** under Server Settings. - -Step 5 – On the Configurations page, enable the **Elastic Cluster Syncing** toggle button to sync -data from all other clusters to the cluster that uses this Replication service. -If this toggle button is disabled for a cluster (say, ClusterA), data from other clusters will not -be synced to ClusterA. -Suppose syncing is disabled for ClusterA but enabled for ClusterB and ClusterC. This means that (a) -data from ClusterB and ClusterC will not be synced to ClusterA (b) data from ClusterA will be synced -to ClusterB and ClusterC. - -Step 6 – You can specify an interval for syncing data. Click **Edit** under Elastic Cluster Syncing -Interval, specify an interval (in seconds) and click the check mark. -By default, the interval is set to 5 seconds. You can specify a maximum interval of 900 seconds. - -Step 7 – Click **Save**. diff --git a/docs/directorymanager/11.1/admincenter/service/schedulerservice.md b/docs/directorymanager/11.1/admincenter/service/schedulerservice.md deleted file mode 100644 index 3ca6f06de4..0000000000 --- a/docs/directorymanager/11.1/admincenter/service/schedulerservice.md +++ /dev/null @@ -1,32 +0,0 @@ -# Scheduler Service - -In Directory Manager, schedules perform different tasks in an identity store. They run at a -specified frequency to auto execute their respective functions. The Scheduler service is responsible -for triggering these schedules at their respective frequency. - -## View Scheduler Service Details - -Follow the steps to view details of Scheduler service. - -Step 1 – In Admin Center, click **Applications** in the left pane. - -Step 2 – On the Applications page, click the **Scheduler Service** tab. - -The tab displays the default Scheduler service(s) hosted in native IIS. The number of services -displayed on the tab depend on the number of nodes in all Elasticsearch clusters in your -environment, as each cluster has its own Scheduler services. See the -[Elasticsearch Clusters, Nodes, and Directory Manager](overview.md#elasticsearch-clusters-nodes-and-directory-manager) -topic for additional information. -For details displayed on a service card, see the table in the -[View Data Service Details](dataservice/manage.md#view-data-service-details) topic. - -You cannot create a new Scheduler service or delete the existing one. - -## Manage Scheduler Service Settings - -You can manage the following settings for a Scheduler service: - -- [Change a Service’s Display Name](dataservice/manage.md#change-a-services-display-name) -- [Start or Stop a Service](dataservice/manage.md#start-or-stop-a-service) -- [View the Deployment Settings for a Service](dataservice/manage.md#view-the-deployment-settings-for-a-service) -- [Specify Log Settings for a Service](dataservice/manage.md#specify-log-settings-for-a-service) diff --git a/docs/directorymanager/11.1/admincenter/service/securityservice/create.md b/docs/directorymanager/11.1/admincenter/service/securityservice/create.md deleted file mode 100644 index 5dcca23195..0000000000 --- a/docs/directorymanager/11.1/admincenter/service/securityservice/create.md +++ /dev/null @@ -1,132 +0,0 @@ -# Create a Security Service - -You can create a Security service in native IIS, remote IIS, and Docker. - -What do you want to do? - -- Create a Security Service in Native IIS -- Create a Security Service in Remote IIS -- Create a Security Service in Docker -- Launch a Security Service - -## Create a Security Service in Native IIS - -When you deploy a Security service in native IIS, Directory Manager does the following: - -- It creates a directory with the Security service’s name at the following physical path on the - Directory Manager server, and copies the service files from its template directory to the new - service directory: - X:\Program Files\Imanami\GroupID 11.0\GroupIDSecurityService\Inetpub\ - (X represents the Directory Manager installation drive) -- It also creates a virtual directory for the service in your desired IIS site. - -The Security service runs within a virtual directory in IIS while the service files are physically -located on disk. - -**To create a Security service:** - -1. In Admin Center, click **Applications** in the left pane. -2. Click **Add Application**. -3. On the next page, select **Security Service** and click **Next step**. -4. On the **Create GroupID Application** page, make sure the **IIS** tile is selected. -5. In the **Application Name** box, enter a name for the service or use the default name. The - Security service is displayed with this name in Directory Manager. -6. In the **Deployment Name** box, enter a deployment name for the service. The application name and - deployment name are displayed on the service card, as shown below: - - ![securityservicecard](/img/product_docs/directorymanager/11.1/admincenter/service/securityservice/securityservicecard.webp) - -7. In the **IIS Application Name** box, enter an IIS deployment name for the service. This name is - used to name the service’s directory in IIS and its physical directory under X:\Program - Files\Imanami\GroupID 11.0\GroupIDSecurityService\Inetpub\ on the Directory Manager server. - (X represents the Directory Manager installation drive) - The IIS application name should be unique for each Security service deployed in IIS. -8. In the **IIS Site** drop-down list, select a website to host the service files. - The list displays the websites defined on the local IIS server. GroupIDSite11 is the default - selection. -9. In the **Data Service** drop-down list, select a Data service to bind to this Security service. - A Security service needs a Data service to perform various tasks, such as authentication and - multifactor authentication. -10. Click **Create Application**. - The Security service is created and displayed on the **Security Service** tab. - -## Create a Security Service in Remote IIS - -You can deploy a Security service within a site in remote IIS. For this, you need to connect with -the Microsoft IIS Administration API running on the remote IIS machine. - -When you create a Data service in remote IIS, Directory Manager does the following: - -- It creates a virtual directory for the service in a preconfigured site in remote IIS. -- It creates a physical directory for the service in the folder that is mapped to this preconfigured - site. - -The Security service runs within a virtual directory in remote IIS while the service files are -physically located on disk. - -To learn about the remote IIS settings and configurations before deploying a service there, see the -[Prerequisites for Deployments in Remote IIS](/docs/directorymanager/11.1/admincenter/portal/remoteiisprerequisites.md) topic. - -**To create a Security service:** - -1. In Admin Center, click **Applications** in the left pane. -2. Click **Add Application**. -3. On the next page select **Security Service** and click **Next step**. -4. On the **Create GroupID Application** page, select the **Remote IIS** tile. -5. In the **Application Name** box, enter a name for the service or use the default name. The - Security service is displayed in Directory Manager with this name. -6. In the **Deployment Name** box, enter a deployment name for the service. The application name and - deployment name are displayed on the service card. -7. To enter information for **API URL**, **Access Token**, **Username**, **Password**, **IIS - Application Name**, and **Website**, refer to steps 7-11 in the - [Create a Portal in Remote IIS](/docs/directorymanager/11.1/admincenter/portal/create.md#create-a-portal-in-remote-iis) topic. - Replace any reference to the portal with the Security service. -8. In the **Data Service** drop-down list, select a Data service to bind to this Security service. - A Security service needs a Data service to perform various tasks, such as authentication and - multifactor authentication. -9. Click **Create Application**. - The Security service is displayed on the **Security Service** tab. - -## Create a Security Service in Docker - -Directory Manager enables you to deploy a Security service in Docker. For this, you need to connect -with the API running on a Docker deamon in your environment, so that Directory Manager can create a -container for the service there and run the service from within that container. - -For an overview on application deployment in Docker, see the -[Prerequisites for Deployments in Docker](/docs/directorymanager/11.1/admincenter/portal/dockerprerequisites.md) topic. - -NOTE: To host the Security service, Docker daemon should be configured to run Windows containers. - -**To create a Security service:** - -1. In Admin Center, click **Applications** in the left pane. -2. Click **Add Application**. -3. On the next page, select **Security Service** and click **Next step**. -4. On the **Create GroupID Application** page, select the **Docker** tile. -5. In the **Application Name** box, enter a name for the Security service or use the default name. - The service is displayed in Directory Manager with this name. -6. In the **Deployment Name** box, enter a deployment name for the service. The application name and - deployment name are displayed on the service card. -7. To enter information for **Port**, **Service URL**, and **Container Name**, refer to steps 7-9 in - the [Create a Portal in Docker](/docs/directorymanager/11.1/admincenter/portal/create.md#create-a-portal-in-docker) topic. Replace - any reference to the portal with the Security service. -8. In the **Data Service** drop-down list, select a Data service to bind to this Security service. - A Security service needs a Data service to perform various tasks, such as authentication and - multifactor authentication. -9. Click **Create Application**. - The Security service is created and displayed on the **Security Service** tab. - -## Launch a Security Service - -1. In Admin Center, select **Applications** in the left pane. -2. On the **Security Service** tab, click **Launch Application** for a service. The **GroupID - Applications** page is displayed. Options on this page are discussed in the - [Access your Applications](/docs/directorymanager/11.1/admincenter/general/accessapplications.md) topic. Any actions you perform - will be carried out through the respective Security service. - -**See Also** - -- [Directory Manage Applications](/docs/directorymanager/11.1/admincenter/portal/applications.md) -- [Services](/docs/directorymanager/11.1/admincenter/service/overview.md) -- [Manage Security Service Settings](/docs/directorymanager/11.1/admincenter/service/securityservice/manage.md) diff --git a/docs/directorymanager/11.1/admincenter/service/securityservice/manage.md b/docs/directorymanager/11.1/admincenter/service/securityservice/manage.md deleted file mode 100644 index 7e07bb96c7..0000000000 --- a/docs/directorymanager/11.1/admincenter/service/securityservice/manage.md +++ /dev/null @@ -1,92 +0,0 @@ -# Manage Security Service Settings - -Security services in Directory Manager are displayed on the **Security Service** tab. A card for a -service displays information such as its name and status. - -You can manage several settings for a service, such as: - -- Change the name of a service -- Start or stop a service -- Configure file logging for a service -- Delete a service - -## View Service Details - -Follow the steps to view the service details. - -Step 1 – In Admin Center, click **Applications** in the left pane. - -Step 2 – On the **Applications** page, click the **Security Service** tab. -The tab displays the default Security service created while configuring Directory Manager and any -other Security service that you have created. When multiple Directory Manager instances have been -deployed, you will find multiple default Security services on this tab page, as each instance has -its own default Security service. See the -[Elasticsearch Clusters, Nodes, and Directory Manager](/docs/directorymanager/11.1/admincenter/service/overview.md#elasticsearch-clusters-nodes-and-directory-manager) -topic for additional information. -For details displayed on a service card, see the table in the -[View Data Service Details](/docs/directorymanager/11.1/admincenter/service/dataservice/manage.md#view-data-service-details) topic. - -## Manage Security Service Settings - -See the [Manage Data Service Settings](/docs/directorymanager/11.1/admincenter/service/dataservice/manage.md) topic to manage settings for a -Security service, such as deployment and log settings. - -## Manage Advanced Settings - -If you have created multiple Security services for load balancing and high availability, the -Advanced Settings option enables the services to share session information. - -Follow the steps to enable communication between multiple Security services. - -Step 1 – In Admin Center, click **Applications** in the left pane. - -Step 2 – On the Applications page, click the **Security Service** tab. -The tab displays the default Security service created while configuring Directory Manager and any -other Security service that you have created. When multiple Directory Manager instances have been -deployed, you will find multiple default Security services on this tab page, as each instance has -its own default Security service. See the -[Elasticsearch Clusters, Nodes, and Directory Manager](/docs/directorymanager/11.1/admincenter/service/overview.md#elasticsearch-clusters-nodes-and-directory-manager) -topics for additional information. -For details displayed on a service card, see the table in the -[View Data Service Details](/docs/directorymanager/11.1/admincenter/service/dataservice/manage.md#view-data-service-details) topic for additional -information. - -Step 3 – Click the **ellipsis button** for a Security service and select **Settings**. - -Step 4 – Select **Advanced Settings** under Server Settings. - -Step 5 – Enable the **Distributed Cache** toggle button to enable communication among defined -Security services. - -Communication between Security services is now enabled. - -## Delete a Security Service - -Deleting a Security service removes the following: - -- **For a native IIS deployment:** - - - The Security service directory under the following location on the Directory Manager server: - X:\Program Files\Imanami\GroupID 11.0\GroupIDSecurityService\Inetpub\ - (X represents the Directory Manager installation drive) - - The Security service directory from the website in IIS - -- **For a remote IIS deployment:** - - - The service's directory in the remote IIS site - - The service's physical directory under the folder mapped to the remote IIS site - -- **For a Docker deployment:** - - The container created in Docker Engine for the Security service - -Follow the steps to delete a Security service. - -Step 1 – In Admin Center, click **Applications** in the left pane. - -Step 2 – On the **Applications** page, click the **Security Service** tab. - -Step 3 – Click the ellipsis button for a Security service and select **Delete**. - -NOTE: You cannot delete the default Security service. You cannot also delete a Security service that -has been linked with a Directory Manager client, such as the Directory Manager portal. diff --git a/docs/directorymanager/11.1/admincenter/service/securityservice/overview.md b/docs/directorymanager/11.1/admincenter/service/securityservice/overview.md deleted file mode 100644 index 0a2814636e..0000000000 --- a/docs/directorymanager/11.1/admincenter/service/securityservice/overview.md +++ /dev/null @@ -1,30 +0,0 @@ -# Security Service - -Admin Center lets you quickly create and deploy a Security service. This web-based service is a -single sign-on implantation for Directory Manager clients. It is responsible for authenticating and -authorizing users on different Directory Manager clients and functionalities in accordance with -their roles. The service also encrypts and decrypts data that Data service stores and fetches from -the Directory Manager database on SQL Server. - -You can create multiple Security services; the default service is created while configuring -Directory Manager. - -## The Default Security Service - -See [The Default Data Service](/docs/directorymanager/11.1/admincenter/service/dataservice/overview.md#the-default-data-service) topic. - -At the time of Directory Manager installation, a generic signing key is assigned to the Directory -Manager Security Service. For security reasons, it is recommended that a unique signing key is used -which is specific to your environment. Using Netwrix Directory Manager (formerly GroupID) Signing -Key Utility you can replace the old signing key with a new key. See the -[Signing Key Utility](/docs/directorymanager/11.1/admincenter/service/securityservice/signkeyutility.md) topic for additional information. - -## Why Create Multiple Security Services? - -See the -[Why Create Multiple Data Services?](/docs/directorymanager/11.1/admincenter/service/dataservice/overview.md#why-create-multiple-data-services) -topic while replacing references to Data service with Security service. After defining multiple -Security services, you can enable communication between them. As a result of their communication, -logged in session-related information persists across multiple Directory Manager clients. See the -[Manage Advanced Settings](manage.md#manage-advanced-settings) section of the -[Manage Security Service Settings](/docs/directorymanager/11.1/admincenter/service/securityservice/manage.md) topics for additional information. diff --git a/docs/directorymanager/11.1/admincenter/setupauth/authenticator.md b/docs/directorymanager/11.1/admincenter/setupauth/authenticator.md deleted file mode 100644 index 821ee99d5d..0000000000 --- a/docs/directorymanager/11.1/admincenter/setupauth/authenticator.md +++ /dev/null @@ -1,31 +0,0 @@ -# Set up Authentication via Authenticator - -Users must install an authenticator app, such as Google Authenticator or Microsoft Authenticator, on -their phones and use it to enroll and authenticate their identity store accounts in Directory -Manager. - -What do you want to do? - -- Enable the Authenticator Authentication Type for an Identity Store -- Enforce Authentication by Authenticator for a Role in an Identity Store - -## Enable the Authenticator Authentication Type for an Identity Store - -The Authenticator authentication type must be enabled for an identity store before it can be used -for second factor authentication and multifactor authentication. - -To enable it, see the [Enable Authentication Types](/docs/directorymanager/11.1/admincenter/identitystore/configure/authtypes.md) topic. - -## Enforce Authentication by Authenticator for a Role in an Identity Store - -To enforce an authentication type, see the -[Enforce Authentication Types for Multifactor Authentication](/docs/directorymanager/11.1/admincenter/securityrole/policy/authentication.md#enforce-authentication-types-for-multifactor-authentication) -topic. - -Role members must use an enforced authentication type for multifactor authentication. When an -authentication type is enabled but not enforced, role members can choose to use it for enrollment -and authentication. - -**See Also** - -- [Authentication Policy](/docs/directorymanager/11.1/admincenter/identitystore/configure/authpolicy.md) diff --git a/docs/directorymanager/11.1/admincenter/setupauth/email.md b/docs/directorymanager/11.1/admincenter/setupauth/email.md deleted file mode 100644 index 99bb309602..0000000000 --- a/docs/directorymanager/11.1/admincenter/setupauth/email.md +++ /dev/null @@ -1,77 +0,0 @@ -# Set up Authentication via Email - -Users can enroll and authenticate their identity store accounts using Email. An email sent to a -user’s email address contains a confirmation code that the user must enter in Directory Manager to -enroll and authenticate their accounts. - -Directory Manager provides a default notification template for enrollment/authentication via email -in various languages. You can change the subject line and the body text in the template for any of -these languages. - -NOTE: Before configuring Email authentication, make sure that an SMTP server is configured for the -identity store. See the [Configure an SMTP Server](/docs/directorymanager/11.1/admincenter/identitystore/configure/smtpserver.md) topic. - -What do you want to do? - -- Enable Email Authentication for an Identity Store -- Modify the Email Template -- Enforce Email Authentication for a Role in an Identity Store - -## Enable Email Authentication for an Identity Store - -The email authentication type must be enabled for an identity store before users can use it for -second factor authentication and multifactor authentication. - -To enable it, see the [Enable Authentication Types](/docs/directorymanager/11.1/admincenter/identitystore/configure/authtypes.md) topic. - -## Modify the Email Template - -You can modify the subject line and body text of the email sent to users. The email contains a -confirmation code that users have to enter in Directory Manager to enroll/authenticate their -accounts. - -**To modify the subject line and body of the email:** - -1. In Admin Center, click **Notification Editor** at the bottom of the left navigation pane. - The **Notification Editor** is displayed. -2. By default, notifications templates are displayed in US English. You can select a different - language to customize notification templates for that language. - - 1. To select a language, click **Filter**. - 2. On the **Filter(s)** dialog box, use the **Locality** drop-down list to select the ISO code - for your required language. - 3. Click **Apply**. - -3. Search for _AccessCodeEmail_ and click **Edit** in the **Actions** column to open it. - - ![accesscode](/img/product_docs/directorymanager/11.1/admincenter/setupauth/accesscode.webp) - -4. You can view the notification content in two distinct modes: - - - _Source Code (HTML)_ - This is the default mode, as shown in the figure above. You can make - changes to the notification template in this mode. - - _Interactive_ - This is the user-friendly, front-end view. Use it to view the email - notification, as it will be sent to users. - -5. Modify and format the text of the email, except the [USER] and [CODE] placeholders. - Directory Manager replaces [USER] with the name of the user and inserts a randomly generated - verification code into the [Code] placeholder. The user must enter this code in Directory Manager - to enroll and authenticate. -6. Click the **Title** tile to change the subject line of the email notification. -7. After making the required changes, click **Save**. -8. Click **Go Back** to return to the **Notification Editor**. - -## Enforce Email Authentication for a Role in an Identity Store - -To enforce an authentication type, see the -[Enforce Authentication Types for Multifactor Authentication](/docs/directorymanager/11.1/admincenter/securityrole/policy/authentication.md#enforce-authentication-types-for-multifactor-authentication) -topic. - -Role members must use an enforced authentication type for multifactor authentication. When an -authentication type is enabled but not enforced, role members can choose to use it for enrollment -and authentication. - -**See Also** - -- [Authentication Policy](/docs/directorymanager/11.1/admincenter/identitystore/configure/authpolicy.md) -- [Customize Notifications](/docs/directorymanager/11.1/admincenter/notification/customize.md) diff --git a/docs/directorymanager/11.1/admincenter/setupauth/mfa.md b/docs/directorymanager/11.1/admincenter/setupauth/mfa.md deleted file mode 100644 index b4549fea08..0000000000 --- a/docs/directorymanager/11.1/admincenter/setupauth/mfa.md +++ /dev/null @@ -1,41 +0,0 @@ -# Configure Multifactor Authentication - -You can define a multifactor authentication (MFA) policy for an identity store. This policy enforces -users to enroll their identity store accounts in Directory Manager using one or more authentication -types. Supported authentication types are discussed in the -[Authentication Policies - A Comparison](/docs/directorymanager/11.1/admincenter/identitystore/configure/authpolicy.md) topic. - -Once enrolled, users must authenticate their identity store accounts using the authentication types -they enrolled with, when they perform any of the following actions in the Directory Manager portal: - -- Reset identity store account passwords -- Unlock their accounts - -Helpdesk users with restricted access also use authentication type(s) to authenticate end-users -before resetting their password or unlocking their identity store account. See the -[Set Restricted Mode](/docs/directorymanager/11.1/admincenter/securityrole/policy/helpdesk.md#set-restricted-mode) topic. - -NOTE: Multifactor authentication defined in Microsoft Entra Admin Center does not integrate with MFA -in Directory Manager. See the -[Multifactor Authentication Policy](/docs/directorymanager/11.1/admincenter/identitystore/advsentraid.md#multifactor-authentication-policy) -topic. - -What do you want to do? - -- Configure Multifactor Authentication - -## Configure Multifactor Authentication - -To configure multifactor authentication for a security role in an identity store, do the following: - -1. Enable one or more authentication types for the identity store. - See the [Enable Authentication Types](/docs/directorymanager/11.1/admincenter/identitystore/configure/authtypes.md) topic for details. -2. Enforce role members to use specific authentication types for multifactor authentication. - See the - [Enforce Authentication Types for Multifactor Authentication](/docs/directorymanager/11.1/admincenter/securityrole/policy/authentication.md#enforce-authentication-types-for-multifactor-authentication) - topic for details. - -See Also - -- [Authentication Policy](/docs/directorymanager/11.1/admincenter/identitystore/configure/authpolicy.md) -- [Configure Second Factor Authentication](/docs/directorymanager/11.1/admincenter/setupauth/sfa.md) diff --git a/docs/directorymanager/11.1/admincenter/setupauth/overview.md b/docs/directorymanager/11.1/admincenter/setupauth/overview.md deleted file mode 100644 index d22001cbad..0000000000 --- a/docs/directorymanager/11.1/admincenter/setupauth/overview.md +++ /dev/null @@ -1,16 +0,0 @@ -# Set Up Authentication Types - -The following topics guide you on how to set up different authentication types for an identity store -and enforce them for a security role. - -- [Set up Authentication via Security Questions](/docs/directorymanager/11.1/admincenter/setupauth/securityquestions.md) -- [SMS Authentication](/docs/directorymanager/11.1/admincenter/identitystore/configure/security/smsauthentication.md) -- [Set up Authentication via Email](/docs/directorymanager/11.1/admincenter/setupauth/email.md) -- [Set up Authentication via Authenticator](/docs/directorymanager/11.1/admincenter/setupauth/authenticator.md) -- [Set up Authentication via Linked Account](/docs/directorymanager/11.1/admincenter/setupauth/linkedaccount.md) -- [Set up Authentication via YubiKey](/docs/directorymanager/11.1/admincenter/setupauth/yubikey.md) -- [Set up Authentication via Windows Hello](/docs/directorymanager/11.1/admincenter/setupauth/windowshello.md) - -**See Also** - -- [Authentication Policy](/docs/directorymanager/11.1/admincenter/identitystore/configure/authpolicy.md) diff --git a/docs/directorymanager/11.1/admincenter/setupauth/securityquestions.md b/docs/directorymanager/11.1/admincenter/setupauth/securityquestions.md deleted file mode 100644 index d331473351..0000000000 --- a/docs/directorymanager/11.1/admincenter/setupauth/securityquestions.md +++ /dev/null @@ -1,58 +0,0 @@ -# Set up Authentication via Security Questions - -Directory Manager provides a list of predefined security questions. This list can be referred to as -the global question pool, as it is available to all identity stores in Directory Manager. You can -add and remove questions to this pool. - -Use the questions from the global pool to create a local pool of security questions for each -identity store. Questions in the local pool are available to identity store users for enrolling with -the security questions authentication type. - -You can also specify the following settings for a user role in an identity store: - -- The number of questions role members must use for enrollment and authentication -- The minimum answer length - -What do you want to do? - -- Modify the Global Question Pool -- Modify the Local Question Pool -- Enable Security Question Authentication for an Identity Store -- Enforce Security Question Authentication for a Role in an Identity Store -- Specify Policies for Security Question Authentication - -## Modify the Global Question Pool - -See the [Manage the Global Question Pool ](/docs/directorymanager/11.1/admincenter/general/globalpool.md)topic. - -## Modify the Local Question Pool - -See the [Manage the Local Question Pool](/docs/directorymanager/11.1/admincenter/identitystore/configure/security/securityquestions.md) -topic. - -## Enable Security Question Authentication for an Identity Store - -The security question authentication type must be enabled for an identity store before users can use -it for second factor authentication and multifactor authentication. - -To enable it, see the [Enable Authentication Types](/docs/directorymanager/11.1/admincenter/identitystore/configure/authtypes.md) topic. - -## Enforce Security Question Authentication for a Role in an Identity Store - -To enforce an authentication type, see the -[Enforce Authentication Types for Multifactor Authentication](/docs/directorymanager/11.1/admincenter/securityrole/policy/authentication.md#enforce-authentication-types-for-multifactor-authentication) -topic. - -Role members must use an enforced authentication type for multifactor authentication. When an -authentication type is enabled but not enforced, role members can choose to use it for enrollment -and authentication. - -## Specify Policies for Security Question Authentication - -See the -[Define Security Question Settings for a Security Role](/docs/directorymanager/11.1/admincenter/securityrole/policy/password.md#define-security-question-settings-for-a-security-role) topic. - -See Also - -- [Authentication Policy](/docs/directorymanager/11.1/admincenter/identitystore/configure/authpolicy.md) -- [Manage the Local Question Pool](/docs/directorymanager/11.1/admincenter/identitystore/configure/security/securityquestions.md) diff --git a/docs/directorymanager/11.1/admincenter/smsgateway/custom/clone.md b/docs/directorymanager/11.1/admincenter/smsgateway/custom/clone.md deleted file mode 100644 index a7a1aa3a4b..0000000000 --- a/docs/directorymanager/11.1/admincenter/smsgateway/custom/clone.md +++ /dev/null @@ -1,23 +0,0 @@ -# ISmsGateway.Clone - -Returns a clone object of the **ISMSGateway** interface. - -**Namespace:** Imanami.PublicInterfaces - -**Assembly:** Imanami.PublicInterfaces.dll - -**Syntax** - -``` -ISmsGateway Clone(); -``` - -**Return Value** - -Type: Imanami.PublicInterfaces.ISmsGateway - -The clone object. - -**See Also** - -- [Implement and Deploy a Custom SMS Gateway](/docs/directorymanager/11.1/admincenter/smsgateway/implementcustom.md) diff --git a/docs/directorymanager/11.1/admincenter/smsgateway/custom/overview.md b/docs/directorymanager/11.1/admincenter/smsgateway/custom/overview.md deleted file mode 100644 index 3a830620f9..0000000000 --- a/docs/directorymanager/11.1/admincenter/smsgateway/custom/overview.md +++ /dev/null @@ -1,36 +0,0 @@ -# ISMSGateway Members - -To define a custom gateway, a list of ISMSGateway members that you must implement are listed below: - -- [ISmsGateway.AccountId](/docs/directorymanager/11.1/admincenter/smsgateway/custom/accountid.md) -- [ISmsGateway.Clone](/docs/directorymanager/11.1/admincenter/smsgateway/custom/clone.md) -- [ISmsGateway.Password](/docs/directorymanager/11.1/admincenter/smsgateway/custom/password.md) -- [ISmsGateway.ProxyDomain](/docs/directorymanager/11.1/admincenter/smsgateway/custom/proxydomain.md) -- [ISmsGateway.ProxyHostName](/docs/directorymanager/11.1/admincenter/smsgateway/custom/proxyhostname.md) -- [ISmsGateway.ProxyPassword](/docs/directorymanager/11.1/admincenter/smsgateway/custom/proxypassword.md) -- [ISmsGateway.ProxyPort](/docs/directorymanager/11.1/admincenter/smsgateway/custom/proxyport.md) -- [ISmsGateway.ProxyUsername](/docs/directorymanager/11.1/admincenter/smsgateway/custom/proxyusername.md) -- [ISmsGateway.SendShortMessage](/docs/directorymanager/11.1/admincenter/smsgateway/custom/sendshortmessage.md) -- [ISmsGateway.TestConnection](/docs/directorymanager/11.1/admincenter/smsgateway/custom/testconnection.md) -- [ISmsGateway.TestCredentials](/docs/directorymanager/11.1/admincenter/smsgateway/custom/testcredentials.md) -- [ISmsGateway.TestProxy](/docs/directorymanager/11.1/admincenter/smsgateway/custom/testproxy.md) -- [ISmsGateway.Url](/docs/directorymanager/11.1/admincenter/smsgateway/custom/url.md) -- [ISmsGateway.UserId](/docs/directorymanager/11.1/admincenter/smsgateway/custom/userid.md) - -- ShortMessage ([ShortMessage class](/docs/directorymanager/11.1/admincenter/smsgateway/custom/shortmessage/class.md)) - - - [ShortMessage.AccessCode](/docs/directorymanager/11.1/admincenter/smsgateway/custom/shortmessage/accesscode.md) - - [ShortMessage.MaxLength](/docs/directorymanager/11.1/admincenter/smsgateway/custom/shortmessage/maxlength.md) - - [ShortMessage.Message](/docs/directorymanager/11.1/admincenter/smsgateway/custom/shortmessage/message.md) - - [ShortMessage.PhoneNumbers](/docs/directorymanager/11.1/admincenter/smsgateway/custom/shortmessage/phonenumbers.md) - - [ShortMessage.ReferenceId](/docs/directorymanager/11.1/admincenter/smsgateway/custom/shortmessage/referenceid.md) - - [ShortMessage.Validate](/docs/directorymanager/11.1/admincenter/smsgateway/custom/shortmessage/validate.md) - -- SendSmsMessageResult ([SendSmsMessageResult class](/docs/directorymanager/11.1/admincenter/smsgateway/custom/sendsmsmessageresult/class.md)) - - [SendSmsMessageResult.ExceptionMessage](/docs/directorymanager/11.1/admincenter/smsgateway/custom/sendsmsmessageresult/exceptionmessage.md) - - [SendSmsMessageResult.Message](/docs/directorymanager/11.1/admincenter/smsgateway/custom/sendsmsmessageresult/message.md) - - [SendSmsMessageResult.Success](/docs/directorymanager/11.1/admincenter/smsgateway/custom/sendsmsmessageresult/success.md) - -**See Also** - -- [Implement and Deploy a Custom SMS Gateway](/docs/directorymanager/11.1/admincenter/smsgateway/implementcustom.md) diff --git a/docs/directorymanager/11.1/admincenter/smsgateway/custom/password.md b/docs/directorymanager/11.1/admincenter/smsgateway/custom/password.md deleted file mode 100644 index 2fcf2b0358..0000000000 --- a/docs/directorymanager/11.1/admincenter/smsgateway/custom/password.md +++ /dev/null @@ -1,23 +0,0 @@ -# ISmsGateway.Password - -Gets or sets the password of the user account registered with the SMS gateway provider. - -**Namespace:** Imanami.PublicInterfaces - -**Assembly:** Imanami.PublicInterfaces.dll - -**Syntax** - -``` -string Password { get; set; } -``` - -**Return Value** - -Type: [System.String](http://msdn.microsoft.com/en-us/library/system.string.aspx) - -The value of the password. - -**See Also** - -- [Implement and Deploy a Custom SMS Gateway](/docs/directorymanager/11.1/admincenter/smsgateway/implementcustom.md) diff --git a/docs/directorymanager/11.1/admincenter/smsgateway/custom/sendshortmessage.md b/docs/directorymanager/11.1/admincenter/smsgateway/custom/sendshortmessage.md deleted file mode 100644 index e38cb7cea9..0000000000 --- a/docs/directorymanager/11.1/admincenter/smsgateway/custom/sendshortmessage.md +++ /dev/null @@ -1,33 +0,0 @@ -# ISmsGateway.SendShortMessage - -Sends text messages to the target mobile phone numbers. - -**Namespace:** Imanami.PublicInterfaces - -**Assembly:** Imanami.PublicInterfaces.dll - -**Syntax** - -``` -SendSmsMessageResult SendShortMessage(ShortMessage shortMessage); -``` - -Parameters - -**ShortMessage** - -Type: Imanami.directorymanager.DataTransferObjects.DataContracts.SMS.ShortMessage - -The object defining the message elements including the target mobile phone numbers. - -**Return Value** - -Type: Imanami.directorymanager.DataTransferObjects.DataContracts.SMS.SendSmsMessageResult - -The object containing the message delivery status and exception details. - -See Also - -- [ShortMessage class](/docs/directorymanager/11.1/admincenter/smsgateway/custom/shortmessage/class.md) -- [SendSmsMessageResult class](/docs/directorymanager/11.1/admincenter/smsgateway/custom/sendsmsmessageresult/class.md) -- [Implement and Deploy a Custom SMS Gateway](/docs/directorymanager/11.1/admincenter/smsgateway/implementcustom.md) diff --git a/docs/directorymanager/11.1/admincenter/smsgateway/custom/sendsmsmessageresult/class.md b/docs/directorymanager/11.1/admincenter/smsgateway/custom/sendsmsmessageresult/class.md deleted file mode 100644 index 390598b965..0000000000 --- a/docs/directorymanager/11.1/admincenter/smsgateway/custom/sendsmsmessageresult/class.md +++ /dev/null @@ -1,20 +0,0 @@ -# SendSmsMessageResult class - -Returns the message delivery status (success or failure) and exceptions (if any) that occur while -sending the text message to the target mobile phone numbers. - -Following is a list of its members with description: - -- [SendSmsMessageResult.ExceptionMessage](/docs/directorymanager/11.1/admincenter/smsgateway/custom/sendsmsmessageresult/exceptionmessage.md) -- [SendSmsMessageResult.Message](/docs/directorymanager/11.1/admincenter/smsgateway/custom/sendsmsmessageresult/message.md) -- [SendSmsMessageResult.Success](/docs/directorymanager/11.1/admincenter/smsgateway/custom/sendsmsmessageresult/success.md) - -| Member | Description | -| ------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------- | -| ExceptionMessage property | Gets the exception message if one occurs while sending the text message. | -| Message property | Returns the [ShortMessage class](/docs/directorymanager/11.1/admincenter/smsgateway/custom/shortmessage/class.md) object processed by the [ISmsGateway.SendShortMessage](/docs/directorymanager/11.1/admincenter/smsgateway/custom/sendshortmessage.md) method. | -| Success property | Returns a boolean value indicating whether the text message is successfully sent to the target mobile phone numbers. | - -**See Also** - -- [ISMSGateway Members](/docs/directorymanager/11.1/admincenter/smsgateway/custom/overview.md) diff --git a/docs/directorymanager/11.1/admincenter/smsgateway/custom/sendsmsmessageresult/exceptionmessage.md b/docs/directorymanager/11.1/admincenter/smsgateway/custom/sendsmsmessageresult/exceptionmessage.md deleted file mode 100644 index b2985d154e..0000000000 --- a/docs/directorymanager/11.1/admincenter/smsgateway/custom/sendsmsmessageresult/exceptionmessage.md +++ /dev/null @@ -1,23 +0,0 @@ -# SendSmsMessageResult.ExceptionMessage - -Gets the exception message if one occurs while sending SMS. - -**Namespace:** Imanami.directorymanager.DataTransferObjects.DataContracts.SMS - -**Assembly:** Imanami.directorymanager.DataTransferObjects.dll - -**Syntax** - -``` -public string ExceptionMessage -``` - -**Return Value** - -Type: [System.String](http://msdn.microsoft.com/en-us/library/system.string.aspx) - -The exception details. - -See Also - -- [SendSmsMessageResult class](/docs/directorymanager/11.1/admincenter/smsgateway/custom/sendsmsmessageresult/class.md) diff --git a/docs/directorymanager/11.1/admincenter/smsgateway/custom/sendsmsmessageresult/message.md b/docs/directorymanager/11.1/admincenter/smsgateway/custom/sendsmsmessageresult/message.md deleted file mode 100644 index c8730b2f10..0000000000 --- a/docs/directorymanager/11.1/admincenter/smsgateway/custom/sendsmsmessageresult/message.md +++ /dev/null @@ -1,26 +0,0 @@ -# SendSmsMessageResult.Message - -Returns the [ShortMessage class](/docs/directorymanager/11.1/admincenter/smsgateway/custom/shortmessage/class.md) object processed by the -[ISmsGateway.SendShortMessage](/docs/directorymanager/11.1/admincenter/smsgateway/custom/sendshortmessage.md) method. - -**Namespace:** Imanami.directorymanager.DataTransferObjects.DataContracts.SMS - -**Assembly:** Imanami.directorymanager.DataTransferObjects.dll - -**Syntax** - -``` -public ShortMessage Message; -``` - -**Return Value** - -Type: Imanami.directorymanager.DataTransferObjects.DataContracts.SMS.ShortMessage - -Object containing elements of the text message. - -See Also - -- [SendSmsMessageResult class](/docs/directorymanager/11.1/admincenter/smsgateway/custom/sendsmsmessageresult/class.md) -- [ShortMessage class](/docs/directorymanager/11.1/admincenter/smsgateway/custom/shortmessage/class.md) -- [Implement and Deploy a Custom SMS Gateway](/docs/directorymanager/11.1/admincenter/smsgateway/implementcustom.md) diff --git a/docs/directorymanager/11.1/admincenter/smsgateway/custom/sendsmsmessageresult/success.md b/docs/directorymanager/11.1/admincenter/smsgateway/custom/sendsmsmessageresult/success.md deleted file mode 100644 index fe49382d04..0000000000 --- a/docs/directorymanager/11.1/admincenter/smsgateway/custom/sendsmsmessageresult/success.md +++ /dev/null @@ -1,24 +0,0 @@ -# SendSmsMessageResult.Success - -Returns a boolean value indicating whether the text message is successfully sent to the target -mobile phone numbers. - -**Namespace:** Imanami.directorymanager.DataTransferObjects.DataContracts.SMS - -**Assembly:** Imanami.directorymanager.DataTransferObjects.dll - -**Syntax** - -``` -public bool Success; -``` - -**Return Value** - -Type: [System.Boolean](http://msdn.microsoft.com/en-us/library/system.boolean.aspx) - -True if the message is delivered successfully. - -See Also - -- [SendSmsMessageResult class](/docs/directorymanager/11.1/admincenter/smsgateway/custom/sendsmsmessageresult/class.md) diff --git a/docs/directorymanager/11.1/admincenter/smsgateway/custom/shortmessage/accesscode.md b/docs/directorymanager/11.1/admincenter/smsgateway/custom/shortmessage/accesscode.md deleted file mode 100644 index 9c1279a46a..0000000000 --- a/docs/directorymanager/11.1/admincenter/smsgateway/custom/shortmessage/accesscode.md +++ /dev/null @@ -1,23 +0,0 @@ -# ShortMessage.AccessCode - -Gets or sets the confirmation code that will be sent to registered mobile phone users. - -**Namespace:** Imanami.directorymanager.DataTransferObjects.DataContracts.SMS - -**Assembly:** Imanami.directorymanager.DataTransferObjects.dll - -**Syntax** - -``` -public string AccessCode { get; set; } -``` - -**Return Value** - -Type: [System.String](http://msdn.microsoft.com/en-us/library/system.string.aspx) - -The confirmation code. - -See Also - -- [ShortMessage class](/docs/directorymanager/11.1/admincenter/smsgateway/custom/shortmessage/class.md) diff --git a/docs/directorymanager/11.1/admincenter/smsgateway/custom/shortmessage/class.md b/docs/directorymanager/11.1/admincenter/smsgateway/custom/shortmessage/class.md deleted file mode 100644 index 3054275ec0..0000000000 --- a/docs/directorymanager/11.1/admincenter/smsgateway/custom/shortmessage/class.md +++ /dev/null @@ -1,25 +0,0 @@ -# ShortMessage class - -ShortMessage is a DTO (Data Transfer Object) class that defines the elements of the text message. - -Following is a list of its members with description: - -- [ShortMessage.AccessCode](/docs/directorymanager/11.1/admincenter/smsgateway/custom/shortmessage/accesscode.md) -- [ShortMessage.MaxLength](/docs/directorymanager/11.1/admincenter/smsgateway/custom/shortmessage/maxlength.md) -- [ShortMessage.Message](/docs/directorymanager/11.1/admincenter/smsgateway/custom/shortmessage/message.md) -- [ShortMessage.PhoneNumbers](/docs/directorymanager/11.1/admincenter/smsgateway/custom/shortmessage/phonenumbers.md) -- [ShortMessage.ReferenceId](/docs/directorymanager/11.1/admincenter/smsgateway/custom/shortmessage/referenceid.md) -- [ShortMessage.Validate](/docs/directorymanager/11.1/admincenter/smsgateway/custom/shortmessage/validate.md) - -| Member | Description | -| ----------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------- | -| [ShortMessage.AccessCode](/docs/directorymanager/11.1/admincenter/smsgateway/custom/shortmessage/accesscode.md) property | Gets or sets the confirmation code that will be sent to registered mobile phone users. | -| [ShortMessage.MaxLength](/docs/directorymanager/11.1/admincenter/smsgateway/custom/shortmessage/maxlength.md) property | Defines the maximum length of an SMS message. | -| [ShortMessage.Message](/docs/directorymanager/11.1/admincenter/smsgateway/custom/shortmessage/message.md) property | Gets or sets the supporting message text that will be sent to registered mobile phone users along with the confirmation code. | -| [ShortMessage.PhoneNumbers](/docs/directorymanager/11.1/admincenter/smsgateway/custom/shortmessage/phonenumbers.md) property | Gets or sets the list of phone numbers to send the message to. | -| [ShortMessage.ReferenceId](/docs/directorymanager/11.1/admincenter/smsgateway/custom/shortmessage/referenceid.md) property | Gets or sets the reference ID for the text message. | -| [ShortMessage.Validate](/docs/directorymanager/11.1/admincenter/smsgateway/custom/shortmessage/validate.md) method | Validates various elements in an SMS message, such as message length and phone number. | - -**See Also** - -- [ISMSGateway Members](/docs/directorymanager/11.1/admincenter/smsgateway/custom/overview.md) diff --git a/docs/directorymanager/11.1/admincenter/smsgateway/custom/shortmessage/message.md b/docs/directorymanager/11.1/admincenter/smsgateway/custom/shortmessage/message.md deleted file mode 100644 index b5bbd8edad..0000000000 --- a/docs/directorymanager/11.1/admincenter/smsgateway/custom/shortmessage/message.md +++ /dev/null @@ -1,24 +0,0 @@ -# ShortMessage.Message - -Gets or sets the supporting message text that will be sent to registered mobile phone users along -with the confirmation code. - -**Namespace:** Imanami.directorymanager.DataTransferObjects.DataContracts.SMS - -**Assembly:** Imanami.directorymanager.DataTransferObjects.dll - -**Syntax** - -``` -public string Message { get; set; } -``` - -**Return Value** - -Type: [System.String](http://msdn.microsoft.com/en-us/library/system.string.aspx) - -The message text. - -See Also - -- [ShortMessage class](/docs/directorymanager/11.1/admincenter/smsgateway/custom/shortmessage/class.md) diff --git a/docs/directorymanager/11.1/admincenter/smsgateway/custom/shortmessage/phonenumbers.md b/docs/directorymanager/11.1/admincenter/smsgateway/custom/shortmessage/phonenumbers.md deleted file mode 100644 index 95306815b6..0000000000 --- a/docs/directorymanager/11.1/admincenter/smsgateway/custom/shortmessage/phonenumbers.md +++ /dev/null @@ -1,24 +0,0 @@ -# ShortMessage.PhoneNumbers - -Gets or sets the list of mobile phone numbers to send the message to. - -**Namespace:** Imanami.directorymanager.DataTransferObjects.DataContracts.SMS - -**Assembly:** Imanami.directorymanager.DataTransferObjects.dll - -**Syntax** - -``` -public List PhoneNumbers { get; set; } -``` - -**Return Value** - -Type: -[](http://msdn.microsoft.com/en-us/library/system.string.aspx)[System.Collection.Generic.List(of T)](http://msdn.microsoft.com/en-us/library/6sh2ey19.aspx) - -A list of mobile phone numbers. - -See Also - -- [ShortMessage class](/docs/directorymanager/11.1/admincenter/smsgateway/custom/shortmessage/class.md) diff --git a/docs/directorymanager/11.1/admincenter/smsgateway/custom/shortmessage/referenceid.md b/docs/directorymanager/11.1/admincenter/smsgateway/custom/shortmessage/referenceid.md deleted file mode 100644 index ecfc0b0105..0000000000 --- a/docs/directorymanager/11.1/admincenter/smsgateway/custom/shortmessage/referenceid.md +++ /dev/null @@ -1,23 +0,0 @@ -# ShortMessage.ReferenceId - -Gets or sets the reference ID for the text message. - -**Namespace:** Imanami.directorymanager.DataTransferObjects.DataContracts.SMS - -**Assembly:** Imanami.directorymanager.DataTransferObjects.dll - -**Syntax** - -``` -public string ReferenceId { get; set; } -``` - -**Return Value** - -Type: [System.String](http://msdn.microsoft.com/en-us/library/system.string.aspx) - -The reference ID for the text message. - -See Also - -- [ShortMessage class](/docs/directorymanager/11.1/admincenter/smsgateway/custom/shortmessage/class.md) diff --git a/docs/directorymanager/11.1/admincenter/smsgateway/custom/testconnection.md b/docs/directorymanager/11.1/admincenter/smsgateway/custom/testconnection.md deleted file mode 100644 index d66617e153..0000000000 --- a/docs/directorymanager/11.1/admincenter/smsgateway/custom/testconnection.md +++ /dev/null @@ -1,23 +0,0 @@ -# ISmsGateway.TestConnection - -Tests your connection with the SMS gateway. - -**Namespace:** Imanami.PublicInterfaces - -**Assembly:** Imanami.PublicInterfaces.dll - -**Syntax** - -``` -bool TestConnection(); -``` - -**Return Value** - -Type: [System.Boolean](http://msdn.microsoft.com/en-us/library/system.boolean.aspx) - -True if a connection is established with the SMS gateway. - -**See Also** - -- [Implement and Deploy a Custom SMS Gateway](/docs/directorymanager/11.1/admincenter/smsgateway/implementcustom.md) diff --git a/docs/directorymanager/11.1/admincenter/smsgateway/custom/testcredentials.md b/docs/directorymanager/11.1/admincenter/smsgateway/custom/testcredentials.md deleted file mode 100644 index 23fdc49bc7..0000000000 --- a/docs/directorymanager/11.1/admincenter/smsgateway/custom/testcredentials.md +++ /dev/null @@ -1,23 +0,0 @@ -# ISmsGateway.TestCredentials - -Tests the credentials for communicating with the SMS gateway for validity. - -**Namespace:** Imanami.PublicInterfaces - -**Assembly:** Imanami.PublicInterfaces.dll - -**Syntax** - -``` -bool TestCredentials(); -``` - -**Return Value** - -Type: [System.Boolean](http://msdn.microsoft.com/en-us/library/system.boolean.aspx) - -True if the credentials are valid. - -**See Also** - -- [Implement and Deploy a Custom SMS Gateway](/docs/directorymanager/11.1/admincenter/smsgateway/implementcustom.md) diff --git a/docs/directorymanager/11.1/admincenter/smsgateway/custom/testproxy.md b/docs/directorymanager/11.1/admincenter/smsgateway/custom/testproxy.md deleted file mode 100644 index 9640867d00..0000000000 --- a/docs/directorymanager/11.1/admincenter/smsgateway/custom/testproxy.md +++ /dev/null @@ -1,23 +0,0 @@ -# ISmsGateway.TestProxy - -Tests the proxy settings. - -**Namespace:** Imanami.PublicInterfaces - -**Assembly:** Imanami.PublicInterfaces.dll - -**Syntax** - -``` -bool TestProxy(); -``` - -**Return Value** - -Type: [System.Boolean](http://msdn.microsoft.com/en-us/library/system.boolean.aspx) - -True if the proxy settings are valid. - -**See Also** - -- [Implement and Deploy a Custom SMS Gateway](/docs/directorymanager/11.1/admincenter/smsgateway/implementcustom.md) diff --git a/docs/directorymanager/11.1/admincenter/smsgateway/implementcustom.md b/docs/directorymanager/11.1/admincenter/smsgateway/implementcustom.md deleted file mode 100644 index 0e2613b649..0000000000 --- a/docs/directorymanager/11.1/admincenter/smsgateway/implementcustom.md +++ /dev/null @@ -1,104 +0,0 @@ -# Implement and Deploy a Custom SMS Gateway - -You can integrate with additional SMS gateways using the Custom Gateway API. After creating a -gateway, you can add an account for it. See the -[Create an SMS Gateway Account](manage.md#create-an-sms-gateway-account) topic. - -What do you want to do? - -- Implement a Custom SMS Gateway -- Deploy a Custom SMS Gateway - -## Implement a Custom SMS Gateway - -1. Define a class that implements the **ISMSGateway interface** which is defined in the - **Imanami.PublicInterfaces** namespace (_Imanami.PublicInterfaces.dll_). The core method for - dispatching text messages makes use of objects that are defined in the - **Imanami.directorymanager.DataTransferObjects.DataContracts.SMS** namespace - (_Imanami.directorymanager.DataTransferObjects.dll_). - The DLLs for both the namespaces are available at the Directory Manager installation directory. A - list of **ISMSGateway members** that you must implement are discussed in the following table: - - | Member | Description | - | ----------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | - | [ISmsGateway.SendShortMessage](/docs/directorymanager/11.1/admincenter/smsgateway/custom/sendshortmessage.md) method | Takes as input the [ShortMessage class](/docs/directorymanager/11.1/admincenter/smsgateway/custom/shortmessage/class.md) object, which defines elements of the text message, sends messages to the target recipients, and returns the [SendSmsMessageResult class](/docs/directorymanager/11.1/admincenter/smsgateway/custom/sendsmsmessageresult/class.md) object, which contains  message delivery status and exception details | - | [ISmsGateway.TestCredentials](/docs/directorymanager/11.1/admincenter/smsgateway/custom/testcredentials.md) method | Returns a boolean value indicating whether the credentials for communicating with the SMS gateway are valid. | - | [ISmsGateway.TestConnection](/docs/directorymanager/11.1/admincenter/smsgateway/custom/testconnection.md) method | Returns a boolean value indicating whether the connection with the SMS gateway is established successfully. | - | [ISmsGateway.TestProxy](/docs/directorymanager/11.1/admincenter/smsgateway/custom/testproxy.md) method | Returns a boolean value informing whether the given proxy setting are valid. | - | [ISmsGateway.Clone](/docs/directorymanager/11.1/admincenter/smsgateway/custom/clone.md) method | Returns the member-wise clone of the ISMSGateway interface. | - | [ISmsGateway.AccountId](/docs/directorymanager/11.1/admincenter/smsgateway/custom/accountid.md) property | Gets or sets the account ID for connecting to the SMS gateway. | - | [ISmsGateway.Password](/docs/directorymanager/11.1/admincenter/smsgateway/custom/password.md) property | Gets or sets the password of the user name assigned by the SMS gateway provider. | - | [ISmsGateway.Url](/docs/directorymanager/11.1/admincenter/smsgateway/custom/url.md) property | Gets or sets the URL that the SMS gateway provides for sending messages. | - | [ISmsGateway.UserId](/docs/directorymanager/11.1/admincenter/smsgateway/custom/userid.md) property | Gets or sets the user name assigned to you by the SMS gateway provider. | - | [ISmsGateway.ProxyHostName](/docs/directorymanager/11.1/admincenter/smsgateway/custom/proxyhostname.md) property | Gets or sets the host name of the proxy server. | - | [ISmsGateway.ProxyPort](/docs/directorymanager/11.1/admincenter/smsgateway/custom/proxyport.md) property | Gets or sets the port number used by the proxy server. | - | [ISmsGateway.ProxyUsername](/docs/directorymanager/11.1/admincenter/smsgateway/custom/proxyusername.md) property | Gets or set the user name for connecting to the proxy server. | - | [ISmsGateway.ProxyPassword](/docs/directorymanager/11.1/admincenter/smsgateway/custom/proxypassword.md) property | Gets or sets the password of the user account that will be used for connecting to the proxy server. | - | [ISmsGateway.ProxyDomain](/docs/directorymanager/11.1/admincenter/smsgateway/custom/proxydomain.md) property | Gets or sets the domain name or IP address of the proxy server. | - -2. Reference **System.ComponentModel.Composition** - (_System.ComponentModel.Composition.dll_). - - This namespace is required as the **ISMSGateway** is built on top of Microsoft Extensibility - Framework (MEF) and at the core uses it for most of its functionality. - -## Deploy a Custom SMS Gateway - -After you have implemented all members of the **ISMSGateway** interface for your custom SMS gateway, -you must add to it the metadata for the MEF's importing interface. This metadata contains basic -attributes that define the custom gateway assembly. - -### Adding the MEF Exporting Interface - -The following example code shows how to set the SMS gateways basic, defining attributes. You must -add these attributes before the class definition. - -``` -namespace ClickatellCustomSMSGateway  -{ -/// Exporting interface of ISMSGateway  -[Export(typeof(ISmsGateway))]  -/// The syntax of initializing the meta data attributes  -// [SMSGatewayMetadataAttribute ( AccountIdRequired=Is Account ID required by the SMS Gateway? Possible values can be true or False,  -// Description = "a description of the Custom SMS Gateway",  -// Name="Name by which the SMS Gateway should appear in GroupID Management Console",  -// PasswordRequired= Does the SMS Gateway require a password for connecting with it? Possible values can be true or False,  -// UserIdRequired=Does the SMS Gateway require a user ID for connecting with it? Possible values can be true or False,       -// UrlRequired=Does the SMS Gateway expose some URL for sending text messages? Possible values can be true or False,  -// ProxyDomainRequired=Does a proxy domain require for communicating with the SMS Gateway? Possible values can be true or False,       -// ProxyHostNameRequired=Is proxy host name required for connecting with the proxy server? Possible values can be true or False,  -// ProxyPasswordRequired=Does the proxy server require a password for connecting with it? Possible values can be true or False,       -// ProxyPortRequired=Does the port number required for connecting with the proxy server? Possible values can be true or False,  -// ProxyUsernameRequired=Does the proxy server require a user name for connecting with it? Possible values can be true or False,,       -// URL="The address provided by SMS gateway for sending messages. If no URL is required by the SMS gateway, provide an empty string like """)] -/// Meta data attributes initialization  -[SMSGatewayMetadataAttribute ( AccountIdRequired=false, Description = "Clickatell SMS Gateway",Name="Clickatell",PasswordRequired=true, UserIdRequired=true,UrlRequired=true,ProxyDomainRequired=false,ProxyHostNameRequired=false,      ProxyPasswordRequired=false,ProxyPortRequired=false, ProxyUsernameRequired=false,URL="http://api.clickatell.com/http/sendmsg?")]  -Class ClickatellCustomSMSGatewayBasic : ISMSGateway  -{ -... -... -... -} -} - -``` - -### Register your Custom SMS Gateway with Directory Manager - -1. On the Directory Manager server, go to: - X:\Program Files\Imanami\GroupID - 11.0\GroupIDDataService\Inetpub\GroupIDDataService\Web\SMSGateways\ - (X represents the Directory Manager installation drive). -2. Create a new folder here using the name that was specified for the **Name** SMS gateway meta data - attribute. -3. Compile and generate the DLL file for your custom SMS gateway. -4. Restart IIS services by typing the following command in the **Run** dialog box: - _iisreset_ - -If the SMS gateway is successfully registered, it will get listed in the **Gateway Type** list (on -the **Create SMS Gateway** page) for selection when creating an SMS gateway account. - -**See Also** - -- [SMS Gateway](/docs/directorymanager/11.1/admincenter/smsgateway/overview.md) -- [ISMSGateway Members](/docs/directorymanager/11.1/admincenter/smsgateway/custom/overview.md) diff --git a/docs/directorymanager/11.1/admincenter/smsgateway/manage.md b/docs/directorymanager/11.1/admincenter/smsgateway/manage.md deleted file mode 100644 index 82fd672476..0000000000 --- a/docs/directorymanager/11.1/admincenter/smsgateway/manage.md +++ /dev/null @@ -1,122 +0,0 @@ -# Manage SMS Gateway Accounts - -You can create one or more SMS gateway accounts in Directory Manager and link an account with an -identity store. You can also set an account as the default account, so that it is automatically -linked to an identity store created thereafter. - -Directory Manager supports several SMS gateway providers. You can also use the Custom Gateway API to -integrate with an unsupported provider. - -What do you want to do? - -- Create an SMS Gateway Account -- Modify an SMS Gateway Account -- Set an SMS Gateway Account as Default -- Test SMS Gateway Account Connection -- Link an SMS Gateway Account to an Identity Store -- Delete an SMS Gateway Account - -## Create an SMS Gateway Account - -1. In Admin Center, click **SMS Gateway** at the bottom of the left navigation pane. -2. On the **SMS Gateways** page, do either of the following: - - - Click **Setup SMS Gateway** - This button is displayed when no gateway account exists in - Directory Manager. - - Click **Create SMS Gateway** - This button is displayed when one or more gateway accounts have - been created in Directory Manager. - - The **Create SMS Gateway** page is displayed. - -3. Enter a name for the gateway account in the **Name** box. -4. In the **Gateway Type** drop-down list, select an SMS gateway provider. - The list includes the gateways that Directory Manager supports and any custom SMS gateways that - you have written. Selecting a gateway type displays the gateway URL, which is the web service - address the SMS gateway uses for sending text messages. -5. Enter an account ID for the gateway type in the **Account ID** box. -6. Enter the username and password for the account in the **User Name** and **Password** boxes. -7. To communicate with the SMS gateway through a proxy server, click **Show Proxy Options**. This - displays some additional fields for entering proxy settings. Enter the following proxy - information: - - - **Proxy User Name** - the proxy user name, if required by the proxy server. - - **Proxy Password** - the password for the user name. - - **Description** - a description of the proxy connection. - - **Proxy Domain** - the domain name or IP address of the proxy server. - - **Proxy Host Name** - the host name of the proxy server. - - **Proxy Port** - the port number the proxy uses. - -8. Test the account settings: - - 1. Click **Test Connection**. - 2. In the **Test SMS Gateway Connection** dialog box, enter a mobile phone number for receiving - a test message. Use International format, with no spaces or special characters. For example: - 18588123169, 447079692712, 923225867987. - 3. Click **OK** to send the message to the mobile number. - -9. Select the **Set as default account** check box to link this gateway account with the identity - stores created from this point forward. -10. Click **Create SMS Gateway** to create the gateway account. - -## Modify an SMS Gateway Account - -You can update the details of an SMS gateway account, such as its name and the credentials used to -connect to the gateway. - -**To modify an account:** - -1. In Admin Center, click **SMS Gateway** at the bottom of the left navigation pane. - The **SMS Gateways** page is displayed with a list of the SMS gateway accounts that you have - created. -2. To update a gateway account, click **Edit** for it in the **Actions** column. -3. On the **Edit SMS Gateway** page, update the required details. Refer to step 3 and onwards in the - Create an SMS Gateway Account topic for details. - -## Set an SMS Gateway Account as Default - -1. In Admin Center, click **SMS Gateway** at the bottom of the left navigation pane. - The **SMS Gateways** page is displayed with a list of the SMS gateway accounts that you have - created. -2. Click **Edit** for a gateway account in the **Actions** column. -3. On the **Edit SMS Gateway** page, select the **Set as default account** check box to set this - gateway account as default, which means that it will be linked with the identity stores created - hereafter. -4. Click **Save SMS Gateway**. - -## Test SMS Gateway Account Connection - -1. In Admin Center, click **SMS Gateway** at the bottom of the left navigation pane. - The **SMS Gateways** page is displayed with a list of the SMS gateway accounts that you have - created. -2. Click **Test Connection** for a gateway to test whether Directory Manager can successfully send - text messages through it. -3. In the **Test SMS Gateway Connection** dialog box, enter a mobile phone number for receiving a - test message. Use International format, with no spaces or special characters. For example: - 18588123169, 447079692712, 923225867987. -4. Click **OK** to send the message to the mobile number. - -## Link an SMS Gateway Account to an Identity Store - -See the -[Link an SMS Gateway Account to an Identity Store](/docs/directorymanager/11.1/admincenter/identitystore/configure/security/smsauthentication.md#link-an-sms-gateway-account-to-an-identity-store) -topic. - -## Delete an SMS Gateway Account - -You can delete an SMS gateway account that is not linked with any identity store. - -**To delete an account:** - -1. In Admin Center, click **SMS Gateway** at the bottom of the left navigation pane. -2. On the **SMS Gateways** page, click **Delete** for a gateway account to delete it. -3. One of the following happens: - - - If the gateway account is not linked with an identity store, a message is displayed, asking - you to confirm its deletion. Clicking **Delete** will delete the account. - - If the gateway account is linked with an identity store, Directory Manager will not allow you - to delete it. - -See Also - -- [SMS Gateway](/docs/directorymanager/11.1/admincenter/smsgateway/overview.md) -- [Implement and Deploy a Custom SMS Gateway](/docs/directorymanager/11.1/admincenter/smsgateway/implementcustom.md) diff --git a/docs/directorymanager/11.1/admincenter/smsgateway/overview.md b/docs/directorymanager/11.1/admincenter/smsgateway/overview.md deleted file mode 100644 index d4ebf314b7..0000000000 --- a/docs/directorymanager/11.1/admincenter/smsgateway/overview.md +++ /dev/null @@ -1,30 +0,0 @@ -# SMS Gateway - -In Directory Manager, an SMS gateway account is required for: - -- SMS verification for multifactor authentication, second factor authentication, and Second Way - Authentication. Directory Manager uses an SMS gateway account to send verification codes to the - users’ mobile numbers. -- Sending new passwords and password reset links to the users’ mobile numbers by the helpdesk users, - when they reset end users’ passwords using the Helpdesk node in Admin Center. - -The SMS gateway can be any third-party service provider capable of sending text messages to mobile -phone numbers. - -Directory Manager supports these SMS gateways: - -- Bulletin.net -- Nexmo -- RedOxygen - -To use a gateway not in this list, write your own custom gateway using Directory Manager's Custom -Gateway API. - -For a gateway, you can set up as many gateway accounts as required and then link a gateway account -to an identity store. - -**See Also** - -- [Manage SMS Gateway Accounts](/docs/directorymanager/11.1/admincenter/smsgateway/manage.md) -- [Implement and Deploy a Custom SMS Gateway](/docs/directorymanager/11.1/admincenter/smsgateway/implementcustom.md) -- [Authentication Policy](/docs/directorymanager/11.1/admincenter/identitystore/configure/authpolicy.md) diff --git a/docs/directorymanager/11.1/admincenter/workflow/overview.md b/docs/directorymanager/11.1/admincenter/workflow/overview.md deleted file mode 100644 index 0f5bbc450f..0000000000 --- a/docs/directorymanager/11.1/admincenter/workflow/overview.md +++ /dev/null @@ -1,101 +0,0 @@ -# Workflows - -A workflow is a set of rules that Directory Manager uses as a built-in auditing system to ensure -that changes made to an object are approved by an authorized user before they are committed to the -directory. - -Workflows are defined for an identity store and apply to the different operations, such as group -creation and expiry. - -A workflow triggers when a certain operation, performed by a user, meets the criteria defined for -that workflow. Designated users can approve or deny workflow requests using the Directory Manager -portal. - -NOTE: Workflows require an SMTP server to be configured for the identity store. See the -[Configure an SMTP Server](/docs/directorymanager/11.1/admincenter/identitystore/configure/smtpserver.md) topic. - -## System Workflows - -Directory Manager provides the following predefined workflows (also called system workflows) that -trigger when their associated events occur: - -| | Workflow Name | Description | Default Approver | -| --- | ------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ---------------------------------------------------------- | -| 1. | Workflow to Reset Password | When a user resets his or her password. It does not apply when helpdesk users reset the passwords of other users. | Primary and additional managers of the user | -| 2. | Workflow to Change Group Expiration Policy | When a user changes the expiry policy of a group By default, this workflow is disabled and no approver is specified. You can edit the workflow to add an approver. | None | -| 3. | Workflow to Nest a Group | When a user adds a group (Group A) to the membership of another group (Group B) | Primary and additional owners of the added group (Group A) | -| 4. | Workflow to Join a Group | When a user joins a semi-private group | Primary and additional owners of the group | -| 5. | Workflow to Leave a Group | When a user leaves a semi-private group | Primary and additional owners of the group | -| 6. | Workflow to Transfer a User | When a user transfers his or her direct report | The new manager | -| 7. | Workflow to Terminate a User | When a manager terminates a direct report By default, this workflow is disabled and no approver is specified. You can edit the workflow to add an approver. | None | -| 8. | Workflow to Change Manager | When a user changes his or her primary or additional manager | Existing primary and additional managers of the user | - -You can also define new workflows for an identity store. - -NOTE: You cannot delete a system workflow, but you can disable it. You can also modify it to a -limited extent. - -## Synchronize Jobs and Workflows - -Workflows apply to Synchronize jobs as follows: - -- When you manually run a Synchronize job, Directory Manager evaluates whether the task it will - perform falls under the scope of a workflow. If yes, then a workflow request is triggered. The job - will run when the request is approved. - Workflows do not apply to Synchronize jobs that auto run through a Synchronize schedule. - **Example:** You have a Synchronize job that changes the job title of users in bulk. You also have - a ‘Change Title’ workflow that triggers when the job title of a user is changed. In this case, the - Synchronize job falls under the scope of the ‘Change Title’ workflow. When the job is run - manually, the workflow triggers and an approval request goes to the recipient set as the workflow - approver. If the approver approves the request, the job will run. If not, then it will not run. -- When you manually run a job collection in which some jobs fall under the scope of workflows while - others do not, workflow requests will be triggered for the respective jobs while the other jobs - will run as usual. -- When a workflow request against a Synchronize job is pending for approval, another request will be - triggered when the same user or any other user runs the same job again. -- When a Synchronize job runs to set the manager for a user who does not already have a manager, the - following happens: - - - The _Workflow to Change Manager_ will trigger if a default approver is set in advanced - workflow settings. - - If the default approver is not set, the workflow will not trigger and the user's manager will - be set without requiring any approval. - -- When a Synchronize job updates multiple attributes for an object type and different workflows have - been defined for the various attributes that it updates, then a separate request is triggered for - each of the applicable workflows and sent to the respective approvers. Even when one of these - requests is approved, the job runs, irrespective of whether another approver denies it. - **Example:** A Synchronize job falls under the scope of three workflows. Hence, three requests are - generated and sent to three different recipients for approval. If an approver approves it, another - denies it, and the third does not take any action, the job will run and update all target - attributes. -- Filters in workflows do not apply to Synchronize jobs. - -## How are Workflow Requests Handled - -When a workflow is triggered, an approval request is generated and sent to the designated -approver(s), informing them of the actions that a user wants to perform in an identity store. The -approver can view these requests in the Directory Manager portal. - -- If the approver is satisfied with the requested actions, he or she can approve the request and the - changes are committed to the directory. -- If the approver deems the actions inappropriate, he or she can deny the request and provide a - reason for denial. - -In any case, the requester and other approvers (in case of multiple approvers) are notified of the -outcome. - -## Workflow Approval Scenarios - -The following scenarios are valid when workflow approver acceleration settings are not applied. - -- When the object specified as an approver for a workflow is not available (such as if it is - disabled or not specified), workflow requests are sent to the default approver. If the default - approver is disabled or not specified either, the requests are auto approved. See the - [Specify a Default Approver](advancedsettings.md#specify-a-default-approver) topic. -- If the requester is also the approver for that workflow, the request is auto approved. - -## Integration with Microsoft Power Automate - -To automate your everyday tasks, you can also link your Directory Manager workflows to Power -Automate flows. diff --git a/docs/directorymanager/11.1/api/contact/contactapis.md b/docs/directorymanager/11.1/api/contact/contactapis.md deleted file mode 100644 index 931177698d..0000000000 --- a/docs/directorymanager/11.1/api/contact/contactapis.md +++ /dev/null @@ -1,12 +0,0 @@ -# Contact APIs - -Directory Manager provides the following APIs to perform contact-specific functions: - -- [Create a Contact](/docs/directorymanager/11.1/api/contact/createcontact.md) -- [Delete a Contact](/docs/directorymanager/11.1/api/contact/deletecontact.md) -- [Delete Contacts](/docs/directorymanager/11.1/api/contact/deletecontacts.md) -- [Get a Contact](/docs/directorymanager/11.1/api/contact/getcontact.md) -- [Get Contacts](/docs/directorymanager/11.1/api/contact/getcontacts.md) -- [Update a Contact](/docs/directorymanager/11.1/api/contact/updatecontact.md) - -NOTE: The contact object type is not supported in a Microsoft Entra ID based identity store. diff --git a/docs/directorymanager/11.1/api/datasource/createds.md b/docs/directorymanager/11.1/api/datasource/createds.md deleted file mode 100644 index e42785356b..0000000000 --- a/docs/directorymanager/11.1/api/datasource/createds.md +++ /dev/null @@ -1,12 +0,0 @@ -# Create a Data Source - -Using this API, you can create data sources for the supported providers. The data sources are -primarily used in Synchronize jobs, but you can also use them in queries to search for directory -objects and in queries for group membership update. - -- [Create a Data Source for a Text/CSV File](/docs/directorymanager/11.1/api/datasource/dstext.md) -- [Create a Data Source for MS Access](/docs/directorymanager/11.1/api/datasource/dsaccess.md) -- [Create a Data Source for MS Excel](/docs/directorymanager/11.1/api/datasource/dsexcel.md) -- [Create a Data Source for ODBC](/docs/directorymanager/11.1/api/datasource/dsodbc.md) -- [Create a Data Source for Oracle](/docs/directorymanager/11.1/api/datasource/dsoracle.md) -- [Create a Data Source for SQL Server](/docs/directorymanager/11.1/api/datasource/dssql.md) diff --git a/docs/directorymanager/11.1/api/datasource/datasourceapis.md b/docs/directorymanager/11.1/api/datasource/datasourceapis.md deleted file mode 100644 index 09e5090746..0000000000 --- a/docs/directorymanager/11.1/api/datasource/datasourceapis.md +++ /dev/null @@ -1,32 +0,0 @@ -# Data Source APIs - -Directory Manager provides the following APIs to perform functions related to data sources: - -- [Create a Data Source](/docs/directorymanager/11.1/api/datasource/createds.md) - - - [Create a Data Source for a Text/CSV File](/docs/directorymanager/11.1/api/datasource/dstext.md) - - [Create a Data Source for MS Access](/docs/directorymanager/11.1/api/datasource/dsaccess.md) - - [Create a Data Source for MS Excel](/docs/directorymanager/11.1/api/datasource/dsexcel.md) - - [Create a Data Source for ODBC](/docs/directorymanager/11.1/api/datasource/dsodbc.md) - - [Create a Data Source for Oracle](/docs/directorymanager/11.1/api/datasource/dsoracle.md) - - [Create a Data Source for SQL Server](/docs/directorymanager/11.1/api/datasource/dssql.md) - -- [Delete a Data Source](/docs/directorymanager/11.1/api/datasource/deleteds.md) -- [Get a Data Source](/docs/directorymanager/11.1/api/datasource/getds.md) -- [Get a Data Source by Type and Name](/docs/directorymanager/11.1/api/datasource/getdstypename.md) -- [Get a Data Source by Type and with ID](/docs/directorymanager/11.1/api/datasource/getdstypeid.md) -- [Get All Data Sources](/docs/directorymanager/11.1/api/datasource/getallds.md) -- [Get All Data Sources by Type](/docs/directorymanager/11.1/api/datasource/getalldstype.md) -- [Get Filenames by Type](/docs/directorymanager/11.1/api/datasource/getfntype.md) -- [ Get Filtered Data Sources by isSource](/docs/directorymanager/11.1/api/datasource/getfilterds.md) -- [Get Parameters of a Data Source](/docs/directorymanager/11.1/api/datasource/getdsparameter.md) -- [Get File Server Metadata by Type ](/docs/directorymanager/11.1/api/datasource/gefsmdtype.md) -- [ Get Metadata of Data Source by Server Type and ID ](/docs/directorymanager/11.1/api/datasource/getmdtypest.md) -- [Get Metadata of Data Sources](/docs/directorymanager/11.1/api/datasource/getmd.md) -- [Get Provider Options of a Data Source](/docs/directorymanager/11.1/api/datasource/getdspo.md) -- [Parse a Connection String](/docs/directorymanager/11.1/api/datasource/parsecs.md) -- [Update a Data Source](/docs/directorymanager/11.1/api/datasource/updateds.md) -- [Validate Data Connectivity of a Data Source](/docs/directorymanager/11.1/api/datasource/validatedc.md) - -See the[ Data Sources](/docs/directorymanager/11.1/admincenter/datasource/overview.md) topic for additional information on -data sources. diff --git a/docs/directorymanager/11.1/api/group/groupapis.md b/docs/directorymanager/11.1/api/group/groupapis.md deleted file mode 100644 index ad615cd2a2..0000000000 --- a/docs/directorymanager/11.1/api/group/groupapis.md +++ /dev/null @@ -1,25 +0,0 @@ -# Group APIs - -Directory Manager provides the following APIs for performing group-specific functions: - -- [Create a Static Group](/docs/directorymanager/11.1/api/group/createstaticgroup.md) -- [Create an Entra ID Static Group](/docs/directorymanager/11.1/api/group/createstaticgroupentraid.md) -- [Create a Smart Group](/docs/directorymanager/11.1/api/group/createsmartgroup.md) -- [Create an Entra ID Smart Group](/docs/directorymanager/11.1/api/group/createsmartgroupentraid.md) -- [Delete a Group](/docs/directorymanager/11.1/api/group/deletegroup.md) -- [Delete Groups](/docs/directorymanager/11.1/api/group/deletegroups.md) -- [Expire a Group](/docs/directorymanager/11.1/api/group/expiregroup.md) -- [Expire Groups](/docs/directorymanager/11.1/api/group/expiregroups.md) -- [Get a Group](/docs/directorymanager/11.1/api/group/getgroup.md) -- [Get Groups](/docs/directorymanager/11.1/api/group/getgroups.md) -- [Join a Group](/docs/directorymanager/11.1/api/group/joingroup.md) -- [Join a Group on behalf of another user](/docs/directorymanager/11.1/api/group/joingrouponbehalf.md) -- [Leave a Group](/docs/directorymanager/11.1/api/group/leavegroup.md) -- [Leave a Group on behalf of another user](/docs/directorymanager/11.1/api/group/leavegrouponbehalf.md) -- [Get Preview of a Smart Group Membership](/docs/directorymanager/11.1/api/group/previewmembership.md) -- [Renew a Group](/docs/directorymanager/11.1/api/group/renewgroup.md) -- [Renew Groups](/docs/directorymanager/11.1/api/group/renewgroups.md) -- [Update a Group](/docs/directorymanager/11.1/api/group/updategroup.md) -- [Update Groups](/docs/directorymanager/11.1/api/group/updategroups.md) -- [Update a Smart Group](/docs/directorymanager/11.1/api/group/updatesmartgroup.md) -- [Update Smart Groups](/docs/directorymanager/11.1/api/group/updatesmartgroups.md) diff --git a/docs/directorymanager/11.1/api/logs/admincenter.md b/docs/directorymanager/11.1/api/logs/admincenter.md deleted file mode 100644 index f518609823..0000000000 --- a/docs/directorymanager/11.1/api/logs/admincenter.md +++ /dev/null @@ -1,20 +0,0 @@ -# Admin Center Logs - -Use this API to get Admin Center logs. See the [Get Logs](/docs/directorymanager/11.1/admincenter/general/logs.md) topic -for additional information. - -## Endpoint - -https://machinename:4443/AdminCenter/api/Logs/Download - -## HTTP Method - -GET - -#### Sample Response Syntax - -``` - -``` - -Save the encrypted response as a zip file to a desired location. diff --git a/docs/directorymanager/11.1/api/logs/dataservice.md b/docs/directorymanager/11.1/api/logs/dataservice.md deleted file mode 100644 index 4f25767e69..0000000000 --- a/docs/directorymanager/11.1/api/logs/dataservice.md +++ /dev/null @@ -1,21 +0,0 @@ -# Data Service Logs - -Use this API to get Directory Manager Data service log. See the -[Data Service](/docs/directorymanager/11.1/admincenter/service/dataservice/overview.md) for additional information on Data -service. - -## Endpoint - -https://machinename:4443/GroupIDDataService/api/Logs/Download - -## HTTP Method - -GET - -#### Sample Response Syntax - -``` - -``` - -Save the encrypted response as a zip file to a desired location. diff --git a/docs/directorymanager/11.1/api/logs/emailservice.md b/docs/directorymanager/11.1/api/logs/emailservice.md deleted file mode 100644 index a5330f9936..0000000000 --- a/docs/directorymanager/11.1/api/logs/emailservice.md +++ /dev/null @@ -1,20 +0,0 @@ -# Email Service Logs - -Use this API to get Email service logs. See the -[Email Service](/docs/directorymanager/11.1/admincenter/service/emailservice.md) topic for additional on Email service. - -## Endpoint - -https://machinename:4443/GroupIDEmailService/api/Logs/Download - -## HTTP Method - -GET - -#### Sample Response Syntax - -``` - -``` - -Save the encrypted response as a zip file to a desired location. diff --git a/docs/directorymanager/11.1/api/logs/logsapis.md b/docs/directorymanager/11.1/api/logs/logsapis.md deleted file mode 100644 index 772fe10f2c..0000000000 --- a/docs/directorymanager/11.1/api/logs/logsapis.md +++ /dev/null @@ -1,14 +0,0 @@ -# Logs APIs - -Directory Manager generates logs for its services, clients, and Windows events. Using the following -APIs, you can collect and dump your required logs to a desired location. - -See the [Get Logs](/docs/directorymanager/11.1/admincenter/general/logs.md) topic for additional information on logs. - -- [Admin Center Logs](/docs/directorymanager/11.1/api/logs/admincenter.md) -- [Data Service Logs](/docs/directorymanager/11.1/api/logs/dataservice.md) -- [Email Service Logs](/docs/directorymanager/11.1/api/logs/emailservice.md) -- [Portal Logs](/docs/directorymanager/11.1/api/logs/portal.md) -- [Replication Service Logs](/docs/directorymanager/11.1/api/logs/replicationservice.md) -- [Scheduler Service Logs](/docs/directorymanager/11.1/api/logs/schedulerservice.md) -- [Security Service Logs](/docs/directorymanager/11.1/api/logs/securityservice.md) diff --git a/docs/directorymanager/11.1/api/logs/portal.md b/docs/directorymanager/11.1/api/logs/portal.md deleted file mode 100644 index 2c887bca3e..0000000000 --- a/docs/directorymanager/11.1/api/logs/portal.md +++ /dev/null @@ -1,20 +0,0 @@ -# Portal Logs - -Use this API to get Directory Manager portal logs. See the -[History](/docs/directorymanager/11.1/portal/history/overview.md) topic for additional information on Portal history. - -## Endpoint - -https://demomachine:4443/GroupIDPortal/api/Logs/Download - -## HTTP Method - -GET - -#### Sample Response Syntax - -``` - -``` - -Save the encrypted response as a zip file to a desired location. diff --git a/docs/directorymanager/11.1/api/logs/replicationservice.md b/docs/directorymanager/11.1/api/logs/replicationservice.md deleted file mode 100644 index 87787965d1..0000000000 --- a/docs/directorymanager/11.1/api/logs/replicationservice.md +++ /dev/null @@ -1,21 +0,0 @@ -# Replication Service Logs - -Use this API to get Replication Service logs. See the -[Replication Service](/docs/directorymanager/11.1/admincenter/service/replicationservice.md) topic for additional -information on Replication service. - -## Endpoint - -https://demomachine:4443/GroupIDReplicationService/api/Logs/Download - -## HTTP Method - -GET - -#### Sample Response Syntax - -``` - -``` - -Save the encrypted response as a zip file to a desired location. diff --git a/docs/directorymanager/11.1/api/logs/schedulerservice.md b/docs/directorymanager/11.1/api/logs/schedulerservice.md deleted file mode 100644 index 93b19e5036..0000000000 --- a/docs/directorymanager/11.1/api/logs/schedulerservice.md +++ /dev/null @@ -1,21 +0,0 @@ -# Scheduler Service Logs - -Using this API you can get Scheduler Service logs. See the -[Scheduler Service](/docs/directorymanager/11.1/admincenter/service/schedulerservice.md)topic for additional information -on Scheduler service. - -## Endpoint - -https://demomachine:4443/GroupIDSchedulerService/api/Logs/Download - -## HTTP Method - -GET - -#### Sample Response Syntax - -``` - -``` - -Save the encrypted response as a zip file to a desired location. diff --git a/docs/directorymanager/11.1/api/logs/securityservice.md b/docs/directorymanager/11.1/api/logs/securityservice.md deleted file mode 100644 index 75ea949e05..0000000000 --- a/docs/directorymanager/11.1/api/logs/securityservice.md +++ /dev/null @@ -1,21 +0,0 @@ -# Security Service Logs - -This API fetches Directory Manager Security service logs. See the -[Security Service](/docs/directorymanager/11.1/admincenter/service/securityservice/overview.md) topic for additional -information on Security service. - -## Endpoint - -https://demomachine:4443/GroupIDSecurityService/api/Logs/Download - -## HTTP Method - -GET - -#### Sample Response Syntax - -``` - -``` - -Save the encrypted response as a zip file to a desired location. diff --git a/docs/directorymanager/11.1/api/search/searchapis.md b/docs/directorymanager/11.1/api/search/searchapis.md deleted file mode 100644 index daa26d60fa..0000000000 --- a/docs/directorymanager/11.1/api/search/searchapis.md +++ /dev/null @@ -1,7 +0,0 @@ -# Search APIs - -Directory Manager provides the following APIs to search directory objects based on a single or a -multi-valued attribute.: - -- [Search an Object By a Single Value Attribute](/docs/directorymanager/11.1/api/search/byattribute.md) -- [Search Group Members](/docs/directorymanager/11.1/api/search/groupmembers.md) diff --git a/docs/directorymanager/11.1/api/syncjobs/deletejob.md b/docs/directorymanager/11.1/api/syncjobs/deletejob.md deleted file mode 100644 index 554cfd892e..0000000000 --- a/docs/directorymanager/11.1/api/syncjobs/deletejob.md +++ /dev/null @@ -1,33 +0,0 @@ -# Delete Jobs - -After creating job, you can modify a job or even delete a job if it is no more required. Use this -API to delete job(s) specified in the end point URL. - -See the [Deleting a Job](/docs/directorymanager/11.1/portal/synchronize/manage/job.md#deleting-a-job) section of the -[Manage a Job](/docs/directorymanager/11.1/portal/synchronize/manage/job.md) topic for additional information. - -## Endpoint - -https://machinename:4443/GroupIDDataService/api/DataSyncJobs?jobids=1&jobids=2 - -## HTTP Method - -DELETE - -#### Sample Response Syntax - -``` -{ -    "name": null, -    "type": 7, -    "status": 0, -    "message": null, -    "data": null, -    "identityStoreObject": null, -    "details": [], -    "currentDirectoryServer": null, -    "errorCode": null, -    "exceptionMessagesAttributeWise": null, -    "isResyncAble": true -} -``` diff --git a/docs/directorymanager/11.1/api/syncjobs/deletejobcollections.md b/docs/directorymanager/11.1/api/syncjobs/deletejobcollections.md deleted file mode 100644 index 77651a85c9..0000000000 --- a/docs/directorymanager/11.1/api/syncjobs/deletejobcollections.md +++ /dev/null @@ -1,34 +0,0 @@ -# Delete Job Collections - -Use this API to delete job collections specified in the end point URL. - -See the -[Delete a Job Collection](/docs/directorymanager/11.1/portal/synchronize/manage/jobcollection.md#delete-a-job-collection) -section of the [Manage a Job Collection ](/docs/directorymanager/11.1/portal/synchronize/manage/jobcollection.md) topic -for additional information on job collection. - -## Endpoint - -https://machinename:4443/GroupIDDataService/api/DataSyncJobs/Collections?jobids=1&jobids=2 - -## HTTP Method - -DELETE - -#### Sample Response Syntax - -``` -{ -    "name": null, -    "type": 7, -    "status": 0, -    "message": null, -    "data": null, -    "identityStoreObject": null, -    "details": [], -    "currentDirectoryServer": null, -    "errorCode": null, -    "exceptionMessagesAttributeWise": null, -    "isResyncAble": true -} -``` diff --git a/docs/directorymanager/11.1/api/syncjobs/jobsapis.md b/docs/directorymanager/11.1/api/syncjobs/jobsapis.md deleted file mode 100644 index 7f56cdb435..0000000000 --- a/docs/directorymanager/11.1/api/syncjobs/jobsapis.md +++ /dev/null @@ -1,17 +0,0 @@ -# Synchronize Jobs APIs - -Directory Manager Synchronize is used for transferring data from one data source to another. The -data sources may include directory servers, databases or files. The following APIs can be used for -performing Synchronize jobs-specific functions: - -- [Create a New Job](/docs/directorymanager/11.1/api/syncjobs/createjob.md) -- [Create a New Job Collection](/docs/directorymanager/11.1/api/syncjobs/createnewjobcollection.md) -- [Delete Jobs](/docs/directorymanager/11.1/api/syncjobs/deletejob.md) -- [Delete Job Collections](/docs/directorymanager/11.1/api/syncjobs/deletejobcollections.md) -- [Get Job Collections Details](/docs/directorymanager/11.1/api/syncjobs/getcollectionsdetails.md) -- [Get Job Collection Details By Job Collection ID](/docs/directorymanager/11.1/api/syncjobs/getjcdetailsbyjcid.md) -- [Get Jobs](/docs/directorymanager/11.1/api/syncjobs/getjobs.md) -- [Get Job Collections](/docs/directorymanager/11.1/api/syncjobs/getjobcollections.md) -- [Get a Job Details](/docs/directorymanager/11.1/api/syncjobs/getjobsdetails.md) -- [Get Jobs Names ](/docs/directorymanager/11.1/api/syncjobs/getjobsname.md) -- [Update a Job Collection](/docs/directorymanager/11.1/api/syncjobs/updatjobcollection.md) diff --git a/docs/directorymanager/11.1/api/user/userapis.md b/docs/directorymanager/11.1/api/user/userapis.md deleted file mode 100644 index 4efb9657cd..0000000000 --- a/docs/directorymanager/11.1/api/user/userapis.md +++ /dev/null @@ -1,20 +0,0 @@ -# User APIs - -Directory Manager provides the following APIs to perform user-specific functions: - -- [Create a User](/docs/directorymanager/11.1/api/user/createuser.md) -- [Create an Entra ID User](/docs/directorymanager/11.1/api/user/createuserentraid.md) -- [Delete a User](/docs/directorymanager/11.1/api/user/deleteuser.md) -- [Delete Users](/docs/directorymanager/11.1/api/user/deleteusers.md) -- [Get All Groups](/docs/directorymanager/11.1/api/user/getallgroups.md) -- [Get My Dynasties](/docs/directorymanager/11.1/api/user/getmydynasties.md) -- [Get My Expired Groups](/docs/directorymanager/11.1/api/user/getmyexpiredgroups.md) -- [Get My Expiring Groups](/docs/directorymanager/11.1/api/user/getmyexpiringgroups.md) -- [Get My Expiring Groups Count](/docs/directorymanager/11.1/api/user/getmyexpiringgroupscount.md) -- [Get My Groups](/docs/directorymanager/11.1/api/user/getmygroups.md) -- [Get My Groups Count](/docs/directorymanager/11.1/api/user/getmygroupscount.md) -- [Get My Membership](/docs/directorymanager/11.1/api/user/getmymemberships.md) -- [Get My Membership Count](/docs/directorymanager/11.1/api/user/getmymemebershipcount.md) -- [Get My Smart Groups](/docs/directorymanager/11.1/api/user/getmysmartgroups.md) -- [Get a User](/docs/directorymanager/11.1/api/user/getuser.md) -- [Get Users](/docs/directorymanager/11.1/api/user/getusers.md) diff --git a/docs/directorymanager/11.1/api/welcome.md b/docs/directorymanager/11.1/api/welcome.md deleted file mode 100644 index 839907933c..0000000000 --- a/docs/directorymanager/11.1/api/welcome.md +++ /dev/null @@ -1,19 +0,0 @@ -# Directory Manager (formerly GroupID) APIs - -Directory Manager APIs enable developers to quickly intergrate their applications with Directory -Manager to "perform actions" such as group creation and lifecycle operations using a relevant -Directory Manager API. - -Various Directory Manager functions can be performed using these APIs. The response can be returned -in JSON format. - -These URLs represent various resources — any information or content accessed at that location, which -can be returned in JSON format. Often resources have one or more methods that can be performed on -them over HTTP, like `GET`, `POST`, `PUT`, `PATCH`, and `DELETE`. The action represented by the -first and last of these is clear, but `POST` and `PATCH` have specific meanings. How they are -defined is confusing, but the general rule is: use `POST` to create resources, `PUT` and `PATCH` to -update resources. - -NOTE: All the APIs documented in the API section are for an Active Directory based identity store. -In each API, the **Sample Request Syntax** and the **Sample Response Syntax** sections have -attributes that are supported in an Active Directory based identity store. diff --git a/docs/directorymanager/11.1/api/workflow/workflowapis.md b/docs/directorymanager/11.1/api/workflow/workflowapis.md deleted file mode 100644 index 4b7d5ee9fc..0000000000 --- a/docs/directorymanager/11.1/api/workflow/workflowapis.md +++ /dev/null @@ -1,22 +0,0 @@ -# Workflow APIs - -Directory Manager provides the following APIs to perform functions related to Directory Manager -workflows: - -- [All Workflow Routes](/docs/directorymanager/11.1/api/workflow/allwfroutes.md) -- [Approve a Request](/docs/directorymanager/11.1/api/workflow/approvereq.md) -- [Configure Power Automate](/docs/directorymanager/11.1/api/workflow/configurepowerautomate.md) -- [Create a Route](/docs/directorymanager/11.1/api/workflow/createroute.md) -- [Delete a Route](/docs/directorymanager/11.1/api/workflow/deleteroute.md) -- [Delete a Workflow Request](/docs/directorymanager/11.1/api/workflow/deletewfreq.md) -- [Delete Request Status](/docs/directorymanager/11.1/api/workflow/deletereqstatus.md) -- [Deny a Request](/docs/directorymanager/11.1/api/workflow/denyreq.md) -- [Get a Workflow Route](/docs/directorymanager/11.1/api/workflow/getwfroute.md) -- [Get Approvers](/docs/directorymanager/11.1/api/workflow/getapprovers.md) -- [Get Default Routes](/docs/directorymanager/11.1/api/workflow/getdefroute.md) -- [Get My Requests](/docs/directorymanager/11.1/api/workflow/getmyreq.md) -- [Get Pending Requests](/docs/directorymanager/11.1/api/workflow/getpendingreq.md) -- [Get Power Automate Settings](/docs/directorymanager/11.1/api/workflow/getpowerautomatesettings.md) -- [Get Workflow Requests](/docs/directorymanager/11.1/api/workflow/getwfreq.md) -- [Update a Route](/docs/directorymanager/11.1/api/workflow/updateroute.md) -- [Update Power Automate Settings](/docs/directorymanager/11.1/api/workflow/updatepowerautomatesettings.md) diff --git a/docs/directorymanager/11.1/authenticate/_category_.json b/docs/directorymanager/11.1/authenticate/_category_.json new file mode 100644 index 0000000000..838f21c280 --- /dev/null +++ b/docs/directorymanager/11.1/authenticate/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Authenticate", + "position": 80, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/directorymanager/11.1/authenticate/asidentityprovider/_category_.json b/docs/directorymanager/11.1/authenticate/asidentityprovider/_category_.json new file mode 100644 index 0000000000..d8c9abcac2 --- /dev/null +++ b/docs/directorymanager/11.1/authenticate/asidentityprovider/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Directory Manager as an Identity Provider", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/directorymanager/11.1/authenticate/asidentityprovider/metadata.md b/docs/directorymanager/11.1/authenticate/asidentityprovider/metadata.md index 087435a113..08b2b2be4e 100644 --- a/docs/directorymanager/11.1/authenticate/asidentityprovider/metadata.md +++ b/docs/directorymanager/11.1/authenticate/asidentityprovider/metadata.md @@ -1,3 +1,9 @@ +--- +title: "Specify Default Metadata Values" +description: "Specify Default Metadata Values" +sidebar_position: 20 +--- + # Specify Default Metadata Values You can specify default values for the following Directory Manager metadata: diff --git a/docs/directorymanager/11.1/authenticate/asidentityprovider/overview.md b/docs/directorymanager/11.1/authenticate/asidentityprovider/overview.md index 61833a9125..f65b85e2ea 100644 --- a/docs/directorymanager/11.1/authenticate/asidentityprovider/overview.md +++ b/docs/directorymanager/11.1/authenticate/asidentityprovider/overview.md @@ -1,3 +1,9 @@ +--- +title: "Directory Manager as an Identity Provider" +description: "Directory Manager as an Identity Provider" +sidebar_position: 10 +--- + # Directory Manager as an Identity Provider Directory Manager can provide the services of an identity provider. You can register a third-party diff --git a/docs/directorymanager/11.1/authenticate/asidentityprovider/register.md b/docs/directorymanager/11.1/authenticate/asidentityprovider/register.md index e7ef4dd77b..e0ffd363c2 100644 --- a/docs/directorymanager/11.1/authenticate/asidentityprovider/register.md +++ b/docs/directorymanager/11.1/authenticate/asidentityprovider/register.md @@ -1,3 +1,9 @@ +--- +title: "Register an Application (Service Provider) in Directory Manager" +description: "Register an Application (Service Provider) in Directory Manager" +sidebar_position: 10 +--- + # Register an Application (Service Provider) in Directory Manager To register a service provider in Directory Manager, you have to create an application for the diff --git a/docs/directorymanager/11.1/authenticate/asidentityprovider/signin.md b/docs/directorymanager/11.1/authenticate/asidentityprovider/signin.md index 3ab43c30c3..554e872a7f 100644 --- a/docs/directorymanager/11.1/authenticate/asidentityprovider/signin.md +++ b/docs/directorymanager/11.1/authenticate/asidentityprovider/signin.md @@ -1,3 +1,9 @@ +--- +title: "Sign In Using Directory Manager" +description: "Sign In Using Directory Manager" +sidebar_position: 30 +--- + # Sign In Using Directory Manager Let’s assume that we configured three service providers in Directory Manager. Users should be able diff --git a/docs/directorymanager/11.1/authenticate/asserviceprovider/_category_.json b/docs/directorymanager/11.1/authenticate/asserviceprovider/_category_.json new file mode 100644 index 0000000000..378d903bd2 --- /dev/null +++ b/docs/directorymanager/11.1/authenticate/asserviceprovider/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Directory Manager as a Service Provider", + "position": 20, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/directorymanager/11.1/authenticate/asserviceprovider/adfs/_category_.json b/docs/directorymanager/11.1/authenticate/asserviceprovider/adfs/_category_.json new file mode 100644 index 0000000000..810d06ee26 --- /dev/null +++ b/docs/directorymanager/11.1/authenticate/asserviceprovider/adfs/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "SAML Configuration for Directory Manager using AD FS", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/directorymanager/11.1/authenticate/asserviceprovider/adfs/configurerelayingpartytrust.md b/docs/directorymanager/11.1/authenticate/asserviceprovider/adfs/configurerelayingpartytrust.md index 614edb923d..b3af313c12 100644 --- a/docs/directorymanager/11.1/authenticate/asserviceprovider/adfs/configurerelayingpartytrust.md +++ b/docs/directorymanager/11.1/authenticate/asserviceprovider/adfs/configurerelayingpartytrust.md @@ -1,3 +1,9 @@ +--- +title: "Configure Relaying Party Trust in AD FS" +description: "Configure Relaying Party Trust in AD FS" +sidebar_position: 20 +--- + # Configure Relaying Party Trust in AD FS In AD FS, you have to configure the Directory Manager client with which you want to set up AD FS. diff --git a/docs/directorymanager/11.1/authenticate/asserviceprovider/adfs/generateurls.md b/docs/directorymanager/11.1/authenticate/asserviceprovider/adfs/generateurls.md index b7678a3946..2a0134623e 100644 --- a/docs/directorymanager/11.1/authenticate/asserviceprovider/adfs/generateurls.md +++ b/docs/directorymanager/11.1/authenticate/asserviceprovider/adfs/generateurls.md @@ -1,3 +1,9 @@ +--- +title: "Generate URLs" +description: "Generate URLs" +sidebar_position: 10 +--- + # Generate URLs Generate the consumer URL and audience URL for the Directory Manager client with which you want to diff --git a/docs/directorymanager/11.1/authenticate/asserviceprovider/adfs/overview.md b/docs/directorymanager/11.1/authenticate/asserviceprovider/adfs/overview.md index 27d50aac5f..2dd04d8fea 100644 --- a/docs/directorymanager/11.1/authenticate/asserviceprovider/adfs/overview.md +++ b/docs/directorymanager/11.1/authenticate/asserviceprovider/adfs/overview.md @@ -1,3 +1,9 @@ +--- +title: "SAML Configuration for Directory Manager using AD FS" +description: "SAML Configuration for Directory Manager using AD FS" +sidebar_position: 10 +--- + # SAML Configuration for Directory Manager using AD FS Active Directory Federation Services (AD FS) provides users with single sign-on access to systems diff --git a/docs/directorymanager/11.1/authenticate/asserviceprovider/adfs/signin.md b/docs/directorymanager/11.1/authenticate/asserviceprovider/adfs/signin.md index dbb9593d01..279ac4873f 100644 --- a/docs/directorymanager/11.1/authenticate/asserviceprovider/adfs/signin.md +++ b/docs/directorymanager/11.1/authenticate/asserviceprovider/adfs/signin.md @@ -1,3 +1,9 @@ +--- +title: "Sign In Using AD FS" +description: "Sign In Using AD FS" +sidebar_position: 30 +--- + # Sign In Using AD FS We configured the ADS FS provider with a Directory Manager client, that is the Directory Manager diff --git a/docs/directorymanager/11.1/authenticate/asserviceprovider/entrasso/_category_.json b/docs/directorymanager/11.1/authenticate/asserviceprovider/entrasso/_category_.json new file mode 100644 index 0000000000..e0fbb3f5d2 --- /dev/null +++ b/docs/directorymanager/11.1/authenticate/asserviceprovider/entrasso/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "SAML Configuration for Directory Manager using Microsoft Entra ID SSO", + "position": 20, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/directorymanager/11.1/authenticate/asserviceprovider/entrasso/configureinentra.md b/docs/directorymanager/11.1/authenticate/asserviceprovider/entrasso/configureinentra.md index 9f712d1e86..b894920df8 100644 --- a/docs/directorymanager/11.1/authenticate/asserviceprovider/entrasso/configureinentra.md +++ b/docs/directorymanager/11.1/authenticate/asserviceprovider/entrasso/configureinentra.md @@ -1,3 +1,9 @@ +--- +title: "Configure Directory Manager in Microsoft Entra ID for SSO" +description: "Configure Directory Manager in Microsoft Entra ID for SSO" +sidebar_position: 20 +--- + # Configure Directory Manager in Microsoft Entra ID for SSO Following are the steps to create and configure the Directory Manager application in Microsoft Entra diff --git a/docs/directorymanager/11.1/authenticate/asserviceprovider/entrasso/generateurls.md b/docs/directorymanager/11.1/authenticate/asserviceprovider/entrasso/generateurls.md index 6a31101f8e..0a02f5ae61 100644 --- a/docs/directorymanager/11.1/authenticate/asserviceprovider/entrasso/generateurls.md +++ b/docs/directorymanager/11.1/authenticate/asserviceprovider/entrasso/generateurls.md @@ -1,3 +1,9 @@ +--- +title: "Generate URLs" +description: "Generate URLs" +sidebar_position: 10 +--- + # Generate URLs To generate the consumer URL and audience URL, see the [Generate URLs](/docs/directorymanager/11.1/authenticate/asserviceprovider/adfs/generateurls.md) diff --git a/docs/directorymanager/11.1/authenticate/asserviceprovider/entrasso/overview.md b/docs/directorymanager/11.1/authenticate/asserviceprovider/entrasso/overview.md index 878a09d493..f895667ce3 100644 --- a/docs/directorymanager/11.1/authenticate/asserviceprovider/entrasso/overview.md +++ b/docs/directorymanager/11.1/authenticate/asserviceprovider/entrasso/overview.md @@ -1,3 +1,9 @@ +--- +title: "SAML Configuration for Directory Manager using Microsoft Entra ID SSO" +description: "SAML Configuration for Directory Manager using Microsoft Entra ID SSO" +sidebar_position: 20 +--- + # SAML Configuration for Directory Manager using Microsoft Entra ID SSO Microsoft Entra ID SSO enables users to conveniently access all their apps from any location, on any diff --git a/docs/directorymanager/11.1/authenticate/asserviceprovider/entrasso/signin.md b/docs/directorymanager/11.1/authenticate/asserviceprovider/entrasso/signin.md index 9eb20673b5..b42f4cdd68 100644 --- a/docs/directorymanager/11.1/authenticate/asserviceprovider/entrasso/signin.md +++ b/docs/directorymanager/11.1/authenticate/asserviceprovider/entrasso/signin.md @@ -1,3 +1,9 @@ +--- +title: "Sign In Using Microsoft Entra ID SSO" +description: "Sign In Using Microsoft Entra ID SSO" +sidebar_position: 30 +--- + # Sign In Using Microsoft Entra ID SSO We configured Microsoft Entra ID SSO with a Directory Manager client, that is the Directory Manager diff --git a/docs/directorymanager/11.1/authenticate/asserviceprovider/okta/_category_.json b/docs/directorymanager/11.1/authenticate/asserviceprovider/okta/_category_.json new file mode 100644 index 0000000000..5eba028a09 --- /dev/null +++ b/docs/directorymanager/11.1/authenticate/asserviceprovider/okta/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "SAML Configuration for Directory Manager using Okta", + "position": 30, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/directorymanager/11.1/authenticate/asserviceprovider/okta/configureinokta.md b/docs/directorymanager/11.1/authenticate/asserviceprovider/okta/configureinokta.md index 62842e48cd..aba6810fc6 100644 --- a/docs/directorymanager/11.1/authenticate/asserviceprovider/okta/configureinokta.md +++ b/docs/directorymanager/11.1/authenticate/asserviceprovider/okta/configureinokta.md @@ -1,3 +1,9 @@ +--- +title: "Configure Directory Manager In Okta" +description: "Configure Directory Manager In Okta" +sidebar_position: 20 +--- + # Configure Directory Manager In Okta To configure Directory Manager in Okta, follow these steps: diff --git a/docs/directorymanager/11.1/authenticate/asserviceprovider/okta/generateurls.md b/docs/directorymanager/11.1/authenticate/asserviceprovider/okta/generateurls.md index 1888c4740e..47c5753c65 100644 --- a/docs/directorymanager/11.1/authenticate/asserviceprovider/okta/generateurls.md +++ b/docs/directorymanager/11.1/authenticate/asserviceprovider/okta/generateurls.md @@ -1,3 +1,9 @@ +--- +title: "Generate URLs" +description: "Generate URLs" +sidebar_position: 10 +--- + # Generate URLs To generate the consumer URL and audience URL, see the [Generate URLs](/docs/directorymanager/11.1/authenticate/asserviceprovider/adfs/generateurls.md) diff --git a/docs/directorymanager/11.1/authenticate/asserviceprovider/okta/overview.md b/docs/directorymanager/11.1/authenticate/asserviceprovider/okta/overview.md index 0b0449bb87..a3215f6654 100644 --- a/docs/directorymanager/11.1/authenticate/asserviceprovider/okta/overview.md +++ b/docs/directorymanager/11.1/authenticate/asserviceprovider/okta/overview.md @@ -1,3 +1,9 @@ +--- +title: "SAML Configuration for Directory Manager using Okta" +description: "SAML Configuration for Directory Manager using Okta" +sidebar_position: 30 +--- + # SAML Configuration for Directory Manager using Okta Okta provides secure identity management and single sign-on to any application, whether in the diff --git a/docs/directorymanager/11.1/authenticate/asserviceprovider/okta/signin.md b/docs/directorymanager/11.1/authenticate/asserviceprovider/okta/signin.md index 102f8438bc..4d69dde187 100644 --- a/docs/directorymanager/11.1/authenticate/asserviceprovider/okta/signin.md +++ b/docs/directorymanager/11.1/authenticate/asserviceprovider/okta/signin.md @@ -1,3 +1,9 @@ +--- +title: "Sign In Using Okta" +description: "Sign In Using Okta" +sidebar_position: 30 +--- + # Sign In Using Okta We configured Okta with a Directory Manager client, that is the Directory Manager portal _Wizard_ in diff --git a/docs/directorymanager/11.1/authenticate/asserviceprovider/onelogin/_category_.json b/docs/directorymanager/11.1/authenticate/asserviceprovider/onelogin/_category_.json new file mode 100644 index 0000000000..ce46e3a1a3 --- /dev/null +++ b/docs/directorymanager/11.1/authenticate/asserviceprovider/onelogin/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "SAML Configuration for Directory Manager using OneLogin", + "position": 40, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/directorymanager/11.1/authenticate/asserviceprovider/onelogin/configureinonelogin.md b/docs/directorymanager/11.1/authenticate/asserviceprovider/onelogin/configureinonelogin.md index 4d41b73ae1..b635d4adf1 100644 --- a/docs/directorymanager/11.1/authenticate/asserviceprovider/onelogin/configureinonelogin.md +++ b/docs/directorymanager/11.1/authenticate/asserviceprovider/onelogin/configureinonelogin.md @@ -1,3 +1,9 @@ +--- +title: "Configure Directory Manager In OneLogin" +description: "Configure Directory Manager In OneLogin" +sidebar_position: 20 +--- + # Configure Directory Manager In OneLogin Configuring Directory Manager in OneLogin involve the following steps: diff --git a/docs/directorymanager/11.1/authenticate/asserviceprovider/onelogin/generateurls.md b/docs/directorymanager/11.1/authenticate/asserviceprovider/onelogin/generateurls.md index 738a482e1e..671ff344cc 100644 --- a/docs/directorymanager/11.1/authenticate/asserviceprovider/onelogin/generateurls.md +++ b/docs/directorymanager/11.1/authenticate/asserviceprovider/onelogin/generateurls.md @@ -1,3 +1,9 @@ +--- +title: "Generate URLs" +description: "Generate URLs" +sidebar_position: 10 +--- + # Generate URLs To generate the consumer URL and audience URL, see the [Generate URLs](/docs/directorymanager/11.1/authenticate/asserviceprovider/adfs/generateurls.md) diff --git a/docs/directorymanager/11.1/authenticate/asserviceprovider/onelogin/overview.md b/docs/directorymanager/11.1/authenticate/asserviceprovider/onelogin/overview.md index bd00ac2649..97c0198a65 100644 --- a/docs/directorymanager/11.1/authenticate/asserviceprovider/onelogin/overview.md +++ b/docs/directorymanager/11.1/authenticate/asserviceprovider/onelogin/overview.md @@ -1,3 +1,9 @@ +--- +title: "SAML Configuration for Directory Manager using OneLogin" +description: "SAML Configuration for Directory Manager using OneLogin" +sidebar_position: 40 +--- + # SAML Configuration for Directory Manager using OneLogin OneLogin provides single sign-on and identity management for organizations that embrace cloud diff --git a/docs/directorymanager/11.1/authenticate/asserviceprovider/onelogin/signin.md b/docs/directorymanager/11.1/authenticate/asserviceprovider/onelogin/signin.md index f04bc0ac05..aa241a82f2 100644 --- a/docs/directorymanager/11.1/authenticate/asserviceprovider/onelogin/signin.md +++ b/docs/directorymanager/11.1/authenticate/asserviceprovider/onelogin/signin.md @@ -1,3 +1,9 @@ +--- +title: "Sign In Using OneLogin" +description: "Sign In Using OneLogin" +sidebar_position: 30 +--- + # Sign In Using OneLogin We configured OneLogin with a Directory Manager client, that is the Directory Manager portal diff --git a/docs/directorymanager/11.1/authenticate/asserviceprovider/overview.md b/docs/directorymanager/11.1/authenticate/asserviceprovider/overview.md index f4d0ef9e85..9369e189bf 100644 --- a/docs/directorymanager/11.1/authenticate/asserviceprovider/overview.md +++ b/docs/directorymanager/11.1/authenticate/asserviceprovider/overview.md @@ -1,3 +1,9 @@ +--- +title: "Directory Manager as a Service Provider" +description: "Directory Manager as a Service Provider" +sidebar_position: 20 +--- + # Directory Manager as a Service Provider You can configureDirectory Manager as a service provider with the following identity providers: diff --git a/docs/directorymanager/11.1/authenticate/asserviceprovider/pingone/_category_.json b/docs/directorymanager/11.1/authenticate/asserviceprovider/pingone/_category_.json new file mode 100644 index 0000000000..1f2e70570f --- /dev/null +++ b/docs/directorymanager/11.1/authenticate/asserviceprovider/pingone/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "SAML Configuration for Directory Manager using PingOne", + "position": 50, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/directorymanager/11.1/authenticate/asserviceprovider/pingone/configureinpingone.md b/docs/directorymanager/11.1/authenticate/asserviceprovider/pingone/configureinpingone.md index 3b90ad8d57..e67a569335 100644 --- a/docs/directorymanager/11.1/authenticate/asserviceprovider/pingone/configureinpingone.md +++ b/docs/directorymanager/11.1/authenticate/asserviceprovider/pingone/configureinpingone.md @@ -1,3 +1,9 @@ +--- +title: "Configure Directory Manager In PingOne" +description: "Configure Directory Manager In PingOne" +sidebar_position: 20 +--- + # Configure Directory Manager In PingOne To configure Directory Manager in PingOne, follow these steps: diff --git a/docs/directorymanager/11.1/authenticate/asserviceprovider/pingone/generatemetadata.md b/docs/directorymanager/11.1/authenticate/asserviceprovider/pingone/generatemetadata.md index 7085969087..16a9bce5c9 100644 --- a/docs/directorymanager/11.1/authenticate/asserviceprovider/pingone/generatemetadata.md +++ b/docs/directorymanager/11.1/authenticate/asserviceprovider/pingone/generatemetadata.md @@ -1,3 +1,9 @@ +--- +title: "Generate the Consumer URL and Metadata File" +description: "Generate the Consumer URL and Metadata File" +sidebar_position: 10 +--- + # Generate the Consumer URL and Metadata File In Directory Manager Authenticate, you can generate a metadata file for the Directory Manager client diff --git a/docs/directorymanager/11.1/authenticate/asserviceprovider/pingone/overview.md b/docs/directorymanager/11.1/authenticate/asserviceprovider/pingone/overview.md index 72775b481b..c5bafe4e65 100644 --- a/docs/directorymanager/11.1/authenticate/asserviceprovider/pingone/overview.md +++ b/docs/directorymanager/11.1/authenticate/asserviceprovider/pingone/overview.md @@ -1,3 +1,9 @@ +--- +title: "SAML Configuration for Directory Manager using PingOne" +description: "SAML Configuration for Directory Manager using PingOne" +sidebar_position: 50 +--- + # SAML Configuration for Directory Manager using PingOne PingOne is an Identity as a Service (IDaaS) solution that enables organizations to deliver single diff --git a/docs/directorymanager/11.1/authenticate/asserviceprovider/pingone/signin.md b/docs/directorymanager/11.1/authenticate/asserviceprovider/pingone/signin.md index 86a50e9fec..067defe48f 100644 --- a/docs/directorymanager/11.1/authenticate/asserviceprovider/pingone/signin.md +++ b/docs/directorymanager/11.1/authenticate/asserviceprovider/pingone/signin.md @@ -1,3 +1,9 @@ +--- +title: "Sign In Using PingOne" +description: "Sign In Using PingOne" +sidebar_position: 30 +--- + # Sign In Using PingOne We configured PingOne with a Directory Manager client, that is the Directory Manager portal _Wizard_ diff --git a/docs/directorymanager/11.1/authenticate/overview.md b/docs/directorymanager/11.1/authenticate/overview.md index 94fee9f96f..18d7e8d366 100644 --- a/docs/directorymanager/11.1/authenticate/overview.md +++ b/docs/directorymanager/11.1/authenticate/overview.md @@ -1,3 +1,9 @@ +--- +title: "Authenticate" +description: "Authenticate" +sidebar_position: 80 +--- + # Authenticate Authenticate is a federation service that verifies a user's identity in an identity store before diff --git a/docs/directorymanager/11.1/configureentraid/_category_.json b/docs/directorymanager/11.1/configureentraid/_category_.json new file mode 100644 index 0000000000..5888124b17 --- /dev/null +++ b/docs/directorymanager/11.1/configureentraid/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Configure Directory Manager in Microsoft Entra ID", + "position": 90, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/directorymanager/11.1/configureentraid/create.md b/docs/directorymanager/11.1/configureentraid/create.md index f1e86468cc..a68cc1e11d 100644 --- a/docs/directorymanager/11.1/configureentraid/create.md +++ b/docs/directorymanager/11.1/configureentraid/create.md @@ -1,3 +1,9 @@ +--- +title: "Microsoft Entra ID Identity Store" +description: "Microsoft Entra ID Identity Store" +sidebar_position: 20 +--- + # Microsoft Entra ID Identity Store Once you have registered Directory Manager and created a user with required directory role in @@ -8,7 +14,7 @@ Microsoft Entra ID user in Directory Manager. ## To create a Microsoft Entra ID Identity Store See the -[Create an Identity Store for Microsoft Entra ID](/docs/directorymanager/11.1/admincenter/identitystore/create.md#create-an-identity-store-for-microsoft-entra-id) +[Create an Identity Store for Microsoft Entra ID](/docs/directorymanager/11.1/signin/identitystore/create.md#create-an-identity-store-for-microsoft-entra-id) topic for creating an Microsoft Entra ID identity store. NOTE: If you intend to use a service account user with Global Administrator directory role, then no diff --git a/docs/directorymanager/11.1/configureentraid/create_1.md b/docs/directorymanager/11.1/configureentraid/create_1.md new file mode 100644 index 0000000000..b3cd77f7e7 --- /dev/null +++ b/docs/directorymanager/11.1/configureentraid/create_1.md @@ -0,0 +1,76 @@ +--- +title: "Microsoft Entra ID User" +description: "Microsoft Entra ID User" +sidebar_position: 30 +--- + +# Microsoft Entra ID User + +Once your application has been registered with Microsoft Entra ID, formerly Azure Active Directory, +create a user that will be set as a service account while creating an identity store for Microsoft +Entra IDin Directory Manager. + +Follow the steps to create a user in Microsoft Entra ID: + +Step 1 – In the Microsoft Entra Admin Center, go to Microsoft Entra ID> Users and click **New +User** > **Create new user**. + +![create_user](/img/product_docs/directorymanager/11.1/configureentraid/register/create_user.webp) + +Step 2 – On the User page: + +![create_new_user_page](/img/product_docs/directorymanager/11.1/configureentraid/register/create_new_user_page.webp) + +- The **Basics** tab contains the core fields required to create a new user. + + - **User principal name**: Enter a unique username and select a domain from the menu after the @ + symbol. Select **Domain not listed** if you need to create a new domain. For more information, + see + [Add your custom domain name](https://learn.microsoft.com/en-us/entra/fundamentals/add-custom-domain). + - **Mail nickname**: If you need to enter an email nickname that is different from the user + principal name you entered, uncheck the **Derive from user principal name** option, then enter + the mail nickname. + - **Display name**: Enter the user's name. + - **Password**: Provide a password for the user to use during their initial sign-in. Uncheck the + **Auto-generate password** option to enter a different password. + - **Account enabled**: This option is checked by default. Uncheck to prevent the new user from + being able to sign-in. You can change this setting after the user is created. + + Either select the **Review + create** button to create the new user or **Next: Properties** to + complete the next section. + +- The **Properties** tab has some categories of user properties you can provide. These properties + can be added or updated after the user is created. The properties are: + + - **Identity**: Enter the user's first and last name. Set the User type as either Member or + Guest. + - **Job information**: Add any job-related information, such as the user's job title, + department, or manager. + - **Contact information**: Add any relevant contact information for the user. + - **Settings**: Specify the user's global location. + + Either select the **Review + create** button to create the new user or **Next: Assignments** to + complete the next section. + +- The **Assignments** tab. You can assign the user: + + - an administrative unit + - group(s), select a group if you want to add the user to one or more existing groups + - role(s), assign the user a Global administrator role + Members of this role can create/manage groups, create/manage groups settings like naming and + expiration policies, and view groups activity and audit reports. + + Select the **Review + create** button. + +By default, the Directory Manager Administrator security role in a Microsoft Entra ID identity store +binds to Global Administrator. If minimum role assignment for the service account is used, the +default Admin Security role criteria should also be changed to the User Account Administrators +group. + +The user is created and added to your Microsoft Entra ID tenant. + +You can now create an identity store for Microsoft Entra ID in Directory Manager. + +Make sure you copy the application ID which is generated by Microsoft Entra ID when the application +is registered. This application ID will be required while creating an identity store for Microsoft +Entra ID. diff --git a/docs/directorymanager/11.1/configureentraid/overview.md b/docs/directorymanager/11.1/configureentraid/overview.md index e3c0cce569..6f27f6a34d 100644 --- a/docs/directorymanager/11.1/configureentraid/overview.md +++ b/docs/directorymanager/11.1/configureentraid/overview.md @@ -1,3 +1,9 @@ +--- +title: "Configure Directory Manager in Microsoft Entra ID" +description: "Configure Directory Manager in Microsoft Entra ID" +sidebar_position: 90 +--- + # Configure Directory Manager in Microsoft Entra ID In Directory Manager, you can create an identity store for an identity provider and perform diff --git a/docs/directorymanager/11.1/configureentraid/register/_category_.json b/docs/directorymanager/11.1/configureentraid/register/_category_.json new file mode 100644 index 0000000000..b8f27a0a7f --- /dev/null +++ b/docs/directorymanager/11.1/configureentraid/register/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Register in Microsoft Entra ID", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/directorymanager/11.1/configureentraid/register/apppermissions.md b/docs/directorymanager/11.1/configureentraid/register/apppermissions.md index fe8ce3a4c3..37cfd8a7d7 100644 --- a/docs/directorymanager/11.1/configureentraid/register/apppermissions.md +++ b/docs/directorymanager/11.1/configureentraid/register/apppermissions.md @@ -1,3 +1,9 @@ +--- +title: "Microsoft Entra ID Permissions" +description: "Microsoft Entra ID Permissions" +sidebar_position: 20 +--- + # Microsoft Entra ID Permissions While using a Microsoft Entra ID identity store with Microsoft Entra ID, the user must have certain @@ -6,7 +12,7 @@ role assignments and application permissions on the registered app in Microsoft This topic lists those roles and permissions Directory Manager needs to perform operations in a Microsoft Entra ID provider. -See the [ Licensing ](/docs/directorymanager/11.1/admincenter/general/licensing.md) topic for additional information on +See the [ Licensing ](/docs/directorymanager/11.1/signin/concepts/licensing.md) topic for additional information on Directory Manager licensing. ## Graph API Application Permissions diff --git a/docs/directorymanager/11.1/configureentraid/register/appregister.md b/docs/directorymanager/11.1/configureentraid/register/appregister.md index 08abd0d679..b85c6968a3 100644 --- a/docs/directorymanager/11.1/configureentraid/register/appregister.md +++ b/docs/directorymanager/11.1/configureentraid/register/appregister.md @@ -1,3 +1,9 @@ +--- +title: "Registration and Permissions Assignment" +description: "Registration and Permissions Assignment" +sidebar_position: 10 +--- + # Registration and Permissions Assignment This section discusses the Directory Manager application registration and permission assignment diff --git a/docs/directorymanager/11.1/configureentraid/register/create.md b/docs/directorymanager/11.1/configureentraid/register/create.md deleted file mode 100644 index ac26f9398a..0000000000 --- a/docs/directorymanager/11.1/configureentraid/register/create.md +++ /dev/null @@ -1,70 +0,0 @@ -# Microsoft Entra ID User - -Once your application has been registered with Microsoft Entra ID, formerly Azure Active Directory, -create a user that will be set as a service account while creating an identity store for Microsoft -Entra IDin Directory Manager. - -Follow the steps to create a user in Microsoft Entra ID: - -Step 1 – In the Microsoft Entra Admin Center, go to Microsoft Entra ID> Users and click **New -User** > **Create new user**. - -![create_user](/img/product_docs/directorymanager/11.1/configureentraid/register/create_user.webp) - -Step 2 – On the User page: - -![create_new_user_page](/img/product_docs/directorymanager/11.1/configureentraid/register/create_new_user_page.webp) - -- The **Basics** tab contains the core fields required to create a new user. - - - **User principal name**: Enter a unique username and select a domain from the menu after the @ - symbol. Select **Domain not listed** if you need to create a new domain. For more information, - see - [Add your custom domain name](https://learn.microsoft.com/en-us/entra/fundamentals/add-custom-domain). - - **Mail nickname**: If you need to enter an email nickname that is different from the user - principal name you entered, uncheck the **Derive from user principal name** option, then enter - the mail nickname. - - **Display name**: Enter the user's name. - - **Password**: Provide a password for the user to use during their initial sign-in. Uncheck the - **Auto-generate password** option to enter a different password. - - **Account enabled**: This option is checked by default. Uncheck to prevent the new user from - being able to sign-in. You can change this setting after the user is created. - - Either select the **Review + create** button to create the new user or **Next: Properties** to - complete the next section. - -- The **Properties** tab has some categories of user properties you can provide. These properties - can be added or updated after the user is created. The properties are: - - - **Identity**: Enter the user's first and last name. Set the User type as either Member or - Guest. - - **Job information**: Add any job-related information, such as the user's job title, - department, or manager. - - **Contact information**: Add any relevant contact information for the user. - - **Settings**: Specify the user's global location. - - Either select the **Review + create** button to create the new user or **Next: Assignments** to - complete the next section. - -- The **Assignments** tab. You can assign the user: - - - an administrative unit - - group(s), select a group if you want to add the user to one or more existing groups - - role(s), assign the user a Global administrator role - Members of this role can create/manage groups, create/manage groups settings like naming and - expiration policies, and view groups activity and audit reports. - - Select the **Review + create** button. - -By default, the Directory Manager Administrator security role in a Microsoft Entra ID identity store -binds to Global Administrator. If minimum role assignment for the service account is used, the -default Admin Security role criteria should also be changed to the User Account Administrators -group. - -The user is created and added to your Microsoft Entra ID tenant. - -You can now create an identity store for Microsoft Entra ID in Directory Manager. - -Make sure you copy the application ID which is generated by Microsoft Entra ID when the application -is registered. This application ID will be required while creating an identity store for Microsoft -Entra ID. diff --git a/docs/directorymanager/11.1/configureentraid/register/modauth.md b/docs/directorymanager/11.1/configureentraid/register/modauth.md index 8a4fe21210..7bd3bc54e6 100644 --- a/docs/directorymanager/11.1/configureentraid/register/modauth.md +++ b/docs/directorymanager/11.1/configureentraid/register/modauth.md @@ -1,3 +1,9 @@ +--- +title: "Certificate for Entra ID Authentication" +description: "Certificate for Entra ID Authentication" +sidebar_position: 30 +--- + # Certificate for Entra ID Authentication While configuring Directory Manager application in Microsoft Entra ID you must provide a certificate @@ -24,8 +30,8 @@ The generated certificate in .pfx format will be used: - While creating a Microsoft Entra ID identity store (on the Identity Store Details page of new identity store creation wizard). See the point # 6 the - [Create an Identity Store for Microsoft Entra ID](/docs/directorymanager/11.1/admincenter/identitystore/create.md#create-an-identity-store-for-microsoft-entra-id) - section of the [Create an Identity Store](/docs/directorymanager/11.1/admincenter/identitystore/create.md) topic. + [Create an Identity Store for Microsoft Entra ID](/docs/directorymanager/11.1/signin/identitystore/create.md#create-an-identity-store-for-microsoft-entra-id) + section of the [Create an Identity Store](/docs/directorymanager/11.1/signin/identitystore/create.md) topic. - On the Messaging System page in identity store properties when Exchange Online/Office 365 is set as a messaging provider. diff --git a/docs/directorymanager/11.1/configureentraid/register/overview.md b/docs/directorymanager/11.1/configureentraid/register/overview.md index 56805062b0..f331702785 100644 --- a/docs/directorymanager/11.1/configureentraid/register/overview.md +++ b/docs/directorymanager/11.1/configureentraid/register/overview.md @@ -1,3 +1,9 @@ +--- +title: "Register in Microsoft Entra ID" +description: "Register in Microsoft Entra ID" +sidebar_position: 10 +--- + # Register in Microsoft Entra ID To use Microsoft Entra ID, formerly Azure Active Directory, identity provider, Directory Manager diff --git a/docs/directorymanager/11.1/credentialprovider/_category_.json b/docs/directorymanager/11.1/credentialprovider/_category_.json new file mode 100644 index 0000000000..cbd104d067 --- /dev/null +++ b/docs/directorymanager/11.1/credentialprovider/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Credential Provider", + "position": 70, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "credentialprovider" + } +} \ No newline at end of file diff --git a/docs/directorymanager/11.1/portal/user/manage/credentialprovider.md b/docs/directorymanager/11.1/credentialprovider/credentialprovider.md similarity index 93% rename from docs/directorymanager/11.1/portal/user/manage/credentialprovider.md rename to docs/directorymanager/11.1/credentialprovider/credentialprovider.md index 5a24db6e71..fe76614c13 100644 --- a/docs/directorymanager/11.1/portal/user/manage/credentialprovider.md +++ b/docs/directorymanager/11.1/credentialprovider/credentialprovider.md @@ -1,3 +1,9 @@ +--- +title: "Credential Provider" +description: "Credential Provider" +sidebar_position: 70 +--- + # Credential Provider Directory Manager Credential Provider is a web interface for unlocking user accounts and resetting diff --git a/docs/directorymanager/11.1/portal/user/manage/installcp.md b/docs/directorymanager/11.1/credentialprovider/installcp.md similarity index 98% rename from docs/directorymanager/11.1/portal/user/manage/installcp.md rename to docs/directorymanager/11.1/credentialprovider/installcp.md index ba14e85480..2977ca3cd1 100644 --- a/docs/directorymanager/11.1/portal/user/manage/installcp.md +++ b/docs/directorymanager/11.1/credentialprovider/installcp.md @@ -1,3 +1,9 @@ +--- +title: "Install Credential Provider" +description: "Install Credential Provider" +sidebar_position: 10 +--- + # Install Credential Provider You can install Directory Manager Credential Provider in one of the following ways: diff --git a/docs/directorymanager/11.1/portal/user/manage/uninstallcp.md b/docs/directorymanager/11.1/credentialprovider/uninstallcp.md similarity index 92% rename from docs/directorymanager/11.1/portal/user/manage/uninstallcp.md rename to docs/directorymanager/11.1/credentialprovider/uninstallcp.md index 3916847d0b..c8b47c7de8 100644 --- a/docs/directorymanager/11.1/portal/user/manage/uninstallcp.md +++ b/docs/directorymanager/11.1/credentialprovider/uninstallcp.md @@ -1,3 +1,9 @@ +--- +title: "Uninstall Credential Provider" +description: "Uninstall Credential Provider" +sidebar_position: 20 +--- + # Uninstall Credential Provider You can uninstall Credential Provider using one of the following: diff --git a/docs/directorymanager/11.1/gettingstarted.md b/docs/directorymanager/11.1/gettingstarted.md deleted file mode 100644 index a7e67b7906..0000000000 --- a/docs/directorymanager/11.1/gettingstarted.md +++ /dev/null @@ -1,99 +0,0 @@ -# Getting Started - -To get started with Directory Manager, it would be helpful to get an understanding of the following: - -- Directory Manager clients -- Initial Admin Center configurations after installation -- Compatible devices and browsers -- Supported languages - -## Clients - -The Directory Manager application comprises of the following main modules or clients: - -**Admin Center** - -Admin Center is the administrative console that enables administrators to configure settings and -controls that are essential to the functioning of Directory Manager. - -**Directory Manager portal** - -This is the user-facing portal that enables administrators and users to create and manage directory -objects, sync data between providers, manage entitlements for file servers and SharePoint sites, and -generate reports to analyze the directory. - -Self-Service Password Reset portal (SSPR) - -This portal enables users to manage their directory account passwords, i.e., the password for the -account they use to access their workstations and other Microsoft services. Users can change and -reset their passwords, as well as unlock their accounts. They can also enroll their accounts in -Directory Manager and link accounts in different identity stores. - -**Management Shell** - -This command-line interface is intended for users who are comfortable with scripts. Use Management -Shell cmdlets to perform several group and user management functions, as an alternative to -performing those same functions from the Directory Manager portal. - -**APIs** - -Integrate other applications with Directory Manager to perform several user management and group -management functions. - -## Initial Admin Center Configurations - -After installing and configuring Directory Manager, the Super Admin is the only user who can sign -into Admin Center (see the [Access Admin Center](/docs/directorymanager/11.1/admincenter/signin.md) topic for additional -information). This user must create an identity store and configure security roles, so that other -users can sign in and use the application. The Super Admin can choose to configure further settings -or let another admin user in an identity store do so. - -The following settings must be configured in Admin Center, so that administrators and users can -perform identity and access management tasks using Directory Manager: - -- Create and configure identity stores - An identity store is built on an identity provider and - enables you to manage objects and object permissions in the provider. See the - [Identity Stores](/docs/directorymanager/11.1/admincenter/identitystore/overview.md) topic for additional information. -- Create data sources - A data source is built on a provider, such as directories, databases and - files. Data sources are used as source and destination in Synchronize jobs, in query-based - searches, and in group membership queries. See the - [ Data Sources](/docs/directorymanager/11.1/admincenter/datasource/overview.md) topic for additional information. -- Create a portal - Create a web-based Directory Manager portal and link it to an identity store, so - that users can carry out user, group, and entitlement management tasks. See the - [ Directory Manager Portal](/docs/directorymanager/11.1/admincenter/portal/overview.md) topic for additional information. -- Create an SMS gateway account - Using an SMS gateway account, Directory Manager sends text - messages to users’ mobile numbers, which may include verification codes and password reset links. - See the [SMS Gateway](/docs/directorymanager/11.1/admincenter/smsgateway/overview.md) topic for additional information. - -## Compatibility - -This section lists the browsers, devices, and languages that Directory Manager supports. - -- Directory Manager can run on all modern desktop, laptop, and tablet devices. -- -Directory Manager supports the latest versions of the following browsers: - - - Microsoft Edge - - Safari - - Google Chrome - - Mozilla Firefox - -## Localization - -Directory Manager Admin Center and the portals detect the language settings of the web browser -accessing them, and attempt to serve content in that language. Supported languages are: - -- Danish -- Dutch -- English (default) -- Finnish -- French -- German -- Icelandic -- Italian -- Portuguese -- Spanish -- Swedish -- Turkish - -If Directory Manager does not support the browser’s language set or if it cannot detect it, English -is used to serve the content. diff --git a/docs/directorymanager/11.1/install/about.md b/docs/directorymanager/11.1/install/about.md deleted file mode 100644 index d9ae2b7dc1..0000000000 --- a/docs/directorymanager/11.1/install/about.md +++ /dev/null @@ -1,8 +0,0 @@ -# Installation - -The Directory Manager installer auto detects the prerequisite software and Windows features that -Directory Manager requires, and installs them without any manual intervention. This has practically -simplified Directory Manager installation, reduced workloads, and diminished installation time. - -Furthermore, Directory Manager configuration and upgrade has been seamlessly integrated into the -installation experience. diff --git a/docs/directorymanager/11.1/install/configure/configure.md b/docs/directorymanager/11.1/install/configure/configure.md deleted file mode 100644 index ca2698c243..0000000000 --- a/docs/directorymanager/11.1/install/configure/configure.md +++ /dev/null @@ -1,42 +0,0 @@ -# Configuration Tool - -You can configure Directory Managerimmediately after installing it. - -Step 1 – Run the Configuration Tool in one of the following ways: - -- To configure Directory Managerright after installation, click **Next** on the **Run Configuration - Tool** page. See the [Installation Tool](/docs/directorymanager/11.1/install/installer/install.md) topic. -- When Directory Manager is installed, the Configuration Tool is also installed as a separate - program on the machine. Launch the Directory Manager Configuration Tool from the Windows Start - screen. - -In either case, the tool opens to the **Introduction** page. - -![Introduction page](/img/product_docs/directorymanager/11.1/install/configure/intro.webp) - -Step 2 – Read the welcome message and click **Next**. - -![Create new server page](/img/product_docs/directorymanager/11.1/install/configure/select_to_create_a_new_server-new.webp) - -Step 3 – To configure a Directory Manager server or a Directory Manager client, select the relevant -option. - -- **Configure a new GroupID server with new or existing database** – configures the Directory - Manager server and the Directory Manager Data Service on the machine where Directory Manager is - being installed. - - It also configures the Directory Manager Elasticsearch Service as a master node for the - Elasticsearch service cluster to support load balancing. See the - [Configure a New Directory Manager Server with a New or an Existing Database](/docs/directorymanager/11.1/install/configure/gidserver.md) - topic for additional information. - -- **Configure a new GroupID 11 server to add it into an existing GroupID 11 cluster with an existing - database** – configures a Directory Manager server that has its own Data Service. This data - service gets the configurations (paraphrase and database settings) of the Data Service deployed - for another Directory Manager server in your environment. - - This option also configures the Directory Manager Elasticsearch Service as a slave node to the - master node for the Elasticsearch Service cluster configured on the Directory Manager server. - See the - [Configure a new Directory Manager server to add it to an existing Directory Manager 11 cluster with an existing database](/docs/directorymanager/11.1/install/configure/database.md) - topic for additional information. diff --git a/docs/directorymanager/11.1/install/configure/database.md b/docs/directorymanager/11.1/install/configure/database.md deleted file mode 100644 index 8b808acd9a..0000000000 --- a/docs/directorymanager/11.1/install/configure/database.md +++ /dev/null @@ -1,196 +0,0 @@ -# Configure a new Directory Manager server to add it to an existing Directory Manager 11 cluster with an existing database - -While installing Directory Manager, you can choose to create a Directory Managerserver with load -balancing support, where load will be balanced in real time with multiple Data Services, portals and -Elasticsearch instances. - -This option also configures the Directory Manager Elasticsearch Service as a slave node to the -master node for the Elasticsearch Service cluster configured on the Directory Manager server. - -To configure a Directory Manager server with existing database: - -Step 1 – On the Select to create new server or use existing server page of the Configuration Tool, -select [Configure a New Directory Manager Server with a New or an Existing Database](/docs/directorymanager/11.1/install/configure/gidserver.md) -option. See Step 3 on the [Configuration Tool](/docs/directorymanager/11.1/install/configure/configure.md) topic. - -Step 2 – Click **Next**. - -![database_settings](/img/product_docs/directorymanager/11.1/install/configure/databasesettings.webp) - -Step 3 – In the SQL Server list, select the SQL Server to use with this new Directory Manager -Server. The SQL Server must be the same used with the master node of Directory Manager. - -If the required server does not appear in the list, make sure that the SQL Server Browser service is -running on the SQL Server machine and then click the **Refresh** button. - -Step 4 – In the Authentication list, select an authentication mode to be used when connecting to the -SQL Server database. Modes are: - -- SQL Server Authentication - To set SQL Server to work with Directory Manager using an SQL Server - account. See the [Authentication Modes](/docs/directorymanager/11.1/requirements/setupauthentication.md) topic for - additional information. -- Windows Authentication - To set SQL Server to work with Directory Manager using a Windows user - account. See the [Authentication Modes](/docs/directorymanager/11.1/requirements/setupauthentication.md) topic for - additional details. - -Step 5 – Depending on the authentication mode selected, do the following: - -- For SQL Server Authentication: enter the user name and password of the selected SQL Server in the - **SQL Username** and **SQL Password** boxes. -- For Windows Authentication: User name and password fields will be disabled with Windows - Authentication. The logged-in user credentials will be populated here. - -Step 6 – In the SQL Database box, specify name of the SQL database being used by the master -Directory Manager node. This new Directory Manager instance will use the same database. - -NOTE: While configuring a new Directory Manager machine with an existing database option, the Copy -Database button has no relevance here. - -Step 7 – Click **Next**. - -![License page](/img/product_docs/directorymanager/11.1/install/configure/license_w_existing_db_option.webp) - -Step 8 – On the License page, license information of Directory Manager installed on the master node -is displayed. A valid license and key enable the Next button. If the Next button remains disabled, -check your entries for errors. - -Step 9 – Click **Next**. - -![GroupID Service Configurations](/img/product_docs/directorymanager/11.1/install/configure/servicesconfiguration.webp) - -Step 10 – Directory Manager requires two services: - -- Directory Manager Data Service: This is a web-based service that Directory Manager uses to - communicate with Microsoft SQL Server for storing and fetching data in the database. -- Directory Manager Security Service: This is also a web-based service that Directory Manager uses - to: - - - Authenticate and authorize users on different Directory Manager functionalities in accordance - with their roles. - - Encrypt and decrypt data that Directory Manager Data Service stores and fetches from the SQL - database. - - To deploy these services, the Configuration Tool creates and configures a new website in IIS - with the name _GroupIDSite11_. By default, it binds this site to any of the available ports. - However, if you have a different preference, you can change the port. - - Click **Advanced Options** and enter the port in the Port Number box. - -- Replication service: This service replicates object attributes from the provider (such as Active - Directory) to Elasticsearch. -- Admin Center: Admin Center is a web-based application that can be accessed over the Internet and - Intranet. - -NOTE: This Directory Manager instance will use Email and Scheduler services of the selected cluster. - -Step 11 – Click **Next**. - -![Elasticsearch Settings page](/img/product_docs/directorymanager/11.1/install/configure/elasticsearchsettings.webp) - -Step 12 – Directory Manager provides the following two options for Elasticsearch configuration. -Select the relevant option: - -- Let Directory Managerinstall and manage Elasticsearch: If you select this option, Directory - Manager Configuration Tool will install Elasticsearch. It presents you default configuration of - Elasticsearch cluster it will create: - - ![Select Elastic Cluster page](/img/product_docs/directorymanager/11.1/install/configure/select_cluster_w_existing_db_option.webp) - - 1. Cluster Name: lists all the clusters defined so far. Select one to create an Elasticsearch - node within the selected cluster. - 2. Port: the default port for Elasticsearch API communication. Modify the port number if the - mentioned default port is not available. - 3. TCP Port: the default port for communication between nodes within the cluster. Modify the - port number if the mentioned default port is not available. - - NOTE: Make sure that the specified ports are available and unblocked. - - I will install and manage Elasticsearch myself: If you select this option, the following page is - displayed: - - ![Elasticsearch settings page](/img/product_docs/directorymanager/11.1/install/configure/elasticsearchsettings-2.webp) - - Provide configurations of Elasticsearch you want to use with Directory Manager: - - - Elasticsearch URL: URL for accessing the Elasticsearch. - - Elasticsearch Username: service account for Elasticsearch. - - Elasticsearch Password: password of the Elasticsearch service account. - -Step 13 – Click **Next**. - -![Service Account Settings page](/img/product_docs/directorymanager/11.1/install/configure/service_account_settings_w_existing_db.webp) - -NOTE: If you configure a Group Managed Service Account (gMSA) as an App Pool service account then -the Directory ManagerConfiguration tool will add this account in the local administrators and -IIS_IUSRS groups. - -NOTE: If you configure a normal user account as an App Pool service account and an AD identity store -is created with a gMSA service account, then the App Pool service account must have the -_PrincipalsAllowedToRetrieveManagedPassword_ property. The App Pool service account also must be a -member of Backup Operators and IIS_IUSRS groups. - -Step 14 – On the Service Account Settings page, specify the service account to use for the Directory -Manager app pool in IIS and Windows services. - -- Use a domain account or a Group Managed Service Account (gMSA). -- The account must be a member of the Administrators group or both the Backup Operators and - IIS_IUSRS groups. -- The account you specify will be used to manage the Directory Manager app pool in IIS. Directory - Manager Data Service, Security Service, and the portals run under the app pool. -- By default, a local account, GroupIDSSuser, is set for the Directory Manager app pool, but you - cannot proceed unless you change it to a domain account or gMSA. -- You can specify a local account (with local administrator rights) in app pool for a machine that - is not joined to any domain (this applies to an Microsoft Entra ID identity store only). - - NOTE: For Directory Manager App Pool, a domain account can be used for a machine joined to a - domain. - - NOTE: Before you use a Group Managed Service Account, make sure that: - - - Key Distribution Service (KDS) is enabled on the Directory Manager machine. - - Microsoft AD module for PowerShell is installed on the machine. - -Step 15 – You can specify a service accounts for the app pool in any of the following ways: - -- Use an existing account: Click **Browse**. - - ![Find Service Account page](/img/product_docs/directorymanager/11.1/install/configure/findserviceaccount.webp) - - On the Find Service Account dialog box, search and select the required account and click **OK**. - -- Create a new service account: Click the **Create New** button on the Service Account Setting page. - - ![Create a new service account page](/img/product_docs/directorymanager/11.1/install/configure/createserviceaccount.webp) - - On the Create Service Account dialog box, select the kind of account you want to create. Enter a - name, container and password for the account. Click **Create**. - - NOTE: The logged-in user must have appropriate rights to create a new account. - - NOTE: If Key Distribution Service (KDS) is not configured in the environment, a warning will be - displayed that you cannot use a Group Managed Service Account. - -Step 16 – Provide password for the App Pool service account (except for a Group Managed Service -Account) in the Password box. - -Step 17 – Click **Configure**. - -![Configuring GroupID ](/img/product_docs/directorymanager/11.1/install/configure/configuring.webp) - -Step 18 – The next page displays the progress while a Directory Manager server is configured on the -machine. While configuring the machine, the Configuration Tool checks the application’s signing key -status and update it according to your Directory Manager environment. See the -[Update Signing Key](/docs/directorymanager/11.1/install/configure/signingkeyinfo.md) topic for information how Configuration Tool will update -Directory Manager's Signing Key. - -Step 19 – This completes the configuration of Directory Manager as a slave node on your machine. -Click **Launch GroupID** to start using Directory Manager. The Sign In pa ge opens: - -![GroupID Sign In page](/img/product_docs/directorymanager/11.1/install/configure/launchgid.webp) - -To login in to Directory Manager Admin Center for the first time, provide Directory Manager -Administrator user name and password. - -or - -click **Next** to launch the Upgrade wizard for upgrading Directory Manager. diff --git a/docs/directorymanager/11.1/install/configure/overview.md b/docs/directorymanager/11.1/install/configure/overview.md deleted file mode 100644 index cf1163fe09..0000000000 --- a/docs/directorymanager/11.1/install/configure/overview.md +++ /dev/null @@ -1,12 +0,0 @@ -# Configuration - -Use the Configuration Tool to configure a new Directory Manager server. The tool configures: - -- A valid license for Directory Manager -- Scheduling, Email and Replication services -- Elasticsearch settings -- An encryption key to encrypt Directory Manager data -- An SQL Server and database -- Service account for Directory Manager App Pool -- Admin Center -- A default account for Admin Center diff --git a/docs/directorymanager/11.1/install/uninstall.md b/docs/directorymanager/11.1/install/uninstall.md deleted file mode 100644 index 04fc4f9938..0000000000 --- a/docs/directorymanager/11.1/install/uninstall.md +++ /dev/null @@ -1,94 +0,0 @@ -# Uninstall - -Before you uninstall Directory Manager , make sure that the logged-in user is a member of the local -Administrators group on that machine. - -To uninstall the current Directory Manager version to upgrade to a newer version, follow these -steps: - -1. Click **Start**. -2. Type **Control Panel** and select it. -3. Select **Uninstall a program**. -4. From the **Name** column, right-click **Imanami GroupID `version`**and select **Uninstall**. -5. On the **User Account Control** window, click **Yes**. - -This will uninstall Directory Manager from your machine. - -## Complete Uninstall - -To uninstall Directory Manager completely, remove the Directory Manager folders and registry keys -from your machine. This done, you do not have the option to upgrade to a newer version of Directory -Manager. - -First, uninstall Directory Manager using the steps described above. - -Next, to completely uninstall Directory Manager from your machine, remove: - -- The Directory Manager installation directory -- Other relevant directories -- Registry keys -- Directory Manager Site -- Directory Manager application pools -- Directory Manager certificates - -Remove the Directory Manager installation directory - -1. Go to the location: - X:\Program Files\Imanami - (X represents the Directory Manager installation drive). -2. Delete the directory named GroupID 11.0. - -Remove other relevant directories - -1. On the Windows **Run** dialog box, type the command: - - ``` - %ALLUSERSPROFILE%\Imanami - ``` - -2. From the location referenced by the given command, delete the folder: GroupID 11.0. - -Remove registry keys - -1. Open the **Registry Editor** by typing **regedit** in the Windows **Run** dialog box. -2. Delete the following registry keys: - - ``` - HKEY_LOCAL_MACHINE\SOFTWARE\Imanami\GroupID\Version 11.0 - ``` - -Remove the Directory Manager Site - -Follow these steps to remove the Directory Manager site from IIS: - -1. Open the Internet Information Service console by typing _inetmgr_ in the Windows **Run** dialog - box. -2. Expand the `` node in the console tree and click **Sites**. -3. On the **Sites** page, delete _GroupIDSite11_. - -Remove the Directory Manager applications and services pools - -Follow these steps to remove the Directory Manager Admin Center, app pool, services and portal from -IIS: - -1. Open the Internet Information Service console by typing _inetmgr_ in the Windows **Run** dialog - box. -2. Expand the `` node in the console tree and click **Application Pools**. -3. On the **Application Pools** page, delete all app pools for Directory Manager Admin Center, - applications, portals and services. - -Remove Directory Manager Certificates - -Follow these steps to remove Directory Manager certificates from IIS: - -1. Open the Internet Information Service console by typing _inetmgr_ in the Windows **Run** dialog - box. -2. Click the `` node in the console tree. On the **Features View** tab, select - **Server Certificates** in the IIS section. -3. Delete these certificates bound to GroupIDSite11 (the site deploying Data Service): - - - GroupIDSecurityService - - Imanami GroupID Certificate - -NOTE: Do not remove these certificates if another Directory Manager version is installed on the -machine. diff --git a/docs/directorymanager/11.1/install/upgrade/overview.md b/docs/directorymanager/11.1/install/upgrade/overview.md deleted file mode 100644 index 35f3545308..0000000000 --- a/docs/directorymanager/11.1/install/upgrade/overview.md +++ /dev/null @@ -1,54 +0,0 @@ -# Upgrade - -Directory Manager 11 supports upgrade from the following: - -- GroupID 10.0 -- GroupID 9.0 - -## Prerequisites for Upgrade - -The following must be in place before you run the Upgrade wizard. - -NOTE: In the following text, the term ‘source version’ refers to the GroupID version you are -upgrading from. - -Step 1 – For upgrade on a different box, the source version file system must be present on the -Directory Manager 11 server. For that, do the following: - -1. On the source version server, for example, GroupID 10 server, go - to` [GroupID Installation Drive]:\Program Files\Imanami\` and copy the GroupID 10 folder. -2. Go to the Directory Manager 11 server, create a path as follows, and paste the GroupID 10 folder - there: - - `C:\Program Files\Imanami\` - - On pasting the GroupID 10 folder, it will be as: - `C:\Program Files\Imanami\GroupID 10\` - -Step 2 – The following applies to upgrade on a different box. -If a gMSA is used as the service account for an identity store in the source version, you must -configure that gMSA on the Directory Manager 11 server before you upgrade. -To configure a gMSA, see the -[gMSA for Active Directory](/docs/directorymanager/11.1/requirements/permissions/gmsarequirements.md) topic. - -Step 3 – A disabled identity store in the source version will not be upgraded to Directory -Manager 11. -To upgrade a disabled identity store, you must enable it in the source version before upgrade. Then -disable it in Directory Manager 11 immediately after upgrade. - -Step 4 – To upgrade schedules and Synchronize jobs on a different box, you must run a utility on the -Directory Manager 11 server before running the Upgrade wizard. Contact Netwrix Customer Support for -more info. - -If you forget the passphrase you used to encrypt GroupID data, upgrade is not possible. - -## Upgrade Logs - -Two log files are created on upgrade: - -- File name: UpgradeLog - Path:` X:\Imanami\GroupID 11.0\GroupIDUpgradeTool\` - (X represents the Directory Manager installation drive) -- File name: directorymanager11_Upgrade.log - Path: `C:\ProgramData\Imanami\GroupID 11.0\Upgrade Tool\` - (This file contains debug logs.) diff --git a/docs/directorymanager/11.1/install/upgrade/upgrade.md b/docs/directorymanager/11.1/install/upgrade/upgrade.md deleted file mode 100644 index 69bab8c2fb..0000000000 --- a/docs/directorymanager/11.1/install/upgrade/upgrade.md +++ /dev/null @@ -1,188 +0,0 @@ -# Upgrade to Directory Manager 11 - -The topic guides you to upgrade to Directory Manager 11.1 from Directory Manager 10. - -Follow the steps to upgrade. - -Step 1 – To launch the Upgrade wizard, click **Next** on the GroupID Successfully Configured page of -the Configuration Tool. - -OR - -Click **Start** > **Imanami** > **GroupID Upgrade Tool 11.0**. - -![Welcome page](/img/product_docs/directorymanager/11.1/install/upgrade/1-welcome.webp) - -Step 2 – Read the welcome message and click **Next**. - -![2-select_source_version](/img/product_docs/directorymanager/11.1/install/upgrade/2-select_source_version.webp) - -Step 3 – From the Select the previous version to upgrade list, select the Directory Manager version -to upgrade from. - -NOTE: The following steps discuss the upgrade process with Directory Manager 10 as the source -version. The process may vary for different source versions. - -Step 4 – Click **Next**. - -![Select modules to upgrade](/img/product_docs/directorymanager/11.1/install/upgrade/3-select_modules.webp) - -On the Select Modules to upgrade page, select the type of Directory Manager data for upgrade. You -can choose to upgrade all or selective data of the previous version. Options are: - -- Everything – upgrades all data, which covers all options discussed under Custom. -- Custom – choose what data you want to upgrade. On selecting it, the following options are listed, - from where you can choose the data to upgrade. - - ![3-select_modules-custom](/img/product_docs/directorymanager/11.1/install/upgrade/3-select_modules-custom.webp) - - NOTE: If later on, you wish to upgrade specific groups and their history via the Upgrade-Group - commandlet, then you must upgrade the Configuration and History in the first upgrade run. This - will upgrade the history in the database as per Directory Manager 11.1 format and replicates it - to Elasticsearch. Later on, when you upgrade specific groups and their history using the - Upgrade-Group commandlet, that will be done successfully. See the - [Upgrade-Group](/docs/directorymanager/11.1/managementshell/smartgroup/upgradegroup.md) commandlet for additional - information. - - If you want to upgrade configurations, history and all groups using the Directory Manager - Upgrade wizard , then you must select the Configurations, History, and Groups checkboxes. - -Step 5 – Click **Next**. - -Step 6 – If you have an Microsoft Entra ID based identity store in Directory Manager 10, the -following page appears. - -![Microsoft Entra ID Store Upgrade page](/img/product_docs/directorymanager/11.1/install/upgrade/entraidstore.webp) - -Provide the following information: - -- Registered Client Secret on EntraID: provide the client secret value generated against the - certificate uploaded Microsoft Entra Admin Centerwhile registering the Directory - Managerapplication. -- PFX Certificate: Click Browse to navigate to the folder where the certificate is saved. This - certificate must be the same uploaded for the registered Directory Manager app in Microsoft Entra - ID. -- PFX Certificate Password: Provide password of the PFX certificate. - -Step 7 – Click **Next**. - -Step 8 – If in the Directory Manager source version, Office 365 messaging provider is configured in -a Microsoft Entra ID based identity store or in an AD identity store, the Upgrade wizard displays -the following page. - -![ Upgrade wizard Microsoft Entra ID Messaging System page](/img/product_docs/directorymanager/11.1/install/upgrade/entraidmessagingsystem.webp) - -Provide the following information: - -- Client Secret: provide the client secret value generated against the certificate uploaded to - Microsoft Entra Admin Center while registering the Directory Manager application. -- PFX Certificate: Click Browse to navigate to the folder where the certificate is saved. This - certificate must be the same uploaded for the registered Directory Manager app in Microsoft Entra - ID. -- PFX Certificate Password: Provide password of the PFX certificate. - -Step 9 – If any Synchronize jobs exist in Directory Manager 10 or the version you are upgrading -from, then the wizard checks the destination domain set for them. Let's assume you have 5 jobs that -connect to different child domains in a forest with different service accounts and different -messaging providers. - -- If an identity store already exists in Directory Manager 10 for the destination domains that the - jobs connect to, then jobs are moved to the respective identity stores in Directory Manager 11.1. -- When there is no identity store in Directory Manager 10 for the destination domain that the jobs - connect to, the Upgrade wizard reads the FQDN of the destination domains used in the jobs and - tries to create a forest structure. On identifying one, it proceeds to create an identity store - for the forest, requiring you to provide a service account. (The user name and password fields - will be auto populated but you can change them.) All jobs with destination provider for that - forest domain or any of its child domains will be moved to the new identity store. - - ![synchronize_upgrade](/img/product_docs/directorymanager/11.1/install/upgrade/synchronize_upgrade.webp) - - NOTE: The service account you provide here should have at least _read_ permission in the entire - forest, so that all objects from the forest can be replicated to Elasticsearch. - - The wizard does not create a separate identity store for each child domain in the same forest. - In case it cannot determine a forest structure, it creates separate identity stores for each - domain. - -Step 10 – For Synchronize jobs that use Office 365 as messaging provider in Directory Manager 10, -the wizard would require you to provide the PFX certificate. All Synchronize jobs that use Office -365 as messaging provider will be listed on the wizard page. Expand each job and provide the PFX -certificate along with its password. - -![Upgrade wizard Synchronize Messaging System page](/img/product_docs/directorymanager/11.1/install/upgrade/entraidsynmessagingsystem.webp) - -Provide the following information: - -- Certificate: Click Browse to navigate to the folder where the certificate is saved. This - certificate must be the same uploaded for the registered Directory Manager app in Microsoft Entra - ID. -- Password: Provide password of the PFX certificate. -- Client Secret: provide the client secret value generated against the certificate uploaded to - Microsoft Entra Admin Center while registering the Directory Manager application. - -Step 11 – Click **Next**. - -Step 12 – In Directory Manager 10 and earlier versions, reports were generated for the domain that -the Directory Manager server was joined to. During upgrade, the wizard checks if an identity store -for that domain exists or not. - -- If an identity store for that domain exists or if it being created for a Synchronize job in this - upgrade process, Directory Manager will bind the reports to it. -- If an identity store for that domain does not exist, then you have to create an identity store for - it. It must essentially be an Active Directory identity store. The wizard will bind the reports - generated in Directory Manager 10 to the identity store, so you will be able to view them in - Directory Manager 11.1. - ![reports_upgrade](/img/product_docs/directorymanager/11.1/install/upgrade/reports_upgrade.webp) - -NOTE: If no report has been generated in Directory Manager 10, the page related to reports upgrade -will not be displayed. - -Step 13 – During upgrade, Synchronize schedules are also moved to identity stores. -The Upgrade wizard will check the jobs added to a schedule. If the destination in a job is a -directory provider, it will automatically move the schedule to the respective identity store. - -Remember, during upgrade, identity stores are created for destination directory providers of -Synchronize jobs (i.e., for providers that do not have an identity store in the source version). - -Consider the following: - -- If a schedule has Synchronize jobs where one job uses an Active Directory domain (DomainA) as - destination and another job uses a file-based provider as destination, then the schedule will auto - move to the identity store created for DomainA. -- For schedules with Synchronize jobs that use file-based providers as destination, the Upgrade - wizard will display the following page that will list all such schedules. Select an identity store - for each schedule, so that the schedule moves to that identity store. - - ![store_selection_for_schedules](/img/product_docs/directorymanager/11.1/install/upgrade/store_selection_for_schedules.webp) - - The rules stated above also apply to schedules with job collections added to them. - -Step 14 – Click **Next**. - -![Summary page](/img/product_docs/directorymanager/11.1/install/upgrade/5-summary.webp) - -This page displays a complete summary of the data to be copied/upgraded for your selected options. -These options were selected on the Select modules to upgrade page.. - -NOTE: If there are any disabled identity store(s) in the source Directory Manager version, Directory -Manager will not upgrade those identity store(s). However, data of those identity store(s) will -remain intact in the source Directory Manager version. - -Step 15 – Review the summary and click **Next**. - -![Upgrade Progress page](/img/product_docs/directorymanager/11.1/install/upgrade/6-upgrade_process_complete.webp) - -Directory Manager is upgraded while the Upgrade Process displays the upgrade progress. On successful -upgrade, the Upgradce Completed message above the progress bar is displayed. - -Step 16 – Click **Next**. - -![Upgrade Completed page](/img/product_docs/directorymanager/11.1/install/upgrade/7-upgrade_complete.webp) - -The Upgrade Completed page displays the status of features selected for upgrade. - -Step 17 – You can click: - -- View Details: to view log file generated during the Upgrade process. -- Launch GroupID: to start using Directory Manager 11.1. -- Close: to close the Upgrade wizard. diff --git a/docs/directorymanager/11.1/introduction/_category_.json b/docs/directorymanager/11.1/introduction/_category_.json new file mode 100644 index 0000000000..396438817b --- /dev/null +++ b/docs/directorymanager/11.1/introduction/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Netwrix Directory Manager v11.1 Documentation", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "introduction" + } +} \ No newline at end of file diff --git a/docs/directorymanager/11.1/introduction/gettingstarted.md b/docs/directorymanager/11.1/introduction/gettingstarted.md new file mode 100644 index 0000000000..be3976ffc1 --- /dev/null +++ b/docs/directorymanager/11.1/introduction/gettingstarted.md @@ -0,0 +1,105 @@ +--- +title: "Getting Started" +description: "Getting Started" +sidebar_position: 20 +--- + +# Getting Started + +To get started with Directory Manager, it would be helpful to get an understanding of the following: + +- Directory Manager clients +- Initial Admin Center configurations after installation +- Compatible devices and browsers +- Supported languages + +## Clients + +The Directory Manager application comprises of the following main modules or clients: + +**Admin Center** + +Admin Center is the administrative console that enables administrators to configure settings and +controls that are essential to the functioning of Directory Manager. + +**Directory Manager portal** + +This is the user-facing portal that enables administrators and users to create and manage directory +objects, sync data between providers, manage entitlements for file servers and SharePoint sites, and +generate reports to analyze the directory. + +Self-Service Password Reset portal (SSPR) + +This portal enables users to manage their directory account passwords, i.e., the password for the +account they use to access their workstations and other Microsoft services. Users can change and +reset their passwords, as well as unlock their accounts. They can also enroll their accounts in +Directory Manager and link accounts in different identity stores. + +**Management Shell** + +This command-line interface is intended for users who are comfortable with scripts. Use Management +Shell cmdlets to perform several group and user management functions, as an alternative to +performing those same functions from the Directory Manager portal. + +**APIs** + +Integrate other applications with Directory Manager to perform several user management and group +management functions. + +## Initial Admin Center Configurations + +After installing and configuring Directory Manager, the Super Admin is the only user who can sign +into Admin Center (see the [Access Admin Center](/docs/directorymanager/11.1/signin/signin.md) topic for additional +information). This user must create an identity store and configure security roles, so that other +users can sign in and use the application. The Super Admin can choose to configure further settings +or let another admin user in an identity store do so. + +The following settings must be configured in Admin Center, so that administrators and users can +perform identity and access management tasks using Directory Manager: + +- Create and configure identity stores - An identity store is built on an identity provider and + enables you to manage objects and object permissions in the provider. See the + [Identity Stores](/docs/directorymanager/11.1/signin/identitystore/overview.md) topic for additional information. +- Create data sources - A data source is built on a provider, such as directories, databases and + files. Data sources are used as source and destination in Synchronize jobs, in query-based + searches, and in group membership queries. See the + [ Data Sources](/docs/directorymanager/11.1/signin/datasource/overview.md) topic for additional information. +- Create a portal - Create a web-based Directory Manager portal and link it to an identity store, so + that users can carry out user, group, and entitlement management tasks. See the + [ Directory Manager Portal](/docs/directorymanager/11.1/signin/applications/portal/overview.md) topic for additional information. +- Create an SMS gateway account - Using an SMS gateway account, Directory Manager sends text + messages to users’ mobile numbers, which may include verification codes and password reset links. + See the [SMS Gateway](/docs/directorymanager/11.1/signin/smsgateway/overview.md) topic for additional information. + +## Compatibility + +This section lists the browsers, devices, and languages that Directory Manager supports. + +- Directory Manager can run on all modern desktop, laptop, and tablet devices. +- -Directory Manager supports the latest versions of the following browsers: + + - Microsoft Edge + - Safari + - Google Chrome + - Mozilla Firefox + +## Localization + +Directory Manager Admin Center and the portals detect the language settings of the web browser +accessing them, and attempt to serve content in that language. Supported languages are: + +- Danish +- Dutch +- English (default) +- Finnish +- French +- German +- Icelandic +- Italian +- Portuguese +- Spanish +- Swedish +- Turkish + +If Directory Manager does not support the browser’s language set or if it cannot detect it, English +is used to serve the content. diff --git a/docs/directorymanager/11.1/introduction.md b/docs/directorymanager/11.1/introduction/introduction.md similarity index 95% rename from docs/directorymanager/11.1/introduction.md rename to docs/directorymanager/11.1/introduction/introduction.md index 25c8715f2f..0dd8146cd4 100644 --- a/docs/directorymanager/11.1/introduction.md +++ b/docs/directorymanager/11.1/introduction/introduction.md @@ -1,3 +1,9 @@ +--- +title: "Netwrix Directory Manager v11.1 Documentation" +description: "Netwrix Directory Manager v11.1 Documentation" +sidebar_position: 10 +--- + # Netwrix Directory Manager v11.1 Documentation Managing directory objects (for example, Active Directory users and groups) can be a challenge: diff --git a/docs/directorymanager/11.1/introduction/whatsnew.md b/docs/directorymanager/11.1/introduction/whatsnew.md new file mode 100644 index 0000000000..a59306ecbf --- /dev/null +++ b/docs/directorymanager/11.1/introduction/whatsnew.md @@ -0,0 +1,13 @@ +--- +title: "What's New" +description: "What's New" +sidebar_position: 10 +--- + +# What's New + +## New Netwrix Community! + +All Netwrix product announcements have moved to the new Netwrix Community. See announcements for +Netwrix Directory Manager (formerly GroupID) in the +[Directory Manager](https://community.netwrix.com/c/110) area of our new community. diff --git a/docs/directorymanager/11.1/managementshell/_category_.json b/docs/directorymanager/11.1/managementshell/_category_.json new file mode 100644 index 0000000000..a8ed546bf2 --- /dev/null +++ b/docs/directorymanager/11.1/managementshell/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Directory Manager Management Shell", + "position": 110, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/directorymanager/11.1/managementshell/commands.md b/docs/directorymanager/11.1/managementshell/commands.md index c41676d280..2125764b05 100644 --- a/docs/directorymanager/11.1/managementshell/commands.md +++ b/docs/directorymanager/11.1/managementshell/commands.md @@ -1,3 +1,9 @@ +--- +title: "All Commands" +description: "All Commands" +sidebar_position: 10 +--- + # All Commands You can get a list of all Directory Manager Management Shell cmdlets using the _Get-ImanamiCommand_ diff --git a/docs/directorymanager/11.1/managementshell/contact/_category_.json b/docs/directorymanager/11.1/managementshell/contact/_category_.json new file mode 100644 index 0000000000..802977bdd5 --- /dev/null +++ b/docs/directorymanager/11.1/managementshell/contact/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Contact Commands", + "position": 40, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/directorymanager/11.1/managementshell/contact/getcontact.md b/docs/directorymanager/11.1/managementshell/contact/getcontact.md index 2fcefb90af..be27dd4645 100644 --- a/docs/directorymanager/11.1/managementshell/contact/getcontact.md +++ b/docs/directorymanager/11.1/managementshell/contact/getcontact.md @@ -1,3 +1,9 @@ +--- +title: "Get-Contact" +description: "Get-Contact" +sidebar_position: 10 +--- + # Get-Contact Use the Get-Contact cmdlet to retrieve basic information about a contact. diff --git a/docs/directorymanager/11.1/managementshell/contact/newcontact.md b/docs/directorymanager/11.1/managementshell/contact/newcontact.md index eb3ab0c5dc..bc8e98f595 100644 --- a/docs/directorymanager/11.1/managementshell/contact/newcontact.md +++ b/docs/directorymanager/11.1/managementshell/contact/newcontact.md @@ -1,3 +1,9 @@ +--- +title: "New-Contact" +description: "New-Contact" +sidebar_position: 20 +--- + # New-Contact Use the New-Contact cmdlet to create a new contact in the directory. Most contact properties can be diff --git a/docs/directorymanager/11.1/managementshell/contact/overview.md b/docs/directorymanager/11.1/managementshell/contact/overview.md index 689a85c5d4..d62f4c21b2 100644 --- a/docs/directorymanager/11.1/managementshell/contact/overview.md +++ b/docs/directorymanager/11.1/managementshell/contact/overview.md @@ -1,3 +1,9 @@ +--- +title: "Contact Commands" +description: "Contact Commands" +sidebar_position: 40 +--- + # Contact Commands Directory Manager provides the following cmdlets to perform contact-related tasks, such as: diff --git a/docs/directorymanager/11.1/managementshell/contact/removecontact.md b/docs/directorymanager/11.1/managementshell/contact/removecontact.md index 584789a94c..fdf2a56264 100644 --- a/docs/directorymanager/11.1/managementshell/contact/removecontact.md +++ b/docs/directorymanager/11.1/managementshell/contact/removecontact.md @@ -1,3 +1,9 @@ +--- +title: "Remove-Contact" +description: "Remove-Contact" +sidebar_position: 30 +--- + # Remove-Contact Use the Remove-Contact cmdlet to delete a contact from the directory. diff --git a/docs/directorymanager/11.1/managementshell/contact/setcontact.md b/docs/directorymanager/11.1/managementshell/contact/setcontact.md index e4bd6f25ee..000f14578f 100644 --- a/docs/directorymanager/11.1/managementshell/contact/setcontact.md +++ b/docs/directorymanager/11.1/managementshell/contact/setcontact.md @@ -1,3 +1,9 @@ +--- +title: "Set-Contact" +description: "Set-Contact" +sidebar_position: 40 +--- + # Set-Contact The Set-User cmdlet modifies a user in the directory. Most user properties can be directly modified diff --git a/docs/directorymanager/11.1/managementshell/dynasty/_category_.json b/docs/directorymanager/11.1/managementshell/dynasty/_category_.json new file mode 100644 index 0000000000..efc071e5b6 --- /dev/null +++ b/docs/directorymanager/11.1/managementshell/dynasty/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Dynasty Commands", + "position": 50, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/directorymanager/11.1/managementshell/dynasty/newdynasty.md b/docs/directorymanager/11.1/managementshell/dynasty/newdynasty.md index 30259ef3be..efdd95a526 100644 --- a/docs/directorymanager/11.1/managementshell/dynasty/newdynasty.md +++ b/docs/directorymanager/11.1/managementshell/dynasty/newdynasty.md @@ -1,3 +1,9 @@ +--- +title: "New-Dynasty" +description: "New-Dynasty" +sidebar_position: 10 +--- + # New-Dynasty The New-Dynasty cmdlet creates a new Dynasty in Directory. A Dynasty is a Smart Group that can @@ -101,7 +107,7 @@ Example 2: The following command creates a new mail-enabled, universal, distribution, multi-level Dynasty with the group-by attributes Country, State and City based on the specified filters and separator, using the credentials set in the $Credentials environment variable. See the -[Set the $Credentials Environment Variable](/docs/directorymanager/11.1/managementshell/parameters/setthecredential.md) topic for setting +[Set the $Credentials Environment Variable](/docs/directorymanager/11.1/managementshell/setthecredential.md) topic for setting credentials in an environment variable. ``` diff --git a/docs/directorymanager/11.1/managementshell/dynasty/overview.md b/docs/directorymanager/11.1/managementshell/dynasty/overview.md index 52ff673d3d..c6a3381a90 100644 --- a/docs/directorymanager/11.1/managementshell/dynasty/overview.md +++ b/docs/directorymanager/11.1/managementshell/dynasty/overview.md @@ -1,3 +1,9 @@ +--- +title: "Dynasty Commands" +description: "Dynasty Commands" +sidebar_position: 50 +--- + # Dynasty Commands This section covers the following cmdlets for managing Dynasties. diff --git a/docs/directorymanager/11.1/managementshell/dynasty/setdynasty.md b/docs/directorymanager/11.1/managementshell/dynasty/setdynasty.md index bb8a39379e..d8946a5b53 100644 --- a/docs/directorymanager/11.1/managementshell/dynasty/setdynasty.md +++ b/docs/directorymanager/11.1/managementshell/dynasty/setdynasty.md @@ -1,3 +1,9 @@ +--- +title: "Set-Dynasty" +description: "Set-Dynasty" +sidebar_position: 20 +--- + # Set-Dynasty The Set-Dynasty commandlet lets you to modify a Dynasty or its children in Directory. @@ -140,7 +146,7 @@ The command below modifies the Top Manager of a Managerial Dynasty, changes the display name templates for the Dynasty children, sets the scope to search Dynasty children in the containers specified in the Add parameter excluding sub-containers using the credentials set in the $Credentials environment variable. See the -[Set the $Credentials Environment Variable](/docs/directorymanager/11.1/managementshell/parameters/setthecredential.md) topic for setting +[Set the $Credentials Environment Variable](/docs/directorymanager/11.1/managementshell/setthecredential.md) topic for setting credentials in an environment variable. ``` diff --git a/docs/directorymanager/11.1/managementshell/general/_category_.json b/docs/directorymanager/11.1/managementshell/general/_category_.json new file mode 100644 index 0000000000..47281e80ed --- /dev/null +++ b/docs/directorymanager/11.1/managementshell/general/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "General Commands", + "position": 60, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/directorymanager/11.1/managementshell/general/getcomputer.md b/docs/directorymanager/11.1/managementshell/general/getcomputer.md index 8ca2d52782..acea6a052a 100644 --- a/docs/directorymanager/11.1/managementshell/general/getcomputer.md +++ b/docs/directorymanager/11.1/managementshell/general/getcomputer.md @@ -1,3 +1,9 @@ +--- +title: "Get-Computer" +description: "Get-Computer" +sidebar_position: 10 +--- + # Get-Computer The Get-Computer commandlet retrieves the information about a computer object from the connected diff --git a/docs/directorymanager/11.1/managementshell/general/getconnectedstoreinformation.md b/docs/directorymanager/11.1/managementshell/general/getconnectedstoreinformation.md index fb68655228..06dd7c7f90 100644 --- a/docs/directorymanager/11.1/managementshell/general/getconnectedstoreinformation.md +++ b/docs/directorymanager/11.1/managementshell/general/getconnectedstoreinformation.md @@ -1,3 +1,9 @@ +--- +title: "Get-ConnectedStoreInformation" +description: "Get-ConnectedStoreInformation" +sidebar_position: 20 +--- + # Get-ConnectedStoreInformation The Get-ConnectedStoreInformation commandlet retrieves information about the identity store diff --git a/docs/directorymanager/11.1/managementshell/general/getconnecteduser.md b/docs/directorymanager/11.1/managementshell/general/getconnecteduser.md index e0a2a962a9..85c50b4d58 100644 --- a/docs/directorymanager/11.1/managementshell/general/getconnecteduser.md +++ b/docs/directorymanager/11.1/managementshell/general/getconnecteduser.md @@ -1,3 +1,9 @@ +--- +title: "Get-ConnectedUser" +description: "Get-ConnectedUser" +sidebar_position: 30 +--- + # Get-ConnectedUser The Get-ConnectedUser commandlet retrieves the general information about the user connected to the diff --git a/docs/directorymanager/11.1/managementshell/general/getimanamicommand.md b/docs/directorymanager/11.1/managementshell/general/getimanamicommand.md index 7efdc6d41b..8671d3020b 100644 --- a/docs/directorymanager/11.1/managementshell/general/getimanamicommand.md +++ b/docs/directorymanager/11.1/managementshell/general/getimanamicommand.md @@ -1,3 +1,9 @@ +--- +title: "Get-ImanamiCommand" +description: "Get-ImanamiCommand" +sidebar_position: 40 +--- + # Get-ImanamiCommand Use the Get-ImanamiCommand cmdlet to retrieve basic information about Directory Manager Management diff --git a/docs/directorymanager/11.1/managementshell/general/getreplicationstatus.md b/docs/directorymanager/11.1/managementshell/general/getreplicationstatus.md index a685ee0fa9..e49abc0aef 100644 --- a/docs/directorymanager/11.1/managementshell/general/getreplicationstatus.md +++ b/docs/directorymanager/11.1/managementshell/general/getreplicationstatus.md @@ -1,3 +1,9 @@ +--- +title: "Get-ReplicationStatus" +description: "Get-ReplicationStatus" +sidebar_position: 50 +--- + # Get-ReplicationStatus The Get-ReplicationStatus commandlet retrieves the replication status of the connected identity diff --git a/docs/directorymanager/11.1/managementshell/general/gettombstoneobject.md b/docs/directorymanager/11.1/managementshell/general/gettombstoneobject.md index a5f8ede4f0..a9b464fa34 100644 --- a/docs/directorymanager/11.1/managementshell/general/gettombstoneobject.md +++ b/docs/directorymanager/11.1/managementshell/general/gettombstoneobject.md @@ -1,3 +1,9 @@ +--- +title: "Get-TombStoneObject" +description: "Get-TombStoneObject" +sidebar_position: 60 +--- + # Get-TombStoneObject When you delete an object from Directory, the object is not physically removed from the database. diff --git a/docs/directorymanager/11.1/managementshell/general/invokereplication.md b/docs/directorymanager/11.1/managementshell/general/invokereplication.md index e9d8754420..ef501ad113 100644 --- a/docs/directorymanager/11.1/managementshell/general/invokereplication.md +++ b/docs/directorymanager/11.1/managementshell/general/invokereplication.md @@ -1,3 +1,9 @@ +--- +title: "Invoke-Replication" +description: "Invoke-Replication" +sidebar_position: 70 +--- + # Invoke-Replication The Invoke-Replication commandlet starts replication process for all the identity stores or a diff --git a/docs/directorymanager/11.1/managementshell/general/newcontainer.md b/docs/directorymanager/11.1/managementshell/general/newcontainer.md index 561c67e8f6..73726cf978 100644 --- a/docs/directorymanager/11.1/managementshell/general/newcontainer.md +++ b/docs/directorymanager/11.1/managementshell/general/newcontainer.md @@ -1,3 +1,9 @@ +--- +title: "New-Container" +description: "New-Container" +sidebar_position: 80 +--- + # New-Container The New-Container commandlet creates a new organizational unit in Directory. You can also use it to @@ -35,7 +41,7 @@ Example 2: The following command creates the organizational unit _Local Recruiting_ inside the _Recruiting_ container in Directory using the credentials set in the $Credentials environment variable. See the -[Set the $Credentials Environment Variable](/docs/directorymanager/11.1/managementshell/parameters/setthecredential.md) topic for setting +[Set the $Credentials Environment Variable](/docs/directorymanager/11.1/managementshell/setthecredential.md) topic for setting credentials. ``` diff --git a/docs/directorymanager/11.1/managementshell/general/overview.md b/docs/directorymanager/11.1/managementshell/general/overview.md index ca98c0af51..90d2cdf84c 100644 --- a/docs/directorymanager/11.1/managementshell/general/overview.md +++ b/docs/directorymanager/11.1/managementshell/general/overview.md @@ -1,3 +1,9 @@ +--- +title: "General Commands" +description: "General Commands" +sidebar_position: 60 +--- + # General Commands You can use the following Management Shell cmdlets to perform tasks such as: diff --git a/docs/directorymanager/11.1/managementshell/general/removecontainer.md b/docs/directorymanager/11.1/managementshell/general/removecontainer.md index d169a0f254..e39e6ec774 100644 --- a/docs/directorymanager/11.1/managementshell/general/removecontainer.md +++ b/docs/directorymanager/11.1/managementshell/general/removecontainer.md @@ -1,3 +1,9 @@ +--- +title: "Remove-Container" +description: "Remove-Container" +sidebar_position: 90 +--- + # Remove-Container Use the Remove-Container commandlet to delete organizational units from Directory. The commandlet @@ -32,7 +38,7 @@ Example 2: The following command first shows the changes that result from executing the command. The command uses the credentials set in the $Credentials environment variable to perform the deletion. See the -[Set the $Credentials Environment Variable](/docs/directorymanager/11.1/managementshell/parameters/setthecredential.md) topic for setting +[Set the $Credentials Environment Variable](/docs/directorymanager/11.1/managementshell/setthecredential.md) topic for setting credentials in the environment variable. ``` diff --git a/docs/directorymanager/11.1/managementshell/general/restoretombstoneobject.md b/docs/directorymanager/11.1/managementshell/general/restoretombstoneobject.md index dbda0631d1..b92be1f04e 100644 --- a/docs/directorymanager/11.1/managementshell/general/restoretombstoneobject.md +++ b/docs/directorymanager/11.1/managementshell/general/restoretombstoneobject.md @@ -1,3 +1,9 @@ +--- +title: "Restore-TombStoneObject" +description: "Restore-TombStoneObject" +sidebar_position: 100 +--- + # Restore-TombStoneObject The Restore-TombStoneObject commandlet restores tombstone objects from Directory. A tombstone object @@ -23,7 +29,7 @@ Example: The following command restores the tombstone group Event Management, using the credentials set in the $Creds environment variable. See the -[Set the $Credentials Environment Variable](/docs/directorymanager/11.1/managementshell/parameters/setthecredential.md) topic for setting +[Set the $Credentials Environment Variable](/docs/directorymanager/11.1/managementshell/setthecredential.md) topic for setting credentials in an environment variable. ``` diff --git a/docs/directorymanager/11.1/managementshell/general/sendnotification.md b/docs/directorymanager/11.1/managementshell/general/sendnotification.md index 177dffc171..dd558e2644 100644 --- a/docs/directorymanager/11.1/managementshell/general/sendnotification.md +++ b/docs/directorymanager/11.1/managementshell/general/sendnotification.md @@ -1,3 +1,9 @@ +--- +title: "Send-Notification" +description: "Send-Notification" +sidebar_position: 110 +--- + # Send-Notification Use the Send-Notification commandlet to send notifications to a group or a user. Directory Manager @@ -57,7 +63,7 @@ Example 2: The following command sends a notification to the New Arrivals group. It uses a custom template with an in-line image and uses the credentials of the user set in the $Credentials environment variable. -See the [Set the $Credentials Environment Variable](/docs/directorymanager/11.1/managementshell/parameters/setthecredential.md) topic for +See the [Set the $Credentials Environment Variable](/docs/directorymanager/11.1/managementshell/setthecredential.md) topic for setting credentials in an environment variable. ``` diff --git a/docs/directorymanager/11.1/managementshell/group/_category_.json b/docs/directorymanager/11.1/managementshell/group/_category_.json new file mode 100644 index 0000000000..1411c09fdd --- /dev/null +++ b/docs/directorymanager/11.1/managementshell/group/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Group Commands", + "position": 70, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/directorymanager/11.1/managementshell/group/convertgroup.md b/docs/directorymanager/11.1/managementshell/group/convertgroup.md index 603a249f79..e9a3767437 100644 --- a/docs/directorymanager/11.1/managementshell/group/convertgroup.md +++ b/docs/directorymanager/11.1/managementshell/group/convertgroup.md @@ -1,3 +1,9 @@ +--- +title: "Convert-Group" +description: "Convert-Group" +sidebar_position: 10 +--- + # Convert-Group The Convert-Group commandlet converts an unmanaged group to a Smart Group. diff --git a/docs/directorymanager/11.1/managementshell/group/expiregroup.md b/docs/directorymanager/11.1/managementshell/group/expiregroup.md index 6fae273ee8..85bac20d88 100644 --- a/docs/directorymanager/11.1/managementshell/group/expiregroup.md +++ b/docs/directorymanager/11.1/managementshell/group/expiregroup.md @@ -1,3 +1,9 @@ +--- +title: "Expire-Group" +description: "Expire-Group" +sidebar_position: 20 +--- + # Expire-Group The Expire-Group commandlet expires a group temporarily. All notifications to the expired group will diff --git a/docs/directorymanager/11.1/managementshell/group/getgroup.md b/docs/directorymanager/11.1/managementshell/group/getgroup.md index bd847e84a4..c5f00f3854 100644 --- a/docs/directorymanager/11.1/managementshell/group/getgroup.md +++ b/docs/directorymanager/11.1/managementshell/group/getgroup.md @@ -1,3 +1,9 @@ +--- +title: "Get-Group" +description: "Get-Group" +sidebar_position: 30 +--- + # Get-Group This Get-Group commandlet retrieves both managed and unmanaged groups that are in one or more @@ -42,7 +48,7 @@ The following command retrieves all groups with a display name beginning with S containers specified by the SearchContainer parameter including sub-containers of the first base container and excluding sub-containers of the second one using the credentials set in the $Credentials environment variable. See the -[Set the $Credentials Environment Variable](/docs/directorymanager/11.1/managementshell/parameters/setthecredential.md) topic for setting +[Set the $Credentials Environment Variable](/docs/directorymanager/11.1/managementshell/setthecredential.md) topic for setting credentials in an environment variable. ``` diff --git a/docs/directorymanager/11.1/managementshell/group/movegroup.md b/docs/directorymanager/11.1/managementshell/group/movegroup.md index 89c6692ae0..b7fbbf9cc1 100644 --- a/docs/directorymanager/11.1/managementshell/group/movegroup.md +++ b/docs/directorymanager/11.1/managementshell/group/movegroup.md @@ -1,3 +1,9 @@ +--- +title: "Move-Group" +description: "Move-Group" +sidebar_position: 40 +--- + # Move-Group The Move-Group commandlet enables you to move a group to a different container in the same domain or @@ -36,7 +42,7 @@ Example 2: The following command moves the group _Training_ to the _OffShore Recruiting_ organizational unit. The command uses the credentials set in the $Credentials environment variable for moving a group. -See the [Set the $Credentials Environment Variable](/docs/directorymanager/11.1/managementshell/parameters/setthecredential.md) topic for +See the [Set the $Credentials Environment Variable](/docs/directorymanager/11.1/managementshell/setthecredential.md) topic for setting credentials in an environment variable. ``` diff --git a/docs/directorymanager/11.1/managementshell/group/newgroup.md b/docs/directorymanager/11.1/managementshell/group/newgroup.md index 74c3e43493..4621f52dd7 100644 --- a/docs/directorymanager/11.1/managementshell/group/newgroup.md +++ b/docs/directorymanager/11.1/managementshell/group/newgroup.md @@ -1,3 +1,9 @@ +--- +title: "New-Group" +description: "New-Group" +sidebar_position: 50 +--- + # New-Group Use the New-Group commandlet to create a new unmanaged group in a particular container in directory. @@ -53,7 +59,7 @@ Example 2: The command below creates a new mail-enabled, domain-local, semi-private, security group in the container specified by the **OrganizationalUnit** parameter, using the credentials set in the **$Credentials** environment variable. See the -[Set the $Credentials Environment Variable](/docs/directorymanager/11.1/managementshell/parameters/setthecredential.md) topic for setting +[Set the $Credentials Environment Variable](/docs/directorymanager/11.1/managementshell/setthecredential.md) topic for setting credentials in an environment variable. ``` diff --git a/docs/directorymanager/11.1/managementshell/group/overview.md b/docs/directorymanager/11.1/managementshell/group/overview.md index 84ae88bdcd..e1654d7652 100644 --- a/docs/directorymanager/11.1/managementshell/group/overview.md +++ b/docs/directorymanager/11.1/managementshell/group/overview.md @@ -1,3 +1,9 @@ +--- +title: "Group Commands" +description: "Group Commands" +sidebar_position: 70 +--- + # Group Commands This section covers cmdlets for performing tasks related to managed and unmanaged groups. diff --git a/docs/directorymanager/11.1/managementshell/group/remove-group.md b/docs/directorymanager/11.1/managementshell/group/remove-group.md index ff4e030d03..9a278dcbf7 100644 --- a/docs/directorymanager/11.1/managementshell/group/remove-group.md +++ b/docs/directorymanager/11.1/managementshell/group/remove-group.md @@ -1,3 +1,9 @@ +--- +title: "Remove-Group" +description: "Remove-Group" +sidebar_position: 60 +--- + # Remove-Group Use this commandlet to delete a group (managed or unmanaged) or Dynasty in directory. Removing a @@ -34,7 +40,7 @@ Example 2: The following command first shows the changes that will be made by executing the command (a deletion). The command uses the credentials set in the $Credentials environment variable to perform -the deletion. See the [Set the $Credentials Environment Variable](/docs/directorymanager/11.1/managementshell/parameters/setthecredential.md) +the deletion. See the [Set the $Credentials Environment Variable](/docs/directorymanager/11.1/managementshell/setthecredential.md) topic for setting credentials in an environment variable. ``` diff --git a/docs/directorymanager/11.1/managementshell/group/renewgroup.md b/docs/directorymanager/11.1/managementshell/group/renewgroup.md index 10724b8618..d42c68f17a 100644 --- a/docs/directorymanager/11.1/managementshell/group/renewgroup.md +++ b/docs/directorymanager/11.1/managementshell/group/renewgroup.md @@ -1,3 +1,9 @@ +--- +title: "Renew-Group" +description: "Renew-Group" +sidebar_position: 70 +--- + # Renew-Group The Renew-Group re-activates an expired group. diff --git a/docs/directorymanager/11.1/managementshell/group/setgroup.md b/docs/directorymanager/11.1/managementshell/group/setgroup.md index 61ee82ec01..154056ebc2 100644 --- a/docs/directorymanager/11.1/managementshell/group/setgroup.md +++ b/docs/directorymanager/11.1/managementshell/group/setgroup.md @@ -1,3 +1,9 @@ +--- +title: "Set-Group" +description: "Set-Group" +sidebar_position: 80 +--- + # Set-Group The Set-Group commandlet modifies an unmanaged group in directory. However, you can use this @@ -92,7 +98,7 @@ Example 2: The following command expires the group Training, using the credentials set in the $Credentials environment variable. See the -[Set the $Credentials Environment Variable](/docs/directorymanager/11.1/managementshell/parameters/setthecredential.md) topic for setting +[Set the $Credentials Environment Variable](/docs/directorymanager/11.1/managementshell/setthecredential.md) topic for setting credentials in an environment variable. ``` diff --git a/docs/directorymanager/11.1/managementshell/identitystore/_category_.json b/docs/directorymanager/11.1/managementshell/identitystore/_category_.json new file mode 100644 index 0000000000..d4e1a37813 --- /dev/null +++ b/docs/directorymanager/11.1/managementshell/identitystore/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Identity Store Commands", + "position": 80, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/directorymanager/11.1/managementshell/identitystore/clearmessagingserver.md b/docs/directorymanager/11.1/managementshell/identitystore/clearmessagingserver.md index 4fcdb034e1..4d65afa536 100644 --- a/docs/directorymanager/11.1/managementshell/identitystore/clearmessagingserver.md +++ b/docs/directorymanager/11.1/managementshell/identitystore/clearmessagingserver.md @@ -1,3 +1,9 @@ +--- +title: "Clear-MessagingServer" +description: "Clear-MessagingServer" +sidebar_position: 10 +--- + # Clear-MessagingServer The commandlet Clear-MessagingServer removes the configured messaging server from the specified diff --git a/docs/directorymanager/11.1/managementshell/identitystore/clearnotifications.md b/docs/directorymanager/11.1/managementshell/identitystore/clearnotifications.md index a536dabc11..6162bbbcb9 100644 --- a/docs/directorymanager/11.1/managementshell/identitystore/clearnotifications.md +++ b/docs/directorymanager/11.1/managementshell/identitystore/clearnotifications.md @@ -1,3 +1,9 @@ +--- +title: "Clear-Notifications" +description: "Clear-Notifications" +sidebar_position: 20 +--- + # Clear-Notifications The commandlet Clear-Notifications removes notifications settings from an identity store. The diff --git a/docs/directorymanager/11.1/managementshell/identitystore/clearsmtpserver.md b/docs/directorymanager/11.1/managementshell/identitystore/clearsmtpserver.md index b3cd105cac..6c85fd4bcc 100644 --- a/docs/directorymanager/11.1/managementshell/identitystore/clearsmtpserver.md +++ b/docs/directorymanager/11.1/managementshell/identitystore/clearsmtpserver.md @@ -1,3 +1,9 @@ +--- +title: "Clear-SmtpServer" +description: "Clear-SmtpServer" +sidebar_position: 30 +--- + # Clear-SmtpServer The commandlet Clear-SmtpServer removes the SMTP server configurations from an identity store. diff --git a/docs/directorymanager/11.1/managementshell/identitystore/getavailablemessagingservers.md b/docs/directorymanager/11.1/managementshell/identitystore/getavailablemessagingservers.md index dca5e46010..c3a5c9cb7f 100644 --- a/docs/directorymanager/11.1/managementshell/identitystore/getavailablemessagingservers.md +++ b/docs/directorymanager/11.1/managementshell/identitystore/getavailablemessagingservers.md @@ -1,3 +1,9 @@ +--- +title: "Get-AvailableMessagingServers" +description: "Get-AvailableMessagingServers" +sidebar_position: 40 +--- + # Get-AvailableMessagingServers The commandlet Get-AvailableMessagingServers retrieves the messaging server(s) available for the diff --git a/docs/directorymanager/11.1/managementshell/identitystore/getclient.md b/docs/directorymanager/11.1/managementshell/identitystore/getclient.md index cd61c3ace9..0b12c6e875 100644 --- a/docs/directorymanager/11.1/managementshell/identitystore/getclient.md +++ b/docs/directorymanager/11.1/managementshell/identitystore/getclient.md @@ -1,3 +1,9 @@ +--- +title: "Get-Client" +description: "Get-Client" +sidebar_position: 50 +--- + # Get-Client The commandlet Get-Client gets information about the Directory Manager clients such as Admin center, diff --git a/docs/directorymanager/11.1/managementshell/identitystore/getidentitystore.md b/docs/directorymanager/11.1/managementshell/identitystore/getidentitystore.md index 3c4ec1ed55..942d8a3a33 100644 --- a/docs/directorymanager/11.1/managementshell/identitystore/getidentitystore.md +++ b/docs/directorymanager/11.1/managementshell/identitystore/getidentitystore.md @@ -1,3 +1,9 @@ +--- +title: "Get-IdentityStore" +description: "Get-IdentityStore" +sidebar_position: 60 +--- + # Get-IdentityStore The commandlet Get-IdentityStore retrieves information about the specified identity store or diff --git a/docs/directorymanager/11.1/managementshell/identitystore/getidentitystoreroles.md b/docs/directorymanager/11.1/managementshell/identitystore/getidentitystoreroles.md index 2965d7f445..01197c9495 100644 --- a/docs/directorymanager/11.1/managementshell/identitystore/getidentitystoreroles.md +++ b/docs/directorymanager/11.1/managementshell/identitystore/getidentitystoreroles.md @@ -1,3 +1,9 @@ +--- +title: "Get-IdentityStoreRoles" +description: "Get-IdentityStoreRoles" +sidebar_position: 70 +--- + # Get-IdentityStoreRoles The commandlet Get-IdentityStoreRoles retrieves information about the security roles associated with diff --git a/docs/directorymanager/11.1/managementshell/identitystore/getlogsettings.md b/docs/directorymanager/11.1/managementshell/identitystore/getlogsettings.md index 75f4390ca3..0a83fdfd9a 100644 --- a/docs/directorymanager/11.1/managementshell/identitystore/getlogsettings.md +++ b/docs/directorymanager/11.1/managementshell/identitystore/getlogsettings.md @@ -1,3 +1,9 @@ +--- +title: "Get-LogSettings" +description: "Get-LogSettings" +sidebar_position: 80 +--- + # Get-LogSettings The commandlet Get-LogSettings provides information about the global log settings of the identity diff --git a/docs/directorymanager/11.1/managementshell/identitystore/getrolepermissionnames.md b/docs/directorymanager/11.1/managementshell/identitystore/getrolepermissionnames.md index fa5a2cd80c..bac27e239c 100644 --- a/docs/directorymanager/11.1/managementshell/identitystore/getrolepermissionnames.md +++ b/docs/directorymanager/11.1/managementshell/identitystore/getrolepermissionnames.md @@ -1,3 +1,9 @@ +--- +title: "Get-RolePermissionNames" +description: "Get-RolePermissionNames" +sidebar_position: 90 +--- + # Get-RolePermissionNames The commandlet Get-RolePermissionNames helps user to see the names of the permissions that can be diff --git a/docs/directorymanager/11.1/managementshell/identitystore/getschemaattributes.md b/docs/directorymanager/11.1/managementshell/identitystore/getschemaattributes.md index 9e0536db18..84e3a4a476 100644 --- a/docs/directorymanager/11.1/managementshell/identitystore/getschemaattributes.md +++ b/docs/directorymanager/11.1/managementshell/identitystore/getschemaattributes.md @@ -1,3 +1,9 @@ +--- +title: "Get-SchemaAttributes" +description: "Get-SchemaAttributes" +sidebar_position: 100 +--- + # Get-SchemaAttributes The commandlet Get-SchemaAttribute enables you to retrieve comprehensive list of schema attributes diff --git a/docs/directorymanager/11.1/managementshell/identitystore/getsmsgateways.md b/docs/directorymanager/11.1/managementshell/identitystore/getsmsgateways.md index c669faa240..0e412529ab 100644 --- a/docs/directorymanager/11.1/managementshell/identitystore/getsmsgateways.md +++ b/docs/directorymanager/11.1/managementshell/identitystore/getsmsgateways.md @@ -1,3 +1,9 @@ +--- +title: "Get-SmsGateways" +description: "Get-SmsGateways" +sidebar_position: 110 +--- + # Get-SmsGateways The commandlet Get-SmsGateways provides information of the SMS gateways configured in Directory diff --git a/docs/directorymanager/11.1/managementshell/identitystore/getuserrole.md b/docs/directorymanager/11.1/managementshell/identitystore/getuserrole.md index c4e7fa3b69..f3baadfc47 100644 --- a/docs/directorymanager/11.1/managementshell/identitystore/getuserrole.md +++ b/docs/directorymanager/11.1/managementshell/identitystore/getuserrole.md @@ -1,3 +1,9 @@ +--- +title: "Get-UserRole" +description: "Get-UserRole" +sidebar_position: 120 +--- + # Get-UserRole The commandlet Get-UserRole displays information about the role of the specified user in an identity diff --git a/docs/directorymanager/11.1/managementshell/identitystore/newidentitystore.md b/docs/directorymanager/11.1/managementshell/identitystore/newidentitystore.md index 1e2389ade9..39136b04b4 100644 --- a/docs/directorymanager/11.1/managementshell/identitystore/newidentitystore.md +++ b/docs/directorymanager/11.1/managementshell/identitystore/newidentitystore.md @@ -1,3 +1,9 @@ +--- +title: "New-IdentityStore" +description: "New-IdentityStore" +sidebar_position: 130 +--- + # New-IdentityStore The commandlet New-IdentityStore creates a new identity store. This commandlet requires valid diff --git a/docs/directorymanager/11.1/managementshell/identitystore/overview.md b/docs/directorymanager/11.1/managementshell/identitystore/overview.md index 7f11ce16e6..c998a3d78c 100644 --- a/docs/directorymanager/11.1/managementshell/identitystore/overview.md +++ b/docs/directorymanager/11.1/managementshell/identitystore/overview.md @@ -1,3 +1,9 @@ +--- +title: "Identity Store Commands" +description: "Identity Store Commands" +sidebar_position: 80 +--- + # Identity Store Commands This section covers cmdlets for performing identity store-related tasks such as: @@ -33,4 +39,4 @@ See Also - [Directory Manager Management Shell](/docs/directorymanager/11.1/managementshell/overview.md) - [All Commands](/docs/directorymanager/11.1/managementshell/commands.md) -- [Parameters](/docs/directorymanager/11.1/managementshell/parameters/parameters.md) +- [Parameters](/docs/directorymanager/11.1/managementshell/parameters.md) diff --git a/docs/directorymanager/11.1/managementshell/identitystore/removeidentitystore.md b/docs/directorymanager/11.1/managementshell/identitystore/removeidentitystore.md index dd766fb2cd..c5350c656f 100644 --- a/docs/directorymanager/11.1/managementshell/identitystore/removeidentitystore.md +++ b/docs/directorymanager/11.1/managementshell/identitystore/removeidentitystore.md @@ -1,3 +1,9 @@ +--- +title: "Remove-IdentityStore" +description: "Remove-IdentityStore" +sidebar_position: 140 +--- + # Remove-IdentityStore The commandlet Remove-IdentityStore removes an identity store from Directory Manager. diff --git a/docs/directorymanager/11.1/managementshell/identitystore/sendtestnotification.md b/docs/directorymanager/11.1/managementshell/identitystore/sendtestnotification.md index c12498aa89..9b950d7387 100644 --- a/docs/directorymanager/11.1/managementshell/identitystore/sendtestnotification.md +++ b/docs/directorymanager/11.1/managementshell/identitystore/sendtestnotification.md @@ -1,3 +1,9 @@ +--- +title: "Send-TestNotification" +description: "Send-TestNotification" +sidebar_position: 150 +--- + # Send-TestNotification The commandlet Send-TestNotification sends a test notification using the email addresses (specified diff --git a/docs/directorymanager/11.1/managementshell/identitystore/setidentitystore.md b/docs/directorymanager/11.1/managementshell/identitystore/setidentitystore.md index 865d474bd2..61fc0ff87e 100644 --- a/docs/directorymanager/11.1/managementshell/identitystore/setidentitystore.md +++ b/docs/directorymanager/11.1/managementshell/identitystore/setidentitystore.md @@ -1,3 +1,9 @@ +--- +title: "Set-IdentityStore" +description: "Set-IdentityStore" +sidebar_position: 160 +--- + # Set-IdentityStore The commandlet Set-IdentityStore modifies the identity store settings and configurations. diff --git a/docs/directorymanager/11.1/managementshell/identitystore/setidentitystorerole.md b/docs/directorymanager/11.1/managementshell/identitystore/setidentitystorerole.md index 8b2f654bb5..8b07b2fcbc 100644 --- a/docs/directorymanager/11.1/managementshell/identitystore/setidentitystorerole.md +++ b/docs/directorymanager/11.1/managementshell/identitystore/setidentitystorerole.md @@ -1,3 +1,9 @@ +--- +title: "Set-IdentityStoreRole" +description: "Set-IdentityStoreRole" +sidebar_position: 170 +--- + # Set-IdentityStoreRole Use the Set-IdentityStoreRole commandlet to modify properties of a security role in an identity diff --git a/docs/directorymanager/11.1/managementshell/identitystore/setmessagingserver.md b/docs/directorymanager/11.1/managementshell/identitystore/setmessagingserver.md index 61881b89bd..0b086080d9 100644 --- a/docs/directorymanager/11.1/managementshell/identitystore/setmessagingserver.md +++ b/docs/directorymanager/11.1/managementshell/identitystore/setmessagingserver.md @@ -1,3 +1,9 @@ +--- +title: "Set-MessagingServer" +description: "Set-MessagingServer" +sidebar_position: 180 +--- + # Set-MessagingServer The commandlet Set-MessagingServer configures a messaging system in identity store. The SmtpServer diff --git a/docs/directorymanager/11.1/managementshell/identitystore/setnotifications.md b/docs/directorymanager/11.1/managementshell/identitystore/setnotifications.md index 9ea69026d2..013488bfbb 100644 --- a/docs/directorymanager/11.1/managementshell/identitystore/setnotifications.md +++ b/docs/directorymanager/11.1/managementshell/identitystore/setnotifications.md @@ -1,3 +1,9 @@ +--- +title: "Set-Notifications" +description: "Set-Notifications" +sidebar_position: 190 +--- + # Set-Notifications Use the Set-Notifications commandlet to modify the notification settings of an identity store. diff --git a/docs/directorymanager/11.1/managementshell/identitystore/setsmtpserver.md b/docs/directorymanager/11.1/managementshell/identitystore/setsmtpserver.md index 7188203c04..e7fd96f700 100644 --- a/docs/directorymanager/11.1/managementshell/identitystore/setsmtpserver.md +++ b/docs/directorymanager/11.1/managementshell/identitystore/setsmtpserver.md @@ -1,3 +1,9 @@ +--- +title: "Set-SmtpServer" +description: "Set-SmtpServer" +sidebar_position: 200 +--- + # Set-SmtpServer The Set-SmtpServer commandlet configures an SMTP server for an identity store. diff --git a/docs/directorymanager/11.1/managementshell/identitystoreconnection/_category_.json b/docs/directorymanager/11.1/managementshell/identitystoreconnection/_category_.json new file mode 100644 index 0000000000..cb8f83f4d5 --- /dev/null +++ b/docs/directorymanager/11.1/managementshell/identitystoreconnection/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Identity Store Connection Commands", + "position": 90, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/directorymanager/11.1/managementshell/identitystoreconnection/connectidentitystore.md b/docs/directorymanager/11.1/managementshell/identitystoreconnection/connectidentitystore.md index 86a5d6292f..4ce5d23a97 100644 --- a/docs/directorymanager/11.1/managementshell/identitystoreconnection/connectidentitystore.md +++ b/docs/directorymanager/11.1/managementshell/identitystoreconnection/connectidentitystore.md @@ -1,3 +1,9 @@ +--- +title: "Connect-IdentityStore" +description: "Connect-IdentityStore" +sidebar_position: 10 +--- + # Connect-IdentityStore If an identity store of the connected domain is available, then Directory Manager Management Shell @@ -26,7 +32,7 @@ Example: The following command connects you to the identity store specified by the IdentityStoreId parameter using the specified authentication mode and credentials that you set in the $Credentials environment -variable. See the [Set the $Credentials Environment Variable](/docs/directorymanager/11.1/managementshell/parameters/setthecredential.md) +variable. See the [Set the $Credentials Environment Variable](/docs/directorymanager/11.1/managementshell/setthecredential.md) topic for setting credentials in an environment variable. ``` diff --git a/docs/directorymanager/11.1/managementshell/identitystoreconnection/gettoken.md b/docs/directorymanager/11.1/managementshell/identitystoreconnection/gettoken.md index c77270c87d..a9cf57c6e4 100644 --- a/docs/directorymanager/11.1/managementshell/identitystoreconnection/gettoken.md +++ b/docs/directorymanager/11.1/managementshell/identitystoreconnection/gettoken.md @@ -1,3 +1,9 @@ +--- +title: "Get-Token" +description: "Get-Token" +sidebar_position: 20 +--- + # Get-Token When Management Shell is connected to an identity store a token is passed with the commandlet @@ -30,7 +36,7 @@ Example: The following command returns a token for the identity store specified by the **IdentityStoreId** parameter using the specified authentication mode and credentials that you set in the **$Credentials** environment variable. See the -[Set the $Credentials Environment Variable](/docs/directorymanager/11.1/managementshell/parameters/setthecredential.md) topic for setting +[Set the $Credentials Environment Variable](/docs/directorymanager/11.1/managementshell/setthecredential.md) topic for setting credentials in an environment variable. ``` diff --git a/docs/directorymanager/11.1/managementshell/identitystoreconnection/overview.md b/docs/directorymanager/11.1/managementshell/identitystoreconnection/overview.md index fa0b5d5db2..63e1a2c1c3 100644 --- a/docs/directorymanager/11.1/managementshell/identitystoreconnection/overview.md +++ b/docs/directorymanager/11.1/managementshell/identitystoreconnection/overview.md @@ -1,3 +1,9 @@ +--- +title: "Identity Store Connection Commands" +description: "Identity Store Connection Commands" +sidebar_position: 90 +--- + # Identity Store Connection Commands This section covers cmdlets for establishing a connection with an identity store. diff --git a/docs/directorymanager/11.1/managementshell/mailbox/_category_.json b/docs/directorymanager/11.1/managementshell/mailbox/_category_.json new file mode 100644 index 0000000000..31588eb4f0 --- /dev/null +++ b/docs/directorymanager/11.1/managementshell/mailbox/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Mailbox Commands", + "position": 100, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/directorymanager/11.1/managementshell/mailbox/getmailbox.md b/docs/directorymanager/11.1/managementshell/mailbox/getmailbox.md index 3a87b7adb8..574956cae9 100644 --- a/docs/directorymanager/11.1/managementshell/mailbox/getmailbox.md +++ b/docs/directorymanager/11.1/managementshell/mailbox/getmailbox.md @@ -1,3 +1,9 @@ +--- +title: "Get-Mailbox" +description: "Get-Mailbox" +sidebar_position: 10 +--- + # Get-Mailbox Use the Get-Mailbox commandlet to retrieve basic information about a mailbox that match your given @@ -40,4 +46,4 @@ See Also - [All Commands](/docs/directorymanager/11.1/managementshell/commands.md) - [Mailbox Commands](/docs/directorymanager/11.1/managementshell/mailbox/overview.md) -- [Parameters](/docs/directorymanager/11.1/managementshell/parameters/parameters.md) +- [Parameters](/docs/directorymanager/11.1/managementshell/parameters.md) diff --git a/docs/directorymanager/11.1/managementshell/mailbox/newmailbox.md b/docs/directorymanager/11.1/managementshell/mailbox/newmailbox.md index a8b995c67d..d6db033ee1 100644 --- a/docs/directorymanager/11.1/managementshell/mailbox/newmailbox.md +++ b/docs/directorymanager/11.1/managementshell/mailbox/newmailbox.md @@ -1,3 +1,9 @@ +--- +title: "New-Mailbox" +description: "New-Mailbox" +sidebar_position: 20 +--- + # New-Mailbox Use the New-Mailbox commandlet to create a new mailbox in Directory. Most mailbox properties can be diff --git a/docs/directorymanager/11.1/managementshell/mailbox/overview.md b/docs/directorymanager/11.1/managementshell/mailbox/overview.md index 6979689fec..f11b70f536 100644 --- a/docs/directorymanager/11.1/managementshell/mailbox/overview.md +++ b/docs/directorymanager/11.1/managementshell/mailbox/overview.md @@ -1,3 +1,9 @@ +--- +title: "Mailbox Commands" +description: "Mailbox Commands" +sidebar_position: 100 +--- + # Mailbox Commands This section covers cmdlets for performing mailbox-specific tasks such as: diff --git a/docs/directorymanager/11.1/managementshell/mailbox/removemailbox.md b/docs/directorymanager/11.1/managementshell/mailbox/removemailbox.md index 2de729f6ad..73d58b3b00 100644 --- a/docs/directorymanager/11.1/managementshell/mailbox/removemailbox.md +++ b/docs/directorymanager/11.1/managementshell/mailbox/removemailbox.md @@ -1,3 +1,9 @@ +--- +title: "Remove-Mailbox" +description: "Remove-Mailbox" +sidebar_position: 30 +--- + # Remove-Mailbox Use the Remove-Mailbox commandlet to delete mailbox from the connected identifty store. diff --git a/docs/directorymanager/11.1/managementshell/mailbox/setmailbox.md b/docs/directorymanager/11.1/managementshell/mailbox/setmailbox.md index 4199143f0d..f62e485bda 100644 --- a/docs/directorymanager/11.1/managementshell/mailbox/setmailbox.md +++ b/docs/directorymanager/11.1/managementshell/mailbox/setmailbox.md @@ -1,3 +1,9 @@ +--- +title: "Set-Mailbox" +description: "Set-Mailbox" +sidebar_position: 40 +--- + # Set-Mailbox The Set-Mailbox commandlet modifies a mailbox in Directory. Most mailbox properties can be directly diff --git a/docs/directorymanager/11.1/managementshell/mailenableddisabledgroups/_category_.json b/docs/directorymanager/11.1/managementshell/mailenableddisabledgroups/_category_.json new file mode 100644 index 0000000000..c48edde7fd --- /dev/null +++ b/docs/directorymanager/11.1/managementshell/mailenableddisabledgroups/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Mail-Enable/Disable Groups Commands", + "position": 110, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/directorymanager/11.1/managementshell/mailenableddisabledgroups/disabledistributiongroup.md b/docs/directorymanager/11.1/managementshell/mailenableddisabledgroups/disabledistributiongroup.md index 99b09f17b6..828a56d7ff 100644 --- a/docs/directorymanager/11.1/managementshell/mailenableddisabledgroups/disabledistributiongroup.md +++ b/docs/directorymanager/11.1/managementshell/mailenableddisabledgroups/disabledistributiongroup.md @@ -1,3 +1,9 @@ +--- +title: "Disable-DistributionGroup" +description: "Disable-DistributionGroup" +sidebar_position: 10 +--- + # Disable-DistributionGroup Use this commandlet to disable the mailing capabilities for a distribution group in Directory. diff --git a/docs/directorymanager/11.1/managementshell/mailenableddisabledgroups/enabledistributiongroup.md b/docs/directorymanager/11.1/managementshell/mailenableddisabledgroups/enabledistributiongroup.md index 45304908c6..7ae0e86813 100644 --- a/docs/directorymanager/11.1/managementshell/mailenableddisabledgroups/enabledistributiongroup.md +++ b/docs/directorymanager/11.1/managementshell/mailenableddisabledgroups/enabledistributiongroup.md @@ -1,3 +1,9 @@ +--- +title: "Enable-DistributionGroup" +description: "Enable-DistributionGroup" +sidebar_position: 20 +--- + # Enable-DistributionGroup This commandlet makes a distribution group in directory mail-enabled. diff --git a/docs/directorymanager/11.1/managementshell/mailenableddisabledgroups/overview.md b/docs/directorymanager/11.1/managementshell/mailenableddisabledgroups/overview.md index 469815408f..1ff5b41550 100644 --- a/docs/directorymanager/11.1/managementshell/mailenableddisabledgroups/overview.md +++ b/docs/directorymanager/11.1/managementshell/mailenableddisabledgroups/overview.md @@ -1,3 +1,9 @@ +--- +title: "Mail-Enable/Disable Groups Commands" +description: "Mail-Enable/Disable Groups Commands" +sidebar_position: 110 +--- + # Mail-Enable/Disable Groups Commands This section covers cmdlets for enabling and disabling groups for email. diff --git a/docs/directorymanager/11.1/managementshell/membership/_category_.json b/docs/directorymanager/11.1/managementshell/membership/_category_.json new file mode 100644 index 0000000000..3147b59c54 --- /dev/null +++ b/docs/directorymanager/11.1/managementshell/membership/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Membership Commands", + "position": 120, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/directorymanager/11.1/managementshell/membership/addgroupmember.md b/docs/directorymanager/11.1/managementshell/membership/addgroupmember.md index a71f7c654b..78af6c8a7f 100644 --- a/docs/directorymanager/11.1/managementshell/membership/addgroupmember.md +++ b/docs/directorymanager/11.1/managementshell/membership/addgroupmember.md @@ -1,3 +1,9 @@ +--- +title: "Add-GroupMember" +description: "Add-GroupMember" +sidebar_position: 10 +--- + # Add-GroupMember The Add-GroupMember commandlet helps you to add one or more objects to the membership of a group in @@ -36,7 +42,7 @@ Example 1: The following command adds the user Brian Regan to the membership of the Event Management group using the credentials set in the $Credentials environment variable. See the -[Set the $Credentials Environment Variable](/docs/directorymanager/11.1/managementshell/parameters/setthecredential.md) topic for setting +[Set the $Credentials Environment Variable](/docs/directorymanager/11.1/managementshell/setthecredential.md) topic for setting credentials in an environment variable. ``` diff --git a/docs/directorymanager/11.1/managementshell/membership/getgroupmember.md b/docs/directorymanager/11.1/managementshell/membership/getgroupmember.md index 8b03687a7d..1067cfc0aa 100644 --- a/docs/directorymanager/11.1/managementshell/membership/getgroupmember.md +++ b/docs/directorymanager/11.1/managementshell/membership/getgroupmember.md @@ -1,3 +1,9 @@ +--- +title: "Get-GroupMember" +description: "Get-GroupMember" +sidebar_position: 20 +--- + # Get-GroupMember Use this commandlet to retrieve members of a particular group from directory. You can apply filters @@ -24,7 +30,7 @@ Example 1: The following command retrieves all members of the Password_Expiry group using the credentials set in the $Credentials environment variable. See the -[Set the $Credentials Environment Variable](/docs/directorymanager/11.1/managementshell/parameters/setthecredential.md) topic for setting +[Set the $Credentials Environment Variable](/docs/directorymanager/11.1/managementshell/setthecredential.md) topic for setting credentials in an environment variable. ``` diff --git a/docs/directorymanager/11.1/managementshell/membership/getobject.md b/docs/directorymanager/11.1/managementshell/membership/getobject.md index ddbb5c6109..38765cf428 100644 --- a/docs/directorymanager/11.1/managementshell/membership/getobject.md +++ b/docs/directorymanager/11.1/managementshell/membership/getobject.md @@ -1,3 +1,9 @@ +--- +title: "Get-Object" +description: "Get-Object" +sidebar_position: 30 +--- + # Get-Object Use this commandlet to retrieve objects from one or more containers in a domain that match the given @@ -39,7 +45,7 @@ Example 2: The command below retrieves the object Event Management starting from the container Recruiting excluding its sub-containers using the credentials set in the $Credentials environment variable. See -the [Set the $Credentials Environment Variable](/docs/directorymanager/11.1/managementshell/parameters/setthecredential.md) topic for setting +the [Set the $Credentials Environment Variable](/docs/directorymanager/11.1/managementshell/setthecredential.md) topic for setting credentials in an environment variable. ``` diff --git a/docs/directorymanager/11.1/managementshell/membership/overview.md b/docs/directorymanager/11.1/managementshell/membership/overview.md index bf97238ee1..8dc20afefc 100644 --- a/docs/directorymanager/11.1/managementshell/membership/overview.md +++ b/docs/directorymanager/11.1/managementshell/membership/overview.md @@ -1,3 +1,9 @@ +--- +title: "Membership Commands" +description: "Membership Commands" +sidebar_position: 120 +--- + # Membership Commands This section covers cmdlets for managing the memberships of both managed and unmanaged groups. diff --git a/docs/directorymanager/11.1/managementshell/membership/removegroupmember.md b/docs/directorymanager/11.1/managementshell/membership/removegroupmember.md index 2c35965dbc..fbff02b114 100644 --- a/docs/directorymanager/11.1/managementshell/membership/removegroupmember.md +++ b/docs/directorymanager/11.1/managementshell/membership/removegroupmember.md @@ -1,3 +1,9 @@ +--- +title: "Remove-GroupMember" +description: "Remove-GroupMember" +sidebar_position: 40 +--- + # Remove-GroupMember Use this commandlet to remove one or more members from a group membership. @@ -29,7 +35,7 @@ Example: The following command removes the user Brian Regan from the membership of the group Event Management using the credentials set in the $Credentials environment variable. See the -[Set the $Credentials Environment Variable](/docs/directorymanager/11.1/managementshell/parameters/setthecredential.md) topic for setting +[Set the $Credentials Environment Variable](/docs/directorymanager/11.1/managementshell/setthecredential.md) topic for setting credentials in an environment variable. ``` diff --git a/docs/directorymanager/11.1/managementshell/membership/setobject.md b/docs/directorymanager/11.1/managementshell/membership/setobject.md index 6bf0b66e57..cb838bf63b 100644 --- a/docs/directorymanager/11.1/managementshell/membership/setobject.md +++ b/docs/directorymanager/11.1/managementshell/membership/setobject.md @@ -1,3 +1,9 @@ +--- +title: "Set-Object" +description: "Set-Object" +sidebar_position: 50 +--- + # Set-Object The Set-Object commandlet modifies any object such as a user, contact, group (managed or unmanaged), diff --git a/docs/directorymanager/11.1/managementshell/overview.md b/docs/directorymanager/11.1/managementshell/overview.md index 9c857505c4..f18b58cc29 100644 --- a/docs/directorymanager/11.1/managementshell/overview.md +++ b/docs/directorymanager/11.1/managementshell/overview.md @@ -1,3 +1,9 @@ +--- +title: "Directory Manager Management Shell" +description: "Directory Manager Management Shell" +sidebar_position: 110 +--- + # Directory Manager Management Shell Directory Manager Management Shell is a command-line interface for managing objects like users, diff --git a/docs/directorymanager/11.1/managementshell/parameters/parameters.md b/docs/directorymanager/11.1/managementshell/parameters.md similarity index 99% rename from docs/directorymanager/11.1/managementshell/parameters/parameters.md rename to docs/directorymanager/11.1/managementshell/parameters.md index e9a9ec9354..76ced9ee09 100644 --- a/docs/directorymanager/11.1/managementshell/parameters/parameters.md +++ b/docs/directorymanager/11.1/managementshell/parameters.md @@ -1,3 +1,9 @@ +--- +title: "Parameters" +description: "Parameters" +sidebar_position: 20 +--- + # Parameters This topic discusses the following: diff --git a/docs/directorymanager/11.1/managementshell/scheduling/_category_.json b/docs/directorymanager/11.1/managementshell/scheduling/_category_.json new file mode 100644 index 0000000000..65603b5e88 --- /dev/null +++ b/docs/directorymanager/11.1/managementshell/scheduling/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Scheduling Commands", + "position": 130, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/directorymanager/11.1/managementshell/scheduling/getschedule.md b/docs/directorymanager/11.1/managementshell/scheduling/getschedule.md index ed7ea65502..2638699106 100644 --- a/docs/directorymanager/11.1/managementshell/scheduling/getschedule.md +++ b/docs/directorymanager/11.1/managementshell/scheduling/getschedule.md @@ -1,3 +1,9 @@ +--- +title: "Get-Schedule" +description: "Get-Schedule" +sidebar_position: 10 +--- + # Get-Schedule The commandlet Get-Schedule retrieves the scheduled jobs created in the identity store connected to diff --git a/docs/directorymanager/11.1/managementshell/scheduling/gettargetschedule.md b/docs/directorymanager/11.1/managementshell/scheduling/gettargetschedule.md index 717ae002d7..e7c520a24e 100644 --- a/docs/directorymanager/11.1/managementshell/scheduling/gettargetschedule.md +++ b/docs/directorymanager/11.1/managementshell/scheduling/gettargetschedule.md @@ -1,3 +1,9 @@ +--- +title: "Get-TargetSchedules" +description: "Get-TargetSchedules" +sidebar_position: 20 +--- + # Get-TargetSchedules The commandlet Get-TargetSchedules retrieves the scheduled jobs of the given target (group/OU). diff --git a/docs/directorymanager/11.1/managementshell/scheduling/invokeschedule.md b/docs/directorymanager/11.1/managementshell/scheduling/invokeschedule.md index 3cc0360a62..9e7a4e56d6 100644 --- a/docs/directorymanager/11.1/managementshell/scheduling/invokeschedule.md +++ b/docs/directorymanager/11.1/managementshell/scheduling/invokeschedule.md @@ -1,3 +1,9 @@ +--- +title: "Invoke-Schedule" +description: "Invoke-Schedule" +sidebar_position: 30 +--- + # Invoke-Schedule The commandlet Invoke-Schedule executes the specified schedule job. diff --git a/docs/directorymanager/11.1/managementshell/scheduling/newschedule.md b/docs/directorymanager/11.1/managementshell/scheduling/newschedule.md index 8979a16934..c456f5521a 100644 --- a/docs/directorymanager/11.1/managementshell/scheduling/newschedule.md +++ b/docs/directorymanager/11.1/managementshell/scheduling/newschedule.md @@ -1,3 +1,9 @@ +--- +title: "New-Schedule" +description: "New-Schedule" +sidebar_position: 40 +--- + # New-Schedule The commandlet New-Schedule creates a new schedule in the identity store connected to the current diff --git a/docs/directorymanager/11.1/managementshell/scheduling/overview.md b/docs/directorymanager/11.1/managementshell/scheduling/overview.md index ffc4c49b3e..b4d9c15bcf 100644 --- a/docs/directorymanager/11.1/managementshell/scheduling/overview.md +++ b/docs/directorymanager/11.1/managementshell/scheduling/overview.md @@ -1,3 +1,9 @@ +--- +title: "Scheduling Commands" +description: "Scheduling Commands" +sidebar_position: 130 +--- + # Scheduling Commands This section covers the cmdlets that perform scheduling-related operations. diff --git a/docs/directorymanager/11.1/managementshell/scheduling/removeschedule.md b/docs/directorymanager/11.1/managementshell/scheduling/removeschedule.md index 9396538a22..eb704d7e32 100644 --- a/docs/directorymanager/11.1/managementshell/scheduling/removeschedule.md +++ b/docs/directorymanager/11.1/managementshell/scheduling/removeschedule.md @@ -1,3 +1,9 @@ +--- +title: "Remove-Schedule" +description: "Remove-Schedule" +sidebar_position: 50 +--- + # Remove-Schedule The commandlet Remove-Schedule removes a schedule (by its name or ID) from the identity store diff --git a/docs/directorymanager/11.1/managementshell/scheduling/setschedule.md b/docs/directorymanager/11.1/managementshell/scheduling/setschedule.md index 6974b4ede5..201353fad1 100644 --- a/docs/directorymanager/11.1/managementshell/scheduling/setschedule.md +++ b/docs/directorymanager/11.1/managementshell/scheduling/setschedule.md @@ -1,3 +1,9 @@ +--- +title: "Set-Schedule" +description: "Set-Schedule" +sidebar_position: 60 +--- + # Set-Schedule The commandlet Set-Schedule modifies the attributes and settings of a schedule in the identity store diff --git a/docs/directorymanager/11.1/managementshell/scheduling/stopschedule.md b/docs/directorymanager/11.1/managementshell/scheduling/stopschedule.md index c9cb893181..ddb74b8ace 100644 --- a/docs/directorymanager/11.1/managementshell/scheduling/stopschedule.md +++ b/docs/directorymanager/11.1/managementshell/scheduling/stopschedule.md @@ -1,3 +1,9 @@ +--- +title: "Stop-Schedule" +description: "Stop-Schedule" +sidebar_position: 70 +--- + # Stop-Schedule The commandlet Stop-Schedule stops a specified schedule if it is already running. diff --git a/docs/directorymanager/11.1/managementshell/parameters/setthecredential.md b/docs/directorymanager/11.1/managementshell/setthecredential.md similarity index 92% rename from docs/directorymanager/11.1/managementshell/parameters/setthecredential.md rename to docs/directorymanager/11.1/managementshell/setthecredential.md index f85f0cc8d1..e0f3af5e08 100644 --- a/docs/directorymanager/11.1/managementshell/parameters/setthecredential.md +++ b/docs/directorymanager/11.1/managementshell/setthecredential.md @@ -1,3 +1,9 @@ +--- +title: "Set the $Credentials Environment Variable" +description: "Set the $Credentials Environment Variable" +sidebar_position: 30 +--- + # Set the $Credentials Environment Variable By default, the Directory Manager Management Shell uses the credentials of the logged-in user for diff --git a/docs/directorymanager/11.1/managementshell/smartgroup/_category_.json b/docs/directorymanager/11.1/managementshell/smartgroup/_category_.json new file mode 100644 index 0000000000..87b1027557 --- /dev/null +++ b/docs/directorymanager/11.1/managementshell/smartgroup/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Smart Group Commands", + "position": 140, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/directorymanager/11.1/managementshell/smartgroup/converttostaticgroup.md b/docs/directorymanager/11.1/managementshell/smartgroup/converttostaticgroup.md index 52edc898a4..3cac09a73d 100644 --- a/docs/directorymanager/11.1/managementshell/smartgroup/converttostaticgroup.md +++ b/docs/directorymanager/11.1/managementshell/smartgroup/converttostaticgroup.md @@ -1,3 +1,9 @@ +--- +title: "ConvertTo-StaticGroup" +description: "ConvertTo-StaticGroup" +sidebar_position: 10 +--- + # ConvertTo-StaticGroup The ConvertTo-StaticGroup commandlet converts an existing Smart Group or a dynasty to a static group diff --git a/docs/directorymanager/11.1/managementshell/smartgroup/getsmartgroup.md b/docs/directorymanager/11.1/managementshell/smartgroup/getsmartgroup.md index a4ff4cf8cf..d3329fe4d6 100644 --- a/docs/directorymanager/11.1/managementshell/smartgroup/getsmartgroup.md +++ b/docs/directorymanager/11.1/managementshell/smartgroup/getsmartgroup.md @@ -1,3 +1,9 @@ +--- +title: "Get-SmartGroup" +description: "Get-SmartGroup" +sidebar_position: 20 +--- + # Get-SmartGroup Use this commandlet to retrieve Smart Groups and Dynasties that match your given criteria in one or diff --git a/docs/directorymanager/11.1/managementshell/smartgroup/newsmartgroup.md b/docs/directorymanager/11.1/managementshell/smartgroup/newsmartgroup.md index fcc4373d8f..7319cbb0f2 100644 --- a/docs/directorymanager/11.1/managementshell/smartgroup/newsmartgroup.md +++ b/docs/directorymanager/11.1/managementshell/smartgroup/newsmartgroup.md @@ -1,3 +1,9 @@ +--- +title: "New-SmartGroup" +description: "New-SmartGroup" +sidebar_position: 30 +--- + # New-SmartGroup This commandlet helps you to create a new Smart Group (managed group) in Directory. A Smart Group is diff --git a/docs/directorymanager/11.1/managementshell/smartgroup/overview.md b/docs/directorymanager/11.1/managementshell/smartgroup/overview.md index cc0196d3c1..cc702a3663 100644 --- a/docs/directorymanager/11.1/managementshell/smartgroup/overview.md +++ b/docs/directorymanager/11.1/managementshell/smartgroup/overview.md @@ -1,3 +1,9 @@ +--- +title: "Smart Group Commands" +description: "Smart Group Commands" +sidebar_position: 140 +--- + # Smart Group Commands This section covers cmdlets for managing Smart Groups. diff --git a/docs/directorymanager/11.1/managementshell/smartgroup/setsmartgroup.md b/docs/directorymanager/11.1/managementshell/smartgroup/setsmartgroup.md index b9961e1919..02d00043d5 100644 --- a/docs/directorymanager/11.1/managementshell/smartgroup/setsmartgroup.md +++ b/docs/directorymanager/11.1/managementshell/smartgroup/setsmartgroup.md @@ -1,3 +1,9 @@ +--- +title: "Set-SmartGroup" +description: "Set-SmartGroup" +sidebar_position: 40 +--- + # Set-SmartGroup The Set-SmartGroup commandlet modifies a Smart Group in Directory. Attributes that are common to diff --git a/docs/directorymanager/11.1/managementshell/smartgroup/updategroup.md b/docs/directorymanager/11.1/managementshell/smartgroup/updategroup.md index 6ded543abc..80c0dc901b 100644 --- a/docs/directorymanager/11.1/managementshell/smartgroup/updategroup.md +++ b/docs/directorymanager/11.1/managementshell/smartgroup/updategroup.md @@ -1,3 +1,9 @@ +--- +title: "Update-Group" +description: "Update-Group" +sidebar_position: 50 +--- + # Update-Group The Update-Group commandlet modifies the membership of a Smart Group or Dynasty according to the @@ -38,7 +44,7 @@ Example 2: The following command updates all Smart Groups and Dynasties present in the container Training, using the credentials set in the $Credentials environment variable. See the -[Set the $Credentials Environment Variable](/docs/directorymanager/11.1/managementshell/parameters/setthecredential.md) topic for setting +[Set the $Credentials Environment Variable](/docs/directorymanager/11.1/managementshell/setthecredential.md) topic for setting credentials in an environment variable. ``` diff --git a/docs/directorymanager/11.1/managementshell/smartgroup/upgradegroup.md b/docs/directorymanager/11.1/managementshell/smartgroup/upgradegroup.md index d0752849c4..48a4d9d7e8 100644 --- a/docs/directorymanager/11.1/managementshell/smartgroup/upgradegroup.md +++ b/docs/directorymanager/11.1/managementshell/smartgroup/upgradegroup.md @@ -1,10 +1,16 @@ +--- +title: "Upgrade-Group" +description: "Upgrade-Group" +sidebar_position: 60 +--- + # Upgrade-Group The Upgrade-Group commandlet upgrades managed (Smart Groups and Dynasties) and non-managed Groups of GroupID 10 to Directory Manager 11.1 version. Before running this commandlet, make sure the configurations and history have been upgraded through the Directory Manager Upgrade wizard, only then this commandlet will upgrade the specified groups and their history successfully. See the -[Upgrade to Directory Manager 11](/docs/directorymanager/11.1/install/upgrade/upgrade.md) topic for additional information +[Upgrade to Directory Manager 11](/docs/directorymanager/11.1/about/upgrade/upgrade.md) topic for additional information on upgrade. ## Syntax @@ -54,6 +60,6 @@ Upgrade-Group -SearchContainerScopeList "1" -SearchContainer "GIDsmart1""OU=Jobs ``` NOTE: The group types 4 and 5 which are for middle and leaf dynasties are not supported in this -commandlet. See the [Parameters](/docs/directorymanager/11.1/managementshell/parameters/parameters.md) topic for additional information on -the supported parameters. See the [Parameters](/docs/directorymanager/11.1/managementshell/parameters/parameters.md) topic to get information +commandlet. See the [Parameters](/docs/directorymanager/11.1/managementshell/parameters.md) topic for additional information on +the supported parameters. See the [Parameters](/docs/directorymanager/11.1/managementshell/parameters.md) topic to get information about the parameters which you can use in the Directory Manager Management Shell commandlets. diff --git a/docs/directorymanager/11.1/managementshell/user/_category_.json b/docs/directorymanager/11.1/managementshell/user/_category_.json new file mode 100644 index 0000000000..6f6686ac1a --- /dev/null +++ b/docs/directorymanager/11.1/managementshell/user/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "User Commands", + "position": 150, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/directorymanager/11.1/managementshell/user/getuser.md b/docs/directorymanager/11.1/managementshell/user/getuser.md index 22d5dd180e..f818bdc965 100644 --- a/docs/directorymanager/11.1/managementshell/user/getuser.md +++ b/docs/directorymanager/11.1/managementshell/user/getuser.md @@ -1,3 +1,9 @@ +--- +title: "Get-User" +description: "Get-User" +sidebar_position: 10 +--- + # Get-User Use the Get-User commandlet to retrieve basic information about a user that match your given diff --git a/docs/directorymanager/11.1/managementshell/user/getuserenrollment.md b/docs/directorymanager/11.1/managementshell/user/getuserenrollment.md index 4828cbf84a..bcd4f3f25b 100644 --- a/docs/directorymanager/11.1/managementshell/user/getuserenrollment.md +++ b/docs/directorymanager/11.1/managementshell/user/getuserenrollment.md @@ -1,3 +1,9 @@ +--- +title: "Get-UserEnrollment" +description: "Get-UserEnrollment" +sidebar_position: 20 +--- + # Get-UserEnrollment The commandlet Get-UserEnrollment retrieves enrollment information of a user. diff --git a/docs/directorymanager/11.1/managementshell/user/newuser.md b/docs/directorymanager/11.1/managementshell/user/newuser.md index 88ce30753c..ca647883ed 100644 --- a/docs/directorymanager/11.1/managementshell/user/newuser.md +++ b/docs/directorymanager/11.1/managementshell/user/newuser.md @@ -1,3 +1,9 @@ +--- +title: "New-User" +description: "New-User" +sidebar_position: 30 +--- + # New-User Use the New-User commandlet to create a new user in Directory. Most user properties can be directly diff --git a/docs/directorymanager/11.1/managementshell/user/overview.md b/docs/directorymanager/11.1/managementshell/user/overview.md index 9c46ba37a8..e40e20faec 100644 --- a/docs/directorymanager/11.1/managementshell/user/overview.md +++ b/docs/directorymanager/11.1/managementshell/user/overview.md @@ -1,3 +1,9 @@ +--- +title: "User Commands" +description: "User Commands" +sidebar_position: 150 +--- + # User Commands This section covers cmdlets for performing user-related tasks such as: diff --git a/docs/directorymanager/11.1/managementshell/user/removeuser.md b/docs/directorymanager/11.1/managementshell/user/removeuser.md index 43d69da05f..85978b142b 100644 --- a/docs/directorymanager/11.1/managementshell/user/removeuser.md +++ b/docs/directorymanager/11.1/managementshell/user/removeuser.md @@ -1,3 +1,9 @@ +--- +title: "Remove-User" +description: "Remove-User" +sidebar_position: 40 +--- + # Remove-User Use the Remove-User commandlet to delete a user from directory. diff --git a/docs/directorymanager/11.1/managementshell/user/setuser.md b/docs/directorymanager/11.1/managementshell/user/setuser.md index a00b508a09..e4a9d26c3c 100644 --- a/docs/directorymanager/11.1/managementshell/user/setuser.md +++ b/docs/directorymanager/11.1/managementshell/user/setuser.md @@ -1,3 +1,9 @@ +--- +title: "Set-User" +description: "Set-User" +sidebar_position: 50 +--- + # Set-User The Set-User commandlet modifies a user in Directory. Most user properties can be directly modified diff --git a/docs/directorymanager/11.1/managementshell/userlifecycle/_category_.json b/docs/directorymanager/11.1/managementshell/userlifecycle/_category_.json new file mode 100644 index 0000000000..908326dd20 --- /dev/null +++ b/docs/directorymanager/11.1/managementshell/userlifecycle/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "User Lifecycle Commands", + "position": 160, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/directorymanager/11.1/managementshell/userlifecycle/extenduser.md b/docs/directorymanager/11.1/managementshell/userlifecycle/extenduser.md index fd0cfeb3e3..a44bb391ac 100644 --- a/docs/directorymanager/11.1/managementshell/userlifecycle/extenduser.md +++ b/docs/directorymanager/11.1/managementshell/userlifecycle/extenduser.md @@ -1,3 +1,9 @@ +--- +title: "Extend-User" +description: "Extend-User" +sidebar_position: 10 +--- + # Extend-User Use the Extend-User commandlet to extend the user lifecycle of an expired user for specified period diff --git a/docs/directorymanager/11.1/managementshell/userlifecycle/getstatus.md b/docs/directorymanager/11.1/managementshell/userlifecycle/getstatus.md index ca9192d107..76d2e3d364 100644 --- a/docs/directorymanager/11.1/managementshell/userlifecycle/getstatus.md +++ b/docs/directorymanager/11.1/managementshell/userlifecycle/getstatus.md @@ -1,3 +1,9 @@ +--- +title: "Get-Status" +description: "Get-Status" +sidebar_position: 20 +--- + # Get-Status Use the Get-Status command to know the status of a specified user as per the profile validation diff --git a/docs/directorymanager/11.1/managementshell/userlifecycle/overview.md b/docs/directorymanager/11.1/managementshell/userlifecycle/overview.md index 92d1bfc8d2..ce9c79d13a 100644 --- a/docs/directorymanager/11.1/managementshell/userlifecycle/overview.md +++ b/docs/directorymanager/11.1/managementshell/userlifecycle/overview.md @@ -1,3 +1,9 @@ +--- +title: "User Lifecycle Commands" +description: "User Lifecycle Commands" +sidebar_position: 160 +--- + # User Lifecycle Commands This section covers the cmdlets for performing user lifecycle tasks such as: diff --git a/docs/directorymanager/11.1/managementshell/userlifecycle/reinstateuser.md b/docs/directorymanager/11.1/managementshell/userlifecycle/reinstateuser.md index 56c64673fb..5e3ae4cdde 100644 --- a/docs/directorymanager/11.1/managementshell/userlifecycle/reinstateuser.md +++ b/docs/directorymanager/11.1/managementshell/userlifecycle/reinstateuser.md @@ -1,3 +1,9 @@ +--- +title: "Reinstate-User" +description: "Reinstate-User" +sidebar_position: 30 +--- + # Reinstate-User Use the Reinstate-User command to activate or disable a user. Users can be disabled for any of the diff --git a/docs/directorymanager/11.1/managementshell/userlifecycle/terminatedirectreports.md b/docs/directorymanager/11.1/managementshell/userlifecycle/terminatedirectreports.md index b5430770f1..884af2ca43 100644 --- a/docs/directorymanager/11.1/managementshell/userlifecycle/terminatedirectreports.md +++ b/docs/directorymanager/11.1/managementshell/userlifecycle/terminatedirectreports.md @@ -1,3 +1,9 @@ +--- +title: "Terminate-DirectReports" +description: "Terminate-DirectReports" +sidebar_position: 40 +--- + # Terminate-DirectReports Use the Terminate-DirectRreports command to terminate user(s). Specify manager of the user you want diff --git a/docs/directorymanager/11.1/managementshell/userlifecycle/transferdirectreports.md b/docs/directorymanager/11.1/managementshell/userlifecycle/transferdirectreports.md index 8f8771362c..a1bce6343a 100644 --- a/docs/directorymanager/11.1/managementshell/userlifecycle/transferdirectreports.md +++ b/docs/directorymanager/11.1/managementshell/userlifecycle/transferdirectreports.md @@ -1,3 +1,9 @@ +--- +title: "Transfer-DirectReports" +description: "Transfer-DirectReports" +sidebar_position: 50 +--- + # Transfer-DirectReports Use the Transfer-DirectReports commandlet to transfer direct report(s) in the connected identity diff --git a/docs/directorymanager/11.1/portal/dashboard.md b/docs/directorymanager/11.1/portal/dashboard.md deleted file mode 100644 index 1e56b18e9f..0000000000 --- a/docs/directorymanager/11.1/portal/dashboard.md +++ /dev/null @@ -1,63 +0,0 @@ -# Dashboard - -The interface of the portal is designed in a manner that you can quickly access the main functions -of the portal. These functions are available as links on the top and left navigation bars. - -On logging into Directory Manager portal, you land on the dashboard. - -![dashboard](/img/product_docs/directorymanager/11.1/portal/dashboard.webp) - -Use the following to navigate within the application: - -- Quick Search -- Top right options -- Menu pane -- The Dashboard - -## Quick Search - -Look on the top of the page for **Search**. This element appears on every page. Use it to locate and -display information for objects. See the [Directory Search](/docs/directorymanager/11.1/portal/search/search.md) topic. - -- Use Quick Search to locate an object by its name. -- Use Advanced Search to search an object using a range of attributes. - -## Top right options - -The top right corner of the application displays: - -| Icon | Description | -| --------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Background tasks icon | View the status of Smart Group update jobs. A Smart Group Update job updates the membership of a Smart Group on the basis of a query. | -| Portal Settings | Personalize the portal | -| Help icon | Launch the portal help | -| User profile icon | Displays your profile picture with your name and the identity store that Directory Manager portal is connected to. Click it to launch the menu that displays the following: - Directory Manager version you’re using - The security role assigned to you in Directory Manager. The menu also displays the following options: - See full profile. See the [Object properties - General tab](/docs/directorymanager/11.1/portal/user/properties/activedirectory/general.md) topic. - My Applications. See the [Access your Applications](/docs/directorymanager/11.1/admincenter/general/accessapplications.md) topic. - Enroll your identity store account. See the [Enroll your Identity Store Account](/docs/directorymanager/11.1/admincenter/enroll.md) topic. - Change Password. See the [Change your Password](/docs/directorymanager/11.1/admincenter/general/changepassword.md) topic. - Switch account. See the [Switch Accounts](/docs/directorymanager/11.1/admincenter/general/switchaccount.md) topic. - Sign Out | - -## Menu pane - -Look on the left side of the page for the navigation pane, which lists links to: - -- Create New (Group, User, Contact) -- The Dashboard -- Groups -- Users -- Requests -- History -- Entitlement -- Synchronize -- Reports - -## The Dashboard - -The dashboard comprises of a few cards. - -| Cards | Description | -| ------------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| My Profile | View and update your profile in the directory. | -| All Users | Displays number of active users. Clicking it takes you to the **Users** page. | -| My Expiring Groups | Directs your attention to your expiring groups and any workflow requests that you may have to approve. | -| My Groups | Takes you to a listing of groups that you own. | -| Available Servers | Displays number of available servers for computing the effective NTFS permissions granted on the shared resources residing on those server. | -| Pending Requests | Displays logged-in user's requests that have not been approved yet. | -| Account Protection | Displays logged-in user's requests that have not been approved yet. | -| My Account History | Keeps track of the actions you performed using the portal. Use the **Add Note** button next to a history item to explain the reason for performing the action. | diff --git a/docs/directorymanager/11.1/portal/entitlement/overview.md b/docs/directorymanager/11.1/portal/entitlement/overview.md deleted file mode 100644 index 44a67c27af..0000000000 --- a/docs/directorymanager/11.1/portal/entitlement/overview.md +++ /dev/null @@ -1,7 +0,0 @@ -# Entitlement - -Directory Manager Entitlement enables you to stay informed on the permissions assigned to objects -residing on your Active Directory servers and SharePoint sites. - -See the [Entitlement](/docs/directorymanager/11.1/admincenter/entitlement/overview.md) topic for detailed information on -Entitlement. diff --git a/docs/directorymanager/11.1/portal/generalfeatures.md b/docs/directorymanager/11.1/portal/generalfeatures.md deleted file mode 100644 index 8b2566e5b3..0000000000 --- a/docs/directorymanager/11.1/portal/generalfeatures.md +++ /dev/null @@ -1,47 +0,0 @@ -# General Portal Features - -Directory Manager portal encompasses various functionalities available for the users that are: - -- Directory Search -- Find Dialog Box -- Portal Settings -- User Account Settings -- Toolbars - -## Directory Search - -The Directory Manager portal provides a robust search feature that empowers users to efficiently -manage various directory objects within their identity store. These objects include mailboxes, -users, groups, and contacts. Once a search is performed, the results are displayed on the Search -Results page. - -See the [Directory Search](/docs/directorymanager/11.1/portal/search/search.md) topic for additional information. - -## Find Dialog Box - -The Find dialog box enables you to search User, Group, and Contact objects in the connected identity -store. The object types av ailable for search may vary, depending on the page you launch the -**Find** dialog box from. - -See the [Find Dialog Box](/docs/directorymanager/11.1/portal/search/find.md) topic for additional information. - -## Portal Settings - -Directory Manager portal offers flexible portal settings to customize the user experience and -personalize the portal for each user. - -See the [Portal Settings](/docs/directorymanager/11.1/portal/setting/portal.md) topic for additional information. - -## User Account Settings - -Users can manage their own profile information and perform various account-related actions through -the User Settings. - -See the [User Account Settings](/docs/directorymanager/11.1/portal/setting/user.md) topic for additional information. - -## Toolbars - -The portal provides toolbars with diverse options that users can use on the objects. These actions -include editing properties, managing membership, viewing history, and more. - -See the [Toolbar](/docs/directorymanager/11.1/portal/toolbar.md) topic for additional information. diff --git a/docs/directorymanager/11.1/portal/group/allgroups.md b/docs/directorymanager/11.1/portal/group/allgroups.md deleted file mode 100644 index 70b3a11ea9..0000000000 --- a/docs/directorymanager/11.1/portal/group/allgroups.md +++ /dev/null @@ -1,128 +0,0 @@ -# All Groups - -This tab lists all groups defined in the identity store including all active groups: - -- [Private Groups](/docs/directorymanager/11.1/portal/group/privategroups.md) -- [Semi Private Groups](/docs/directorymanager/11.1/portal/group/semiprivategroups.md) -- [Public Groups](/docs/directorymanager/11.1/portal/group/publicgroups.md) -- [Expired Groups](/docs/directorymanager/11.1/portal/group/allexpiredgroups.md) -- [Expiring Groups](/docs/directorymanager/11.1/portal/group/allexpiringgroups.md) -- [Smart Groups](/docs/directorymanager/11.1/portal/group/allsmartgroups.md) -- [Dynasties](/docs/directorymanager/11.1/portal/group/alldynasties.md) -- [Password Expiry Groups](/docs/directorymanager/11.1/portal/group/passwordexpirygroups.md) -- [Teams](/docs/directorymanager/11.1/portal/group/teams.md) (for Microsoft Entra ID based identity store) - -Viewing all groups from the directory source may slow down the loading of groups in the view, -especially when there are more than 100 groups. - -**You can:** - -- Manually update the membership of a Smart Group using the **Update** command. You can also view - update details on **Processing Object (s)** wizard. Click **OK** once done. - - If you click **Background**, the update runs in the background and will show in the **Background - Tasks** tab. - -- View and modify the [Group Properties](/docs/directorymanager/11.1/portal/group/properties/overview.md) of a group. -- [Expire a group manually ](manage/groupexpiryfunction.md#expire-a-group-manually). After expiring - the group, it will be listed in **Expired Group** list. -- Select a smart group and click **Renew** on the toolbar; this re-applies the expiry policy of the - group starting from today, thus renewing the group. -- Join a group as a [Join a group temporarily](manage/groupjoinleave.md#join-a-group-temporarily) or - [Join a group permanently](manage/groupjoinleave.md#join-a-group-permanently) - - Select **Other** to add other users to the group. - -- Leave a group’s membership - [Leave a group temporarily](manage/groupjoinleave.md#leave-a-group-temporarily) or - [Leave a group permanently](manage/groupjoinleave.md#leave-a-group-permanently). - - Select **Other** to remove other users from the group. - -- To Join/Leave the group, you can also click on **Want to write reason to group owner?** and state - the reason for joining or leaving the group for the group owner. -- Update the security type of a group group using **Set Security Type** option. You can select one - of the following security types: - - - Public - - Semi Private - - Private - -- Update the expiration policy of a group using **Set Expiration Policy** option. - - - Never Expire - - Expire Every 30 Days - - Expire Every 60 Days - - Expire Every 90 Days - - Expire Every 120 Days - - Expire Every 6 Months - - Expire Every Year - - Other - -- Set owner for a group using **Set Owner** option. The drop down list displays two options: - - - **Me**: You can set yourself as the Owner. - - **Other**: You can select some other user as the Owner. - -- Physically delete a group. Select a group and click **Delete** on the toolbar. -- Click **Attest Group** to update and verify group's attributes and memberships. -- Get a list of all groups managed by a particular group (i.e., all groups for which the selected - group is a primary or additional owner). - - Select a group and click **Managed By** on the toolbar to get a list of groups managed by the - selected group. - -- Select a group and click **Move Group** from the toolbar. You can specify a new container from - **Select Container** box where you want to move the group. -- Add a group’s email to your email contact list using the vCard. - - Select a group and click **Add to Contacts** on the toolbar. The portal creates the group's - vCard and prompts you to save it on your machine. You can then use it to add the group's email - address to your email contact list. - -- Click **Add to Group** to add the group into the membership of another group - ([Add a group to the membership of another group (nesting)](manage/groupmembershipfunction.md#add-a-group-to-the-membership-of-another-group-nesting)). -- Select a group and click **Send Email** on the toolbar. This launches the default Windows email - application for sending an email to group members. -- Click **Export Results** on the toolbar to export the group list to a Microsoft Excel file. -- In the **Results** box, select the number of search results to display on a page. - -Use the page numbers under the group listing to page through all groups. - -You can also control the number of records to be displayed per page by modifying the **Search -results per page** setting on the [Portal Settings](/docs/directorymanager/11.1/portal/setting/portal.md) panel. - -## Modify Search Directory - -You can modify the search results in **Modify Search Directory.** You can select entire directory or -a domain to search active groups from. - -## Transfer Ownership - -You can find [Transfer Ownership](/docs/directorymanager/11.1/portal/group/transferownership.md) option on the top right corner. Transfer -Ownership enables you to: - -- Assign owners to orphan groups. -- Transfer group ownership (including Exchange 2013/2016/2019 additional ownership) from one - recipient to another. - -## Filter All Groups - -You can add filters in **All Group Grid Filters** while searching for specific groups. - -Step 1 – Click **Add Filter** to specify a criterion for filtering groups. - -Step 2 – From the **Select a Filter** list, select the attribute to filter groups. - -Step 3 – Two more boxes get displayed next to **Select a Filter** box upon selecting a filter. - -- **Select an Operator** from the first list. -- Specify a value for the selected operator in the second box. - -Step 4 – Click **Apply Filter**. - -Step 5 – All active groups that match the specified criterion are displayed. - -Step 6 – You can add additional filters by clicking **Add Filter.** - -Step 7 – To undo the filters, click **Reset Filter.** It will remove all the criteria set before. diff --git a/docs/directorymanager/11.1/portal/group/allsmartgroups.md b/docs/directorymanager/11.1/portal/group/allsmartgroups.md deleted file mode 100644 index f47ad27be2..0000000000 --- a/docs/directorymanager/11.1/portal/group/allsmartgroups.md +++ /dev/null @@ -1,10 +0,0 @@ -# Smart Groups - -This view lists only the Smart Groups created using Directory Manager in the connected identity -store. It does not list expired or deleted Smart Groups. To view the expired or deleted groups, -select the [Expired Groups](/docs/directorymanager/11.1/portal/group/allexpiredgroups.md) or [Deleted Groups](/docs/directorymanager/11.1/portal/group/recyclebin/overview.md) -respectively. - -You can [Modify Search Directory](allgroups.md#modify-search-directory) to search smart groups and -add [Filter All Groups](allgroups.md#filter-all-groups)by clicking **Smart Group Grid Filter**. All -the smart groups matching the filters will be displayed. diff --git a/docs/directorymanager/11.1/portal/group/create/activedirectory/general.md b/docs/directorymanager/11.1/portal/group/create/activedirectory/general.md deleted file mode 100644 index fd8981235c..0000000000 --- a/docs/directorymanager/11.1/portal/group/create/activedirectory/general.md +++ /dev/null @@ -1,63 +0,0 @@ -# General page - -Use this page to specify basic information about the group. - -1. Click **Browse** next to the **Container** box to select or create the container or - organizational unit to create the group in and click **OK**. - - If you want to create a container, click **Create** and then add container to create the group - in. Click **Refresh** to remove the changes. - - This field will be read-only if the administrator has predefined a container for creating new - groups. - -2. In the **Group Name** box, provide a name for the group by selecting a prefix and then entering a - name for the group. - - NOTE: The prefix box is displayed if the administrator has defined the prefixes. See Group name - prefixes. - These prefixes, when appended to group names, help standardize the group naming convention - across the enterprise. - -3. The **Name Preview** is displayed if the prefix list is available and displays a preview of the - prefix combined with the group name. -4. The group name is also displayed in the **Group Name (Pre Windows 2000)** box. Modify it, if - required. -5. Select the **Mail Enabled** check box to create the group as mail-enabled. A mail-enabled group - is one with an email address. Members of a mail-enabled group can receive emails. -6. The **Alias** box displays an alias for creating the group's email address. You can modify the - alias, if required. - - If Microsoft Exchange Server is the designated messaging provider for the identity store, then - the alias length is limited to 64 characters, it does not contain spaces, and it is unique to - the forest. For other messaging systems, the alias length must not exceed the number of - characters supported by the respective messaging system. - - Also, the alias must not contain characters that are invalid for the configured messaging - system. - - The **Alias** box is displayed if the **Mail Enabled** check box is selected. - -7. Set the group type by selecting an option for **Group Type**. - - - **Security** - this group will be used for securing public folders, printers and other network - resources. - - **Distribution** - this group will only be used for email distribution. - - NOTE: If the administrator has predefined a group type, you cannot change it. - -8. In the **Group Scope** list, select a scope for the group. - - - **Domain Local** - if the group is to contain only users in this domain. - - **Global Group** - if the group is to contain users from other domains, but should only be - visible within its own domain. - - **Universal Group** - if the group is to contain users and groups from any domain and be - visible in the Global Catalog. - - NOTE: (1) If the administrator has predefined a group scope, you cannot change it. - (2) To create a mail-enabled group (with Exchange 2013/2016/2019 as the messaging provider), you - must select **Universal** as the group scope. - -9. In the **Security** list, select a security type for the group. -10. Enter a description for the group in the **Description** box. -11. Click **Next**. diff --git a/docs/directorymanager/11.1/portal/group/create/activedirectory/group.md b/docs/directorymanager/11.1/portal/group/create/activedirectory/group.md deleted file mode 100644 index 12ef193382..0000000000 --- a/docs/directorymanager/11.1/portal/group/create/activedirectory/group.md +++ /dev/null @@ -1,95 +0,0 @@ -# Create Active Directory Groups - -Using Directory Manager portal, you can create static groups and Smart Groups in an Active Directory -identity store. - -NOTE: If the Directory Manager administrator has specified the group creation action for review, the -new group will be created after it is verified by an approver. See the -[Requests](/docs/directorymanager/11.1/portal/request/overview.md)topic for additional information. - -## Create a Static Group - -Follow the steps to create a static group. - -1. In the Directory Manager portal, click the **Create New** button in the left pane and select - **Group**. - - The **Create Group** wizard opens to the **Group Type** page. - - Pages and fields on the Create Group wizard may vary, since the administrator can customize the - wizard by adding or removing pages and fields. - -2. On the [Group Type page](/docs/directorymanager/11.1/portal/group/create/grouptype.md), select the **Static Group** option button and click - **Next**. -3. On the [General page](/docs/directorymanager/11.1/portal/group/create/activedirectory/general.md), specify basic information about the group. -4. On the [Members page](/docs/directorymanager/11.1/portal/group/create/activedirectory/members.md), specify members for the group. -5. On the [Owners page](/docs/directorymanager/11.1/portal/group/create/activedirectory/owners.md), specify primary and additional owners for the group. -6. On the [Summary Page](/docs/directorymanager/11.1/portal/user/create/activedirectory/summary.md), review the settings and - then click Finish to complete the wizard. - -## Create a Smart Group - -A Smart Group is one that dynamically maintains its membership based on the rules applied by a -user-defined query, such as an LDAP query. - -Rather than specifying static user memberships, you can use a query (for example, "All full-time -employees in my company") to dynamically build membership in a Smart Group. Managing memberships -with queries significantly reduces administrative costs. - -Follow the steps to create a Smart Group: - -1. In the Directory Manager portal, click the **Create New** button in the left pane and select - **Group**. - - The **Create Group** wizard opens to the **Group Type** page. - - Pages and fields on the Create Group wizard may vary, since the administrator can customize the - wizard by adding or removing tabs and fields. - -2. On the [Group Type page](/docs/directorymanager/11.1/portal/group/create/grouptype.md), select the **Smart Group** option button and click - **Next**. -3. On the [General page](/docs/directorymanager/11.1/portal/group/create/activedirectory/general.md), specify basic information about the group. -4. On the [ Smart Group page](/docs/directorymanager/11.1/portal/group/create/activedirectory/smartgroup.md), review and modify the query for updating group - membership. -5. On the [Owners page](/docs/directorymanager/11.1/portal/group/create/activedirectory/owners.md), specify primary and additional owners for the group. - - When a Smart Group Update job runs on a group, the notification behavior is as follows: - Even when the **Do not Notify** check box is selected, the additional owner will receive the - notifications if the administrator has included its email address for job-specific - notifications. - -6. On the [1](/docs/directorymanager/11.1/portal/user/create/activedirectory/summary.md), review the settings and then click - Finish to complete the wizard. - -## Create a Password Expiry Group - -A password expiry group is a Smart Group whose membership contains users whose identity store -account passwords are approaching their expiry dates. Members of this group are notified by email to -reset their passwords. When they do so, they are automatically removed from the group membership. - -NOTE: Password Expiry group is not supported in Microsoft Entra ID. - -Follow the steps to create a Password Expiry Group: - -1. In the Directory Manager portal, click the **Create New** button in the left pane and select - **Group**. - - The **Create Group** wizard opens to the **Group Type** page. - - Pages and fields on the Create Group wizard may vary, since the administrator can customize the - wizard by adding or removing tabs and fields. - -2. On the [Group Type page](/docs/directorymanager/11.1/portal/group/create/grouptype.md), select the **Password Expiry Group** option button and - click **Next**. -3. On the [General page](/docs/directorymanager/11.1/portal/group/create/activedirectory/general.md), specify basic information about the group. -4. On the [ Smart Group page](/docs/directorymanager/11.1/portal/group/create/activedirectory/smartgroup.md), review and modify the query for updating group - membership. -5. On the [Owners page](/docs/directorymanager/11.1/portal/group/create/activedirectory/owners.md), specify primary and additional owners for the group. - - When a Smart Group Update job runs on a group, the notification behavior is as follows: - Even when the **Do not Notify** check box is selected, the additional owner will receive the - notifications if the administrator has included its email address for job-specific - notifications. - -6. On the [Summary Page](/docs/directorymanager/11.1/portal/user/create/activedirectory/summary.md), review the settings and - then click Finish to complete the wizard. diff --git a/docs/directorymanager/11.1/portal/group/create/activedirectory/members.md b/docs/directorymanager/11.1/portal/group/create/activedirectory/members.md deleted file mode 100644 index c40f596c55..0000000000 --- a/docs/directorymanager/11.1/portal/group/create/activedirectory/members.md +++ /dev/null @@ -1,38 +0,0 @@ -# Members page - -You can add members to the group. You can also remove members. By default, you are a member of the -group. - -- To add member(s), click **Add**. Enter a search string to locate the object to add as a group - member, or click **Advance** to use the [Find Dialog Box](/docs/directorymanager/11.1/portal/search/find.md) for performing - a search. - - The selected members get listed in the grid on the **Members** page. - -- You can also add members to the group using an external file. You can also choose to import all - members of an existing group or groups to the membership of this group. - - Click **Import** to launch the **Import Members** wizard for importing group members. See - [Import Group Members](/docs/directorymanager/11.1/portal/group/properties/importmembers.md) for information. - -- To remove an object from the members list, select it and click **Remove**. - -The **Members** table displays the following information: - -| Column Name | Description | -| ------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Type | The object type of the member object, such as user or group. | -| Display Name | The name of the member object. You can view the memberships of groups that are members of this group. For example, when you add a group (Group B) as a member of this group (Group A), you can view the membership of Group B. You can continue to view memberships of groups that are members of Group B, and so on. This enables the owner of a distribution group to view all users who will receive the messages sent to the distribution group. Click the plus sign (![plus](/img/product_docs/directorymanager/11.1/portal/group/create/activedirectory/plus.webp)) next to a member group to view its members. Group membership can be viewed up to the nth level. However, you cannot modify membership of nested groups here. For a parent Dynasty, all child Dynasties are listed as members. NOTE: For an expired security group and Office 365 group, the members list would be empty. | -| Membership | Indicates whether the object is a temporary or permanent member of this group. The available membership types are: - Perpetual – To make the object a permanent member of the group. - Temporary Member – To make the object a temporary member of the group for the period you specify in the Beginning and Ending boxes. At the end of the period, the object is removed from the group membership. - Addition Pending – Indicates that the object will be a temporary member of the group for a period in the future. Use the Beginning and Ending boxes to set a period. Before the beginning date, the object’s membership type is displayed as ‘Addition Pending’. On the beginning date, the membership type changes to ‘Temporary Member’. Example. You add Smith as a temporary member to Group A on May 15 for future dates, May 20-30. Smith will be displayed in Group A’s membership with ‘Addition Pending’ as its membership type from May 15 to 19. However, Smith would not be added to group membership in the provider. On May 20, Smith will become a temporary member of Group A and its membership type will change to ‘Temporary Member’ from May 20 to 30. Smith will also be added to group membership in the provider. After May 30, Smith will be removed from Group A as a member in Directory Manager and in the provider. - Removal Pending - Indicates that the object will be temporarily removed from group membership for a period in the future. Use the Beginning and Ending boxes to set a period. Before the beginning date, the object’s membership type is displayed as ‘Removal Pending’. On the beginning date, the membership type will change to ‘Temporary Removed’. Example. You remove Smith from Group A on May 15 for future dates, May 20-30. Smith will be displayed in Group A’s membership with ‘Removal Pending’ as membership type from May 15 to 19. On May 20, Smith’s membership type in Directory Manager will change to ‘Temporary Removed’; lasting till May 30. However, Smith will be removed from Group A’s membership in the provider. After May 30, Smith will be added back to Group A as a permanent member in Directory Manager and in the provider. - Temporary Removed – Indicates that the object is temporarily removed from group membership for the period specified in the Beginning and Ending boxes. At the end of the period, the object is added back to the group membership as a permanent member. When the object is a perpetual member, the Membership column is blank. Click anywhere in the row to make it editable for changing the membership type of the group member. NOTE: You cannot change the membership type when the member object is a group. | -| Beginning | Displays the beginning date of the temporary addition or removal. | -| Ending | Shows the ending date of the temporary addition or removal. | - -The Membership Life Cycle job updates the temporary membership of groups. It adds and removes -temporary members from group membership on the specified dates. - -Consider a scenario where the Membership Life Cycle job is scheduled to run once a week, say -Mondays. If an object is to be added to group membership for three days - Wednesday till Friday, it -will not be added. This happens because the Membership Life Cycle job did not run on the particular -days for temporary membership update. - -After adding members, click **Next**. diff --git a/docs/directorymanager/11.1/portal/group/create/activedirectory/smartgroup.md b/docs/directorymanager/11.1/portal/group/create/activedirectory/smartgroup.md deleted file mode 100644 index a5490b8d78..0000000000 --- a/docs/directorymanager/11.1/portal/group/create/activedirectory/smartgroup.md +++ /dev/null @@ -1,41 +0,0 @@ -# Smart Group page - -This page displays the default query for the Smart Group; however, you can modify it. The group’s -membership is updated with the records fetched by the query. - -- The **Container(s)** area displays the domain or containers the query will run on. -- **Object Types**: Lists the object types the query will fetch. -- The **Server** and **Storage** areas are displayed if the query only fetches messaging system - recipients. These areas display the server and storage for the query to fetch the records from. - -In an Active Directory identity store, the default query returns the following: - -- If a messaging provider is configured for the identity store, the default query returns messaging - system recipients (users with mailboxes, users with external email addresses, and contacts with - external email addresses). -- Without a messaging provider, the default query returns all users, contacts and groups in the - identity store. - -In a Microsoft Entra ID identity store, the default query returns the following: - -- If a messaging provider is configured for the identity store, the default query returns messaging - system recipients (users with mailboxes and users with external email addresses). -- Without a messaging provider, the default query returns all users and groups. For an Office 365 - group, however, only user objects are added to group membership. - -You can do the following: - -Step 1 – To modify the query, click the **Query Designer** button. This launches the -[Query Designer](/docs/directorymanager/11.1/portal/group/querydesigner/overview.md) dialog box, where you can modify the query. - -Step 2 – You can also associate a Smart Group Update job with the group; this is a scheduled job -that updates the group’s membership when it runs. - -From the **Scheduled Job** list, select a Smart Group Update job to associate with the group. - -This list contains Smart Group Update jobs defined in the identity store. - -NOTE: If the administrator has enforced the job selection option, you cannot proceed unless you -select a scheduled job for this group. - -Step 3 – Click **Next**. diff --git a/docs/directorymanager/11.1/portal/group/create/azure/general.md b/docs/directorymanager/11.1/portal/group/create/azure/general.md deleted file mode 100644 index 7f68ab97eb..0000000000 --- a/docs/directorymanager/11.1/portal/group/create/azure/general.md +++ /dev/null @@ -1,33 +0,0 @@ -# General page - -Use this page to specify basic information about the group. - -1. Click **Browse** next to the **Container** box to select the container or organizational unit to - create the group in. - - This field would be read-only if the administrator has predefined a container for creating new - groups. - -2. In the **Group Name** box, provide a name for the group by selecting a prefix and then entering a - name for the group. - - NOTE: The prefix box is displayed if the administrator has defined the prefixes. See the - [Group Name Prefixes](/docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/prefixes.md) - topic for additional information. - These prefixes, when appended to group names, help standardize the group naming convention - across the enterprise. - -3. The **Name Preview** is displayed if the prefix list is available and displays a preview of the - prefix combined with the group name. -4. In the **Security** list, select a security type for the group. -5. Set the group type by selecting an option for **Group Type** - - - **Security** - this group will be used for securing public folders, printers and other network - resources. - - **Distribution** - this group will only be used for email distribution. - - **Teams** - this groups is used for manage Microsoft Teams and their associated channels. - - **Microsoft 365** - this group will be used to select a set of people to collaborate and use a - collection of resources. - -6. Enter a description for the group in the **Description** box. -7. Click **Next**. diff --git a/docs/directorymanager/11.1/portal/group/create/azure/group.md b/docs/directorymanager/11.1/portal/group/create/azure/group.md deleted file mode 100644 index 2b8bd74382..0000000000 --- a/docs/directorymanager/11.1/portal/group/create/azure/group.md +++ /dev/null @@ -1,72 +0,0 @@ -# Create Microsoft Entra ID Groups - -Using Directory Manager portal, you can create static groups and Smart Groups in an Microsoft Entra -ID identity store. - -NOTE: If the Directory Manager administrator has specified the group creation action for review, the -new group will be created after it is verified by an approver. See the -[Requests](/docs/directorymanager/11.1/portal/request/overview.md) topic for additional information. - -## Create a Static Group - -Follow the steps to create a static group. - -1. In the Directory Manager portal, click the **Create New** button in the left pane and select - **Group**. - - The **Create Group** wizard opens to the **Group Type** page. - - NOTE: Pages and fields on the Create Group wizard may vary, since the administrator can - customize the wizard by adding or removing tabs and fields. - -2. On the [Group Type page](/docs/directorymanager/11.1/portal/group/create/grouptype.md), select the **Static Group** option button and click - **Next**. -3. On the [General page](/docs/directorymanager/11.1/portal/group/create/azure/general.md), specify basic information about the group. -4. On the [Members page](/docs/directorymanager/11.1/portal/group/create/activedirectory/members.md), add objects to group membership. - - Only user objects can be added as members of an Office 365 group. - -5. On the [Owners page](/docs/directorymanager/11.1/portal/group/create/activedirectory/owners.md), specify primary and additional owners for the - group. - - Only users can be set as primary owners. You can specify multiple primary owners for a group. At - least one primary owner is mandatory. - -6. On the [Summary Page](/docs/directorymanager/11.1/portal/user/create/activedirectory/summary.md), review the settings and - then click Finish to complete the wizard. - -## Create a Smart Group - -Follow the steps to create a Smart Group. - -1. In the Directory Manager portal, click the **Create New** button in the left pane and select - **Group**. - - The **Create Group** wizard opens to the **Group Type** page. - - Remember, pages and fields on the Create Group wizard may vary, since the administrator can - customize the wizard by adding or removing tabs and fields. - -2. On the [Group Type page](/docs/directorymanager/11.1/portal/group/create/grouptype.md) page, select the **Smart Group** option button and - click **Next**. -3. On the [General page](/docs/directorymanager/11.1/portal/group/create/azure/general.md) page, specify basic information about the group. -4. On the [ Smart Group page](/docs/directorymanager/11.1/portal/group/create/activedirectory/smartgroup.md) page, review and modify the query - for updating group membership. - - Smart Groups in an Microsoft Entra ID based identity store use a device structured query - language to update group membership. You should either apply a query to a group in the Microsoft - Entra ID portal or in Directory Manager. - -5. On the [Owners page](/docs/directorymanager/11.1/portal/group/create/activedirectory/owners.md), specify primary and additional owners for the - group. - - - Only users can be set as primary owners. - - You can specify multiple primary owners for a group. At least one primary owner is mandatory. - - When a Smart Group Update job runs on a group, the notification behavior is as follows: - - Even when the **Do not Notify** check box is selected, the additional owner will receive the - notifications if the administrator has included its email address for job-specific - notifications. - -6. On the [Summary Page](/docs/directorymanager/11.1/portal/user/create/activedirectory/summary.md), review the settings and - then click **Finish** to complete the wizard. diff --git a/docs/directorymanager/11.1/portal/group/create/grouptype.md b/docs/directorymanager/11.1/portal/group/create/grouptype.md deleted file mode 100644 index df6b380aa0..0000000000 --- a/docs/directorymanager/11.1/portal/group/create/grouptype.md +++ /dev/null @@ -1,11 +0,0 @@ -# Group Type page - -Select the type of group you want to create and click **Next**. Options are: - -- [Create a Static Group](activedirectory/group.md#create-a-static-group) -- [Create a Smart Group](activedirectory/group.md#create-a-smart-group) -- [Create a Password Expiry Group](activedirectory/group.md#create-a-password-expiry-group) (not - supported in Microsoft Entra ID) -- [Create a Dynasty using the Organizational/Geographical/Custom template](/docs/directorymanager/11.1/portal/group/dynasty/activedirectory/createdynasty.md#create-a-dynasty-using-the-organizationalgeographicalcustom-template) -- [Create a Dynasty using the Managerial template](/docs/directorymanager/11.1/portal/group/dynasty/activedirectory/createdynasty.md#create-a-dynasty-using-the-managerial-template) -- [Create Teams](/docs/directorymanager/11.1/portal/group/teams/create.md) (for Microsoft Entra ID only) diff --git a/docs/directorymanager/11.1/portal/group/create/overview.md b/docs/directorymanager/11.1/portal/group/create/overview.md deleted file mode 100644 index ceffd18677..0000000000 --- a/docs/directorymanager/11.1/portal/group/create/overview.md +++ /dev/null @@ -1,27 +0,0 @@ -# Groups - -Using Directory Manager portal, you can create: - -- An unmanaged group or a static group. - - - A static group is a group you would normally create in a directory (for example, by using the - Active Directory Users and Computers snap-in). Though such groups can be created using - Directory Manager portal, Directory Manager does not support dynamic updates to them. Any - changes to the membership have to be updated manually. - -- A managed group or a Smart Group or a Dynasty. - - - A Smart Group (normal Smart Group and Smart Group with a password expiry condition) - - A Smart Group is one that dynamically maintains its membership based on rules. These rules - are applied in the form of a user-defined query, such as an LDAP query. This query is - defined once and scheduled for membership update using a Smart Group Update job. When the - Smart Group update job runs, it applies the defined rules to update the group's memberships. - - In this way, Smart Groups are automatically updated whenever the directory information - changes. This automated group management allows administrators to easily maintain large - distribution lists and security groups without having to manually add or remove members. - - - A Dynasty is a Smart Group that creates and manages other Smart Groups using information in - the directory. Dynasties help you manage large distribution lists by creating hierarchical - group structures that represent your organization’s hierarchy. diff --git a/docs/directorymanager/11.1/portal/group/dynasty/activedirectory/createdynasty.md b/docs/directorymanager/11.1/portal/group/dynasty/activedirectory/createdynasty.md deleted file mode 100644 index c2f2b693dc..0000000000 --- a/docs/directorymanager/11.1/portal/group/dynasty/activedirectory/createdynasty.md +++ /dev/null @@ -1,146 +0,0 @@ -# Create an Active Directory Dynasty - -The Directory Manager portal provides the following templates for creating Dynasties: - -- **Organizational:** To create a Smart Group for every distinct company, then for each department - within a company, and finally for each title in a department. -- **Geographical:** To create a Smart Group for every distinct country, then for each state within a - country, and finally for each city within a state. -- **Managerial:** To either create separate Smart Groups for the direct reports of each manager or - add all direct reports of the top manager and sub-level managers to a single group. -- **Custom:** To begin with a blank Dynasty and select your own group-by attributes. - -These templates provide pre-defined grouping attributes for creating Dynasty levels. You can define -custom group-by attributes to expand the Dynasty levels to suit your organizational model. You can -also combine an external data source with the templates to provide extended criteria for determining -group membership. - -NOTE: Settings related to Dynasty membership are configured at the identity store level. - -NOTE: Do not move a Dynasty from one domain to another. Child Dynasties would get orphaned and -subsequently deleted. - -NOTE: You cannot create mail-enabled Dynasties of the Office 365 group type in a Microsoft Entra ID -based identity store, since an Office 365 group cannot have groups as its members. Only non -mail-enabled Dynasties of the security group type are supported. - -Naming conventions for Child Dynasties - -Dynasty names help you group a parent Dynasty with its respective child Dynasties. - -- For an Organizational/Geographical/Custom Dynasty: - - The name of a child Dynasty starts with the name of its parent Dynasty (unless you change the - naming template for Dynasty children). - -- For a Managerial Dynasty: - - By default, the naming template for its child Dynasties starts with "Direct reports of - `manager`". - -To modify the display name template for child Dynasties, see -[Modify alias and display name templates](/docs/directorymanager/11.1/portal/group/manage/dynastyfunction.md#modify-alias-and-display-name-templates). - -NOTE: In the Dynasty creation/update process, a child Dynasty will not be created if it bears the -same name as that of an existing object in the directory. For example, when you create a custom -Dynasty, test1, on one attribute, SamAccountName, it’s child Dynasties would be named as -test1-Robert, test1-John, and so on. However, if test1-Robert already exists as a user object, -Directory Manager will skip the test1-Robert child Dynasty and continue to create the rest of the -Dynasty. - -## Create a Dynasty using the Organizational/Geographical/Custom template - -Follow the steps to create a dynasty using the the Organizational/Geographical/Custom template. - -1. In the Directory Managerbportal, click the **Create New** button in the left pane and select - **Group**. - - The **Create Group** wizard opens to the **Group Type** page. - - NOTE: Pages and fields on the wizard may vary, since the administrator can customize the wizard - by adding or removing pages and fields. - -2. On the [Group Type page](/docs/directorymanager/11.1/portal/group/create/grouptype.md), select the **Organizational Dynasty**, - **Geographical Dynasty**, or **Custom Dynasty** option button and click **Next**. -3. On the [General page](/docs/directorymanager/11.1/portal/group/create/activedirectory/general.md), specify basic information about - the Dynasty. -4. On the [Dynasty Options page](/docs/directorymanager/11.1/portal/group/dynasty/dynastyoptionsorggeocus.md), view or change the attributes in - the **Attributes** area and click **Next**. - - Dynasties create Smart Groups for each distinct value of each listed attribute. Depending on the - Dynasty template selected, the **Attributes** area displays the list of default attributes for - the template; however, you can add and remove attributes. For the Custom template, no attribute - is displayed. - -5. The [Query Designer](/docs/directorymanager/11.1/portal/group/querydesigner/overview.md) page displays the default query that - Directory Manager will use to determine the Dynasty membership. The default query returns all - users with Exchange mailboxes, along with users and contacts with external email addresses, which - are then grouped by the specified group-by attributes. - - Review the query for selecting the group members, then click **Next**. - - For details, see the [ Smart Group page](/docs/directorymanager/11.1/portal/group/create/activedirectory/smartgroup.md). - -6. On the [Owners page](/docs/directorymanager/11.1/portal/group/create/activedirectory/owners.md), specify primary and additional - owners for the Dynasty. - - NOTE: (1) Additional owners are only set for the parent and are not inherited by child Dynasties - during update. - (2) When a Smart Group Update job runs on a group, the notification behavior is as follows: - Even when the **Do not Notify** check box is selected, the additional owner will receive the - notifications if the administrator has included its email address for job-specific - notifications. - -7. On the [Summary Page](/docs/directorymanager/11.1/portal/user/create/activedirectory/summary.md), review the settings and - then click Finish to complete the wizard. - -## Create a Dynasty using the Managerial template - -Follow the steps to create a Dynasty using the Managerial template. - -1. In the Directory Manager portal, click the **Create New** button in the left pane and select - **Group**. - - The **Create Group** wizard opens to the **Group Type** page. - - NOTE: Pages and fields on the wizard may vary, since the administrator can customize the wizard - by adding or removing pages and fields. - -2. On the [Group Type page](/docs/directorymanager/11.1/portal/group/create/grouptype.md), select the **Managerial Dynasty** option - button and click **Next**. -3. On the [General page](/docs/directorymanager/11.1/portal/group/create/activedirectory/general.md), specify basic information about - the Dynasty. -4. On the [Dynasty Options page (Managerial Dynasty)](/docs/directorymanager/11.1/portal/group/dynasty/dynastyoptionsmanagerial.md), specify a - structure for the Dynasty and click **Next**. - - By default, Directory Manager constructs a managerial Dynasty structure by first creating a - Smart Group for all direct reports of the selected top-level manager and then continues down the - Dynasty structure, creating separate Smart Groups for the direct reports to each sub-level - manager. However, you can choose to create a single Smart Group for the direct reports of all - levels of managers rather than creating separate groups. - -5. The [Query Designer](/docs/directorymanager/11.1/portal/group/querydesigner/overview.md) page displays the default query that - Directory Manager will use to determine the Dynasty membership. This query returns all users with - Exchange mailboxes, along with users and contacts with external email addresses, which are then - grouped as per the managerial Dynasty structure. - - Review the query for selecting the group members, then click **Next.** - - For details, see the [ Smart Group page](/docs/directorymanager/11.1/portal/group/create/activedirectory/smartgroup.md). - -6. On the [Owners page](/docs/directorymanager/11.1/portal/group/create/activedirectory/owners.md), specify primary and additional - owners for the Dynasty. - - NOTE: (1) Additional owners are only set for the parent and are not inherited by child Dynasties - during update. - (2) When a Smart Group Update job runs on a group, the notification behavior is as follows: - Even when the **Do not Notify** check box is selected, the additional owner will receive the - notifications if the administrator has included its email address for job-specific - notifications. - (3) If you have selected the **Set Manager as owner** option on the **Dynasty Options** page, - the top manager would be displayed as the primary owner instead of the logged-in user. - In case you change the owner, the new recipient would be the Dynasty’s primary owner even if - the **Set Manager as owner** check box is selected. - -7. On the [Summary Page](/docs/directorymanager/11.1/portal/user/create/activedirectory/summary.md), review the settings and - then click Finish to complete the wizard. diff --git a/docs/directorymanager/11.1/portal/group/dynasty/azure/createdynasty.md b/docs/directorymanager/11.1/portal/group/dynasty/azure/createdynasty.md deleted file mode 100644 index ff2e98a439..0000000000 --- a/docs/directorymanager/11.1/portal/group/dynasty/azure/createdynasty.md +++ /dev/null @@ -1,148 +0,0 @@ -# Create a Microsoft Entra ID Dynasty - -The Directory Manager portal provides the following templates for creating Dynasties: - -- Organizational – To create a Smart Group for every distinct company, then for each department - within a company, and finally for each title in a department. -- Geographical – To create a Smart Group for every distinct country, then for each state within a - country, and finally for each city within a state. -- Managerial – To either create separate Smart Groups for the direct reports of each manager or add - all direct reports of the top manager and sub-level managers to a single group. -- Custom – To begin with a blank Dynasty and select your own group-by attributes. - -These templates provide pre-defined grouping attributes for creating Dynasty levels. You can define -custom group-by attributes to expand the Dynasty levels to suit your organizational model. You can -also combine an external data source with the templates to provide extended criteria for determining -group membership. - -NOTE: Settings related to Dynasty membership are configured at the identity store level. - -NOTE: Do not move a Dynasty from one domain to another. Child Dynasties would get orphaned and -subsequently deleted. - -NOTE: You cannot create mail-enabled Dynasties of the Office 365 group type in a Microsoft Entra ID -based identity store, since an Office 365 group cannot have groups as its members. Only non -mail-enabled Dynasties of the security group type are supported. - -**Naming conventions for Child Dynasties** - -Dynasty names help you group a parent Dynasty with its respective child Dynasties. - -- For an Organizational/Geographical/Custom Dynasty: - - The name of a child Dynasty starts with the name of its parent Dynasty (unless you change the - naming template for Dynasty children). - -- For a Managerial Dynasty: - - By default, the naming template for its child Dynasties starts with "Direct reports of - `manager`". - -To modify the display name template for child Dynasties, see -[Modify alias and display name templates](/docs/directorymanager/11.1/portal/group/manage/dynastyfunction.md#modify-alias-and-display-name-templates)topic -for additional information. - -NOTE: In the Dynasty creation/update process, a child Dynasty will not be created if it bears the -same name as that of an existing object in the directory. For example, when you create a custom -Dynasty, test1, on one attribute, SamAccountName, it’s child Dynasties would be named as -test1-Robert, test1-John, and so on. However, if test1-Robert already exists as a user object, -Directory Manager will skip the test1-Robert child Dynasty and continue to create the rest of the -Dynasty. - -## Create a Dynasty using the Organization/Geographical/Custom template - -Follow the steps to create a dynasty using the Organization/Geographical/Custom template. - -1. In the Directory Manager portal, click the **Create New** button in the left pane and select - **Group**. - - The **Create Group** wizard opens to the **Group Type** page. - - NOTE: Pages and fields on the wizard may vary, since the administrator can customize the wizard - by adding or removing pages and fields. - -2. On the [Group Type page](/docs/directorymanager/11.1/portal/group/create/grouptype.md), select the **Organizational Dynasty**, - **Geographical Dynasty**, or **Custom Dynasty** option button and click **Next**. -3. On the [General - Microsoft Entra ID](/docs/directorymanager/11.1/portal/group/dynasty/azure/general.md)page, specify basic information about the - Dynasty. -4. On the [Dynasty Options page](/docs/directorymanager/11.1/portal/group/dynasty/dynastyoptionsorggeocus.md), view or change the attributes in - the **Attributes** area and click **Next**. - - Dynasties create Smart Groups for each distinct value of each listed attribute. Depending on the - Dynasty template selected, the **Attributes** area displays the list of default attributes for - the template; however, you can add and remove attributes. For the Custom template, no attribute - is displayed. - -5. The [Query Designer](/docs/directorymanager/11.1/portal/group/querydesigner/overview.md) page displays the default query that - Directory Manager will use to determine the Dynasty membership. The default query returns all - users with Exchange mailboxes, along with users and contacts with external email addresses, which - are then grouped by the specified group-by attributes. - - Review the query for selecting the group members, then click **Next**. - - For details, see the [ Smart Group page](/docs/directorymanager/11.1/portal/group/create/activedirectory/smartgroup.md). - -6. On the [Owners page](/docs/directorymanager/11.1/portal/group/create/activedirectory/owners.md), specify primary and additional - owners for the Dynasty. - - NOTE: (1) Additional owners are only set for the parent and are not inherited by child Dynasties - during update. - (2) When a Smart Group Update job runs on a group, the notification behavior is as follows: - Even when the **Do not Notify** check box is selected, the additional owner will receive the - notifications if the administrator has included its email address for job-specific - notifications. - -7. On the [Summary Page](/docs/directorymanager/11.1/portal/user/create/activedirectory/summary.md), review the settings and - then click **Finish** to complete the wizard. - -## Create a Dynasty using the Managerial template - -Follow the steps to create a dynasty using the Managerial template. - -1. In the Directory Manager portal, click the **Create New** button in the left pane and select - **Group**. - - The **Create Group** wizard opens to the **Group Type** page. - - NOTE: Pages and fields on the wizard may vary, since the administrator can customize the wizard - by adding or removing pages and fields. - -2. On the [Group Type page](/docs/directorymanager/11.1/portal/group/create/grouptype.md), select the **Managerial Dynasty** option - button and click **Next**. -3. On the [General - Microsoft Entra ID](/docs/directorymanager/11.1/portal/group/dynasty/azure/general.md)page, specify basic information about the - Dynasty. -4. On the [Dynasty Options page (Managerial Dynasty)](/docs/directorymanager/11.1/portal/group/dynasty/dynastyoptionsmanagerial.md), specify a - structure for the Dynasty and click **Next**. - - By default, Directory Manager constructs a managerial Dynasty structure by first creating a - Smart Group for all direct reports of the selected top-level manager and then continues down the - Dynasty structure, creating separate Smart Groups for the direct reports to each sub-level - manager. However, you can choose to create a single Smart Group for the direct reports of all - levels of managers rather than creating separate groups. - -5. The [Query Designer](/docs/directorymanager/11.1/portal/group/querydesigner/overview.md) page displays the default query that - Directory Manager will use to determine the Dynasty membership. This query returns all users with - Exchange mailboxes, along with users and contacts with external email addresses, which are then - grouped as per the managerial Dynasty structure. - - Review the query for selecting the group members, then click **Next**. - - For details, see the [ Smart Group page](/docs/directorymanager/11.1/portal/group/create/activedirectory/smartgroup.md) topic for - additional information. - -6. On the [Owners page](/docs/directorymanager/11.1/portal/group/create/activedirectory/owners.md), specify primary and additional - owners for the Dynasty. - - NOTE: (1) Additional owners are only set for the parent and are not inherited by child Dynasties - during update. - (2) When a Smart Group Update job runs on a group, the notification behavior is as follows: - Even when the **Do not Notify** check box is selected, the additional owner will receive the - notifications if the administrator has included its email address for job-specific - notifications. - (3) If you have selected the **Set Manager as owner** option on the **Dynasty Options** page, - the top manager would be displayed as the primary owner instead of the logged-in user. - In case you change the owner, the new recipient would be the Dynasty’s primary owner even if - the **Set Manager as owner** check box is selected. - -7. On the [Summary Page](/docs/directorymanager/11.1/portal/user/create/activedirectory/summary.md), review the settings and - then click **Finish** to complete the wizard. diff --git a/docs/directorymanager/11.1/portal/group/dynasty/azure/general.md b/docs/directorymanager/11.1/portal/group/dynasty/azure/general.md deleted file mode 100644 index 0869efae61..0000000000 --- a/docs/directorymanager/11.1/portal/group/dynasty/azure/general.md +++ /dev/null @@ -1,36 +0,0 @@ -# General - Microsoft Entra ID - -Use this page to specify basic information about the group. - -1. Click **Browse** next to the **Container** box to select or create the container or - organizational unit to create the group in and click **OK**. - - If you want to create a container, click **Create** and then add container to create the group - in. Click **Refresh** to remove the changes. - - This field will be read-only if the administrator has predefined a container for creating new - groups. - -2. In the **Group Name** box, provide a name for the group by selecting a prefix and then entering a - name for the group. - - NOTE: The prefix box is displayed if the administrator has defined the prefixes. See the - [Group Name Prefixes](/docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/prefixes.md) - topic. - These prefixes, when appended to group names, help standardize the group naming convention - across the enterprise. - -3. In the **Security** list, select a security type for the group. -4. Set the group type by selecting an option for **Group Type**. - - - **Security** - this group will be used for securing public folders, printers and other network - resources. - - **Distribution** - this group will only be used for email distribution. - - **Teams** - this groups is used for manage Microsoft Teams and their associated channels. - - **Microsoft 365** - this group will be used to select a set of people to collaborate and use a - collection of resources. - - NOTE: If the administrator has predefined a group type, you cannot change it. - -5. Enter a description for the group in the **Description** box. -6. Click **Next**. diff --git a/docs/directorymanager/11.1/portal/group/dynasty/overview.md b/docs/directorymanager/11.1/portal/group/dynasty/overview.md deleted file mode 100644 index 509e5d2ee9..0000000000 --- a/docs/directorymanager/11.1/portal/group/dynasty/overview.md +++ /dev/null @@ -1,61 +0,0 @@ -# Dynasty - -A Dynasty is a Smart Group that creates and manages other Smart Groups using information in the -directory. Dynasties help you manage large distribution lists by creating hierarchical group -structures that represent your organization. The Smart Groups that the Dynasty creates are called -child groups and become members of their respective parent Dynasty. - -A Dynasty retrieves data from the directory on the same pattern as a Smart Group does, but it has -its own mechanism of dividing the query results into child groups. - -## The group-by field determines child groups - -When you create a Dynasty, you specify a query and a field, referred to as the _group-by_ field. The -group-by field is used to divide the query results into groups. - -For example, if you set ‘department’ as the group-by field, then each distinct value for the -‘department’ field is returned, for instance, Sales, Marketing, and Human Resources. Thus, a Dynasty -with the group-by field set to ‘department’ creates child groups for each distinct value: Sales, -Marketing, and Human Resources. - -## Built-in updates - -Directory Manager keeps the Dynasty active in two ways: - -- By adding new child groups as new values are returned for the group-by field. -- By removing existing child groups as previous values of the group-by field no longer exist in the - directory. - -Thus, as new values of the ‘department’ field appear, new groups are created, and as old values -disappear, the corresponding child groups are deleted. - -The same process occurs with the membership of each child group. When a user’s department changes -from Sales to Marketing, for example, the user is removed from the Sales child group and added to -the Marketing child group. - -## The child-parent relationship - -Dynasty children inherit their parent's characteristics and properties, such as group type, group -security, expiry policy, owner, delivery restrictions, message size restrictions and more. -Inheritance saves administrators incalculable time through the systematic application of pre-defined -properties to new groups. - -You can modify the values of all inherited attributes for a child, except the expiry policy. Child -Dynasties always inherit the expiry policy from the parent Dynasty and it can only be modified at -the parent level. - -Depending on the inheritance option selected for the parent Dynasty on the -[Group properties - Dynasty Options tab](/docs/directorymanager/11.1/portal/group/properties/dynastyoptions.md) in group properties, the -modified values of inherited attributes may or may not persist. - -## Multi-level Structure - -Dynasties have a multi-level structure. For example, you can create a Dynasty that groups first by -country, then state, and then city. When updated, the Dynasty creates a group for every country, -then it creates a group for every state in a country, and finally it creates a group for each city -within each state. Thus, each user in the organization belongs to a country group, a state group, -and a city group, and as the groups are updated through their multi-level structure, you do not need -to worry that they will go out-of-date. - -Dynasties come in handy for creating and maintaining large dynamic distribution lists in your -organization. diff --git a/docs/directorymanager/11.1/portal/group/manage/dynastyfunction.md b/docs/directorymanager/11.1/portal/group/manage/dynastyfunction.md deleted file mode 100644 index f87ab7fde9..0000000000 --- a/docs/directorymanager/11.1/portal/group/manage/dynastyfunction.md +++ /dev/null @@ -1,112 +0,0 @@ -# Dynasties Functions - -In Directory Manager portal, you can manage Dynasty structure and its membership using the following -functions. - -## Manage attributes for an Organizational/Geographical/Custom Dynasty - -Dynasties are built on attributes. For example, if the Country, State, and City attributes are -specified for a Geographical Dynasty, Directory Manager creates a Smart Group for every distinct -country, then for each state within a country, and finally for each city within a state. - -1. On the left navigation bar, click **Groups** and then select the **My Groups** tab. - - You can also [Directory Search](/docs/directorymanager/11.1/portal/search/search.md) the Organizational, Organizational, or - custom Dynasty you want to change the attributes for. - -2. Select the required Dynasty and click **Properties** on the toolbar. - - The Dynasty's [Group Properties](/docs/directorymanager/11.1/portal/group/properties/overview.md) page is displayed with the - **General** tab in view. - -3. On the **Dynasty Options** tab, update the attributes in the **Attributes** area. - - Refer to the [Dynasty Options page](/docs/directorymanager/11.1/portal/group/dynasty/dynastyoptionsorggeocus.md) for details. - -4. Click **Save**. - -## Manage Managerial Dynasty structure - -Follow the steps to manage structure of a Managerial Dynasty. - -1. On the left navigation bar, click **Groups** and then select the **My Groups** tab. - - You can also [Directory Search](/docs/directorymanager/11.1/portal/search/search.md) the Managerial Dynasty you want to - restructure. - -2. Select the required Dynasty and click **Properties** on the toolbar. - - The Dynasty's [Group Properties](/docs/directorymanager/11.1/portal/group/properties/overview.md) page is displayed with the - **General** tab in view. - -3. On the **Dynasty Options** tab, modify the options related to the Dynasty structure. - - Refer to the [Dynasty Options page (Managerial Dynasty)](/docs/directorymanager/11.1/portal/group/dynasty/dynastyoptionsmanagerial.md) - for details. - -4. Click **Save**. - -## Set attribute inheritance - -Follow the steps to set attribute inheritance of a dynasty. - -1. On the left navigation bar, click **Groups** and then select the **My Groups** tab. - - You can also [Directory Search](/docs/directorymanager/11.1/portal/search/search.md) the Dynasty you want to change the - inheritance option for. - -2. Select the required Dynasty and click **Properties** on the toolbar. - - The Dynasty's [Group Properties](/docs/directorymanager/11.1/portal/group/properties/overview.md) page is displayed with the - **General** tab in view. - -3. On the **Dynasty Options** tab, select the required option from the **Inheritance** drop-down - list. - - See [Inheritance](/docs/directorymanager/11.1/portal/group/properties/dynastyoptions.md). - -4. Click **Save**. - -## Modify alias and display name templates - -Follow the steps to modify alias of an Organizational/Geographical/Custom dynasty. - -1. On the left navigation bar, click **Groups** and then select the **My Groups** tab. - - You can also [Directory Search](/docs/directorymanager/11.1/portal/search/search.md) the Dynasty you want to change the alias - or display name template for. - -2. Select the required Organizational/Geographical/Custom Dynasty and click **Properties** on the - toolbar. - - The Dynasty's [Group Properties](/docs/directorymanager/11.1/portal/group/properties/overview.md) page is displayed with the - **General** tab in view. - -3. On the **Dynasty Options** tab, use the **Alias Template** and **Display Name Template** boxes to - modify the respective templates. - - For details, see [Alias Template](/docs/directorymanager/11.1/portal/group/properties/dynastyoptions.md) and - [Display Name Template](/docs/directorymanager/11.1/portal/group/properties/dynastyoptions.md) for an - Organizational/Geographical/Custom Dynasty. - -4. Click **Save**. - -Follow the steps to modify aloas of a Managerial dynasty. - -1. On the left navigation bar, click **Groups** and then select the **My Groups** tab. - - You can also [Directory Search](/docs/directorymanager/11.1/portal/search/search.md) the Dynasty you want to change the alias - or display name template for. - -2. Select the required Managerial Dynasty and click **Properties** on the toolbar. - - The Dynasty's [Group Properties](/docs/directorymanager/11.1/portal/group/properties/overview.md) page is displayed with the - **General** tab in view. - -3. On the **Dynasty Options** tab, use the **Alias Template** and **Display Name Template** boxes to - modify the respective templates. - - For details, see [Alias Template](/docs/directorymanager/11.1/portal/group/properties/dynastyoptions.md) and - [Display Name Template](/docs/directorymanager/11.1/portal/group/properties/dynastyoptions.md) for a Managerial Dynasty. - -4. Click **Save**. diff --git a/docs/directorymanager/11.1/portal/group/manage/generalfunction.md b/docs/directorymanager/11.1/portal/group/manage/generalfunction.md deleted file mode 100644 index 45d85738b9..0000000000 --- a/docs/directorymanager/11.1/portal/group/manage/generalfunction.md +++ /dev/null @@ -1,70 +0,0 @@ -# General Group functions - -You can perform the following general functions on your directory groups. - -## Search for groups - -See [Directory Search](/docs/directorymanager/11.1/portal/search/search.md). - -## View object properties - -You can view and modify the properties of a mailbox, group, user and contact. - -1. [Directory Search](/docs/directorymanager/11.1/portal/search/search.md) the required object. -2. Select this object on the **Search Results** page and click **Properties** on the toolbar. - - The object's [Group Properties](/docs/directorymanager/11.1/portal/group/properties/overview.md) page is displayed. - -## View groups managed by an object - -You can get a list of all groups managed by a particular object (i.e., all groups for which the -selected object is a primary or additional owner). - -1. [Directory Search](/docs/directorymanager/11.1/portal/search/search.md) the required object. -2. Select this object on the **Search Results** page and click **Owner** on the toolbar. - -## Manage group access - -A group’s security type determines how non-members can access the group and become its members. - -A security type is assigned to the group when it is created. However, you can change it later, if -required. - -1. In Directory Manager portal, click **Groups** in the left navigation pane, select Groups. - - The Groups page is displayed with the **My Groups** tab in view. - -2. Select a group and click **Properties** on the toolbar. - - The group's [Group Properties](/docs/directorymanager/11.1/portal/group/properties/overview.md) page is displayed with the **General** - tab in view. - -3. Select a different security type for the group from the **Security** list. -4. Click **Save**. - -## Set email delivery restrictions - -You can allow or restrict a group from receiving emails from specified recipients. - -NOTE: This feature is not available for groups in a Microsoft Entra ID based identity store. - -1. In Directory Manager portal, click **Groups** in the left navigation pane, select **My Groups**. - - The Groups page is displayed with the **My Groups** tab in view. - -2. Select the required group and click **Properties** on the toolbar. - - The group's [Group Properties](/docs/directorymanager/11.1/portal/group/properties/overview.md) page is displayed. - -3. Click the **Delivery Restrictions** tab. -4. Specify the senders that the group can receive emails from: - - 1. Click the **Add** button in the **Accept from** area. - 2. Enter a search string to locate the required object, or click **Advanced** to use the - [Find Dialog Box](/docs/directorymanager/11.1/portal/search/find.md) for performing a search. - -5. Select the senders that the group cannot accept emails from: - 1. Click the **Add** button in the **Reject from** area. - 2. Enter a search string to locate the required object, or click **Advanced** to use the - [Find Dialog Box](/docs/directorymanager/11.1/portal/search/find.md) for performing a search. -6. Save the changes. diff --git a/docs/directorymanager/11.1/portal/group/mydeletedgroups.md b/docs/directorymanager/11.1/portal/group/mydeletedgroups.md deleted file mode 100644 index 5380d55c09..0000000000 --- a/docs/directorymanager/11.1/portal/group/mydeletedgroups.md +++ /dev/null @@ -1,12 +0,0 @@ -# My Deleted Groups - -To view a list of deleted groups, click **Groups** on the left navigation pane and select **My -Groups**. On the My Groups page, click the **My Deleted Groups** tab. - -The **My Deleted Groups** tab lists the deleted groups that you are the primary owner for. To -include the groups for which you are an additional owner, select the **Display additional group -ownership in My Deleted Groups** check box on the [Portal Settings](/docs/directorymanager/11.1/portal/setting/portal.md) panel. - -You can [Modify Search Directory](allgroups.md#modify-search-directory) to search deleted groups and -add [Filter All Groups](allgroups.md#filter-all-groups)by clicking **My Deleted Groups Grid -Filters**. All your deleted groups matching the filters will be displayed. diff --git a/docs/directorymanager/11.1/portal/group/mydynasties.md b/docs/directorymanager/11.1/portal/group/mydynasties.md deleted file mode 100644 index 96df3d1c4f..0000000000 --- a/docs/directorymanager/11.1/portal/group/mydynasties.md +++ /dev/null @@ -1,9 +0,0 @@ -# My Dynasties - -This page lists the Dynasties you are the primary owner of. To include the groups for which you are -an additional owner, select the **Display additional group ownership in My Dynasties** check box on -the [Portal Settings](/docs/directorymanager/11.1/portal/setting/portal.md) panel. - -You can [Modify Search Directory](allgroups.md#modify-search-directory) to search dynasties and add -[Filter All Groups](allgroups.md#filter-all-groups)by clicking **My Dynasties Grid Filters**. All -the dynasties matching the filters will be displayed. diff --git a/docs/directorymanager/11.1/portal/group/myexpiredgroups.md b/docs/directorymanager/11.1/portal/group/myexpiredgroups.md deleted file mode 100644 index 685a7714e3..0000000000 --- a/docs/directorymanager/11.1/portal/group/myexpiredgroups.md +++ /dev/null @@ -1,30 +0,0 @@ -# My Expired Groups - -To view a list of your expired groups in the identity store, click **Groups** on the left navigation -pane and select **My Groups**. On the My Groups page, click the **My Expired Groups** tab. - -The following events occur when a group expires: - -- The group becomes inactive and is locked for all activities. -- "EXPIRED\_" is added as a prefix to the group name. -- A mail-enabled distribution group is mail-disabled, which means that any emails sent to the group - are bounced back with an expiry message. -- For an Office 365 group, its member list is backed up in the database and cleared from Office 365. -- For a security group, its member list is cleared and any permissions set for that group no longer - apply. However Directory Manager keeps a backup of its membership in the database. - -All groups that are expired by the Group Lifecycle job are available on the **My Expired Groups** -page. Moreover, when you manually expire a group that has an expiry policy other than ‘Never -expire’, it is also moved to this page. - -The Group Lifecycle job is responsible for logically deleting expired groups, but you can also -physically delete a group. See the [ Group Deletion](/docs/directorymanager/11.1/portal/group/manage/groupdeletion.md) topic for additional -information. - -By default, the **My Expired Groups** tab lists the groups that you are the primary owner for. To -include the groups for which you are an additional owner, select the **Display additional group -ownership in My Expired Groups** check box on the [Portal Settings](/docs/directorymanager/11.1/portal/setting/portal.md) panel. - -You can [Modify Search Directory](allgroups.md#modify-search-directory) to search expired groups and -add [Filter All Groups](allgroups.md#filter-all-groups)by clicking **My Expired Group Grid -Filters**. All the expired groups matching the filters will be displayed. diff --git a/docs/directorymanager/11.1/portal/group/myexpiringgroups.md b/docs/directorymanager/11.1/portal/group/myexpiringgroups.md deleted file mode 100644 index 5e5a9d2c2b..0000000000 --- a/docs/directorymanager/11.1/portal/group/myexpiringgroups.md +++ /dev/null @@ -1,17 +0,0 @@ -# My Expiring Groups - -To view a list of your expiring groups, click **Groups** on the left navigation pane and select **My -Groups**. On the My Groups page, click the **My Expiring Groups** tab. - -Groups that will expire in 30 days or less are considered as expiring groups. The expiry date is -calculated from a group’s expiry policy. The Group Life Cycle job is responsible for expiring these -groups on their respective expiry dates; however, you can also manually expire a group before it -reaches the expiry date. - -By default, the tab lists the groups that you are the primary owner for. To include the groups for -which you are an additional owner, select the **Display additional group ownership in My Expiring -Groups** check box on the [Portal Settings](/docs/directorymanager/11.1/portal/setting/portal.md) panel. - -You can [Modify Search Directory](allgroups.md#modify-search-directory) to search expiring groups -and add [Filter All Groups](allgroups.md#filter-all-groups)by clicking **My Expiring Group Grid -Filters**. All the expiring groups matching the filters will be displayed. diff --git a/docs/directorymanager/11.1/portal/group/mygroups.md b/docs/directorymanager/11.1/portal/group/mygroups.md deleted file mode 100644 index 48e058fb1e..0000000000 --- a/docs/directorymanager/11.1/portal/group/mygroups.md +++ /dev/null @@ -1,117 +0,0 @@ -# My Groups - -To view and manage the groups that you own in the identity store, click **Groups** on the left -navigation pane and select **My Groups**. This page lists all your active groups: - -- [My Memberships](/docs/directorymanager/11.1/portal/group/mymemberships.md) -- [My Expired Groups](/docs/directorymanager/11.1/portal/group/myexpiredgroups.md) -- [My Expiring Groups](/docs/directorymanager/11.1/portal/group/myexpiringgroups.md) -- [My Deleted Groups](/docs/directorymanager/11.1/portal/group/mydeletedgroups.md) -- [My Smart Groups](/docs/directorymanager/11.1/portal/group/mysmartgroups.md) -- [My Dynasties](/docs/directorymanager/11.1/portal/group/mydynasties.md) -- [My Teams](/docs/directorymanager/11.1/portal/group/myteams.md) (for Microsoft Entra ID based identity store) - -By default, the **My Groups** tab displays the groups that you are the primary owner for. To include -the groups for which you are an additional owner, select the **Display additional group ownership in -My Groups** check box on the [Portal Settings](/docs/directorymanager/11.1/portal/setting/portal.md) panel. This tab lists active -groups only; expired and deleted groups are not displayed. - -You can [Modify Search Directory](allgroups.md#modify-search-directory) to search your groups and -add [Filter All Groups](allgroups.md#filter-all-groups)by clicking **My Groups Grid Filters**. All -your groups matching the filters will be displayed. - -**You can:** - -- Manually update the membership of a Smart Group using the **Update** command. You can also view - update details on **Processing Object (s)** wizard. Click **OK** once done. If you click - **Background**, the update runs in the background and will show in the **Background Tasks** tab. -- View and modify the [Group Properties](/docs/directorymanager/11.1/portal/group/properties/overview.md) of a group. -- Manually expire your groups. After expiring the group, it will be listed in **My Expired Groups** - list. -- Select a smart group and click **Renew** on the toolbar; this re-applies the expiry policy of the - group starting from today, thus renewing the group. -- Join a group as a [Join a group temporarily](manage/groupjoinleave.md#join-a-group-temporarily) or - [Join a group permanently](manage/groupjoinleave.md#join-a-group-permanently) -- Leave a group’s membership - [Leave a group temporarily](manage/groupjoinleave.md#leave-a-group-temporarily) or - [Leave a group permanently](manage/groupjoinleave.md#leave-a-group-permanently). -- Join / leave a group - [Join or leave a group on behalf of a direct report or peer](manage/groupjoinleave.md#join-or-leave-a-group-on-behalf-of-a-direct-report-or-peer)a - direct report or peer. -- To Join/Leave the group, you can also click on **Want to write reason to group owner?** and state - the the reason for joining or leaving the group for the group owner. -- Update the security type of your group using **Set Security Type** option. You can select one of - the following security types: - - - Public - - Semi Private - - Private - -- Select a group and click **Move Group** from the toolbar. You can specify a new container from - **Select Container** box where you want to move the group. -- Select a group and click **Add to Contacts** on the toolbar to add a group’s email to your email - contact list using the vCard. The portal creates the group's vCard and prompts you to save it on - your machine. You can then use it to add the group's email address to your email contact list. -- Click **Add to Group** to add the group into the membership of another group - ([Add a group to the membership of another group (nesting)](manage/groupmembershipfunction.md#add-a-group-to-the-membership-of-another-group-nesting)). -- Select a group and click **Send Email** on the toolbar to send an email to the group. This - launches the default Windows email application for sending an email to group members. -- Click **Export Results** on the toolbar to export the group list to a Microsoft Excel file. -- Update the expiration policy of your group using **Set Expiration Policy** option. -- Update owner for your group using **Set Owner** option. The drop down list displays two options: - - - **Me:** You can set yourself as the Owner - - **Other:** You can select some other user as the owner. - -- Manually [ Group Deletion](/docs/directorymanager/11.1/portal/group/manage/groupdeletion.md) any of your group. -- Get a list of all groups managed by s particular group (i.e., all groups for which the selected - group is a primary or additional owner) - - Select a group and click **Managed By** on the toolbar to get a list of groups managed by the - selected group. - -- Click **Attest Group** to update smart groups and dynasties, and verify your group's attributes - and memberships. -- In the **Results** box, select the number of search results to display on a page. - -Use the page numbers under the group listing to page through all groups. - -You can control the number of records to be displayed per page by modifying the **Search results per -page** setting on the [Portal Settings](/docs/directorymanager/11.1/portal/setting/portal.md) panel. - -## Modify Search Directory - -You can modify the search results in **Modify Search Directory.** You can select entire directory or -a domain to search active groups from. - -## Transfer Ownership - -You can find [Transfer Ownership](/docs/directorymanager/11.1/portal/group/transferownership.md) option on the top right corner. Transfer -Ownership enables you to: - -- Assign owners to orphan groups. -- Transfer group ownership (including Exchange 2013/2016/2019 additional ownership) from one - recipient to another. - -## Filter My Groups - -You can add filters in **My Group Grid Filters** while searching for specific groups. - -Step 1 – Click **Add Filter** to specify a criterion for filtering groups. - -Step 2 – From the **Select a Filter** list, select the attribute to filter groups. - -Step 3 – Two more boxes get displayed next to **Select a Filter** box upon selecting a filter. - -- **Select an Operator** from the first list. -- Specify a value for the selected operator in the second box. - -Step 4 – Click **Apply Filter**. - -Step 5 – All your groups that match the specified criterion are displayed. - -Step 6 – You can add additional filters by clicking **Add Filter.** - -Step 7 – To undo the filters, click **Reset Filter.** - -It will remove all the criteria set before. diff --git a/docs/directorymanager/11.1/portal/group/mymemberships.md b/docs/directorymanager/11.1/portal/group/mymemberships.md deleted file mode 100644 index 1fc40ad7d4..0000000000 --- a/docs/directorymanager/11.1/portal/group/mymemberships.md +++ /dev/null @@ -1,11 +0,0 @@ -# My Memberships - -To view the groups that you are a member of, click **Groups** on the left navigation pane and select -**My Groups**. On the My Groups page, click the **My Memberships** tab. - -The **My Memberships** tab lists only active groups that you are a member of; expired and deleted -groups are not displayed. - -You can [Modify Search Directory](allgroups.md#modify-search-directory) to search your memberships -and add [Filter All Groups](allgroups.md#filter-all-groups)by clicking **My Memberships Grid -Filters**. All your memberships matching the filters will be displayed. diff --git a/docs/directorymanager/11.1/portal/group/mysmartgroups.md b/docs/directorymanager/11.1/portal/group/mysmartgroups.md deleted file mode 100644 index fbb7bbe07b..0000000000 --- a/docs/directorymanager/11.1/portal/group/mysmartgroups.md +++ /dev/null @@ -1,9 +0,0 @@ -# My Smart Groups - -This page lists only the Smart Groups that you are primary owner of. To include the groups for which -you are an additional owner, select the **Display additional group ownership in My Smart Groups** -check box on the [Portal Settings](/docs/directorymanager/11.1/portal/setting/portal.md) panel. - -You can [Modify Search Directory](allgroups.md#modify-search-directory) to search your smart groups -and add [Filter All Groups](allgroups.md#filter-all-groups)by clicking **Smart Group Grid Filters**. -All the smart groups matching the filters will be displayed. diff --git a/docs/directorymanager/11.1/portal/group/myteams.md b/docs/directorymanager/11.1/portal/group/myteams.md deleted file mode 100644 index 81fcd531d2..0000000000 --- a/docs/directorymanager/11.1/portal/group/myteams.md +++ /dev/null @@ -1,7 +0,0 @@ -# My Teams - -This page lists all the Microsoft Teams groups that you own. - -You can [Modify Search Directory](allgroups.md#modify-search-directory) to search teams and add -[Filter All Groups](allgroups.md#filter-all-groups)by clicking **My Teams Grid Filters**. All the -teams matching the filters will be displayed. diff --git a/docs/directorymanager/11.1/portal/group/overview.md b/docs/directorymanager/11.1/portal/group/overview.md deleted file mode 100644 index 6484fb19c1..0000000000 --- a/docs/directorymanager/11.1/portal/group/overview.md +++ /dev/null @@ -1,27 +0,0 @@ -# Group Management - -Directory Manager portal enables you to manage directory groups, that includes both static groups -and Smart Groups. You can: - -- Create static groups, Smart Groups and Dynasties. -- Manage the type, scope, security type, and ownerships of groups. -- Manage group membership dynamically. -- Specify an expiry policy for groups. This policy defines the period for which the group remains - active. When the period is over, the group becomes inactive and is locked for all activities. -- Groups can also be moved between domains within a single forest. - -Examples of directory groups include distribution lists and security groups. - -Directory Manager portal updates Smart Groups and Dynasties on the basis of user-defined queries. -When directory information changes, Directory Manager portal automatically updates the appropriate -groups, thus ensuring that groups are never out of date. - -This allows administrators to easily maintain large groups without having to manually add and remove -members. - -NOTE: You must [Log in](/docs/directorymanager/11.1/portal/login.md#log-in) before using it for group management. - -NOTE: When two identity stores (say, ID1 and ID2) are connected to the same domain (for example, -demo1.com), then objects in demo1.com would have a distinct state in ID1 and ID2. For example, an -object’s state (such as expiry policy, Smart Group criteria, additional owners, etc.) would be -different in both identity stores. diff --git a/docs/directorymanager/11.1/portal/group/privategroups.md b/docs/directorymanager/11.1/portal/group/privategroups.md deleted file mode 100644 index 54be220c9b..0000000000 --- a/docs/directorymanager/11.1/portal/group/privategroups.md +++ /dev/null @@ -1,10 +0,0 @@ -# Private Groups - -This view lists only the private groups created using Directory Manager in the connected identity -store. It does not list expired or deleted private groups. To view the expired or deleted groups, -select the [Expired Groups](/docs/directorymanager/11.1/portal/group/allexpiredgroups.md) or [Deleted Groups](/docs/directorymanager/11.1/portal/group/recyclebin/overview.md) -respectively. - -You can [Modify Search Directory](allgroups.md#modify-search-directory) to search private groups and -add [Filter All Groups](allgroups.md#filter-all-groups) by clicking **Private Group Grid Filters**. -All the private groups matching the filters will be displayed. diff --git a/docs/directorymanager/11.1/portal/group/properties/advanced.md b/docs/directorymanager/11.1/portal/group/properties/advanced.md deleted file mode 100644 index 1a39e52954..0000000000 --- a/docs/directorymanager/11.1/portal/group/properties/advanced.md +++ /dev/null @@ -1,42 +0,0 @@ -# Group properties - Advanced tab - -Use this tab to control the group's visibility in the messaging provider's address book and manage -out-of-office notifications. - -You can also specify non-delivery report (NDR) recipients when this group does not receive a message -sent to it. The non-delivery report lets the recipient know that the message was not delivered. - -**Admin Note** - -Notes from the administrator. - -**OOF Reply to originator** - -Set a mail-enabled group (Group A) to send out-of-office auto-replies to the message originator -(sender), when the group (Group A) receives a message and one or more group members have -out-of-office status. - -NOTE: This setting applies if Microsoft Exchange is configured as the messaging system for the -identity store. - -**Hide membership** - -Indicates whether to hide the membership of mail-enabled groups in the messaging provider's address -book (such as the Outlook address book). - -If selected, the group members will not be visible from within the address book. - -**Delivery Reports** - -Specify non-delivery report (NDR) recipients when a message sent to this group is not delivered. The -non-delivery report lets the recipient know that the message was not delivered. - -Options are: - -- **Report to originator** - The non-delivery report is sent to the sender to inform him or her that - the message was not delivered to the target group. -- **Report to owner** - The non-delivery report is sent to the group owner to inform him or her that - a message sent to the group was not delivered to group members. -- **Do not send delivery report** - Non-delivery reports are not sent to anyone. - -NOTE: Non-delivery reports are sent if an SMTP server is configured for the identity store. diff --git a/docs/directorymanager/11.1/portal/group/properties/email.md b/docs/directorymanager/11.1/portal/group/properties/email.md deleted file mode 100644 index ef8e31e1fd..0000000000 --- a/docs/directorymanager/11.1/portal/group/properties/email.md +++ /dev/null @@ -1,32 +0,0 @@ -# Group properties - Email tab - -Use this tab to view the email addresses assigned to this group. If your portal is connected to an -identity store having Exchange 2013/2016/2019 deployed; then on this tab, you can also specify -Exchange additional owners for the group. Exchange additional owners have the same privileges as the -primary owner. - -**Addresses** - -In case of a mail-enabled group, Microsoft Exchange assigns different addresses to it for -communication with different repositories (such as Address Book, SIP, Outlook). These addresses are -displayed in this box. - -**Managed by** - -Microsoft Exchange 2013/2016/2019 offers the co-managed by feature that enables you to specify -Exchange additional owners for a group. - -The **Managed by** section is displayed when Microsoft Exchange Server 2013/2016/2019 is deployed as -the messaging provider for the identity store your portal is connected to. This list shows Exchange -additional owners specified for the group. - -GroupID sends group expiry, deletion, and renewal notifications to all Exchange additional owners -along with the group’s primary owner and additional owners. See -[Group properties - Owner tab](/docs/directorymanager/11.1/portal/group/properties/owner.md) in group properties. - -- Click **Add** to add an Exchange additional owner. Enter a search string to locate the required - object, or click **Advance** to use the [Find Dialog Box](/docs/directorymanager/11.1/portal/search/find.md) for performing a - search. -- To remove an Exchange additional owner, select it and click **Remove**. - -NOTE: Only mail-enabled users can be designated as Exchange additional owners. diff --git a/docs/directorymanager/11.1/portal/group/properties/general.md b/docs/directorymanager/11.1/portal/group/properties/general.md deleted file mode 100644 index 1e2eeb8eec..0000000000 --- a/docs/directorymanager/11.1/portal/group/properties/general.md +++ /dev/null @@ -1,92 +0,0 @@ -# Group properties - General tab - -This tab allows you to view or modify the general information about the group. - -**Display name** - -The display name of the group. - -**Alias** - -The alias for the group. - -**Manager can update membership** - -Select this check box to enable the group managers (primary owner and Exchange additional owners) to -update this group’s membership directly on the directory server. Additional owners are not included -because they are Directory Manager-specific and the directory does not recognize them. - -This is a provider-end permission and does not impact role-based permissions assigned at the -identity store level in Directory Manager. Nor do role-based permissions assigned at the identity -store level have any impact on this feature. - -Enabling this setting auto-grants the required permissions to the manager. For Active Directory, for -example, the manager is granted the following permissions: - -- Create, delete, and manage user accounts. -- Reset user password and force password change at next logon. -- Create, delete and manage groups. -- Modify the membership of a group. - -NOTE: Do not update Smart Group membership manually; changes might be reversed when the Smart Group -Update job runs. - -NOTE: The _manager can update membership_ feature is not available for groups in a Microsoft Entra -ID based identity store. - -**Description** - -The description provided for the group. - -**Expiration Policy** - -The expiry policy for this group. It specifies the duration the group remains active for. The group -would expire when the period ends. - -If you select the Other option from the list, two boxes are displayed under the Expiration Policy -box. First, select an option (Days, Months, or Years) from the second list. Then enter a value for -the selected option in the first box. the group will remain active for the duration you specify -here. - -The Group Life Cycle job is responsible for expiring groups. - -**Expiration Date** - -Displays the expiry date for the group. This box is blank when the expiration policy is set to -"Never expire". - -When you change the expiration policy of a group, the expiration date is updated when you save the -changes. - -**Group Scope** - -The scope set for this group. - -- **Domain Local** - Can only contain users in this domain. -- **Global Group** - Can contain users from other domains but is visible only within its own domain. -- **Universal Group** - Can contain users and groups from any domain and is visible in the Global - Catalog. - -NOTE: With Exchange 2013/2016/2019 configured as the messaging provider for the identity store, the -group scope must be set to _Universal_ for mail-enabled groups. - -NOTE: In a Microsoft Entra ID based identity store, the group scope does not apply. - -**Group Type** - -The group type set for the group. - -- **Security** - this group will be used for securing public folders, printers and other network - resources. -- **Distribution** - this group will only be used for email distribution. - -NOTE: In a Microsoft Entra ID based identity store, the group type is set to 'security' by default -and this option is not displayed. - -**Security** - -Indicates the security type set for the group. - -**Email** - -The email address of the group (applies to mail-enabled groups only, such as an Office 365 group). diff --git a/docs/directorymanager/11.1/portal/group/properties/history.md b/docs/directorymanager/11.1/portal/group/properties/history.md deleted file mode 100644 index 55f1a23a22..0000000000 --- a/docs/directorymanager/11.1/portal/group/properties/history.md +++ /dev/null @@ -1,95 +0,0 @@ -# Object properties - History tab - -This tab displays the object's history, which includes all changes to the object since its creation. - -History is available if the administrator has enabled history tracking for the identity store. See -[History](/docs/directorymanager/11.1/portal/history/overview.md). - -## View History - -The **History** area displays the history for the object. History items in the view are arranged -according to date, showing the most recent at the top. - -This view is also called the detailed view. - -### Switch to Administrative View - -Click the **Switch to Administrative View** link to switch to the administrative view. This view is -only available if you have administrative privileges. - -It displays history data in a tabular form. History items are grouped by date. Each date group -displays changes made to the object during that period. - -You can expand an item to view more details, such as the names of the attributes modified in an -action along with their old and new values. - -## Export History Data - -You can export history data displayed on this page to an external file. - -1. Click the **Export History** button and select the file type to export history data to. Supported - formats are: - - - Excel - - CSV - - XML - -2. The file is created at the download location specified in the browser settings. - -## Add notes to history items - -Directory Manager enables a user to add notes to history items that were logged as a result of any -change they made. A note may explain the reason for making a certain change, such as why they -changed the security type for a group. - -Only the user who added the note can update it. Other users can only view this note; they cannot -edit or add comments. - -- The Add Note button is available next to a history item listed. -- Once you add a note, the Add Note button changes to View Note. All portal users can use this - button to view the note. - -### Add a note - -The option to add a note is available on the My Account History card on Dashboard, and all History -pages i.e.[My History](/docs/directorymanager/11.1/portal/history/myhistory.md), -[My Direct Reports' History](/docs/directorymanager/11.1/portal/history/mydirectreport.md) and -[My Groups' History](/docs/directorymanager/11.1/portal/history/mydirectorygroup.md) pages. - -Step 1 – Click the **Add Note** button next to a history item to add a note to it. - -Step 2 – On the Add Note dialog box, write a note and click **Add Note** to save it. - -Your note can have a maximum of 500 characters. - -### Edit a note - -You can only edit the note that you have added. - -Step 1 – Click the **View Note** button next to a history item to view or edit the note for it. - -Step 2 – On the Note dialog box, click the **Edit Note** button and update the note. - -Step 3 – Click **Update Note** to save the changes. - -### View a note - -Once a note is added, other users can view it, but they cannot edit it or add comments to it. - -- In the Detailed view: - - Click the **View Note** button next to a history item to view the note for it. - -- In the Administrative view: - - The Note column displays the note. - -### Remove a note - -You can only remove the note that you have added. - -Step 1 – Click the **View Note** button next to a history item to view or remove the note for it. - -Step 2 – Click the **Edit Note** button and remove the note. - -Step 3 – Click **Update Note**. diff --git a/docs/directorymanager/11.1/portal/group/properties/memberof.md b/docs/directorymanager/11.1/portal/group/properties/memberof.md deleted file mode 100644 index fb85ec7cbd..0000000000 --- a/docs/directorymanager/11.1/portal/group/properties/memberof.md +++ /dev/null @@ -1,35 +0,0 @@ -# properties - Member Of tab - -Use this tab to view the groups of which this group is a member. You can add and remove this group -from the membership of other groups. - -**Member Of** - -This group is a member of all groups listed in this grid. - -For each group listed, you can view the display name, email, and description. - -For each column in the grid, an item level filter is also available that lets you filter records -based on a particular criterion. For example; to show groups whose display names start with D, type -**D** in the box under the **Display Name** header and press Enter. - -| Column Name | Description | -| ------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Display Name | Displays the names of the groups this user is a member of. | -| Membership | Indicates whether the user is a temporary or permanent member of the group. - Perpetual – To make the object a permanent member of the group. - Temporary Member – To make the object a temporary member of the group for the period you specify in the Beginning and Ending boxes. At the end of the period, the object is removed from the group membership. - Addition Pending – Indicates that the object will be a temporary member of the group for a period in the future. Use the Beginning and Ending boxes to set a period. Before the beginning date, the object’s membership type is displayed as ‘Addition Pending’. On the beginning date, the membership type changes to ‘Temporary Member’. Example. You add Smith as a temporary member to Group A on May 15 for future dates, May 20-30. Smith will be displayed in Group A’s membership with ‘Addition Pending’ as its membership type from May 15 to 19. However, Smith would not be added to group membership in the provider. On May 20, Smith will become a temporary member of Group A and its membership type will change to ‘Temporary Member’ from May 20 to 30. Smith will also be added to group membership in the provider. After May 30, Smith will be removed from Group A as a member in Directory Manager and in the provider. - Removal Pending - Indicates that the object will be temporarily removed from group membership for a period in the future. Use the Beginning and Ending boxes to set a period. Before the beginning date, the object’s membership type is displayed as ‘Removal Pending’. On the beginning date, the membership type will change to ‘Temporary Removed’. Example. You remove Smith from Group A on May 15 for future dates, May 20-30. Smith will be displayed in Group A’s membership with ‘Removal Pending’ as membership type from May 15 to 19. On May 20, Smith’s membership type in Directory Manager will change to ‘Temporary Removed’; lasting till May 30. However, Smith will be removed from Group A’s membership in the provider. After May 30, Smith will be added back to Group A as a permanent member in Directory Manager and in the provider. - Temporary Removed – Indicates that the object is temporarily removed from group membership for the period specified in the Beginning and Ending boxes. At the end of the period, the object is added back to the group membership as a permanent member. When the user is a perpetual member, the **Membership** column is blank. You cannot change the membership type of the user for any group on the **Member Of** tab. Rather, go to the properties of the specific group and change the user's membership type on the [Group properties - Members tab](/docs/directorymanager/11.1/portal/group/properties/members.md). | -| Beginning | Displays the beginning date of the temporary addition or removal. | -| Ending | Displays the ending date of the temporary addition or removal. | - -**Add** - -Click it to add this group to the memberships of another group (for example, Group A). - -Enter a search string to locate the required group (Group A), or click **Advance** to use the -[Find Dialog Box](/docs/directorymanager/11.1/portal/search/find.md) for performing a search - -The selected group(s) get listed in the **Member Of** grid. - -**Remove** - -Select a group (Group A) from the Member Of list and click **Remove** to remove this group from the -membership of Group A. diff --git a/docs/directorymanager/11.1/portal/group/properties/members.md b/docs/directorymanager/11.1/portal/group/properties/members.md deleted file mode 100644 index c268e0bb55..0000000000 --- a/docs/directorymanager/11.1/portal/group/properties/members.md +++ /dev/null @@ -1,72 +0,0 @@ -# Group properties - Members tab - -Use this tab to view or modify the members of a group. By default, the primary owner is also a -member of the group. - -NOTE: In a Microsoft Entra ID based identity store, only user objects can be added as members of an -Office 365 group. - -**Members** - -Displays a list of member objects in this group. - -| Column Name | Description | -| ------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Type | The object type of the member object, such as user or group. | -| Display Name | The name of the member object. | -| | You can view the memberships of groups that are members of this group. For example, when you add a group (Group B) as a member of this group (Group A), you can view the membership of Group B. You can continue to view memberships of groups that are members of Group B, and so on. This enables the owner of a distribution group to view all users who will receive the messages sent to the distribution group. Click the plus sign next to a member group to view its members. Group membership can be viewed up to the nth level. However, you cannot modify membership of nested groups here. For a parent Dynasty, all child Dynasties are listed as members. NOTE: For an expired security group and Office 365 group, the members list would be empty. | -| Membership | Indicates whether the object is a temporary or permanent member of this group. The available membership types are: - Perpetual – To make the object a permanent member of the group. - Temporary Member – To make the object a temporary member of the group for the period you specify in the Beginning and Ending boxes. At the end of the period, the object is removed from the group membership. - Addition Pending – Indicates that the object will be a temporary member of the group for a period in the future. Use the Beginning and Ending boxes to set a period. Before the beginning date, the object’s membership type is displayed as ‘Addition Pending’. On the beginning date, the membership type changes to ‘Temporary Member’. Example. You add Smith as a temporary member to Group A on May 15 for future dates, May 20-30. Smith will be displayed in Group A’s membership with ‘Addition Pending’ as its membership type from May 15 to 19. However, Smith would not be added to group membership in the provider. On May 20, Smith will become a temporary member of Group A and its membership type will change to ‘Temporary Member’ from May 20 to 30. Smith will also be added to group membership in the provider. After May 30, Smith will be removed from Group A as a member in Directory Manager and in the provider. - Removal Pending - Indicates that the object will be temporarily removed from group membership for a period in the future. Use the Beginning and Ending boxes to set a period. Before the beginning date, the object’s membership type is displayed as ‘Removal Pending’. On the beginning date, the membership type will change to ‘Temporary Removed’. Example. You remove Smith from Group A on May 15 for future dates, May 20-30. Smith will be displayed in Group A’s membership with ‘Removal Pending’ as membership type from May 15 to 19. On May 20, Smith’s membership type in Directory Manager will change to ‘Temporary Removed’; lasting till May 30. However, Smith will be removed from Group A’s membership in the provider. After May 30, Smith will be added back to Group A as a permanent member in Directory Manager and in the provider. - Temporary Removed – Indicates that the object is temporarily removed from group membership for the period specified in the Beginning and Ending boxes. At the end of the period, the object is added back to the group membership as a permanent member. When the object is a perpetual member, the Membership column is blank. Click anywhere in the row to make it editable for changing the membership type of the group member. NOTE: You cannot change the membership type when the member object is a group. | -| Beginning | Shows the beginning date of the temporary addition or removal. | -| Ending | Shows the ending date of the temporary addition or removal. | - -NOTE: For each column, an item level filter is also available that lets you filter records based on -a particular criterion. For example; to show objects whose display names start with D, type **D** in -the box under the **Display Name** header and press Enter. - -The Membership Life Cycle job updates the temporary membership of groups. It adds and removes -temporary members from group membership on the specified dates. - -Consider a scenario where the Membership Life Cycle job is scheduled to run once a week, say -Mondays. If an object is to be added to group membership for three days - Wednesday till Friday, it -will not be added. This happens because the Membership Life Cycle job did not run on the particular -days for temporary membership update. - -**Add** - -To add member(s) to the group, click **Add**. Enter a search string to locate the object to add as a -member, or click **Advance** to use the [Find Dialog Box](/docs/directorymanager/11.1/portal/search/find.md) for performing a -search. - -The selected members get listed in the **Members** grid. - -NOTE: This button is disabled for Smart Groups and Dynasties since their memberships is determined -by the query set on the [Group properties - Smart Group/Query Designer tab](/docs/directorymanager/11.1/portal/group/properties/smartgroup.md). - See -[Schedule periodic membership updates for Smart Groups/Dynasties](/docs/directorymanager/11.1/portal/group/manage/scheduleupdate.md#schedule-periodic-membership-updates-for-smart-groupsdynasties). - -**Import** - -You can add members to the group using an external file. - -You can also choose to import all members of an existing group or groups to the membership of this -group. - -Click **Import** to launch the **Import Members** wizard for importing group members. See -[Import Group Members](/docs/directorymanager/11.1/portal/group/properties/importmembers.md) for information and instructions. - -**Export** - -You can export the list of members to an external file. Supported file formats are: .txt, .csv, -.xls, .xlsx and .xml. - -Click **Export** to launch the **Export Members** wizard for exporting group members. Select the -attributes you want to export. For information and instructions, see -[Export group members](/docs/directorymanager/11.1/portal/group/manage/groupmembershipfunction.md#export-group-members). - -**Remove All** - -To remove all the members at together, click **Remove all**. - -**Remove** - -To remove an object from the members list, select it and click **Remove**. diff --git a/docs/directorymanager/11.1/portal/group/properties/overview.md b/docs/directorymanager/11.1/portal/group/properties/overview.md deleted file mode 100644 index 98d83a513a..0000000000 --- a/docs/directorymanager/11.1/portal/group/properties/overview.md +++ /dev/null @@ -1,66 +0,0 @@ -# Group Properties - -You can view and manipulate the properties of groups in the connected identity store, depending on -the permissions the Directory Manager administrator has granted you. - -Select the required object and click **Properties** on the toolbar. The object's properties page is -displayed. - -**On the group's properties page, you can:** - -1. Save the changes made in the properties by clicking **Save**. -2. Click **Delete** to delete the group. -3. **Join** a group as a - [Join a group temporarily](/docs/directorymanager/11.1/portal/group/manage/groupjoinleave.md#join-a-group-temporarily) or - [Join a group permanently](/docs/directorymanager/11.1/portal/group/manage/groupjoinleave.md#join-a-group-permanently) - - Select **Other** to add other users to the group. - -4. **Leave** a group’s membership - [Leave a group temporarily](/docs/directorymanager/11.1/portal/group/manage/groupjoinleave.md#leave-a-group-temporarily) or - [Leave a group permanently](/docs/directorymanager/11.1/portal/group/manage/groupjoinleave.md#leave-a-group-permanently). - - Select **Other** to remove other users from the group. - -5. To **Join/Leave** the group, you can also click on **Want to write reason to group owner?** and - state the the reason for joining or leaving the group for the group owner. -6. Click **Upgrade To** to change the group into one of the following: - - - Smart Group - - Dynasty - - Managerial Dynasty - -7. Select a group and click **Move Group** from the toolbar. You can specify a new container from - **Select Container** box where you want to move the group. -8. Add a group’s email to your email contact list using the vCard. - - Select a group and click **Add to Contacts** on the toolbar. The portal creates the group's - vCard and prompts you to save it on your machine. You can then use it to add the group's email - address to your email contact list. - -9. Select a group and click **Send Email** on the toolbar. This launches the default Windows email - application for sending an email to group members. -10. For Teams, click **Subscribe Group** to get subscriptions of that Teams channel. -11. To unsubscribe from the Teams channel, click **Unsubscribe Group** from the toolbar. - -## Group Properties - -- [Group properties - General tab](/docs/directorymanager/11.1/portal/group/properties/general.md) -- [Group properties - Owner tab](/docs/directorymanager/11.1/portal/group/properties/owner.md) -- [Group properties - Members tab](/docs/directorymanager/11.1/portal/group/properties/members.md) -- [properties - Member Of tab](/docs/directorymanager/11.1/portal/group/properties/memberof.md) -- [Group properties - Delivery Restrictions tab](/docs/directorymanager/11.1/portal/group/properties/deliveryrestrictions.md) -- [Object properties - Attributes tab](/docs/directorymanager/11.1/portal/group/properties/attributes.md) -- [Group properties - Email tab](/docs/directorymanager/11.1/portal/group/properties/email.md) -- [Group properties - Advanced tab](/docs/directorymanager/11.1/portal/group/properties/advanced.md) -- [Group properties - Tree View](/docs/directorymanager/11.1/portal/group/properties/treeview.md) -- [Group Properties - Entitlement tab](/docs/directorymanager/11.1/portal/group/properties/entitlements.md) -- [Group properties - Similar Groups tab](/docs/directorymanager/11.1/portal/group/properties/similargroups.md) -- [Object properties - History tab](/docs/directorymanager/11.1/portal/group/properties/history.md) -- [Teams Properties - Channels](/docs/directorymanager/11.1/portal/group/properties/channels.md) (For Teams only) -- [Group properties - Smart Group/Query Designer tab](/docs/directorymanager/11.1/portal/group/properties/smartgroup.md) (for Smart Groups and Dynasties - only) -- [Group properties - Dynasty Options tab](/docs/directorymanager/11.1/portal/group/properties/dynastyoptions.md) (for Dynasties only) - -NOTE: The **Delivery Restrictions**, **Attributes**, **Email**, and **Advanced** tabs are not -available for groups in a Microsoft Entra IDbased identity store. diff --git a/docs/directorymanager/11.1/portal/group/properties/smartgroup.md b/docs/directorymanager/11.1/portal/group/properties/smartgroup.md deleted file mode 100644 index 1afb2c5043..0000000000 --- a/docs/directorymanager/11.1/portal/group/properties/smartgroup.md +++ /dev/null @@ -1,62 +0,0 @@ -# Group properties - Smart Group/Query Designer tab - -Use this tab to view and modify the query defined for the Smart Group/Dynasty, and even schedule -updates. - -The group’s membership is updated with the records fetched by the query. - -NOTE: In case of an Office 365 group in a Microsoft Entra ID based identity store, group membership -is updated with user objects only. - -Membership update settings defined for the identity store also impact Smart Group and Dynasty -membership update. - -**Container(s)** - -Displays the domain or containers the query will run on. - -**Object Types** - -Lists the object types the query will fetch. - -**Server and Storage** - -These areas are displayed if the query only fetches messaging system recipients. They display the -server and storage for the query to fetch the records from. - -**Query Designer** - -To modify the query, click the **Query Designer** button. This launches the -[Query Designer](/docs/directorymanager/11.1/portal/group/querydesigner/overview.md) dialog box, where you can modify the query. - -Smart Groups and Dynasties in a Microsoft Entra IDbased identity store use a device structured query -language while those in an Active Directory based identity store use LDAP queries to update group -membership. - -**Membership Preview** - -You can preview the group members of the smart group before executing the changes. - -**Clear** - -To remove all the queries set in the Query Designer, click **Clear**. - -**Scheduled Job** - -You can associate a Smart Group Update job with the group; this is a scheduled job that updates the -group’s membership when it runs. - -From the **Scheduled Job** list, select a Smart Group Update job to associate with the group. - -This list contains Smart Group Update jobs define for the identity store. - -NOTE: If the administrator has enforced the job selection option, you cannot save any changes unless -you associate a scheduled job with this group. - -**Updated On** - -Display the date and time when the group was updated based on the schedule set for it. - -**Create a Schedule** - -You can create a new schedule other than the ones on the list. diff --git a/docs/directorymanager/11.1/portal/group/publicgroups.md b/docs/directorymanager/11.1/portal/group/publicgroups.md deleted file mode 100644 index 70dfb74cc9..0000000000 --- a/docs/directorymanager/11.1/portal/group/publicgroups.md +++ /dev/null @@ -1,10 +0,0 @@ -# Public Groups - -This view lists only the public groups created using Directory Manager in the connected identity -store. It does not list expired or deleted public groups. To view the expired or deleted groups, -select the [Expired Groups](/docs/directorymanager/11.1/portal/group/allexpiredgroups.md) or [Deleted Groups](/docs/directorymanager/11.1/portal/group/recyclebin/overview.md) -respectively. - -You can [Modify Search Directory](allgroups.md#modify-search-directory) to search private groups and -add [Filter All Groups](allgroups.md#filter-all-groups) by clicking **Public Group Grid Filters**. -All the public groups matching the filters will be displayed. diff --git a/docs/directorymanager/11.1/portal/group/querydesigner/database.md b/docs/directorymanager/11.1/portal/group/querydesigner/database.md deleted file mode 100644 index 0a612bb944..0000000000 --- a/docs/directorymanager/11.1/portal/group/querydesigner/database.md +++ /dev/null @@ -1,92 +0,0 @@ -# Query Designer - Database tab - -You can combine an external data provider with the directory to determine a group's membership. - -The supported external data providers are: - -- Microsoft Access -- Microsoft Excel -- Oracle -- ODBC -- Microsoft SQL Server -- Text/CSV -- SCIM - -Before using any of the above external data providers, a data source for the provider must be -defined in Admin Center. See the [Create a Data Source](/docs/directorymanager/11.1/admincenter/datasource/create.md) -topic. - -A connection is configured in a data source, Directory Manager portal connects to the external -database, retrieves the results, and then queries the directory for matching records. - -You must map one column returned by the command on the Database tab with a directory attribute to -join the external data source to the identity store. The query compares the values of the mapped -attributes and extracts objects with matching values to add to the group’s membership. - -For example, if you want to add to group membership all employees whose employee IDs are present in -an external data source, you can select that data source and map a key attribute with a directory -attribute. Use attributes that store the employee ID. When group membership is updated, Directory -Manager will fetch only those users from the directory whose employee IDs also exist in the data -source. - -**External Data Provider** - -Select the data source from the drop-down list that you want to use to determine the group's -membership. - -**External Provider Table** - -Once the data source is selected, select the provider's table that contains the data. If the table -you need is not listed, type its name in the External Provider Table box to select the table. - -**Identity Store Attribute** - -Select an identity store attribute to map a database attribute to it. - -**External Provider Attribute** - -Select a data provider attribute to map it to the selected identity store attribute. - -**Command String** - -This field displays the command that the **Query Designer** executes to retrieve the query results -from the data source. The value can be a query statement and can include multiple columns separated -by commas. Field names are enclosed in brackets ([ ]) to prevent any ambiguity that the query engine -might encounter due to spaces between column names. - -You can modify the command and even write your own command. - -For better performance, it is recommended to select only the columns required to create your group. - -For example: - -``` -SELECT [Column1],[Column2] FROM [Filename.csv] -``` - -Execute - -Click this button to execute the command and preview the results. This process may take several -minutes depending on the size of your data source. - -**Clear** - -Click this button to clear the query. - -Preview - -Enables you to preview the results returned with the criteria specified on all tabs of the Query -Designer dialog box. This is a check to ensure the accuracy of data before changes are committed to -the directory. - -OK - -Saves settings and closes the dialog box. - -Cancel - -Discards settings and closes the dialog box. - -LDAP Query - -View the provider query in the LDAP Query box. diff --git a/docs/directorymanager/11.1/portal/group/querydesigner/general.md b/docs/directorymanager/11.1/portal/group/querydesigner/general.md deleted file mode 100644 index 851e0d2ffd..0000000000 --- a/docs/directorymanager/11.1/portal/group/querydesigner/general.md +++ /dev/null @@ -1,37 +0,0 @@ -# Query Designer - General tab - -Use this tab to specify the type of objects to include in your search. Options vary according to the -object type selected in the **Find** list. - -Select the sub-types of the selected object type to include in your search. - -The following table lists the options available on the **General** tab for each object type in the -**Find** list. - -| Find list option | Objects available for selection | -| --------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Messaging System Recipients | - Users with mailboxes – Includes users with messaging system mailboxes - Users with External Email Address – Includes users with email addresses that are external to your organization - Contacts with External Email Address – Includes contacts with email addresses that are external to your organization - Mail-Enabled Groups – Includes mail-enabled groups - Mail-Enabled Folders – Includes mail-enabled folders | -| Computers | - Workstations and Servers – Includes workstations and servers - Domain Controllers – Includes domain controllers | -| Custom | By default, it includes all object options for Messaging System Recipients, Computers, and Users, Contact, and Groups. For this reason, the General tab does not display any option for this object type. | -| Users, Contacts and Groups | - Users – Includes users - Contacts – Includes contacts - Groups – Includes groups | - -NOTE: The Computer and Contact object types are not supported in a Microsoft Entra ID identity -store. - -Preview - -Enables you to preview the results returned with the criteria specified on all tabs of the Query -Designer dialog box. This is a check to ensure the accuracy of data before changes are committed to -the directory. - -OK - -Saves settings and closes the dialog box. - -Cancel - -Discards settings and closes the dialog box. - -LDAP Query - -View the provider query in the LDAP Query box. diff --git a/docs/directorymanager/11.1/portal/group/querydesigner/overview.md b/docs/directorymanager/11.1/portal/group/querydesigner/overview.md deleted file mode 100644 index bc8006cc20..0000000000 --- a/docs/directorymanager/11.1/portal/group/querydesigner/overview.md +++ /dev/null @@ -1,98 +0,0 @@ -# Query Designer - -The Query Designer enables you to create queries for Smart Groups, Dynasties and directory objects -searches. These queries provide a quick and consistent way to retrieve a common set of directory -objects on which you want to perform specific tasks. For example, you can construct a query to -retrieve all users having mailboxes on a particular Exchange Server or you can build a query to -retrieve all directory objects whose information is present in an external data source, such as -Microsoft SQL Server. - -If the administrator has defined a Query Designer access policy for your role, you can create -queries as per the defined policy. A banner is displayed on the Query Designer dialog box indicating -that the administrator has implemented a policy for your role. See the -[ Query Designer Policy](/docs/directorymanager/11.1/admincenter/securityrole/policy/querydesigner.md) topic. - -The query language depends on the identity store type. - -- An Active Directory based identity store supports an LDAP query. -- A Microsoft Entra ID based identity store supports a device structured query language. - -## Launch the Query Designer - -You can launch the Query Designer dialog box for a Smart Group or a Dynasty or a search query in any -of the following ways: - -- While creating a Smart Group or Dynasty - On the Smart Group/Query Designer page of the New Smart - Group wizard or New Dynasty wizard, click **Query Designer**. -- From group properties - On the Smart Group/Query Designer tab in Smart Group/Dynasty properties, - click **Query Designer**. -- When you upgrade a static group to a Smart Group or Dynasty. -- From the Queries page - On the Advanced Search page, click the **Or use the new query based - search** link. Then click **Query Designer**. - -## The Query Designer Interface - -The Query Designer dialog box provides a visual interface for designing queries, so that you do not -have to write the commands. Its preview feature returns the results for the query before you commit -them to the directory server. - -The Query Designer dialog box groups similar query options by tabs. Settings that are not grouped in -tabs are global; they apply to all tabs. - -### Common Settings and Buttons - -**Find** - -Select an option to specify the type of object to include in the membership of the group. - -- **Messaging System Recipients** - Mail-enabled objects -- **Computers** - Returns computers only -- **Custom** - Returns all objects regardless of objectClass. Be sure to add an objectClass - predicate on the Database tab to avoid unpredictable results. - - Be sure to combine an external data source with the directory to search directory objects on the - Database tab to avoid unpredictable results. - -- **Users, Contacts, and Groups** - Any user, contact, or group, whether mail-enabled or not. - -NOTE: The _Computers_ and _Contact_ object types are not supported in a Microsoft Entra ID identity -store. - -**Start in** - -Click this button to select the containers to search in. The query would search for objects only in -this container and its sub-containers to determine a group’s membership. - -Preview - -Enables you to preview the results returned with the criteria specified on all tabs of the Query -Designer dialog box. This is a check to ensure the accuracy of data before changes are committed to -the directory. - -OK - -Saves settings and closes the dialog box. - -Cancel - -Discards settings and closes the dialog box. - -LDAP Query - -View the provider query in the LDAP Query box. - -### Tabs - -The Query Designer has the following tabs: - -- [Query Designer - General tab](/docs/directorymanager/11.1/portal/group/querydesigner/general.md) -- [Query Designer - Storage tab](/docs/directorymanager/11.1/portal/group/querydesigner/storage.md) -- [Query Designer - Filter Criteria tab](/docs/directorymanager/11.1/portal/group/querydesigner/filtercriteria.md) -- [Query Designer - Include/Exclude tab](/docs/directorymanager/11.1/portal/group/querydesigner/includeexclude.md) -- [Query Designer - Database tab](/docs/directorymanager/11.1/portal/group/querydesigner/database.md) -- [Query Designer - Script tab](/docs/directorymanager/11.1/portal/group/querydesigner/script.md) -- [Query Designer - Password Expiry Options tab](/docs/directorymanager/11.1/portal/group/querydesigner/passwordexpiryoptions.md)[Query Designer - Password Expiry Options tab](/docs/directorymanager/11.1/portal/group/querydesigner/passwordexpiryoptions.md) - (only available for Smart Groups with a password expiry condition) - -NOTE: The **Storage** and **Script** tabs are not available for groups in a Microsoft Entra ID -identity store. diff --git a/docs/directorymanager/11.1/portal/group/recyclebin/general.md b/docs/directorymanager/11.1/portal/group/recyclebin/general.md deleted file mode 100644 index 13bbcbded0..0000000000 --- a/docs/directorymanager/11.1/portal/group/recyclebin/general.md +++ /dev/null @@ -1,17 +0,0 @@ -# General tab - -This tab displays the general attributes of the deleted group, such as the group name, last known -parent, creation date, and deletion date. - -Use this tab to view attributes of the deleted groups. - -This tab displays the following general attributes: - -- Name -- Creation Date -- Common Name -- Object GUID -- Last Known Parent -- Deletion Date -- Distinguished Name -- Group Type diff --git a/docs/directorymanager/11.1/portal/group/recyclebin/overview.md b/docs/directorymanager/11.1/portal/group/recyclebin/overview.md deleted file mode 100644 index 59c0bc1a4a..0000000000 --- a/docs/directorymanager/11.1/portal/group/recyclebin/overview.md +++ /dev/null @@ -1,90 +0,0 @@ -# Deleted Groups - -Directory Manager portal handles group deletion as either physical or logical. - -## Tombstone Groups - -Physically deleted groups have Tombstone as type. Physical group deletion refers to manually -deleting groups using the **Delete** option on the **Actions** menu or shortcut menu. Directory -Manager moves a physically deleted it to the Recycle Bin while stripping it of most of its -properties. You can delete or restore a group from the Recycle Bin. The restoration process not only -restores the group to its original container, but it also reinstates the home container for the -group, if deleted. - -When restored, a physically deleted group is restored with limited attributes; its membership is not -restored. - -A Smart Group and Dynasty is restored as a static group with no members and no query. - -NOTE: Tombstone groups are not available in Microsoft Entra ID. - -## Logical Deletion - -Groups that are deleted by the Group Lifecycle job are considered to be logically deleted. The job -deletes expired groups X number of days after group expiry, as specified in Group Lifecycle policy -settings. - -Upon deletion, logically deleted groups are moved to the Recycle Bin, with all their attributes -intact. As a result, a logically deleted group, when restored, returns to its state it had at the -time of deletion. The restoration process not only restores the group to the container from where it -was deleted but it also reinstates the home container for the group, if deleted. - -You can also manually delete a logically deleted group in the Recycle Bin, making it physically -deleted. Simply select the required group and select Delete on the shortcut menu. - -## Deletion notifications - -When the Group Lifecycle job deletes a group, it notifies the group owners or, if there is no owner, -the default approver specified in the Group Lifecycle policy. - -## Modify Search Directory - -You can modify the search results in **Modify Search Directory**. You can select entire directory or -a domain to search deleted groups from. - -## Filter Deleted Groups - -You can add filters while searching for specific deleted groups from Tombstone or Logically Deleted -Groups. - -1. Click **Add Filter** to specify a criterion for filtering deleted groups. -2. From the **Select a Filter** list, select the attribute to filter deleted groups. -3. Two more boxes get displayed next to **Select a Filter** box upon selecting a filter. - - - **Select an Operator** from the first list. - - Specify a value for the selected operator in the second box. - -4. Click **Apply Filter**. - - Deleted Groups that match the specified criterion are displayed. - -5. You can add additional filters by clicking **Add Filter**. -6. To undo the filters, click **Reset Filter.** It will remove all the criteria set before. - -## Delete a group from Recycle Bin - -Follow the steps to delete a group from Recycle Bin. - -1. In Directory Manager portal, select **Groups > Deleted Groups** from the left pane. -2. From the groups list, select one or more groups. -3. Click **Delete** on the shortcut menu. - -The group / groups will be permanently deleted from the recycle bin. - -## Restore a deleted group - -Follow the steps to restore a deleted group. - -1. In Directory Manager portal, select **Groups > Deleted Groups** from the left pane. -2. From the groups list, select one or more groups. -3. Click **Restore** on the shortcut menu. - -The group / groups will be restored in the directory. - -NOTE: You can only restore a physically deleted group from the Recycle Bin if the service account -for the connected identity store has the ‘Reanimate Tombstone’ permissions. - -NOTE: While all searches in Directory Manager are catered through Elasticsearch, the Recycle Bin is -an exception, as it fetches data from the directory. - -NOTE: The Recycle Bin does not display data for a Microsoft Entra ID based identity store. diff --git a/docs/directorymanager/11.1/portal/group/semiprivategroups.md b/docs/directorymanager/11.1/portal/group/semiprivategroups.md deleted file mode 100644 index 99e25872b8..0000000000 --- a/docs/directorymanager/11.1/portal/group/semiprivategroups.md +++ /dev/null @@ -1,10 +0,0 @@ -# Semi Private Groups - -This view lists only the semi-private groups created using Directory Manager in the connected -identity store. It does not list expired or deleted semi private groups. To view the expired or -deleted groups, select the [Expired Groups](/docs/directorymanager/11.1/portal/group/allexpiredgroups.md) or -[Deleted Groups](/docs/directorymanager/11.1/portal/group/recyclebin/overview.md) respectively. - -You can [Modify Search Directory](allgroups.md#modify-search-directory) to search semi private -groups and add [Filter All Groups](allgroups.md#filter-all-groups) by clicking **Private Group Grid -Filters**. All the semi private groups matching the filters will be displayed. diff --git a/docs/directorymanager/11.1/portal/group/teams/create.md b/docs/directorymanager/11.1/portal/group/teams/create.md deleted file mode 100644 index c1b6277f10..0000000000 --- a/docs/directorymanager/11.1/portal/group/teams/create.md +++ /dev/null @@ -1,31 +0,0 @@ -# Create Teams - -Using Directory Manager portal, you can create Team in the identity store. - -## Create Teams - -Follow the steps to create Teams group. - -Step 1 – In the Directory Manager portal, click the **Create New** button and select **Team**. - -Step 2 – The **Create Group** wizard opens to the **Group Type** page. - -Step 3 – Pages and fields on the Create Group wizard may vary, since the administrator can customize -the wizard by adding or removing pages and fields. - -Step 4 – On the [Group Type page](/docs/directorymanager/11.1/portal/group/create/grouptype.md), select the required group type and click -**Next**. - -Step 5 – On the General page, specify basic information about the group. - -Step 6 – If you select Static Group, specify members for the group on the -[Members page](/docs/directorymanager/11.1/portal/group/create/activedirectory/members.md). - -Step 7 – If you select Smart Group or a Dynasty, review and modify the query for updating group -membership on the [ Smart Group page](/docs/directorymanager/11.1/portal/group/create/activedirectory/smartgroup.md). - -Step 8 – On the [Owners page](/docs/directorymanager/11.1/portal/group/create/activedirectory/owners.md), specify primary and additional -owners for the group. - -Step 9 – On the [Summary Page](/docs/directorymanager/11.1/portal/user/create/activedirectory/summary.md), review the settings -and then click Finish to complete the wizard. diff --git a/docs/directorymanager/11.1/portal/history/overview.md b/docs/directorymanager/11.1/portal/history/overview.md deleted file mode 100644 index 8c0839dad4..0000000000 --- a/docs/directorymanager/11.1/portal/history/overview.md +++ /dev/null @@ -1,51 +0,0 @@ -# History - -The Directory Manager portal maintains a log of actions when objects are created, modified, and -deleted in the portal provided that the Directory Manager administrator has enabled history tracking -for the identity store. Directory Manager portal also tracks all actions that are committed to the -directory using: - -- Directory Manager Management Shell cmdlets -- Directory Manager APIs - -The administrator can configure the following for history tracking: - -- track all or specific events -- retain history data forever or for a specified duration - -Therefore, history data represents only the events that history-tracking is configured to track. -Furthermore, if history-tracking is not enabled or has been recently disabled for the identity -store, the portal does not display history data or it displays data that was logged before -history-tracking was turned off. - -A user can add a note to a history action that he/she performed. Other users can just view that -note. This note may explain the reason for performing that action. See the -[Configure History Tracking](/docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/historytracking.md) -topic. - -## History views in the portal - -The Directory Manager Portal displays history as below: - -- **My Account History** on the portal's dashboard - Displays a list of actions performed by the logged-on user. -- The **History** tab in group / user / mailbox / contact properties. - Displays the actions performed on the object by different users. -- The [My History](/docs/directorymanager/11.1/portal/history/myhistory.md) page. - Displays the actions performed by the logged-on user and any changes made to this user's profile - by another user. -- The [My Direct Reports' History](/docs/directorymanager/11.1/portal/history/mydirectreport.md) page. - Displays the changes made to the logged-on user's direct reports by this user or by any other - user. -- The [My Groups' History](/docs/directorymanager/11.1/portal/history/mydirectorygroup.md) page. - Displays the changes made by the logged-on user to a group that they own. - -Use the **History items to display on home page** setting on the User Settings panel to specify the -number of history items to display on Dashboard. - -Use the **History items to display** setting on the User Settings panel to specify the number of -history items to display on the History tab, My History page, My Direct Reports History page, and My -Groups History page. - -Use the **Most recent objects** setting on the User Settings panel to specify the number of recent -objects to show on the **My Account History** card on Dashboard. diff --git a/docs/directorymanager/11.1/portal/login.md b/docs/directorymanager/11.1/portal/login.md deleted file mode 100644 index 490817a74a..0000000000 --- a/docs/directorymanager/11.1/portal/login.md +++ /dev/null @@ -1,90 +0,0 @@ -# Access the Portal - -Use the Directory Manager portal URL the administrator has provided you to launch the portal. The -Welcome to Directory Manager page is displayed, where you can: - -- Log in -- Reset forgotten or lost passwords - See the [Reset Passwords](/docs/directorymanager/11.1/portal/user/authentication/passwordreset.md) topic for additional information - on how to reset password. -- Unlock your identity store account - See the [Unlock your accounts](/docs/directorymanager/11.1/portal/user/manage/unlockaccount.md) topic for additional information on - how to unlock account. - -To manage access in Directory Manager, security roles are defined for an identity store. Each role -is granted a set of permissions that enable role members to access specific functions. - -## Log in - -You must connect the portal to an identity store while signing in. - -Use any of the following methods to connect and sign in: - -- Select an identity store and enter the username and password of your identity store account. -- Select an identity store and sign in using a SAML provider. - This option is available if a SAML provider is configured with the selected identity store. - -Next, you may have to pass second factor authentication, depending on whether it is enabled for your -role in the identity store. You can perform tasks in Directory Manager portal in keeping with your -role and permissions in the identity store. - -Follow the steps to log in. - -Step 1 – Enter the portal URL in the address bar of a web browser and press Enter. For example: - -`https://[machine name]:4443/[portal name]` - -Step 2 – You can sign in using any of the following methods: - -- With your Identity Store Account -- With a SAML Provider - -With your Identity Store Account - -Step 1 – Click **Log in to continue** on the Welcome to Directory Manager page. - -Step 2 – On the Directory ManagerAuthenticate page, click an identity store to connect to. If only -one identity store is associated with the portal, it is selected by default. - -Step 3 – In the Username and Password boxes, enter the username and password of your identity store -account, or click **Edit** next to the identity store name to connect to a different identity store. - -Step 4 – After providing your credentials, click **Sign In**. - -NOTE: Microsoft Entra ID MFA enabled users cannot log into Directory Manager using their username -and password. They will be authenticated through the SAML provider configured in Directory Manager. - -With a SAML Provider - -You can opt for single sign-on across all Directory Manager clients by configuring a SAML provider -but for an Microsoft Entra ID identity store you must configure a SAML provider. See the following -topics for additional information on configuring a SAML provider: - -- [Configure Directory Manager in Microsoft Entra ID for SSO](/docs/directorymanager/11.1/authenticate/asserviceprovider/entrasso/configureinentra.md) -- [Configure the Microsoft Entra SSO Application in Directory Manager](/docs/directorymanager/11.1/authenticate/asserviceprovider/entrasso/configureproviderindirectorymanager.md) - -Follow the steps to log in with a SAML provider - -Step 1 – Click **Log in to continue** on the Welcome to Directory Managerpage. - -Step 2 – On the Directory Manager Authenticate page, click the button or image for the provider and -proceed to sign in. - -### Second Factor Authentication - -When [Second Factor Authentication](/docs/directorymanager/11.1/portal/user/authentication/secondfactorauthentication.md) is enabled -for your role in the selected identity store, one of the following applies: - -- If you have not enrolled your identity store account in Directory Manager, the Enroll Account - window is displayed, where you must enroll your identity store account using at least one - authentication type. See the [Enroll your Identity Store Account](/docs/directorymanager/11.1/admincenter/enroll.md) topic - for additional information. -- If you have already enrolled your identity store account in Directory Manager, the Authenticate - window is displayed. It lists the authentication types that you enrolled your account with. You - must authenticate your identity store account with one authentication type. See the - [Authenticate your Identity Store Account](/docs/directorymanager/11.1/admincenter/authenticate.md) topic for additional - information. - -## Sign Out - -In the portal, click your profile info in the top right corner and click **Sign Out**. diff --git a/docs/directorymanager/11.1/portal/report/contact.md b/docs/directorymanager/11.1/portal/report/contact.md deleted file mode 100644 index dd4a96b4f2..0000000000 --- a/docs/directorymanager/11.1/portal/report/contact.md +++ /dev/null @@ -1,13 +0,0 @@ -# Contact Reports - -Contact Reports contains reports for the Contact objects in the directory. Search a specific report -by typing its name in the **Search Reports** box. - -Click any of the report template from the list to [Generate Reports](/docs/directorymanager/11.1/portal/report/generate.md). - -Following is the list of reports for this category: - -| Report | Description | -| --------------------------------------------------------------- | ----------------------------------------------- | -| Mail-enabled users and contacts with a phone number (Exchange). | Returns all recipients who have a phone number. | -| User and contacts with a phone number. | Returns all recipients who have a phone number. | diff --git a/docs/directorymanager/11.1/portal/report/dashboard.md b/docs/directorymanager/11.1/portal/report/dashboard.md deleted file mode 100644 index 778782ccf0..0000000000 --- a/docs/directorymanager/11.1/portal/report/dashboard.md +++ /dev/null @@ -1,67 +0,0 @@ -# Reports - -The Directory Manager Reports enables you to generate web-based reports for an identity store. It -offers a wizard guided report generation process that accounts for quick and easy reporting. - -Directory Manager reports are organized into four categories: - -- [User Reports](/docs/directorymanager/11.1/portal/report/user.md) -- [Group Reports](/docs/directorymanager/11.1/portal/report/group.md) -- [Computer Reports](/docs/directorymanager/11.1/portal/report/computer.md) -- [Contact Reports](/docs/directorymanager/11.1/portal/report/contact.md) - -NOTE: A Microsoft Entra ID based identity store does not support the computer and contact object -types. - -You can view, edit, and delete the created reports. You can also download them in Excel and PDF -formats. - -The user interface of Reports Dashboard is as follows: - -![reportsdashboard](/img/product_docs/directorymanager/11.1/portal/report/reportsdashboard.webp) - -Different elements of the Dashboard are described below: - -- Look on the top of the page for Reports Search. Use it to locate and display information for - reports. -- In the top right corner, you will find the following icons: - - - Click the **Help** icon to launch the portal help. - - Your name also appears as an icon. On clicking it, you are presented with the following - options: - - - Connected identity store. - - Directory Manager version - - See full profile. - - My Applications - - Displays Directory Manager and third party applications that the user is connected to. - Click **Add Apps** to add new applications. - - - Enroll your account. - - Change Password. - - Switch account - - Sign Out of the portal. - -- The **Dashboard** displays general information about the Reports portal such as: - - - Name of the identity store the Reports portal is connected to. - - Name of the domain. - - Number of each type directory objects in the directory. - -- In the **Pinned Reports** section, you can pin the reports you most frequently will use. - - You can unpin the pinned reports from the dashboard by clicking the unpin icon on the top right - corner of the card. - -- In the **Recent Reports** section, you can view the most recent reports you have created or used. - - You can pin the recent reports by clicking pin icon on the top right corner of the card. - -- Look on the left side of the page for the navigation pane, which lists links to the following: - - - Dashboard - - [User Reports](/docs/directorymanager/11.1/portal/report/user.md) - - [Group Reports](/docs/directorymanager/11.1/portal/report/group.md) - - [Computer Reports](/docs/directorymanager/11.1/portal/report/computer.md) - - [Contact Reports](/docs/directorymanager/11.1/portal/report/contact.md) diff --git a/docs/directorymanager/11.1/portal/report/group.md b/docs/directorymanager/11.1/portal/report/group.md deleted file mode 100644 index bf2891be89..0000000000 --- a/docs/directorymanager/11.1/portal/report/group.md +++ /dev/null @@ -1,82 +0,0 @@ -# Group Reports - -Directory Manager Reports contains reports for the Group objects in the directory. Search a specific -report by typing its name in the **Search Reports** box. - -Click any of the report template from the list to [Generate Reports](/docs/directorymanager/11.1/portal/report/generate.md). - -Following is the list of reports for this category: - -| Reports | Description | -| ------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| All distribution groups in domain | Provides a list of distribution groups in the domain. | -| All domain local distribution groups in domain | Provides a list of distribution groups with Domain Local scope in the domain. | -| All domain local groups in domain | Provides a list of groups with Domain Local scope in the domain. | -| All domain local security groups in domain | Provides a list of security groups with Domain Local scope in the domain. | -| All global distribution groups in domain | Provides a list of distribution groups with Global scope in the domain. | -| All global groups in domain | Provides a list of groups with Global scope in the domain. | -| All global security groups in domain | Provides a list of security groups with Global scope in the domain. | -| All groups in domain | Provides a list of groups in the domain. | -| All groups with report to originator set to False | Provides a list of groups with the ‘Send delivery reports to message originator’ option not selected. The message sender does not receive a delivery report on sending a message/email. | -| All groups with report to originator set to True | Provides a list of groups with the ‘Send delivery reports to message originator’ option selected. The message sender receives a delivery report on sending a message/email. | -| All groups with report to owner set to False | Provides a list of groups with the ‘Send delivery reports to group manager’ option not selected. The manager does not receive delivery reports for the group. | -| All groups with report to owner set to True | Provides a list of groups with the ‘Send delivery reports to group manager’ option selected. The manager receives delivery reports for the group. | -| All security groups in domain | Provides a list of security groups in the domain. | -| All universal distribution groups in domain | Provides a list of distribution groups with Universal scope in the domain. | -| All universal groups in domain | Provides a list of groups with Universal scope in the domain. | -| All universal security groups in domain | Provides a list of security groups with Universal scope in the domain. | -| All unmanaged groups in domain | Provides a list of unmanaged (static) groups in the domain. Any change in the membership of an unmanaged group is made manually. | -| Deleted groups | Provides a list of logically deleted groups. Logically deleted groups are those expired groups that are not renewed within the time interval set in the identity store configurations. | -| Distribution Lists managed by GroupID | Provides a list of the distribution lists that are managed by Directory Manager. | -| Distribution lists with no delivery restrictions (Exchange) | Provides a list of groups that can receive email from everyone. | -| Dynasty with Script | Provides a list of Dynasties that have a script provided on the Smart Script tab of the Query Designer window. | -| Expired groups | Provides a list of groups that are either expired by the Group Life Cycle job according to their associated expiry policy or are manually expired by users. | -| Expiring groups | Provides a list of groups that are approaching their expiry date. | -| Groups and members | Provides a list of members for each group in the domain. | -| Groups and Members with Membership Type | Provides a list of groups with members along with their membership type. | -| Groups and number of members | Provides a count of total members per group. | -| Groups and number of members with nesting | Provides the grand total number of members of all groups in the selected container of the domain. | -| Groups and owners | Provides a list of owners and the groups they own. | -| Groups and their last modified time | Provides the date and time of the last change made to a group, such as change in membership. | -| Groups changed in X days | Provides a list of groups that are changed in one day, seven days or one month. | -| Groups created in X days | Provides a list of groups created in the last one day, seven days or one month. | -| Groups hidden from address list | Provides a list of groups that do not appear in global address list (GAL) and other address lists that are defined in the Exchange organization. | -| Groups that have no members | Provides a list of groups without members. | -| Groups which do not require authentication to send to (Exchange) | Provides a list of groups that can receive messages from anonymous users. This allows external senders to send messages to distribution groups. | -| Groups which require authentication to send to (Exchange) | Provides a list of groups that cannot receive messages from anonymous users. This prevents external senders from sending messages to distribution groups. | -| Groups with expiration policy defined | Provides a list of groups with an expiration policy defined. | -| Groups with membership hidden | Sometimes, to protect the privacy of the recipients, it is necessary to hide the members of a mail-enabled group. This report provides a list of such mail-enabled groups. | -| Groups with membership not hidden | Provides a list of mail-enabled groups with membership not hidden. | -| Groups with message delivery restrictions | Provides a list of groups with message delivery restrictions options specified. | -| Groups with message size restrictions | Provides a list of groups with restriction on the maximum message size. | -| Groups with no owner | Provides a list of groups that do not have an owner. | -| Groups with security types | Provides a list of the groups with security types. Directory Manager supports three security types: Public, Private, and Semi-Private. | -| Groups without additional owners | Provides a list of groups that do not have any Directory Manager or Microsoft Exchange additional owner. | -| Groups without expiration policy defined | Provides a list of groups without an expiration policy defined. | -| Groups without message delivery restriction | Provides a list of groups with no message delivery restrictions. Members of such groups can send messages to users in your Exchange organization and can accept or reject messages sent by any user. | -| Groups without message size restrictions | Provides a list of groups that have no message size restriction on an entire message as a whole, or the size of individual parts of a message, or both. | -| Mail-enabled groups and members (Exchange) | Provides a list of mail-enabled groups and members. | -| Mail-enabled groups and number of members (Exchange) | Provides a list of mail-enabled groups and the count of members they have. | -| Mail-enabled groups and number of members with nesting (Exchange) | Provides the grand total number of members of all mail-enabled groups in the selected container of the domain. | -| Mail-enabled groups and owners (Exchange) | Provides a list of all mail-enabled groups and their owners. | -| Mail-enabled groups and the time they were last used (Exchange) | Provides a list of groups with a time stamp of the last time mail was sent to the group. The Group Usage Service job is required for this report. | -| Mail-enabled groups and their last modified time (Exchange) | Provides a list of all mail-enabled groups and the date and time when they were last modified. | -| Mail-enabled groups with no members (Exchange) | Provides a list of all mail-enabled groups having no members. | -| Mail-enabled groups with no owner (Exchange) | Provides a list of mail-enabled groups having no owner. | -| Mail enabled Security Groups (Exchange) | Provides a list of mail-enabled groups in the domain. | -| Owners and objects they own Listed in [User Reports](/docs/directorymanager/11.1/portal/report/user.md) category as well. | Provides a list of managers and their direct reports. | -| Security Groups managed by GroupID | Provides a list of the security groups that are managed by Directory Manager. | -| Smart Groups/Dynasties with their update status | Provides a list of Smart Groups and Dynasties with their update status information. | -| Smart Groups and Included members | Provides a list of Smart Group members that are mentioned in the Include list on the Include/Exclude tab of the Query Designer window. | -| Smart Groups and number of expected members | Provides a count of the expected members for the Smart Groups in the selected container or domain. | -| Smart Groups and their expected membership | Provides information of expected members for the Smart Groups in the selected container or domain. | -| Smart Groups in current domain | Provides a list of Smart Groups in the domain. | -| Smart Groups with Exclude members | Provides a list of Smart Group members that are mentioned in the Exclude list on the Include/Exclude tab of the Query Designer window. | - -**See Also:** - -- [Generate Reports](/docs/directorymanager/11.1/portal/report/generate.md) -- [Manage Reports](/docs/directorymanager/11.1/portal/report/manage.md) -- [User Reports](/docs/directorymanager/11.1/portal/report/user.md) -- [Computer Reports](/docs/directorymanager/11.1/portal/report/computer.md) -- [Contact Reports](/docs/directorymanager/11.1/portal/report/contact.md) diff --git a/docs/directorymanager/11.1/portal/report/manage.md b/docs/directorymanager/11.1/portal/report/manage.md deleted file mode 100644 index 9e2546ee81..0000000000 --- a/docs/directorymanager/11.1/portal/report/manage.md +++ /dev/null @@ -1,73 +0,0 @@ -# Manage Reports - -Once you generate a report, the report is listed under the template you used to create it. The -Reports listings displays the following for each report: - -- Report name -- Category -- Created On -- Modified On -- Actions - -You can run, edit, download, and delete the job from the Reports listing. - -## Run a Report - -You can run a previously generated report to view the latest data for it. - -Step 1 – In Directory Manager portal, select Reports from the left pane. - -Step 2 – On Reports Portal, select the type of object (User, Group, Computer, or Contact) whose -report you generated and click on the template that you used. - -The template page will list the generated report. - -Step 3 – Click the **Run arrow** icon next to the report. It will run the report and display it on -the page. - -## Edit a Report - -When you generate a report, Directory Manager portal saves the settings provided in the respective -report. You can launch this wizard again for a report and edit the settings. - -Step 1 – In Directory Manager portal, select **Reports** from the left pane. - -Step 2 – On Reports Portal, select the type of object (User, Group, Computer, or Contact) whose -report you generated and click on the template that you used. - -The template page will list the generated report. - -Step 3 – Click the **Edit** icon next to the report and follow -[In Step 1 of generating a report:](/docs/directorymanager/11.1/portal/report/generate.md). Make the relevant changes and click Finish to -generate the report. - -## Download a Report - -You can also download a report directly from the Report listing page. - -Step 1 – In Directory Manager portal, select **Reports** from the left pane. - -Step 2 – On Reports Portal, select the type of object (User, Group, Computer, or Contact) whose -report you generated and click on the template that you used. - -The template page will list generated report. - -Step 3 – Click the **Download** icon next to the report and select one of the following format to -download the report: - -1. Excel -2. PDF -3. HTML - -## Delete a Report - -When you delete a report, all its settings are removed. - -Step 1 – In Directory Manager portal, select **Reports** from the left pane. - -Step 2 – On Reports Portal, select the type of object (User, Group, Computer, or Contact) whose -report you generated and click on the template that you used. - -The template page will list the generated report. - -Step 3 – Click the **Delete** button next to the report. It will permanently delete the report. diff --git a/docs/directorymanager/11.1/portal/report/user.md b/docs/directorymanager/11.1/portal/report/user.md deleted file mode 100644 index eac485b92f..0000000000 --- a/docs/directorymanager/11.1/portal/report/user.md +++ /dev/null @@ -1,68 +0,0 @@ -# User Reports - -User Reports contains reports for the User objects in the directory. Search a specific report by -typing its name in the **Search Reports** box. - -Click any of the report template from the list to [Generate Reports](/docs/directorymanager/11.1/portal/report/generate.md). - -Following is the list of reports for this category: - -| Report | Description | -| ------------------------------------------------------------------------------------------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Direct Reports of X Manager | Provides a list of the direct reports of the specific manager. | -| Disabled Users | Provides a list of accounts with no authentication access to mail or computers in an organization. | -| Enabled Users | Provides a list of enabled users in the selected container. | -| Inactive Users | Provides a list of inactive users in the selected container. | -| Mailbox users hidden from exchange address lists (Exchange) | Provides a list of all the mailboxes that are currently hidden from the Exchange global address list (GAL) or other address lists. | -| Mailbox users with default message receiving size restriction (Exchange) | Provides a list of mailbox users with default message size for receiving messages. | -| Mailbox users with default message sending size restriction (Exchange) | Provides a list of mailbox users with default message size for sending messages. | -| Mailbox users with Default recipient limit (Exchange) | Provides a list of mailbox users with default recipients limits. | -| Mailbox users with default storage limit (Exchange) | Provides a list of mailbox users with default mailbox size for Microsoft Exchange. | -| Mailbox users with IMAP disabled (Exchange) | Provides a list of mailbox users that have IMAP mailbox protocol disabled for Microsoft Exchange Server. | -| Mailbox users with IMAP4 enabled (Exchange) | Provides a list of mailbox users that have IMAP mailbox protocol enabled for Microsoft Exchange Server. | -| Mailbox users with message receiving size restriction (Exchange) | Provides a list of mailbox users with message receiving size restriction. | -| Mailbox users with message sending size restriction (Exchange) | Provides a list of mailbox users with message sending size restriction. | -| Mailbox users with OWA disabled (Exchange) | Provides a list of mailbox users that have Outlook Web App disabled for them. | -| Mailbox users with OWA enabled (Exchange) | Provides a list of mailbox users that have Outlook Web App enabled for them. | -| Mailbox users with POP3 disabled (Exchange) | Provides a list of mailbox users that have POP3 mailbox protocol disabled for Microsoft Exchange Server. | -| Mailbox users with POP3 enabled (Exchange) | Provides a list of mailbox users that have POP3 mailbox protocol enabled for Microsoft Exchange Server. | -| Mailbox users with storage limit (Exchange) | Provides a list of mailbox users with default mailbox size for Microsoft Exchange. | -| Mail-enabled Recipients and the groups they are a member of (Exchange) | Provides a list of all mail-enabled recipients and the groups that they hold membership of. | -| Mail-enabled users and contacts with a phone number (Exchange) | Provides a phone list of accounts within an organization for only mail-enabled users and contacts. | -| Mail-enabled users hosted on Exchange server X (Exchange) | Provides a list of mail enabled users that are hosted on a specific exchange sever. | -| Mail-enabled users who can receive messages from all users (Exchange) | Provide a list of mail enabled users that can receive messages from all users. | -| Mail-enabled users who can send Email to maximum X recipients (Exchange) | Provides a list of mail-enabled users who can send email to specified number of recipients per message. | -| Managers and their Direct Reports | Provides a list of managers and their direct reports. | -| Non expiring user accounts | Provides a list of users account that will never expire. | -| OUs created in X days | Provides a list of organization units (OUs) that are created in specified number of days. | -| OUs modified in X days | Provides a list of organization units (OUs) modified in specified number of days. | -| Owners and objects they own Listed in [Group Reports](/docs/directorymanager/11.1/portal/report/group.md) category as well. | Provides a list of owners and their direct reports. | -| Pending Terminate Users | Provides a list of users that have been terminated by their managers, but their termination request is pending for approval/rejection by an approver. | -| Recently expired users | Provides a list of users expired in one day, seven days or one month. | -| Recipients and the groups they are a member of | Provides a list of users and each group that they are a member of. | -| Tombstone Users | Provides a list of deleted users in the selected container. The deleted user remains in the directory for a period defined for tombstone lifetime. | -| User Life Cycle – Expired Users | Provides a list of expired users in a container. | -| User Life Cycle – Expiring Users | Provides a list of expiring users for a specific period. Expiring users are those who have been sent the final reminder because they have not validated their profiles within the profile validation life cycle period. | -| User Life Cycle – Extended Users | Provides a list of users for whom the profile validation period has been extended. | -| User Life Cycle – Terminated Users | Provides a list of terminated users in the selected container. | -| User Life Cycle – Transfer Pending Users | Provides a list of direct reports that have been transferred but the transfer has to be accepted or rejected yet. | -| User Life Cycle – Transferred Users | Provides a list of transferred users in the selected container. | -| User Life Cycle – Verified Users | Provides a list of users who have validated their directory profiles. | -| Users and contacts with a phone number Listed in [Contact Reports](/docs/directorymanager/11.1/portal/report/contact.md) category as well. | Provides a phone list of accounts within an organization. | -| Users changed in X days | Provides a list of users modified in one day, seven days or one month. | -| Users created in X days | Provides a list of users created in one day, seven days or one month. | -| Users member of Built in Security Groups | Provides a list of users that are member of default security groups, such as the Domain Admins group. | -| Users with multiple DL membership | Provides a list of users that are members of multiple distribution lists. | -| Users who are locked out | Provides a list of accounts that have been denied access to their computer. | -| Users who never logged on | Provides a list of users that have never logged on to the network. | -| Users with bad logon attempts in X days | Provides a list of users with bad logon attempts in specified time period. | -| Users with changed password | Provides a list all users accounts who changed their passwords. | -| Users with expiration set | Provides a list of user accounts set to expire after a certain number of days. | -| Users with expired password | Provides a list of user accounts with expired passwords. | -| Users with manager | Provides a list of users with a manager. | -| Users with missing contact numbers | Provides a list of users with missing contact numbers. | -| Users with password never expire | Provides a list of users whose passwords never expire. | -| Users with profile photo | Provides a list of users with profile photo. | -| Users with unchanged passwords | Provides a list all users accounts with unchanged passwords. | -| Users without manager | Provides a list of users without a manager. | -| Users without profile photo | Provides a list of users who do not have profile photo. | diff --git a/docs/directorymanager/11.1/portal/request/overview.md b/docs/directorymanager/11.1/portal/request/overview.md deleted file mode 100644 index 59aa24ca55..0000000000 --- a/docs/directorymanager/11.1/portal/request/overview.md +++ /dev/null @@ -1,97 +0,0 @@ -# Requests - -A workflow request is a set of rules that Directory Manager uses as a built-in auditing system to -ensure that users enter correct data before committing changes to a directory. A workflow triggers -when some Directory Manager operation, performed by a user, meets the criteria defined in the -workflow route. - -Workflow requests are defined for an identity store and applied to the different operations -performed using Directory Manager. - -Directory Manager provides the following predefined workflows (also called system workflows) that -trigger when their associated events occur: - -| | Workflow Name | Description | Default Approver | -| --- | ------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ---------------------------------------------------- | -| 1. | Workflow to Reset Password | When a user resets his or her password. It does not apply when helpdesk users reset the passwords of other users. | Primary and additional managers of the user | -| 2. | Workflow to Change Group Expiration Policy | When a user changes the expiry policy of a group. By default, this workflow is disabled and no approver is specified. You can edit the workflow to add an approver. | None | -| 3. | Workflow to Nest a Group | When a user adds a group (Group A) to the membership of another group (Group B). | Primary and additional owners of Group A | -| 4. | Workflow to Join a Group | When a user joins a semi-private group. | Primary and additional owners of the group | -| 5. | Workflow to Leave a Group | When a user leaves a semi-private group. | Primary and additional owners of the group | -| 6. | Workflow to Transfer a User | When a user transfers his or her direct report. | The new manager | -| 7. | Workflow to Terminate a User | When a manager terminates a direct report. By default, this workflow is disabled and no approver is specified. You can edit the workflow to add an approver. | None | -| 8. | Workflow to Change Manager | When a user changes his or her primary or additional manager. If the user does not have a primary manager, and no default approver is set, the request is auto approved. | Existing primary and additional managers of the user | - -The administrator can also define more workflows for the identity store. - -In case of a Synchronize job, Directory Manager evaluates whether the task it will perform falls -under the scope of a workflow. If yes, then a workflow request is triggered the first time the job -is executed. The job will run when the request is approved. - -On Directory Manager portal, use the **Requests** node to view and manage workflow requests for the -connected identity store. Expanding this node displays the following tabs: - -- [My Requests](/docs/directorymanager/11.1/portal/request/myrequest.md) lists workflow requests that you have generated. It displays both - pending and processed requests. -- [Request Inbox](/docs/directorymanager/11.1/portal/request/pending.md) lists the workflow requests for which you are the approver. You can - view, approve, deny, or reroute these requests. -- [All Requests](/docs/directorymanager/11.1/portal/request/allrequest.md) lists all pending workflow requests generated by enterprise users. - -NOTE: If the user is high priority such as _Administrator_, only then they will see the _All -Requests_ tab. - -## Workflow Implementation - -Directory Manager workflows are carried out in a standard action sequence: - -- When a user performs an action in Directory Manager, it is evaluated according to the workflow - settings. -- If no approval is required, the change takes place in the directory and change notifications are - sent. -- If a workflow applies, Directory Manager routes an approval request to the approving authorities - and a 'request sent' notification is send to the requester. When the request is approved, the - requested changes are made in the directory and change notifications go to the requester and - approvers (except the one who has approved the request) by email. -- If the request is denied, information is not updated in the directory and an email notification is - sent to the requester and th pe approvers (except the one who has approved the request) with an - explanation of why it was denied. - -The administrator may enable the email approval option for a workflow route. Email notifications -generated for such workflow requests contain the **Accept** and **Deny** buttons. On clicking any of -these, the approver is redirected to the Directory Manager portal, where he or she can approve or -deny the request. Navigation within the portal will require authentication. - -NOTE: Email notifications are sent when an SMTP server has been configured for the identity store. - -## Approving authority for a Workflow Request (without Workflow Acceleration) - -For each workflow, an approving authority is also specified. The following scenarios are valid when -workflow approver acceleration settings are not applied: - -- If the object specified as an approver in a workflow route is not available (such as if it is - disabled or not specified), the workflow request would be routed to the default approver. If the - default approver is not specified or disabled, the request is auto approved. - - See the - [Specify a Default Approver](/docs/directorymanager/11.1/admincenter/workflow/advancedsettings.md#specify-a-default-approver) - topic. - -- If the requester is also the approver for that workflow, the request is auto-approved. -- When a Synchronize job runs to set the manager for a user who does not already have a manager, the - following happens: - - - The _Workflow to Change Manager_ will trigger if a default approver is set in advanced - workflow settings. - - If the default approver is not set, the workflow will not trigger and the user's manager will - be set without requiring any approval. - -## Workflow Acceleration - -The workflow approver acceleration feature in Directory Manager ensures that no workflow request -remains unnoticed and undecided. Based on certain rules, it automatically accelerates a request to -another approver if the current approver does not act on it for a certain number of days. - -The administrator can enable and configure workflow approver acceleration for an identity store in -Directory Manager Admin Center. - -See [Workflow Approver Acceleration](/docs/directorymanager/11.1/admincenter/workflow/approveracceleration.md) diff --git a/docs/directorymanager/11.1/portal/search/search.md b/docs/directorymanager/11.1/portal/search/search.md deleted file mode 100644 index ffa9c3bcbe..0000000000 --- a/docs/directorymanager/11.1/portal/search/search.md +++ /dev/null @@ -1,119 +0,0 @@ -# Directory Search - -Using the Directory Manager portal, you can search and manage different directory objects (users, -groups, contacts and mailboxes). - -NOTE: The contact object type is not supported in a Microsoft Entra ID based identity store. - -## Search directory objects (Quick Search) - -Use Quick Search to quickly locate objects in the identity store. You can search the entire -directory or specific OU(s) within the directory, depending on search permissions granted to your -role in the identity store. - -Step 1 – In the Quick Search box in the top-of the page, enter the display name, first name, or -email address of an object to search for it. - -A list of matched objects is displayed as you type the search string. - -Step 2 – Select your required object or click magnifying glass icon. - -Matches are displayed on the **Search Results** page. - -NOTE: Display name, first name and email address are the default schema attributes for Quick Search. -If the Directory Manager administrator specifies different attributes, you will not get the desired -results when you perform a search with the display name, first name or email address. - -## Search directory objects (Advanced Search) - -Use the portal's Advanced Search to search for directory objects (users, mailboxes, contacts, -groups) in the identity store. You can search the entire directory or specific OU(s) within the -directory, depending on search permissions granted to your role in the identity store. - -Multiple filters are available to search for objects. You can use them individually or in -combination to get the most appropriate search results. - -NOTE: In portal's linked mode, you cannot search contacts in linked Azure / Google Workspace / -Generic LDAP store as contact object is not available in these providers. - -Step 1 – Click **Advanced Search** at the top. The **Advanced Search** page is displayed. - -Step 2 – In the **Search** box: - -In **Stand-alone** mode: select the check boxes for the entire directory or the OUs that you want to -search in. You can also specify the default search OUs using the **Domains to Search** setting on -the User Settings panel. - -NOTE: In **Linked** mode: the **Search** and the **Domains to Search** boxes will list all the -domains of the linked identity stores. You can select domain(s) or OUs you want to search in. - -Step 3 – In the **Objects** box, select the objects (User, mailboxes, contact, group) you want to -search for. - -In **Linked** mode: If you log into the portal with an AD primary store, you can search a contact -object and if you log in with any of the other providers i.e., Microsoft Entra ID, Google Workspace -or Generic LDAP, you cannot search as they do not support the contact object type. - -Step 4 – Enter search criteria as needed: - -- Type the display name, first name, last name, title, alias, company, department, office, and/or - city of an object to search for it. -- You can select a custom attribute from the **Select a field** list and type a search string in the - box next to the list. - -Step 5 – Click **Search**. - -Objects matching the search criteria are displayed on the **Search Results** page. - -## Search directory objects (Query Based Advanced Search) - -Directory Manager portal enables you to search directory objects (users, mailboxes, contacts, -groups) in the identity store based on a query. See the -[Query Based Advanced Search](/docs/directorymanager/11.1/portal/search/querysearch.md) topic. - -NOTE: In portal's linked mode, you cannot search contacts in linked Azure / Google Workspace / -Generic LDAP store as contact object is not available in these providers. - -## View Search Results - -On performing a search, all objects matching your filter criteria are displayed on the **Search -Results** page. - -The **Modify Search Directory** box in: - -- **Stand-alone** mode: displays Entire Directory option. You can select a specific child domain or - particular OUs to view search results from. - -- **linked** mode: lists all domains of the linked identity stores. You can select domain(s) or OUs - to view the search result from. - -The page has multiple tabs, namely: - -- **All**: displays all objects that match the search criterion. -- **Groups**: displays groups that match the search criterion. -- **Users**: displays users and mailboxes that match the search criterion. -- **Contacts**: displays contacts that match the search criterion. - -The Search **Results** page displays results against the following columns: - -- Type -- Display name -- Department -- Office -- Business -- Email - -If portal is running in the Linked mode, the **Identity Store** column is displayed. It displays the -name of the identity store in which the object resides. - -**Important**: For performing searches in customized portal using the Linked mode, it is important -that customized portal fields, which are used while creating filter expressions for use and group -objects, are bind with similar attributes of stores. Otherwise, Directory Manager will not be able -to linked identities. - -You can perform multiple actions on objects. See the [Toolbar](/docs/directorymanager/11.1/portal/toolbar.md) topic for additional -information. - -To move through search results, use the page numbers given at the bottom of the listing. You can -also control the number of results per page by modifying the **Search results per page** setting on -the User Settings panel. diff --git a/docs/directorymanager/11.1/portal/setting/portal.md b/docs/directorymanager/11.1/portal/setting/portal.md deleted file mode 100644 index 18371d7656..0000000000 --- a/docs/directorymanager/11.1/portal/setting/portal.md +++ /dev/null @@ -1,240 +0,0 @@ -# Portal Settings - -You can fine-tune your portal pages by customizing display options. This also enables you to -personalize the GroupID portal. - -These settings are saved for a user with respect to the identity store. When this user logs on to -another GroupID portal for the same identity store, the settings apply there too. - -## Set Identity Store mode - -GroupID portal works with a single identity store. However, GroupID also enables administrators to -link different identity stores. If an administrator creates a GroupID Portal and associates it with -the linked identity stores, the portal users can view the data from the linked identity stores at -the same time, rather than having to switch identity stores. - -Via Portal settings, you can choose either of the two modes by following these steps: - -Step 1 – Click the **Settings** icon at the top of the page. - -Step 2 – From the **Identity Store Mode** list, select one of the following mode: - -- Stand-alone mode -- Linked mode - -Step 3 – Click **Save**. - -## Set a language for notifications - -GroupID generates a number of notifications that are, by default, sent to users in the English -language. However, a user can opt to receive notifications in a different language by personalizing -the language settings from the **User Settings** panel in the portal. - -However, there are a few exceptions to it. See the -[Notifications](/docs/directorymanager/11.1/admincenter/notification/overview.md) topic for more information. - -Step 1 – Click the **Settings** icon at the top of the page. - -Step 2 – From the **Notification Language** list, select a language for receiving the notifications. - -Step 3 – Click **Save**. - -## Set the time zone - -You can set the portal's date and time for your time zone. - -Step 1 – Click the **Settings** icon at the top of the page. - -Step 2 – In the **User Time Zone** list, select the time zone for your region. - -Step 3 – Click **Save**. - -## Set a default start page - -You can set the first page you see when you log into the portal. - -1. Click the **Settings** icon at the top of the page. -2. From the **Default startup page** list, select a page to set as your start page. -3. Click **Save**. - -## Set the number of history items to show on the home page - -You can specify the number of history items to display in the History section on the portal's home -page. - -Step 1 – Click the **Settings** icon at the top of the page. - -Step 2 – In the **History items to display on home page** box, set the maximum number of history -items to be displayed on the portal's home page. - -Step 3 – Click **Save**. - -History is displayed if the administrator has enabled history tracking for the identity store. - -## Set the number of history items to show for objects - -Set the number of history items to display on the History tab. This tab is displayed when viewing -the properties for a User, Group, Contact or Mailbox. - -This setting also controls the number of history items displayed on the -[My History](/docs/directorymanager/11.1/portal/history/myhistory.md), [My Direct Reports' History](/docs/directorymanager/11.1/portal/history/mydirectreport.md), -and [My Groups' History](/docs/directorymanager/11.1/portal/history/mydirectorygroup.md) pages. - -Step 1 – Click the **Settings** icon at the top of the page. - -Step 2 – In the **History items to display** box, set the number of history items to display on the -pages that display history data. - -Step 3 – Click **Save**. - -History is displayed if the administrator has enabled history tracking for the identity store. - -## Set the number of recent objects to show - -The GroupID portal keeps a list of recently viewed objects on the left navigation bar. This provides -a convenient way to navigate back to objects later. You can specify the number of recent objects to -be shown on the navigation bar. - -Step 1 – Click the **Settings** icon at the top of the page. - -Step 2 – In the **Most recent objects** box, type the number of recent objects to display on the -navigation bar. - -Step 3 – Click **Save**. - -## Set the default domains for search lists - -You can specify the default domains to be searched when you perform a search using the portal. If -portal is running in: - -- **Stand-alone mode**: domain of the associated identity store is listed. - -- **Linked mode**: domains of all the linked identity stores are listed. - -To select domain(s) for searches: - -Step 1 – Click the **Settings** icon at the top of the page. - -Step 2 – In the **Domains to search** list, select the domains that you use frequently in your -searches. - -Step 3 – Click **Save**. - -## Set the number of results to show on a page - -You can specify the number of search results to be displayed on a portal page. - -Step 1 – Click the **Settings** icon at the top of the page. - -Step 2 – In the **Search results per page** box, type or select the number of search results to -display on a page. - -Step 3 – Click **Save**. - -## Show additional group ownership in My Groups - -By default, the **My Groups** page displays the groups that you are a primary owner for. You can, -however, set this page to display those groups too for which you are an additional owner. - -Step 1 – Click the **Settings** icon at the top of the page. - -Step 2 – Select the **Display additional group ownership in My Groups** check box. - -Step 3 – Selecting this option also displays the history of these groups in the **My Groups -History** view. - -Step 4 – Click **Save**. - -## Show additional group ownership in My Expiring Groups - -By default, the **My Expiring Groups** page displays the soon-to-expire groups that you are the -primary owner of. You can, however, set this page to display those expiring groups too for which you -are an additional owner. - -Step 1 – Click the **Settings** icon at the top of the page. - -Step 2 – Select the **Display additional group ownership in My Expiring Groups** check box. - -Step 3 – Click **Save**. - -## Show additional group ownership in My Expired Groups - -By default, the **My Expired Groups** page displays the expired groups that you are the primary -owner for. You can, however, set this page to display those expired groups too for which you are an -additional owner. - -Step 1 – Click the **Settings** icon at the top of the page. - -Step 2 – Select the **Display additional group ownership in My Expired Groups** check box. - -Step 3 – Click **Save**. - -## Show additional group ownership in My Deleted Groups - -By default, the **My Deleted Groups** page displays the deleted groups that you are the primary -owner for. You can, however, set this page to display those deleted groups too for which you are an -additional owner. - -Step 1 – Click the **Settings** icon at the top of the page. - -Step 2 – Select the **Display additional group ownership in My Deleted Groups** check box. - -Step 3 – Click **Save**. - -## Display additional group ownership in my Smart Groups - -By default, the **My Smart Groups** page displays the Smart Group that you are the primary owner -for. You can, however, set this page to display those Smart Groups too for which you are an -additional owner. - -Step 1 – Click the **Settings** icon at the top of the page. - -Step 2 – Select the **Display additional group ownership in My Smart Groups** check box. - -Step 3 – Click **Save**. - -## Display additional group ownership in my Dynasties - -By default, the My Dynasties page displays the Dynasties that you are the primary owner for. You -can, however, set this page to display those Dynasties too for which you are an additional owner. - -Step 1 – Click the **Settings** icon at the top of the page. - -Step 2 – Select the **Display additional group ownership in My Dynasties** check box. - -Step 3 – Click **Save**. - -## Display Additional Manager Direct Reports - -By default, the **My Direct Reports** page displays the users that you are the primary manager for. -You can, however, set this page to display those users too for which you are an additional manager. - -Step 1 – Click the **Settings** icon at the top of the page. - -Step 2 – Select the **Display Additional Manager Direct Reports** check box. - -Step 3 – Click **Save**. - -## Reset default user options - -You can reset the settings on the **User Settings** panel to their default values. - -Step 1 – Click the **Settings** icon at the top of the page. - -Step 2 – On the **User Settings** page, click **Reset Defaults**. - -The following table lists the default values that are reset: - -| Option | Default Value | -| ---------------------------------------------- | ------------------------------------------------ | -| Identity Store Mode | Stand-alone | -| Notification Language | English | -| User Time Zone | The time zone set on the GroupID server machine. | -| Default startup page | Welcome | -| History items to display on home page | 10 | -| History items to display | 10 | -| Most recent objects | 5 | -| Domains to Search | Entire Directory | -| Search results per page | 25 | -| Display additional group ownership check boxes | Not selected | -| Display Additional Manager Direct Reports | Not selected | diff --git a/docs/directorymanager/11.1/portal/setting/user.md b/docs/directorymanager/11.1/portal/setting/user.md deleted file mode 100644 index 4aec817d7c..0000000000 --- a/docs/directorymanager/11.1/portal/setting/user.md +++ /dev/null @@ -1,108 +0,0 @@ -# User Account Settings - -Using the Directory Managerportal, you can manage your profile information and even change your -password, provided that the Directory Manager administrator has granted you the required -permissions. You can also add your picture to your profile. - -Administrators can also reset the passwords of other user accounts in the identity store. They can -also set the expiration policy of user accounts, lock or unlock accounts, and enable or disable -accounts. - -## Update your account information - -Follow the steps to update your account information. - -Step 1 – Make the required changes to your profile on the My Profile page. - -Step 2 – Click **Save**. - -NOTE: If the administrator has specified this action for review, your changes will not take effect -until verified by an approver. - -## Add a photo to your profile - -Follow the steps to add a photo to your profile. - -Step 1 – In Directory Manager portal, click **Dashboard** in the left pane and click the **My -Profile** card. - -Step 2 – Click the **General** tab. - -Step 3 – Click **Modify** next to the **Photo** box. - -The **Manage Photo** dialog box is displayed. - -Step 4 – Click **Browse** to browse the file system to select the photo. The size of the image -should not exceed the size displayed in the header area of the dialog box. - -Use the options on the dialog box to edit the photo as desired. - -Step 5 – Click **OK** to close the **Manage Photo** dialog box. - -Step 6 – Click **Save.** - -NOTE: If the administrator has specified this action for review, your changes will not take effect -until verified by an approver. - -## Set a user account to never expire - -Follow the steps to set a user account to never expire. - -Step 1 – Search a user to set its directory account to 'never expire'. - -Step 2 – Select this user on the **Search Results** page and click **Properties** on the toolbar. - -The user's properties page is displayed. - -Step 3 – On the **Account** tab, select the **Never** option button for **Account Expires**. - -Step 4 – Click **Save**. - -## Set a user account to expire on a specific date - -Follow the steps to set a user account to expire on a specific date. - -Step 1 – Search a user to set its directory account to expire on a specific date. - -Step 2 – Select this user on the **Search Results** page and click **Properties** on the toolbar. - -The user's properties page is displayed. - -Step 3 – On the **Account** tab, select **End of** from the **Account Expire** options and click the -Calendar button to set the date for expiring the user account. - -Step 4 – Click **Save**. - -## Lock/Unlock a user account - -Follow the steps to lock/unlock a user account. - -Step 1 – Search a user to lock or unlock their directory account. - -Step 2 – Select this user on the **Search Results** page and click **Properties** on the toolbar. - -The user's properties page is displayed. - -Step 3 – On the **Account** tab: - -- Select the **Account is locked out** check box to lock the user account. -- Clear the **Account is locked out** check box to unlock the account. - -Step 4 – Click **Save**. - -## Enable/Disable a user account - -Follow the steps to enable/disable a user account. - -Step 1 – Search a user to disable or enable their directory account. - -Step 2 – Select this user on the **Search Results** page and click **Properties** on the toolbar. - -Step 3 – The user's properties page is displayed. - -Step 4 – On the **Account** tab: - -- Select the **Account is disabled** check box to disable the user account. -- Clear the **Account is disabled** check box to enable the user account. - -Step 5 – Click **Save**. diff --git a/docs/directorymanager/11.1/portal/synchronize/collection/create.md b/docs/directorymanager/11.1/portal/synchronize/collection/create.md deleted file mode 100644 index dfb09a0f5f..0000000000 --- a/docs/directorymanager/11.1/portal/synchronize/collection/create.md +++ /dev/null @@ -1,51 +0,0 @@ -# Create a Job Collection - -A job collection is a group of individual jobs that you want to run in a particular order. For -instance, you can create a job collection to synchronize user accounts between multiple Active -Directory domains. You first create multiple Synchronize jobs to transfer data between two -directories, and then combine them in a job collection. Then you can execute the job collection -instead of executing each job one by one. - -To understand how workflows work with Synchronize jobs, see the -[Synchronize Jobs and Workflows](/docs/directorymanager/11.1/admincenter/workflow/overview.md#synchronize-jobs-and-workflows) -topic. - -## Create a job Collection - -Step 1 – On Directory Manager portal, select **Synchronize** on left pane. - -Step 2 – On the Synchronize portal, click **Create New** and then click **Job Collection.** - -Step 3 – On the [Choose your Job Template](/docs/directorymanager/11.1/portal/synchronize/collection/chooseyourjobcollectiontemplate.md) page, enter job -collection details and select whether to use a job collection template or create the job collection -from scratch. - -Step 4 – Click **Next Step** - -Step 5 – On the [Synchronized Job Collection](/docs/directorymanager/11.1/portal/synchronize/collection/synchronizedjobcollection.md) page, add jobs to the -collection. You can either add existing jobs or create new jobs to add them to the job collection. - -Step 6 – On the [Scheduling and Notifications](/docs/directorymanager/11.1/portal/synchronize/collection/schedulingandnotification.md) page, choose a schedule -for a job collection and set up notification settings. - -NOTE: After creating the job collection, you can modify the schedule for the job collection and you -can also create a new schedule. - -Step 7 – Select **Preview job collection when finished** checkbox to preview the job collection -before executing it. - -Step 8 – To review the information and changes regarding the job collection, click **Review Your -Change** at the bottom. - -Step 9 – Click **Finish** to exit the wizard and create the job collection. - -Step 10 – Once you run the job collection, the job collection runs and only those jobs will process -for which workflow is not configured. If workflow is configured for any job, the request gets -generated against that specific job. - -Step 11 – Generated workflow request will be displayed in the -“[Requests](/docs/directorymanager/11.1/portal/request/overview.md)” section for the workflow approver(s). If the approver -approves the workflow request, the job will execute the results. - -Step 12 – **Run Job Collection** dialog box displays overall collection statistics for the run, -reports and individual logs for each job in the collection. diff --git a/docs/directorymanager/11.1/portal/synchronize/dashboard.md b/docs/directorymanager/11.1/portal/synchronize/dashboard.md deleted file mode 100644 index b7f58f5ccc..0000000000 --- a/docs/directorymanager/11.1/portal/synchronize/dashboard.md +++ /dev/null @@ -1,52 +0,0 @@ -# Dashboard - -After signing into the Directory Manager portal, from the left pane select **Synchronize** to land -on the dashboard. - -![synchronizedashboard](/img/product_docs/directorymanager/11.1/portal/synchronize/synchronizedashboard.webp) - -The interface has intuitive navigation options: - -- Quick Search -- Top Right Options -- Menu Pane -- Dashboard - -## Quick Search - -Look on the top of the page for **Search**. Use it to locate and display information for the jobs -and job templates. - -## Top Right Options - -The top right corner of the application displays: - -| Icon | Description | -| -------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Background jobs icon | View the status of jobs and job collections that are running in the background. It displays: - Jobs - Completed Jobs: Jobs that have been completed. - In Progress Jobs: Jobs that are still in running. - Job Collections - Completed Jobs: Job collections that have been completed. - In Progress Jobs: Job collections that are still in running. | -| Help icon | Launch the synchronize portal help. | -| User profile icon | Displays your profile picture with your name and the identity store that Directory Manager portal is connected to. Click it to launch the menu that displays the option to [Sign Out](/docs/directorymanager/11.1/portal/login.md#sign-out) of the portal. | - -## Menu Pane - -Look on the left side of the page for the navigation pane, which lists links to: - -- Create New ([Create a Job](/docs/directorymanager/11.1/portal/synchronize/job/create.md) and [Create a Job Collection ](/docs/directorymanager/11.1/portal/synchronize/collection/create.md)) -- Dashboard -- [Manage a Job](/docs/directorymanager/11.1/portal/synchronize/manage/job.md) -- [Manage a Job Collection ](/docs/directorymanager/11.1/portal/synchronize/manage/jobcollection.md) -- [Job Templates](/docs/directorymanager/11.1/portal/synchronize/manage/jobtemplate.md) -- [Job Collection Template](/docs/directorymanager/11.1/portal/synchronize/manage/jobcollectiontemplate.md) - -## Dashboard - -The dashboard comprises of the following cards: - -| Cards | Description | -| ---------------------- | ----------------------------------------------------------- | -| Jobs For | Displays the jobs based on their object types. | -| Successful Jobs | Displays the jobs that have been completed successfully. | -| Jobs with Errors | Displays the jobs that are completed with errors. | -| Scheduled Jobs | Displays jobs that will run based on the time set for them. | -| My Pinned Jobs | Displays frequently used jobs. | -| Pinned Job Collections | Displays frequently used job collections. | diff --git a/docs/directorymanager/11.1/portal/synchronize/job/create.md b/docs/directorymanager/11.1/portal/synchronize/job/create.md deleted file mode 100644 index bbbcdf0ebc..0000000000 --- a/docs/directorymanager/11.1/portal/synchronize/job/create.md +++ /dev/null @@ -1,73 +0,0 @@ -# Create a Job - -Synchronize allows you to move data from one data source to another using a set of sequential -commands that run in the background. The set of commands is called a job. You can create a job from -scratch, from a predefined template, or from a template that you create yourself. - -Synchronize provides these predefined job templates: - -- Linked Mailbox Creation in Active Directory -- Move and Disable Objects in Active Directory -- Move Objects in Active Directory -- Sync GAL in Active Directory - -These job templates represent common business scenarios. You can use these templates or modify them -to create your own custom templates. Templates offer predefined settings, which you can apply to the -new job (except for the source and destination configurations) and modify as required. You can also -create a new job by duplicating and modifying an existing one. - -Creating a job from scratch requires that you specify the source and destination resources involved -in the transfer of data. You must also map the fields for the source and destination objects in -which the data transfer takes place. - -You can also apply data transformations. A transformation allows you to modify data as it is being -transferred to the destination. - -Once you create a job, you can either run it manually or schedule it to run periodically. - -You can create templates from existing jobs on-the-fly and reuse their settings in new jobs. - -To understand how workflows work with Synchronize jobs, see the -[Synchronize Jobs and Workflows](/docs/directorymanager/11.1/admincenter/workflow/overview.md#synchronize-jobs-and-workflows) -topic. - -## Create a new job - -Step 1 – On Directory Manager portal, select **Synchronize**on left pane. - -Step 2 – On the Synchronize portal, click **Create New** and then click **Job**. - -Step 3 – On the [Choose Your Job Template](/docs/directorymanager/11.1/portal/synchronize/job/chooseyourjobtemplate.md) page, enter the job details and -select whether to use a job template or create the job from scratch. - -Step 4 – Click **Next Step**. - -Step 5 – On the [Select Your Source and Destination](/docs/directorymanager/11.1/portal/synchronize/job/sourceanddestination.md) page, specify the -source and destination providers. - -Step 6 – Click **Next Step**. - -Step 7 – On the [Objects, Fields and Mapping ](/docs/directorymanager/11.1/portal/synchronize/job/objectfieldsandmapping.md) page, map the source and -destination fields and apply transformations. - -Step 8 – On the [Schedule Job and Notifications](/docs/directorymanager/11.1/portal/synchronize/job/scheduleandnotification.md) page, choose a schedule -for a job and set up notification settings. - -NOTE: After creating the job, you can modify the schedule for the job and you can also create a new -schedule. - -Step 9 – Select **Preview job when finished** checkbox to preview the job. - -Step 10 – **Review your Changes** before finishing the job. - -Step 11 – Click **Finish** and create the job. - -Step 12 – Once you run the job, the job runs if workflow is not configured. If workflow is -configured, the request gets generated. - -Step 13 – Generated workflow request will be displayed in the [Requests](/docs/directorymanager/11.1/portal/request/overview.md) -section for the workflow approver(s). If the approver approves the workflow request, the job will -execute the results. - -Step 14 – The **Review Job Run** dialog box appears, providing access to run statistics, reports, -and logs for the last job run. diff --git a/docs/directorymanager/11.1/portal/synchronize/job/exchange.md b/docs/directorymanager/11.1/portal/synchronize/job/exchange.md deleted file mode 100644 index 04e56e2465..0000000000 --- a/docs/directorymanager/11.1/portal/synchronize/job/exchange.md +++ /dev/null @@ -1,39 +0,0 @@ -# Exchange Subscription - -While creating or editing mail enabled objects through a Synchronize job, Directory Manager provides -you the facility to sync or deprovision subscriptions from Office 365 messaging provider. - -## Sync Exchange subscriptions - -While creating or editing a Synchronize job (mailbox-enabled user) you can sync subscriptions from -Exchange messaging provider. - -On the **Object, Fields and Mapping** page: - -Step 1 – In the **Messaging Provider** drop-down list, select the **Exchange** version that you want -to use. - -Step 2 – Enter the domain name where the mail server resides in the **Domain** name box. - -Step 3 – Enter the username and password of an authorized user account on the mail server in the -**Username** and **Password** boxes. - -Step 4 – Set Exchange server priority. - -With Microsoft Exchange as the messaging provider, the **Server Name** column in the **Server Status -& Priority** area lists the mail servers in the environment. By default, Directory Manager randomly -assigns the highest priority to a server. You can change its priority level and set the priority for -other servers. - -If your required server is not listed, click **Sync Again**. - -1. In the **Server Status and Priority** section, select the check box for the server you want to - specify or change the priority for. - - Directory Manager checks the availability of the server and displays its status as _Online_ - (available) or _Offline_ (unavailable) in the **Status** column. - -2. In the **Priority** box, select a priority level for the server, with ‘1’ representing the - highest priority. - -Step 5 – Click **Save**. diff --git a/docs/directorymanager/11.1/portal/synchronize/job/messagingsystemoverview.md b/docs/directorymanager/11.1/portal/synchronize/job/messagingsystemoverview.md deleted file mode 100644 index 8e58fb386d..0000000000 --- a/docs/directorymanager/11.1/portal/synchronize/job/messagingsystemoverview.md +++ /dev/null @@ -1,9 +0,0 @@ -# Messaging System - -Directory Manager enables users to configure messaging systems to efficiently create or edit mail -enabled objects through a Synchronize job. Users can sync or deprovision subscriptions from the -following messaging systems: - -- [Exchange Subscription](/docs/directorymanager/11.1/portal/synchronize/job/exchange.md) -- [Google Workspace Subscription](/docs/directorymanager/11.1/portal/synchronize/job/googleapp.md) -- [Office 365 Subscription](/docs/directorymanager/11.1/portal/synchronize/job/office365.md) diff --git a/docs/directorymanager/11.1/portal/synchronize/manage/overview.md b/docs/directorymanager/11.1/portal/synchronize/manage/overview.md deleted file mode 100644 index d7f3415539..0000000000 --- a/docs/directorymanager/11.1/portal/synchronize/manage/overview.md +++ /dev/null @@ -1,4 +0,0 @@ -# Manage Jobs - -Synchronize allows its users to create, manage, and schedule jobs and job collections. Synchronize -simplifies this process by providing an efficient system to manage jobs and job collections. diff --git a/docs/directorymanager/11.1/portal/synchronize/manage/schedule.md b/docs/directorymanager/11.1/portal/synchronize/manage/schedule.md deleted file mode 100644 index 7cbe6eda35..0000000000 --- a/docs/directorymanager/11.1/portal/synchronize/manage/schedule.md +++ /dev/null @@ -1,8 +0,0 @@ -# Schedule a Job / Job Collection - -The Directory Manager scheduling function enables you to set any Synchronize job or job collection -to run automatically. Create a Synchronize schedule and add Synchronize jobs and job collections as -targets. When the schedule runs, the target jobs and job collections are executed. - -To create a Synchronize schedule, see the -[Synchronize Schedule](/docs/directorymanager/11.1/admincenter/schedule/synchronize.md) topic. diff --git a/docs/directorymanager/11.1/portal/synchronize/overview.md b/docs/directorymanager/11.1/portal/synchronize/overview.md deleted file mode 100644 index 4f9c59495f..0000000000 --- a/docs/directorymanager/11.1/portal/synchronize/overview.md +++ /dev/null @@ -1,65 +0,0 @@ -# Synchronize - -Directory Manager Synchronize is a web-based application that can be accessed using the Directory -Manager portal. The application is a bi-directional synchronization engine for transferring data -from one data source to another. The data sources may include directory servers, databases or files. -Utilizing a very intuitive GUI, you can create Synchronize jobs to provision, de-provision or -synchronize multiple data sources. - -The Synchronize portal is also capable of applying transformations to the data being transferred. -This allows you to convert data after retrieving it from the source and before it gets saved at the -destination. - -## Prerequisites for Synchronize - -Using Directory Manager, you can create identity stores for several identity providers (such as -Active Directory and Microsoft Entra ID) as well as create data sources for providers such as files -and databases. Directory Manager Synchronize uses user-defined identity stores (as source and -destination) built on databases, files and other applications such as Oracle, SQL and so on. To view -the list of supported Synchronize providers, see the [Synchronize Providers](/docs/directorymanager/11.1/portal/synchronize/provider.md) topic. - -The following must be defined before you can use Synchronize: - -- Identity Store – Identity stores must be created in Admin Center for sources and destinations - providers. For working with Synchronize, create a Synchronize based identity store for creating - jobs and job collections. - - Synchronize data for AD and Microsoft Entra ID is directly saved to Elasticsearch and - Replication is not required. - -- Data Sources – You need to add the data sources in Admin Center like Microsoft Excel, Text, - Oracle, etc for creating job and job collections. -- Permissions – For performing Synchronize operations, the logged-in user must have Synchronize - specific permissions. These permissions enable the user to create, edit and run jobs or job - collections as per the defined Synchronize policy. -- Policies – Using the Synchronize policy, you can allow or disallow a provider to be used as a - source or destination. You can choose the object types that can be created or synced at the - destination using a Synchronize job. For each object type in an identity store and data source, - specify the attributes that will be available for mapping the source and destination fields in a - Synchronize job. -- History – Synchronize can maintain a complete track of actions performed in a directory through a - Synchronize job, provided that an identity store for the destination provider has been defined in - Directory Manager Admin Center and history tracking is enabled for that identity store. The - actions to be tracked for Synchronize are also specified in history settings of that identity - store. -- Workflows – Workflow requests can be enabled to run job or job collections. A workflow needs to be - created in the Admin Center and an approver must be assigned for that workflow. Each time if a - user runs a synchronize job, the job runs only when the approver approves the request. If they - deny, the job will not run. -- Notifications – An SMTP server must be configured for the destination's identity store. Using that - SMTP server email notification can be sent to designated recipients for different actions - performed while executing a Synchronize job. -- Messaging Provider – A messaging provider must be configured for the destination's identity store - so that mail-enabled objects can be created through Synchronize job in the destination. - -## Dashboard - -Synchronize dashboard displays performance widgets and cards displaying the data about your jobs and -job collections. On the navigation pane on the left side, you will see the following tabs: - -- Create New ([Create a Job](/docs/directorymanager/11.1/portal/synchronize/job/create.md) and [Create a Job Collection ](/docs/directorymanager/11.1/portal/synchronize/collection/create.md)) -- [Dashboard](/docs/directorymanager/11.1/portal/synchronize/dashboard.md) -- [Manage a Job](/docs/directorymanager/11.1/portal/synchronize/manage/job.md) -- [Manage a Job Collection ](/docs/directorymanager/11.1/portal/synchronize/manage/jobcollection.md) -- [Job Templates](/docs/directorymanager/11.1/portal/synchronize/manage/jobtemplate.md) -- [Job Collection Template](/docs/directorymanager/11.1/portal/synchronize/manage/jobcollectiontemplate.md) diff --git a/docs/directorymanager/11.1/portal/synchronize/transformation/overview.md b/docs/directorymanager/11.1/portal/synchronize/transformation/overview.md deleted file mode 100644 index 7d94afb1e8..0000000000 --- a/docs/directorymanager/11.1/portal/synchronize/transformation/overview.md +++ /dev/null @@ -1,140 +0,0 @@ -# Transform - -During the creation of synchronize jobs, you can apply transformation scripts to manipulate source -data before saving it to the destination. - -You can use transformations to perform these actions and more: - -- Combining the values of two source fields into one destination field. -- Extracting a set of characters from field values. -- Assigning a string constant to a field regardless of source restrictions. - -Synchronize includes a set of commonly used transformations, or you can write your own -transformation scripts using the Visual Basic .NET or Python editor. - -Synchronize provides these transformations: - -- Static -- Resolve -- Join -- Left -- Substring -- Script - -## Static - -During synchronization, the static transformation copies specified text to the destination field and -ignores the value in the source field mapped to it. - -- Type the text in the **Static text** box. This text is copied for the field at the destination. - - You can also specify Windows environment variables as static text. While transferring the data - during a job run, the job obtains the current value of the variable and saves it to the - destination field. - - Examples: - - - If static text is set to **%COMPUTERNAME%**, running the Job will save the host computer's - name in the target field. - - If static text is set to variables **%NOW%** and **%Computer%** as follows: - - _Updated by GroupID %NOW% from %COMPUTERNAME%._ - - Running the job will return the current date and the name of the host machine. The results - will look like as: - - _Updated by GroupID 1/12/2003 10:04 AM from EX01-DTM_ - - Environment variables may vary for different Windows releases and editions. Before using - environment variables, determine that they are supported by the Windows installed on your - host machine - -- [Auto-Generate Unique, Complex Passwords](/docs/directorymanager/11.1/portal/synchronize/transformation/autogenerateuniquepassword.md) based on complexity rules - - You can assign a single password to all synced objects or generate individual passwords for each - object. - -## Resolve - -The Resolve transformation attempts to locate a recipient at the destination that matches the -selected filter and returns the distinguished name. It is useful for setting the manager or owner -fields. - -destination: The target location to which to copy data. Destinations must be Exchange 5.5, Active -Directory, SQL Server, or Excel. - -NOTE: This transformation can adversely affect performance, as it adds an additional query to each -record. It applies to Active Directory and Exchange only. - -## Join - -The Join transformation combines values from two source fields into a single destination field. - -For instance, you can use a Join transformation to create a Display Name field at the destination -from the source’s **FirstName** and **LastName** fields. The values for the two source fields are -saved as a single value in the destination. - -The following table list the three parameters the Join transformation requires: - -| Parameter | Description | -| ------------ | --------------------------------------------------------------------------------------------------------------------------------------- | -| First field | Select the first source field. | -| Separator | Specify the character to use as separator between the values of the two fields. You can specify more than one characters as separators. | -| Second field | Select the second source field. | - -## Left - -Use the Left transformation to return a specific number of characters from the left side of a source -value. You can use a Left transformation to pull characters from a value to create an abbreviation -or an alias. - -For example, your requirement is to set the first three characters of a user's logon name as their -initials. You can easily achieve this by applying the settings shown in the following figure. - -The following table lists the two parameters the Left transformation requires: - -| Parameter | Description | -| -------------------- | ----------------------------------------------------------------------- | -| Source field | Select the source field from which to get the value. | -| Number of characters | Specify here the number of character to extract starting from the left. | - -## Substring - -The Substring transformation returns a set of characters from the source value. The set of -characters to extract from the source value is determined form the **Start at** and **Length** -parameters passed to the transformation. - -Substring transformation is useful in cases where the set of characters to extract are from within a -value that has a fixed number of characters or digits. The use of this transformation can become -tricky if the number of characters or digits in values of the source field may vary. - -The following table lists the parameters the Substring transformation requires: - -| Parameter | Description | -| ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------- | -| Source field | Select the source field from which to get the value. | -| Start at | Specify the index number of the character to set as the starting point. The character at this position will not be included in the result itself. | -| Length | This represents the count of characters to extract from the starting point. | - -**Example:** - -Telephone numbers are usually written with country and city codes. You may have a destination field -where you may only require the country code to be copied excluding the city code and the number -itself. - -Consider the number, +92-42-5787711. Where: - -| Country Code | City Code | Telephone | -| ------------ | --------- | --------- | -| 92 | 42 | 5787711 | - -To extract the country code, you would set the parameters for this transformation. When executed, -this would extract 92 from the number and save it to the destination field. - -## Script - -Unlike the built-in transforms described above, the Script transformation is a template for writing -custom scripts. Use the **Script** template by selecting a built-in transform that provides most of -the functionality you need, select parameters, if any, and then switch the transform type to -**Script** to view the resulting script. You can then modify the script to add the functionality you -need. diff --git a/docs/directorymanager/11.1/portal/user/create/activedirectory/account.md b/docs/directorymanager/11.1/portal/user/create/activedirectory/account.md deleted file mode 100644 index 94a0683213..0000000000 --- a/docs/directorymanager/11.1/portal/user/create/activedirectory/account.md +++ /dev/null @@ -1,30 +0,0 @@ -# Account page - -(of Create User and Create Mailbox wizards) - -Use this page to specify basic account info, such as the user's first name, last name, login ID and -the UPN suffix. - -Step 1 – Click **Browse** next to the Container box to select a container to create the user in. - -This field would be read-only if the administrator has predefined a container for creating new -users. - -Step 2 – Enter the user's First Name, Initials, and Last Name in the respective boxes. - -Step 3 – The wizard uses the provided information to populate the Full Name, Display Name, User -logon name, and User logon name (pre-windows 2000) boxes. You can modify this information, if -required. - -- The pre-Windows 2000 user logon name cannot exceed 24 characters. This name is used for logging on - to computers running Windows 95, Windows 98, or Windows NT. - -- The logon name is the user ID the user will use to log into the identity store. - -Step 4 – The UPN Suffix box displays the UPN suffix for the user account. This is the name of the -domain the connected identity store is running on. An example of a UPN suffix can be 'mydomain.com'. - -When a domain user account is created, the complete domain account comprises of a user logon name -followed by '@' and then the domain name. - -Step 5 – Click **Next**. diff --git a/docs/directorymanager/11.1/portal/user/create/activedirectory/contact/contact.md b/docs/directorymanager/11.1/portal/user/create/activedirectory/contact/contact.md deleted file mode 100644 index 9e86da7b53..0000000000 --- a/docs/directorymanager/11.1/portal/user/create/activedirectory/contact/contact.md +++ /dev/null @@ -1,38 +0,0 @@ -# Create an AD Contact - -The Directory Manager portal enables you to create the contact object in the directory. - -NOTE: The contact object type is not supported in a Microsoft Entra ID based identity store. - -NOTE: Pages and fields on the Create Contact wizard may vary from those discussed here, since the -administrator can customize the wizard by adding or removing pages and fields. - -## Create a contact - -Follow the steps to create a contact in an Active Directory identity store. - -Step 1 – In the Directory Manager portal, click the **Create New** button in the left pane and -select **Contact**. - -Step 2 – The Create Contact wizard opens to the Account page. - -Step 3 – On the Account page: - -1. Click **Browse** next to Container to select a container to create the contact in. - - This field would be read-only if the administrator has pre-defined a container for creating new - contacts. - -2. Enter the contact's First Name, Initials, and Last Name in the respective boxes. - - The wizard uses this information to populate the Full Name and Display Name boxes. - -3. Click **Next**. - -Step 4 – Use the Exchange page to mail-enable the contact. - -Step 5 – On the Summary page, review the settings and then click Finish to complete the wizard. - -NOTE: If the Directory Manager administrator has specified the contact creation action for review, -your changes will not take effect until verified by an approver. See the -[Requests](/docs/directorymanager/11.1/portal/request/overview.md) topic for additional information. diff --git a/docs/directorymanager/11.1/portal/user/create/activedirectory/mailbox/exchange.md b/docs/directorymanager/11.1/portal/user/create/activedirectory/mailbox/exchange.md deleted file mode 100644 index 7b2a178b57..0000000000 --- a/docs/directorymanager/11.1/portal/user/create/activedirectory/mailbox/exchange.md +++ /dev/null @@ -1,17 +0,0 @@ -# Exchange page - -(of Create Mailbox wizard) - -Follow the steps to provide alias and subscriptions for a mailbox. - -Step 1 – In the Alias box, type an alias for the mailbox. - -Step 2 – In the Mailbox Store list, select a mailbox store to create the user's mailbox in. - -Step 3 – The Subscription List provides the subscriptions offered by Office 365 to a mailbox user. -Select the check boxes for the subscriptions you want to assign to this mailbox. - -The subscription list is displayed when Office 365 is configured as the messaging provider for the -identity store. - -Step 4 – Click **Next**. diff --git a/docs/directorymanager/11.1/portal/user/create/activedirectory/mailbox/mailbox.md b/docs/directorymanager/11.1/portal/user/create/activedirectory/mailbox/mailbox.md deleted file mode 100644 index 7b5b2d7392..0000000000 --- a/docs/directorymanager/11.1/portal/user/create/activedirectory/mailbox/mailbox.md +++ /dev/null @@ -1,31 +0,0 @@ -# Create an AD Mailbox - -You can create a mailbox using Directory Manager portal when a messaging provider has been -configured for the identity store. - -A mailbox is a user with a mailbox, such as an Exchange mailbox. - -NOTE: Pages and fields on the Create Mailbox wizard may vary from those discussed here, since the -administrator can customize the wizard by adding or removing pages and fields. - -## Create a mailbox in Active Directory - -Step 1 – In the Directory Manager portal, click the **Create New** button in the left pane and -select **Mailbox**. - -The Create Mailbox wizard opens to the Account page. - -Step 2 – On the [Account page](/docs/directorymanager/11.1/portal/user/create/activedirectory/account.md), specify basic account info, such as the object's -first name, last name, login ID and the UPN suffix. - -Step 3 – On the [Password page](/docs/directorymanager/11.1/portal/user/create/activedirectory/password.md), provide a password for the mailbox account and set -other password-specific options. - -Step 4 – On the [Exchange page](/docs/directorymanager/11.1/portal/user/create/activedirectory/mailbox/exchange.md), set the alias and Office 365 subscriptions. - -Step 5 – On the [Summary Page](/docs/directorymanager/11.1/portal/user/create/activedirectory/summary.md), review the settings and then click **Finish** to -complete the wizard. - -NOTE: If the Directory Manager administrator has specified the mailbox creation action for review, -your changes will not take effect until verified by an approver. See the -[Requests](/docs/directorymanager/11.1/portal/request/overview.md) topic for additional information. diff --git a/docs/directorymanager/11.1/portal/user/create/activedirectory/overview.md b/docs/directorymanager/11.1/portal/user/create/activedirectory/overview.md deleted file mode 100644 index c37ef2fcb6..0000000000 --- a/docs/directorymanager/11.1/portal/user/create/activedirectory/overview.md +++ /dev/null @@ -1,7 +0,0 @@ -# Create Active Directory User Objects - -In an Active Directory identity stores, you can create the following types of users: - -- User – See the [Create an AD User](/docs/directorymanager/11.1/portal/user/create/activedirectory/user.md) topic for additional information. -- Mailbox – See the [Create an AD Mailbox](/docs/directorymanager/11.1/portal/user/create/activedirectory/mailbox/mailbox.md) topic for additional information. -- Contact – See the [Create an AD Contact](/docs/directorymanager/11.1/portal/user/create/activedirectory/contact/contact.md) topic for additional information. diff --git a/docs/directorymanager/11.1/portal/user/create/activedirectory/password.md b/docs/directorymanager/11.1/portal/user/create/activedirectory/password.md deleted file mode 100644 index 23f73c38bf..0000000000 --- a/docs/directorymanager/11.1/portal/user/create/activedirectory/password.md +++ /dev/null @@ -1,14 +0,0 @@ -# Password page - -Provide a password for the user account and set other password-specific options. - -Step 1 – Type a password for the user account in the **Password** and **Confirm password** boxes. - -Step 2 – Select the following check boxes to set the security options for the user account: - -- User must change password at next logon – To force the user to change the password the next time - they log into their workstations with the account. -- Password never expires – To prevent the account password from expiring. -- Account is disabled – To disable the account, so that the user cannot log-on with it. - -Step 3 – Click **Next**. diff --git a/docs/directorymanager/11.1/portal/user/create/activedirectory/user.md b/docs/directorymanager/11.1/portal/user/create/activedirectory/user.md deleted file mode 100644 index 5fc55e8042..0000000000 --- a/docs/directorymanager/11.1/portal/user/create/activedirectory/user.md +++ /dev/null @@ -1,56 +0,0 @@ -# Create an AD User - -In Directory Manager portal, you can create mail-enabled and non mail-enabled users. - -NOTE: In a Microsoft Entra ID based identity store, users can only be created as non mail-enabled. -Create a mailbox as an alternative to a mail-enabled user. - -NOTE: Pages and fields on the Create User wizard may vary from those discussed here, since the -administrator can customize the wizard by adding or removing pages and fields. - -## Create a mail-enabled user in Active Directory - -Step 1 – In the Directory Manager portal, click the **Create New** button in the left pane and -select **User**. - -The Create User wizard opens to the Account page. - -Step 2 – On the [Account page](/docs/directorymanager/11.1/portal/user/create/activedirectory/account.md), specify basic account info, such as the user's first -name, last name, login ID and the UPN suffix. - -Step 3 – On the [Password page](/docs/directorymanager/11.1/portal/user/create/activedirectory/password.md), provide a password for the user account and set other -password-specific options. - -Step 4 – Use the [Exchange page](/docs/directorymanager/11.1/portal/user/create/activedirectory/messaging.md), to create the user as mail-enabled. - -Step 5 – On the [Summary Page](/docs/directorymanager/11.1/portal/user/create/activedirectory/summary.md), review the settings and then click Finish to complete -the wizard. - -NOTE: If the Directory Manager administrator has specified the user creation action for review, your -changes will not take effect until verified by an approver. See the -[Requests](/docs/directorymanager/11.1/portal/request/overview.md) topic for additional information. - -## Create a non mail-enabled user in Active Directory - -Step 1 – In the Directory Manager portal, click the **Create New** button in the left pane and -select **User**. - -The Create User wizard opens to the Account page. - -Step 2 – On the [Account page](/docs/directorymanager/11.1/portal/user/create/activedirectory/account.md), specify basic account info, such as the user's first -name, last name, login ID and the UPN suffix. - -Step 3 – On the [Password page](/docs/directorymanager/11.1/portal/user/create/activedirectory/password.md), provide a password for the user account and set other -password-specific options. - -Step 4 – On the [Exchange page](/docs/directorymanager/11.1/portal/user/create/activedirectory/messaging.md), clear the **Mail-Enabled** check box to create the -user as non mail-enabled. This disables the remaining fields on the page. - -A non mail-enabled user does not have an email address. - -Step 5 – On the [Summary Page](/docs/directorymanager/11.1/portal/user/create/activedirectory/summary.md), review the settings and then click Finish to complete -the wizard. - -NOTE: If the Directory Manager administrator has specified the user creation action for review, your -changes will not take effect until verified by an approver. See the -[Requests](/docs/directorymanager/11.1/portal/request/overview.md) topic for additional information. diff --git a/docs/directorymanager/11.1/portal/user/create/azure/account.md b/docs/directorymanager/11.1/portal/user/create/azure/account.md deleted file mode 100644 index 44fa6cc173..0000000000 --- a/docs/directorymanager/11.1/portal/user/create/azure/account.md +++ /dev/null @@ -1,23 +0,0 @@ -# Account page - -(of Microsoft Entra ID User and Mailbox wizards) - -Use this page to specify basic account info, such as the user's first name, last name, login ID and -the UPN suffix. - -Step 1 – Click **Browse** next to the Container box to select a container to create the user in. - -Step 2 – Enter the user's first name and last name in the respective boxes. - -Step 3 – The wizard uses the provided information to populate the Display Name and User logon name -boxes. You can modify this information, if required. - -The logon name is the user ID the user will use to log into the identity store. - -Step 4 – The UPN Suffix box displays the UPN suffix for the user account. This is the name of the -domain the identity store is running on. An example of a UPN suffix can be 'mydomain.com'. - -When a domain user account is created, the complete domain account comprises of a user logon name -followed by '@' and then the domain name. - -Step 5 – Click **Next**. diff --git a/docs/directorymanager/11.1/portal/user/create/azure/directoryrole.md b/docs/directorymanager/11.1/portal/user/create/azure/directoryrole.md deleted file mode 100644 index 7b4b2984f3..0000000000 --- a/docs/directorymanager/11.1/portal/user/create/azure/directoryrole.md +++ /dev/null @@ -1,13 +0,0 @@ -# Directory Roles page - -Use this page to assign a role and role privileges to the user on the Microsoft Entra Admin Center -portal. - -Step 1 – The **Directory Roles** drop-down list displays the roles that can be assigned to users on -the Microsoft Entra Admin Center portal. These are: Global Administrator, Limited Administrator, and -User. - -Click the down arrow next to a role and select the check boxes for the privileges within that role -for assignment. - -Step 2 – Click **Next**. diff --git a/docs/directorymanager/11.1/portal/user/create/azure/mailbox/exchange.md b/docs/directorymanager/11.1/portal/user/create/azure/mailbox/exchange.md deleted file mode 100644 index 1cfb6950d9..0000000000 --- a/docs/directorymanager/11.1/portal/user/create/azure/mailbox/exchange.md +++ /dev/null @@ -1,28 +0,0 @@ -# Exchange page (Create Mailbox wizard) - -Follow the steps to set alias and Office 365 subscriptions for a Microsoft Entra ID mailbox - -Step 1 – In the **Alias** box, type an alias for the mailbox. - -Step 2 – From the **Usage Location** list, select a geographical location for the mailbox. - -The usage location determines what Office 365 licenses and associated features can be assigned to a -mailbox based on geographic availability and laws. This attribute is mandatory when you assign -subscriptions and licenses to Office 365 mailboxes. - -Step 3 – In the **Mailbox Store** list, select a mailbox store to create the user's mailbox on. - -Step 4 – The **Directory Roles** drop-down list displays the roles that can be assigned to mailboxes -on the Microsoft Entra Admin Center portal. These are: Global Administrator, Limited Administrator, -and User. - -Click the down arrow next to a role and select the check boxes for the privileges within that role -for assignment. - -Step 5 – The **Subscription List** provides the subscriptions offered by Office 365 to a mailbox -user. Select the check boxes for the subscriptions you want to assign to this mailbox. - -The subscription list is displayed when Office 365 is configured as the messaging provider for the -identity store. - -Step 6 – Click **Next**. diff --git a/docs/directorymanager/11.1/portal/user/create/azure/mailbox/mailbox.md b/docs/directorymanager/11.1/portal/user/create/azure/mailbox/mailbox.md deleted file mode 100644 index 664f65ba55..0000000000 --- a/docs/directorymanager/11.1/portal/user/create/azure/mailbox/mailbox.md +++ /dev/null @@ -1,31 +0,0 @@ -# Create a Microsoft Entra ID Mailbox - -You can create a mailbox using Directory Manager portal when a messaging provider has been -configured for the identity store. - -A mailbox is a user with a mailbox, such as an Exchange mailbox. - -NOTE: Pages and fields on the Create Mailbox wizard may vary from those discussed here, since the -administrator can customize the wizard by adding or removing pages and fields. - -## Create a mailbox in an Microsoft Entra ID - -Follow the steps to create a mailbox object in an Microsoft Entra ID identity store. - -Step 1 – In the Directory Manager portal, click the **Create New** button and select **Mailbox**. - -The Create Mailbox wizard opens to the Account page. - -Step 2 – On the Account page, specify basic account info, such as the object's first name, last -name, login ID and the UPN suffix. - -Step 3 – On the Password page, provide a password for the mailbox account and set other -password-specific options. - -Step 4 – On the Exchange page, set the alias and Office 365 subscriptions for the mailbox. - -Step 5 – On the Summary page, review the settings and then click **Finish** to complete the wizard. - -NOTE: If the Directory Manager administrator has specified the mailbox creation action for review, -your changes will not take effect until verified by an approver. See the -[Requests](/docs/directorymanager/11.1/portal/request/overview.md) topic for additional information. diff --git a/docs/directorymanager/11.1/portal/user/create/azure/overview.md b/docs/directorymanager/11.1/portal/user/create/azure/overview.md deleted file mode 100644 index f00a6d2e26..0000000000 --- a/docs/directorymanager/11.1/portal/user/create/azure/overview.md +++ /dev/null @@ -1,8 +0,0 @@ -# Create Microsoft Entra ID User Objects - -In a Microsoft Entra ID identity stores, you can create the following types of users: - -- User – See the [Create a Microsoft Entra ID User](/docs/directorymanager/11.1/portal/user/create/azure/user.md) topic for additional information on how - to create a user in an Microsoft Entra ID identity store. -- Mailbox – See the [Create a Microsoft Entra ID Mailbox](/docs/directorymanager/11.1/portal/user/create/azure/mailbox/mailbox.md) topic for additional - information on how to create a mailbox in an Microsoft Entra ID identity store. diff --git a/docs/directorymanager/11.1/portal/user/create/azure/password.md b/docs/directorymanager/11.1/portal/user/create/azure/password.md deleted file mode 100644 index a12f3d6cea..0000000000 --- a/docs/directorymanager/11.1/portal/user/create/azure/password.md +++ /dev/null @@ -1,18 +0,0 @@ -# Password page - -(of Microsoft Entra ID User and Mailbox wizards) - -Provide a password for the user account and set other password-specific options. - -Step 1 – Type a password for the user account in the **Password** and **Confirm password** boxes. - -Step 2 – Select the check boxes to set the security options for the user account: - -- User must change password at next logon – To force the user to change the password the next time - they log into their workstations with the account. -- Account is enabled – This check box is selected by default, indicating that the user account is - enabled. - - Clear it to disable the account, so that the user would not be able to log-on with it. - -Step 3 – Click **Next**. diff --git a/docs/directorymanager/11.1/portal/user/create/azure/user.md b/docs/directorymanager/11.1/portal/user/create/azure/user.md deleted file mode 100644 index a20f62ec2e..0000000000 --- a/docs/directorymanager/11.1/portal/user/create/azure/user.md +++ /dev/null @@ -1,32 +0,0 @@ -# Create a Microsoft Entra ID User - -In Directory Manager portal, you can create mail-enabled and non mail-enabled users. - -NOTE: In a Microsoft Entra ID based identity store, users can only be created as non mail-enabled. -Create a mailbox as an alternative to a mail-enabled user. - -NOTE: Pages and fields on the Create User wizard may vary from those discussed here, since the -administrator can customize the wizard by adding or removing pages and fields. - -## Create a user in Microsoft Entra ID - -Step 1 – In the Directory Manager portal, click the **Create New** button in the left pane and -select **User**. - -The Create User wizard opens to the Account page. - -Step 2 – On the Account page, specify basic account info, such as the user's first name, last name, -login ID and the UPN suffix. See the [Account page ](/docs/directorymanager/11.1/portal/user/create/azure/account.md)topic for additional information. - -Step 3 – On the Password page, provide a password for the user account and set other -password-specific options. See the [Password page ](/docs/directorymanager/11.1/portal/user/create/azure/password.md)topic for additional information. - -Step 4 – Use the Directory Roles page to assign a role and role privileges to the user on the -Microsoft Entra Admin Center portal. See the [Directory Roles page](/docs/directorymanager/11.1/portal/user/create/azure/directoryrole.md) for additional -information. - -Step 5 – On the Summary page, review the settings and then click **Finish** to complete the wizard. - -NOTE: If the Directory Manager administrator has specified the user creation action for review, your -changes will not take effect until verified by an approver. See the -[Requests](/docs/directorymanager/11.1/portal/request/overview.md) topic for additional information. diff --git a/docs/directorymanager/11.1/portal/user/create/overview.md b/docs/directorymanager/11.1/portal/user/create/overview.md deleted file mode 100644 index d1cff7e9b3..0000000000 --- a/docs/directorymanager/11.1/portal/user/create/overview.md +++ /dev/null @@ -1,14 +0,0 @@ -# Create User Objects - -Directory Manager portal enables you to create following types of users: - -- User -- Mailbox -- Contact - -Directory Manager supports the following identity providers for creating the user objects: - -- Active Directory -- Microsoft Entra ID -- Generic LDAP -- Google Workspace diff --git a/docs/directorymanager/11.1/portal/user/manage/changepassword.md b/docs/directorymanager/11.1/portal/user/manage/changepassword.md deleted file mode 100644 index 67a289ef4d..0000000000 --- a/docs/directorymanager/11.1/portal/user/manage/changepassword.md +++ /dev/null @@ -1,48 +0,0 @@ -# Change your password - -You can change the password of your identity store account. After changing it, use the new password -to sign into Directory Manager and any other application that uses your domain account. - -To do this, provide the existing password and then a new password to replace it. The new password -must conform to the password policy the administrator has defined for the identity store. -Administrator can either enable -[Directory Manage Password Policy ](/docs/directorymanager/11.1/admincenter/securityrole/policy/password.md) or Netwrix -Password Policy Enforcer policies for the identity store. - -NOTE: MFA enabled Microsoft Entra ID users cannot change their passwords in Directory Manager. If -they try to do so, the following message is displayed: - -![Change Password error message for Entra ID user](/img/product_docs/directorymanager/11.1/portal/user/manage/changepasswordentraiduser.webp) - -If the user's account is a master account, password of its child accounts also cannot be changed in -Directory Manager. - -Follow these steps to change your password. - -Step 1 – In the portal, click your profile info in the top right corner and select **Change -password**. - -Step 2 – The Select your account section lists your account and its linked accounts, if any. Your -logged in account is selected. - -Notice the following in the blue bar: - -- Password Policy: Minimum Length – Displays the minimum number of characters the new password must - contain -- Password Complexity – Displays whether password complexity rules apply. Hover the mouse over - _Enabled_ to view the rules. - -Step 3 – In the Change Password section, do the following: - -- Type the password of your selected account in the **Current Password** box. -- Type your new password in the **New Password** box. The new password must conform to the rules of - the applied password policy for the identity store. -- Type the new password in the **Confirm New Password** box. - -Step 4 – Click **Change Password**. - -If you have reused an old password that does not meet the Enforce password history policy of the -provider, a message informs you that the password must be different from the old one. - -Step 5 – On successful change password, the message,"Password has been reset successfully." is -displayed. Click **OK**. diff --git a/docs/directorymanager/11.1/portal/user/manage/overview.md b/docs/directorymanager/11.1/portal/user/manage/overview.md deleted file mode 100644 index 1a9198fd7e..0000000000 --- a/docs/directorymanager/11.1/portal/user/manage/overview.md +++ /dev/null @@ -1,9 +0,0 @@ -# Manage Users - -Using Directory Manager portal, you can perform the following actions: - -- [Update your Direct Reports](/docs/directorymanager/11.1/portal/user/manage/directreport.md) -- [Validate your profile](/docs/directorymanager/11.1/portal/user/manage/validateprofile.md) -- [Reset your password](/docs/directorymanager/11.1/portal/user/manage/resetpassword.md) -- [ Change your password](/docs/directorymanager/11.1/portal/user/manage/changepassword.md) -- [Unlock your accounts](/docs/directorymanager/11.1/portal/user/manage/unlockaccount.md) diff --git a/docs/directorymanager/11.1/portal/user/manage/passwordmanagement.md b/docs/directorymanager/11.1/portal/user/manage/passwordmanagement.md deleted file mode 100644 index 90e2b11527..0000000000 --- a/docs/directorymanager/11.1/portal/user/manage/passwordmanagement.md +++ /dev/null @@ -1,38 +0,0 @@ -# Password Management - -Complex passwords keep network infrastructure secure but there is a real cost to that security. -Users forget their complex passwords. They can be given two options: either they call helpdesk to -reset their password at an exorbitant cost or have a self-service tool. Directory Manager can serve -both these functions. Using it: - -- Helpdesk – Can reset passwords and unlock accounts for users after authentication. See the - [Reset Passwords](/docs/directorymanager/11.1/admincenter/helpdesk/operation/resetpassword.md) topic for detailed - information. -- Users – Can reset their own passwords and their own accounts after passing multifactor - authentication. They can perform these password related functions through various mediums, such - as: - - - Directory Manager portal – Using it, they can: - - - reset their forgotten passwords. See the - [Reset Passwords](/docs/directorymanager/11.1/portal/user/authentication/passwordreset.md) topic for further information on how - to reset forgotten passwords. - - change their account passwords. See the [ Change your password](/docs/directorymanager/11.1/portal/user/manage/changepassword.md) topic - for further information on how to change their account passwords. - - reset their own password or password of any other user. See the - [Reset your password](/docs/directorymanager/11.1/portal/user/manage/resetpassword.md) topic for additional information. - - unlock their identity store account. See the [Unlock your accounts](/docs/directorymanager/11.1/portal/user/manage/unlockaccount.md) - topic for detailed information on how to unlock their identity store accounts. - - - Client Software and Web Access - - The client software to install on user workstations is called - [ Credential Provider](/docs/directorymanager/11.1/portal/user/manage/credentialprovider.md) and available for distribution using various - IT enabled distribution methods such as group policy and Microsoft System Center - Configuration Manager (SCCM). See the [Install Credential Provider](/docs/directorymanager/11.1/portal/user/manage/installcp.md) topic for - additional information. - - The distributed client enables the **Forgot Password?** and **Unlock Account** links on the - Windows logon screen of users’ workstations. Users, who forget their passwords or are locked - out, can easily access these functions from their machine. There is also an option for web - access for users if they are on a remote computer. diff --git a/docs/directorymanager/11.1/portal/user/manage/resetpassword.md b/docs/directorymanager/11.1/portal/user/manage/resetpassword.md deleted file mode 100644 index dae98c93c9..0000000000 --- a/docs/directorymanager/11.1/portal/user/manage/resetpassword.md +++ /dev/null @@ -1,36 +0,0 @@ -# Reset your password - -Directory Manager portal enables you to reset password for user accounts. You can reset your -identity store password, and even the account passwords of other users in the connected identity -store, provided you have the rights. The new password must conform to the password policy the -administrator has defined for the identity store. Administrator can either enable -[Directory Manage Password Policy ](/docs/directorymanager/11.1/admincenter/securityrole/policy/password.md) or Netwrix -Password Policy Enforcer policies for the identity store. - -Follow the steps to reset password. - -Step 1 – On the My Dashboard page of Directory Manager portal, search for the user whose password -you need to reset. See the [Directory Search](/docs/directorymanager/11.1/portal/search/search.md) topic for additional -information. - -Step 2 – Select the account from the list whose password you want to reset. - -Step 3 – Select the identity store where the account exists from the identity store drop down list. -Your logged in account is selected - -Step 4 – Type identity store account name in the user name box. - -Step 5 – Select **Reset Password** on the toolbar. - -Step 6 – Enter the information for the given fields: - -- Identity Store – Shows the name of the identity store the portal is connected to. -- User name – Shows your logged-on user name. - - If you have the rights to reset the passwords for other user accounts, then type the login name - of a user. - -- New password and Confirm New password – Type a new password for the specified user. The new - password must conform to the rules of the applied password policy for the identity store. - -Step 7 – Click **Save**. diff --git a/docs/directorymanager/11.1/portal/user/manage/unlockaccount.md b/docs/directorymanager/11.1/portal/user/manage/unlockaccount.md deleted file mode 100644 index a62daffc79..0000000000 --- a/docs/directorymanager/11.1/portal/user/manage/unlockaccount.md +++ /dev/null @@ -1,203 +0,0 @@ -# Unlock your accounts - -You can unlock your identity store account yourself, without having to contact the administrator or -wait. - -Your account can get locked due to: - -- **Wrong password attempts while logging on to a Directory Manager client** - - the consecutive number of times a user can provide the wrong password (Account lockout - threshold), after which the user's identity store account gets locked. - - the duration to lock the user account (_Account lockout duration_). -- **Invalid response to authentication type(s)** - - The Directory Manager administrator can specify Password Policy for the identity store, which - includes: - - - the consecutive number of times a role member can provide a wrong value for any authentication - type (Failed Authentication Attempts Threshold). - - the duration to lock the user account (_Account Lockout duration_). - -With authentication disabled, you cannot authenticate in Directory Manager; hence, you cannot unlock -your identity store accounts or reset your passwords. - -### Unlock identity store user accounts (after wrong password attempts) - enrolled users - -While logging on Directory Manager, you provide wrong password on the Directory Manager Authenticate -window for the specified number of times, the following message appears: - -![GroupID Authenticate](/img/product_docs/directorymanager/11.1/portal/user/manage/locked.webp) - -Now you cannot login to portal unless you unlock your identity store account. Follow the -instructions given below to unlock your account: - -Step 1 – On the Welcome to Directory Manager page of the portal, click **Account Locked?** card. - -Step 2 – Select the identity store where your account exists from the identity store drop down list. - -Step 3 – Type your identity store account name in the **Username** box. - -Step 4 – Enter captcha in the **Captcha** box. - -Step 5 – Click **Unlock Account**. You will be directed to a page where the authentication type(s) -you enrolled your account with are listed. - -To get authenticated through the required authentication type(s), click the relevant option below: - -- Security Questions - - 1. On the Multifactor Authentication window, select the **Security Questions** check box and - click **Continue**. - 2. The page lists the security questions you enrolled your account with. Provide answers to - these questions. - 3. Click **Verify and Continue**. - -- Mobile Verification - - 1. On the Multifactor Authentication window, select the **Mobile Verification** check box and - click **Continue**. - 2. Type the last four digits of your mobile number and click **Send Code**. - 3. In the displayed box, type the 5 digit access code sent on your mobile phone. - 4. Click **Verify and Continue**. - - If you have not received a code, click **Send Again** and then enter the received code in the - given box. - -- Email Verification - - 1. On the Multifactor Authentication window, select the **Email** check box and click - **Continue**. - 2. Complete your email address and click **Send Code**. - 3. In the displayed box, type the 5 digits access code sent to the provided email address. - 4. Click **Verify and Continue**. - - If you have not received a code, click **Send Again** and then enter the received code in the - given box. - -- Authenticator - - 1. On the Multifactor Authentication window, select the **Authenticator** check box and click - **Continue**. - 2. Launch the authenticator app on your smart phone. - 3. The app displays a 6-digit code. Enter that code in the **Security Code** box on the - Authenticator page. - - The app generates a new code every 30 seconds. - - 4. Click **Verify and Continue**. - -- Link Account - - 1. On the Multifactor Authentication window, select the **Link Account** check box and click - **Continue**. - 2. On the Link Account tab, select a link account you want to use for resetting the password of - your account. - - This tab lists the link account(s) that have the Allow Authentication option enabled. - - 3. Type the username and password of the selected linked account in the respective boxes. - 4. Click **Next**. - -- YubiKey - - Insert the YubiKey device in the USB slot of your computer. - - 1. On the Multifactor Authentication window, select the **YubiKey** check box and click - **Continue**. - 2. Click your YubiKey device name. The portal directs you to tap on the device. - - On tapping, you are authenticated. - -- **Windows Hello** - - 1. On the Multifactor Authentication window, click the **Windows Hello** check box and click - **Continue**. - 2. Click **Authenticate and Continue**. - - Authenticate with the provided biometric information or with the PIN given in Windows Hello - sign-in options. - -Step 6 – Click **Unlock Account**. A message that the account has been unlocked successfully is -displayed. - -You can now log in to Directory Manager portal with your account and perform the required function. - -### Unlock identity store user accounts (after wrong password attempts) - unenrolled users - -On entering the wrong password on the Directory Manager Authenticate window for the specified number -of times, your account gets locked. You cannot login to Password Center user portal unless you -unlock your identity store account. Follow the instructions given below to unlock your account: - -Step 1 – On the Welcome to Directory Manager page of the portal, click **Unlock my account** card. - -Step 2 – Select the identity store where your account exists from the identity store drop down list. - -Step 3 – Type your identity store account name in the user name box. - -Step 4 – Click **Unlock Account**. - -You will be directed to a page where the Second Way Authentication type options are listed as the -administrator has configured for your role. - -To get authenticated through the defined authentication type(s) for your role, click the relevant -option below: - -- Security Question - - 1. On the Second Way Authentication window, select the **Security Question** check box and click - **Continue**. - 2. Provide answer to the question the administrator has set for you. - 3. Click **Verify and Continue** - -- Mobile Verification - - 1. On the Second Way Authentication window, select the **Mobile Verification** check box and - click **Continue**. - 2. Type in the last four digit of your mobile number. - 3. Click **Send Code**. - 4. Type the 5 digits access code sent on your mobile phone. - 5. Click **Verify and Continue**. - - If you have not received a code, click **Send Again** and then enter the received code in - the given box. - -- Email Verification - - 1. On the Second Way Authentication window, select the **Email Verification** check box and - click **Continue**. - 2. Complete your email address and click **Send Code**. - 3. In the displayed box, type the 5 digits access code sent to the provided email address. - 4. Click **Verify and Continue**. - - If you have not received a code, click **Send Again** and then enter the received code in - the given box. - -Step 5 – You will be asked to enroll your account as per the multifactor authentication policy -defined for your role. - -On successful enrollment, you are redirected to the Unlock My Account page. Your account is listed -on this page with the check box selected for it. - -Step 6 – Click **Unlock Account**. - -A message that the account has been unlocked successfully is displayed. - -Step 7 – You can now log in to portal with your account and perform the required function. - -### Unlock identity store user accounts (after providing wrong response to authentication types) - enrolled and unenrolled users - -While authenticating on the portal, if enrolled or unenrolled users provide a wrong answer for the -specified number of times, their account gets locked and the following message is displayed: - -![accountlockout](/img/product_docs/directorymanager/11.1/portal/user/manage/accountlockout.webp) - -This type of account unlock can be resolved in one of the following two ways: - -- While logging on to the portal, you provide the correct password for your account. - - OR - -- You wait for the specified duration, after which the account will be unlocked automatically. - -NOTE: Helpdesk cannot unlock accounts that get locked out on providing a wrong response to the -authentication type(s). diff --git a/docs/directorymanager/11.1/portal/user/overview.md b/docs/directorymanager/11.1/portal/user/overview.md deleted file mode 100644 index 58b3b69bfd..0000000000 --- a/docs/directorymanager/11.1/portal/user/overview.md +++ /dev/null @@ -1,39 +0,0 @@ -# User Management - -With Directory Manager, you can: - -- Automate user provisioning and deprovisioning in bulk. See the - [Synchronize](/docs/directorymanager/11.1/portal/synchronize/overview.md) section. -- Establish ownership by defining a clear managerial hierarchy with dotted line management. See the - [Dotted line management](properties/activedirectory/organization.md#dotted-line-management) - section of the [Object properties - Organization tab](/docs/directorymanager/11.1/portal/user/properties/activedirectory/organization.md) - topic. -- Delegate user management to end users by enabling them to: - - - Create and manage users, contacts, and mailboxes in the directory. See the - [ Create User Objects](/docs/directorymanager/11.1/portal/user/create/overview.md) topic. - - Manage their direct reports. See the [Update your Direct Reports](/docs/directorymanager/11.1/portal/user/manage/directreport.md) - topic. - - Update their profiles in the directory. See the - [Validate your profile](/docs/directorymanager/11.1/portal/user/manage/validateprofile.md) topic. - -- Link identical users in different directory services, such as Active Directory and Microsoft Entra - ID. See the [Linked Accounts](/docs/directorymanager/11.1/portal/user/linkedaccounts.md) topic. - -The table below displays the major functions that users can perform in Directory Manager portal. - -| Functions | Description | -| ----------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Create Objects | Create mail-enabled and non-mail-enabled Users, Contact, or Mailbox. | -| Manage your Profile | On the top right corner, view your profile and verify the information. | -| Manage Your Direct Reports | View Users and Contacts that report directly to you. If required, you can modify the properties of your direct reports. | -| Manage Disabled Users | View the list of users that have been disabled or expired. You can modify the properties of the users, extend the time for the expired users and also reinstate any disabled user. | -| View Organizational Hierarchy | Displays the complete hierarchy in graphical form. It displays few attributes of users like email address and profile picture etc. | -| Link Accounts | With accounts in multiple identity stores, you can reset passwords or unlock accounts with Linked Accounts | -| Reset Password | Reset your forgotten or lost passwords. Unenrolled users can reset passwords if Second Way Authentication is enabled. | -| Unlock Account | Unlock your accounts yourself without contacting the Administrator. | -| Change Password | Change your password according to the Password Policy set by the administrator. | -| Validate Your Profile | Validate your profile after a particular time in order to ensure the user information in the directory. | -| User Account Settings | Modify your profile information. Administrators can manage the user information, enable/disable the user, or expire a user. | - -NOTE: The contact object type is not supported in a Microsoft Entra ID based identity store. diff --git a/docs/directorymanager/11.1/portal/user/properties/activedirectory/account.md b/docs/directorymanager/11.1/portal/user/properties/activedirectory/account.md deleted file mode 100644 index 0095a6d0dc..0000000000 --- a/docs/directorymanager/11.1/portal/user/properties/activedirectory/account.md +++ /dev/null @@ -1,20 +0,0 @@ -# User properties - Account tab - -This tab enables administrators to manage the account status and expiry policy of a user. - -Account Expires - -Set the account expiry policy for the user. - -- Never – To set this user account to never expire. This is the default option for new users. -- End Of – To set this user account to expire on a specified date. Use the calendar selector to - enter the expiry date for the user account. - -Account is disabled - -Select this check box to disable the user account, so that the user cannot log-on with it. - -Account is locked out - -This check box will be selected when this user account is locked, for example, due to failed logon -attempts. Clear this check box to unlock the account. diff --git a/docs/directorymanager/11.1/portal/user/properties/activedirectory/advanced.md b/docs/directorymanager/11.1/portal/user/properties/activedirectory/advanced.md deleted file mode 100644 index 93a074364a..0000000000 --- a/docs/directorymanager/11.1/portal/user/properties/activedirectory/advanced.md +++ /dev/null @@ -1,52 +0,0 @@ -# Object properties - Advanced tab - -Use this tab to specify advanced settings for a user/mailbox. - -Home Page - -The URL of the user/mailbox's website. - -Use the Add and Remove buttons to add and remove the URL. - -Emp Type - -The job category of the user/mailbox. - -Emp # - -The employee ID of the user/mailbox. - -Hide from address book - -Indicates whether to hide the user in the messaging provider's address book (such as the Outlook -address book). - -When selected, the user will not be visible in the address book. - -This option is available for user objects only. - -Admin Notes - -Notes by the administrator. - -## For mailbox objects only - -Server - -The server name of the messaging provider where the mailbox resides. - -Recipient - -An email address or mailbox object that should receive the emails sent to the particular mailbox. - -Enter a search string to locate the object to add as a recipient, or click the ellipsis button to -use the [Find Dialog Box](/docs/directorymanager/11.1/portal/search/find.md) for performing a search. - -Deliver messages to both forwarding address and mailbox - -Select the check box to ensure that any email sent to the mailbox is also forwarded to the -object/email specified in the Recipient box. - -- When no recipient is set and this check box is cleared, emails are only sent to the mailbox. -- However, when an email/object is specified in the Recipient box and this check box is cleared, - emails will not be sent to the mailbox but only to the recipient. diff --git a/docs/directorymanager/11.1/portal/user/properties/activedirectory/contact/advanced.md b/docs/directorymanager/11.1/portal/user/properties/activedirectory/contact/advanced.md deleted file mode 100644 index 072a238a49..0000000000 --- a/docs/directorymanager/11.1/portal/user/properties/activedirectory/contact/advanced.md +++ /dev/null @@ -1,21 +0,0 @@ -# Contact properties - Advanced tab - -Use this tab to specify advanced settings for a contact. - -Home Page - -The URL of the contact's website. - -Use the **Add** and **Remove** buttons to add and remove the URL. - -Emp Type - -The job category of the contact. - -Emp # - -The employee ID of the contact. - -Admin Notes - -Notes by the administrator. diff --git a/docs/directorymanager/11.1/portal/user/properties/activedirectory/contact/memberof.md b/docs/directorymanager/11.1/portal/user/properties/activedirectory/contact/memberof.md deleted file mode 100644 index 906952d186..0000000000 --- a/docs/directorymanager/11.1/portal/user/properties/activedirectory/contact/memberof.md +++ /dev/null @@ -1,20 +0,0 @@ -# Contact properties - Member Of tab - -Use this tab to view the groups that the contact is a member of. You can also add and remove this -contact from the membership of groups. - -Member Of - -Displays the groups this contact is a member of. - -Add - -Click it to add the contact to the memberships of one or more groups. - -Enter a search string to locate the required group, or click **Advance** to use the -[Find Dialog Box](/docs/directorymanager/11.1/portal/search/find.md) for performing a search. - -Remove - -Select a group in the Member Of list and click **Remove** to remove the contact from the membership -of that group. diff --git a/docs/directorymanager/11.1/portal/user/properties/activedirectory/contact/overview.md b/docs/directorymanager/11.1/portal/user/properties/activedirectory/contact/overview.md deleted file mode 100644 index fd0a67c361..0000000000 --- a/docs/directorymanager/11.1/portal/user/properties/activedirectory/contact/overview.md +++ /dev/null @@ -1,17 +0,0 @@ -# Overview - -You can view and manipulate the properties of contacts in Active Directory. - -## Contact properties - -Following is the list of all the properties that Contacts have in Active Directory based identity -store. - -- [Object properties - General tab](/docs/directorymanager/11.1/portal/user/properties/activedirectory/general.md) -- [Object properties - Organization tab](/docs/directorymanager/11.1/portal/user/properties/activedirectory/organization.md) -- [Contact properties - Member Of tab](/docs/directorymanager/11.1/portal/user/properties/activedirectory/contact/memberof.md) -- [Object properties - Phone / Notes tab](/docs/directorymanager/11.1/portal/user/properties/activedirectory/phonenote.md) -- [Object properties - Attributes tab](/docs/directorymanager/11.1/portal/group/properties/attributes.md) -- [Object properties - Email tab](/docs/directorymanager/11.1/portal/user/properties/activedirectory/email.md) -- [Contact properties - Advanced tab](/docs/directorymanager/11.1/portal/user/properties/activedirectory/contact/advanced.md) -- [Object properties - History tab](/docs/directorymanager/11.1/portal/group/properties/history.md) diff --git a/docs/directorymanager/11.1/portal/user/properties/activedirectory/email.md b/docs/directorymanager/11.1/portal/user/properties/activedirectory/email.md deleted file mode 100644 index ba974f5915..0000000000 --- a/docs/directorymanager/11.1/portal/user/properties/activedirectory/email.md +++ /dev/null @@ -1,19 +0,0 @@ -# Object properties - Email tab - -Use this tab to view the addresses assigned to this object. - -Addresses - -In case of a mail-enabled object, the messaging provider (such as Microsoft Exchange) assigns -different addresses to it for communication with different repositories (such as Address Book, SIP, -Outlook). These addresses are displayed in this box. - -Subscriptions - -Displays the subscriptions assigned to the mailbox. - -It also lists other subscriptions offered by Office 365 to a mailbox user. Select the check box for -a subscription to assign it to the mailbox. - -The subscription list is displayed for mailbox objects when Office 365 is configured as the -messaging provider for the identity store. diff --git a/docs/directorymanager/11.1/portal/user/properties/activedirectory/entitlement.md b/docs/directorymanager/11.1/portal/user/properties/activedirectory/entitlement.md deleted file mode 100644 index 20d5cf39da..0000000000 --- a/docs/directorymanager/11.1/portal/user/properties/activedirectory/entitlement.md +++ /dev/null @@ -1,43 +0,0 @@ -# Object Properties - Entitlements tab - -Entitlement computes the effective NTFS permissions granted to objects on shared resources residing -on a server in an Active Directory identity store. The Entitlement tab provides an interface for -users to view these permissions. Users can view the permissions granted to a user over files and -folder residing on a server. - -Explicit permissions are assigned to a user. To facilitate permission viewing, do the following: - -- Specify one or more servers in identity store configurations. - - This must be a server in an Active Directory based identity store. - -- Compute all permissions that directory objects have on the shared files and folders on those - server(s). -- View these permissions in the Directory Manager portal. - -## Entitlement job - -An Entitlement schedule is automatically created for an identity store when: - -- A server is added for permission analysis on the **Entitlement** page in an Active Directory - identity store. - - Or - -- A SharePoint site is added for permission analysis on the **Entitlement** page in a Microsoft - Entra ID identity store. - -By default, the schedule runs weekly to compute permissions on shared files and folders residing on -the specified servers (for Active Directory), and the document libraries present in the specified -sites (for SharePoint). It then replicates these permissions to Elasticsearch, enabling users to -view, manage and update these permissions in the Directory Managerportal. - -## Permissions on the Entitlement portal - -You can grant permissions to security roles on the Entitlement section in the Directory Manager -portal. Based on these permissions, role members can performs different actions in the Entitlement -section, such as navigate file servers and SharePoint sites, grant permissions to objects on shared -resources, revoke permissions, and more. - -Entitlement-related permissions for a security role in an identity store are discussed in the -[Entitlement](/docs/directorymanager/11.1/admincenter/securityrole/permissions.md#entitlement) section. diff --git a/docs/directorymanager/11.1/portal/user/properties/activedirectory/general.md b/docs/directorymanager/11.1/portal/user/properties/activedirectory/general.md deleted file mode 100644 index e7bb2d98b2..0000000000 --- a/docs/directorymanager/11.1/portal/user/properties/activedirectory/general.md +++ /dev/null @@ -1,90 +0,0 @@ -# Object properties - General tab - -Use this tab to view or update the general information for a user, mailbox, or contact. - -First name - -The first name of the contact or user. - -Last name - -The last name of the contact or user. - -Initials - -The initials of the user or contact. - -Alias - -The email alias of the user or contact. - -Display name - -The name of the contact or user as it is displayed in the portal. - -Address - -The office address of the user or contact. - -Title - -The job title of the contact or user. - -Company - -The name of the organization where the user or contact works. - -City - -The city, state, zip code, and country where the organization of this user or contact is located. - -The **State** list is populated based on the selection made in the **Country** list. - -Department - -The department in the organization that the user or contact works in. - -State - -The State list is populated based on the selection made in the Country list. - -Office - -The office number of the user or contact. - -Zip - -The zip code of the location where the organization of this user or contact resides. - -Country - -The country where the organization of this user or contact is located. - -Business - -The type of business the contact or user's organization conducts. - -Home page - -The URL of the web page of the user. This field is not available for a contact. - -Exchange Assistant - -The name of the Exchange assistant for the mailbox/contact. Any email sent to the mailbox/contact is -also forwarded to this assistant. - -Enter a search string to locate the object to add as an Exchange assistant, or click **Browse** to -use the [Find Dialog Box](/docs/directorymanager/11.1/portal/search/find.md) for performing a search. - -This field is not available for a user. - -Email - -The email address of the user or contact. - -Photo - -The photo of the user or contact. - -Click the **Edit** icon to launch the Manage Photo dialog box for uploading a photo. The dialog box -also provides many image editing options, including rotate, crop, flip, and re-size. diff --git a/docs/directorymanager/11.1/portal/user/properties/activedirectory/mailbox/advanced.md b/docs/directorymanager/11.1/portal/user/properties/activedirectory/mailbox/advanced.md deleted file mode 100644 index 97f1c53cc9..0000000000 --- a/docs/directorymanager/11.1/portal/user/properties/activedirectory/mailbox/advanced.md +++ /dev/null @@ -1,48 +0,0 @@ -# Mailbox properties - Advanced tab - -Use this tab to configure advanced settings for a user. - -The Server box helps differentiate between a user and a mailbox object. If it displays the name of a -messaging server, the object is a mailbox. If it is empty, the object is a user. - -Home Page - -The URL of the user's website. - -Emp # - -The employee ID of the user. - -Hide from address book - -Indicates whether to hide the user in the messaging provider's address book (such as the Outlook -address book). - -If selected, the user will not be visible in the address book. - -Recipient - -Specify an alternate recipient to receive the emails sent to this user. - -Click the ellipsis button to launch the [Find Dialog Box](/docs/directorymanager/11.1/portal/search/find.md), where you can -search and select the required recipient. - -To remove the alternate recipient, click the **Remove** button. - -Server - -The distinguished name (DN) of the messaging server, such as the Exchange server. - -This field is populated for a 'mailbox' object only. - -Emp Type - -The job category of this user. - -Admin Notes - -Notes by the administrator. - -Deliver messages to both forwarding address and mailbox - -Indicates whether to send every email for this user to the alternate recipient as well. diff --git a/docs/directorymanager/11.1/portal/user/properties/activedirectory/mailbox/overview.md b/docs/directorymanager/11.1/portal/user/properties/activedirectory/mailbox/overview.md deleted file mode 100644 index a2b7980d85..0000000000 --- a/docs/directorymanager/11.1/portal/user/properties/activedirectory/mailbox/overview.md +++ /dev/null @@ -1,21 +0,0 @@ -# Overview - -You can view and manipulate the properties of mailboxes in Active Directory. - -## Mailbox properties - -Following is the list of all the properties that Users and Mailbox Users have in Active Directory -based identity store. - -- [Object properties - General tab](/docs/directorymanager/11.1/portal/user/properties/activedirectory/general.md) -- [Object properties - Organization tab](/docs/directorymanager/11.1/portal/user/properties/activedirectory/organization.md) -- [User properties - Member Of tab](/docs/directorymanager/11.1/portal/user/properties/activedirectory/memberof.md) -- [Object properties - Phone / Notes tab](/docs/directorymanager/11.1/portal/user/properties/activedirectory/phonenote.md) -- [Object properties - Attributes tab](/docs/directorymanager/11.1/portal/group/properties/attributes.md) -- [Object properties - Email tab](/docs/directorymanager/11.1/portal/user/properties/activedirectory/email.md) -- [Mailbox properties - Limits tab](/docs/directorymanager/11.1/portal/user/properties/activedirectory/mailbox/limits.md) -- [Mailbox properties - Advanced tab](/docs/directorymanager/11.1/portal/user/properties/activedirectory/mailbox/advanced.md) -- [User properties - Account tab](/docs/directorymanager/11.1/portal/user/properties/activedirectory/account.md) -- [Mailbox properties - Auto Reply tab](/docs/directorymanager/11.1/portal/user/properties/activedirectory/mailbox/autoreply.md) -- [Object Properties - Entitlements tab](/docs/directorymanager/11.1/portal/user/properties/activedirectory/entitlement.md) -- [Object properties - History tab](/docs/directorymanager/11.1/portal/group/properties/history.md) diff --git a/docs/directorymanager/11.1/portal/user/properties/activedirectory/memberof.md b/docs/directorymanager/11.1/portal/user/properties/activedirectory/memberof.md deleted file mode 100644 index 0954a700aa..0000000000 --- a/docs/directorymanager/11.1/portal/user/properties/activedirectory/memberof.md +++ /dev/null @@ -1,31 +0,0 @@ -# User properties - Member Of tab - -Use this tab to view the groups that the user is a member of. You can also add and remove this user -from the membership of groups. - -The tab displays a list of all groups this user is a member of. - -| Column Name | Description | -| ------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Display Name | Displays the names of the groups this user is a member of. | -| Membership | Indicates whether the user is a temporary or permanent member of the group. - Perpetual – To make the object a permanent member of the group. - Temporary Member – To make the object a temporary member of the group for the period you specify in the Beginning and Ending boxes. At the end of the period, the object is removed from the group membership. - Addition Pending – Indicates that the object will be a temporary member of the group for a period in the future. Use the Beginning and Ending boxes to set a period. Before the beginning date, the object’s membership type is displayed as ‘Addition Pending’. On the beginning date, the membership type changes to ‘Temporary Member’. Example. You add Smith as a temporary member to Group A on May 15 for future dates, May 20-30. Smith will be displayed in Group A’s membership with ‘Addition Pending’ as its membership type from May 15 to 19. However, Smith would not be added to group membership in the provider. On May 20, Smith will become a temporary member of Group A and its membership type will change to ‘Temporary Member’ from May 20 to 30. Smith will also be added to group membership in the provider. After May 30, Smith will be removed from Group A as a member in Directory Manager and in the provider. - Removal Pending - Indicates that the object will be temporarily removed from group membership for a period in the future. Use the Beginning and Ending boxes to set a period. Before the beginning date, the object’s membership type is displayed as ‘Removal Pending’. On the beginning date, the membership type will change to ‘Temporary Removed’. Example. You remove Smith from Group A on May 15 for future dates, May 20-30. Smith will be displayed in Group A’s membership with ‘Removal Pending’ as membership type from May 15 to 19. On May 20, Smith’s membership type in Directory Manager will change to ‘Temporary Removed’; lasting till May 30. However, Smith will be removed from Group A’s membership in the provider. After May 30, Smith will be added back to Group A as a permanent member in Directory Manager and in the provider. - Temporary Removed – Indicates that the object is temporarily removed from group membership for the period specified in the Beginning and Ending boxes. At the end of the period, the object is added back to the group membership as a permanent member. When the user is a perpetual member, the **Membership** column is blank. You cannot change the membership type of the user for any group on the **Member Of** tab. Rather, go to the properties of the specific group and change the user's membership type on the [Group properties - Members tab](/docs/directorymanager/11.1/portal/group/properties/members.md). | -| Beginning | Displays the beginning date of the temporary addition or removal. | -| Ending | Displays the ending date of the temporary addition or removal. | - -For each column in the grid, an item level filter is also available that lets you filter records -based on a criterion. For example; to show groups whose display names start with D, type D in the -box under the Display Name header and press Enter. - -Add - -Click it to add the user to the memberships of one or more groups. - -Enter a search string to locate the required group, or click **Advance** to use the -[Find Dialog Box](/docs/directorymanager/11.1/portal/search/find.md) for performing a search. - -The selected group(s) get listed in the Member Of grid. - -Remove - -Select a group in the Member Of list and click **Remove** to remove the user from the membership of -that group. diff --git a/docs/directorymanager/11.1/portal/user/properties/activedirectory/overview.md b/docs/directorymanager/11.1/portal/user/properties/activedirectory/overview.md deleted file mode 100644 index a970cc5a28..0000000000 --- a/docs/directorymanager/11.1/portal/user/properties/activedirectory/overview.md +++ /dev/null @@ -1,37 +0,0 @@ -# Overview - -You can view and manipulate the properties of directory objects (users, mailboxes, and contacts) in -Active Directory, depending on the permissions the GroupID administrator has granted you. - -## User and Mailbox properties - -Following is the list of all the properties that Users and Mailbox Users have in Active Directory -based identity store. - -- [Object properties - General tab](/docs/directorymanager/11.1/portal/user/properties/activedirectory/general.md) -- [Object properties - Organization tab](/docs/directorymanager/11.1/portal/user/properties/activedirectory/organization.md) -- [User properties - Member Of tab](/docs/directorymanager/11.1/portal/user/properties/activedirectory/memberof.md) -- [Object properties - Phone / Notes tab](/docs/directorymanager/11.1/portal/user/properties/activedirectory/phonenote.md) -- [Object properties - Attributes tab](/docs/directorymanager/11.1/portal/group/properties/attributes.md) -- [Object properties - Email tab](/docs/directorymanager/11.1/portal/user/properties/activedirectory/email.md) -- [Mailbox properties - Limits tab](/docs/directorymanager/11.1/portal/user/properties/activedirectory/mailbox/limits.md) (for mailbox only) -- [Mailbox properties - Advanced tab](/docs/directorymanager/11.1/portal/user/properties/activedirectory/mailbox/advanced.md) (for mailbox only) -- [Object properties - Advanced tab](/docs/directorymanager/11.1/portal/user/properties/activedirectory/advanced.md) -- [User properties - Account tab](/docs/directorymanager/11.1/portal/user/properties/activedirectory/account.md) -- [Mailbox properties - Auto Reply tab](/docs/directorymanager/11.1/portal/user/properties/activedirectory/mailbox/autoreply.md) (for mailbox only) -- [Object Properties - Entitlements tab](/docs/directorymanager/11.1/portal/user/properties/activedirectory/entitlement.md) -- [Object properties - History tab](/docs/directorymanager/11.1/portal/group/properties/history.md) - -## Contact properties - -Following is the list of all the properties that Contacts have in Active Directory based identity -store. - -- [Object properties - General tab](/docs/directorymanager/11.1/portal/user/properties/activedirectory/general.md) -- [Object properties - Organization tab](/docs/directorymanager/11.1/portal/user/properties/activedirectory/organization.md) -- [Contact properties - Member Of tab](/docs/directorymanager/11.1/portal/user/properties/activedirectory/contact/memberof.md) -- [Object properties - Phone / Notes tab](/docs/directorymanager/11.1/portal/user/properties/activedirectory/phonenote.md) -- [Object properties - Attributes tab](/docs/directorymanager/11.1/portal/group/properties/attributes.md) -- [Object properties - Email tab](/docs/directorymanager/11.1/portal/user/properties/activedirectory/email.md) -- [Contact properties - Advanced tab](/docs/directorymanager/11.1/portal/user/properties/activedirectory/contact/advanced.md) -- [Object properties - History tab](/docs/directorymanager/11.1/portal/group/properties/history.md) diff --git a/docs/directorymanager/11.1/portal/user/properties/activedirectory/useroverview.md b/docs/directorymanager/11.1/portal/user/properties/activedirectory/useroverview.md deleted file mode 100644 index 8d1b65bb82..0000000000 --- a/docs/directorymanager/11.1/portal/user/properties/activedirectory/useroverview.md +++ /dev/null @@ -1,19 +0,0 @@ -# Overview - -You can view and manipulate the properties of users in Active Directory. - -## User properties - -Following is the list of all the properties that Users and Mailbox Users have in Active Directory -based identity store. - -- [Object properties - General tab](/docs/directorymanager/11.1/portal/user/properties/activedirectory/general.md) -- [Object properties - Organization tab](/docs/directorymanager/11.1/portal/user/properties/activedirectory/organization.md) -- [User properties - Member Of tab](/docs/directorymanager/11.1/portal/user/properties/activedirectory/memberof.md) -- [Object properties - Phone / Notes tab](/docs/directorymanager/11.1/portal/user/properties/activedirectory/phonenote.md) -- [Object properties - Attributes tab](/docs/directorymanager/11.1/portal/group/properties/attributes.md) -- [Object properties - Email tab](/docs/directorymanager/11.1/portal/user/properties/activedirectory/email.md) -- [Object properties - Advanced tab](/docs/directorymanager/11.1/portal/user/properties/activedirectory/advanced.md) -- [User properties - Account tab](/docs/directorymanager/11.1/portal/user/properties/activedirectory/account.md) -- [Object Properties - Entitlements tab](/docs/directorymanager/11.1/portal/user/properties/activedirectory/entitlement.md) -- [Object properties - History tab](/docs/directorymanager/11.1/portal/group/properties/history.md) diff --git a/docs/directorymanager/11.1/portal/user/properties/azure/directoryrole.md b/docs/directorymanager/11.1/portal/user/properties/azure/directoryrole.md deleted file mode 100644 index 886cd10174..0000000000 --- a/docs/directorymanager/11.1/portal/user/properties/azure/directoryrole.md +++ /dev/null @@ -1,13 +0,0 @@ -# User properties - Directory Role tab - -This tab displays the role assigned to the user/mailbox in Microsoft Entra ID. If required, you can -change the role or modify the permissions assigned to the current role. - -Roles are: Global Administrator, Limited Administrator, and User. - -Directory Roles - -Displays the role assigned to the user on the Microsoft Entra Admin Center. - -To change the user role, click the down arrow for the new role you want to assign, and then select -the check boxes for the role privileges for assignment. diff --git a/docs/directorymanager/11.1/portal/user/properties/azure/jobinfo.md b/docs/directorymanager/11.1/portal/user/properties/azure/jobinfo.md deleted file mode 100644 index f7245d5108..0000000000 --- a/docs/directorymanager/11.1/portal/user/properties/azure/jobinfo.md +++ /dev/null @@ -1,13 +0,0 @@ -# User properties - Job Info tab - -The Job Info tab is similar to the -[Object properties - Organization tab](/docs/directorymanager/11.1/portal/user/properties/activedirectory/organization.md) in user properties, with -the addition of two fields: Title and Department. - -Title - -The job title of the user/mailbox. - -Department - -The department in the organization that the user/mailbox works in. diff --git a/docs/directorymanager/11.1/portal/user/properties/azure/overview.md b/docs/directorymanager/11.1/portal/user/properties/azure/overview.md deleted file mode 100644 index d2f7626732..0000000000 --- a/docs/directorymanager/11.1/portal/user/properties/azure/overview.md +++ /dev/null @@ -1,17 +0,0 @@ -# Overview - -You can view and manipulate the properties of directory objects (users and mailboxes) in Microsoft -Entra ID, depending on the permissions the Directory Manager administrator has granted you. - -## User and Mailbox properties - -Following is the list of all the properties that Users and Mailbox Users have in an Microsoft Entra -ID based identity store. - -- [User properties - Identity tab](/docs/directorymanager/11.1/portal/user/properties/azure/identity.md) -- [User properties - Directory Role tab](/docs/directorymanager/11.1/portal/user/properties/azure/directoryrole.md) -- [User properties - Job Info tab](/docs/directorymanager/11.1/portal/user/properties/azure/jobinfo.md) -- [User properties - Member Of tab](/docs/directorymanager/11.1/portal/user/properties/activedirectory/memberof.md) -- [Object properties - Email tab](/docs/directorymanager/11.1/portal/user/properties/activedirectory/email.md) (for mailbox only) -- [Mailbox properties - Auto Reply tab](/docs/directorymanager/11.1/portal/user/properties/activedirectory/mailbox/autoreply.md) (for mailbox only) -- [Object properties - History tab](/docs/directorymanager/11.1/portal/group/properties/history.md) diff --git a/docs/directorymanager/11.1/portal/user/properties/overview.md b/docs/directorymanager/11.1/portal/user/properties/overview.md deleted file mode 100644 index 706070c03e..0000000000 --- a/docs/directorymanager/11.1/portal/user/properties/overview.md +++ /dev/null @@ -1,68 +0,0 @@ -# User Properties - -You can view and manipulate the properties of directory objects (users, mailboxes, and contacts) in -the connected identity store, depending on the permissions the GroupID administrator has granted -you. - -**You can:** - -- Select the required object and click **Properties** on the toolbar. The object's properties page - is displayed. -- Click **Save** after making any changes in any properties' tab -- Click **Delete** to delete that user, contact, or mailbox. -- Click **Add to Contacts** on the toolbar. The portal creates the direct report's vCard and prompts - you to save it on your machine. You can then use it to add the direct report's email address to - your email contact list. -- Click **Send email** on the toolbar. This launches the default Windows email application for - sending an email to the direct report. -- Click Reset Password to reset the password for the object. -- Click **Organizational Hierarchy** to view the hierarchy of the object. - -## User and Mailbox properties in Active Directory - -Following is the list of all the properties that Users and Mailbox Users have in Active Directory -based identity store. - -- [Object properties - General tab](/docs/directorymanager/11.1/portal/user/properties/activedirectory/general.md) -- [Object properties - Organization tab](/docs/directorymanager/11.1/portal/user/properties/activedirectory/organization.md) -- [User properties - Member Of tab](/docs/directorymanager/11.1/portal/user/properties/activedirectory/memberof.md) -- [Object properties - Phone / Notes tab](/docs/directorymanager/11.1/portal/user/properties/activedirectory/phonenote.md) -- [Object properties - Attributes tab](/docs/directorymanager/11.1/portal/group/properties/attributes.md) -- [Object properties - Email tab](/docs/directorymanager/11.1/portal/user/properties/activedirectory/email.md) -- [Mailbox properties - Limits tab](/docs/directorymanager/11.1/portal/user/properties/activedirectory/mailbox/limits.md) (for mailbox only) -- [Mailbox properties - Advanced tab](/docs/directorymanager/11.1/portal/user/properties/activedirectory/mailbox/advanced.md) (for mailbox only) -- [Object properties - Advanced tab](/docs/directorymanager/11.1/portal/user/properties/activedirectory/advanced.md) -- [User properties - Account tab](/docs/directorymanager/11.1/portal/user/properties/activedirectory/account.md) -- [Mailbox properties - Auto Reply tab](/docs/directorymanager/11.1/portal/user/properties/activedirectory/mailbox/autoreply.md) (for mailbox only) -- [Object Properties - Entitlements tab](/docs/directorymanager/11.1/portal/user/properties/activedirectory/entitlement.md) -- [Object properties - History tab](/docs/directorymanager/11.1/portal/group/properties/history.md) - -## User and Mailbox properties in Microsoft Entra ID - -Following is the list of all the properties that Users and Mailbox Users have in an Microsoft Entra -ID based identity store. - -- [User properties - Identity tab](/docs/directorymanager/11.1/portal/user/properties/azure/identity.md) -- [User properties - Directory Role tab](/docs/directorymanager/11.1/portal/user/properties/azure/directoryrole.md) -- [User properties - Job Info tab](/docs/directorymanager/11.1/portal/user/properties/azure/jobinfo.md) -- [User properties - Contact Info tab](/docs/directorymanager/11.1/portal/user/properties/azure/contactinfo.md) -- [User properties - Member Of tab](/docs/directorymanager/11.1/portal/user/properties/activedirectory/memberof.md) -- [Object properties - Email tab](/docs/directorymanager/11.1/portal/user/properties/activedirectory/email.md) (for mailbox only) -- [Mailbox properties - Auto Reply tab](/docs/directorymanager/11.1/portal/user/properties/activedirectory/mailbox/autoreply.md) (for mailbox only) -- [Object properties - History tab](/docs/directorymanager/11.1/portal/group/properties/history.md) - -## Contact properties - -Following is the list of all the properties that Contacts have in Active Directory based identity -store. - -NOTE: Contact object is not supported in Microsoft Entra ID. - -- [Object properties - General tab](/docs/directorymanager/11.1/portal/user/properties/activedirectory/general.md) -- [Object properties - Organization tab](/docs/directorymanager/11.1/portal/user/properties/activedirectory/organization.md) -- [Contact properties - Member Of tab](/docs/directorymanager/11.1/portal/user/properties/activedirectory/contact/memberof.md) -- [Object properties - Phone / Notes tab](/docs/directorymanager/11.1/portal/user/properties/activedirectory/phonenote.md) -- [Object properties - Attributes tab](/docs/directorymanager/11.1/portal/group/properties/attributes.md) -- [Object properties - Email tab](/docs/directorymanager/11.1/portal/user/properties/activedirectory/email.md) -- [Contact properties - Advanced tab](/docs/directorymanager/11.1/portal/user/properties/activedirectory/contact/advanced.md) -- [Object properties - History tab](/docs/directorymanager/11.1/portal/group/properties/history.md) diff --git a/docs/directorymanager/11.1/portal/welcome.md b/docs/directorymanager/11.1/portal/welcome.md deleted file mode 100644 index 64cb4aa960..0000000000 --- a/docs/directorymanager/11.1/portal/welcome.md +++ /dev/null @@ -1,34 +0,0 @@ -# Welcome to the Portal - -A Directory Manager portal represents a virtual link with the directory. Using it, users can do the -following in an identity store: - -- Search the directory. -- Perform group management tasks, such as create and update their groups, join/leave a group, attest - an expiring group, group expiry and renew an expired group , and more. -- Carry out user management tasks, such as create, update, and delete users in the directory. Users - can maintain and update their profiles, change password, manage their profile, direct reports, and - more. -- Synchronize data between a source and a destination, such as directories, files, and databases. -- Manage user and group entitlements to shared resources on file servers and SharePoint sites. -- Approve and deny workflow requests. -- Generate hundreds of insightful reports on Active Directory, Microsoft Entra ID, Exchange, and - Office 365 objects (groups, users, mailboxes, contacts, computers, and servers). -- View history data for directory objects that are created, updated, or deleted in the directory - using Directory Manager. - -Delegating group and user management tasks to end-users reduces the workload on IT administrators -and helpdesk, as users are empowered to manage their groups and direct reports without assistance -from an administrator. Moreover, when users maintain and update their profile information, data is -more accurate and reliable. - -Administrators can maintain complete control over data integrity, as they can implement fine-grained -controls and policies that determine what users can view and change using the GroupID portal. They -can also define workflows for an identity store, that serve as a built-in auditing system to ensure -that users enter correct data before changes are committed to the directory. - -A Directory Manager portal can be linked with multiple identity stores, thus eliminating the need to -create a separate portal for each identity store. Users can select an identity store to log in. - -NOTE: Since the administrator can customize the portal for different identity stores and for -different user roles within an identity stores, you may not have access to all portal features. diff --git a/docs/directorymanager/11.1/requirements/_category_.json b/docs/directorymanager/11.1/requirements/_category_.json new file mode 100644 index 0000000000..8a00596580 --- /dev/null +++ b/docs/directorymanager/11.1/requirements/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Requirements", + "position": 20, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/directorymanager/11.1/requirements/database.md b/docs/directorymanager/11.1/requirements/database.md index c8f86f9a5b..8fdf72dbc7 100644 --- a/docs/directorymanager/11.1/requirements/database.md +++ b/docs/directorymanager/11.1/requirements/database.md @@ -1,3 +1,9 @@ +--- +title: "Database Requirements" +description: "Database Requirements" +sidebar_position: 40 +--- + # Database Requirements Directory Manager requires an SQL Server database to store and retrieve data. The SQL database may diff --git a/docs/directorymanager/11.1/requirements/exchangeservers.md b/docs/directorymanager/11.1/requirements/exchangeservers.md index 891ac6ea2c..90a5990bdb 100644 --- a/docs/directorymanager/11.1/requirements/exchangeservers.md +++ b/docs/directorymanager/11.1/requirements/exchangeservers.md @@ -1,3 +1,9 @@ +--- +title: "Supported Microsoft Exchange Servers" +description: "Supported Microsoft Exchange Servers" +sidebar_position: 30 +--- + # Supported Microsoft Exchange Servers Directory Manager supports the following Microsoft Exchange Servers: diff --git a/docs/directorymanager/11.1/requirements/hardware.md b/docs/directorymanager/11.1/requirements/hardware.md index 49c377592a..76fb170df7 100644 --- a/docs/directorymanager/11.1/requirements/hardware.md +++ b/docs/directorymanager/11.1/requirements/hardware.md @@ -1,3 +1,9 @@ +--- +title: "Hardware Requirements" +description: "Hardware Requirements" +sidebar_position: 10 +--- + # Hardware Requirements Minimum hardware requirements for Directory Manager are: diff --git a/docs/directorymanager/11.1/requirements/overview.md b/docs/directorymanager/11.1/requirements/overview.md index 09561b29b6..fea454d094 100644 --- a/docs/directorymanager/11.1/requirements/overview.md +++ b/docs/directorymanager/11.1/requirements/overview.md @@ -1,3 +1,9 @@ +--- +title: "Requirements" +description: "Requirements" +sidebar_position: 20 +--- + # Requirements This page lists the hardware, operating system, MS Exchange, and database required to run Directory @@ -8,7 +14,7 @@ Manager 11.1. The prerequisites may vary depending on your environment. - [Supported Microsoft Exchange Servers](/docs/directorymanager/11.1/requirements/exchangeservers.md) - [Database Requirements](/docs/directorymanager/11.1/requirements/database.md) -Prior to installation, the [Preparation Tool](/docs/directorymanager/11.1/install/installer/preparationtool.md) installs the +Prior to installation, the [Preparation Tool](/docs/directorymanager/11.1/about/installer/preparationtool.md) installs the required software and Windows features. See the -[What does the Preparation Tool Install](/docs/directorymanager/11.1/install/installer/whatprepinstall.md) topic for the list +[What does the Preparation Tool Install](/docs/directorymanager/11.1/about/installer/whatprepinstall.md) topic for the list of components the tool installs. diff --git a/docs/directorymanager/11.1/requirements/permissions/_category_.json b/docs/directorymanager/11.1/requirements/permissions/_category_.json new file mode 100644 index 0000000000..7f8c9ad4fa --- /dev/null +++ b/docs/directorymanager/11.1/requirements/permissions/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Service Account Permissions", + "position": 60, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/directorymanager/11.1/requirements/permissions/adserviceaccount.md b/docs/directorymanager/11.1/requirements/permissions/adserviceaccount.md index 62679516d4..c9c93e98a7 100644 --- a/docs/directorymanager/11.1/requirements/permissions/adserviceaccount.md +++ b/docs/directorymanager/11.1/requirements/permissions/adserviceaccount.md @@ -1,3 +1,9 @@ +--- +title: "Service Account for Active Directory and Exchange" +description: "Service Account for Active Directory and Exchange" +sidebar_position: 10 +--- + # Service Account for Active Directory and Exchange You must have a service account to connect an identity store to an Active Directory domain. @@ -148,12 +154,12 @@ Add-RoleGroupMember "Recipient Management" -Member domain name\user ## SQL Server Account and Database Permissions -See the [Authentication Modes](/docs/directorymanager/11.1/requirements/setupauthentication.md) topic for information about the roles and +See the [Authentication Modes](/docs/directorymanager/11.1/about/configure/setupauthentication.md) topic for information about the roles and permissions the SQL server and database accounts must have for -[SQL Server Authentication](/docs/directorymanager/11.1/requirements/setupauthentication.md#sql-server-authentication) mode and for -[Windows Authentication](/docs/directorymanager/11.1/requirements/setupauthentication.md#windows-authentication) mode. +[SQL Server Authentication](/docs/directorymanager/11.1/about/configure/setupauthentication.md#sql-server-authentication) mode and for +[Windows Authentication](/docs/directorymanager/11.1/about/configure/setupauthentication.md#windows-authentication) mode. **See Also** -- [Create an Identity Store](/docs/directorymanager/11.1/admincenter/identitystore/create.md) -- [Manage an Identity Store](/docs/directorymanager/11.1/admincenter/identitystore/manage.md) +- [Create an Identity Store](/docs/directorymanager/11.1/signin/identitystore/create.md) +- [Manage an Identity Store](/docs/directorymanager/11.1/signin/identitystore/manage.md) diff --git a/docs/directorymanager/11.1/requirements/permissions/gmsarequirements.md b/docs/directorymanager/11.1/requirements/permissions/gmsarequirements.md index 4ebe9a15a1..1bcb3dcb5c 100644 --- a/docs/directorymanager/11.1/requirements/permissions/gmsarequirements.md +++ b/docs/directorymanager/11.1/requirements/permissions/gmsarequirements.md @@ -1,3 +1,9 @@ +--- +title: "gMSA for Active Directory" +description: "gMSA for Active Directory" +sidebar_position: 20 +--- + # gMSA for Active Directory Directory Manager enables you to use a Group Managed Service Account (gMSA) to connect an Active @@ -53,4 +59,4 @@ NOTE: Restart the Directory Manager server if you apply any of the above. **See Also** -- [Manage an Identity Store](/docs/directorymanager/11.1/admincenter/identitystore/manage.md) +- [Manage an Identity Store](/docs/directorymanager/11.1/signin/identitystore/manage.md) diff --git a/docs/directorymanager/11.1/requirements/permissions/overview.md b/docs/directorymanager/11.1/requirements/permissions/overview.md index ea752b59bc..a6f82d6a3a 100644 --- a/docs/directorymanager/11.1/requirements/permissions/overview.md +++ b/docs/directorymanager/11.1/requirements/permissions/overview.md @@ -1,3 +1,9 @@ +--- +title: "Service Account Permissions" +description: "Service Account Permissions" +sidebar_position: 60 +--- + # Service Account Permissions To connect an Active Directory identity store to a domain, you must use a service account with diff --git a/docs/directorymanager/11.1/requirements/sqlcertificate.md b/docs/directorymanager/11.1/requirements/sqlcertificate.md index c1d1d6abaf..95956adb19 100644 --- a/docs/directorymanager/11.1/requirements/sqlcertificate.md +++ b/docs/directorymanager/11.1/requirements/sqlcertificate.md @@ -1,3 +1,9 @@ +--- +title: "SQL Certificate for Windows Authentication" +description: "SQL Certificate for Windows Authentication" +sidebar_position: 50 +--- + # SQL Certificate for Windows Authentication Directory Manager now uses .NetCore 8 and it requires a SQL certificate to access SQL database using diff --git a/docs/directorymanager/11.1/requirements/windowsserver.md b/docs/directorymanager/11.1/requirements/windowsserver.md index 6507df87b6..0b2408099e 100644 --- a/docs/directorymanager/11.1/requirements/windowsserver.md +++ b/docs/directorymanager/11.1/requirements/windowsserver.md @@ -1,3 +1,9 @@ +--- +title: "Microsoft Windows Servers Requirements" +description: "Microsoft Windows Servers Requirements" +sidebar_position: 20 +--- + # Microsoft Windows Servers Requirements Directory Manager supports the following Microsoft Windows Servers: diff --git a/docs/directorymanager/11.1/signin/_category_.json b/docs/directorymanager/11.1/signin/_category_.json new file mode 100644 index 0000000000..12c7ca2b85 --- /dev/null +++ b/docs/directorymanager/11.1/signin/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Access Admin Center", + "position": 40, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "signin" + } +} \ No newline at end of file diff --git a/docs/directorymanager/11.1/signin/applications/_category_.json b/docs/directorymanager/11.1/signin/applications/_category_.json new file mode 100644 index 0000000000..9b14491f8a --- /dev/null +++ b/docs/directorymanager/11.1/signin/applications/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Directory Manage Applications", + "position": 120, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "applications" + } +} \ No newline at end of file diff --git a/docs/directorymanager/11.1/signin/applications/admincenter.md b/docs/directorymanager/11.1/signin/applications/admincenter.md new file mode 100644 index 0000000000..72787dce96 --- /dev/null +++ b/docs/directorymanager/11.1/signin/applications/admincenter.md @@ -0,0 +1,69 @@ +--- +title: "Admin Center" +description: "Admin Center" +sidebar_position: 10 +--- + +# Admin Center + +Admin Center enables administrators to configure settings that are used by different functions of +the application and manage Directory Manager clients. + +When multiple instances of Directory Manager are deployed, a separate Admin Center application is +created for each instance in native IIS. + +## View Admin Center Hosting Details + +Follow the steps to view Admin Center Hosting details. + +Step 1 – In Admin Center, click **Applications** in the left pane. + +Step 2 – On the Applications page, click the **Admin Center** tab. +The tab displays Admin Center hosted in native IIS. When multiple Directory Manager instances have +been deployed, you will find multiple Admin Center cards on this tab page, each card representing a +separate instance. See the +[Elasticsearch Clusters, Nodes, and Directory Manager](/docs/directorymanager/11.1/signin/service/overview.md#elasticsearch-clusters-nodes-and-directory-manager) +topic. +For details displayed on an Admin Center card, see the table in the +[View Data Service Details](/docs/directorymanager/11.1/signin/service/dataservice/manage.md#view-data-service-details) topic for additional +information. + +You cannot create an Admin Center application or delete an existing one from Admin Center tab. + +## Launch Admin Center + +Follow the steps to launch Admin Center. + +Step 1 – In Admin Center, click **Applications** in the left pane. + +Step 2 – On the Admin Center tab, click **Launch Application** on an Admin Center card. +Provide the Admin Center URL to admin and helpdesk users so they can access it. You can either copy +the URL from the address bar or from Admin Center deployment settings. See the See the +[View the Launch URL for a Service](/docs/directorymanager/11.1/signin/service/dataservice/manage.md#view-the-launch-url-for-a-service) topic. + +## Change the Application Display Name + +To change the display name of the Admin Center application, see the +[Change a Service’s Display Name](/docs/directorymanager/11.1/signin/service/dataservice/manage.md#change-a-services-display-name) topic. +Replace references to the service with Admin Center. + +## View Deployment Settings + +You can view deployment settings for Admin Center, such as the IIS site that hosts it, the IIS +Application name given to it, and the URL to launch it. + +Follow the steps to view deployment settings. + +Step 1 – In Admin Center, click **Applications** in the left pane. + +Step 2 – On the Admin Center tab, click the ellipsis button on an Admin Center card and select +**Settings**. + +Step 3 – Click **Deployments** under Server Settings. The Deployment Settings page is displayed, +where you can view Admin Center deployment details in native IIS. + +## Configure Event Logging + +To configure file logging and Windows logging for Admin Center, see the +[Specify Log Settings for a Service](/docs/directorymanager/11.1/signin/service/dataservice/manage.md#specify-log-settings-for-a-service) topic +for additional information. diff --git a/docs/directorymanager/11.1/signin/applications/applications.md b/docs/directorymanager/11.1/signin/applications/applications.md new file mode 100644 index 0000000000..e104bfcdd6 --- /dev/null +++ b/docs/directorymanager/11.1/signin/applications/applications.md @@ -0,0 +1,22 @@ +--- +title: "Directory Manage Applications" +description: "Directory Manage Applications" +sidebar_position: 120 +--- + +# Directory Manage Applications + +Using Admin Center, you can create and manage the following Directory Manager applications: + +- [ Directory Manager Portal](/docs/directorymanager/11.1/signin/applications/portal/overview.md) +- [Data Service](/docs/directorymanager/11.1/signin/service/dataservice/overview.md) +- [Security Service](/docs/directorymanager/11.1/signin/service/securityservice/overview.md) + +Moreover, you can manage some basic deployment and log settings for the following applications: + +- [Admin Center](/docs/directorymanager/11.1/signin/applications/admincenter.md) +- [Replication Service](/docs/directorymanager/11.1/signin/service/replicationservice.md) +- [Email Service](/docs/directorymanager/11.1/signin/service/emailservice.md) +- [Scheduler Service](/docs/directorymanager/11.1/signin/service/schedulerservice.md) + +See the [Services](/docs/directorymanager/11.1/signin/service/overview.md) topic for additional information. diff --git a/docs/directorymanager/11.1/admincenter/portal/dockerprerequisites.md b/docs/directorymanager/11.1/signin/applications/dockerprerequisites.md similarity index 92% rename from docs/directorymanager/11.1/admincenter/portal/dockerprerequisites.md rename to docs/directorymanager/11.1/signin/applications/dockerprerequisites.md index ba3ba06cd2..543efff59c 100644 --- a/docs/directorymanager/11.1/admincenter/portal/dockerprerequisites.md +++ b/docs/directorymanager/11.1/signin/applications/dockerprerequisites.md @@ -1,3 +1,9 @@ +--- +title: "Prerequisites for Deployments in Docker" +description: "Prerequisites for Deployments in Docker" +sidebar_position: 40 +--- + # Prerequisites for Deployments in Docker To deploy the Directory Manager applications in Docker, make sure you have a running instance of @@ -95,5 +101,5 @@ Select a container and click **Inspect** to view its details. **See Also** -- [Directory Manage Applications](/docs/directorymanager/11.1/admincenter/portal/applications.md) -- [ Directory Manager Portal](/docs/directorymanager/11.1/admincenter/portal/overview.md) +- [Directory Manage Applications](/docs/directorymanager/11.1/signin/applications/applications.md) +- [ Directory Manager Portal](/docs/directorymanager/11.1/signin/applications/portal/overview.md) diff --git a/docs/directorymanager/11.1/signin/applications/portal/_category_.json b/docs/directorymanager/11.1/signin/applications/portal/_category_.json new file mode 100644 index 0000000000..0deeb77e3d --- /dev/null +++ b/docs/directorymanager/11.1/signin/applications/portal/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Directory Manager Portal", + "position": 20, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/directorymanager/11.1/signin/applications/portal/categories/_category_.json b/docs/directorymanager/11.1/signin/applications/portal/categories/_category_.json new file mode 100644 index 0000000000..65a7dcd192 --- /dev/null +++ b/docs/directorymanager/11.1/signin/applications/portal/categories/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Display Type Categories", + "position": 40, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "categories" + } +} \ No newline at end of file diff --git a/docs/directorymanager/11.1/admincenter/portal/displaytype/categories.md b/docs/directorymanager/11.1/signin/applications/portal/categories/categories.md similarity index 92% rename from docs/directorymanager/11.1/admincenter/portal/displaytype/categories.md rename to docs/directorymanager/11.1/signin/applications/portal/categories/categories.md index 85501c1923..06e744ffac 100644 --- a/docs/directorymanager/11.1/admincenter/portal/displaytype/categories.md +++ b/docs/directorymanager/11.1/signin/applications/portal/categories/categories.md @@ -1,3 +1,9 @@ +--- +title: "Display Type Categories" +description: "Display Type Categories" +sidebar_position: 40 +--- + # Display Type Categories Using display types, you can publish fields in a Directory Manager portal to capture and view data. @@ -6,7 +12,7 @@ A field can be anything from a text box to a drop-down list to a check box, depe type linked to it. You must also link each field to a schema attribute in the directory. Users can use the fields in a portal to add and update values for the respective attributes. -See the [Design a Portal with Display Types](/docs/directorymanager/11.1/admincenter/portal/displaytype/overview.md) topic fr additional information. +See the [Design a Portal with Display Types](/docs/directorymanager/11.1/signin/applications/portal/displaytype/overview.md) topic fr additional information. ## Schema Attributes and Display Types @@ -45,7 +51,7 @@ You can link a basic display type to a schema attribute straight away. Basic dis Use it to collect and display a single value for an attribute. You can link it directly to a schema attribute. However, to apply additional rules to it, such as assigning a default value or implementing a regular expression to validate the data entered, you must create a custom display - type from this basic type. See the [Text Box Display Type](/docs/directorymanager/11.1/admincenter/portal/displaytype/textbox.md) topic. + type from this basic type. See the [Text Box Display Type](/docs/directorymanager/11.1/signin/applications/portal/categories/textbox.md) topic. - **Password** @@ -114,7 +120,7 @@ Some applications of display type are: phone number and fax number. The default portal template uses several predefined custom display types. See the -[Define Custom Display Types](/docs/directorymanager/11.1/admincenter/portal/displaytype/custom.md) topic to add more display types as needed. +[Define Custom Display Types](/docs/directorymanager/11.1/signin/applications/portal/categories/custom.md) topic to add more display types as needed. The **Custom Display Types** page in a portal’s design settings lists all the predefined custom display types and any custom display types you may have added. diff --git a/docs/directorymanager/11.1/signin/applications/portal/categories/custom.md b/docs/directorymanager/11.1/signin/applications/portal/categories/custom.md new file mode 100644 index 0000000000..4eb887a147 --- /dev/null +++ b/docs/directorymanager/11.1/signin/applications/portal/categories/custom.md @@ -0,0 +1,55 @@ +--- +title: "Define Custom Display Types" +description: "Define Custom Display Types" +sidebar_position: 10 +--- + +# Define Custom Display Types + +In Directory Manager, several predefined custom display types are used in the default portal +template. To customize the portal, you can use the predefined custom display types as well as define +new ones. + +- [Text Box Display Type](/docs/directorymanager/11.1/signin/applications/portal/categories/textbox.md) +- [Drop-down List Display Type](/docs/directorymanager/11.1/signin/applications/portal/categories/dropdownlist.md) +- [Linked Field Drop-down List Display Type](/docs/directorymanager/11.1/signin/applications/portal/categories/linkeddropdown.md) +- [Image Display Type](/docs/directorymanager/11.1/signin/applications/portal/categories/image.md) +- [Grid Display Type](/docs/directorymanager/11.1/signin/applications/portal/categories/grid.md) +- [Radio Button Display Type](/docs/directorymanager/11.1/signin/applications/portal/categories/radio.md) +- [Multiline Textbox Display Type](/docs/directorymanager/11.1/signin/applications/portal/categories/multilinetextbox.md) +- [Multi-Valued Control Display Type](/docs/directorymanager/11.1/signin/applications/portal/categories/multivaluedcontrol.md) +- [Linked Combo Display Type](/docs/directorymanager/11.1/signin/applications/portal/categories/linkedcombo/overview.md) + +## How to Implement Display Types + +On the Search Forms, Properties, Create Object, and Property Validation pages in a portal’s design +settings, select a schema attribute and a display type to link them. + +On linking, the display type is rendered on the portal’s page; enabling users to view or specify a +value for the linked attribute. + +## Delete a Custom Display Type + +You can delete custom display types, including linked combos. + +NOTE: You cannot delete a custom display type that has been linked to a field in the portal. + +To delete a custom display type: + +1. In Admin Center, select **Applications** in the left pane. + On the **GroupID Portal** tab, a portal's card displays its info. +2. Click the ellipsis button for a portal and select **Settings**. +3. Select an identity store under **Design Settings** to delete a custom display type for it. + All identity stores associated with the portal are listed under **Design Settings**. You can + design a different portal for each of these. +4. Click **Custom Display Types** in the left pane. + + - On the **Simple Types** tab, click **Delete** for a custom display type to delete it. + - On the **Linked Combo Types** tab, click **Delete** for a linked combo to delete it. + +5. Click **Save**. + +**See Also** + +- [Design a Portal with Display Types](/docs/directorymanager/11.1/signin/applications/portal/displaytype/overview.md) +- [Display Type Categories](/docs/directorymanager/11.1/signin/applications/portal/categories/categories.md) diff --git a/docs/directorymanager/11.1/admincenter/portal/displaytype/dropdownlist.md b/docs/directorymanager/11.1/signin/applications/portal/categories/dropdownlist.md similarity index 90% rename from docs/directorymanager/11.1/admincenter/portal/displaytype/dropdownlist.md rename to docs/directorymanager/11.1/signin/applications/portal/categories/dropdownlist.md index fc8f3dc520..9e32430173 100644 --- a/docs/directorymanager/11.1/admincenter/portal/displaytype/dropdownlist.md +++ b/docs/directorymanager/11.1/signin/applications/portal/categories/dropdownlist.md @@ -1,3 +1,9 @@ +--- +title: "Drop-down List Display Type" +description: "Drop-down List Display Type" +sidebar_position: 30 +--- + # Drop-down List Display Type Use the drop-down list display type to give portal users a list of options to select from. @@ -46,7 +52,7 @@ A few drop-down list display types used in the default portal template are: database attribute.) 3. In the **Visibility** drop-down list, select a security role. The value in the drop-down list will be visible to users of this role and roles with a priority value higher than this role. - See [Priority](/docs/directorymanager/11.1/admincenter/securityrole/manage.md). + See [Priority](/docs/directorymanager/11.1/signin/securityrole/manage.md). Select _Never_ to hide the value from all users. 4. Click **OK**. The value is listed in the **Values** area, represented by its display text. @@ -63,6 +69,6 @@ A few drop-down list display types used in the default portal template are: **See Also** -- [Design a Portal with Display Types](/docs/directorymanager/11.1/admincenter/portal/displaytype/overview.md) -- [Display Type Categories](/docs/directorymanager/11.1/admincenter/portal/displaytype/categories.md) -- [Define Custom Display Types](/docs/directorymanager/11.1/admincenter/portal/displaytype/custom.md) +- [Design a Portal with Display Types](/docs/directorymanager/11.1/signin/applications/portal/displaytype/overview.md) +- [Display Type Categories](/docs/directorymanager/11.1/signin/applications/portal/categories/categories.md) +- [Define Custom Display Types](/docs/directorymanager/11.1/signin/applications/portal/categories/custom.md) diff --git a/docs/directorymanager/11.1/admincenter/portal/displaytype/grid.md b/docs/directorymanager/11.1/signin/applications/portal/categories/grid.md similarity index 94% rename from docs/directorymanager/11.1/admincenter/portal/displaytype/grid.md rename to docs/directorymanager/11.1/signin/applications/portal/categories/grid.md index 9ae0a0f49b..9256af6ca3 100644 --- a/docs/directorymanager/11.1/admincenter/portal/displaytype/grid.md +++ b/docs/directorymanager/11.1/signin/applications/portal/categories/grid.md @@ -1,3 +1,9 @@ +--- +title: "Grid Display Type" +description: "Grid Display Type" +sidebar_position: 60 +--- + # Grid Display Type Use a grid display type to display data in tabular form in the portal. This is especially helpful @@ -104,6 +110,6 @@ A few grid display types used in the default portal template are: **See Also** -- [Design a Portal with Display Types](/docs/directorymanager/11.1/admincenter/portal/displaytype/overview.md) -- [Display Type Categories](/docs/directorymanager/11.1/admincenter/portal/displaytype/categories.md) -- [Define Custom Display Types](/docs/directorymanager/11.1/admincenter/portal/displaytype/custom.md) +- [Design a Portal with Display Types](/docs/directorymanager/11.1/signin/applications/portal/displaytype/overview.md) +- [Display Type Categories](/docs/directorymanager/11.1/signin/applications/portal/categories/categories.md) +- [Define Custom Display Types](/docs/directorymanager/11.1/signin/applications/portal/categories/custom.md) diff --git a/docs/directorymanager/11.1/admincenter/portal/displaytype/image.md b/docs/directorymanager/11.1/signin/applications/portal/categories/image.md similarity index 91% rename from docs/directorymanager/11.1/admincenter/portal/displaytype/image.md rename to docs/directorymanager/11.1/signin/applications/portal/categories/image.md index 930ba51f9a..8e3a8d2083 100644 --- a/docs/directorymanager/11.1/admincenter/portal/displaytype/image.md +++ b/docs/directorymanager/11.1/signin/applications/portal/categories/image.md @@ -1,3 +1,9 @@ +--- +title: "Image Display Type" +description: "Image Display Type" +sidebar_position: 50 +--- + # Image Display Type Use the image display type for schema attributes of the user object type that can store image data. @@ -50,6 +56,6 @@ photos. **See Also** -- [Design a Portal with Display Types](/docs/directorymanager/11.1/admincenter/portal/displaytype/overview.md) -- [Display Type Categories](/docs/directorymanager/11.1/admincenter/portal/displaytype/categories.md) -- [Define Custom Display Types](/docs/directorymanager/11.1/admincenter/portal/displaytype/custom.md) +- [Design a Portal with Display Types](/docs/directorymanager/11.1/signin/applications/portal/displaytype/overview.md) +- [Display Type Categories](/docs/directorymanager/11.1/signin/applications/portal/categories/categories.md) +- [Define Custom Display Types](/docs/directorymanager/11.1/signin/applications/portal/categories/custom.md) diff --git a/docs/directorymanager/11.1/signin/applications/portal/categories/linkedcombo/_category_.json b/docs/directorymanager/11.1/signin/applications/portal/categories/linkedcombo/_category_.json new file mode 100644 index 0000000000..bff4d680b4 --- /dev/null +++ b/docs/directorymanager/11.1/signin/applications/portal/categories/linkedcombo/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Linked Combo Display Type", + "position": 100, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/directorymanager/11.1/signin/applications/portal/categories/linkedcombo/details.md b/docs/directorymanager/11.1/signin/applications/portal/categories/linkedcombo/details.md new file mode 100644 index 0000000000..c4b0c151ff --- /dev/null +++ b/docs/directorymanager/11.1/signin/applications/portal/categories/linkedcombo/details.md @@ -0,0 +1,36 @@ +--- +title: "Linked Combo Type - Details" +description: "Linked Combo Type - Details" +sidebar_position: 10 +--- + +# Linked Combo Type - Details + +Enter the following details about the linked combo on the **Details** page of the **Linked Combo +Display Type** wozard: + +1. Enter a name for the linked combo in the **Linked Combo Name** box. + You cannot change the name of a custom display type once you have created it. +2. Next, specify the data source for the linked combo. You can either use an already uploaded file + or upload a new one. + + - Use the **Available Data Sources** drop-down list to select an already uploaded file. This may + be required, for example, when your source file contains the data and relationships for + several fields, and you want to manage those relationships using multiple linked combos rather + than one combo. Hence the need to upload the same file for multiple linked combos. + The list displays all the data source files previously used to create linked combos for this + portal. To export a file, select it and click **Export**. The file is saved to the download + location set in your browser settings. + - To upload a new file, click **Browse** next to the **File Name** box and select the XML or + Microsoft Excel file containing the data to populate the linked combo and the display types + linked to it. + + If the source file is a Microsoft Excel (.xls or .xlsx) file, Directory Manager automatically + creates its XML version to process it. To learn about the Excel file format, see the + [Excel Data File Format](/docs/directorymanager/11.1/signin/applications/portal/categories/linkedcombo/fileformat.md) topic. + +3. Click **Next**. + +See Also + +- [Linked Combo Display Type](/docs/directorymanager/11.1/signin/applications/portal/categories/linkedcombo/overview.md) diff --git a/docs/directorymanager/11.1/admincenter/portal/linkedcombo/fileformat.md b/docs/directorymanager/11.1/signin/applications/portal/categories/linkedcombo/fileformat.md similarity index 93% rename from docs/directorymanager/11.1/admincenter/portal/linkedcombo/fileformat.md rename to docs/directorymanager/11.1/signin/applications/portal/categories/linkedcombo/fileformat.md index eafc88dcc4..105755ca5e 100644 --- a/docs/directorymanager/11.1/admincenter/portal/linkedcombo/fileformat.md +++ b/docs/directorymanager/11.1/signin/applications/portal/categories/linkedcombo/fileformat.md @@ -1,3 +1,9 @@ +--- +title: "Excel Data File Format" +description: "Excel Data File Format" +sidebar_position: 30 +--- + # Excel Data File Format The following table explains the rules for the Microsoft Excel workbook to use for the linked combo @@ -12,4 +18,4 @@ display type: See Also -- [Linked Combo Display Type](/docs/directorymanager/11.1/admincenter/portal/linkedcombo/overview.md) +- [Linked Combo Display Type](/docs/directorymanager/11.1/signin/applications/portal/categories/linkedcombo/overview.md) diff --git a/docs/directorymanager/11.1/signin/applications/portal/categories/linkedcombo/overview.md b/docs/directorymanager/11.1/signin/applications/portal/categories/linkedcombo/overview.md new file mode 100644 index 0000000000..de2b1c5251 --- /dev/null +++ b/docs/directorymanager/11.1/signin/applications/portal/categories/linkedcombo/overview.md @@ -0,0 +1,179 @@ +--- +title: "Linked Combo Display Type" +description: "Linked Combo Display Type" +sidebar_position: 100 +--- + +# Linked Combo Display Type + +A linked combo is a custom display type that you can link to other display types on a portal page. +When a user selects a value from a linked combo, the values for the display types linked to it are +populated accordingly. A common application of the linked combo involves the _country, state_, and +_city_ fields. When a user selects a country, the _state_ field changes to display the states in +that country. On selecting a state, the city field displays the cities in that state. + +In the default portal template, one linked combo display type _CountryState_ is defined, that +establishes a relationship between the country and state fields. Selecting a country populates the +_State_ list. + +A linked combo display type also allows for more complex linking between fields, such as would be +needed to link the office, city, state, and country fields. Relationships can be extended to any +level. You can define one linked combo display type to manage these relationships, or simplify the +task by defining multiple combos, for example: + +- The first linked combo establishes a relationship between the country and state fields. +- The second linked combo establishes a relationship between the state and city fields. +- The third establishes a relationship between the city and office fields. + +Before creating a linked combo, you must create and maintain an external data file containing the +data and relationships for the required fields. The data source file is used to populate the linked +combo and the fields linked to it. + +NOTE: When defining a linked combo, consider the following: + +- You can define multiple linked combos for an object, provided that different attributes are used + for the combos. For example, you define a linked combo for the user object using the company, + department, and title attributes. To define another combo for the user object, you cannot use any + of the previously used attributes. +- For two different object types, you can use the same attributes in different linked combos. + +#### Linked Combo Data File + +The linked combo requires an XML file that contains the data for the display type itself and the +other display types that will be linked to it. Directory Manager also supports the Microsoft Excel +file format (.xls or .xlsx), that it automatically converts to XML. The data in the Excel file must +be in a specific format for Directory Manager to process it. + +For information about the Excel file format, see the [Excel Data File Format](/docs/directorymanager/11.1/signin/applications/portal/categories/linkedcombo/fileformat.md) topic. + +NOTE: If data in the source file is updated, you must reload the file for changes to take effect. + +## Define a Linked Combo Display Type + +1. In Admin Center, select **Applications** in the left pane. + On the **GroupID Portal** tab, a portal's card displays its info. +2. Click the ellipsis button for a portal and select **Settings**. +3. Select an identity store under **Design Settings** to define a custom display type for it. + All identity stores associated with the portal are listed under **Design Settings**. You can + design a different portal for each of these. +4. Click **Custom Display Types** in the left pane. +5. On the **Custom Display Types** page, click the **Linked Combo Types** tab. +6. Click **Add** to define a linked combo display type. +7. Complete the pages of the **Linked Combo Display Type** wizard. + + 1. On the **Details** page, provide the source data file. See the + [Linked Combo Type - Details](/docs/directorymanager/11.1/signin/applications/portal/categories/linkedcombo/details.md) topic for more info. + 2. On the **Schema** page, define the parent-child relationship between fields. See the + [Linked Combo Type - Schema](/docs/directorymanager/11.1/signin/applications/portal/categories/linkedcombo/schema.md) topic for details. + +8. Click **OK**. +9. Click **Save** on the **Custom Display Types** page. + The linked combo display type is listed on the **Linked Combo Types** tab. + +## Implement a Linked Combo + +To use a linked combo in a portal, do the following: + +1. Link a linked combo display type to a schema attribute on the **Search Forms**, **Properties**, + **Create Object**, or **Property Validation** page in Design settings. The linked combo is + rendered as a drop-down list in the portal. + On the **Schema** page of the **Linked Combo Display Type** wizard, you selected an expression + (representing a data column in the source Excel workbook) in the **Type binding expression** + drop-down list. Each record in this column will be displayed as a value in the drop-down list in + the portal. When a user selects a value, it will be stored as the value of the schema attribute + mapped to the linked combo display type. +2. The fields listed in the **Linked Field** list on the **Schema** page are already mapped to + schema attributes. For all fields that you use in a linked combo, one of the following cases + apply: + + - If a field’s schema attribute is already rendered as a field on the same portal page, it auto + connects to the linked combo. Values in this field are displayed with respect to the + expression mapped to it on the **Schema** page. + Let’s assume you select a field, Country, in the _Linked Field_ list, which is mapped to the + “co” attribute in Active Directory. You link it to the ‘Country Name’ column in the source + file. This column contains the names of all the countries in the world. + Now in the default portal template, the ‘co’ attribute is already rendered as a drop-down list + on the _General_ tab in user properties and displays the names of Asian countries. When you + apply your linked combo (containing the Country field) on the General tab, it auto-connects to + the ‘co’ attribute and replaces its values (the list of Asian countries) with the values from + the source data file (the names of all countries of the world). + - If a field’s schema attribute is not previously used on the same portal page as the linked + combo, the field will not be displayed in the portal. You must link this attribute to a + display type and render it on the same portal page as the linked combo. Values in this field + will be displayed with respect to the expression mapped to it on the **Schema** page. + + In any case, set the display type of each field in a linked combo to a _Textbox_ or _Dropdown_ + list, depending on the kind of values it would hold. + +### Example Case for Implementing a Linked Combo + +In this example, we will link a linked combo display type to the Company attribute (field) on the +General tab of the user properties page in the portal. Next, we will present how the fields used in +the linked combo should be rendered on the General tab, so that the fields are connected. + +#### Step 1: Link a Linked Combo to a Schema Attribute + +1. In Admin Center, select **Applications** in the left pane. +2. Click the ellipsis button for a portal and select **Settings**. +3. Select an identity store under **Design Settings.** +4. In the left pane, click **Properties**. +5. On the **Properties** page, select _User_ in the **Select Directory Object** list. +6. The names of all tabs on the portal’s user properties page are listed under **Name**. To render + the linked combo on the **General** tab, click **Edit** for it. +7. On the **Edit Design Category** pane, let’s link the _Company_ field to the linked combo. Click + **Edit** for the _Company_ field. +8. On the **Edit Field** pane, select a schema attribute to map your linked combo to, and in the + **Display Type** drop-down list, select your linked combo display type. +9. Click **OK** on the panes to close them. +10. Click **Save** on the **Custom Display Types** page. + +The _Company_ field would be displayed as a drop-down list on the _General_ tab of the user +properties page in the portal. Values in this list will be populated from the combo’s source data +file, with respect to the expression selected in the **Type Binding Expression** drop-down list on +the **Linked Combo Display Type** wizard. + +#### Step 2: Render the Linked Fields in the Combo on the Portal + +If the fields defined in a linked combo are already rendered on the same portal page as the linked +combo, make sure that the appropriate display type is used for them. Some examples are shown in the +table below. + +On the other hand, if the fields defined in a linked combo are not available on the same portal page +as the linked combo, you must create the fields first. These fields must be linked to the same +schema attributes as the combo’s fields are linked with, and an appropriate display type must be set +for them. The following table shows an example of the field names and the display types to set for +them. + +| Field | Display Type to use | Notes | +| ------- | ------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Country | Drop-down list | Create a Drop-down List display type and use it for this field or use the default drop-down list, lstCountry. lstCountry has values defined for it, which may produce undesirable results. | +| State | Drop-down list | Create a Drop-down List display type and use it for this field or use the default drop-down list, lstState. | +| City | Drop-down list | Create a Drop-down List display type and use it for this field or use the default drop-down list, lstCity. | +| Address | Text box | Use a simple text box display type with this field | +| Zip | Text box | Use a simple text box display type with this field or use the default textbox display type, maskZIPCode. This default display type comes with a validation check that ensures that users enter the zip code in the required format. | + +## Reload the Source Data File + +When you update data in the source file, you must also reload the file for changes to take effect. + +**To reload the file:** + +1. In Admin Center, select **Applications** in the left pane. + On the **GroupID Portal** tab, a portal's card displays its info. +2. Click the ellipsis button for a portal and select **Settings**. +3. Select an identity store under **Design Settings** to define a custom display type for it. + All identity stores associated with the portal are listed under **Design Settings**. You can + design a different portal for each of these. +4. Click **Custom Display Types** in the left pane. +5. On the **Custom Display Types** page, click the **Linked Combo Types** tab. +6. Click **Edit** for a linked combo to reload the source data file for it. The **Linked Combo + Display Type** wizard is displayed. +7. On the **Details** page, click **Browse** to select the file to load. Then click **Next**. +8. On the **Schema** page, make changes to the relationships, if required, and click **OK**. + See the [Linked Combo Type - Schema](/docs/directorymanager/11.1/signin/applications/portal/categories/linkedcombo/schema.md) topic for details. +9. Click **Save** on the **Custom Display Types** page. + +**See Also** + +- [Display Type Categories](/docs/directorymanager/11.1/signin/applications/portal/categories/categories.md) +- [Define Custom Display Types](/docs/directorymanager/11.1/signin/applications/portal/categories/custom.md) diff --git a/docs/directorymanager/11.1/admincenter/portal/linkedcombo/schema.md b/docs/directorymanager/11.1/signin/applications/portal/categories/linkedcombo/schema.md similarity index 96% rename from docs/directorymanager/11.1/admincenter/portal/linkedcombo/schema.md rename to docs/directorymanager/11.1/signin/applications/portal/categories/linkedcombo/schema.md index a34321966e..8b84db57b9 100644 --- a/docs/directorymanager/11.1/admincenter/portal/linkedcombo/schema.md +++ b/docs/directorymanager/11.1/signin/applications/portal/categories/linkedcombo/schema.md @@ -1,3 +1,9 @@ +--- +title: "Linked Combo Type - Schema" +description: "Linked Combo Type - Schema" +sidebar_position: 20 +--- + # Linked Combo Type - Schema On the **Schema** page of the **Linked Combo Display Type** wizard, define the parent-child @@ -84,4 +90,4 @@ Do the following: See Also -- [Linked Combo Display Type](/docs/directorymanager/11.1/admincenter/portal/linkedcombo/overview.md) +- [Linked Combo Display Type](/docs/directorymanager/11.1/signin/applications/portal/categories/linkedcombo/overview.md) diff --git a/docs/directorymanager/11.1/admincenter/portal/displaytype/linkeddropdown.md b/docs/directorymanager/11.1/signin/applications/portal/categories/linkeddropdown.md similarity index 90% rename from docs/directorymanager/11.1/admincenter/portal/displaytype/linkeddropdown.md rename to docs/directorymanager/11.1/signin/applications/portal/categories/linkeddropdown.md index 6e4ed679c0..b8284f7119 100644 --- a/docs/directorymanager/11.1/admincenter/portal/displaytype/linkeddropdown.md +++ b/docs/directorymanager/11.1/signin/applications/portal/categories/linkeddropdown.md @@ -1,3 +1,9 @@ +--- +title: "Linked Field Drop-down List Display Type" +description: "Linked Field Drop-down List Display Type" +sidebar_position: 40 +--- + # Linked Field Drop-down List Display Type A linked field drop-down list is displayed in the portal as a drop-down list with multiple values. @@ -69,6 +75,6 @@ field with the predefined value. **See Also** -- [Design a Portal with Display Types](/docs/directorymanager/11.1/admincenter/portal/displaytype/overview.md) -- [Display Type Categories](/docs/directorymanager/11.1/admincenter/portal/displaytype/categories.md) -- [Define Custom Display Types](/docs/directorymanager/11.1/admincenter/portal/displaytype/custom.md) +- [Design a Portal with Display Types](/docs/directorymanager/11.1/signin/applications/portal/displaytype/overview.md) +- [Display Type Categories](/docs/directorymanager/11.1/signin/applications/portal/categories/categories.md) +- [Define Custom Display Types](/docs/directorymanager/11.1/signin/applications/portal/categories/custom.md) diff --git a/docs/directorymanager/11.1/admincenter/portal/displaytype/multilinetextbox.md b/docs/directorymanager/11.1/signin/applications/portal/categories/multilinetextbox.md similarity index 85% rename from docs/directorymanager/11.1/admincenter/portal/displaytype/multilinetextbox.md rename to docs/directorymanager/11.1/signin/applications/portal/categories/multilinetextbox.md index 379136c212..02b31525f8 100644 --- a/docs/directorymanager/11.1/admincenter/portal/displaytype/multilinetextbox.md +++ b/docs/directorymanager/11.1/signin/applications/portal/categories/multilinetextbox.md @@ -1,3 +1,9 @@ +--- +title: "Multiline Textbox Display Type" +description: "Multiline Textbox Display Type" +sidebar_position: 80 +--- + # Multiline Textbox Display Type A multiline textbox allows portal users to type information into a box that supports word wrapping @@ -40,6 +46,6 @@ many rows as required while entering data. **See Also** -- [Design a Portal with Display Types](/docs/directorymanager/11.1/admincenter/portal/displaytype/overview.md) -- [Display Type Categories](/docs/directorymanager/11.1/admincenter/portal/displaytype/categories.md) -- [Define Custom Display Types](/docs/directorymanager/11.1/admincenter/portal/displaytype/custom.md) +- [Design a Portal with Display Types](/docs/directorymanager/11.1/signin/applications/portal/displaytype/overview.md) +- [Display Type Categories](/docs/directorymanager/11.1/signin/applications/portal/categories/categories.md) +- [Define Custom Display Types](/docs/directorymanager/11.1/signin/applications/portal/categories/custom.md) diff --git a/docs/directorymanager/11.1/admincenter/portal/displaytype/multivaluedcontrol.md b/docs/directorymanager/11.1/signin/applications/portal/categories/multivaluedcontrol.md similarity index 92% rename from docs/directorymanager/11.1/admincenter/portal/displaytype/multivaluedcontrol.md rename to docs/directorymanager/11.1/signin/applications/portal/categories/multivaluedcontrol.md index 3583456c1e..4842a96684 100644 --- a/docs/directorymanager/11.1/admincenter/portal/displaytype/multivaluedcontrol.md +++ b/docs/directorymanager/11.1/signin/applications/portal/categories/multivaluedcontrol.md @@ -1,3 +1,9 @@ +--- +title: "Multi-Valued Control Display Type" +description: "Multi-Valued Control Display Type" +sidebar_position: 90 +--- + # Multi-Valued Control Display Type The multi-valued control display type supports multi-valued attributes in Active Directory. Examples @@ -77,6 +83,6 @@ schema attribute you link this display type with. **See Also** -- [Design a Portal with Display Types](/docs/directorymanager/11.1/admincenter/portal/displaytype/overview.md) -- [Display Type Categories](/docs/directorymanager/11.1/admincenter/portal/displaytype/categories.md) -- [Define Custom Display Types](/docs/directorymanager/11.1/admincenter/portal/displaytype/custom.md) +- [Design a Portal with Display Types](/docs/directorymanager/11.1/signin/applications/portal/displaytype/overview.md) +- [Display Type Categories](/docs/directorymanager/11.1/signin/applications/portal/categories/categories.md) +- [Define Custom Display Types](/docs/directorymanager/11.1/signin/applications/portal/categories/custom.md) diff --git a/docs/directorymanager/11.1/admincenter/portal/displaytype/radio.md b/docs/directorymanager/11.1/signin/applications/portal/categories/radio.md similarity index 90% rename from docs/directorymanager/11.1/admincenter/portal/displaytype/radio.md rename to docs/directorymanager/11.1/signin/applications/portal/categories/radio.md index e19140c41e..96d59b9551 100644 --- a/docs/directorymanager/11.1/admincenter/portal/displaytype/radio.md +++ b/docs/directorymanager/11.1/signin/applications/portal/categories/radio.md @@ -1,3 +1,9 @@ +--- +title: "Radio Button Display Type" +description: "Radio Button Display Type" +sidebar_position: 70 +--- + # Radio Button Display Type Use a radio display type to present the portal users with a predefined set of mutually exclusive @@ -42,7 +48,7 @@ A few radio display types used in the default portal template are: 4. Enter a description for the radio button in the **Description** box. 5. Select a security role in the **Visibility** drop-down list. The radio button will be visible to users of this role and roles with a priority value higher than this role. See - [Priority](/docs/directorymanager/11.1/admincenter/securityrole/manage.md). + [Priority](/docs/directorymanager/11.1/signin/securityrole/manage.md). Select _Never_ to hide the radio button from all users. 6. Click **OK**. The radio button is listed in the **Values** area on the **New Display Type** pane. @@ -62,6 +68,6 @@ A few radio display types used in the default portal template are: **See Also** -- [Design a Portal with Display Types](/docs/directorymanager/11.1/admincenter/portal/displaytype/overview.md) -- [Display Type Categories](/docs/directorymanager/11.1/admincenter/portal/displaytype/categories.md) -- [Define Custom Display Types](/docs/directorymanager/11.1/admincenter/portal/displaytype/custom.md) +- [Design a Portal with Display Types](/docs/directorymanager/11.1/signin/applications/portal/displaytype/overview.md) +- [Display Type Categories](/docs/directorymanager/11.1/signin/applications/portal/categories/categories.md) +- [Define Custom Display Types](/docs/directorymanager/11.1/signin/applications/portal/categories/custom.md) diff --git a/docs/directorymanager/11.1/admincenter/portal/displaytype/textbox.md b/docs/directorymanager/11.1/signin/applications/portal/categories/textbox.md similarity index 94% rename from docs/directorymanager/11.1/admincenter/portal/displaytype/textbox.md rename to docs/directorymanager/11.1/signin/applications/portal/categories/textbox.md index 9fecca7544..01a4b39b39 100644 --- a/docs/directorymanager/11.1/admincenter/portal/displaytype/textbox.md +++ b/docs/directorymanager/11.1/signin/applications/portal/categories/textbox.md @@ -1,3 +1,9 @@ +--- +title: "Text Box Display Type" +description: "Text Box Display Type" +sidebar_position: 20 +--- + # Text Box Display Type A text box display type can be used without customization, but you must customize it when you want @@ -98,6 +104,6 @@ NOTE: Data should be in JSON format. **See Also** -- [Design a Portal with Display Types](/docs/directorymanager/11.1/admincenter/portal/displaytype/overview.md) -- [Display Type Categories](/docs/directorymanager/11.1/admincenter/portal/displaytype/categories.md) -- [Define Custom Display Types](/docs/directorymanager/11.1/admincenter/portal/displaytype/custom.md) +- [Design a Portal with Display Types](/docs/directorymanager/11.1/signin/applications/portal/displaytype/overview.md) +- [Display Type Categories](/docs/directorymanager/11.1/signin/applications/portal/categories/categories.md) +- [Define Custom Display Types](/docs/directorymanager/11.1/signin/applications/portal/categories/custom.md) diff --git a/docs/directorymanager/11.1/signin/applications/portal/create.md b/docs/directorymanager/11.1/signin/applications/portal/create.md new file mode 100644 index 0000000000..88312afc6a --- /dev/null +++ b/docs/directorymanager/11.1/signin/applications/portal/create.md @@ -0,0 +1,453 @@ +--- +title: "Create a Portal" +description: "Create a Portal" +sidebar_position: 10 +--- + +# Create a Portal + +Admin Center lets you quickly build and deploy a web-based portal named Directory Manager portal, +for end-users to carry out user, group, and entitlement management tasks. Users can also view +detailed reports on the current state and health of the directory. + +You can create multiple Directory Manager portals as well as create multiple instances for a portal. + +You can also create a Self-Service Password Reset portal (SSPR), which is a kind of Directory +Manager portal that only facilitates password-related functions. + +## Host a Portal + +A portal is hosted on a web server, with native IIS, remote IIS, and Docker as the supported +servers. + +- IIS Deployment - Your Directory Manager portal is hosted within a site in IIS. To launch IIS, see + [Opening IIS Manager](https://learn.microsoft.com/en-us/previous-versions/iis/6.0-sdk/ms525920(v=vs.90)). + + ![in_iis](/img/product_docs/directorymanager/11.1/admincenter/portal/in_iis.webp) + +- Docker Deployment - For a Docker deployment, make sure you have a running instance of Docker + daemon in your environment. A portal runs within a container in Docker. + +## Deploy Multiple Instances of a Portal + +For load balancing and high availability, Directory Manager facilitates you to create multiple +Directory Manager portals, and even create multiple instances of the same portal. You may host +different instances on different web servers. For example, you can create two instances of a portal +while hosting one in native IIS and another in remote IIS. + +Multiple instances of a portal share the same design settings and the same server settings, except +that each instance has its own deployment settings. A change to the shared settings propagates to +all deployment instances. + +As multiple Data services and Security services can be created in Directory Manager, you can bind a +different Data service and Security service with each deployment instance of a portal. In this way, +different instances use different services for improved response times and load balancing. + +What do you want to do? + +- Create a Portal in Native IIS +- Create a Portal in Remote IIS +- Create a Portal in Docker +- Create a Self-Service Password Reset Portal +- Deploy Another Instance of a Portal +- Create a Portal by Copying an Existing Portal +- View the Details of a Portal +- Launch a Portal + +## Create a Portal in Native IIS + +When you create a portal in native IIS, Directory Manager does the following: + +- It creates a directory with the portal's name at the following physical path on the Directory + Manager server, and copies the portal files from its template directory to the new portal + directory: + X:\Program Files\Imanami\GroupID 11.0\GroupIDPortal\Inetpub\ + (X represents the Directory Manager installation drive) +- It also creates a virtual directory for the portal in your desired IIS site. + +The portal runs within a virtual directory in native IIS while the portal files are physically +located on disk. + +**To create a portal:** + +1. In Admin Center, click **Applications** in the left pane. +2. Click **Add Application**. +3. On the next page, select **GroupID Portal** and click **Next step**. +4. On the **Create GroupID Application** page, make sure the **IIS** tile is selected. +5. In the **Application Name** box, enter a unique name for the portal or use the default name. The + portal is displayed with this name in Directory Manager. +6. In the **Deployment Name** box, enter a deployment name for the portal. This name is used to + indicate the deployment instance for the portal in Directory Manager. + A portal can have multiple deployments, for example, one in IIS and another in Docker. + The application name and deployment name are displayed on the portal card on the **GroupID + Portal** tab. + + ![portal_card](/img/product_docs/directorymanager/11.1/admincenter/portal/portal_card.webp) + +7. In the **IIS Application Name** box, enter an IIS deployment name for the portal. This name + should be unique for each portal deployed in IIS. + + - The IIS application name is used to name the portal's directory in IIS and its physical + directory under **X:\Program Files\Imanami\GroupID 11.0\GroupIDPortal\Inetpub** on the + Directory Manager server. + (X represents the Directory Manager installation drive) + - This IIS application name is also appended to the web server address to construct the URL that + users click to access this deployment instance of the portal. For example: + `https://web-server-name:port/IIS-application-name` + Hence, a different URL is constructed for each deployment of a portal in IIS. + +8. In the **IIS Site** drop-down list, select a website to host the portal files. The list displays + the websites defined on the native IIS server. _GroupIDSite11_ is the default selection. +9. In the **Service Endpoints** area, bind a Data service and a Security service with the portal. + + 1. In the **Data Service** drop-down list, select a Data service for the portal to use. The list + contains all Data services defined in Directory Manager. + 2. In the **Security Service** drop-down list, select a Security service for the portal to use. + Thelist contains all Security services defined in Directory Manager. + +10. In the **Support Information** area, enter internal contact information and resource links for + the portal's users to obtain help while using the portal. + A portal includes a **Contact** link and a **Help** icon on its web interface. The **Contact** + link launches an email application to send an email to a user or helpdesk for inquiries or + support. The **Help** icon launches the online help for the portal in a new browser window. Both + links are customizable, and their target email address or web address is specified in the + **Support Information** area. + + 1. In the **Support group or administrator's email address** box, enter the email address of a + group or user to redirect user queries to. This email address is mapped to the **Contact** + link in the portal. + 2. In the **Help URL** box, specify the address of your company's internal support website or + the portal's help page, where portal users can find support material or report a problem. By + default, this box displays the URL of the portal's help published by Netwrix. + This URL is mapped to the **Help** icon in the portal. + +11. (Optional) Select the **Password Center Mode** check box to create this portal as a Self-Service + Password Reset portal (SSPR). A SSPR portal does not offer the standard functions of a Directory + Manager portal, such as group management, user management, or entitlement management, but is + exclusively dedicated to password-relation activities. This portal enables users to manage their + directory account passwords, i.e., the password for the account they use to access their + workstations and other Microsoft services. Users can change and reset their passwords, as well + as unlock their accounts. They can also enroll their accounts in Directory Manager and link + accounts in different identity stores. + + The SSPR portal does not have design settings and advanced settings, like a standard Directory + Manager portal has. For this reason, the following configurations are not available on selecting + the **Password Center Mode** check box: + + - The **Import Design** option for identity stores in the Select Identity Stores area + - The Advanced Settings area + + NOTE: Directory Manager does not support the upgrade of a Password Center portal (from a + previous version) to an SSPR portal. You have to create the SSPR portal as a new portal. + +12. In the **Select Identity Stores** area, select the check boxes for the identity stores you want + to associate with the portal. Users in the associated identity stores can sign into the portal + to manage directory objects, their directory profiles, and more. + While associating identity store(s), you may get the following message: + + ![linked_message](/img/product_docs/directorymanager/11.1/admincenter/portal/linked_message.webp) + + This relates to the scenario when identity stores in Directory Manager have been linked, as + discussed in the + [Linked Identity Stores and the Directory Manager Portal](/docs/directorymanager/11.1/signin/identitystore/link/overview.md#linked-identity-stores-and-the-directory-manager-portal) + topic. Hence, when two identity stores, IdentityStoreA and IdentityStoreB, are linked and you + associate IdentityStoreA with the portal, this message is displayed. It alerts you to associate + the second identity store in the linked pair (dentityStoreB) with the portal too, in order to + benefit from the linking. + +13. Each identity store associated with a portal has its own set of design settings, as listed in + the [Design a Portal with Display Types](/docs/directorymanager/11.1/signin/applications/portal/displaytype/overview.md) topic. + + If you are upgrading to Directory Manager 11 from GroupID 9 or GroupID 10, you can import the + design settings for an identity store from a Self-Service portal in a previous version - as an + alternate to defining these settings from scratch. Following are the details of the file + containing identity store design settings for a Self-Service portal in GroupID 9 and 10: + + **Design file name:** ``..xml. + + For example: ADStore.xml + A separate design file exists for each identity store linked with a Self-Service portal. + + **File location in GroupID 9/10:** [GroupID installation drive]:\Program Files\Imanami\GroupID + `version`\SelfService\Inetpub\<portal name>\Design\ + For example: C:\Program Files\Imanami\GroupID 10.0\SelfService\Inetpub\TestPortal\Design\ + + Similarly, a separate file exists for each linked combo created in the Self-Service portal. + **Linked combo file name:** The file has the same name as that of the linked combo in the + portal.for example, Country-State.xml + **File location in GroupID 9/10:** All linked combo files, regardless of the identity store they + are used for, are available at the following path: + [GroupID installation drive]:\Program Files\Imanami\GroupID + `version`\SelfService\Inetpub\<portal name>\Web\LinkedCombo\ + For example: C:\Program Files\Imanami\GroupID + 10.0\SelfService\Inetpub\TestPortal\Web\LinkedCombo\ + + **To import the design file and linked combo file(s), do the following:** + + 1. As a prerequisite to Directory Manager 11 upgrade, the folder structure for the source + version was copied to the Directory Manager 11 server. In this case, the design and linked + combo files for all portals in the previous version are already available on the machine. + Else copy the above mentioned files for the respective identity stores associated with the + Self-Service portal, and place them on your local machine or a shared network location. + 2. In he **Select Identity Stores** area, click **Import Design** next to an identity store name + to import the design file for it. + 3. Browse for the file to select and import it. The import process takes a while. + Each identity store associated with a Self-Service portal has its own design file, so make + sure you import the correct file. For example, if Identity Store A is associated with two + Self-Service portals, then these will be two different design files for the same identity + store, though at different locations. + 4. After the file is uploaded, a message is displayed, showing the number of linked combos + defined in the imported design settings and prompting you to import the respective linked + combo files. + Browse to the location of the linked combo files and import those that represent the linked + combos defined in the design settings. + +14. A portal has certain advanced settings defined for it, as discussed in the + [Manage Advanced Settings](/docs/directorymanager/11.1/signin/applications/portal/server/advanced.md) topic. + If you are upgrading to Directory Manager 11 from GroupID 9 or GroupID 10, you can import the + advanced settings of a Self-Service portal from a previous version as an alternate to defining + settings from scratch. Following are the details of the file containing advanced settings for a + Self-Service portal in GroupID 9 and 10: + + **File name:** server.xml. A separate file exists for each Self-Service portal. + **File location in GroupID 9/10:** [GroupID installation drive]:\Program Files\Imanami\GroupID + `version`\SelfService\Inetpub\<portal name>\ + For example: C:\Program Files\Imanami\GroupID 10.0\SelfService\Inetpub\TestPortal\ + + **To import the file, do the following:** + + 1. As a prerequisite to Directory Manager 11 upgrade, the folder structure for the source + version was copied to the Directory Manager 11 server. In this case, the server.xml file for + all portals in the previous version is already available on the machine. Else copy the + server.xml file for the Self-Service portal whose advanced settings you want to import, and + place it on your local machine or a shared network location. + 2. On the **Create GroupID Application** page, click **Import Settings** in the **Advanced + Settings** area. + 3. Browse for the file to select and import it. The import process takes a while. + +15. Click **Create Application**. + The new portal is displayed on the **GroupID Portal** tab. You can differentiate between a + standard Directory Manager portal and a SSPR portal from the portal logo, as each portal type + has its own logo. + +## Create a Portal in Remote IIS + +You can host a portal within a site in remote IIS. For this, you need to connect with the Microsoft +IIS Administration API running on the remote IIS machine. + +When you create a portal in remote IIS, Directory Manager does the following: + +- It creates a virtual directory for the portal in a preconfigured site in remote IIS. +- It creates a physical directory for the portal in the folder that is mapped to this preconfigured + site. + +The portal runs within a virtual directory in remote IIS while the portal files are physically +located on disk. + +To learn about the remote IIS settings and configurations before hosting a portal, see +the[Prerequisites for Deployments in Remote IIS](/docs/directorymanager/11.1/signin/applications/remoteiisprerequisites.md) topic. + +**To create a portal:** + +1. In Admin Center, click **Applications** in the left pane. +2. Click **Add Application**. +3. On the next page, select **GroupID Portal** and click **Next step**. +4. On the **Create GroupID Application** page, select the **Remote IIS** tile. +5. In the **Application Name** box, enter a unique name for the portal or use the default name. The + portal is displayed in Directory Manager with this name. +6. In the **Deployment Name** box, enter a deployment name for the portal. This name is used to + indicate the deployment instance for the portal in Directory Manager. A portal can have multiple + deployments, for example, one in IIS and another in Docker. + The application name and deployment name are displayed on the portal card on the **GroupID + Portal** tab. +7. In the **API URL** box, enter the URL of the API to use for communicating with the remote IIS + server. + Make sure the + [Microsoft IIS Administration API](https://learn.microsoft.com/en-us/iis-administration/) is + installed as a Windows service on the remote IIS machine. Fetch the URL of this API from remote + IIS and provide it here to enable communication. +8. In the **Access Token** box, enter the access token to allow Admin Center to access the Microsoft + IIS Administration API. This access token is generated from the Microsoft IIS Administration + API's interface. +9. In the **Username** and **Password** boxes, enter the credentials of a Windows account to + communicate with the API. This account must have access to the remote IIS machine, with + sufficient permissions to enable you to create and manipulate objects in IIS. +10. In the **IIS Application Name** box, enter an IIS deployment name for the portal. This name + should be unique for each portal deployed within the same site in remote IIS. + + - The IIS application name is used to name the portal's directory in the IIS site and its + physical directory on the remote IIS machine. The physical directory is created within the + folder that is mapped to the preconfigured site, and portal files are copied to it. + - This IIS application name is also appended to the web server address to construct the URL that + users click to access this deployment instance of the portal. For example: + `https://web-server-name:port/IIS-application-name` + Hence, a different URL is constructed for each deployment of a portal in remote IIS. + +11. On providing the above information, the **Website** drop-down list displays the sites defined on + the remote IIS server. Select the site that you have configured with the appropriate permissions + for Directory Manager. +12. To enter information in the **Service Endpoints**, **Support Information**, **Password Center + Mode**, **Select Identity Stores**, and **Advanced Settings** areas and create the portal, + follow the steps in the Create a Portal in Native IIS topic, starting at step 9. + +## Create a Portal in Docker + +Directory Manager enables you to host a portal in Docker. For this, you need to connect with the API +running on a Docker deamon in your environment, so that Directory Manager can create a container for +the portal there and run the portal from within that container. + +For an overview on application deployment in Docker, see the +[Prerequisites for Deployments in Docker](/docs/directorymanager/11.1/signin/applications/dockerprerequisites.md) topic. + +NOTE: To host the portal, Docker daemon should be configured to run Windows containers. + +**To create a portal:** + +1. In Admin Center, click **Applications** in the left pane. +2. Click **Add Application**. +3. On the next page, select **GroupID Portal** and click **Next step**. +4. On the **Create GroupID Application** page, select the **Docker** tile. +5. In the **Application Name** box, enter a unique name for the portal or use the default name. The + portal is displayed in Directory Manager with this name. +6. In the **Deployment Name** box, enter a deployment name for the portal. This name is used to + indicate the deployment instance for the portal in Directory Manager. A portal can have multiple + deployments, for example, one in IIS and another in Docker. + The application name and deployment name are displayed on the portal card on the **GroupID + Portal** tab. +7. In the **Port** box, enter the port for the host machine to map the container to host ports. By + default, the container port is 443. + This enables network access to the portal in Docker over this port. +8. In the **Service URL** box, enter the API URL to use for accessing and communicating with Docker + Engine. + On installing Docker Engine, you must expose an API over TCP on the same machine to enable + communication with Directory Manager. + The URL you provide in the **Service URL** box identifies the Docker deamon where you want to + host the portal. +9. In the **Container Name** box, enter a name for the container that is created in Docker for + deploying the portal. +10. For entering information in the **Service Endpoints**, **Support Information**, **Password + Center Mode**, **Select Identity Stores**, and **Advanced Settings** areas and create the + portal, follow the steps in the Create a Portal in Native IIS topic, starting at step 9. + +## Create a Self-Service Password Reset Portal + +A Directory Manager portal can be created as a Self-Service Password Reset portal (SSPR in native +IIS, remote IIS, and Docker. A SSPR portal only provides password management functions to end-users. + +Creating an SSPR portal is similar to creating a standard Directory Manager portal; you only have to +select the **Password Center Mode** check box on the Create GroupID Application page. For details, +see Step 11 in the he Create a Portal in Native IIS topic. + +NOTE: Directory Manager does not support the upgrade of a Password Center portal (from a previous +version) to an SSPR portal. You have to create the SSPR portal as a new portal. + +## Deploy Another Instance of a Portal + +You can deploy more than one instance of a portal. Instances can be deployed in different web +servers, for example, one in IIS, another in remote IIS, and yet another in Docker. For more on how +instances work, see the Deploy Multiple Instances of a Portal topic. + +To deploy a new instance, you have to provide deployment details only. All instances share the same +server and design configurations, while only deployment details differ. For example, all instances +serve the same identity stores and have the same display and search-related configurations. Changing +a shared setting propagates to all deployment instances of the portal. + +NOTE: A SSPR portal does not have design settings. Hence, only server settings are shared across +multiple instances. + +**To deploy an instance:** + +1. In Admin Center, select **Applications** in the left pane. +2. On the **GroupID Portal** tab, click the ellipsis button for a portal and select **Deploy Another + Instance**. +3. On the **Deploy Another Instance** page, select the **IIS**, **Remote IIS**, or **Docker** tile + to indicate the web server where you want to deploy the instance. + The **Application Name** field displays the name of the portal as read-only. +4. Fields on the page vary, depending on the web server selected. In any case, the **Support + Information**, **Select Identity Stores**, and **Advanced Settings** areas are not available, as + they remain the same for all instances. + + - To deploy an instance in native IIS, follow steps 6-9 in the Create a Portal in Native IIS + topic. + - To deploy an instance in remote IIS, follow steps 6-12 in the Create a Portal in Remote IIS + topic. + - To deploy an instance in Docker, follow steps 6-10 in the Create a Portal in Docker topic. + +5. After entering the required information, click **Deploy Instance**. + The new instance is displayed on the portal's card. + +## Create a Portal by Copying an Existing Portal + +You can create a new portal by copying an existing portal. All server and design configurations of +the template portal are duplicated to the new portal. Deployment details are not duplicated, so you +can choose to deploy the new portal in any of the supported web servers. Consider the following: + +- You can create a SSPR portal by copying a standard Directory Manager portal. In this case, the + design settings of the base portal are not duplicated as the SSPR portal does not have design + settings. +- You can create a standard Directory Manager portal by copying a SSPR portal. As the SSPR portal + does not have design settings, the new portal is created with the default design settings. You can + modify them as needed. + +**To create a portal:** + +1. In Admin Center, select **Applications** in the left pane. +2. On the **GroupID Portal** tab, click the ellipsis button for a portal and select **Copy**. + The **Copy GroupID Application** page is displayed; populated with the following settings of the + copied portal: + + - The Data service and Security service linked to the portal + - The support information for the portal, i.e., the admin/helpdesk contact email address and the + portal's help URL + - The identity store(s) associated with the portal + +3. You can deploy the new portal in native IIS, remote IIS, or Docker. + + - To specify settings for a native IIS deployment, follow the instructions in the Create a + Portal in Native IIS topic, beginning at step 4. + - To specify settings for a remote IIS deployment, follow the instructions in the Create a + Portal in Remote IIS topic, beginning at step 4. + - To specify settings for a Docker deployment, follow the instructions in the Create a Portal in + Docker topic, beginning at step 4. + +## View the Details of a Portal + +1. In Admin Center, click **Applications** in the left pane. + The **GroupID Portal** tab displays the portals that you have created. +2. The card for a portal displays the following information: + + | Info | Description | + | -------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | + | Name | The name given to the portal. Next to the portal name is the portal logo, which enables you to differentiate between a standard Directory Manager portal and a SSPR portal, as each portal type has its own logo. | + | Identity Stores | The names of the identity stores the portal serves. | + | Deployment Instances | Displays the deployment instance(s) of the portal as tiles. A tile shows the deployment name of the instance and the web server where it is deployed. | + | Status | A portal has one of the following statuses: - **Running:** Indicates that the portal is up and running. - **Stopped:** Indicates that Directory Manager is unable to communicate with the portal. To troubleshoot, go to the web server where the portal is deployed and make sure the portal is running. - **Error:** Any issue other than _stopped_ is categorized as _error_. In this case, contact your system administrator. | + | Launch Application | Click this link to launch the portal. When multiple deployments of a portal are available, select the tile for a deployment instance and click this link to launch that instance. | + | Ellipsis | Click it to launch a shortcut menu with the following options: - **Settings:** Launches the portal settings page, where you can manage server and design settings. - **Server Settings:** Includes the deployment details of each portal instance, the help URL for the portal, the identity stores linked with the portal, and more. - **Design settings:** These settings relate to the portal's user interface. - **Deploy Another Instance:** Enables you to deploy another instance of the portal. - **Copy:** Enables you to create a new portal by copying the settings of this portal. - **Delete:** Deletes the portal. | + +You may notice a portal with an orange card and an orange icon on the card. On hovering the mouse +over the icon, the tooltip says that _linked mode will not be allowed_. This relates to the scenario +when identity stores in Directory Manager have been linked, as discussed in the +[Linked Identity Stores and the Directory Manager Portal](/docs/directorymanager/11.1/signin/identitystore/link/overview.md#linked-identity-stores-and-the-directory-manager-portal) +topic. Hence, when two identity stores, IdentityStoreA and IdentityStoreB, are linked and you +associate IdentityStoreA with the portal, the portal card appears in orange. It informs you to +associate the second identity store in the linked pair (dentityStoreB) with the portal too, in order +to benefit from the linking. + +## Launch a Portal + +1. In Admin Center, select **Applications** in the left pane. +2. On the **GroupID Portal** tab, click **Launch Application** on a portal's card to launch it. + + When multiple deployments of a portal are available, select a deployment instance on the card + and click **Launch Application** to launch that instance. + + Provide the URL of an instance to your users so they can access the portal. You can either copy + the URL from the address bar or from a portal's deployment settings. See the + [View the Launch URL for an Instance](server/nativeiis.md#view-the-launch-url-for-an-instance) + topic. + +**See Also** + +- [Directory Manage Applications](/docs/directorymanager/11.1/signin/applications/applications.md) +- [ Directory Manager Portal](/docs/directorymanager/11.1/signin/applications/portal/overview.md) diff --git a/docs/directorymanager/11.1/admincenter/portal/delete.md b/docs/directorymanager/11.1/signin/applications/portal/delete.md similarity index 88% rename from docs/directorymanager/11.1/admincenter/portal/delete.md rename to docs/directorymanager/11.1/signin/applications/portal/delete.md index 77dc84317f..9138770497 100644 --- a/docs/directorymanager/11.1/admincenter/portal/delete.md +++ b/docs/directorymanager/11.1/signin/applications/portal/delete.md @@ -1,3 +1,9 @@ +--- +title: "Delete a Portal" +description: "Delete a Portal" +sidebar_position: 20 +--- + # Delete a Portal You can delete a portal or a deployment instance of a portal. On deleting a portal, all its @@ -58,5 +64,5 @@ Deleting a portal removes all its deployments and configurations from Directory **See Also** -- [Directory Manage Applications](/docs/directorymanager/11.1/admincenter/portal/applications.md) -- [ Directory Manager Portal](/docs/directorymanager/11.1/admincenter/portal/overview.md) +- [Directory Manage Applications](/docs/directorymanager/11.1/signin/applications/applications.md) +- [ Directory Manager Portal](/docs/directorymanager/11.1/signin/applications/portal/overview.md) diff --git a/docs/directorymanager/11.1/signin/applications/portal/displaytype/_category_.json b/docs/directorymanager/11.1/signin/applications/portal/displaytype/_category_.json new file mode 100644 index 0000000000..606591fe33 --- /dev/null +++ b/docs/directorymanager/11.1/signin/applications/portal/displaytype/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Design a Portal with Display Types", + "position": 50, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/directorymanager/11.1/admincenter/portal/design/badwords.md b/docs/directorymanager/11.1/signin/applications/portal/displaytype/badwords.md similarity index 95% rename from docs/directorymanager/11.1/admincenter/portal/design/badwords.md rename to docs/directorymanager/11.1/signin/applications/portal/displaytype/badwords.md index ca7abed2f7..3d3fa59620 100644 --- a/docs/directorymanager/11.1/admincenter/portal/design/badwords.md +++ b/docs/directorymanager/11.1/signin/applications/portal/displaytype/badwords.md @@ -1,3 +1,9 @@ +--- +title: "Manage the Bad Words List" +description: "Manage the Bad Words List" +sidebar_position: 70 +--- + # Manage the Bad Words List Directory Manager enables you to restrict portal users from saving data containing words that might @@ -68,4 +74,4 @@ The bad words check applies to the following: See Also -- [Design a Portal with Display Types](/docs/directorymanager/11.1/admincenter/portal/displaytype/overview.md) +- [Design a Portal with Display Types](/docs/directorymanager/11.1/signin/applications/portal/displaytype/overview.md) diff --git a/docs/directorymanager/11.1/admincenter/portal/design/createobject.md b/docs/directorymanager/11.1/signin/applications/portal/displaytype/createobject.md similarity index 95% rename from docs/directorymanager/11.1/admincenter/portal/design/createobject.md rename to docs/directorymanager/11.1/signin/applications/portal/displaytype/createobject.md index 7d0e650a5b..ddf6578f16 100644 --- a/docs/directorymanager/11.1/admincenter/portal/design/createobject.md +++ b/docs/directorymanager/11.1/signin/applications/portal/displaytype/createobject.md @@ -1,3 +1,9 @@ +--- +title: "Customize the Create Object Wizards" +description: "Customize the Create Object Wizards" +sidebar_position: 100 +--- + # Customize the Create Object Wizards Using a portal, users can create different directory objects, namely: @@ -18,7 +24,7 @@ as needed. NOTE: In the portal, the _Create Group_ wizard starts with the _Group Type_ page, where users can select the type of group they want to create. Options on this page vary, depending on the permissions assigned to the user in the identity store. (See the -[Security Role – Permissions](/docs/directorymanager/11.1/admincenter/securityrole/permissions.md) topic.) +[Security Role – Permissions](/docs/directorymanager/11.1/signin/securityrole/permissions.md) topic.) - If a user has the _Create Static Group_ permission and is denied the _Create Smart Group_ permission, only the _Static Group_ option is displayed on the _Group Type_ page. @@ -62,7 +68,7 @@ What do you want to do? this name. 8. In the **Visibility Level** drop-down list, select a security role. The page would be visible to users of this role and roles with a priority value higher than this role. See - [Priority](/docs/directorymanager/11.1/admincenter/securityrole/manage.md). + [Priority](/docs/directorymanager/11.1/signin/securityrole/manage.md). Select _Never_ to hide the page from all users. 9. To add fields to the page, see the Add a Field to a Wizard Page topic. 10. Click **OK**. @@ -141,10 +147,10 @@ You can update the following for a page: 10. In the **Display Type** drop-down list, select a display type to use for rendering this field on the wizard. The list contains basic display types and custom display types defined on the **Custom Display - Types** page. See the [Display Type Categories](/docs/directorymanager/11.1/admincenter/portal/displaytype/categories.md) topic. + Types** page. See the [Display Type Categories](/docs/directorymanager/11.1/signin/applications/portal/categories/categories.md) topic. 11. In the **Visibility Level** drop-down list, select a security role. The field would be visible to users of the selected role and roles with a priority value higher than the selected role. See - [Priority](/docs/directorymanager/11.1/admincenter/securityrole/manage.md). + [Priority](/docs/directorymanager/11.1/signin/securityrole/manage.md). Select _Never_ to hide the field from all users. 12. As mentioned for visibility level, the field is visible to members of the selected role and roles with a priority value higher than the selected role. @@ -180,7 +186,7 @@ You can update the following for a page: 19. Select the **Filter Bad Words** check box to ensure that users do not enter any bad word in this field. A value entered for the field is checked against the words listed on the **Bad Words List** - page. Matched values cannot be saved. See the [Manage the Bad Words List](/docs/directorymanager/11.1/admincenter/portal/design/badwords.md) topic. + page. Matched values cannot be saved. See the [Manage the Bad Words List](/docs/directorymanager/11.1/signin/applications/portal/displaytype/badwords.md) topic. 20. Click **OK**. The field is displayed in the **Fields** area on the **Edit Category** pane. You can rearrange the fields, update field properties, and even remove a field from the wizard page. 21. Click **OK**. @@ -262,4 +268,4 @@ The following field properties vary from field to field. You can: See Also -- [Design a Portal with Display Types](/docs/directorymanager/11.1/admincenter/portal/displaytype/overview.md) +- [Design a Portal with Display Types](/docs/directorymanager/11.1/signin/applications/portal/displaytype/overview.md) diff --git a/docs/directorymanager/11.1/admincenter/portal/design/importexport.md b/docs/directorymanager/11.1/signin/applications/portal/displaytype/importexport.md similarity index 96% rename from docs/directorymanager/11.1/admincenter/portal/design/importexport.md rename to docs/directorymanager/11.1/signin/applications/portal/displaytype/importexport.md index 14a216eafb..32da494f1c 100644 --- a/docs/directorymanager/11.1/admincenter/portal/design/importexport.md +++ b/docs/directorymanager/11.1/signin/applications/portal/displaytype/importexport.md @@ -1,3 +1,9 @@ +--- +title: "Specify Attributes for Import/Export of Group Owners and Members" +description: "Specify Attributes for Import/Export of Group Owners and Members" +sidebar_position: 80 +--- + # Specify Attributes for Import/Export of Group Owners and Members In the Directory Manager portal, users can: @@ -87,4 +93,4 @@ What do you want to do? See Also -- [Design a Portal with Display Types](/docs/directorymanager/11.1/admincenter/portal/displaytype/overview.md) +- [Design a Portal with Display Types](/docs/directorymanager/11.1/signin/applications/portal/displaytype/overview.md) diff --git a/docs/directorymanager/11.1/admincenter/portal/design/navigationbar.md b/docs/directorymanager/11.1/signin/applications/portal/displaytype/navigationbar.md similarity index 98% rename from docs/directorymanager/11.1/admincenter/portal/design/navigationbar.md rename to docs/directorymanager/11.1/signin/applications/portal/displaytype/navigationbar.md index 75f4b92e9c..4a26c0d505 100644 --- a/docs/directorymanager/11.1/admincenter/portal/design/navigationbar.md +++ b/docs/directorymanager/11.1/signin/applications/portal/displaytype/navigationbar.md @@ -1,3 +1,9 @@ +--- +title: "Customize the Navigation Bar" +description: "Customize the Navigation Bar" +sidebar_position: 60 +--- + # Customize the Navigation Bar The left navigation bar in a portal lists nodes that enable users to navigate in the portal: These @@ -82,7 +88,7 @@ Note the following: navigation bar. 8. In the **Access Level** drop-down list, select a security role. The node would be visible to users of this role and roles with a priority value higher than this role. For all other users, - the node would be hidden. See [Priority](/docs/directorymanager/11.1/admincenter/securityrole/manage.md). + the node would be hidden. See [Priority](/docs/directorymanager/11.1/signin/securityrole/manage.md). Select _Never_ to hide the node for all users. 9. In the **Tooltip Text** box, enter the text to appear when a user hovers the mouse over the node. 10. Use the **Icon Class** box to upload the image (icon) to be displayed with the node name. @@ -200,7 +206,7 @@ that: the browser’s back button to return to the previous page. 13. In the **Access Level** drop-down list, select a security role. The sub-node would be visible for users of this role and roles with a priority value higher than this role. For all other - users, the sub-node would be hidden. See [Priority](/docs/directorymanager/11.1/admincenter/securityrole/manage.md). + users, the sub-node would be hidden. See [Priority](/docs/directorymanager/11.1/signin/securityrole/manage.md). Select _Never_ to hide the sub-node for all users. 14. Click **OK**. 15. Click **Save** on the **Navigation Bar** page. @@ -298,7 +304,7 @@ You can modify the following for a tab: 4. **URL** – The address of the webpage to display when a user clicks the tab. 5. **Access Level** – Select a security role. The tab would be visible to users of this role and roles with a priority value higher than this role. For all other users, the tab would be - hidden. See [Priority](/docs/directorymanager/11.1/admincenter/securityrole/manage.md). + hidden. See [Priority](/docs/directorymanager/11.1/signin/securityrole/manage.md). Select _Never_ to hide the tab for all users. 9. Click **OK** twice on the **Edit Link** pane. @@ -343,4 +349,4 @@ You can modify the following for a tab: See Also -- [Design a Portal with Display Types](/docs/directorymanager/11.1/admincenter/portal/displaytype/overview.md) +- [Design a Portal with Display Types](/docs/directorymanager/11.1/signin/applications/portal/displaytype/overview.md) diff --git a/docs/directorymanager/11.1/admincenter/portal/design/objectcard.md b/docs/directorymanager/11.1/signin/applications/portal/displaytype/objectcard.md similarity index 96% rename from docs/directorymanager/11.1/admincenter/portal/design/objectcard.md rename to docs/directorymanager/11.1/signin/applications/portal/displaytype/objectcard.md index c900b0fc3a..31b34fbe24 100644 --- a/docs/directorymanager/11.1/admincenter/portal/design/objectcard.md +++ b/docs/directorymanager/11.1/signin/applications/portal/displaytype/objectcard.md @@ -1,3 +1,9 @@ +--- +title: "Specify Attributes for the Object Card" +description: "Specify Attributes for the Object Card" +sidebar_position: 130 +--- + # Specify Attributes for the Object Card In the portal, the names of directory objects are displayed as links. When a user hovers the mouse @@ -141,5 +147,5 @@ You can remove an attribute from the body of an object card. **See Also** -- [Design a Portal with Display Types](/docs/directorymanager/11.1/admincenter/portal/displaytype/overview.md) -- [Specify Attributes for Object List View](/docs/directorymanager/11.1/admincenter/portal/design/objectlist.md) +- [Design a Portal with Display Types](/docs/directorymanager/11.1/signin/applications/portal/displaytype/overview.md) +- [Specify Attributes for Object List View](/docs/directorymanager/11.1/signin/applications/portal/displaytype/objectlist.md) diff --git a/docs/directorymanager/11.1/admincenter/portal/design/objectlist.md b/docs/directorymanager/11.1/signin/applications/portal/displaytype/objectlist.md similarity index 90% rename from docs/directorymanager/11.1/admincenter/portal/design/objectlist.md rename to docs/directorymanager/11.1/signin/applications/portal/displaytype/objectlist.md index 1123c63547..3f384b70a1 100644 --- a/docs/directorymanager/11.1/admincenter/portal/design/objectlist.md +++ b/docs/directorymanager/11.1/signin/applications/portal/displaytype/objectlist.md @@ -1,3 +1,9 @@ +--- +title: "Specify Attributes for Object List View" +description: "Specify Attributes for Object List View" +sidebar_position: 140 +--- + # Specify Attributes for Object List View In the portal, the object list refers to a listing of groups that are similar to another group, @@ -45,5 +51,5 @@ What do you want to do? **See Also** -- [Design a Portal with Display Types](/docs/directorymanager/11.1/admincenter/portal/displaytype/overview.md) -- [Specify Attributes for the Object Card](/docs/directorymanager/11.1/admincenter/portal/design/objectcard.md) +- [Design a Portal with Display Types](/docs/directorymanager/11.1/signin/applications/portal/displaytype/overview.md) +- [Specify Attributes for the Object Card](/docs/directorymanager/11.1/signin/applications/portal/displaytype/objectcard.md) diff --git a/docs/directorymanager/11.1/admincenter/portal/design/objectproperties.md b/docs/directorymanager/11.1/signin/applications/portal/displaytype/objectproperties.md similarity index 97% rename from docs/directorymanager/11.1/admincenter/portal/design/objectproperties.md rename to docs/directorymanager/11.1/signin/applications/portal/displaytype/objectproperties.md index 02e1a3fed6..6a0362209b 100644 --- a/docs/directorymanager/11.1/admincenter/portal/design/objectproperties.md +++ b/docs/directorymanager/11.1/signin/applications/portal/displaytype/objectproperties.md @@ -1,3 +1,9 @@ +--- +title: "Customize Properties Pages" +description: "Customize Properties Pages" +sidebar_position: 40 +--- + # Customize Properties Pages Directory Manager enables you to customize the property pages displayed in the portal for these @@ -64,7 +70,7 @@ What do you want to do? 8. In the **Visibility Level** drop-down list, select a security role. The tab would be visible to users of this role and roles with a priority value higher than this role. The tab would not be visible to group owners (for their respective groups) and user managers (for their direct - reports) if they fall in a lower priority role. See [Priority](/docs/directorymanager/11.1/admincenter/securityrole/manage.md). + reports) if they fall in a lower priority role. See [Priority](/docs/directorymanager/11.1/signin/securityrole/manage.md). - Select _Never_ to hide the tab from all users. - Select _Manager and Owner_ to make the tab visible only to the owner (in case of a group) or @@ -92,7 +98,7 @@ What do you want to do? 9. In the **Access Level** drop-down list, select a security role. Users of this role and roles with a priority value higher than it can add and update the values of fields on this tab. If group owners/user managers fall in a lower priority role, they cannot update the fields on the tab for - their respective groups/direct reports. See [Priority](/docs/directorymanager/11.1/admincenter/securityrole/manage.md). + their respective groups/direct reports. See [Priority](/docs/directorymanager/11.1/signin/securityrole/manage.md). - Select _Never_ to make the tab and its fields read-only for all users. - Select _Manager and Owner_ to enable the owner (in case of a group) or manager (in case of a @@ -179,11 +185,11 @@ You can change the following for a tab: 10. In the **Display Type** drop-down list, select the display type to use for rendering this field on the tab. The list contains basic display types and custom display types defined on the **Custom Display - Types** page. See the [Display Type Categories](/docs/directorymanager/11.1/admincenter/portal/displaytype/categories.md) topic. + Types** page. See the [Display Type Categories](/docs/directorymanager/11.1/signin/applications/portal/categories/categories.md) topic. 11. In the **Visibility Level** drop-down list, select a security role. The tab would be visible to users of this role and roles with a priority value higher than this role. It would not be visible to group owners (for their respective groups) and user managers (for their direct - reports) if they fall under a lower priority role. See [Priority](/docs/directorymanager/11.1/admincenter/securityrole/manage.md). + reports) if they fall under a lower priority role. See [Priority](/docs/directorymanager/11.1/signin/securityrole/manage.md). - Select _Never_ to hide the field from all users. - Select _Manager and Owner_ to make the field visible only to the owner (in case of a group) or @@ -213,7 +219,7 @@ You can change the following for a tab: 12. In the **Access Level** drop-down list, select a security role. Users of this role and roles with a priority value higher than this role can add and update the value of this field. If group owners/user managers fall in a lower priority role, they cannot able to update the value of the - field for their respective groups/direct reports. See [Priority](/docs/directorymanager/11.1/admincenter/securityrole/manage.md). + field for their respective groups/direct reports. See [Priority](/docs/directorymanager/11.1/signin/securityrole/manage.md). - Select _Never_ to make this field read-only for all users. - Select _Manager and Owner_ to enable only the owner (in case of a group) or manager (in case @@ -275,7 +281,7 @@ You can change the following for a tab: 20. Select the **Filter Bad Words** check box to ensure that users do not enter any bad word in this field. A value entered for the field is checked against the words listed on the **Bad Words List** - page. Matched values cannot be saved. See the [Manage the Bad Words List](/docs/directorymanager/11.1/admincenter/portal/design/badwords.md) topic. + page. Matched values cannot be saved. See the [Manage the Bad Words List](/docs/directorymanager/11.1/signin/applications/portal/displaytype/badwords.md) topic. 21. The **Image Attribute** list is available when ‘DN’ is selected as the display type. This list supports ‘thumbnailPhoto’ as its value. @@ -364,4 +370,4 @@ The following field properties vary from field to field. You can: See Also -- [Design a Portal with Display Types](/docs/directorymanager/11.1/admincenter/portal/displaytype/overview.md) +- [Design a Portal with Display Types](/docs/directorymanager/11.1/signin/applications/portal/displaytype/overview.md) diff --git a/docs/directorymanager/11.1/admincenter/portal/design/organizationalhierarchy.md b/docs/directorymanager/11.1/signin/applications/portal/displaytype/organizationalhierarchy.md similarity index 90% rename from docs/directorymanager/11.1/admincenter/portal/design/organizationalhierarchy.md rename to docs/directorymanager/11.1/signin/applications/portal/displaytype/organizationalhierarchy.md index 1a5a7e039b..429b0ed0ea 100644 --- a/docs/directorymanager/11.1/admincenter/portal/design/organizationalhierarchy.md +++ b/docs/directorymanager/11.1/signin/applications/portal/displaytype/organizationalhierarchy.md @@ -1,3 +1,9 @@ +--- +title: "Specify Attributes for Organizational Hierarchy" +description: "Specify Attributes for Organizational Hierarchy" +sidebar_position: 120 +--- + # Specify Attributes for Organizational Hierarchy Using the portal, you can view the organizational hierarchy for a user in the organization. This @@ -35,10 +41,10 @@ What do you want to do? attribute on the organizational hierarchy chart. The display type must match the attribute. For example, the ‘TreePicture’ display type matches the ‘thumbnailPhoto’ attribute. This list contains basic display types and custom display types defined on the **Custom Display - Types** page. See the [Display Type Categories](/docs/directorymanager/11.1/admincenter/portal/displaytype/categories.md) topic. + Types** page. See the [Display Type Categories](/docs/directorymanager/11.1/signin/applications/portal/categories/categories.md) topic. 9. Click **OK**. 10. Click **Save** on the **Organizational Hierarchy** page. **See Also** -- [Design a Portal with Display Types](/docs/directorymanager/11.1/admincenter/portal/displaytype/overview.md) +- [Design a Portal with Display Types](/docs/directorymanager/11.1/signin/applications/portal/displaytype/overview.md) diff --git a/docs/directorymanager/11.1/signin/applications/portal/displaytype/overview.md b/docs/directorymanager/11.1/signin/applications/portal/displaytype/overview.md new file mode 100644 index 0000000000..75e713fd5c --- /dev/null +++ b/docs/directorymanager/11.1/signin/applications/portal/displaytype/overview.md @@ -0,0 +1,60 @@ +--- +title: "Design a Portal with Display Types" +description: "Design a Portal with Display Types" +sidebar_position: 50 +--- + +# Design a Portal with Display Types + +Display types enable you to control the layout and appearance of a Directory Manager portal and its +pages. They also enable you to expose the required functionality and data fields in the portal. + +You can associate multiple identity stores with a portal and design a different portal for each +identity store. Adding links to the navigation bar, adding pages to the portal, and adding fields to +pages are some customization examples. In this way, the portal offers a different design and +functionality for each associated identity store. + +You can customize the following for a portal: + +- **Search Forms:** control the fields to be displayed on different search forms and search result + pages in a portal. See the [Customize Search Forms](/docs/directorymanager/11.1/signin/applications/portal/displaytype/searchforms.md) and + [Customize Search Results](/docs/directorymanager/11.1/signin/applications/portal/displaytype/searchresults.md) topics. +- **Quick Search:** control the schema attributes for quick search to run on. See the + [Customize Quick Search](/docs/directorymanager/11.1/signin/applications/portal/displaytype/quicksearch.md) topic. +- **Properties:** control what properties of directory objects you want to display in a portal. See + the [Customize Properties Pages](/docs/directorymanager/11.1/signin/applications/portal/displaytype/objectproperties.md) topic. +- **Toolbars:** customize the buttons on the portal toolbars. See the + [Customize the Toolbars](/docs/directorymanager/11.1/signin/applications/portal/displaytype/toolbars.md) topic. +- **Navigation Bar:** customize the left navigation bar in a portal. See the + [Customize the Navigation Bar](/docs/directorymanager/11.1/signin/applications/portal/displaytype/navigationbar.md) topic. +- **Bad Words List:** restrict users from entering bad or offensive words while using a portal. See + the [Manage the Bad Words List](/docs/directorymanager/11.1/signin/applications/portal/displaytype/badwords.md) topic. +- **Import/Export Attributes:** specify schema attributes to be used for importing/exporting members + and additional owners for groups. See the + [Specify Attributes for Import/Export of Group Owners and Members](/docs/directorymanager/11.1/signin/applications/portal/displaytype/importexport.md): + topic. +- **Create Object Wizards:** control the schema attributes displayed in the portal for creating + different object types. See the + [Customize the Create Object Wizards](/docs/directorymanager/11.1/signin/applications/portal/displaytype/createobject.md) topic. +- **Query Attributes:** control which schema attributes to display in the portal for creating + queries for Smart Groups ad Dynasties. See the + [ Specify Smart Group Query Attributes](/docs/directorymanager/11.1/signin/applications/portal/displaytype/queryattributes.md) topic. +- **Property Validation:** manage the schema attributes for user profile validation and group + attestation. See the [Manage Property Validation Attributes](/docs/directorymanager/11.1/signin/applications/portal/displaytype/propertyvalidation.md) + topic. +- **Organizational Hierarchy:** specify user attributes for display on the organizational hierarchy + chart. See the + [Specify Attributes for Organizational Hierarchy](/docs/directorymanager/11.1/signin/applications/portal/displaytype/organizationalhierarchy.md) topic. +- **Card View:** specify the attributes to be displayed on an object card. See the + [Specify Attributes for the Object Card](/docs/directorymanager/11.1/signin/applications/portal/displaytype/objectcard.md) topic. +- **Object List View:** specify the attributes to be displayed for similar groups on the **Similar + Groups** tab in group properties. See the + [Specify Attributes for Object List View](/docs/directorymanager/11.1/signin/applications/portal/displaytype/objectlist.md) topic. + +NOTE: Design settings are available for a standard Directory Manager portal, and not for a +Self-Service Password Reset portal. + +**See Also** + +- [Display Type Categories](/docs/directorymanager/11.1/signin/applications/portal/categories/categories.md) +- [Define Custom Display Types](/docs/directorymanager/11.1/signin/applications/portal/categories/custom.md) diff --git a/docs/directorymanager/11.1/admincenter/portal/design/propertyvalidation.md b/docs/directorymanager/11.1/signin/applications/portal/displaytype/propertyvalidation.md similarity index 93% rename from docs/directorymanager/11.1/admincenter/portal/design/propertyvalidation.md rename to docs/directorymanager/11.1/signin/applications/portal/displaytype/propertyvalidation.md index 142d2773c9..f124cdd99d 100644 --- a/docs/directorymanager/11.1/admincenter/portal/design/propertyvalidation.md +++ b/docs/directorymanager/11.1/signin/applications/portal/displaytype/propertyvalidation.md @@ -1,3 +1,9 @@ +--- +title: "Manage Property Validation Attributes" +description: "Manage Property Validation Attributes" +sidebar_position: 110 +--- + # Manage Property Validation Attributes In Directory Manager, property validation applies to: @@ -31,7 +37,7 @@ neither be edited nor removed. The Directory Manager administrator can enforce group owners to review and validate the attributes and membership of an expiring group before renewing it. See the -[Enable Group Attestation](/docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/grouplifecycle.md#enable-group-attestation) +[Enable Group Attestation](/docs/directorymanager/11.1/signin/identitystore/configure/grouplifecycle.md#enable-group-attestation) topic. While attesting a group in the portal, the owner can: @@ -82,10 +88,10 @@ What do you want to do? 9. Use the **Display Type** drop-down list to specify the display type to use for rendering the attribute in the portal. The list contains basic display types and custom display types defined on the **Custom Display Types** page. See the - [Display Type Categories](/docs/directorymanager/11.1/admincenter/portal/displaytype/categories.md) topic. + [Display Type Categories](/docs/directorymanager/11.1/signin/applications/portal/categories/categories.md) topic. 10. In the **Visibility Level** drop-down list, select a security role. The field would be visible to users of this role and roles with a priority value higher than this role. See - [Priority](/docs/directorymanager/11.1/admincenter/securityrole/manage.md). + [Priority](/docs/directorymanager/11.1/signin/securityrole/manage.md). Select _Never_ to hide the field from all users. 11. As mentioned for visibility level, the field is visible to members of the selected role and roles with a priority value higher than the selected role. @@ -102,7 +108,7 @@ What do you want to do? 16. Select the **Filter Bad Words** check box to ensure that users do not enter any bad word in this field. A value entered for the field is checked against the words listed on the **Bad Words List** - page. Matched values cannot be saved. See the [Manage the Bad Words List](/docs/directorymanager/11.1/admincenter/portal/design/badwords.md) topic. + page. Matched values cannot be saved. See the [Manage the Bad Words List](/docs/directorymanager/11.1/signin/applications/portal/displaytype/badwords.md) topic. 17. The **Image Attribute** list is available when ‘DN’ is selected as the display type. This list supports ‘thumbnailPhoto’ as its value. @@ -177,5 +183,5 @@ The following field properties vary from field to field. You can: **See Also** -- [Design a Portal with Display Types](/docs/directorymanager/11.1/admincenter/portal/displaytype/overview.md) -- [Configure User Profile Validation](/docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/profilevalidation.md) +- [Design a Portal with Display Types](/docs/directorymanager/11.1/signin/applications/portal/displaytype/overview.md) +- [Configure User Profile Validation](/docs/directorymanager/11.1/signin/identitystore/configure/profilevalidation.md) diff --git a/docs/directorymanager/11.1/admincenter/portal/design/queryattributes.md b/docs/directorymanager/11.1/signin/applications/portal/displaytype/queryattributes.md similarity index 96% rename from docs/directorymanager/11.1/admincenter/portal/design/queryattributes.md rename to docs/directorymanager/11.1/signin/applications/portal/displaytype/queryattributes.md index 2542c2f9f0..6d8f42e439 100644 --- a/docs/directorymanager/11.1/admincenter/portal/design/queryattributes.md +++ b/docs/directorymanager/11.1/signin/applications/portal/displaytype/queryattributes.md @@ -1,3 +1,9 @@ +--- +title: "Specify Smart Group Query Attributes" +description: "Specify Smart Group Query Attributes" +sidebar_position: 90 +--- + # Specify Smart Group Query Attributes For an identity store, you can choose whether all or specific schema attributes should be available @@ -86,14 +92,14 @@ You can also specify the following for an attribute: This box is not available when multiple attributes have been selected. 9. Select a security role in the **Visibility Level** drop-down list. The attribute(s) would be visible to users of the selected role and roles with a priority value higher than the selected - role. See [Priority](/docs/directorymanager/11.1/admincenter/securityrole/manage.md). + role. See [Priority](/docs/directorymanager/11.1/signin/securityrole/manage.md). Select _Never_ to hide the attribute(s) from all users. 10. Use the **Display Type** drop-down list to specify the display type to use for enabling users to provide a value for the attribute(s) in the portal. For example, you can select a text box, drop-down list, or DN as display type. In case of DN, users can search and select a directory object as value for the attribute. The list contains basic display types and custom display types defined on the **Custom Display - Types** page. See the [Display Type Categories](/docs/directorymanager/11.1/admincenter/portal/displaytype/categories.md) topic. + Types** page. See the [Display Type Categories](/docs/directorymanager/11.1/signin/applications/portal/categories/categories.md) topic. When multiple attributes are selected in the **Fields** box, this display type applies to each of them. You can edit an attribute later to apply a different display type. 11. In the **ToolTip Text** box, enter the text to display when a user hovers the mouse over the @@ -156,4 +162,4 @@ You can change the following for an attribute: See Also -- [Design a Portal with Display Types](/docs/directorymanager/11.1/admincenter/portal/displaytype/overview.md) +- [Design a Portal with Display Types](/docs/directorymanager/11.1/signin/applications/portal/displaytype/overview.md) diff --git a/docs/directorymanager/11.1/admincenter/portal/design/form/quicksearch.md b/docs/directorymanager/11.1/signin/applications/portal/displaytype/quicksearch.md similarity index 92% rename from docs/directorymanager/11.1/admincenter/portal/design/form/quicksearch.md rename to docs/directorymanager/11.1/signin/applications/portal/displaytype/quicksearch.md index ff7ad7fb95..d0bb973a57 100644 --- a/docs/directorymanager/11.1/admincenter/portal/design/form/quicksearch.md +++ b/docs/directorymanager/11.1/signin/applications/portal/displaytype/quicksearch.md @@ -1,3 +1,9 @@ +--- +title: "Customize Quick Search" +description: "Customize Quick Search" +sidebar_position: 30 +--- + # Customize Quick Search In a Directory Manager portal, the quick search box is available at the top of each page. You can @@ -71,5 +77,5 @@ What do you want to do? **See Also** -- [Customize Search Forms](/docs/directorymanager/11.1/admincenter/portal/design/form/searchforms.md) -- [Customize Search Results](/docs/directorymanager/11.1/admincenter/portal/design/form/searchresults.md) +- [Customize Search Forms](/docs/directorymanager/11.1/signin/applications/portal/displaytype/searchforms.md) +- [Customize Search Results](/docs/directorymanager/11.1/signin/applications/portal/displaytype/searchresults.md) diff --git a/docs/directorymanager/11.1/admincenter/portal/design/form/searchforms.md b/docs/directorymanager/11.1/signin/applications/portal/displaytype/searchforms.md similarity index 90% rename from docs/directorymanager/11.1/admincenter/portal/design/form/searchforms.md rename to docs/directorymanager/11.1/signin/applications/portal/displaytype/searchforms.md index 2b2c8f97e7..f9dae5cb7d 100644 --- a/docs/directorymanager/11.1/admincenter/portal/design/form/searchforms.md +++ b/docs/directorymanager/11.1/signin/applications/portal/displaytype/searchforms.md @@ -1,3 +1,9 @@ +--- +title: "Customize Search Forms" +description: "Customize Search Forms" +sidebar_position: 10 +--- + # Customize Search Forms You can customize the search forms for a portal. You can: @@ -47,7 +53,7 @@ What do you want to do? 10. In the **Display Type** drop-down list, select the display type to use to render this field in the portal. The list contains basic display types and custom display types defined on the **Custom Display Types** page. See the - [Display Type Categories](/docs/directorymanager/11.1/admincenter/portal/displaytype/categories.md) topic. + [Display Type Categories](/docs/directorymanager/11.1/signin/applications/portal/categories/categories.md) topic. 11. Click **OK.** The field is displayed in the **Fields** area on the **Edit Search Form** pane. To rearrange the fields on the search form, click the plus sign for a field and drag to change its position. @@ -94,7 +100,7 @@ You can change the following for a field on a search form: **See Also** -- [Design a Portal with Display Types](/docs/directorymanager/11.1/admincenter/portal/displaytype/overview.md) -- [Display Type Categories](/docs/directorymanager/11.1/admincenter/portal/displaytype/categories.md) -- [Customize Search Results](/docs/directorymanager/11.1/admincenter/portal/design/form/searchresults.md) -- [Customize Quick Search](/docs/directorymanager/11.1/admincenter/portal/design/form/quicksearch.md) +- [Design a Portal with Display Types](/docs/directorymanager/11.1/signin/applications/portal/displaytype/overview.md) +- [Display Type Categories](/docs/directorymanager/11.1/signin/applications/portal/categories/categories.md) +- [Customize Search Results](/docs/directorymanager/11.1/signin/applications/portal/displaytype/searchresults.md) +- [Customize Quick Search](/docs/directorymanager/11.1/signin/applications/portal/displaytype/quicksearch.md) diff --git a/docs/directorymanager/11.1/admincenter/portal/design/form/searchresults.md b/docs/directorymanager/11.1/signin/applications/portal/displaytype/searchresults.md similarity index 95% rename from docs/directorymanager/11.1/admincenter/portal/design/form/searchresults.md rename to docs/directorymanager/11.1/signin/applications/portal/displaytype/searchresults.md index 99f2be4b55..4f23875f29 100644 --- a/docs/directorymanager/11.1/admincenter/portal/design/form/searchresults.md +++ b/docs/directorymanager/11.1/signin/applications/portal/displaytype/searchresults.md @@ -1,3 +1,9 @@ +--- +title: "Customize Search Results" +description: "Customize Search Results" +sidebar_position: 20 +--- + # Customize Search Results You can customize the search result pages for a portal. You can: @@ -45,7 +51,7 @@ The following table lists the search results pages that you can customize: 9. In the **Tooltip** box, enter the text to appear when a user hovers the mouse over the field. 10. In the **Display Type** drop-down list, select the display type to use to render this field in the portal. Available options are limited to textbox, DN, DNs, and Link, which are basic display - Types. See the [Basic Display Types](/docs/directorymanager/11.1/admincenter/portal/displaytype/categories.md#basic-display-types) topic. + Types. See the [Basic Display Types](/docs/directorymanager/11.1/signin/applications/portal/categories/categories.md#basic-display-types) topic. 11. Click **OK.** The field is displayed in the **Fields** area on the **Edit Search Results** pane. To rearrange the fields on the search form, click the equal sign for a field and drag to change @@ -92,7 +98,7 @@ You can change the following for a field on a search results page: **See Also** -- [Design a Portal with Display Types](/docs/directorymanager/11.1/admincenter/portal/displaytype/overview.md) -- [Display Type Categories](/docs/directorymanager/11.1/admincenter/portal/displaytype/categories.md) +- [Design a Portal with Display Types](/docs/directorymanager/11.1/signin/applications/portal/displaytype/overview.md) +- [Display Type Categories](/docs/directorymanager/11.1/signin/applications/portal/categories/categories.md) - Customize Search Results -- [Customize Quick Search](/docs/directorymanager/11.1/admincenter/portal/design/form/quicksearch.md) +- [Customize Quick Search](/docs/directorymanager/11.1/signin/applications/portal/displaytype/quicksearch.md) diff --git a/docs/directorymanager/11.1/admincenter/portal/design/sendasonbehalf.md b/docs/directorymanager/11.1/signin/applications/portal/displaytype/sendasonbehalf.md similarity index 98% rename from docs/directorymanager/11.1/admincenter/portal/design/sendasonbehalf.md rename to docs/directorymanager/11.1/signin/applications/portal/displaytype/sendasonbehalf.md index 9f798a1739..44ee4ef67e 100644 --- a/docs/directorymanager/11.1/admincenter/portal/design/sendasonbehalf.md +++ b/docs/directorymanager/11.1/signin/applications/portal/displaytype/sendasonbehalf.md @@ -1,3 +1,9 @@ +--- +title: "The ‘Send on Behalf’ and ‘Send As’ Permissions" +description: "The ‘Send on Behalf’ and ‘Send As’ Permissions" +sidebar_position: 150 +--- + # The ‘Send on Behalf’ and ‘Send As’ Permissions Using the portal, a user can delegate the _Send on Behalf_ and _Send As_ permissions to other @@ -71,7 +77,7 @@ would enable the object to delegate the Send As permission to users. visible to users of this role and roles with a priority value higher than this role. It would not even be visible to group owners (for their respective groups) and user managers (for their direct reports) if they fall in a lower priority role. See - [Priority](/docs/directorymanager/11.1/admincenter/securityrole/manage.md). + [Priority](/docs/directorymanager/11.1/signin/securityrole/manage.md). - Select _Never_ to hide the field from all users. - Select _Manager and Owner_ to make the field visible only to the owner (in case of a group) or @@ -167,7 +173,7 @@ This would enable the object to delegate the Send on Behalf permission to users. 11. In the **Visibility Level** drop-down list, select a security role. The Send on Behalf field would be visible to users of this role and roles with a priority value higher than this role. It would not be visible to group owners (for their groups) and user managers (for their direct - reports) if they fall in a lower priority role. See [Priority](/docs/directorymanager/11.1/admincenter/securityrole/manage.md). + reports) if they fall in a lower priority role. See [Priority](/docs/directorymanager/11.1/signin/securityrole/manage.md). - Select _Never_ to hide the field from all users. - Select _Manager and Owner_ to make the field visible only to the owner (in case of a group) or diff --git a/docs/directorymanager/11.1/admincenter/portal/design/toolbars.md b/docs/directorymanager/11.1/signin/applications/portal/displaytype/toolbars.md similarity index 98% rename from docs/directorymanager/11.1/admincenter/portal/design/toolbars.md rename to docs/directorymanager/11.1/signin/applications/portal/displaytype/toolbars.md index 746419e63c..13ba6a2aa4 100644 --- a/docs/directorymanager/11.1/admincenter/portal/design/toolbars.md +++ b/docs/directorymanager/11.1/signin/applications/portal/displaytype/toolbars.md @@ -1,3 +1,9 @@ +--- +title: "Customize the Toolbars" +description: "Customize the Toolbars" +sidebar_position: 50 +--- + # Customize the Toolbars Toolbars are available on different pages of the Directory Manager portal; however, not all of these @@ -81,7 +87,7 @@ can update a few details for a button, such as its name and image. 8. **Visibility Level** – Select a security role. The toolbar button would be visible to users of this role and roles with a priority value higher than this role. See - [Priority](/docs/directorymanager/11.1/admincenter/securityrole/manage.md). + [Priority](/docs/directorymanager/11.1/signin/securityrole/manage.md). Select _Never_ to hide the button from all users. 8. Click **OK**. @@ -104,4 +110,4 @@ can update a few details for a button, such as its name and image. See Also -- [Design a Portal with Display Types](/docs/directorymanager/11.1/admincenter/portal/displaytype/overview.md) +- [Design a Portal with Display Types](/docs/directorymanager/11.1/signin/applications/portal/displaytype/overview.md) diff --git a/docs/directorymanager/11.1/signin/applications/portal/overview.md b/docs/directorymanager/11.1/signin/applications/portal/overview.md new file mode 100644 index 0000000000..9b37cc3538 --- /dev/null +++ b/docs/directorymanager/11.1/signin/applications/portal/overview.md @@ -0,0 +1,76 @@ +--- +title: "Directory Manager Portal" +description: "Directory Manager Portal" +sidebar_position: 20 +--- + +# Directory Manager Portal + +A Directory Manager portal represents a virtual link with the directory. Using it, users can do the +following in an identity store: + +- Search the directory. +- Perform group management tasks, such as create and update their groups; join and leave groups; + attest, expire and renew groups, and more. +- Carry out user management tasks, such as create, update, and delete users in the directory. Users + can maintain and update their profiles, change their passwords, manage their accounts, manage + their direct reports, and more. +- Synchronize data between a source and a destination, such as directories, files, and databases. +- Manage user and group entitlements to shared resources on file servers and SharePoint sites. +- Approve and deny workflow requests. +- Generate hundreds of insightful reports on Active Directory, Microsoft Entra ID, Exchange, and + Office 365 objects (groups, users, mailboxes, contacts, computers, and servers). +- View history data for directory objects that are created, updated, or deleted in the directory + using Directory Manager. + +Delegating group and user management tasks to end-users reduces the workload on IT administrators +and helpdesk, as users are empowered to manage their groups and direct reports without assistance +from an administrator. Moreover, when users maintain and update their profile information, data is +more accurate and reliable. + +Administrators can maintain complete control over data integrity, as they can implement fine-grained +controls and policies that determine what users can view and change using the Directory Manager +portal. They can also define workflows for an identity store, that serve as a built-in auditing +system to ensure that users enter correct data before changes are committed to the directory. + +A Directory Manager portal can be linked with multiple identity stores, thus eliminating the need to +create a separate portal for each identity store. Users can select an identity store while signing +in. + +## Self-Service Password Reset Portal (SSPR) + +A Self-Service Password Reset portal is a type of Directory Manager portal that only facilitates +password-related functions. This portal enables users to manage their directory account passwords, +i.e., the password for the account they use to access their workstations and other Microsoft +services. Users can change and reset their passwords, as well as unlock their accounts. They can +also enroll their accounts in Directory Manager and link accounts in different identity stores. + +NOTE: Directory Manager does not support the upgrade of a Password Center portal (from a previous +version) to an SSPR portal. You have to create the SSPR portal as a new portal. + +## Linked Identity Stores and the Portal + +The administrator can link two or more identity stores in Directory Manager. As a prerequisite for +linking, the identity stores must be built on Active Directory or Microsoft Entra ID domains. The +purpose is to link identical objects in different domains. + +To learn about linked identity stores and how they work in a Directory Manager portal, see the +[Linked Identity Stores and the Directory Manager Portal](/docs/directorymanager/11.1/signin/identitystore/link/overview.md#linked-identity-stores-and-the-directory-manager-portal) +topic. + +## Notifications in the Portal + +A Directory Manager portal can send email notifications to designated recipients when a user makes a +change to objects in an identity store. To specify notification recipients, see the +[Specify Notification Recipients](/docs/directorymanager/11.1/signin/identitystore/configure/smtpserver.md#specify-notification-recipients) +topic. + +By default, notifications are sent to users in the English language. However, a user can opt to +receive notifications in a supported language by personalizing the language settings from the +**Settings** panel in the portal. + +**See Also** + +- [Directory Manage Applications](/docs/directorymanager/11.1/signin/applications/applications.md) +- [Create a Portal](/docs/directorymanager/11.1/signin/applications/portal/create.md) +- [Delete a Portal](/docs/directorymanager/11.1/signin/applications/portal/delete.md) diff --git a/docs/directorymanager/11.1/signin/applications/portal/server/_category_.json b/docs/directorymanager/11.1/signin/applications/portal/server/_category_.json new file mode 100644 index 0000000000..45d237ac97 --- /dev/null +++ b/docs/directorymanager/11.1/signin/applications/portal/server/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Server Settings", + "position": 30, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/directorymanager/11.1/signin/applications/portal/server/advanced.md b/docs/directorymanager/11.1/signin/applications/portal/server/advanced.md new file mode 100644 index 0000000000..a1746f8d20 --- /dev/null +++ b/docs/directorymanager/11.1/signin/applications/portal/server/advanced.md @@ -0,0 +1,78 @@ +--- +title: "Manage Advanced Settings" +description: "Manage Advanced Settings" +sidebar_position: 70 +--- + +# Manage Advanced Settings + +Advanced settings allow you to customize the functionality and appearance of a portal. For example, +you can set the default landing page, change the portal logo, show or hide the help link, display +enrollment reminders, and more. + +NOTE: Advanced settings are available for a standard Directory Manager portal, and not for a +Self-Service Password Reset portal. + +Default values for all advanced settings are specified for a portal. You can update any setting as +required. You can also import these advanced settings for a portal from a previous Directory Manager +version. See step 14 in the +[Create a Portal in Native IIS](/docs/directorymanager/11.1/signin/applications/portal/create.md#create-a-portal-in-native-iis) topic. + +You can manage the following advanced settings for a portal: + +- Portal & Search +- Listings Display +- Miscellaneous + +## Portal & Search + +| Setting | Description | +| --------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Portal Logo | Use the default Directory Manager portal logo or a logo of your choice for display in the portal. - Click **Change** to select and upload a logo of your choice. - Click **Reset** to revert to the default logo. | +| Default Startup Page | Specify a landing page for the portal. By default, the _Welcome_ page is set as the start page. You can change it to one that your users frequently visit. You can change the start page to any of these pages: - Welcome - My Groups - My Memberships - My Expired Groups - My Expiring Groups - My Deleted Groups - My Smart Groups - My Dynasties - Search - My Profile - My Direct Reports - Change My Password - Reset Password - Request Inbox - My Requests - Link Account - Entitlement - History - Reports - Synchronize NOTE: Individual users can personalize this setting from the Settings panel in the portal. | +| Search Default | Set the default selection in the portal’s _Search Directory_ box, which is available on the _Groups_, _Users_, and _Advanced Search_ pages as well as on the _Find_ dialog box. Options are: - **Global Catalog:** Selecting this option shows “_Entire Directory_” selected in the _Search Directory_ box. Also, expanding the list displays the Entire Directory check box selected instead of the logged-on domain. Select this option when most of the searches that portal users perform are based on the global catalog. - **Domain:** The _Search Directory_ box shows the domain of the identity store the portal is connected to. Users can expand the list to select any other option. NOTE: Individual users can personalize this setting from the Settings panel in the portal. | +| Sort Search | Set the field name (column header) for sorting listings and search results in the portal, such as listings on the All Groups, My Groups, and Users pages, and searches performed using Advanced Search and the Find dialog box. In the **Sort Search** field, specify an attribute to use for sorting listings and search results. By default, the displayName attribute is specified, indicating that listings and search results are sorted by this attribute in ascending order. If you specify an attribute that is not used as a column header in a listing or search results, Directory Manager sorts it on the basis of the default attribute, i.e., _displayName_. | +| Find Dialog / Look For | Select any or all the **Users**, **Groups**, and **Contacts** check boxes to specify the type of objects that can be searched using the portal’s _Find_ dialog box. You can launch the _Find_ dialog box from multiple portal pages to search for objects to designate as owners, managers, additional owners, members, and more. By default, the _Find_ dialog box searches for all types of objects, including users, contacts, and groups. Use this setting to limit the _Find_ feature to specific object types. For example, select the **Users** check box to limit users to search for the _User_ objects only. | +| Request Inbox Page Size | Specify a value in the 5 to 1000 range to set the number of workflow request items to display on the portal’s **All Requests**, **My Requests** and **Request Inbox** pages. Setting zero or a negative number displays all workflow requests. By default, these pages display 20 request items at a time. When setting the page size, consider the volume of request traffic generated by your users. Showing all or many workflow requests increases page load time and response time. | +| Toolbar Default Most Recent Used Object Count | Specify a value in the 1 to 9 range to set the number of most recently used objects to display in the portal’s _quick search_ box. The _quick search_ box is displayed at the top of each page in the portal. Clicking in it displays objects that the logged-on user recently viewed. Clicking an object opens its properties. NOTE: Individual users can personalize this setting from the Settings panel in the portal. | +| Default Search Page Size | Specify a value in the 5 to 1000 range to set the maximum number of list objects to display on a portal page. Many portal pages display lists of objects. Examples are the **My Groups** and **Users** pages. By default, all list views display 25 objects per page. When setting the page size, consider available network bandwidth and server resources, as the greater the number, the higher the potential for increased page load time and slow response time. NOTE: Individual users can personalize this setting from the **Settings** panel in the portal. | +| Autocomplete Quick Search | Specify whether to turn on search predictions for the portal’s _quick search_. The _quick search_ box is displayed at the top of every page in the portal. Search predictions are possible search terms related to the term the user is typing as search string. - Enable the toggle button to turn on search predictions for quick search in the portal. The portal will show matched items as users type a search string. - Disable the toggle button to turn off search predictions. | + +## Listings Display + +| Setting | Description | +| ----------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Display Nested Ownership | Controls whether to display nested ownership on the portal’s **My Groups** page. It applies to all listings on the page except **My Memberships**. - When the toggle button is disabled, the **My Groups** page displays groups for which the logged-in user is the primary owner, additional owner, or Exchange additional owner. - When enabled, the **My Groups** page also displays groups with nested ownership. Example: the logged-in user is a member of Group A, and Group A is an owner of Group B. When this setting is enabled, the **My Groups** page also shows Group B as the logged-in user is its nested owner. | +| Display Groups in My Groups | Controls whether to display the groups for which the logged-on user is an additional owner, on the portal’s **My Groups** tab. By default, the tab displays the groups that the logged-on user is the primary owner. Enable this setting to include groups for which the logged-on user is an additional owner. | +| Display Groups in My Deleted Groups | Controls whether to display the deleted groups for which the logged-on user is an additional owner, on the portal’s **My Deleted Groups** tab. By default, the tab displays the groups that the logged-on user is the primary owner. Enable this setting to include deleted groups for which the logged-on user is an additional owner. | +| Display Groups in My Expired Groups | Controls whether to display the expired groups for which the logged-on user is an additional owner, on the portal’s **My Expired Groups** tab. By default, the tab displays the groups that the logged-on user is the primary owner. Enable this setting to include expired groups for which the logged-on user is an additional owner. | +| Display Groups in My Expiring Groups | Controls whether to display the expiring groups for which the logged-on user is an additional owner, on the portal’s **My Expiring Groups** tab. By default, the tab displays the groups that the logged-on user is the primary owner. Enable this setting to include expiring groups for which the logged-on user is an additional owner. | +| Display Groups in My Smart Groups | Controls whether to display the Smart Groups for which the logged-on user is an additional owner, on the portal’s **My Smart Groups** tab. By default, the tab displays the groups that the logged-on user is the primary owner. Enable this setting to include Smart Groups for which the logged-on user is an additional owner. | +| Display Groups in My Dynasties | Controls whether to display the Dynasties for which the logged-on user is an additional owner, on the portal’s **My Dynasties** tab. By default, the tab displays the Dynasties that the logged-on user is the primary owner. Enable this setting to include Dynasties for which the logged-on user is an additional owner. Note that this setting applies individually to parent, middle, and leaf Dynasties. | +| Display Additional Manager Direct Reports | Controls whether to display the direct reports for whom the logged-on user is an additional manager, on the portal’s **My Direct Reports** tab. By default, the tab displays the direct reports that the logged-on user is the primary manager. Enable this setting to include direct reports for whom the logged-on user is an additional manager. | + +NOTE: Individual users can personalize all except the _Display Nested Ownership_ setting from the +**Settings** panel in the portal. + +## Miscellaneous + +| Setting | Description | +| --------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Use Contains Filter | Controls the filter that the search function on the portal’s _Advanced Search_ page and the _Find_ dialog box should use while searching objects. - By default, the setting is disabled, implying that when a user enters a search string, the portal searches the directory on the “starts with” basis. For example, if a user enters “Sam” in the _First Name_ box on the Advanced Search page, the portal searches the directory for all objects having first names starting with “Sam". - When you enable the setting, it changes the filter to "Contains”, which returns objects with the string "Sam" anywhere in the first name. | +| Hide Help Link | Controls whether to display the Help icon in the portal. This icon opens the portal help in a new browser window, where portal users can find support content or report their problems. - Enable the setting to display the **Help** icon in the portal. - Disable the setting to hide the **Help** icon. In this case, users will not be able to access the portal’s help pages. | +| Enrollment Reminder | Controls whether to display a reminder with redirect to the **Enroll My Account** page to unenrolled users when they sign into the portal. Enabling the setting initiates these events: 1. On signing in, the landing page displays an information bar requesting the user to enroll his or her account. (The user can ignore the request.) 2. Clicking the bar redirects the user to the **Enroll My Account** page. Disabling the setting does not display the information bar for account enrollment. | +| Suggest Owner/Manager | Set the portal to suggest owners for orphan groups and managers for users without managers. Enable the setting to allow Directory Manager to suggest a primary owner for an orphan group (on the **Owner** tab in group properties) and a primary manager for a user without one (on the **Organization** tab in user properties). - The manager is suggested with respect to the user’s department (say, User A); if the department is not specified, manager suggestion does not work. Directory Manager checks the primary managers of all users who have the same department as User A, and the user who shows up most as a manager is suggested as User A’s primary manager. - The owner is suggested with respect to the group’s membership; Directory Manager checks the managers of group members and the user who shows up most as a manager is suggested as the group owner. This user may or may not be a member of the group. For example, when 40 members of Group A have User A as their manager and 38 members have User B as manager, User A is suggested as Group A’s primary owner. Disable the setting to turn off the owner/manager suggestion function. | + +## Update a Setting + +1. In Admin Center, select **Applications** in the left pane. + On the **GroupID Portal**tab, a portal card displays its info. +2. Click the ellipsis button for a portal and select **Settings**. +3. Click **Advanced Settings** under **Server Settings**. +4. On the **Advanced Settings** page, navigate to the required setting and update it. + + - To change general portal settings, see the Portal & Search table. + - To change display settings for groups, see the Listings Display table. + - To manage other settings, see the Miscellaneous table. + +5. Click **Save**. diff --git a/docs/directorymanager/11.1/admincenter/portal/server/docker.md b/docs/directorymanager/11.1/signin/applications/portal/server/docker.md similarity index 84% rename from docs/directorymanager/11.1/admincenter/portal/server/docker.md rename to docs/directorymanager/11.1/signin/applications/portal/server/docker.md index ee183f68ac..3e15cf2592 100644 --- a/docs/directorymanager/11.1/admincenter/portal/server/docker.md +++ b/docs/directorymanager/11.1/signin/applications/portal/server/docker.md @@ -1,3 +1,9 @@ +--- +title: "Manage Settings for a Docker Deployment" +description: "Manage Settings for a Docker Deployment" +sidebar_position: 40 +--- + # Manage Settings for a Docker Deployment You can manage various settings for a portal instance deployed in Docker. @@ -34,10 +40,10 @@ After instance creation, this info cannot be changed. ## Set File Logging and Windows Logging for an Instance To set file logging and Windows logging levels for a deployment instance, see the -[Manage Log Settings](/docs/directorymanager/11.1/admincenter/portal/server/log.md) topic. +[Manage Log Settings](/docs/directorymanager/11.1/signin/applications/portal/server/log.md) topic. ## Delete an Instance To delete a portal’s deployment instance, see the -[Delete a Deployment Instance for a Portal](/docs/directorymanager/11.1/admincenter/portal/delete.md#delete-a-deployment-instance-for-a-portal) +[Delete a Deployment Instance for a Portal](/docs/directorymanager/11.1/signin/applications/portal/delete.md#delete-a-deployment-instance-for-a-portal) topic. diff --git a/docs/directorymanager/11.1/signin/applications/portal/server/general.md b/docs/directorymanager/11.1/signin/applications/portal/server/general.md new file mode 100644 index 0000000000..b776296b39 --- /dev/null +++ b/docs/directorymanager/11.1/signin/applications/portal/server/general.md @@ -0,0 +1,94 @@ +--- +title: "Manage General Server Settings" +description: "Manage General Server Settings" +sidebar_position: 10 +--- + +# Manage General Server Settings + +You can manage general server settings for a portal, such as change its display name, associate +identity stores with it, and view its various deployments. + +## Change a Portal's Display Name + +A portal is assigned an _application name_ during creation, which is used as it's display name in +Directory Manager. On changing it, the portal is displayed with the new name. + +**To change a portal's display name:** + +1. In Admin Center, select **Applications** in the left pane. + On the **GroupID Portal** tab, a portal card displays its info, including its name. You can + differentiate between a standard Directory Manager portal and a SSPR portal from the portal logo, + as each portal type has its own logo. +2. Click the ellipsis button for a portal and select **Settings**. +3. On the **General Settings** page, enter a new name for the portal in the **Application Name** + box. +4. Click **Save**. + +## Associate Identity Stores with a Portal + +You must associate one or more identity stores with a portal. When signing into the portal, a user +must select an identity store to connect to, for performing group and identity management operations +for that identity store. Similarly, when signing into the Self-Service Password Reset portal (SSPR), +a user must select an identity store to connect to, for performing password management functions. + +**To associate an identity store:** + +1. In Admin Center, select **Applications** in the left pane. + On the **GroupID Portal** tab, a portal card displays its info, including the identity stores + associated with it. You can differentiate between a standard Directory Manager portal and a SSPR + portal from the portal logo, as each portal type has its own logo. +2. Click the ellipsis button for a portal and select **Settings**. +3. The **Identity Stores** area on the **General Settings** page lists the identity stores in + Directory Manager. It displays the provider type the identity store is created for, and whether + the identity store is enabled. + + - Select the check box for an identity store to associate it with the portal. + - Clear the check box for an identity store to dissociate it. + + All instances of this portal serve the identity store(s) you select here. + +4. Click **Save.** + +NOTE: You may observe the following message on the **Server Settings – General** page: + +![linked_message](/img/product_docs/directorymanager/11.1/admincenter/portal/linked_message.webp) + +It relates to the scenario when identity stores in Directory Manager have been linked, as discussed +in the +[Linked Identity Stores and the Directory Manager Portal](/docs/directorymanager/11.1/signin/identitystore/link/overview.md#linked-identity-stores-and-the-directory-manager-portal) +topic. Hence, when two identity stores, IdentityStoreA and IdentityStoreB, are linked and you +associate IdentityStoreA with the portal, this message is displayed. It alerts you to associate the +second identity store in the linked pair (dentityStoreB) with the portal too, in order to benefit +from the linking. + +## View the Deployment(s) for a Portal + +A portal can have multiple deployments in the same or different web servers. You can update certain +settings for each deployment instance of a portal. + +**To view a portal’s deployment instances:** + +1. In Admin Center, select **Applications** in the left pane. + On the **GroupID Portal** tab, a portal card displays its info, including all its deployment + instances. You can differentiate between a standard Directory Manager portal and a SSPR portal + from the portal logo, as each portal type has its own logo. +2. Click the ellipsis button for a portal and select **Settings**. +3. Click **Deployments** under **Server Settings**. +4. The **Deployment Settings** page has varying tabs, depending on the deployment instances of the + portal. + + - The **IIS** tab is available when one or more portal instances are deployed in native IIS. + Select an instance to view the name of the instance directory in IIS, the IIS site that hosts + the instance, the URL for the instance, the Data service and Security service associated with + the instance, and logging levels. See the + [Manage Settings for a Native IIS Deployment](/docs/directorymanager/11.1/signin/applications/portal/server/nativeiis.md) topic for details. + - The **Remote IIS** tab is available when one or more portal instances are deployed in remote + IIS. Select an instance to view the Microsoft IIS Administration API URL and access token that + Directory Manager uses to communicate with the remote IIS server, the credentials used to + communicate with the API, the site that hosts the instance, the Data service and Security + service associated with the instance, and logging levels. See the + [Manage Settings for a Remote IIS Deployment](/docs/directorymanager/11.1/signin/applications/portal/server/remoteiis.md) topic for details. + - The **Docker** tab is available when one or more portal instances are deployed in Docker. + Select an instance to view the port and Service URL used for deployment. See the + [Manage Settings for a Docker Deployment](/docs/directorymanager/11.1/signin/applications/portal/server/docker.md) topic for details. diff --git a/docs/directorymanager/11.1/admincenter/portal/server/log.md b/docs/directorymanager/11.1/signin/applications/portal/server/log.md similarity index 97% rename from docs/directorymanager/11.1/admincenter/portal/server/log.md rename to docs/directorymanager/11.1/signin/applications/portal/server/log.md index 834ea12474..91daf0c3cf 100644 --- a/docs/directorymanager/11.1/admincenter/portal/server/log.md +++ b/docs/directorymanager/11.1/signin/applications/portal/server/log.md @@ -1,3 +1,9 @@ +--- +title: "Manage Log Settings" +description: "Manage Log Settings" +sidebar_position: 50 +--- + # Manage Log Settings Directory Manager uses Windows logging and file logging to monitor events from a portal. You can set @@ -5,7 +11,7 @@ the logging level for a deployment instance of a portal to track a specific set it. To dump the log files to a desired location for easy access, see the -[Get Logs](/docs/directorymanager/11.1/admincenter/general/logs.md) topic. +[Get Logs](/docs/directorymanager/11.1/signin/concepts/logs.md) topic. ## File Logging diff --git a/docs/directorymanager/11.1/admincenter/portal/server/nativeiis.md b/docs/directorymanager/11.1/signin/applications/portal/server/nativeiis.md similarity index 93% rename from docs/directorymanager/11.1/admincenter/portal/server/nativeiis.md rename to docs/directorymanager/11.1/signin/applications/portal/server/nativeiis.md index 404aa953a2..1710ab3032 100644 --- a/docs/directorymanager/11.1/admincenter/portal/server/nativeiis.md +++ b/docs/directorymanager/11.1/signin/applications/portal/server/nativeiis.md @@ -1,3 +1,9 @@ +--- +title: "Manage Settings for a Native IIS Deployment" +description: "Manage Settings for a Native IIS Deployment" +sidebar_position: 20 +--- + # Manage Settings for a Native IIS Deployment You can manage various settings for a portal instance deployed in native IIS. @@ -54,7 +60,7 @@ the portal instance. For example: When you change the name, it propagates to the instance’s IIS directory, physical directory, and launch URL. You must provide the updated URL to users to enable them to access the portal. See the -[Launch a Portal](/docs/directorymanager/11.1/admincenter/portal/create.md#launch-a-portal) topic. +[Launch a Portal](/docs/directorymanager/11.1/signin/applications/portal/create.md#launch-a-portal) topic. **To change the IIS application name:** @@ -74,7 +80,7 @@ launch URL. You must provide the updated URL to users to enable them to access t You can change the IIS site that hosts a deployment instance of a portal. In doing so, the URL of the deployment instance also changes. You must provide the updated URL to your users to enable them -to access the instance. See the [Launch a Portal](/docs/directorymanager/11.1/admincenter/portal/create.md#launch-a-portal) topic. +to access the instance. See the [Launch a Portal](/docs/directorymanager/11.1/signin/applications/portal/create.md#launch-a-portal) topic. **To change the site:** @@ -127,10 +133,10 @@ Use the URL for a portal's deployment instance to launch the respective instance ## Set File Logging and Windows Logging for an Instance To set file logging and Windows logging levels for a deployment instance, see the -[Manage Log Settings](/docs/directorymanager/11.1/admincenter/portal/server/log.md) topic. +[Manage Log Settings](/docs/directorymanager/11.1/signin/applications/portal/server/log.md) topic. ## Delete an Instance To delete a portal’s deployment instance, see the -[Delete a Deployment Instance for a Portal](/docs/directorymanager/11.1/admincenter/portal/delete.md#delete-a-deployment-instance-for-a-portal) +[Delete a Deployment Instance for a Portal](/docs/directorymanager/11.1/signin/applications/portal/delete.md#delete-a-deployment-instance-for-a-portal) topic. diff --git a/docs/directorymanager/11.1/signin/applications/portal/server/overview.md b/docs/directorymanager/11.1/signin/applications/portal/server/overview.md new file mode 100644 index 0000000000..9389a8d805 --- /dev/null +++ b/docs/directorymanager/11.1/signin/applications/portal/server/overview.md @@ -0,0 +1,40 @@ +--- +title: "Server Settings" +description: "Server Settings" +sidebar_position: 30 +--- + +# Server Settings + +A Directory Manager portal is deployed as a web application on a web server (native IIS, remote IIS, +or Docker). You can manage the following server-related settings for a portal: + +- Change a portal’s name (i.e., the application name given to the portal). +- Associate identity stores with a portal. +- Update support information for the portal, i.e., the contact email address and the portal’s help + URL. +- Specify search-related, group-related, and other advanced settings for a portal. + + NOTE: Advanced settings are available for a standard Directory Manager portal, but not for a + Self-Service Password Reset portal. + +You can also view the deployment details for all instances of a portal and do the following: + +- Start or stop an instance. +- Configure Windows logging and file logging for an instance. +- Delete an instance. +- Move a portal instance under a different site in IIS. + +NOTE: On changing some of these settings, the portal’s session ends and all connected users are +logged out. When accessed again, the portal runs under the new configurations. + +**See Also** + +- [Create a Portal](/docs/directorymanager/11.1/signin/applications/portal/create.md) +- [Manage General Server Settings](/docs/directorymanager/11.1/signin/applications/portal/server/general.md) +- [Manage Settings for a Native IIS Deployment](/docs/directorymanager/11.1/signin/applications/portal/server/nativeiis.md) +- [Manage Settings for a Remote IIS Deployment](/docs/directorymanager/11.1/signin/applications/portal/server/remoteiis.md) +- [Manage Settings for a Docker Deployment](/docs/directorymanager/11.1/signin/applications/portal/server/docker.md) +- [Manage Log Settings](/docs/directorymanager/11.1/signin/applications/portal/server/log.md) +- [Add Support for a Portal](/docs/directorymanager/11.1/signin/applications/portal/server/support.md) +- [Manage Advanced Settings](/docs/directorymanager/11.1/signin/applications/portal/server/advanced.md) diff --git a/docs/directorymanager/11.1/admincenter/portal/server/remoteiis.md b/docs/directorymanager/11.1/signin/applications/portal/server/remoteiis.md similarity index 83% rename from docs/directorymanager/11.1/admincenter/portal/server/remoteiis.md rename to docs/directorymanager/11.1/signin/applications/portal/server/remoteiis.md index 2387519682..831ca73c90 100644 --- a/docs/directorymanager/11.1/admincenter/portal/server/remoteiis.md +++ b/docs/directorymanager/11.1/signin/applications/portal/server/remoteiis.md @@ -1,3 +1,9 @@ +--- +title: "Manage Settings for a Remote IIS Deployment" +description: "Manage Settings for a Remote IIS Deployment" +sidebar_position: 30 +--- + # Manage Settings for a Remote IIS Deployment You can manage various settings for a portal instance deployed in remote IIS. @@ -38,16 +44,16 @@ To view deployment settings: credentials. You can also view the name of the portal application in remote IIS, the site where it is hosted, the URL to launch the instance, and the Data service and Security service the instance uses. Refer to steps 7-12 in the - [Create a Portal in Remote IIS](/docs/directorymanager/11.1/admincenter/portal/create.md#create-a-portal-in-remote-iis) topic for a + [Create a Portal in Remote IIS](/docs/directorymanager/11.1/signin/applications/portal/create.md#create-a-portal-in-remote-iis) topic for a description of these fields. ## Set File Logging and Windows Logging for an Instance To set file logging and Windows logging levels for a deployment instance, see the -[Manage Log Settings](/docs/directorymanager/11.1/admincenter/portal/server/log.md) topic. +[Manage Log Settings](/docs/directorymanager/11.1/signin/applications/portal/server/log.md) topic. ## Delete an Instance To delete a portal’s deployment instance, see the -[Delete a Deployment Instance for a Portal](/docs/directorymanager/11.1/admincenter/portal/delete.md#delete-a-deployment-instance-for-a-portal) +[Delete a Deployment Instance for a Portal](/docs/directorymanager/11.1/signin/applications/portal/delete.md#delete-a-deployment-instance-for-a-portal) topic. diff --git a/docs/directorymanager/11.1/admincenter/portal/server/support.md b/docs/directorymanager/11.1/signin/applications/portal/server/support.md similarity index 96% rename from docs/directorymanager/11.1/admincenter/portal/server/support.md rename to docs/directorymanager/11.1/signin/applications/portal/server/support.md index f9988f4b5c..b1ca047b36 100644 --- a/docs/directorymanager/11.1/admincenter/portal/server/support.md +++ b/docs/directorymanager/11.1/signin/applications/portal/server/support.md @@ -1,3 +1,9 @@ +--- +title: "Add Support for a Portal" +description: "Add Support for a Portal" +sidebar_position: 60 +--- + # Add Support for a Portal Portals include a **Contact** link and a **Help** icon on their web interface. The **Contact** link diff --git a/docs/directorymanager/11.1/admincenter/portal/remoteiisprerequisites.md b/docs/directorymanager/11.1/signin/applications/remoteiisprerequisites.md similarity index 97% rename from docs/directorymanager/11.1/admincenter/portal/remoteiisprerequisites.md rename to docs/directorymanager/11.1/signin/applications/remoteiisprerequisites.md index 318f816322..2387fa934d 100644 --- a/docs/directorymanager/11.1/admincenter/portal/remoteiisprerequisites.md +++ b/docs/directorymanager/11.1/signin/applications/remoteiisprerequisites.md @@ -1,3 +1,9 @@ +--- +title: "Prerequisites for Deployments in Remote IIS" +description: "Prerequisites for Deployments in Remote IIS" +sidebar_position: 30 +--- + # Prerequisites for Deployments in Remote IIS To deploy Directory Manager portals and services (Data service and Security service) in remote IIS, diff --git a/docs/directorymanager/11.1/signin/authpolicy/_category_.json b/docs/directorymanager/11.1/signin/authpolicy/_category_.json new file mode 100644 index 0000000000..2b10ad0566 --- /dev/null +++ b/docs/directorymanager/11.1/signin/authpolicy/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Authentication Policy", + "position": 20, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "authpolicy" + } +} \ No newline at end of file diff --git a/docs/directorymanager/11.1/admincenter/identitystore/configure/authpolicy.md b/docs/directorymanager/11.1/signin/authpolicy/authpolicy.md similarity index 97% rename from docs/directorymanager/11.1/admincenter/identitystore/configure/authpolicy.md rename to docs/directorymanager/11.1/signin/authpolicy/authpolicy.md index ea5946a873..01f43b7c7b 100644 --- a/docs/directorymanager/11.1/admincenter/identitystore/configure/authpolicy.md +++ b/docs/directorymanager/11.1/signin/authpolicy/authpolicy.md @@ -1,3 +1,9 @@ +--- +title: "Authentication Policy" +description: "Authentication Policy" +sidebar_position: 20 +--- + # Authentication Policy The Directory Manager authentication policy is based on: diff --git a/docs/directorymanager/11.1/signin/authpolicy/mfa.md b/docs/directorymanager/11.1/signin/authpolicy/mfa.md new file mode 100644 index 0000000000..e6147d543e --- /dev/null +++ b/docs/directorymanager/11.1/signin/authpolicy/mfa.md @@ -0,0 +1,47 @@ +--- +title: "Configure Multifactor Authentication" +description: "Configure Multifactor Authentication" +sidebar_position: 10 +--- + +# Configure Multifactor Authentication + +You can define a multifactor authentication (MFA) policy for an identity store. This policy enforces +users to enroll their identity store accounts in Directory Manager using one or more authentication +types. Supported authentication types are discussed in the +[Authentication Policies - A Comparison](/docs/directorymanager/11.1/signin/authpolicy/authpolicy.md) topic. + +Once enrolled, users must authenticate their identity store accounts using the authentication types +they enrolled with, when they perform any of the following actions in the Directory Manager portal: + +- Reset identity store account passwords +- Unlock their accounts + +Helpdesk users with restricted access also use authentication type(s) to authenticate end-users +before resetting their password or unlocking their identity store account. See the +[Set Restricted Mode](/docs/directorymanager/11.1/signin/securityrole/policy/helpdesk.md#set-restricted-mode) topic. + +NOTE: Multifactor authentication defined in Microsoft Entra Admin Center does not integrate with MFA +in Directory Manager. See the +[Multifactor Authentication Policy](/docs/directorymanager/11.1/signin/identitystore/advsentraid.md#multifactor-authentication-policy) +topic. + +What do you want to do? + +- Configure Multifactor Authentication + +## Configure Multifactor Authentication + +To configure multifactor authentication for a security role in an identity store, do the following: + +1. Enable one or more authentication types for the identity store. + See the [Enable Authentication Types](/docs/directorymanager/11.1/signin/identitystore/configure/authtypes.md) topic for details. +2. Enforce role members to use specific authentication types for multifactor authentication. + See the + [Enforce Authentication Types for Multifactor Authentication](/docs/directorymanager/11.1/signin/securityrole/policy/authentication.md#enforce-authentication-types-for-multifactor-authentication) + topic for details. + +See Also + +- [Authentication Policy](/docs/directorymanager/11.1/signin/authpolicy/authpolicy.md) +- [Configure Second Factor Authentication](/docs/directorymanager/11.1/signin/authpolicy/sfa.md) diff --git a/docs/directorymanager/11.1/signin/authpolicy/setupauth/_category_.json b/docs/directorymanager/11.1/signin/authpolicy/setupauth/_category_.json new file mode 100644 index 0000000000..8866433456 --- /dev/null +++ b/docs/directorymanager/11.1/signin/authpolicy/setupauth/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Set Up Authentication Types", + "position": 30, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/directorymanager/11.1/signin/authpolicy/setupauth/authenticator.md b/docs/directorymanager/11.1/signin/authpolicy/setupauth/authenticator.md new file mode 100644 index 0000000000..6075f3827b --- /dev/null +++ b/docs/directorymanager/11.1/signin/authpolicy/setupauth/authenticator.md @@ -0,0 +1,37 @@ +--- +title: "Set up Authentication via Authenticator" +description: "Set up Authentication via Authenticator" +sidebar_position: 30 +--- + +# Set up Authentication via Authenticator + +Users must install an authenticator app, such as Google Authenticator or Microsoft Authenticator, on +their phones and use it to enroll and authenticate their identity store accounts in Directory +Manager. + +What do you want to do? + +- Enable the Authenticator Authentication Type for an Identity Store +- Enforce Authentication by Authenticator for a Role in an Identity Store + +## Enable the Authenticator Authentication Type for an Identity Store + +The Authenticator authentication type must be enabled for an identity store before it can be used +for second factor authentication and multifactor authentication. + +To enable it, see the [Enable Authentication Types](/docs/directorymanager/11.1/signin/identitystore/configure/authtypes.md) topic. + +## Enforce Authentication by Authenticator for a Role in an Identity Store + +To enforce an authentication type, see the +[Enforce Authentication Types for Multifactor Authentication](/docs/directorymanager/11.1/signin/securityrole/policy/authentication.md#enforce-authentication-types-for-multifactor-authentication) +topic. + +Role members must use an enforced authentication type for multifactor authentication. When an +authentication type is enabled but not enforced, role members can choose to use it for enrollment +and authentication. + +**See Also** + +- [Authentication Policy](/docs/directorymanager/11.1/signin/authpolicy/authpolicy.md) diff --git a/docs/directorymanager/11.1/signin/authpolicy/setupauth/email.md b/docs/directorymanager/11.1/signin/authpolicy/setupauth/email.md new file mode 100644 index 0000000000..eecf6529ff --- /dev/null +++ b/docs/directorymanager/11.1/signin/authpolicy/setupauth/email.md @@ -0,0 +1,83 @@ +--- +title: "Set up Authentication via Email" +description: "Set up Authentication via Email" +sidebar_position: 20 +--- + +# Set up Authentication via Email + +Users can enroll and authenticate their identity store accounts using Email. An email sent to a +user’s email address contains a confirmation code that the user must enter in Directory Manager to +enroll and authenticate their accounts. + +Directory Manager provides a default notification template for enrollment/authentication via email +in various languages. You can change the subject line and the body text in the template for any of +these languages. + +NOTE: Before configuring Email authentication, make sure that an SMTP server is configured for the +identity store. See the [Configure an SMTP Server](/docs/directorymanager/11.1/signin/identitystore/configure/smtpserver.md) topic. + +What do you want to do? + +- Enable Email Authentication for an Identity Store +- Modify the Email Template +- Enforce Email Authentication for a Role in an Identity Store + +## Enable Email Authentication for an Identity Store + +The email authentication type must be enabled for an identity store before users can use it for +second factor authentication and multifactor authentication. + +To enable it, see the [Enable Authentication Types](/docs/directorymanager/11.1/signin/identitystore/configure/authtypes.md) topic. + +## Modify the Email Template + +You can modify the subject line and body text of the email sent to users. The email contains a +confirmation code that users have to enter in Directory Manager to enroll/authenticate their +accounts. + +**To modify the subject line and body of the email:** + +1. In Admin Center, click **Notification Editor** at the bottom of the left navigation pane. + The **Notification Editor** is displayed. +2. By default, notifications templates are displayed in US English. You can select a different + language to customize notification templates for that language. + + 1. To select a language, click **Filter**. + 2. On the **Filter(s)** dialog box, use the **Locality** drop-down list to select the ISO code + for your required language. + 3. Click **Apply**. + +3. Search for _AccessCodeEmail_ and click **Edit** in the **Actions** column to open it. + + ![accesscode](/img/product_docs/directorymanager/11.1/admincenter/setupauth/accesscode.webp) + +4. You can view the notification content in two distinct modes: + + - _Source Code (HTML)_ - This is the default mode, as shown in the figure above. You can make + changes to the notification template in this mode. + - _Interactive_ - This is the user-friendly, front-end view. Use it to view the email + notification, as it will be sent to users. + +5. Modify and format the text of the email, except the [USER] and [CODE] placeholders. + Directory Manager replaces [USER] with the name of the user and inserts a randomly generated + verification code into the [Code] placeholder. The user must enter this code in Directory Manager + to enroll and authenticate. +6. Click the **Title** tile to change the subject line of the email notification. +7. After making the required changes, click **Save**. +8. Click **Go Back** to return to the **Notification Editor**. + +## Enforce Email Authentication for a Role in an Identity Store + +To enforce an authentication type, see the +[Enforce Authentication Types for Multifactor Authentication](/docs/directorymanager/11.1/signin/securityrole/policy/authentication.md#enforce-authentication-types-for-multifactor-authentication) +topic. + +Role members must use an enforced authentication type for multifactor authentication. When an +authentication type is enabled but not enforced, role members can choose to use it for enrollment +and authentication. + +**See Also** + +- [Authentication Policy](/docs/directorymanager/11.1/signin/authpolicy/authpolicy.md) +- [Customize Notifications](/docs/directorymanager/11.1/signin/notification/customize.md) diff --git a/docs/directorymanager/11.1/admincenter/setupauth/linkedaccount.md b/docs/directorymanager/11.1/signin/authpolicy/setupauth/linkedaccount.md similarity index 78% rename from docs/directorymanager/11.1/admincenter/setupauth/linkedaccount.md rename to docs/directorymanager/11.1/signin/authpolicy/setupauth/linkedaccount.md index c9fdc82c99..dedddbb195 100644 --- a/docs/directorymanager/11.1/admincenter/setupauth/linkedaccount.md +++ b/docs/directorymanager/11.1/signin/authpolicy/setupauth/linkedaccount.md @@ -1,3 +1,9 @@ +--- +title: "Set up Authentication via Linked Account" +description: "Set up Authentication via Linked Account" +sidebar_position: 40 +--- + # Set up Authentication via Linked Account The Directory Manager portal enables a user to link accounts that he or she may have in different @@ -21,12 +27,12 @@ What do you want to do? The Linked Account authentication type must be enabled for an identity store before it can be used for multifactor authentication. -To enable it, see the [Enable Authentication Types](/docs/directorymanager/11.1/admincenter/identitystore/configure/authtypes.md) topic. +To enable it, see the [Enable Authentication Types](/docs/directorymanager/11.1/signin/identitystore/configure/authtypes.md) topic. ## Enforce Linked Account Authentication for a Security Role To enforce an authentication type, see the -[Enforce Authentication Types for Multifactor Authentication](/docs/directorymanager/11.1/admincenter/securityrole/policy/authentication.md#enforce-authentication-types-for-multifactor-authentication) +[Enforce Authentication Types for Multifactor Authentication](/docs/directorymanager/11.1/signin/securityrole/policy/authentication.md#enforce-authentication-types-for-multifactor-authentication) topic. Role members must use an enforced authentication type for multifactor authentication. When an @@ -35,4 +41,4 @@ and authentication. See Also -- [Authentication Policy](/docs/directorymanager/11.1/admincenter/identitystore/configure/authpolicy.md) +- [Authentication Policy](/docs/directorymanager/11.1/signin/authpolicy/authpolicy.md) diff --git a/docs/directorymanager/11.1/signin/authpolicy/setupauth/overview.md b/docs/directorymanager/11.1/signin/authpolicy/setupauth/overview.md new file mode 100644 index 0000000000..13747970c9 --- /dev/null +++ b/docs/directorymanager/11.1/signin/authpolicy/setupauth/overview.md @@ -0,0 +1,22 @@ +--- +title: "Set Up Authentication Types" +description: "Set Up Authentication Types" +sidebar_position: 30 +--- + +# Set Up Authentication Types + +The following topics guide you on how to set up different authentication types for an identity store +and enforce them for a security role. + +- [Set up Authentication via Security Questions](/docs/directorymanager/11.1/signin/authpolicy/setupauth/securityquestions.md) +- [SMS Authentication](/docs/directorymanager/11.1/signin/identitystore/configure/smsauthentication.md) +- [Set up Authentication via Email](/docs/directorymanager/11.1/signin/authpolicy/setupauth/email.md) +- [Set up Authentication via Authenticator](/docs/directorymanager/11.1/signin/authpolicy/setupauth/authenticator.md) +- [Set up Authentication via Linked Account](/docs/directorymanager/11.1/signin/authpolicy/setupauth/linkedaccount.md) +- [Set up Authentication via YubiKey](/docs/directorymanager/11.1/signin/authpolicy/setupauth/yubikey.md) +- [Set up Authentication via Windows Hello](/docs/directorymanager/11.1/signin/authpolicy/setupauth/windowshello.md) + +**See Also** + +- [Authentication Policy](/docs/directorymanager/11.1/signin/authpolicy/authpolicy.md) diff --git a/docs/directorymanager/11.1/signin/authpolicy/setupauth/securityquestions.md b/docs/directorymanager/11.1/signin/authpolicy/setupauth/securityquestions.md new file mode 100644 index 0000000000..f1c170d10a --- /dev/null +++ b/docs/directorymanager/11.1/signin/authpolicy/setupauth/securityquestions.md @@ -0,0 +1,64 @@ +--- +title: "Set up Authentication via Security Questions" +description: "Set up Authentication via Security Questions" +sidebar_position: 10 +--- + +# Set up Authentication via Security Questions + +Directory Manager provides a list of predefined security questions. This list can be referred to as +the global question pool, as it is available to all identity stores in Directory Manager. You can +add and remove questions to this pool. + +Use the questions from the global pool to create a local pool of security questions for each +identity store. Questions in the local pool are available to identity store users for enrolling with +the security questions authentication type. + +You can also specify the following settings for a user role in an identity store: + +- The number of questions role members must use for enrollment and authentication +- The minimum answer length + +What do you want to do? + +- Modify the Global Question Pool +- Modify the Local Question Pool +- Enable Security Question Authentication for an Identity Store +- Enforce Security Question Authentication for a Role in an Identity Store +- Specify Policies for Security Question Authentication + +## Modify the Global Question Pool + +See the [Manage the Global Question Pool ](/docs/directorymanager/11.1/signin/concepts/globalpool.md)topic. + +## Modify the Local Question Pool + +See the [Manage the Local Question Pool](/docs/directorymanager/11.1/signin/identitystore/configure/securityquestions.md) +topic. + +## Enable Security Question Authentication for an Identity Store + +The security question authentication type must be enabled for an identity store before users can use +it for second factor authentication and multifactor authentication. + +To enable it, see the [Enable Authentication Types](/docs/directorymanager/11.1/signin/identitystore/configure/authtypes.md) topic. + +## Enforce Security Question Authentication for a Role in an Identity Store + +To enforce an authentication type, see the +[Enforce Authentication Types for Multifactor Authentication](/docs/directorymanager/11.1/signin/securityrole/policy/authentication.md#enforce-authentication-types-for-multifactor-authentication) +topic. + +Role members must use an enforced authentication type for multifactor authentication. When an +authentication type is enabled but not enforced, role members can choose to use it for enrollment +and authentication. + +## Specify Policies for Security Question Authentication + +See the +[Define Security Question Settings for a Security Role](/docs/directorymanager/11.1/signin/securityrole/policy/password.md#define-security-question-settings-for-a-security-role) topic. + +See Also + +- [Authentication Policy](/docs/directorymanager/11.1/signin/authpolicy/authpolicy.md) +- [Manage the Local Question Pool](/docs/directorymanager/11.1/signin/identitystore/configure/securityquestions.md) diff --git a/docs/directorymanager/11.1/admincenter/setupauth/windowshello.md b/docs/directorymanager/11.1/signin/authpolicy/setupauth/windowshello.md similarity index 78% rename from docs/directorymanager/11.1/admincenter/setupauth/windowshello.md rename to docs/directorymanager/11.1/signin/authpolicy/setupauth/windowshello.md index 54c3bc1210..4c72f2e569 100644 --- a/docs/directorymanager/11.1/admincenter/setupauth/windowshello.md +++ b/docs/directorymanager/11.1/signin/authpolicy/setupauth/windowshello.md @@ -1,3 +1,9 @@ +--- +title: "Set up Authentication via Windows Hello" +description: "Set up Authentication via Windows Hello" +sidebar_position: 50 +--- + # Set up Authentication via Windows Hello The Windows Hello authentication type can be used on Windows 10 devices only with specialized @@ -25,12 +31,12 @@ What do you want to do? The Windows Hello authentication type must be enabled for an identity store before it can be used for second factor authentication and multifactor authentication. -To enable it, see the [Enable Authentication Types](/docs/directorymanager/11.1/admincenter/identitystore/configure/authtypes.md) topic. +To enable it, see the [Enable Authentication Types](/docs/directorymanager/11.1/signin/identitystore/configure/authtypes.md) topic. ## Enforce Windows Hello Authentication for a Role in an Identity Store To enforce an authentication type, see the -[Enforce Authentication Types for Multifactor Authentication](/docs/directorymanager/11.1/admincenter/securityrole/policy/authentication.md#enforce-authentication-types-for-multifactor-authentication) +[Enforce Authentication Types for Multifactor Authentication](/docs/directorymanager/11.1/signin/securityrole/policy/authentication.md#enforce-authentication-types-for-multifactor-authentication) topic. Role members must use an enforced authentication type for multifactor authentication. When an @@ -39,4 +45,4 @@ and authentication. See Also -- [Authentication Policy](/docs/directorymanager/11.1/admincenter/identitystore/configure/authpolicy.md) +- [Authentication Policy](/docs/directorymanager/11.1/signin/authpolicy/authpolicy.md) diff --git a/docs/directorymanager/11.1/admincenter/setupauth/yubikey.md b/docs/directorymanager/11.1/signin/authpolicy/setupauth/yubikey.md similarity index 76% rename from docs/directorymanager/11.1/admincenter/setupauth/yubikey.md rename to docs/directorymanager/11.1/signin/authpolicy/setupauth/yubikey.md index 03a111e96f..29fb4d1671 100644 --- a/docs/directorymanager/11.1/admincenter/setupauth/yubikey.md +++ b/docs/directorymanager/11.1/signin/authpolicy/setupauth/yubikey.md @@ -1,3 +1,9 @@ +--- +title: "Set up Authentication via YubiKey" +description: "Set up Authentication via YubiKey" +sidebar_position: 60 +--- + # Set up Authentication via YubiKey YubiKey is a key-sized device that users can plug into the computer’s USB slot to verify their @@ -22,12 +28,12 @@ What do you want to do? You must enable the YubiKey authentication type for an identity store for users to use it for second factor authentication and multifactor authentication. -To enable it, see the [Enable Authentication Types](/docs/directorymanager/11.1/admincenter/identitystore/configure/authtypes.md) topic. +To enable it, see the [Enable Authentication Types](/docs/directorymanager/11.1/signin/identitystore/configure/authtypes.md) topic. ## Enforce YubiKey Authentication for a Security Role in an Identity Store To enforce an authentication type, see the -[Enforce Authentication Types for Multifactor Authentication](/docs/directorymanager/11.1/admincenter/securityrole/policy/authentication.md#enforce-authentication-types-for-multifactor-authentication) +[Enforce Authentication Types for Multifactor Authentication](/docs/directorymanager/11.1/signin/securityrole/policy/authentication.md#enforce-authentication-types-for-multifactor-authentication) topic. Role members must use an enforced authentication type for multifactor authentication. When an @@ -36,4 +42,4 @@ and authentication. See Also -- [Authentication Policy](/docs/directorymanager/11.1/admincenter/identitystore/configure/authpolicy.md) +- [Authentication Policy](/docs/directorymanager/11.1/signin/authpolicy/authpolicy.md) diff --git a/docs/directorymanager/11.1/admincenter/setupauth/sfa.md b/docs/directorymanager/11.1/signin/authpolicy/sfa.md similarity index 75% rename from docs/directorymanager/11.1/admincenter/setupauth/sfa.md rename to docs/directorymanager/11.1/signin/authpolicy/sfa.md index 5fd9634ca7..1b47179216 100644 --- a/docs/directorymanager/11.1/admincenter/setupauth/sfa.md +++ b/docs/directorymanager/11.1/signin/authpolicy/sfa.md @@ -1,9 +1,15 @@ +--- +title: "Configure Second Factor Authentication" +description: "Configure Second Factor Authentication" +sidebar_position: 20 +--- + # Configure Second Factor Authentication You can enable second factor authentication (SFA) for a user role in an identity store. This policy enforces role members to enroll their identity store accounts in Directory Manager using one or more authentication types. Supported authentication types are discussed in the -[Authentication Policies - A Comparison](/docs/directorymanager/11.1/admincenter/identitystore/configure/authpolicy.md) topic. +[Authentication Policies - A Comparison](/docs/directorymanager/11.1/signin/authpolicy/authpolicy.md) topic. Once enrolled, role members must authenticate their accounts using an authentication type they enrolled with, while signing into Admin Center or theDirectory Manager portal. Users enrolled with @@ -22,15 +28,15 @@ following: Step 1 – Enable one or more authentication types for the identity store. -See the [Enable Authentication Types](/docs/directorymanager/11.1/admincenter/identitystore/configure/authtypes.md) topic for details. +See the [Enable Authentication Types](/docs/directorymanager/11.1/signin/identitystore/configure/authtypes.md) topic for details. Step 2 – Enable second factor authentication for a security role in an identity store. See the -[Enable Second Factor Authentication](/docs/directorymanager/11.1/admincenter/securityrole/policy/authentication.md#enable-second-factor-authentication) +[Enable Second Factor Authentication](/docs/directorymanager/11.1/signin/securityrole/policy/authentication.md#enable-second-factor-authentication) topic for details. See Also -- [Authentication Policy](/docs/directorymanager/11.1/admincenter/identitystore/configure/authpolicy.md) -- [Configure Multifactor Authentication](/docs/directorymanager/11.1/admincenter/setupauth/mfa.md) +- [Authentication Policy](/docs/directorymanager/11.1/signin/authpolicy/authpolicy.md) +- [Configure Multifactor Authentication](/docs/directorymanager/11.1/signin/authpolicy/mfa.md) diff --git a/docs/directorymanager/11.1/signin/concepts/_category_.json b/docs/directorymanager/11.1/signin/concepts/_category_.json new file mode 100644 index 0000000000..2c94554c1e --- /dev/null +++ b/docs/directorymanager/11.1/signin/concepts/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Group Management Concepts", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "concepts" + } +} \ No newline at end of file diff --git a/docs/directorymanager/11.1/admincenter/general/accessapplications.md b/docs/directorymanager/11.1/signin/concepts/accessapplications.md similarity index 92% rename from docs/directorymanager/11.1/admincenter/general/accessapplications.md rename to docs/directorymanager/11.1/signin/concepts/accessapplications.md index 9ed38f71d2..073542133d 100644 --- a/docs/directorymanager/11.1/admincenter/general/accessapplications.md +++ b/docs/directorymanager/11.1/signin/concepts/accessapplications.md @@ -1,3 +1,9 @@ +--- +title: "Access your Applications" +description: "Access your Applications" +sidebar_position: 90 +--- + # Access your Applications Directory Manager users can have access to Directory Manager applications such as: @@ -41,4 +47,4 @@ To add a third-party application: 1. In Admin Center, click your name in the top right corner and select **My Applications**. 2. Click **Enroll your account** on the **GroupID Applications** page to enroll the identity store account with which you are signed into Admin Center. See the - [Enroll your Identity Store Account](/docs/directorymanager/11.1/admincenter/enroll.md) topic for enrollment details. + [Enroll your Identity Store Account](/docs/directorymanager/11.1/signin/concepts/enroll.md) topic for enrollment details. diff --git a/docs/directorymanager/11.1/admincenter/authenticate.md b/docs/directorymanager/11.1/signin/concepts/authenticate.md similarity index 93% rename from docs/directorymanager/11.1/admincenter/authenticate.md rename to docs/directorymanager/11.1/signin/concepts/authenticate.md index 2944d405a0..4936b45455 100644 --- a/docs/directorymanager/11.1/admincenter/authenticate.md +++ b/docs/directorymanager/11.1/signin/concepts/authenticate.md @@ -1,7 +1,13 @@ +--- +title: "Authenticate your Identity Store Account" +description: "Authenticate your Identity Store Account" +sidebar_position: 20 +--- + # Authenticate your Identity Store Account To authenticate your identity store account in Directory Manager for multifactor authentication or -[Second Factor Authentication](/docs/directorymanager/11.1/portal/user/authentication/secondfactorauthentication.md), you +[Second Factor Authentication](/docs/directorymanager/11.1/welcome/secondfactorauthentication/secondfactorauthentication.md), you must use one or more authentication types that you enrolled your account with. ## Authenticate your identity store account diff --git a/docs/directorymanager/11.1/signin/concepts/changepassword.md b/docs/directorymanager/11.1/signin/concepts/changepassword.md new file mode 100644 index 0000000000..b3c07db6b3 --- /dev/null +++ b/docs/directorymanager/11.1/signin/concepts/changepassword.md @@ -0,0 +1,38 @@ +--- +title: "Change your Password" +description: "Change your Password" +sidebar_position: 70 +--- + +# Change your Password + +You can change the password of your identity store account. After changing it, use the new password +to sign into Directory Manager and other applications that use your domain account. + +You can change password according to the password policy the administrator has enabled for the +identity store. The administrator can either enable +[Directory Manage Password Policy ](/docs/directorymanager/11.1/signin/securityrole/policy/password.md) or Netwrix Password Policy +Enforcer policies for the identity store. + +## Change your Password + +Follow the steps to change your password. + +Step 1 – In Admin Center, click your name in the top right corner and select **Change Password**. + +Step 2 – On the Change Password page, enter your current password in the **Current Password** box. +By default, password characters are represented by dots. Use the toggle button in the box to show or +hide characters. + +Step 3 – Enter a new password in the **New Password** and **Confirm Password** boxes. The new +password must conform to the rules of the applied password policy for the identity store. + +Step 4 – Click **Change Password**. + +NOTE: MFA enabled Microsoft Entra ID users cannot change their passwords in Directory Manager. If +they try to use the option, the following message is displayed:. + +![Admin Center Change Password error message for an Entra ID user](/img/product_docs/directorymanager/11.1/admincenter/general/changepassword.webp) + +If the user's account is a master account, password of its child accounts also cannot be changed in +Directory Manager. diff --git a/docs/directorymanager/11.1/admincenter/general/concepts.md b/docs/directorymanager/11.1/signin/concepts/concepts.md similarity index 98% rename from docs/directorymanager/11.1/admincenter/general/concepts.md rename to docs/directorymanager/11.1/signin/concepts/concepts.md index f653520d23..f6d33bb6a3 100644 --- a/docs/directorymanager/11.1/admincenter/general/concepts.md +++ b/docs/directorymanager/11.1/signin/concepts/concepts.md @@ -1,3 +1,9 @@ +--- +title: "Group Management Concepts" +description: "Group Management Concepts" +sidebar_position: 10 +--- + # Group Management Concepts To make the best of Directory Manager, you must be familiar with the following group management diff --git a/docs/directorymanager/11.1/signin/concepts/dashboard.md b/docs/directorymanager/11.1/signin/concepts/dashboard.md new file mode 100644 index 0000000000..7645b22f63 --- /dev/null +++ b/docs/directorymanager/11.1/signin/concepts/dashboard.md @@ -0,0 +1,182 @@ +--- +title: "Dashboard" +description: "Dashboard" +sidebar_position: 30 +--- + +# Dashboard + +The Admin Center dashboard is a data visualization tool that displays widgets for performance +analytics, alerts, and reporting on Directory Manager and identity stores on a single page. + +In Admin Center, click **Dashboard** in the left pane. The dashboard displays the following cards +with aggregated data from all identity stores built on Active Directory, Microsoft Entra ID, Google +Workspace, and Generic LDAP, as well as individual identity stores. + +![dashboard](/img/product_docs/directorymanager/11.1/admincenter/general/dashboard.webp) + +The dashboard displays the following information: + +- Basic Information +- Elasticsearch Service +- Objects Modified in Last 24 Hours +- Failed Notifications +- Upcoming Schedules +- Replication Status of Identity Stores +- Enrollment Summary +- Auth Summary +- Activity Summary + +## Basic Information + +This card displays the following information: + +- **Server Name:** The name of the Directory Manager server machine. +- **Database Server:** The name of the SQL server machine hosting the Directory Manager database. +- **Database Name:** The name of the Directory Manager database. + +## Elasticsearch Service + +This card displays the following information about the Elasticsearch service: + +- **Cluster:** The name of the Elastic cluster the Directory Manager Elasticsearch node is joined + to. +- Elasticsearch service status, which can be: + + - **Running** - indicates that the service is up and running. + - **Stopped** - indicates that the Directory Manager Elasticsearch node has run into issues. You + must troubleshoot it for Directory Manager to work. + +## Objects Modified in Last 24 Hours + +This card displays the number of users, groups, mailboxes, and contacts modified in the directory +during the last 24 hours. This count represents the modifications done using Directory Manager and +directly in the directory. + +Information is displayed individually for each identity store. Select an identity store from the +list next to the card name to view the data for it. + +## Failed Notifications + +This card displays the count for failed notifications, i.e., the Directory Manager-generated +notifications that could not be delivered for any reason, such as when the SMTP server is down or +the recipient’s address is incorrect. + +Click **View All** to go to the **Notification Queue** page, where you can view the failed +notifications in detail. See the [Manage the Notification Queue](/docs/directorymanager/11.1/signin/notification/queue.md) topic. + +## Upcoming Schedules + +Multiple schedules can be defined for an identity store. This card displays the number of schedules +that will run in the next 24 hours. The card also displays the data and time the next schedule will +run. + +You can: + +- View the details of upcoming schedules for all identity stores in Directory Manager. +- View the details of upcoming schedules for an identity store individually. + +Select an identity store from the list next to the card name to view the upcoming schedules for it +or select _All Identity Stores_ to view the upcoming schedules for all identity stores. + +Click **View All** to view a list of the upcoming schedules with their names, the next date and time +of schedule run, and the identity store they belong to. + +![image38](/img/product_docs/directorymanager/11.1/admincenter/general/image38.webp) + +## Replication Status of Identity Stores + +This card lists the identity stores for Active Directory, Microsoft Entra ID, Google Workspace, and +Generic LDAP defined in Directory Manager, along with their replication status, which can be: + +- **Successful:** Indicates that identity store objects are successfully replicated. +- **Failed:** Indicates that identity store objects have failed to replicate either because the + Replication service did not run as scheduled or an error occurred during replication. +- **Never Replicated:** Indicates that the identity store is never replicated. + +## Enrollment Summary + +This card employs a bar graph to display the enrollment stats and trends for an identity store. It +shows the number of user accounts enrolled using each of the authentication types (including +accounts enrolled by end-users and by helpdesk for end-users). + +Consider the following: + +- You can view enrollment data for an identity store individually or view aggregated data for all + identity stores in Directory Manager. Select an identity store from the list next to the card name + to view the enrollment data for it or select _All Identity Stores_ to view the data for all + identity stores. +- Hover the mouse over a bar to view the number of users enrolled with the specific authentication + type. Click a bar to launch the **Helpdesk** page, that displays a list of users enrolled with + that authentication type. See the + [View Users' Information](/docs/directorymanager/11.1/signin/helpdesk/operation/search.md#view-users-information) topic for + details on the information displayed for a user. (Notice that the **Filter(s)** dialog box + displays the selected authentication type in the **Enrolled With** box.) +- By default, data is displayed for the last one month. You can view enrollment data for any + specific period. Click the tile showing the time period to launch the calendar. Use it to specify + a date range to view the data. + +## Auth Summary + +This card employs a pie chart to display the authentication stats and trends for an identity store, +i.e., the number of successful and failed authentication attempts made by identity store users in +Directory Manager. Information is based on: + +- Authentication attempts made using authentication types for second factor authentication. +- Authentication attempts made using authentication types for multifactor authentication. +- Sign in attempts made using username and password. + +The pie chart is highly interactive. You can: + +- Hover the mouse over an arc to view the successful or failed authentication attempt count. +- Click the arc for successful or failed attempts to view successful/failed authentication attempts + for each authentication type. Another pie chart appears to display the authentication types used + in the authentication attempt. Click this chart to navigate to the **History** tab of the + **Helpdesk** page to view the logged history for the authentication attempts with the respective + authentication type. See the [History in Helpdesk](/docs/directorymanager/11.1/signin/helpdesk/history.md) topic. + +Consider the following: + +- You can view authentication data for an identity store individually or view aggregated data for + all identity stores in Directory Manager. Select an identity store from the list next to the card + name to view the auth data for it or select _All Identity Stores_ to view the data for all + identity stores. +- By default, data is displayed for the last one week. You can view authentication data for any + specific period. Click the tile showing the time period to launch the calendar. Use it to specify + a date range to view the data. + +See the [Authentication Policy](/docs/directorymanager/11.1/signin/authpolicy/authpolicy.md) topic for a list of +supported authentication types. + +## Activity Summary + +This card employs a bar graph to display the number of times the following activities were performed +in an identity store by both helpdesk and end-users: + +- Password change +- Password reset +- Account unlock +- Link account +- Unlink account +- Enroll account + +Consider the following: + +- You can view data for these activities for an identity store individually or view aggregated data + for all identity stores in Directory Manager. Select an identity store from the list next to the + card name to view the activity summary for it or select _All Identity Stores_ to view the data for + all identity stores. +- To view a list of users who used a function on a particular date, click the relevant data point on + the function line. A list of users is displayed on the **History** tab of the **Helpdesk** page. + See the [History in Helpdesk](/docs/directorymanager/11.1/signin/helpdesk/history.md) topic. (Notice that the **Filter(s)** dialog + box displays the selected function in the **Action Type** box.) +- By default, data is displayed for the last one week. You can view activity summary for any + specific period. Click the tile showing the time period to launch the calendar. Use it to specify + a date range to view the data. +- By default, data for all the activities is displayed. Click an activity name at the bottom of the + graph to hide its data. The name is struck out, indicating that data for the activity is not + depicted on the graph. Click the activity name again to display its data on the graph. + +**See Also** + +- [Navigation](/docs/directorymanager/11.1/signin/concepts/navigation.md) diff --git a/docs/directorymanager/11.1/admincenter/enroll.md b/docs/directorymanager/11.1/signin/concepts/enroll.md similarity index 91% rename from docs/directorymanager/11.1/admincenter/enroll.md rename to docs/directorymanager/11.1/signin/concepts/enroll.md index cd218335b9..8116048cb6 100644 --- a/docs/directorymanager/11.1/admincenter/enroll.md +++ b/docs/directorymanager/11.1/signin/concepts/enroll.md @@ -1,3 +1,9 @@ +--- +title: "Enroll your Identity Store Account" +description: "Enroll your Identity Store Account" +sidebar_position: 10 +--- + # Enroll your Identity Store Account When the administrator has enabled multifactor authentication and second factor authentication for @@ -7,14 +13,14 @@ enrolling, they will not be able to sign into Directory Manager. To enroll, a user must register his or her identity store account in Directory Manager using one or more authentication types. When a user enrolls for multifactor authentication, it also suffices for second factor authentication, and vice versa. See the -[Authentication Policy](/docs/directorymanager/11.1/admincenter/identitystore/configure/authpolicy.md) topic for a list of supported +[Authentication Policy](/docs/directorymanager/11.1/signin/authpolicy/authpolicy.md) topic for a list of supported authentication types. - For second factor authentication, a user must enroll his or her account with any one authentication type. - For multifactor authentication, a user may have to enroll with more than one authentication type, depending on what the administrator has configured for the respective user's security role. See - the[Enforce Authentication Types for Multifactor Authentication](securityrole/policy/authentication.md#enforce-authentication-types-for-multifactor-authentication) + the[Enforce Authentication Types for Multifactor Authentication](/docs/directorymanager/11.1/signin/securityrole/policy/authentication.md#enforce-authentication-types-for-multifactor-authentication) topic. Account enrollment is a one-time process. Enrolled users must authenticate their identity store @@ -29,7 +35,7 @@ Step 2 – On signing in, unenrolled users are redirected to the **Your Enrollme this page represent the different authentication types the administrator has enabled for enrollment. You can also launch the **Your Enrollments** page from Admin Center and the portal. See the -[Enroll your Account](general/accessapplications.md#enroll-your-account) topic for additional +[Enroll your Account](/docs/directorymanager/11.1/signin/concepts/accessapplications.md#enroll-your-account) topic for additional information. Step 3 – Select an authentication type to enroll your account with. diff --git a/docs/directorymanager/11.1/admincenter/general/globalpool.md b/docs/directorymanager/11.1/signin/concepts/globalpool.md similarity index 83% rename from docs/directorymanager/11.1/admincenter/general/globalpool.md rename to docs/directorymanager/11.1/signin/concepts/globalpool.md index c8fcea0c6b..ac401fc90a 100644 --- a/docs/directorymanager/11.1/admincenter/general/globalpool.md +++ b/docs/directorymanager/11.1/signin/concepts/globalpool.md @@ -1,3 +1,9 @@ +--- +title: "Manage the Global Question Pool" +description: "Manage the Global Question Pool" +sidebar_position: 110 +--- + # Manage the Global Question Pool Directory Manager provides a list of predefined security questions for enrollment and @@ -35,6 +41,6 @@ To search for a security question in the list, enter a search string in the sear **See Also** -- [Set up Authentication via Security Questions](/docs/directorymanager/11.1/admincenter/setupauth/securityquestions.md) -- [Directory Manage Password Policy ](/docs/directorymanager/11.1/admincenter/securityrole/policy/password.md) -- [Manage the Local Question Pool](/docs/directorymanager/11.1/admincenter/identitystore/configure/security/securityquestions.md) +- [Set up Authentication via Security Questions](/docs/directorymanager/11.1/signin/authpolicy/setupauth/securityquestions.md) +- [Directory Manage Password Policy ](/docs/directorymanager/11.1/signin/securityrole/policy/password.md) +- [Manage the Local Question Pool](/docs/directorymanager/11.1/signin/identitystore/configure/securityquestions.md) diff --git a/docs/directorymanager/11.1/signin/concepts/history.md b/docs/directorymanager/11.1/signin/concepts/history.md new file mode 100644 index 0000000000..15dc5a0d4c --- /dev/null +++ b/docs/directorymanager/11.1/signin/concepts/history.md @@ -0,0 +1,67 @@ +--- +title: "History in Directory Manager" +description: "History in Directory Manager" +sidebar_position: 50 +--- + +# History in Directory Manager + +In Directory Manager, history is tracked for: + +- Admin Center - Actions performed in Admin Center, such as creating identity stores, SMS gateway + accounts, changes to notification templates, and more. See the + [Admin Center History](/docs/directorymanager/11.1/signin/concepts/history_1.md) topic to view the history. +- Helpdesk - Helpdesk-specific actions, such as account unlock and enrollment. See the + [History in Helpdesk](/docs/directorymanager/11.1/signin/helpdesk/history.md) topic to view the history. +- Identity store configurations - Changes made to identity store configurations, including changes + to security roles and workflows. See the [Identity Store History](/docs/directorymanager/11.1/signin/identitystore/view/view.md) + topic to view the history. +- Identity store objects - Modifications made to objects in an identity store, such as creating + objects, updating attributes for an object, etc. It includes modifications made through: + + - Directory Manager portal (whether manually, through Synchronize jobs. or changes to object + entitlements) + - Management Shell cmdlets + - Admin Center (actions performed by schedules only) + - Directory Manager APIs + + See the [History](/docs/directorymanager/11.1/welcome/history/overview.md) topic to view this history. + +Enable History Tracking + +History for Admin Center and helpdesk is tracked by default and you cannot disable it. + +However, history for identity store configurations and objects is disabled by default. You can +enable it for an identity store as well as choose to track all or specific actions. See the +[Configure History Tracking](/docs/directorymanager/11.1/signin/identitystore/configure/historytracking.md) topic. + +Where is History Displayed? + +- History for Admin Center, helpdeak, and identity store configurations is displayed in Admin + Center, each displayed on separate pages. +- History for identity store objects is displayed in the Directory Manager portal. + +History Retention + +The _history retention_ setting for an identity store enables you to choose whether you want to keep +history data forever or for a specific period. See the +[Retain Complete History Data](/docs/directorymanager/11.1/signin/identitystore/configure/historytracking.md#retain-complete-history-data) +and +[Retain History for a Specific Period](/docs/directorymanager/11.1/signin/identitystore/configure/historytracking.md#retain-history-for-a-specific-period) +topics. Your desired setting applies to all history tracked for the respective identity store, +including that tracked for helpdesk and Admin Center. + +NOTE: Actions tracked under Admin Center history are independent of an identity store. In this case, +history retention settings apply to a history item in the context of the identity store selected by +the user to log into Admin Center to perform that action. +**Example:** UserA selects IdentityStoreA to sign into Admin Center and creates an SMS gateway +account. This user then selects IdentityStoreB to sign into Admin Center and creates a Directory +Manager portal. Both actions are logged in Admin Center history. However, history retention setting +of IdentityStoreA will apply to the SMS gateway account creation action and that of IdentityStoreB +will apply to the Directory Manager portal creation action. + +Event Logging + +In addition to history tracking, Directory Manager provides event logging, which includes file +logging and Windows logging for Directory Manager clients and services. See the +[Event Logging](/docs/directorymanager/11.1/signin/identitystore/view/eventlogging.md) topic. diff --git a/docs/directorymanager/11.1/signin/concepts/history_1.md b/docs/directorymanager/11.1/signin/concepts/history_1.md new file mode 100644 index 0000000000..3bda5a7851 --- /dev/null +++ b/docs/directorymanager/11.1/signin/concepts/history_1.md @@ -0,0 +1,95 @@ +--- +title: "Admin Center History" +description: "Admin Center History" +sidebar_position: 60 +--- + +# Admin Center History + +Directory Manager auto tracks the following actions performed in Admin Center: + +- Creation and deletion of identity store +- Creation and deletion of SMS gateway accounts +- Creation and deletion of applications, namely Directory Manager portal, Data service, and Security + service +- Addition and removal of security questions in the global question pool +- Changes to global replication settings +- Manual sending and deletion of notifications in the notification queue +- Modifications to notification templates + +History can be viewed using the **History** node in Admin Center. You can: + +- Annotate a history action that you have performed. These annotations may explain the reason for + performing an action. +- Narrow down the history items using filters. +- Export history data to Microsoft Excel, CSV, and XML formats. + +See the [History in Directory Manager](/docs/directorymanager/11.1/signin/concepts/history.md) and +[Event Logging](/docs/directorymanager/11.1/signin/identitystore/view/eventlogging.md) topics for additional information. + +What do you want to do? + +- View Admin Center History +- Annotate History Items +- Export Admin Center History + +## View Admin Center History + +You can view the history data that Directory Manager auto tracks for high level actions performed in +Admin Center. + +To view history: + +1. In Admin Center, click **History** in the left pane. + The **Admin Center History** page displays history data in a descriptive, concise, and + user-friendly manner. Items are sorted according to the date and time, with the most recent at + the top. +2. Click a history item to view its details. The **History Details** dialog box displays the + following: + - **Object Name:** The name of the object the action was performed on. + - **Who:** The name of the user who performed the action. + - **Where:** The name of the computer the action was performed on. + - **When:** The date and time of the action. + - **Added Item(s):** A short description of the action. + - **Removed Item(s):** This box is displayed for actions showing deletion. It displays a short + description of the action. +3. The **Add Note** button is available if you performed this action. See + [Annotate History Items](/docs/directorymanager/11.1/signin/identitystore/view/details.md#annotate-history-items) to manage + notes. +4. Click **Close**. + +### Filter History Data + +Filters on the **Admin Center History** page are similar to those on the **Identity Store History** +page. Refer to the [Filter History Data](/docs/directorymanager/11.1/signin/identitystore/view/view.md#filter-history-data) topic +to apply the filters. + +### Navigate the History Data + +Navigation options on the **Admin Center History** page are similar to those on the **Identity Store +History** page. Refer to the +[Navigate Through History Items](/docs/directorymanager/11.1/signin/identitystore/view/view.md#navigate-through-history-items) +topic for help. + +## Annotate History Items + +1. In Admin Center, click **History** in the left pane. +2. On the **Admin Center History** page, click a history item and proceed to add a note. See the + [Annotate History Items](/docs/directorymanager/11.1/signin/identitystore/view/details.md#annotate-history-items) topic for + details. + +## Export Admin Center History + +You can export Admin Center history to Microsoft Excel, CSV, and XML formats. + +**To export history:** + +1. In Admin Center, click **History** in the left pane. +2. On the **Admin Center History** page, click **Export History**. +3. On the **Export History** dialog box, enter a name for the history file in the **Name** box or + leave it to default. +4. Select a format for the history file in the **Format** drop-down list. Available formats are + Excel, CSV, and XML +5. Click **Export History**. The file is saved at the download location specified in browser + settings. +6. A message is displayed that history data is successfully exported. Click **OK**. diff --git a/docs/directorymanager/11.1/signin/concepts/licensing.md b/docs/directorymanager/11.1/signin/concepts/licensing.md new file mode 100644 index 0000000000..e181f51725 --- /dev/null +++ b/docs/directorymanager/11.1/signin/concepts/licensing.md @@ -0,0 +1,117 @@ +--- +title: "Licensing" +description: "Licensing" +sidebar_position: 100 +--- + +# Licensing + +You can license Directory Manager under one or more of these license types: + +- **Suite** - enables access to all Directory Manager functionality and its clients, including the + Directory Manager portal, Management Shell, and APIs. +- **Group Management** - enables access to all the group management features in Directory Manager, + except those licensed under add-ons. +- **User Management** - enables access to all the user management features in Directory Manager, + except those licensed under add-ons. +- **Password Management** - enables access to password management functions in Directory Manager, + that are: + + - Account unlock and password reset by both end users and helpdesk + - Multifactor authentication + - Second way authentication + +- **Add-ons** - licenses for the following add-ons are available: + + - **API** - separate licenses are required for user-specific and group-specific APIs. + - **Workflow** - enables you to create new workflows, update existing workflows, specify a + default approver, and delete workflow requests. Separate licenses are required for + user-specific and group-specific workflows. + - **Workflow Acceleration** - enables you to use the workflow approver acceleration function. + Separate licenses are required to accelerate user-specific and group-specific workflows. + - **Management Shell** - separate licenses are required for user-specific and group-specific + cmdlets. + - **Entitlement** - separate licenses are required to manage entitlements for users and groups. + - **Synchronize Jobs** - separate licenses are required for user-specific and group-specific + Synchronize jobs. + - **Group Lifecycle** - required to run the Group Lifecycle schedule in the identity stores. + - **Dynamic Groups** - required to create and manage Smart Groups and Dynasties in Directory + Manager. + - **Power Automate** - enables you to integrate Directory Manager workflows with Power Automate + flows. Separate licenses are required for integrating user-specific and group-specific + workflows. + - **Group Usage Service** - required to run the Group Usage Service schedule in the identity + stores. + - **Group Attestation** - required to enable the group attestation function in the identity + stores. + - **Linked Identity Stores** - required to manage identical user objects and identical group + objects in the identity store(s). It works as follows with other Directory Manager licenses: + + - **Suite License**: enables the linked identity stores feature fully functional. You can + manage your linked identities. In case of an Active Directory identity store and Microsoft + Entra ID identity store link, you can manage entitlements of File Servers and SharePoint + sites also. + - **Group Management license**: enables you to manage identical groups in the linked + identity store(s) and auto sync them. + - **User Management license**: enables you to manage identical user objects in the linked + identity store(s) and auto sync them. + - **Password Management license**: the linked identity stores feature works in preview mode. + +A license is valid for a period of 12 months. + +NOTE: All the above licenses are also available for a trial period. + +NOTE: Licenses for certain add-ons are dependent on other licenses, such as the Group Attestation +license is dependent on the Group Usage Service license, which in turn is dependent on the Group +Management license. + +What happens when your license expires + +When a license expires, its respective functions get read-only but you can configure certain +settings, such as create identity stores, create data sources, and define replication settings. +Moreover, unlicensed functions are displayed with a yellow icon next to them. On hovering the mouse +over the icon, a message is displayed with two buttons: **Learn more** and **Upgrade**. Both buttons +redirect you to the +[Group and User Management Software from Netwrix](https://www.netwrix.com/group_and_user_management_software.html) +page, where you can learn more about Directory Manager and purchase or renew your Directory Manager +licenses. + +## Add a License + +1. In Admin Center, click **Settings** at the bottom of the left navigation pane. +2. On the **Licensing Settings** tab of the **GroupID Settings** page, click **Add New License**. +3. Enter a valid license number and key for your product copy in the respective boxes. A valid + license and key enable the **Add License** button; if it remains disabled, check your entries for + errors. +4. Click **Add License**. + + License details are displayed on the **Licensing Settings** tab as: + + - **Status:** the license status as _Valid_ or _Expired_ + - **Module:** the license type, such as _Suite_ or _Group Management_ + - **Expire:** the expiration date of the license + - **License(s):** the number of users covered under the license + - **Actions:** displays the _Edit_ and _Delete_ icons, enabling you to update or remove the + license accordingly. + +5. If you have multiple Directory Manager licenses, repeat steps 2 – 4 for each license. + +## Update a License + +1. In Admin Center, click **Settings** at the bottom of the left navigation pane. +2. On the **Licensing Settings** tab of the **GroupID Settings** page, click **Edit** for a license + in the **Actions** column to update it. +3. On the **Update/Replace License** dialog box, update the license number and key. +4. Click **Update** to save the changes. + +## Remove a License + +On removing a license, users lose all access to the functionality covered under the license. + +NOTE: A dependent license is rendered ineffective when you remove its parent license. + +To remove a license: + +1. In Admin Center, click **Settings** at the bottom of the left navigation pane. +2. On the **Licensing Settings** tab of the **GroupID Settings** page, click **Delete** for a + license in the **Actions** column to remove it. diff --git a/docs/directorymanager/11.1/admincenter/general/logs.md b/docs/directorymanager/11.1/signin/concepts/logs.md similarity index 91% rename from docs/directorymanager/11.1/admincenter/general/logs.md rename to docs/directorymanager/11.1/signin/concepts/logs.md index 77d76fc662..56e339ea65 100644 --- a/docs/directorymanager/11.1/admincenter/general/logs.md +++ b/docs/directorymanager/11.1/signin/concepts/logs.md @@ -1,3 +1,9 @@ +--- +title: "Get Logs" +description: "Get Logs" +sidebar_position: 120 +--- + # Get Logs Directory Manager generates logs for its services, clients, and Windows events, which are saved at @@ -41,5 +47,5 @@ What do you want to do? **See Also** -- [Event Logging](/docs/directorymanager/11.1/admincenter/identitystore/history/eventlogging.md) -- For a Portal - [Manage Log Settings](/docs/directorymanager/11.1/admincenter/portal/server/log.md) +- [Event Logging](/docs/directorymanager/11.1/signin/identitystore/view/eventlogging.md) +- For a Portal - [Manage Log Settings](/docs/directorymanager/11.1/signin/applications/portal/server/log.md) diff --git a/docs/directorymanager/11.1/admincenter/general/navigation.md b/docs/directorymanager/11.1/signin/concepts/navigation.md similarity index 94% rename from docs/directorymanager/11.1/admincenter/general/navigation.md rename to docs/directorymanager/11.1/signin/concepts/navigation.md index 1ccdccc02c..237b1bc545 100644 --- a/docs/directorymanager/11.1/admincenter/general/navigation.md +++ b/docs/directorymanager/11.1/signin/concepts/navigation.md @@ -1,6 +1,12 @@ +--- +title: "Navigation" +description: "Navigation" +sidebar_position: 40 +--- + # Navigation -On signing into Admin Center, you land on the [Dashboard](/docs/directorymanager/11.1/admincenter/general/dashboard.md). +On signing into Admin Center, you land on the [Dashboard](/docs/directorymanager/11.1/signin/concepts/dashboard.md). The following options help you to navigate the application: @@ -64,6 +70,6 @@ The menu pane in the left enables you to navigate to different functions in Admi **See Also** -- [Change your Password](/docs/directorymanager/11.1/admincenter/general/changepassword.md) -- [Switch Accounts](/docs/directorymanager/11.1/admincenter/general/switchaccount.md) -- [Access your Applications](/docs/directorymanager/11.1/admincenter/general/accessapplications.md) +- [Change your Password](/docs/directorymanager/11.1/signin/concepts/changepassword.md) +- [Switch Accounts](/docs/directorymanager/11.1/signin/concepts/switchaccount.md) +- [Access your Applications](/docs/directorymanager/11.1/signin/concepts/accessapplications.md) diff --git a/docs/directorymanager/11.1/admincenter/general/switchaccount.md b/docs/directorymanager/11.1/signin/concepts/switchaccount.md similarity index 89% rename from docs/directorymanager/11.1/admincenter/general/switchaccount.md rename to docs/directorymanager/11.1/signin/concepts/switchaccount.md index a7dca438ca..715d2f6ac1 100644 --- a/docs/directorymanager/11.1/admincenter/general/switchaccount.md +++ b/docs/directorymanager/11.1/signin/concepts/switchaccount.md @@ -1,3 +1,9 @@ +--- +title: "Switch Accounts" +description: "Switch Accounts" +sidebar_position: 80 +--- + # Switch Accounts You do not need to sign out of Admin Center or a portal in order to sign in with a different diff --git a/docs/directorymanager/11.1/signin/datasource/_category_.json b/docs/directorymanager/11.1/signin/datasource/_category_.json new file mode 100644 index 0000000000..83c05a2b71 --- /dev/null +++ b/docs/directorymanager/11.1/signin/datasource/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Data Sources", + "position": 50, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/directorymanager/11.1/signin/datasource/create.md b/docs/directorymanager/11.1/signin/datasource/create.md new file mode 100644 index 0000000000..ee75f642bc --- /dev/null +++ b/docs/directorymanager/11.1/signin/datasource/create.md @@ -0,0 +1,428 @@ +--- +title: "Create a Data Source" +description: "Create a Data Source" +sidebar_position: 10 +--- + +# Create a Data Source + +You can create Synchronize jobs to synchronize data across different providers. As a prerequisite, +you must create data sources for those providers. + +Data sources are primarily used in Synchronize jobs, but you can also use them in queries to search +for directory objects and in queries for group membership update. + +What do you want to do? + +- Create a Data Source for MS Excel +- Create a Data Source for MS Access +- Create a Data Source for Oracle +- Create a Data Source for SQL Server +- Create a Data Source for a Text/CSV File +- Create a Data Source for ODBC +- Create a Data Source for SCIM + +## Create a Data Source for MS Excel + +Create a data source for an Excel file to establish a connection before using it as a source or +destination in Synchronize jobs, or in queries. Directory Manager enables you to connect to an Excel +file that is placed on a local server or on OneDrive. + +Synchronize supports Microsoft Excel (\*.xls | xlsx) to serve as both a source and destination +provider. Use it as destination in a Synchronize job to export data from a source to a new Excel +worksheet. The schema of the new Excel worksheet is automatically built according to fields that you +select from the source to map to the destination. + +The Directory Manager Installer installs the required components for the MS Excel provider while +installing Directory Manager. However, if you experience any issue, make sure the following are +installed on the Directory Manager server: + +- Microsoft Office 2007 or later +- Data connectivity components found at + [Microsoft Access Database Engine 2016 Redistributable](https://www.microsoft.com/en-us/download/details.aspx?id=54920). + +The Excel file for creating a data source can be placed on a local server or OneDrive. Follow the +steps in the respective section to create a data source. + +- When the Excel File is Located on a Local Server +- When the Excel file is located on OneDrive + +### When the Excel File is Located on a Local Server + +Step 1 – In Admin Center, click **Data Sources** in the left pane. + +Step 2 – On the Data Sources page, click **Create Data Source** in the top right corner. The Create +Data Source page is displayed. + +Step 3 – In the Data Source Type drop-down list, select a provider type to create a data source for. +This list displays the supported providers. Select _Microsoft Excel_. + +Step 4 – Enter a name for the data source in the Name box. + +Step 5 – From the File Server drop-down list, select _Local Server_. + +Step 6 – In the File Path box, provide the path to the MS Excel file you want to create the data +source for. This path should be complete with the file name and extension. For example: +D:\Employee Records\Sheets\EmployeeMedical Records.xlsx + +NOTE: The MS Excel file must be placed either on the machine that Data service is installed on, or a +location that Data service can access. + +Step 7 – In case the file is placed on a network path, enter the network domain or hostname in the +Domain/Hostname box. + +Step 8 – In the User Account and Password boxes, enter the username and password of an account to +access the file on the network path. + +Step 9 – Click **Create Data Source**. +The data source is available on the Excel tab of the Data Sources page. + +### When the Excel file is located on OneDrive + +Step 1 – In Admin Center, click **Data Sources** in the left pane. + +Step 2 – On the Data Sources page, click **Create Data Source** in the top right corner. The Create +Data Source page is displayed. + +Step 3 – In the Data Source Type drop-down list, select a provider type to create a data source for. +This list displays the supported providers. Select _Microsoft Excel_. + +Step 4 – Enter a name for the data source in the Name box. + +Step 5 – From the File Server drop-down list, select _OneDrive_. + +Step 6 – In the Service Account and Service Account Password boxes, enter the username and password +of a service account to access the file on OneDrive. + +Step 7 – In the Registered Application ID on Azure Active Directory box, enter the application ID +assigned to the Directory Manager application when you registered it in Microsoft Entra Admin +Center. + +NOTE: The registered app must have the following API permissions to access files on OneDrive: + +![API permissions](/img/product_docs/directorymanager/11.1/admincenter/datasource/apipermissions.webp) + +Step 8 – In the Registered Tenant ID on Azure Active Directory box, enter the tenant ID assigned to +the Directory Manager application when you registered it in Microsoft Entra Admin Center. + +Step 9 – Enter the name of the file in the **File Name** box. This name should be complete with the +file extension, for example, Employee Contact Details.xlsx + +Step 10 – Click **Create Data Source**. +The data source is available on the Excel tab of the Data Sources page. + +## Create a Data Source for MS Access + +Create a data source for an Access database to establish a connection before using it as a source or +destination in Synchronize jobs, or in queries. Directory Manager enables you to connect to an +Access file that is placed on a local server or on OneDrive. + +Synchronize supports Microsoft Access (.mdb | .accdb) to serve as both a source and destination +provider. + +The MS Access provider supports automatic schema detection. For Synchronize to communicate with this +provider, data connectivity components must be installed on the Directory Manager server. These +components can be found at +[Microsoft Access Database Engine 2016 Redistributable](https://www.microsoft.com/en-us/download/details.aspx?id=54920). + +The Access file for creating a data source can be placed on a local server or OneDrive. Follow the +steps in the respective section to create a data source. + +- When the Access File is Located on a Local Server +- When the Access File is Located on OneDrive + +### When the Access File is Located on a Local Server + +Step 1 – In Admin Center, click **Data Sources** in the left pane. + +Step 2 – On the Data Sources page, click **Create Data Source** in the top right corner. The Create +Data Source page is displayed. + +Step 3 – In the Data Source Type drop-down list, select a provider type to create a data source for. +This list displays the supported providers. Select _Microsoft Access_. + +Step 4 – Enter a name for the data source in the Name box. + +Step 5 – From the File Server drop-down list, select _Local Server_. + +Step 6 – In the File Path box, provide the path to the MS Access database you want to create the +data source for. This path should be complete with the file name and extension. For example: +D:\Employee Records\Databases\Employee Medical Records.accdb + +NOTE: The Access database must be located either on the machine that Data service is installed on, +or a location that Data service can access. + +Step 7 – If the database file is password protected, enter the password in the File Password box. + +Step 8 – In case the file is placed on a network path, enter the network domain or hostname in the +Domain/Hostname box. + +Step 9 – In the User Account and Password boxes, enter the username and password of an account to +access the file on the network path. + +Step 10 – Click **Create Data Source**. +The data source is available on the Access tab of the Data Sources page. + +### When the Access File is Located on OneDrive + +Step 1 – In Admin Center, click **Data Sources** in the left pane. + +Step 2 – On the Data Sources page, click **Create Data Source** in the top right corner. The Create +Data Source page is displayed. + +Step 3 – In the Data Source Type drop-down list, select a provider type to create a data source for. +This list displays the supported providers. Select _Microsoft Access_. + +Step 4 – Enter a name for the data source in the Name box. + +Step 5 – From the File Server drop-down list, select _OneDrive_. + +Step 6 – In the Service Account and Service Account Password boxes, enter the username and password +of a service account to access the file on OneDrive. + +Step 7 – If the database file is password protected, enter the password in the File Password box. + +Step 8 – In the Registered Application ID on Azure Active Directory box, enter the application ID +assigned to the Directory Manager application when you registered it in Microsoft Entra Admin +Center. + +NOTE: The registered app must have the following API permissions to access files on OneDrive: + +![API permissions](/img/product_docs/directorymanager/11.1/admincenter/datasource/apipermissions.webp) + +Step 9 – In the Registered Tenant ID on Azure Active Directory box, enter the tenant ID assigned to +the Directory Manager application when you registered it in Microsoft Entra Admin Center. + +Step 10 – Enter the name of the file in the File Name box. This name should be complete with the +file extension, for example, Employee Medical Records.accdb. + +Step 11 – Click **Create Data Source**. +The data source is available on the Access tab of the Data Sources page. + +## Create a Data Source for Oracle + +You can create a data source for an Oracle server or a specific database on a server. This data +source can be used in queries and as source and destination provider in Synchronize jobs. This +provider supports dynamic schema detection. + +NOTE: Oracle client must be installed to use this provider. Make sure you reboot your computer after +installing the Oracle client. + +Follow the steps to create a data source. + +Step 1 – In Admin Center, click **Data Sources** in the left pane. + +Step 2 – On the Data Sources page, click **Create Data Source** in the top right corner. The Create +Data Source page is displayed. + +Step 3 – In the Data Source Type drop-down list, select a provider type to create a data source for. +This list displays the supported providers. Select _Oracle_. + +Step 4 – Enter a name for the data source in the Name box. + +Step 5 – In the Oracle Server or Service Name box, enter the name of the Oracle service or the +server you want to create the data source for. + +Step 6 – In the Service Account and Service Account Password boxes, provide the username and +password of a service account to connect to the Oracle server. +When using this data source in a Synchronize job, the user will be able to select the databases that +are accessible with these credentials. + +Step 7 – In the Protocol box, specify the protocol to use for connecting to the database(s) on the +Oracle server. For example, TCP or TCP/IP. + +Step 8 – In the HostName box, enter the name of the machine that hosts the Oracle server. + +Step 9 – In the Port Number box, enter the port configured for the Oracle server. This port is used +to communicate with the oracle server. + +Step 10 – In the Database or Schema (optional) box, specify the name of the database you want to +create the data source for. You may also leave this field blank. In that case, all databases on the +specified server will be displayed to the user in a Synchronize job. The user can select a database +as needed. + +Step 11 – Click **Create Data Source**. +The data source is available on the Oracle tab of the Data Sources page. + +## Create a Data Source for SQL Server + +Directory Manager enables you to create a data source for an SQL database. This data source can be +used in queries and as source and destination in Synchronize jobs. This provider supports dynamic +schema detection. + +Follow the steps to create a data source. + +Step 1 – In Admin Center, click **Data Sources** in the left pane. + +Step 2 – On the Data Sources page, click **Create Data Source** in the top right corner. The Create +Data Source page is displayed. + +Step 3 – In the Data Source Type drop-down list, select a provider type to create a data source for. +This list displays the supported providers. Select _SQL Server_. + +Step 4 – Enter a name for the data source in the Name box. + +Step 5 – The SQL database for which you want to create a data source resides on an SQL server. Enter +the name or IP address of this SQL server in the SQL Server Name box. + +Step 6 – By default, SQL authentication is used as an authentication mode to connect to the SQL +server. In this case, the Service Account and Service Account Password boxes are enabled. Enter the +username and password of an SQL server account to connect to the SQL server in the respective boxes. + +Step 7 – To use Windows authentication to connect to the SQL server using a Windows account, select +the **Windows Authentication** check box. With Windows authentication, users are already logged onto +Windows and do not have to log on separately to SQL Server. + +Step 8 – In the SQL Server Database Name box, specify the SQL database to create a data source for. + +Step 9 – Click **Create Data Source**. +The data source is available on the MS SQL Server tab of the Data Sources page. + +## Create a Data Source for a Text/CSV File + +You can create a data source for a comma-separated values (.csv) file or a text (.txt) file. You +must also specify the delimiter used in the file to separate values. + +This data source can be used in queries and only as a source in Synchronize jobs. + +Directory Manager enables you to connect to a text file that is placed on a local server or on +OneDrive. Follow the steps in the respective section to create a data source. + +- When the Text File is Located on a Local Server +- When the Text File is Located on OneDrive + +### When the Text File is Located on a Local Server + +Step 1 – In Admin Center, click **Data Sources** in the left pane. + +Step 2 – On the Data Sources page, click **Create Data Source** in the top right corner. The Create +Data Source page is displayed. + +Step 3 – In the Data Source Type drop-down list, select a provider type to create a data source for. +This list displays the supported providers. Select _Text/CSV_. + +Step 4 – Enter a name for the data source in the Name box. + +Step 5 – From the File Server drop-down list, select _Local Server_. + +Step 6 – In the File Path box, provide the path to the text file you want to create the data source +for. This path should be complete with the file name and extension. For example: +D:\Employee Records\Sheets\Employee Medical Records.csv + +NOTE: The text file must be placed either on the machine that Data service is installed on, or a +location that Data service can access. + +Step 7 – In the Delimiter box, specify the character that is used to separate values in the file. +You can also enter a space as a character. + +Step 8 – In case the file is placed on a network path, enter the network domain or hostname in the +Domain/Hostname box. + +Step 9 – In the User Account and Password boxes, enter the username and password of an account to +access the file on the network path. + +Step 10 – Click **Create Data Source**. +The data source is available on the Text/CSV tab of the Data Sources page. + +### When the Text File is Located on OneDrive + +Step 1 – In Admin Center, click **Data Sources** in the left pane. + +Step 2 – On the Data Sources page, click **Create Data Source** in the top right corner. The Create +Data Source page is displayed. + +Step 3 – In the Data Source Type drop-down list, select a provider type to create a data source for. +This list displays the supported providers. Select _Text/CSV_. + +Step 4 – Enter a name for the data source in the Name box. + +Step 5 – From the File Server drop-down list, select _OneDrive_. + +Step 6 – In the Service Account and Service Account Password boxes, enter the username and password +of a service account to access the file on OneDrive. + +Step 7 – In the Delimiter box, specify the character that is used to separate values in the file. +You can also enter a space as a character. + +Step 8 – In the Registered Application ID on Azure Active Directory box, enter the application ID +assigned to the Directory Manager application when you registered it in Microsoft Entra Admin +Center. + +NOTE: The registered app must have the following API permissions to access files on OneDrive: + +![API permissions](/img/product_docs/directorymanager/11.1/admincenter/datasource/apipermissions.webp) + +Step 9 – In the Registered Tenant ID on Azure Active Directory box, enter the tenant ID assigned to +the Directory Manager application when you registered it in Microsoft Entra Admin Center. + +Step 10 – Enter the name of the file in the File Name box. This name should be complete with the +file extension, for example, “Employee Contact Details.csv”. + +Step 11 – Click **Create Data Source**. +The data source is available on the Text/CSV tab of the Data Sources page. + +## Create a Data Source for ODBC + +Use an ODBC data source to connect to an ODBC-compatible provider, such as databases, directories, +or even files. Examples include SQL server, MS Access files, and Oracle. + +A separate data source should be created for each ODBC-compatible file, database, or directory you +want to use in queries or as source/destination in Synchronize jobs. + +Follow the steps to create a data source. + +Step 1 – In Admin Center, click **Data Sources** in the left pane. + +Step 2 – On the Data Sources page, click **Create Data Source** in the top right corner. The Create +Data Source page is displayed. + +Step 3 – In the Data Source Type drop-down list, select a provider type to create a data source for. +This list displays the supported providers. Select _ODBC_. + +Step 4 – Enter a name for the data source in the Name box. + +Step 5 – Enter the DSN name in the DSN box. Directory Manager uses this name to request a connection +to the ODBC data source. Note the following: + +- For a system DSN, simply provide the name of the DSN. +- For a file DSN, provide the file path with file name and extension. + +Step 6 – Select the **System DSN** or **File DSN** option button to specify the DSN type to use for +connecting to the data source. + +Step 7 – In case the data source is password protected, provide a username and password in the +**Service Account** and **Service Account Password** boxes to access it. +Depending on the data source, you may not necessarily have to provide both a username and password. +For example, an MS Access database may need a password only while an SQL server may require both +username and password. + +Step 8 – Click **Create Data Source**. +The data source is available on the ODBC tab of the Data Sources page. + +## Create a Data Source for SCIM + +Directory Manager supports identity providers, namely Active Directory, Microsoft Entra ID, and +Google Workspace, but it does not support Slack, AWS, JumpCloud, and GitHub. You can create a +SCIM-based data source for these and other providers to use them in queries and as +source/destinations in Synchronize jobs. As a prerequisite, the provider must support SCIM and +expose an endpoint URL that Directory Manager can consume. + +Follow the steps to create a data source. + +Step 1 – In Admin Center, click **Data Sources** in the left pane. + +Step 2 – On the Data Sources page, click **Create Data Source** in the top right corner. The Create +Data Source page is displayed. + +Step 3 – In the Data Source Type drop-down list, select a provider type to create a data source for. +This list displays the supported providers. Select _SCIM_. + +Step 4 – Enter a name for the data source in the Name box. + +Step 5 – In the SCIM Endpoint box, enter the SCIM endpoint URL exposed by the provider for which you +want to create a data source. + +Step 6 – In the Bearer Token box, enter the authentication token you generated in the provider. + +Step 7 – Click **Create Data Source**. +The data source is available on the SCIM tab of the Data Sources page. diff --git a/docs/directorymanager/11.1/signin/datasource/manage.md b/docs/directorymanager/11.1/signin/datasource/manage.md new file mode 100644 index 0000000000..6383bf8541 --- /dev/null +++ b/docs/directorymanager/11.1/signin/datasource/manage.md @@ -0,0 +1,58 @@ +--- +title: "Manage a Data Source" +description: "Manage a Data Source" +sidebar_position: 20 +--- + +# Manage a Data Source + +Directory Manager enables you to create data sources for various data providers. You can also update +and delete these data sources. + +## Search a Data Source for a Specific Provider + +You can search for a data source built on a particular provider by its name. + +Follow the steps to search a data source. + +Step 1 – In Admin Center, click **Data Sources** in the left pane. + +Step 2 – On the Data Sources page, click the tab for a provider to search for a data source built on +it. + +Step 3 – Enter a search string in the search box and press _Enter_. Data sources that contain the +string in their names are displayed. + +## Update a Data Source + +You can update the details provided for a data source, such as its display name, the service account +credentials to connect to it, and any other info you provided while creating it. + +Follow the steps to update the details for a data source. + +Step 1 – In Admin Center, click **Data Sources** in the left pane. + +Step 2 – On the Data Sources page, click the tab for the provider the data source is built on. + +Step 3 – Click **Edit** for a data source. The **Update Data Source** page is displayed, that +differs by provider. Refer to the steps for creating the respective data source in the +[Create a Data Source](/docs/directorymanager/11.1/signin/datasource/create.md) topic to modify the info. + +Step 4 – Click **Update Data Source**. + +## Delete a Data Source + +You can delete a data source to prevent users from using it as source and destination in Synchronize +jobs. + +NOTE: Deleting a data source corrupts all Synchronize jobs, membership queries, and search queries +using that data source. + +Follow the steps to delete a data source. + +Step 1 – In Admin Center, click **Data Sources** in the left pane. + +Step 2 – On the Data Sources page, click the tab for the provider for which you want to delete a +data source. + +Step 3 – Click **Delete** for a data source to delete it. diff --git a/docs/directorymanager/11.1/signin/datasource/overview.md b/docs/directorymanager/11.1/signin/datasource/overview.md new file mode 100644 index 0000000000..a64f4efe01 --- /dev/null +++ b/docs/directorymanager/11.1/signin/datasource/overview.md @@ -0,0 +1,49 @@ +--- +title: "Data Sources" +description: "Data Sources" +sidebar_position: 50 +--- + +# Data Sources + +You can create data sources in Directory Manager for the following providers, which include +directories, databases, and files: + +- MS Excel +- MS Access +- Oracle +- SQL Server +- Text/CSV (can only be used as a source in a Synchronize job) +- ODBC +- SCIM + +## Where are Data Sources Used? + +Data sources are used in the Directory Manager portal in the following ways: + +As source and destination in Synchronize jobs + +Synchronize jobs enable you to provision objects, deprovision objects, and sync data from one data +source to another. See the [Synchronize](/docs/directorymanager/11.1/welcome/synchronize/overview.md) topic for additional +information. + +As external data source for query-based searches + +A Query Designer is used to perform targeted searches in the directory. While creating a search +query, you can combine a data source with the directory to search for specific objects. See the +[Query Based Advanced Search](/docs/directorymanager/11.1/welcome/generalfeatures/querysearch.md) topic for additional information. + +As external data source for membership queries + +A Query Designer enables you to specify membership queries for Smart Groups and Dynasties. When you +specify a data source in the Query Designer, Directory Manager reads records from it and fetches +similar objects from the directory to add to a group's membership. See the +[Query Designer - Database tab](/docs/directorymanager/11.1/welcome/group/querydesigner/database.md) topic for additional +information. + +As external data source for query-based searches + +Another Query Designer is used to perform targeted searches in the directory. While creating a +search query, you can combine a data source with the directory to search for specific objects. See +the [Query Based Advanced Search](/docs/directorymanager/11.1/welcome/generalfeatures/querysearch.md) topic for additional +information. diff --git a/docs/directorymanager/11.1/signin/entitlement/_category_.json b/docs/directorymanager/11.1/signin/entitlement/_category_.json new file mode 100644 index 0000000000..3f24e84e75 --- /dev/null +++ b/docs/directorymanager/11.1/signin/entitlement/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Entitlement", + "position": 70, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/directorymanager/11.1/signin/entitlement/manage.md b/docs/directorymanager/11.1/signin/entitlement/manage.md new file mode 100644 index 0000000000..5c634946bc --- /dev/null +++ b/docs/directorymanager/11.1/signin/entitlement/manage.md @@ -0,0 +1,321 @@ +--- +title: "Manage File Servers" +description: "Manage File Servers" +sidebar_position: 10 +--- + +# Manage File Servers + +You can specify file servers in an Active Directory identity store to replicate their entitlement +data to Elasticsearch for Directory Manager. You can then manage these entitlements using Directory +Manager. Entitlement data includes the permissions granted on shared files and folders residing on +these file servers. + +You can also manage certain settings for a server, such as change the service account for reading +and managing entitlements and exclude a shared folder on a file server from replication. + +What do you want to do? + +- Specify File Servers for Entitlement Management +- Specify File Servers Outside the Criteria +- Include Future Servers for Entitlement Management +- View the Shared Folders on a File Server +- Exclude a Folder on a Server from Replication +- Connect to a File Server Using a Different Account +- Replicate Permissions Manually +- Exclude a Server From Entitlement Management +- Restore a Server for Entitlement Management + +## Specify File Servers for Entitlement Management + +To select file servers for entitlement management, you have to specify an OU or group as criterion. +Directory Manager fetches server objects from the specified OU or group. Once you save it, you also +get an option to add servers from outside the criterion, such as from a different OU. + +You can also change the criterion, such as specify a different OU or group for fetching file +servers. + +**To specify a criterion for fetching file server(s):** + +1. In Admin Center, click **Identity Stores** in the left pane. +2. On the **Identity Stores** page, click the ellipsis button for an identity store and select + **Edit**. +3. Click **Entitlement** under **Settings** in the left pane to launch the **Entitlement** page. + When no file server is defined, you land on a blank page. +4. Click **Set up File Server(s)**. +5. In the **Search Criteria** area, specify a _group or container_ to fetch the server objects from. + These server objects are essentially joined to the domain the identity store is connected to. + + **Designate a container as criteria:** + + 1. Select the **Container** option button. + 2. By default, the entire directory is selected. To fetch server objects from a specific OU + rather than the entire directory, click the arrow in the box and select an OU. Then click + **Search**. Server objects residing in this OU and its nested OUs are displayed in the + **Included File Servers** area. + + **Designate a group as criteria:** + + 1. Select the **Group** option button. + 2. Enter a search string in the box to search for your required group in the directory. You can + also click **Advanced** to search the group by name, display name, and description. On + selecting a group, all server objects that are members of this group will be displayed in the + **Included File Servers** area. + +6. Click **Save** on the **Entitlement** page. + +#### File Server Details + +The following information is displayed for a file server in the **Included File Servers** area: + +- **Name:** the file server name. +- **User Name:** the user account used to connect to the file server to read and update permissions + on shared files and folders residing on the server. + + - If the service account specified for the identity store is used, the column does not display + anything. + - If you have designated a different account for this purpose, the username of the account is + displayed here. See the Connect to a File Server Using a Different Account topic. + +- **RC Status**: Displays the replication status for the server with respect to the replication + performed by the GroupID Entitlement schedule. Different statuses are: + + - **Request + ![rc_request](/img/product_docs/directorymanager/11.1/admincenter/entitlement/ad/rc_request.webp):** + permission data for the file server has never been replicated to Elasticsearch. + - **Success + ![rc_success](/img/product_docs/directorymanager/11.1/admincenter/entitlement/ad/rc_success.webp):** + permission data for the file server was successfully replicated when the GroupID Entitlement + schedule last ran. + - **Fail + ![rc_fail](/img/product_docs/directorymanager/11.1/admincenter/entitlement/ad/rc_fail.webp):** + replication failed for the server due to an error. + - **Running + ![rc_running](/img/product_docs/directorymanager/11.1/admincenter/entitlement/ad/rc_running.webp):** + the GroupID Entitlement schedule is running and replication is in progress. + +- **Last Replicated**: the date and time the GroupID Entitlement schedule last replicated + entitlement data for the file server to Elasticsearch. _N/A_ is displayed when the file server has + never been replicated. +- **Status**: Click **Get Status** to check the status of the file server, represented by the + following colors: + + - Red: The server is inactive, decommissioned, or cannot be accessed. + - Green: The server is active and accessible. + +- **Actions**: Click the ellipsis button in the **Actions** column and do one of the following: + + - Click **Edit** to view the shared folders residing on the server, include/exclude a folder for + entitlement management, and change the service account used to connect to the server for + reading and updating entitlements. + - Click **Add to Exclude Server List** to exclude the file server from entitlement management. + Directory Manager does not read and display entitlement data for an excluded server. + +#### Search File Servers + +The _Search Filters_ area is available in both the **Included File Servers** and **Excluded File +Servers** sections. Use it to search for a file server in the respective listing. + +1. Click on the _Search Filters_ bar to expand the filter area. +2. Specify a filter expression to search a server by name. + + 1. Select _Name_ in the **Attributes** drop-down list. This is the only attribute available for + performing a search. + 2. Select an option in the **Operators** drop-down list. + + - _Is exactly:_ Displays the server with exactly the same name as you enter in the **Value** + box. + - _Contains:_ Displays the servers whose names contain the text you enter in the **Value** + box. + - _Starts with:_ Displays the servers whose names start with the text you enter in the + **Value** box. + - _Ends with:_ Displays the servers whose names end with the text you enter in the **Value** + box. + + 3. Enter a string in the **Value** box. + +3. Click **Apply**. The file servers listing displays the servers that match the criterion. + +## Specify File Servers Outside the Criteria + +Directory Manager allows you to specify a group or container as criterion to fetch file servers from +there for entitlement management. But since only a single group or container can be specified as +criterion, there may be a situation where you want to specify a server from outside this criterion. +To facilitate this, Directory Manager enables you to search and select file servers in the domain +for entitlement management. + +**To specify a file server outside of criteria:** + +1. In Admin Center, click **Identity Stores** in the left pane. +2. On the **Identity Stores** page, click the ellipsis button for an identity store and select + **Edit**. +3. Click **Entitlement** under **Settings** in the left pane. +4. On the **Entitlement** page, click **Include Servers other than Criteria**. +5. The **Find Servers** dialog box, by default, displays file servers from the entire directory that + reside outside the container or group specified as criteria. Click in the box and select an OU to + narrow down the server listing. + Select the check boxes for the file server(s) to include them for entitlement management. +6. Click **Save**. The selected servers are displayed in the **Included File Servers** area on the + **Entitlement** page. +7. Click **Save**. + +## Include Future Servers for Entitlement Management + +1. In Admin Center, click **Identity Stores** in the left pane. +2. On the **Identity Stores** page, click the ellipsis button for an identity store and select + **Edit**. +3. Click **Entitlement** under **Settings** in the left pane. +4. On the **Entitlement** page, select the **Include all future servers** check box to ensure that + all server objects that are added to the group/container (specified in the **Search Criteria** + area) in the future are automatically displayed in the **Included File Servers** area for + entitlement data replication. +5. Click **Save**. + +## View the Shared Folders on a File Server + +1. In Admin Center, click **Identity Stores** in the left pane. +2. On the **Identity Stores** page, click the ellipsis button for an identity store and select + **Edit**. +3. Click **Entitlement** under **Settings** in the left pane. +4. In the **Included File Servers** area on the **Entitlement** page, click the ellipsis button for + a server and select **Edit**. On the **Edit Server** dialog box: + + - The **Server Shares** area displays the shared folders on the server. + - The name of the [GroupID Entitlement Schedule](/docs/directorymanager/11.1/signin/schedule/entitlement.md) that computes + the permissions on shared files and folders residing on the server and replicates them to + Elasticsearch, is displayed next to **Job**. + +## Exclude a Folder on a Server from Replication + +By default, Directory Manager computes and replicates permissions on all shared files/folders on the +configured servers. You can exclude a folder on a server from this activity. + +When a folder is excluded, its entitlement data replicated to-date is also cleared. + +**To exclude a folder:** + +1. In Admin Center, click **Identity Stores** in the left pane. +2. On the **Identity Stores** page, click the ellipsis button for an identity store and select + **Edit**. +3. Click **Entitlement** under **Settings** in the left pane. +4. In the **Included File Servers** area on the **Entitlement** page, click the ellipsis button for + a server and select **Edit**. +5. On the **Edit Server** dialog box, the **Server Shares** area displays the shared folders on the + server. Clear the check box for a folder to exclude it from replication and click **Apply + Changes**. +6. Click **Save** on the **Entitlement** page. + +## Connect to a File Server Using a Different Account + +By default, the service account specified for the identity store is used to connect to a file server +for reading and managing the effective permissions assigned to objects on the shared folders. You +can designate a different account for this activity. + +**To change the service account for a file server:** + +1. In Admin Center, click **Identity Stores** in the left pane. +2. On the **Identity Stores** page, click the ellipsis button for an identity store and select + **Edit**. +3. Click **Entitlement** under **Settings** in the left pane. +4. In the **Included File Servers** area on the **Entitlement** page, click the ellipsis button for + a server and select **Edit**. +5. On the **Edit Server** dialog box, you can change the service account used to connect to the + server for reading and updating permissions. The + [GroupID Entitlement Schedule](/docs/directorymanager/11.1/signin/schedule/entitlement.md), + [Entitlement Scope Schedule](/docs/directorymanager/11.1/signin/schedule/entitlementscope.md), and + [Entitlement Temporary Permissions Schedule](/docs/directorymanager/11.1/signin/schedule/entitlementtemporarypermissions.md) + run in the context of the account specified here. + + - The **Use Identity Store Service Account** check box is selected by default, indicating that + the service account specified for the identity store is used to connect to the server. + - To change the account, clear the **Use Identity Store Service Account** check box and specify + the credentials of an account in the **User name** and **Password** boxes. This account must + have elevated permissions to manage the effective NTFS permissions for the shared resources on + the server. + On changing the credentials, use the **Reconnect** button to test the connectivity and fetch + the shared folders again with the given credentials. + +6. Click **Apply Changes**. +7. Click **Save** on the **Entitlement** page. + +## Replicate Permissions Manually + +After adding a file server for entitlement management, it is essential to replicate object +permissions from the file server to Elasticsearch. + +The [GroupID Entitlement Schedule](/docs/directorymanager/11.1/signin/schedule/entitlement.md) runs on a set frequency to +replicate the effective NTFS permission for the file servers. You can also run this schedule any +time manually for a specific file server or all file servers listed in the **Included File Servers** +section on the **Entitlement** page. + +**To replicate permissions manually:** + +1. In Admin Center, click **Identity Stores** in the left pane. +2. On the **Identity Stores** page, click the ellipsis button for an identity store and select + **Edit**. +3. Click **Entitlement** under **Settings** in the left pane. +4. On the **Entitlement** page, you can manually replicate permissions for one or all file servers. + + - **To replicate permissions for a server:**Select a file server in the **Included File + Servers** area and click **Replicate**. + - **To replicate permissions for multiple servers:**In the **Included File Servers** area, + select the check boxes for the servers you want to replicate. To replicate all servers, select + the check box in the header row. This displays the following icons: + + **![replicate_permissions](/img/product_docs/directorymanager/11.1/admincenter/entitlement/ad/replicate_permissions.webp)** + + Either click the **Replicate** icon or the **Replicate** button. + + This triggers the GroupID Entitlement schedule for the identity store, which computes and + replicates the effective NTFS permissions granted to directory objects on shared resources on + the server(s). This process may take some time. + + The **Last Replicated** column displays the date and time the GroupID Entitlement schedule last + ran. + +## Exclude a Server From Entitlement Management + +You can exclude a file server in the identity store from replication and entitlement management. + +**To exclude a file server:** + +1. In Admin Center, click **Identity Stores** in the left pane. +2. On the **Identity Stores** page, click the ellipsis button for an identity store and select + **Edit**. +3. Click **Entitlement** under **Settings** in the left pane. +4. On the **Entitlement** page, you can exclude one or more servers. + + - **To exclude a server:**In the **Included File Servers** area, click the ellipsis button for a + server and select **Add to Exclude Server List**. The server is moved to the **Excluded File + Servers** area. + - **To exclude multiple servers:** + + In the **Included File Servers** area, select the check boxes for the servers you do not + want to replicate. To exclude all servers, select the check box in the header row. This + displays the following icons: + + ![replicate_permissions](/img/product_docs/directorymanager/11.1/admincenter/entitlement/ad/replicate_permissions.webp) + + Click **Remove**. The servers are moved to the **Excluded File Servers** area. + +5. Click **Save**. + +## Restore a Server for Entitlement Management + +You can restore an excluded server in the identity store for replication and entitlement management. + +**To restore an excluded server:** + +1. In Admin Center, click **Identity Stores** in the left pane. +2. On the **Identity Stores** page, click the ellipsis button for an identity store and select + **Edit**. +3. Click **Entitlement** under **Settings** in the left pane. +4. On the **Entitlement** page, the **Excluded File Servers** area displays the file servers + excluded from replication. Click **Remove** for a server to move it to the **Included File + Servers** area. +5. Click **Save**. + +See Also + +- [Entitlement](/docs/directorymanager/11.1/signin/entitlement/overview.md) +- [Manage SharePoint Sites](/docs/directorymanager/11.1/signin/entitlement/manage_1.md) diff --git a/docs/directorymanager/11.1/signin/entitlement/manage_1.md b/docs/directorymanager/11.1/signin/entitlement/manage_1.md new file mode 100644 index 0000000000..115e2b9b84 --- /dev/null +++ b/docs/directorymanager/11.1/signin/entitlement/manage_1.md @@ -0,0 +1,272 @@ +--- +title: "Manage SharePoint Sites" +description: "Manage SharePoint Sites" +sidebar_position: 20 +--- + +# Manage SharePoint Sites + +An Entra ID user, who is: + +- logged-in to the Admin Center + +- a non-MFA user (i.e. multifactor authentication is not enabled for the user) + +An Entra ID user can add and configure SharePoint sites in an Entra ID identity store to replicate +their entitlement data to Elasticsearch for Directory Manager. The user can then manage permissions +on the sites and the document libraries in those sites using Directory Manager. + +The user can also manage certain settings for a site, such as change the service account for reading +and managing permissions and exclude a document library in a site from entitlement management. + +What do you want to do? + +- Specify SharePoint Sites for Entitlement Management +- Include Future Sites for Entitlement Management +- View the Document Libraries in a Site +- Exclude a Document Library from Replication +- Connect to a Site Using a Different Account +- Replicate Permissions Manually +- Exclude a Site from Entitlement Management +- Restore a Site for Entitlement Management + +## Specify SharePoint Sites for Entitlement Management + +Provide the SharePoint admin URL and credentials to connect to SharePoint. Directory Manager fetches +all the sites under it to replicate the permissions on document libraries there. + +Follow the steps to provide the SharePoint Admin URL. + +In Admin Center, click **Identity Stores** in the left pane. + +Step 1 – On the Identify Stores page, click the ellipsis button for an identity store and select +**Edit**. + +Step 2 – Click **Entitlement** under **Settings** in the left pane. The Entitlement page is +displayed. When no SharePoint site is defined, the page is blank. + +Step 3 – Click **Set up SharePoint Site** and then click **Configure New Site**. + +Step 4 – On the Configure New Site dialog box: + +- In the Site URLox, enter the **SharePoint admin URL** to fetch the sites. + +- In the User name and Password boxes, provide the credentials of a service account to connect to + the site for managing entitlements. +- In the Application ID box, provide the application ID assigned to the Directory Manager + application when you registered it in Microsoft Entra Admin Center. +- Click **Add Site**. + The URL of this site is displayed in the SharePoint Admin URL box on the Entitlement page. All + sites under it are displayed in the Included SharePoint sites area. + +Step 5 – Click **Save**. + +#### SharePoint Site Details + +The information displayed for a site in the Included SharePoint Sites area is the same as displayed +for a file server in an Active Directory identity store. Refer to the +[File Server Details ](/docs/directorymanager/11.1/signin/entitlement/manage.md#file-server-details) topic for more info. Though in this +case, the User namecolumn displays the username of the account used to connect to the site, and it +is not blank. + +#### Search SharePoint Sites + +Use the _Search Filters_ option in the Included SharePoint Sites area to search for a site in the +listing. The filters are the same as displayed for a file server in an Active Directory identity +store. Refer to the [Search File Servers ](/docs/directorymanager/11.1/signin/entitlement/manage.md#search-file-servers) topic for performing +a search. + +## Include Future Sites for Entitlement Management + +Follow the steps to include future sites for entitlement management. + +Step 1 – In Admin Center, click **Identity Stores** in the left pane. + +Step 2 – On the **Identity Stores** page, click the ellipsis button for an identity store and select +**Edit**. + +Step 3 – Click **Entitlement** under **Settings** in the left pane. + +Step 4 – On the **Entitlement** page, select the **Include all Future Sites** check box to ensure +that any new site created under the SharePoint admin URL is automatically fetched and displayed in +the **Included SharePoint Sites** area for permission replication. + +Step 5 – Click **Save**. + +## View the Document Libraries in a Site + +Follow the steps to view the document libraries in a site. + +Step 1 – In Admin Center, click **Identity Stores** in the left pane. + +Step 2 – On the Identify Stores page, click the ellipsis button for an identity store and select +**Edit**. + +Step 3 – Click **Entitlement** under Settings in the left pane. + +Step 4 – In the Included SharePoint Sites area on the **Entitlement** page, click the ellipsis +button for a site and select **Edit**. On the **Edit Site** dialog box: + +- The Site Libraries area displays the document libraries in the site. +- The name of the [GroupID Entitlement Schedule](/docs/directorymanager/11.1/signin/schedule/entitlement.md) that computes the + permissions on document libraries in the site and replicates them to Elasticsearch, is displayed + next to **Job**. + +## Exclude a Document Library from Replication + +By default, Directory Manager computes and replicates permissions on all document libraries in the +SharePoint sites that fall under the admin URL. You can exclude a document library in a site from +this activity. + +When a document library is excluded, its entitlement data replicated to-date is also cleared. + +Follow the steps to exclude a document library. + +Step 1 – In Admin Center, click **Identity Stores** in the left pane. + +Step 2 – On the Identify Stores page, click the ellipsis button for an identity store and select +**Edit**. + +Step 3 – Click **Entitlement** under Settings in the left pane. + +Step 4 – In the Included SharePoint Sites area on the **Entitlement** page, click the ellipsis +button for a site and select **Edit**. + +Step 5 – On the Edit Site dialog box, the **Site Libraries** area displays the document libraries in +the site. Clear the check box for a library to exclude it from replication and click **Apply +Changes**. + +Step 6 – Click **Save** on the Entitlement page. + +## Connect to a Site Using a Different Account + +Directory Manager connects to a site using the service account specified while configuring the +SharePoint admin URL for reading and managing the effective permissions assigned to objects on the +document libraries. You can designate a different account for this activity. + +Follow the steps to change the service account for a site. + +Step 1 – In Admin Center, click **Identity Stores** in the left pane. + +Step 2 – On the **Identity Stores** page, click the ellipsis button for an identity store and select +**Edit**. + +Step 3 – Click **Entitlement** under **Settings** in the left pane. + +Step 4 – In the **Included SharePoint Sites** area on the **Entitlement** page, click the ellipsis +button for a site and select **Edit**. + +Step 5 – On the **Edit Site** dialog box, you can change the service account used to connect to the +site for reading and updating permissions. The +[GroupID Entitlement Schedule](/docs/directorymanager/11.1/signin/schedule/entitlement.md), +[Entitlement Scope Schedule](/docs/directorymanager/11.1/signin/schedule/entitlementscope.md), and +[Entitlement Temporary Permissions Schedule](/docs/directorymanager/11.1/signin/schedule/entitlementtemporarypermissions.md) run +in the context of the account specified here. + +- The User name and Password boxes display the credentials of the account used to connect to the + site. You can connect using a different account by providing the credentials of that account. + + Or + +- Select the **Use Identity Store Service Account** check box to use the service account specified + for the identity store to connect to the site. + +The account must have elevated permissions to the Microsoft web applications that host the site in +order to read and manage the effective permissions on the document libraries in the site. +On changing the credentials, use the **Reconnect** button to test the connectivity and fetch the +document libraries again with the given credentials. + +Step 1 – Click **Apply Changes**. + +Step 2 – Click **Save** on the Entitlement page. + +## Replicate Permissions Manually + +After adding the SharePoint admin URL to manage entitlements for document libraries in the sites, it +is essential to replicate object permissions from the SharePoint server to Elasticsearch. + +The [GroupID Entitlement Schedule](/docs/directorymanager/11.1/signin/schedule/entitlement.md) runs on a set frequency to +replicate the effective permissions on document libraries in the sites. You can also run this +schedule any time manually for a site listed in the Included SharePoint sites area on the +Entitlementpage. + +Follow the steps to replicate permissions manually. + +Step 1 – In Admin Center, click **Identity Stores** in the left pane. + +Step 2 – On the Identity Stores page, click the ellipsis button for an identity store and select +**Edit**. + +Step 3 – Click **Entitlement** under **Settings** in the left pane. + +Step 4 – On the Entitlement page, you can manually replicate permissions for one or all sites. + +- To replicate permissions for a site – Select a site in the **Included SharePoint Sites** area and + click **Replicate**. +- To replicate permissions for multiple sites – Select the check boxes for the sites you want to + replicate. To replicate all sites, select the check box in the header row. This displays the + following icons: + + ![replicate_permissions](/img/product_docs/directorymanager/11.1/admincenter/entitlement/ad/replicate_permissions.webp) + + Either click the **Replicate** icon or the **Replicate** button. + +This triggers the GroupID Entitlement schedule for the identity store, which computes and replicates +the effective permissions granted to directory objects on document libraries in the site(s). This +process may take some time. +The Last Replicated column displays the date and time the GroupID Entitlement schedule last ran. + +## Exclude a Site from Entitlement Management + +You can exclude a SharePoint site from replication and entitlement management. + +Follow the steps to exclude a site or subsite. **To exclude a site or subsite:** + +Step 1 – In Admin Center, click **Identity Stores** in the left pane. + +Step 2 – On the **Identity Stores** page, click the ellipsis button for an identity store and select +**Edit**. + +Step 3 – Click **Entitlement** under **Settings** in the left pane. + +Step 4 – On the **Entitlement** page, you can exclude one or more sites. + +- **To exclude a site:** + + Click the ellipsis button for a site and select **Add to Exclude Site List**. The site is moved + to the **Excluded SharePoint Sites** area. + +- **To exclude multiple sites:** + + Select the check boxes for the sites you do not want to replicate. To exclude all sites, select + the check box in the header row. This displays the following icons: + + ![replicate_permissions](/img/product_docs/directorymanager/11.1/admincenter/entitlement/ad/replicate_permissions.webp) + + Click **Remove**. The sites are moved to the **Excluded SharePoint Sites** area. + +Step 5 – Click **Save**. + +## Restore a Site for Entitlement Management + +You can restore an excluded SharePoint site for replication and entitlement management. + +Follow the steps to restore an excluded site. + +Step 1 – In Admin Center, click **Identity Stores** in the left pane. + +Step 2 – On the Identify Stores page, click the ellipsis button for an identity store and select +**Edit**. + +Step 3 – Click **Entitlement** under Settings in the left pane. + +Step 4 – On the Entitlement page, the **Excluded SharePoint Sites** area displays the sites excluded +from replication. +Click **Remove** for a site to move it to the **Included SharePoint Sites** area. + +Step 5 – Click **Save**. + +See Also + +- [Entitlement](/docs/directorymanager/11.1/signin/entitlement/overview.md) +- [Manage File Servers](/docs/directorymanager/11.1/signin/entitlement/manage.md) diff --git a/docs/directorymanager/11.1/signin/entitlement/overview.md b/docs/directorymanager/11.1/signin/entitlement/overview.md new file mode 100644 index 0000000000..ce5f7b432c --- /dev/null +++ b/docs/directorymanager/11.1/signin/entitlement/overview.md @@ -0,0 +1,113 @@ +--- +title: "Entitlement" +description: "Entitlement" +sidebar_position: 70 +--- + +# Entitlement + +Directory Manager Entitlement enables you to stay informed on the permissions assigned to objects +residing on your Active Directory servers and SharePoint sites. + +## Entitlement for Active Directory + +With Entitlement, you can view and update the effective NTFS permissions assigned to a user or group +on shared files and folders, that reside on a file server in your environment. You can: + +- Select an object, such as a user or group, to view and update the permissions assigned to it on + shared files and folders residing on a server. +- Select a file or folder to view a list of objects that have been granted permissions to it. You + can also add and remove objects from the permissions list of the file or folder as well as update + the permissions. + +Entitlement types include: + +- Explicit permissions +- Inherited permissions from a folder + +To facilitate entitlement management for an Active Directory identity store in Directory Manager, do +the following: + +- Specify one or more file servers in identity store configurations. +- Compute the permissions assigned to directory objects on the shared files and folders on those + file server(s), and replicate those permissions to Elasticsearch. +- View and manage entitlements in the Entitlement section of the Directory Manager portal. + +See the [Manage File Servers](/docs/directorymanager/11.1/signin/entitlement/manage.md) topic for additional information. + +## Entitlement for SharePoint + +With Entitlement, you can view and manage the effective permissions for a user or group on document +libraries in a SharePoint site. You can: + +- Select an object, such as a user or group, to view and update the levels and permissions assigned + to it on document libraries in a site. +- Select a file or folder to view a list of objects that have been granted permissions to it. You + can also add and remove objects from the permissions list of the file or folder as well as update + the permissions. + +Permission types include: + +- Explicit permissions +- Inherited permissions from a document library + +To facilitate entitlement management for a Microsoft Entra ID identity store in Directory Manager, +do the following: + +- Specify the admin URL for SharePoint in identity store configurations to fetch the sites. +- Compute the permissions assigned to directory objects on the document libraries in those sites, + and replicate those permissions to Elasticsearch. +- View and manage entitlements in the Entitlement section of the Directory Manager portal. + +See the [Manage SharePoint Sites](/docs/directorymanager/11.1/signin/entitlement/manage_1.md) topic for additional information. + +## Perpetual Entitlements vs Temporary Entitlements + +Using Directory Manager, you can manage entitlements in the following ways: + +- **Assign and revoke permissions on a perpetual basis** - When a permission is assigned + perpetually, it continues to apply until you choose to revoke it. Similarly, when a permission is + revoked perpetually, it stays so until you choose to reapply it. +- **Assign and revoke permissions on a temporary basis** - A temporary permission is one with a + start and end date specified. In case of temporary assignment, Directory Manager auto assigns the + permission on the start date and revokes it on the end date. Similarly, for temporary removal, + Directory Manager revokes the permission on the start date and reassigns it on the end date. + +## Entitlement Schedules + +When you add the first server or site for entitlement management, the following three schedules are +automatically created in the identity store: + +- [GroupID Entitlement Schedule](/docs/directorymanager/11.1/signin/schedule/entitlement.md) - replicates object permissions on file + servers and SharePoint sites for an Active Directory and Microsoft Entra ID identity store + respectively. It performs a complete replication. +- [Entitlement Scope Schedule](/docs/directorymanager/11.1/signin/schedule/entitlementscope.md) - replicates changes made to object + permissions on file servers and SharePoint sites using Directory Manager. +- [Entitlement Temporary Permissions Schedule](/docs/directorymanager/11.1/signin/schedule/entitlementtemporarypermissions.md) - + updates the temporary permissions for objects on file servers and SharePoint sites. + +## What is Replication? + +When a file server/SharePoint site is added for entitlement management, an essential task is to +replicate object permissions from the file server or SharePoint site to the Elasticsearch +repository. The GroupID Entitlement schedule for an identity store performs this replication, which +involves the following: + +- Directory Manager first computes the effective NTFS permissions granted to directory objects on + shared files and folders at granular level. For SharePoint sites, it computes the permissions + granted to objects on document libraries. +- The Data service then replicates this data to Elasticsearch. + +The GroupID Entitlement schedule auto runs at a set frequency, but you can also run it manually for +a file server or SharePoint site. Directory Manager time stamps the last time permissions were +replicated. + +## Entitlement-related Permissions for Security Roles + +You can grant permissions to security roles in an identity store on the Entitlement section in the +Directory Manager portal. Based on these permissions, role members can performs different actions, +such as navigate file servers and SharePoint sites, grant permissions to objects on shared +resources, revoke permissions, and more. + +Entitlement-related permissions for a security role are discussed in the +[Entitlement](/docs/directorymanager/11.1/signin/securityrole/permissions.md#entitlement) topic. diff --git a/docs/directorymanager/11.1/signin/helpdesk/_category_.json b/docs/directorymanager/11.1/signin/helpdesk/_category_.json new file mode 100644 index 0000000000..0dc1363ec0 --- /dev/null +++ b/docs/directorymanager/11.1/signin/helpdesk/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Helpdesk", + "position": 100, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/directorymanager/11.1/signin/helpdesk/history.md b/docs/directorymanager/11.1/signin/helpdesk/history.md new file mode 100644 index 0000000000..b02348835c --- /dev/null +++ b/docs/directorymanager/11.1/signin/helpdesk/history.md @@ -0,0 +1,169 @@ +--- +title: "History in Helpdesk" +description: "History in Helpdesk" +sidebar_position: 20 +--- + +# History in Helpdesk + +Directory Manager tracks the following actions performed by end-users and helpdesk users in an +identity store and displays them as history to helpdesk users: + +- Unenroll account +- Sending of secure link for password reset by helpdesk +- Change Password +- Reset Password +- Unlock Account +- Link Account +- Unlink Account +- Enroll account +- Authenticate with password, authentication types, or any other medium + +History can be used for audit and analysis, such as how many users changed their passwords in the +last x days, reset their passwords using secure link, and more. It can also be used to verify the +identity of a user through the last action he or she performed. + +What do you want to do? + +- View History in Helpdesk + - Switch History Layouts +- Search History +- Export History to a File + +## View History in Helpdesk + +1. In Admin Center, click **Helpdesk** in the left pane. +2. On the **Helpdesk** page, click the **History** tab. + This tab displays the tracked history actions for all identity stores in Directory Manager. Use + the pagination options at the bottom of the listing to navigate through records. + + To search for specific records, see the Search History topic. + +### Switch History Layouts + +You can view history in two layouts: + +- **Basic view:** displays history in a friendly, descriptive manner. +- **Administrative view:** displays history in tabular form. + +In both layouts, click **Details** for an item to view more details. + +You can also export history to MS Excel, CSV, and XML formats. + +To Switch Layouts: + +- In the Basic view, click the **Switch to Administrative View** button to view history in + Administrative layout. +- In the Administrative view, the button changes to **Switch to Basic View**. Click it to view + history in Basic layout. + +#### View History in Basic Layout + +By default, the **History** tab of the **Helpdesk** page displays history in the Basic view, that +lists the tracked actions in meaningful sentences. + +Click **Details** for a history item to launch the **History Details** dialog box that displays the +following: + +- **Display name:** the user on whom the action was performed. +- **Identity store:** the identity store the action was performed in. +- **Action:** the action performed. +- **Authentication type:** the authentication type(s) used by the user to authenticate in order to + perform the action. For some actions performed by helpdesk, such as sending a secure link for + password reset, no authentication type is displayed. For other actions such as _unenroll_, the + authentication type for which the end user is unenrolled will be displayed. +- **Status:** whether the action was performed successfully or not. +- **Date/Time:** the date and time the action was performed. +- **Performed by:** the user who performed the action. +- **Client name:** the name of the Directory Manager client the action was performed from. +- **Helpdesk action:** whether the action was performed through helpdesk or not. +- **Machine name:** the name of the machine the action was performed from. +- **IP:** the IP address of the machine the action was performed from. +- **Browser:** the name of the browser used to perform the action. +- **Device type:** the device type used to perform the action, such as PC/laptop or mobile. + +Click **Close** to close the dialog box. + +#### View History in Administrative Layout + +The Administrative layout displays history in a table. On the **History** tab of the **Helpdesk** +page, click **Switch to Administrative View**. + +The following information is displayed for a record: + +- **Name:** The name of the user the action was performed on +- **Client Name:** the name of the Directory Manager client the action was performed from. +- **Identity Store:** The identity store the action was performed in +- **Action:** The action performed +- **Date:** The date and time the action was performed on + +Click **Details** for a history item to view its details on the **History Details** dialog box. See +the View History in Helpdesk topic for a discussion of the dialog box. + +Use the pagination options at the bottom of the listing to navigate through records. + +Sort the Listing + +History records on the **History** tab of the **Helpdesk** page are sorted in chronological order, +with the latest action at the top. + +You can sort the listing in the Administrative view by any column name in the header row. Click a +column name to sort the listing by that attribute. An arrow appears next to the column name. + +- The upward arrow head indicates that the list is sorted in ascending order. +- The downward arrow head indicates that the list is sorted in descending order. + +Click the arrow to change the order from ascending to descending and vice versa. + +## Search History + +You can search for history records in all the identity stores or specific identity stores. Simply +enter the name of a user to view all actions performed for it, be it by that same user or another +user, such as helpdesk. You can also create a filter based on multiple attributes to search for +specific records. + +To perform a search: + +1. In Admin Center, click **Helpdesk** in the left pane. +2. On the **Helpdesk** page, click the **History** tab. +3. On the **History** tab, the following search options are available: + + - **Identity Store list** - To get the history records for one or specific identity stores, + click in the **Identity Store** box and select the check boxes for the identity stores you + want to view the history for. + - **Search box to search for records specific to a user** - In the _Search_ box, enter a user’s + full name or part of a name and press _Enter_. Directory Manager displays all history actions + that are performed by or performed on the user. + - **Search filter** - Click **Filter**. On the **Filter(s)** dialog box, you can search the + history data using the available filters individually or in combination. + + - **Date Logged:** Specify a time period to view history data for. Click in the box and use + the calendar for selecting a date range. + - **Performed By:** Specify whether you want to view the actions performed by end users, + helpdesk users, or both. + - **Device Type:** Specify a device type (PC/laptop, mobile, or both) to view actions that + have been performed using that device type. + - **Status:** Specify whether you want to view successful actions, failed actions, or both + successful and failed actions + - **Action Type:** Select an action to view the history records for it. On selecting + _Enrollment_ or _Authenticate_, another drop-down list is displayed that lists the + authentication types. Select an option to view the enrollment or authentication actions + performed using that specific type. + + Click **Apply**. History records matching the given criteria are displayed. + +## Export History to a File + +1. In Admin Center, click **Helpdesk** in the left pane. +2. On the **Helpdesk** page, click the **History** tab. +3. On the **History** tab, you can export all history records in all identity stores to a file or + filter the listing to export specific records only. To narrow down records, see the Search + History topic. +4. Click **Export History** and select a file format in the list to export history data to. + The file is saved to the download location specified in your browser settings. + +**See Also** + +- [Dashboard](/docs/directorymanager/11.1/signin/concepts/dashboard.md) +- [Search Users](/docs/directorymanager/11.1/signin/helpdesk/operation/search.md) +- [History in Directory Manager](/docs/directorymanager/11.1/signin/concepts/history.md) diff --git a/docs/directorymanager/11.1/signin/helpdesk/operation/_category_.json b/docs/directorymanager/11.1/signin/helpdesk/operation/_category_.json new file mode 100644 index 0000000000..f04bd2df28 --- /dev/null +++ b/docs/directorymanager/11.1/signin/helpdesk/operation/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Helpdesk Operations", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/directorymanager/11.1/admincenter/helpdesk/operation/asktoenroll.md b/docs/directorymanager/11.1/signin/helpdesk/operation/asktoenroll.md similarity index 85% rename from docs/directorymanager/11.1/admincenter/helpdesk/operation/asktoenroll.md rename to docs/directorymanager/11.1/signin/helpdesk/operation/asktoenroll.md index 88e2bde7ad..9c45f1cbb1 100644 --- a/docs/directorymanager/11.1/admincenter/helpdesk/operation/asktoenroll.md +++ b/docs/directorymanager/11.1/signin/helpdesk/operation/asktoenroll.md @@ -1,3 +1,9 @@ +--- +title: "Notify Users to Enroll" +description: "Notify Users to Enroll" +sidebar_position: 50 +--- + # Notify Users to Enroll You can send email notifications to unenrolled users, directing them to enroll their identity store @@ -22,7 +28,7 @@ What do you want to do? - To send enrollment notifications to all users in all identity stores in Directory Manager, make sure _All_ is selected in the **Identity store** box. Then click **Notify All Users**. - To send the notification to specific recipients, search for the required users and click - **Notify All Users**. See the [Search Users](/docs/directorymanager/11.1/admincenter/helpdesk/operation/search.md) topic to perform a search. + **Notify All Users**. See the [Search Users](/docs/directorymanager/11.1/signin/helpdesk/operation/search.md) topic to perform a search. Notifications are sent to all users listed on the **Helpdesk Operations** tab, including those on other pages (use the navigation options at the bottom of the listing to view the pages). To @@ -44,5 +50,5 @@ What do you want to do? **See Also** -- [Helpdesk](/docs/directorymanager/11.1/admincenter/helpdesk/overview.md) -- [Helpdesk Operations](/docs/directorymanager/11.1/admincenter/helpdesk/operation/overview.md) +- [Helpdesk](/docs/directorymanager/11.1/signin/helpdesk/overview.md) +- [Helpdesk Operations](/docs/directorymanager/11.1/signin/helpdesk/operation/overview.md) diff --git a/docs/directorymanager/11.1/signin/helpdesk/operation/export.md b/docs/directorymanager/11.1/signin/helpdesk/operation/export.md new file mode 100644 index 0000000000..809b6f93cd --- /dev/null +++ b/docs/directorymanager/11.1/signin/helpdesk/operation/export.md @@ -0,0 +1,29 @@ +--- +title: "Export Users' List to a File" +description: "Export Users' List to a File" +sidebar_position: 40 +--- + +# Export Users' List to a File + +You can export users' information to an Excel, XML, or CSV file. + +What do you want to do? + +- Export Users + +## Export Users + +1. In Admin Center, click **Helpdesk** in the left pane. +2. The **Helpdesk** page opens to the **Helpdesk Operations** tab. You can export all users in all + identity stores to a file or filter the listing to export specific users only. To filter the + list, see the [Search Users](/docs/directorymanager/11.1/signin/helpdesk/operation/search.md) topic. +3. Select the check boxes for the users you want to export or click the check box in the header row + to select all users. Then click **Export**. +4. Select a file format in the list. The file is saved to the download location specified in your + browser settings. + +**See Also** + +- [Helpdesk](/docs/directorymanager/11.1/signin/helpdesk/overview.md) +- [Helpdesk Operations](/docs/directorymanager/11.1/signin/helpdesk/operation/overview.md) diff --git a/docs/directorymanager/11.1/signin/helpdesk/operation/overview.md b/docs/directorymanager/11.1/signin/helpdesk/operation/overview.md new file mode 100644 index 0000000000..8ee2ce464c --- /dev/null +++ b/docs/directorymanager/11.1/signin/helpdesk/operation/overview.md @@ -0,0 +1,16 @@ +--- +title: "Helpdesk Operations" +description: "Helpdesk Operations" +sidebar_position: 10 +--- + +# Helpdesk Operations + +Helpdesk users can perform the following actions in Admin Center: + +- [Reset Passwords](/docs/directorymanager/11.1/signin/helpdesk/operation/resetpassword.md) +- [Unlock Accounts](/docs/directorymanager/11.1/signin/helpdesk/operation/unlockaccount.md) +- [Notify Users to Enroll](/docs/directorymanager/11.1/signin/helpdesk/operation/asktoenroll.md) +- [Unenroll a User](/docs/directorymanager/11.1/signin/helpdesk/operation/unenroll.md) +- [Search Users](/docs/directorymanager/11.1/signin/helpdesk/operation/search.md) +- [Export Users' List to a File](/docs/directorymanager/11.1/signin/helpdesk/operation/export.md) diff --git a/docs/directorymanager/11.1/signin/helpdesk/operation/resetpassword.md b/docs/directorymanager/11.1/signin/helpdesk/operation/resetpassword.md new file mode 100644 index 0000000000..401db90019 --- /dev/null +++ b/docs/directorymanager/11.1/signin/helpdesk/operation/resetpassword.md @@ -0,0 +1,125 @@ +--- +title: "Reset Passwords" +description: "Reset Passwords" +sidebar_position: 10 +--- + +# Reset Passwords + +Admin Center provides a variety of options to helpdesk users for resetting passwords and then +communicating them to users. + +NOTE: You can reset passwords of unenrolled users if (a) the **Reset Any Password** permission has +been granted to your role and (b) the Helpdesk policy for your role is set to the unrestricted mode. + +Helpdesk users may have to authenticate end users before resetting their passwords. See the +[Helpdesk Policy ](/docs/directorymanager/11.1/signin/helpdesk/overview.md#helpdesk-policy) topic. + +What do you want to do? + +- Reset Passwords in Unrestricted Mode +- Reset Passwords in Restricted Mode + +## Reset Passwords in Unrestricted Mode + +1. In Admin Center, click **Helpdesk** in the left pane. +2. The **Helpdesk** page opens to the **Helpdesk Operations** tab. Locate your required user. To + search for a user, see the[Search Users](/docs/directorymanager/11.1/signin/helpdesk/operation/search.md) topic. +3. Click the ellipsis button for the user and select **Reset Password**. For enrolled users, the + **Reset Password** dialog box has two pages: **Authenticate** and **Reset**. Under the + unrestricted mode, you can skip the former and move to the **Reset** page. For unenrolled users, + only the **Reset** page is available. + Use the **History** button to view user history, i.e., the actions performed on the user and by + the user. This history is specific to helpdesk functions, as listed in the + [History in Helpdesk](/docs/directorymanager/11.1/signin/helpdesk/history.md) topic. +4. The **Reset** page displays the user name, the identity store where this user resides, the last + time the user changed his or her password, and the lock status of the account. In case the user + has linked his or her accounts that exist in different identity stores, this page displays all + linked accounts that require a password reset. + Select an account to reset its password. +5. Depending on the password reset method enforced for your role, you can reset the password and + communicate the new password to the user, or you can generate a secure link and send it to the + user for resetting the password. + + - The **New Password** tab is displayed if you are authorized to generate a new password and + send it to the user. + - The **Secure Link** tab is displayed if you are authorized to send a secure link to the user. + - Both tabs are displayed if you are authorized to choose any password reset method. + +6. On the **New Password** tab: + + - Enter a password of your choice in the **Password** box or click **Generate Password** to + generate a random password. + - Select the user's mobile number and/or email address in the **Select Mobile** and **Select + Email** boxes to send the new password to the user by SMS or email or both. + +7. On the **Secure Link** tab: + + - Select the user's mobile number and/or email address in the **Select Mobile** and **Select + Email** boxes to send the secure link to the user by SMS or email or both. The user must click + this link to reset his or her password. + +8. Click **Reset Password**. + +## Reset Passwords in Restricted Mode + +In the restricted mode, you will not be able to reset passwords for unenrolled users. Further, you +could be restricted to: + +- Reset passwords of enrolled users residing in a specific OU. +- Authenticate enrolled users through the multifactor authentication policy applicable to the user + before resetting their passwords. The Security Questions authentication type may be mandatory. + +See the [Helpdesk Policy](/docs/directorymanager/11.1/signin/securityrole/policy/helpdesk.md) topic. + +**To reset a password in restricted mode:** + +1. In Admin Center, click **Helpdesk** in the left pane. +2. The **Helpdesk** page opens to the **Helpdesk Operations** tab. Locate your required user. To + search for a user, see the[Search Users](/docs/directorymanager/11.1/signin/helpdesk/operation/search.md) topic. +3. Click the ellipsis button for the user and select **Reset Password**. The **Reset Password** + dialog box has two pages: **Authenticate** and **Reset**. + Use the **History** button to view user history, i.e., the actions performed on the user and by + the user. This history is specific to helpdesk functions, as listed in the + [History in Helpdesk](/docs/directorymanager/11.1/signin/helpdesk/history.md) topic. +4. The **Authenticate** page displays the authentication type(s) the user's account is enrolled + with. You could be restricted to authenticate the user according to the authentication policy + that applies to the user. + Click the plus sign for an authentication type to expand it. + + - **Security Question** + + 1. Get the answers to the questions from the user and enter them in the answer boxes. + 2. Click **Verify** for each answer to verify it. + + - **Mobile** + + 1. The mobile number with which the user’s account is enrolled is displayed in the box. + Click **Send Code** to send an access code to the user’s mobile number. + 2. Get this access code from the user and enter it in the box. + 3. Click **Verify**. + + - **Email** + + 1. The email address with which the user's account is enrolled is displayed in the box. + Click **Send Code** to send an access code to the user’s email address. + 2. Get this access code from the user and enter it in the box. + 3. Click **Verify**. + + - **Authenticator** + + 1. Get a valid access code from the user, as displayed to him or her in the Authenticator + app and enter it in the box. + 2. Click **Verify**. + + NOTE: Helpdesk cannot authenticate users with the Link Account, YubiKey, and Windows Hello + authentication types. + +5. Click **Next**. +6. On the **Reset** page, you can reset the password. Follow step 4 and onwards in the Reset + Passwords in Unrestricted Mode topic for details. + +**See Also** + +- [Helpdesk](/docs/directorymanager/11.1/signin/helpdesk/overview.md) +- [Helpdesk Operations](/docs/directorymanager/11.1/signin/helpdesk/operation/overview.md) diff --git a/docs/directorymanager/11.1/signin/helpdesk/operation/search.md b/docs/directorymanager/11.1/signin/helpdesk/operation/search.md new file mode 100644 index 0000000000..9755168028 --- /dev/null +++ b/docs/directorymanager/11.1/signin/helpdesk/operation/search.md @@ -0,0 +1,64 @@ +--- +title: "Search Users" +description: "Search Users" +sidebar_position: 30 +--- + +# Search Users + +Helpdesk users can search for users in specific identity store(s) or all identity stores defined in +Directory Manager. A search filter is also available to help you narrow down your search results. + +What do you want to do? + +- Perform a Search + +## Perform a Search + +1. In Admin Center, click **Helpdesk** in the left pane. +2. The **Helpdesk** page opens to the **Helpdesk Operations** tab. It lists all users from all + identity stores in Directory Manager (notice that _All_ is displayed in the **Identity store** + box). +3. Use the following options to filter users: + + - **Identity store box** - To get users from one or specific identity stores, click in the + **Identity store** box and select the check boxes for the identity stores you want to fetch + users from. + - **Search Users box** - Enter a search text and press _Enter_. Users with the first names, last + names, or email addresses matching the text are filtered and displayed. + - **Search filter** - You can also search users based on enrollment. Click **Filter(s)**. The + **Filter(s)** dialog box is displayed with the following options: + + - **Enrolled with:** click in the box and select the authentication type(s) to restrict + search to users enrolled with any of those authentication types. + - **Not Enrolled with:** click in the box and select the authentication type(s) to restrict + search to users not enrolled with any of those authentication types. + - Click **Apply**. Users matching the given criteria get listed. + +#### View Users' Information + +For a user, the following information is displayed: + +- **Name:** the display name of the user. +- **Store:** the name of the identity store and the domain the user resides in. +- **Is Locked:** displays whether the user account is locked or not. +- **Password Expires On:** the date when the user account password will expire. If the password is + set to _Never Expire_, then _Never Expires_ is displayed here. +- **Last Password Set:** the time since the user last changed their password, for example, 'one year + ago'. For users who never changed their passwords, _Never_ is displayed. +- **Enrolled With:** the authentication types used to enroll the account in the identity store. For + users who have not enrolled their accounts, _Not Enrolled_ is displayed. + +Use the pagination options at the bottom of the listing to navigate through records. + +Click the ellipsis button for a user to perform any of these actions: + +- Reset password +- Unlock account +- Send enrollment reminder +- Unenroll account + +**See Also** + +- [Helpdesk](/docs/directorymanager/11.1/signin/helpdesk/overview.md) +- [Helpdesk Operations](/docs/directorymanager/11.1/signin/helpdesk/operation/overview.md) diff --git a/docs/directorymanager/11.1/admincenter/helpdesk/operation/unenroll.md b/docs/directorymanager/11.1/signin/helpdesk/operation/unenroll.md similarity index 79% rename from docs/directorymanager/11.1/admincenter/helpdesk/operation/unenroll.md rename to docs/directorymanager/11.1/signin/helpdesk/operation/unenroll.md index 2cb0812c6f..f070407685 100644 --- a/docs/directorymanager/11.1/admincenter/helpdesk/operation/unenroll.md +++ b/docs/directorymanager/11.1/signin/helpdesk/operation/unenroll.md @@ -1,3 +1,9 @@ +--- +title: "Unenroll a User" +description: "Unenroll a User" +sidebar_position: 60 +--- + # Unenroll a User Users are enrolled in an identity store using one or more authentication types. You can unenroll a @@ -15,7 +21,7 @@ What do you want to do? 1. In Admin Center, click **Helpdesk** in the left pane. 2. The **Helpdesk** page opens to the **Helpdesk Operations** tab. Locate your required user. To - search for a user, see the[Search Users](/docs/directorymanager/11.1/admincenter/helpdesk/operation/search.md) topic. + search for a user, see the[Search Users](/docs/directorymanager/11.1/signin/helpdesk/operation/search.md) topic. 3. Click the ellipsis button for the user and select **Unenroll Account**. The **Unenroll Account** dialog box displays the authentication types the user account is enrolled with. @@ -24,5 +30,5 @@ What do you want to do? **See Also** -- [Helpdesk](/docs/directorymanager/11.1/admincenter/helpdesk/overview.md) -- [Helpdesk Operations](/docs/directorymanager/11.1/admincenter/helpdesk/operation/overview.md) +- [Helpdesk](/docs/directorymanager/11.1/signin/helpdesk/overview.md) +- [Helpdesk Operations](/docs/directorymanager/11.1/signin/helpdesk/operation/overview.md) diff --git a/docs/directorymanager/11.1/signin/helpdesk/operation/unlockaccount.md b/docs/directorymanager/11.1/signin/helpdesk/operation/unlockaccount.md new file mode 100644 index 0000000000..c352ca4376 --- /dev/null +++ b/docs/directorymanager/11.1/signin/helpdesk/operation/unlockaccount.md @@ -0,0 +1,67 @@ +--- +title: "Unlock Accounts" +description: "Unlock Accounts" +sidebar_position: 20 +--- + +# Unlock Accounts + +Administrators can enforce an account lockout policy for a domain that locks a user account after a +certain number of failed login attempts. This secures a machine from unauthorized access. However, +legitimate users may also get locked out; typically because of a typo or they could not recall their +password correctly. + +In such a situation as this, helpdesk users can unlock user accounts in an identity store. + +Helpdesk may have to authenticate users before unlocking their accounts. See the +[Helpdesk Policy ](/docs/directorymanager/11.1/signin/helpdesk/overview.md#helpdesk-policy) topic. + +NOTE: You can unlock the account of unenrolled users if (a) the **Unlock Any Account** permission +has been granted to your role and (b) the Helpdesk policy for your role is set to the unrestricted +mode. + +## Unlock User Accounts in Unrestricted Mode + +Step 1 – In Admin Center, click **Helpdesk** in the left pane. + +Step 2 – The Helpdesk page opens to the Helpdesk Operations tab. Locate your required user. To +search for a user, see the[Search Users](/docs/directorymanager/11.1/signin/helpdesk/operation/search.md) topic. + +Step 3 – Click the ellipsis button for the user and select **Unlock Account**. For enrolled users, +the Unlock Account dialog box has two pages: Authenticate and Unlock. Under the unrestricted mode, +you can skip the former and move to the **Unlock** page. For unenrolled users, only the Unlock page +is available. +Use the **History** button to view user history, i.e., the actions performed on the user and by the +user. This history is specific to helpdesk functions, as listed in the +[History in Helpdesk](/docs/directorymanager/11.1/signin/helpdesk/history.md) topic. + +Step 4 – The Unlock page displays the user name, the identity store where this user resides, the +last time the user changed his or her password, and the lock status of the account. In case the user +has linked his or her accounts that exist in different identity stores, this page displays all +linked accounts that are locked. +To unlock an account, select the check box for it and click **Unlock**. + +## Unlock User Accounts in Restricted Mode + +Step 1 – In Admin Center, click **Helpdesk** in the left pane. + +Step 2 – The Helpdesk page opens to the Helpdesk Operations tab. Locate your required user. To +search for a user, see the[Search Users](/docs/directorymanager/11.1/signin/helpdesk/operation/search.md) topic. + +Step 3 – Click the ellipsis button for the user and select **Unlock Account**. The Unlock Account +dialog box has two pages: Authenticate and Unlock. +Use the **History** button to view user history, i.e., the actions performed on the user and by the +user. This history is specific to helpdesk functions, as listed in the +[History in Helpdesk](/docs/directorymanager/11.1/signin/helpdesk/history.md) topic. + +Step 4 – The Authenticate page displays the authentication type(s) the user's account is enrolled +with. to authenticate the user, follow step 4 in the +[Reset Passwords in Restricted Mode](resetpassword.md#reset-passwords-in-restricted-mode) topic. + +Step 5 – After authenticating the user, click **Next**. + +Step 6 – The Unlock page displays the user name, the identity store where this user resides, the +last time the user changed his or her password, and the lock status of the account. In case the user +has linked his or her accounts that exist in different identity stores, this page displays all +linked accounts that are locked. +To unlock an account, select the check box for it and click **Unlock**. diff --git a/docs/directorymanager/11.1/signin/helpdesk/overview.md b/docs/directorymanager/11.1/signin/helpdesk/overview.md new file mode 100644 index 0000000000..554e130a3b --- /dev/null +++ b/docs/directorymanager/11.1/signin/helpdesk/overview.md @@ -0,0 +1,76 @@ +--- +title: "Helpdesk" +description: "Helpdesk" +sidebar_position: 100 +--- + +# Helpdesk + +The Admin Center Helpdesk section enables administrators and helpdesk users to perform +helpdesk-specific tasks, such as: + +- Unlock user accounts and reset passwords on behalf of users in an identity store. +- Notify users to enroll their accounts. +- Unenroll user accounts from identity stores. +- View users' activities, such as enrollment, authentication, account unlock, and password-related + functions. Toast notifications and history tracking are also enabled for these actions. See the + [Helpdesk Operations](/docs/directorymanager/11.1/signin/helpdesk/operation/overview.md) topic for additional information. + +NOTE: The Admin Center for helpdesk role is available in Helpdesk mode only. By default, only the +Helpdesk node of Admin Center is visible to the Helpdesk role members. The administrator can also +restrict access of a security role by selecting the Helpdesk Role check box on the Security Role +page. See the [Create a Security Role](/docs/directorymanager/11.1/signin/securityrole/create.md) topic for additional information. + +## Helpdesk Permissions + +A security role must have the following permissions in an identity store to perform +helpdesk-specific functions: + +- Reset Any Password +- Unlock Any Account +- Unenroll + +See [Password Management](/docs/directorymanager/11.1/signin/securityrole/permissions.md#password-management) in the +[Security Role – Permissions](/docs/directorymanager/11.1/signin/securityrole/permissions.md) topic. + +## Helpdesk Policy + +The administrator can define a Helpdesk policy for a user role in an identity store. This policy +mainly defines whether helpdesk role members should operate under the restricted or unrestricted +mode to perform the account unlock and reset password functions. + +NOTE: In unrestricted mode, helpdesk can unlock accounts and reset passwords of both enrolled and +unenrolled users. In restricted mode, helpdesk can perform these functions for enrolled users only. + +See the [Helpdesk Policy](/docs/directorymanager/11.1/signin/securityrole/policy/helpdesk.md) topic. + +## Helpdesk Analytics + +The dashboard in Admin Center offers insightful information to the administrator and helpdesk on +users' activities (such as enrollment, account unlock, and password reset) in an identity store. + +The dashboard displays the following helpdesk-specific cards: + +- [Enrollment Summary](/docs/directorymanager/11.1/signin/concepts/dashboard.md#enrollment-summary): displays the number of enrolled + users in an identity store. +- [Auth Summary](/docs/directorymanager/11.1/signin/concepts/dashboard.md#auth-summary): displays information about failed and + successful authentication attempts for each authentication type. +- [Activity Summary](/docs/directorymanager/11.1/signin/concepts/dashboard.md#activity-summary): displays a summary of users' + activities related to password change, password reset, account unlock, and enrollment. + +## Desktop Notifications + +You can enable desktop notification for Directory Manager in browser settings. In this way, a user +signed into Admin Center on the respective machine will receive desktop notifications when an +end-user performs any of the following actions in the Directory Manager portal: + +- Resets account password +- Changes account Password +- Unlocks Account +- Links Account +- Unlinks Account +- Enrolls account +- Authenticates with password, authentication types, or any other medium + +These actions are also logged in helpdesk history. See the [History in Helpdesk](/docs/directorymanager/11.1/signin/helpdesk/history.md) topic +for additional information. diff --git a/docs/directorymanager/11.1/signin/identitystore/_category_.json b/docs/directorymanager/11.1/signin/identitystore/_category_.json new file mode 100644 index 0000000000..d9fe547083 --- /dev/null +++ b/docs/directorymanager/11.1/signin/identitystore/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Identity Stores", + "position": 30, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/directorymanager/11.1/admincenter/identitystore/advsentraid.md b/docs/directorymanager/11.1/signin/identitystore/advsentraid.md similarity index 93% rename from docs/directorymanager/11.1/admincenter/identitystore/advsentraid.md rename to docs/directorymanager/11.1/signin/identitystore/advsentraid.md index 788f12f04e..0e5f7e5f49 100644 --- a/docs/directorymanager/11.1/admincenter/identitystore/advsentraid.md +++ b/docs/directorymanager/11.1/signin/identitystore/advsentraid.md @@ -1,3 +1,9 @@ +--- +title: "Microsoft Entra ID vs. Active Directory Identity Stores" +description: "Microsoft Entra ID vs. Active Directory Identity Stores" +sidebar_position: 40 +--- + # Microsoft Entra ID vs. Active Directory Identity Stores This topic discusses the differences between an Active Directory and Microsoft Entra ID identity @@ -7,7 +13,7 @@ store in Directory Manager. Microsoft Entra ID offers limited options to define a default expiry policy for groups whereas Directory Manager provides a comprehensive Group Life Cycle policy. See the -[Manage Group Lifecycle Settings](/docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/grouplifecycle.md) topic. +[Manage Group Lifecycle Settings](/docs/directorymanager/11.1/signin/identitystore/configure/grouplifecycle.md) topic. Since these policies are not integrated; you should either useMicrosoft Entra ID’s or Directory Manager’s expiration policy settings for groups in an Microsoft Entra ID identity store. @@ -23,7 +29,7 @@ policy in Directory Manager. As a result: To use the same prefixes for group names as are defined in Microsoft Entra Admin Center, the administrator should define the same prefixes in Directory Manager. See the -[Group Name Prefixes](/docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/prefixes.md) topic. +[Group Name Prefixes](/docs/directorymanager/11.1/signin/identitystore/configure/prefixes.md) topic. ## Dynamic Groups in Microsoft Entra ID @@ -73,7 +79,7 @@ discretion. - The nesting option in the _Out of Bounds_ settings for an identity store will empty the membership of a Smart Group of the Office 365 type, because nested groups cannot be added as group members. See the - [Manage Group Membership Settings](/docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/outofbounds.md)topic. + [Manage Group Membership Settings](/docs/directorymanager/11.1/signin/identitystore/configure/outofbounds.md)topic. - A Dynasty cannot be created as an Office 365 group. - You can create and manage distribution groups. diff --git a/docs/directorymanager/11.1/signin/identitystore/configure/_category_.json b/docs/directorymanager/11.1/signin/identitystore/configure/_category_.json new file mode 100644 index 0000000000..f1d2b6b454 --- /dev/null +++ b/docs/directorymanager/11.1/signin/identitystore/configure/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Configure an Identity Store", + "position": 50, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "configure" + } +} \ No newline at end of file diff --git a/docs/directorymanager/11.1/admincenter/identitystore/configure/authtypes.md b/docs/directorymanager/11.1/signin/identitystore/configure/authtypes.md similarity index 85% rename from docs/directorymanager/11.1/admincenter/identitystore/configure/authtypes.md rename to docs/directorymanager/11.1/signin/identitystore/configure/authtypes.md index 4a1349976e..bf1fac80f8 100644 --- a/docs/directorymanager/11.1/admincenter/identitystore/configure/authtypes.md +++ b/docs/directorymanager/11.1/signin/identitystore/configure/authtypes.md @@ -1,3 +1,9 @@ +--- +title: "Enable Authentication Types" +description: "Enable Authentication Types" +sidebar_position: 20 +--- + # Enable Authentication Types You must enable authentication types for an identity store to allow users to use them for second @@ -46,7 +52,7 @@ will prevent them from using Directory Manager. **See Also** -- [Authentication Policy](/docs/directorymanager/11.1/admincenter/identitystore/configure/authpolicy.md) -- [Configure Second Factor Authentication](/docs/directorymanager/11.1/admincenter/setupauth/sfa.md) -- [Configure Multifactor Authentication](/docs/directorymanager/11.1/admincenter/setupauth/mfa.md) -- [Set Up Authentication Types](/docs/directorymanager/11.1/admincenter/setupauth/overview.md) +- [Authentication Policy](/docs/directorymanager/11.1/signin/authpolicy/authpolicy.md) +- [Configure Second Factor Authentication](/docs/directorymanager/11.1/signin/authpolicy/sfa.md) +- [Configure Multifactor Authentication](/docs/directorymanager/11.1/signin/authpolicy/mfa.md) +- [Set Up Authentication Types](/docs/directorymanager/11.1/signin/authpolicy/setupauth/overview.md) diff --git a/docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/circularreference.md b/docs/directorymanager/11.1/signin/identitystore/configure/circularreference.md similarity index 95% rename from docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/circularreference.md rename to docs/directorymanager/11.1/signin/identitystore/configure/circularreference.md index 09a5e3c44d..af8554eadb 100644 --- a/docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/circularreference.md +++ b/docs/directorymanager/11.1/signin/identitystore/configure/circularreference.md @@ -1,3 +1,9 @@ +--- +title: "Manage Circular Reference" +description: "Manage Circular Reference" +sidebar_position: 120 +--- + # Manage Circular Reference By default, Directory Manager checks for circular reference and does not allow it when users update diff --git a/docs/directorymanager/11.1/signin/identitystore/configure/configure.md b/docs/directorymanager/11.1/signin/identitystore/configure/configure.md new file mode 100644 index 0000000000..6bda93c2cc --- /dev/null +++ b/docs/directorymanager/11.1/signin/identitystore/configure/configure.md @@ -0,0 +1,101 @@ +--- +title: "Configure an Identity Store" +description: "Configure an Identity Store" +sidebar_position: 50 +--- + +# Configure an Identity Store + +Various configurations can be defined for an identity store. + +**To manage configurations:** + +1. In Admin Center, click **Identity Stores** in the left pane. +2. On the **Identity Stores** page, click the ellipsis button for an identity store and select + **Edit**. +3. You can configure the following for an identity store: + + - Identity Store-specific Configurations + - Security Roles + - Replication Settings + - Identity Store History + - Workflows + - Entitlements + - Schedules + +## Identity Store-specific Configurations + +The following configurations have to be defined for an identity store: + +- An SMTP server for sending email notifications. See the + [Configure an SMTP Server](/docs/directorymanager/11.1/signin/identitystore/configure/smtpserver.md) topic. +- Authentication types and policies. See the [Authentication Policy](/docs/directorymanager/11.1/signin/authpolicy/authpolicy.md) topic. +- A group life cycle policy that controls the expiry and deletion of groups in the identity store. + See the [Manage Group Lifecycle Settings](/docs/directorymanager/11.1/signin/identitystore/configure/grouplifecycle.md) topic. +- Membership life cycle policies for static groups. See the + [Manage Membership Life Cycle Policies](/docs/directorymanager/11.1/signin/identitystore/configure/membershiplifecycle.md) topic. +- Inheritance settings for Dynasties. See the + [Manage Dynasty Settings](/docs/directorymanager/11.1/signin/identitystore/configure/dynastysettings.md) topic. +- Group update and membership settings. See the + [Manage Group Membership Settings](/docs/directorymanager/11.1/signin/identitystore/configure/outofbounds.md) topic. +- Group name prefixes, which are used to append group names. See the + [Group Name Prefixes](/docs/directorymanager/11.1/signin/identitystore/configure/prefixes.md) topic. +- Settings for history tracking. See the + [Configure History Tracking](/docs/directorymanager/11.1/signin/identitystore/configure/historytracking.md) topic. +- A messaging provider so that mail-enabled objects can be created in the identity store. See the + [Configure a Messaging Provider](/docs/directorymanager/11.1/signin/identitystore/configure/messagingprovider.md) topic. +- Profile validation settings to ensure the accuracy of users’ information in the directory. See the + [Configure User Profile Validation](/docs/directorymanager/11.1/signin/identitystore/configure/profilevalidation.md) topic. +- Circular reference settings for object update. See the + [Manage Circular Reference ](/docs/directorymanager/11.1/signin/identitystore/configure/circularreference.md)topic. +- Password restrictions and rules for setting identity store passwords. See the + [Configure Password Options](/docs/directorymanager/11.1/signin/identitystore/configure/passwordoptions.md) topic. + +## Security Roles + +An identity store has security roles defined for it, and only role members can access Directory +Manager. See the [Security Roles](/docs/directorymanager/11.1/signin/securityrole/overview.md) topic. + +You can specify the following configurations for a role: + +- Assign permissions on different Directory Manager functions. See the + [Security Role – Permissions](/docs/directorymanager/11.1/signin/securityrole/permissions.md) topic. +- Specify policies for roles. See the [Security Role Policies](/docs/directorymanager/11.1/signin/securityrole/policy/overview.md) + topic. + +## Replication Settings + +The Replication service is responsible for replicating objects that are created or modified directly +on the directory server, to the Elasticsearch repository. You can specify the attributes for the +Replication Service to replicate from the provider to the Elasticsearch repository. + +See the [Manage Local Replication Settings](/docs/directorymanager/11.1/signin/identitystore/replication.md) topic for details. + +## Identity Store History + +You can view the changes made to an identity store’s configurations, workflows, and security roles +in an identity store. See the [Identity Store History](/docs/directorymanager/11.1/signin/identitystore/view/view.md) topic. + +## Workflows + +Workflows are a built-in auditing system to ensure that changes made to directory objects are +approved by an authorized user before they are committed to the directory. + +You can define different workflows for an identity store. For example, you can define a workflow +that triggers when a user creates a group in the directory using Directory Manager. See the +[Workflows](/docs/directorymanager/11.1/signin/workflow/overview.md) topic for details. + +## Entitlements + +Specify file servers in Active Directory and SharePoint sites to view and update the permissions +assigned to objects on shared resources. See the [Entitlement](/docs/directorymanager/11.1/signin/entitlement/overview.md) topic. + +## Schedules + +Define schedules to auto execute different Directory Manager functions, such as group expiry and +deletion, Smart Group membership update, temporary additional manager assignment to users, and more. +See the [Schedules](/docs/directorymanager/11.1/signin/schedule/overview.md) topic. + +**See Also** + +- [Manage an Identity Store](/docs/directorymanager/11.1/signin/identitystore/manage.md) diff --git a/docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/dynastysettings.md b/docs/directorymanager/11.1/signin/identitystore/configure/dynastysettings.md similarity index 95% rename from docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/dynastysettings.md rename to docs/directorymanager/11.1/signin/identitystore/configure/dynastysettings.md index 253febc084..26f20516d0 100644 --- a/docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/dynastysettings.md +++ b/docs/directorymanager/11.1/signin/identitystore/configure/dynastysettings.md @@ -1,3 +1,9 @@ +--- +title: "Manage Dynasty Settings" +description: "Manage Dynasty Settings" +sidebar_position: 60 +--- + # Manage Dynasty Settings A Dynasty is a Smart Group that creates and manages other Smart Groups using information in the @@ -6,7 +12,7 @@ their respective parent Dynasties. A Dynasty retrieves data from the directory on the same pattern as a Smart Group does, but it has its own mechanism of dividing the query results into child groups. To learn more about Dynasties, -see the [Dynasties](/docs/directorymanager/11.1/admincenter/general/concepts.md#dynasties) topic. +see the [Dynasties](/docs/directorymanager/11.1/signin/concepts/concepts.md#dynasties) topic. You can control how Directory Manager processes Dynasties through the following settings: @@ -24,7 +30,7 @@ The Directory Manager portal provides two methods to update Smart Groups and Dyn - Manual update - You can manually execute the query for a Dynasty and Smart Group any time. - Scheduled update - Scheduled updates, powered by a Smart Group Update schedule, auto run at a specified frequency to update the target groups and Dynasties. See the - [Smart Group Update Schedule](/docs/directorymanager/11.1/admincenter/schedule/smartgroupupdate.md) topic. + [Smart Group Update Schedule](/docs/directorymanager/11.1/signin/schedule/smartgroupupdate.md) topic. **What happens on Dynasty update?** diff --git a/docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/groupexpirydeletion.md b/docs/directorymanager/11.1/signin/identitystore/configure/groupexpirydeletion.md similarity index 91% rename from docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/groupexpirydeletion.md rename to docs/directorymanager/11.1/signin/identitystore/configure/groupexpirydeletion.md index b21727f7ca..a3f53ddb26 100644 --- a/docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/groupexpirydeletion.md +++ b/docs/directorymanager/11.1/signin/identitystore/configure/groupexpirydeletion.md @@ -1,3 +1,9 @@ +--- +title: "Group Expiry and Deletion" +description: "Group Expiry and Deletion" +sidebar_position: 40 +--- + # Group Expiry and Deletion Using Directory Manager, you can expire and delete groups in two ways: @@ -105,10 +111,10 @@ deleted. When the Group Life Cycle schedule deletes a group, it notifies the group owners or, if there is no owner, the default approver. The job does not delete a group that neither has an owner nor a default approver. See the -[Specify a Default Approver](/docs/directorymanager/11.1/admincenter/workflow/advancedsettings.md#specify-a-default-approver) +[Specify a Default Approver](/docs/directorymanager/11.1/signin/workflow/advancedsettings.md#specify-a-default-approver) topic. **See Also** -- [Manage Group Lifecycle Settings](/docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/grouplifecycle.md) -- [Group Life Cycle Schedule](/docs/directorymanager/11.1/admincenter/schedule/grouplifecycle.md)[Specify a Default Approver](/docs/directorymanager/11.1/admincenter/workflow/advancedsettings.md#specify-a-default-approver) +- [Manage Group Lifecycle Settings](/docs/directorymanager/11.1/signin/identitystore/configure/grouplifecycle.md) +- [Group Life Cycle Schedule](/docs/directorymanager/11.1/signin/schedule/grouplifecycle.md)[Specify a Default Approver](/docs/directorymanager/11.1/signin/workflow/advancedsettings.md#specify-a-default-approver) diff --git a/docs/directorymanager/11.1/signin/identitystore/configure/grouplifecycle.md b/docs/directorymanager/11.1/signin/identitystore/configure/grouplifecycle.md new file mode 100644 index 0000000000..2bc29817b6 --- /dev/null +++ b/docs/directorymanager/11.1/signin/identitystore/configure/grouplifecycle.md @@ -0,0 +1,298 @@ +--- +title: "Manage Group Lifecycle Settings" +description: "Manage Group Lifecycle Settings" +sidebar_position: 30 +--- + +# Manage Group Lifecycle Settings + +Directory Manager can effectively manage group life cycle through all stages, from creation to +deletion. It enables you to define the following setting to control the group life cycle in an +identity store: + +- A default expiry policy for groups +- Exclude groups from expiration and deletion +- Prevent the expiry of security groups +- Wait period for deleting expired groups +- Group usage life cycle +- Group attestation +- Notifications for expiring groups + +Of these, only the first setting, i.e., the group expiry policy, can be changed for individual +groups. All other settings apply to all groups in the identity store and cannot be changed for +individual groups. + +The Group Life Cycle schedule defined for the identity store is responsible for applying the group +life cycle settings to groups. This schedule runs on containers you specify as its targets, to +process the groups that reside therein. Groups that reside outside of the target containers will not +be processed by the schedule; hence, the group life cycle policy is not applied to them. See the +[Group Life Cycle Schedule](/docs/directorymanager/11.1/signin/schedule/grouplifecycle.md) topic. + +NOTE: Before you specify a group life cycle policy for a Microsoft Entra ID identity store, see the +[Group Expiration Policy](/docs/directorymanager/11.1/signin/identitystore/advsentraid.md#group-expiration-policy) section in the +[Microsoft Entra ID vs. Active Directory Identity Stores](/docs/directorymanager/11.1/signin/identitystore/advsentraid.md) topic. + +What do you want to do? + +- Set a Default Expiry Policy for Groups +- Apply Policy on Specific Containers +- Exempt Security Groups from Expiry +- Auto Delete Expired Groups +- Enable Group Usage Lifecycle +- Enable Group Attestation +- Set Group Expiry Notifications + +## Set a Default Expiry Policy for Groups + +The expiry policy specifies the period for which a group remains active. When the period ends, the +group expires. + +When a group is created, it inherits the default expiry policy, but you can change it for individual +groups. The Group Life Cycle schedule executes the Group Lifecycle policy as defined for the +identity store, but monitors group expiry dates as determined by each group’s expiry policy. This +job expires groups according to their respective expiry policy. + +**To set a default expiry policy:** + +1. In Admin Center, click **Identity Stores** in the left pane. +2. On the **Identity Stores** page, click the ellipsis button for an identity store and select + **Edit**. +3. Click **Configurations** under **Settings** in the left pane. Then click **Group Lifecycle**. +4. In the **Default Expiration Policy** drop-down list on the **Group Lifecycle** page, select an + expiration criterion that you want to set as default. Options are: + + - Never Expire + - Expire Every 30 Days + - Expire Every 60 Days + - Expire Every 90 Days + - Expire Every 120 Days + - Expire Every 6 Months + - Expire Every Year + - Other: On selecting this, two boxes are displayed. Select a unit of time (years, months, days) + from the second list and specify a number in the first box to set a custom period for group + expiration. + +5. Click **Save**. + +## Apply Policy on Specific Containers + +By default, the Group Life Cycle schedule evaluates all groups that reside in the container(s) +specified as its targets, and processes them according to the group lifecycle policy. However, you +can exempt containers from the Group Life Cycle schedule, so that it does not process the groups in +those containers. + +**To limit the policy to specific containers:** + +1. In Admin Center, click **Identity Stores** in the left pane. +2. On the **Identity Stores** page, click the ellipsis button for an identity store and select + **Edit**. +3. Click **Configurations** under **Settings** in the left pane. Then click **Group Lifecycle**. +4. On the **Group Lifecycle** page, select one of the following options: + + - **Do not apply policy on following containers** + + 1. Select this option and click **Add/Modify Container(s)**. + 2. On the **Add Container(s)** dialog box, select the containers you want to exempt from the + Group Lifecycle policy settings and click **Add**. The selected containers are displayed + in the **Container(s)** area. The Group Life Cycle schedule will not process the groups + in these containers even when they are set as its targets. + + - **Apply policy only on following containers** + + 1. Select this option and click **Add/Modify Container(s)**. + 2. In the **Add Container(s)** dialog box, select the container(s) you want to apply the + Group Lifecycle policy to, and click **Add**. The selected containers are displayed in + the **Container(s)** area. The Group Life Cycle schedule will only process groups in + these containers in the identity store. + +5. Click **Save**. + +NOTE: If a container is set as target in a Group Life Cycle schedule while it is also listed as an +exempted container in the Group Lifecycle policy, the schedule does not process it. As a result, +different aspects of the Group Lifecycle policy, such as group expiry and group attestation does not +apply to groups in the container. + +## Exempt Security Groups from Expiry + +By default, security group expiration is disabled, indicating that security groups in the identity +store cannot be expired either manually or by the Group Life Cycle schedule. You must enable it to +expire security groups. + +When a security group expires, its membership is cleared. However, Directory Manager keeps a backup +of its membership in the database. + +NOTE: In a Microsoft Entra ID identity store, the security group expiry option also applies to +Office 365 groups. + +**The security group expiration paradox** + +A security group may grant or restrict access to network resources to its members. Enabling security +group expiry may pose a problem; the members of an expired security group will get undesired access +to network resources, or will be denied access to resources that were assigned to it. + +To manage this, make sure your critical security groups reside in the OU that the expiry policy does +not apply to. Use the **Do not apply policy on following containers** option to set the OU aside +(see the Apply Policy on Specific Containers topic). In this way, those groups will not expire even +if you enable the expiry of security groups. + +**To enable security group expiry:** + +1. In Admin Center, click **Identity Stores** in the left pane. +2. On the **Identity Stores** page, click the ellipsis button for an identity store and select + **Edit**. +3. Click **Configurations** under **Settings** in the left pane. Then click **Group Lifecycle**. +4. On the **Group Lifecycle** page, select the **Expire Security Groups** check box to allow the + expiry of security groups in the identity store. (Security groups can be expired manually and by + the Group Life Cycle schedule.) + Clear the check box to prevent the expiry of security group. +5. Click **Save**. + +## Auto Delete Expired Groups + +You can set Directory Manager to auto delete expired groups x number of days after expiry. These +wait days apply to both auto expired and manually expired groups. The Group Life Cycle schedule is +responsible for deleting expired groups. These auto deleted groups are called logically deleted +groups. + +**To set wait days:** + +1. In Admin Center, click **Identity Stores** in the left pane. +2. On the **Identity Stores** page, click the ellipsis button for an identity store and select + **Edit**. +3. Click **Configurations** under **Settings** in the left pane. Then click **Group Lifecycle**. +4. On the **Group Lifecycle** page, select the **Delete Expired Groups** check box and type the + number of days after which you want an expired group to be deleted, starting from the expiry + date. +5. Click **Save**. + +## Enable Group Usage Lifecycle + +You can set the expiry of mail-enabled distribution groups based on their usage. It is as: + +- If an expiring group is used in the last x number of days, it will be renewed by reapplying the + expiry policy to it. +- If a group is not used in the last x number of days, its life will be reduced to 7 days. + +The Group Usage Service schedule time stamps each mail-enabled distribution group with respect to +its last usage. The Group Life Cycle schedule extends or reduces the life of a group based on this +information. + +**To enable group usage lifecycle:** + +1. In Admin Center, click **Identity Stores** in the left pane. +2. On the **Identity Stores** page, click the ellipsis button for an identity store and select + **Edit**. +3. Click **Configurations** under **Settings** in the left pane. Then click **Group Lifecycle**. +4. On the **Group Lifecycle** page, use the toggle button for **Extend** **or reduce the life of + mail-enabled groups** to enable group usage lifecycle. +5. Select one of the following options: + + - **Extend group life if used in last x Days:** select this option button and specify x number + of days in the box to prevent your active mail-enabled distribution groups from expiry. If an + expiring group is used in the last x number of days, the Group Life Cycle schedule will renew + it by reapplying its expiry policy. + - **Reduce group life if not used in last x Days:** select this option button and specify x + number of days in the box to reduce the life of mail-enabled distribution groups that have not + received any email in the last x number of days. + + By default, this setting works for groups that are idle for 60 days since their creation, + last renewal, or last usage. You can change the number of days anywhere from 1 to 360. The + Group Life Cycle schedule will reduce the life of such groups to 7 days and send an email + notification to the group owner or the default approver (for groups without owners), + informing them of the approaching expiry. See the + [Specify a Default Approver](/docs/directorymanager/11.1/signin/workflow/advancedsettings.md#specify-a-default-approver) + topic. + +6. Click **Save**. + +## Enable Group Attestation + +You can enforce group owners to review and validate the attributes and membership of expiring groups +before renewing them. While enabling group attestation, consider the following: + +- Group attestation does not apply to groups that have ‘Never Expire’ as their expiry policy. +- The Membership Life Cycle schedule must be defined for the identity store. +- Group attestation does not apply to excluded containers. See the Apply Policy on Specific + Containers topic. +- With group attestation enabled, the Group Usage Lifecycle settings cannot be applied. If those + settings are already defined, they get disabled when you enable group attestation. See the the + Enable Group Usage Lifecycle topic. +- For attestation, group owners must use the Directory Manager portal. +- In the default portal template, a few fields (attributes) for group attestation are specified. You + can add and remove fields to include those that you want group owners to validate and update. +- In case of a Dynasty, parent and child Dynasties have to be attested individually. Child Dynasties + include both middle and leaf Dynasties. However, child Dynasties cannot be renewed after + attestation, as they are renewed with their respective parent Dynasty. +- When attesting the membership of a parent Dynasty, child Dynasty, or a Smart Group, the members + list does not include group objects for attestation. Only users and contacts are displayed. When + attesting static groups, however, the members list also includes groups for attestation. + +**To enable group attestation:** + +1. In Admin Center, click **Identity Stores** in the left pane. +2. On the **Identity Stores** page, click the ellipsis button for an identity store and select + **Edit**. +3. Click **Configurations** under **Settings** in the left pane. Then click **Group Lifecycle**. +4. On the **Group Lifecycle** page, use the toggle button for **Enforce group owners to attest + expiring groups** to enable group attestation for the identity store. +5. Select the **Enforce user to verify each member** check box to enforce group owners to verify + each group member one by one (by individually specifying the status of each member as _active_ or + _inactive_). When this check box is not selected, group owners can select all members in a single + click and specify their status as _active or inactive_. +6. You can specify the duration for which inactive members remain in group membership. + + - Select the **Specify member inactive period** check box and specify a duration in days (for + example, 5). When the status of a member is set to _inactive_, he or she is instantly removed + from group membership in the directory. In Directory Manager, however, he or she remains a + group member till the specified number of days, starting from the inactivation date. During + this period, the member can be activated (added back to group membership). If the member is + not activated, the Membership Life Cycle schedule removes it from group membership in + Directory Manager when the specified number of days lapse. + - If you want inactive members to be instantly removed from group membership in the directory + and in Directory Manager, do one of the following: + + - Select the **Specify member inactive period** check box and specify ‘0’ in the box. + - Do not select the **Specify member inactive period** check box. + +7. Click **Save**. + +## Set Group Expiry Notifications + +You can choose to send email notifications 1 day, 7 days, or 30 days before a group expires, to +inform the group owners (or the default approver when the group has no primary or additional owners) +about the approaching expiry. + +**To set group expiry notifications:** + +1. In Admin Center, click **Identity Stores** in the left pane. +2. On the **Identity Stores** page, click the ellipsis button for an identity store and select + **Edit**. +3. Click **Configurations** under **Settings** in the left pane. Then click **Group Lifecycle**. +4. In the **Notification Options** section on the **Group Lifecycle** page, select any of the + following options to specify when group expiry notifications should be sent: + + - 1 day before group expiration + - 7 days before group expiration + - 30 days before group expiration + +5. Click **Save**. + +**Group expiry notifications and the Group Lifecycle schedule** + +The Group Life Cycle schedule handles group expiry notifications as follows: + +- When no option is selected for expiry notifications, the schedule expires the groups in the + identity store without notifying anyone. +- When notifications are enabled, the schedule notifies the primary and additional owners of the + group, or the default approver (in case the group has no owner) about the approaching expiry. In + case the notification could not be sent or no recipient is available, the schedule extends the + expiry date of the group by 7 days on the group’s expiry day. It continues to do so until the + notification is sent. +- When the **1 day before group expiration** option is selected for sending notifications and the + Group Life Cycle schedule evaluates the group for the first time a day before its expiration date, + Directory Manager will extend the group’s expiration date by 7 days. + +**See Also** + +- [Schedules](/docs/directorymanager/11.1/signin/schedule/overview.md) +- [ Group Expiry and Deletion](/docs/directorymanager/11.1/signin/identitystore/configure/groupexpirydeletion.md) diff --git a/docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/historytracking.md b/docs/directorymanager/11.1/signin/identitystore/configure/historytracking.md similarity index 95% rename from docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/historytracking.md rename to docs/directorymanager/11.1/signin/identitystore/configure/historytracking.md index c1c92a2e08..553c6cc0a8 100644 --- a/docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/historytracking.md +++ b/docs/directorymanager/11.1/signin/identitystore/configure/historytracking.md @@ -1,3 +1,9 @@ +--- +title: "Configure History Tracking" +description: "Configure History Tracking" +sidebar_position: 90 +--- + # Configure History Tracking In Directory Manager, history for an identity store is tracked at two levels: @@ -26,7 +32,7 @@ In Directory Manager, history for an identity store is tracked at two levels: - workflows - security roles - See the [Identity Store History](/docs/directorymanager/11.1/admincenter/identitystore/history/view.md) topic to view the tracked history data. + See the [Identity Store History](/docs/directorymanager/11.1/signin/identitystore/view/view.md) topic to view the tracked history data. By default, history tracking is disabled. You can: @@ -39,8 +45,8 @@ RECOMMENDED: History tracking can slow down system performance. For optimal perf recommended that you track only specific, more important actions and limit Directory Manager history data storage to the most recent records. -See the [History in Directory Manager](/docs/directorymanager/11.1/admincenter/history.md) and -[Event Logging](/docs/directorymanager/11.1/admincenter/identitystore/history/eventlogging.md) topics for additional information. +See the [History in Directory Manager](/docs/directorymanager/11.1/signin/concepts/history.md) and +[Event Logging](/docs/directorymanager/11.1/signin/identitystore/view/eventlogging.md) topics for additional information. What do you want to do? @@ -132,7 +138,7 @@ database forever. You can set Directory Manager to retain an identity store's history data for a specified length of time in the database. When the retention period is over, the History Retention schedule archives this data by moving it from the database to CSV files. See the -[History Retention Schedule](/docs/directorymanager/11.1/admincenter/schedule/historyretention.md) topic. +[History Retention Schedule](/docs/directorymanager/11.1/signin/schedule/historyretention.md) topic. **To retain history data for a specific period:** diff --git a/docs/directorymanager/11.1/signin/identitystore/configure/membershiplifecycle.md b/docs/directorymanager/11.1/signin/identitystore/configure/membershiplifecycle.md new file mode 100644 index 0000000000..4d493c9fe6 --- /dev/null +++ b/docs/directorymanager/11.1/signin/identitystore/configure/membershiplifecycle.md @@ -0,0 +1,277 @@ +--- +title: "Manage Membership Life Cycle Policies" +description: "Manage Membership Life Cycle Policies" +sidebar_position: 50 +--- + +# Manage Membership Life Cycle Policies + +A membership lifecycle policy enables you to specify a period, so that all members added or removed +from specific group(s) during that period are treated as temporary addition or removal respectively. + +You can define a membership policy for groups and OUs. In case of an OU, the policy applies to all +groups in that OU. The Membership Life Cycle schedule is responsible for applying membership +lifecycle policies to groups. + +NOTE: Membership lifecycle policies apply to static groups only. You cannot specify system critical +objects, Smart Groups, and Dynasties as target groups in a policy. + +NOTE: When Smart Groups and Dynasties reside in a target OU, Directory Manager does not process +them. + +## Types of Membership Lifecycle Policies + +You can define two types of membership life cycle policies: + +- **Add temporary** - Users added to group membership during a specified period will be temporary + members, to be removed from membership at the end of the period. If this policy is extended to + existing group members, then all members (including permanent members) will be removed from group + membership when the period ends. +- **Remove temporary** - Users added to group membership during a specified period will be + temporarily removed on addition, to be permanently added to group membership at the end of the + period. If this policy is extended to existing group members, then all members (including + permanent members) will be temporarily removed from group membership for the specified period. At + the end of the period, they will be added back as permanent members. + +## Key Features + +Some main features of the membership lifecycle policies are: + +- **Groups with nested membership** - If a policy is applied to a group with nested membership, it + does not affect nested membership. For an OU with nested OUs, the policy applies to all nested + OUs. +- **Groups with different settings for individual members** - When a policy is applied to a group + having members with temporary addition or removal applied to them individually, then individual + member settings take precedence over the group policy. Temporary addition or removal applied to + individual members remains intact when you remove a policy from a group or OU. +- **Single policy rule** - A single policy can be applied to a group or an OU at a time. Hence, a + group or OU cannot be set as the target in more than one policy. If you apply a policy to an OU + that contains a group with a different policy already applied to it, then the group policy would + be effective. +- **Notifications** - Directory Manager generates notifications when users are temporarily added or + removed from a group’s membership. See the + [Manage Membership Life Cycle Notifications](/docs/directorymanager/11.1/signin/identitystore/configure/smtpserver.md#manage-membership-life-cycle-notifications) + topic. + +What do you want to do? + +- Specify an ‘Add Temporary’ Membership Policy +- Specify a ‘Remove Temporary’ Membership Policy +- Edit a Policy +- Reapply a Policy +- Delete a Policy + +## Specify an ‘Add Temporary’ Membership Policy + +An _add temporary_ membership policy states that all members added to the target groups during a +certain period will be temporary. When the period ends, they will be removed from group membership. + +**To define a policy:** + +1. In Admin Center, click **Identity Stores** in the left pane. +2. On the **Identity Stores** page, click the ellipsis button for an identity store and select + **Edit**. +3. Click **Configurations** under **Settings** in the left pane. Then click **Membership Life + Cycle**. + The **Group/OU Based Membership Lifecycle** page displays any group/OU based membership policy + already defined. +4. Click **Add**; the **Add Group/OU Based Membership Lifecycle Policy** dialog box is displayed. +5. In the **Membership Type** drop-down list, select _Add Temporary_. +6. To specify a duration for the policy, select one of these options: + + - Click **Days** and in the box below, specify the number of days the policy will apply to + target group(s), starting from today. + - Click **Custom** and specify a date range in the **Starting Date** and **Ending Date** boxes. + The starting date must be the current or future date. + +7. Specify groups and OUs to apply the policy to. + + - In the **Add Group and OU to Membership Policy** area, enter a search string in the box. Group + and OU names starting with the string are displayed as you type. Click **Add** for an object + to add it to the policy. + + Or + + - Click **Advanced** to search an object by different parameters, such as name, display name, + and email. + + The selected objects are displayed with their type (can be group or OU), display name, and + distinguished name. + + - For a container, the policy applies to all groups residing in it and its sub-containers. + - For a group, the policy does not apply to any groups that are nested into your selected + group(s). + + To remove an object, click **Remove** for it. + +8. Click **Add**. +9. On the **Apply Policy to Existing Members** message box, do one of the following: + + - Click **Yes** to extend the policy to include the target groups’ existing membership. All + members of the target group(s) convert to temporary at the start of the period, and get + removed from the respective group(s) when the period ends. Simply put, a group’s membership + will be emptied when the period ends. Membership change is also logged in the group’s history. + - Click **No** to apply the policy to new members only and exempt existing members. + +10. The policy is displayed on the **Group/OU Based Membership Life Cycle** page. Click **Save**. + To view the impact of the policy, go to the properties of a target group in the Directory + Manager portal. + +## Specify a ‘Remove Temporary’ Membership Policy + +A _remove temporary_ policy states that all members added to the target group(s) during a certain +period will be temporarily removed from membership. When the period ends, those members would be +added back as permanent members. + +**To define a policy:** + +1. In Admin Center, click **Identity Stores** in the left pane. +2. On the **Identity Stores** page, click the ellipsis button for an identity store and select + **Edit**. +3. Click **Configurations** under **Settings** in the left pane. Then click **Membership Life + Cycle**. + The **Group/OU Based Membership Life Cycle** page displays any group/ OU based membership policy + already defined. +4. Click **Add**; the **Add Group/OU Based Membership Lifecycle Policy** dialog box is displayed. +5. In the **Membership Type** drop-down list, select _Remove Temporary_. +6. To specify a duration for the policy, select one of these options: + + - Click **Days** and in the box below, specify the number of days the policy will apply to + target group(s), starting from today. + - Click **Custom** and specify a date range in the **Starting Date** and **Ending Date** boxes. + The starting date must be the current or future date. + +7. Specify groups and OUs to apply the policy to. + + - In the **Add Group and OU to Membership Policy** area, enter a search string in the box. Group + and OU names starting with the string are displayed as you type. Click **Add** for an object + to add it to the policy. + + Or + + - Click **Advanced** to search an object by different parameters, such as name, display name, + and email. + + The selected objects are displayed with their type (can be group or OU), display name, and + distinguished name. + + - For a container, the policy applies to all groups residing in it and its sub-containers. + - For a group, the policy does not apply to any groups that are nested into your selected + group(s). + + To remove an object, click **Remove** for it. + +8. Click **Add**. +9. On the **Apply Policy to Existing Members** message box, do one of the following: + + - Click **Yes** to extend the policy to include the target groups’ existing membership. All + membership of the target group(s) is temporarily removed at the start of the period, and is + added back as permanent members when the period ends. Membership change is also logged in the + group’s history. + - Click **No** to apply the policy to new members only and exempt existing members. + +10. The policy is displayed on the **Group/OU Based Membership Life Cycle** page. Click **Save**. + To view the impact of the policy, go to the properties of a target group in the Directory + Manager portal. + +## Edit a Policy + +You can edit a policy to change its details. + +Let’s assume you have an ‘add temporary’ policy with May 1 and May 31 set as starting and ending +dates. By May 14, User A and User B are added as temporary members, to be removed from membership on +May 31. + +On May 15, you change the policy’s ending date to May 20. The new ending date will apply to members +that are added to the group hence onwards; it does not apply to User A and User B, who will still be +removed on May 31. However, if the policy is applied to existing members, User A and User B will +also be removed from membership on May 20. + +**To edit a policy:** + +1. In Admin Center, click **Identity Stores** in the left pane. +2. On the **Identity Stores** page, click the ellipsis button for an identity store and select + **Edit**. +3. Click **Configurations** under **Settings** in the left pane. Then click **Membership Life + Cycle**. +4. On the **Group/OU Based Membership Life Cycle** page, click the ellipsis button for a policy and + select **Edit**. +5. Make the required changes to the policy on the **Edit Group/OU Based Membership Lifecycle + Policy** dialog box. + + - For an _add temporary_ policy, follow step 5 and onwards in the Specify an ‘Add Temporary’ + Membership Policy topic. + - For a _remove temporary_ policy, follow step 5 and onwards in the Specify a ‘Remove Temporary’ + Membership Policy topic. + +6. On the **Group/OU Based Membership Life Cycle** page, click **Save**. + +## Reapply a Policy + +You need to reapply a policy when: + +- A new group is created in the policy’s target OU through the identity provider, such as Active + Directory. To extend the policy to the new group, you have to reapply it. +- A group is moved to a target OU using Directory Manager or the identity provider. + +You do not need to reapply a policy when a new group is created in the policy’s target OU through +Directory Manager. In this case, the policy is automatically applied. + +Consider the following: + +- If a policy has been defined for future dates and you add a group to a target OU before the start + date, you must reapply the policy. Reapplying a policy when no group has been added to a target OU + has no impact. +- If you add a group to a target OU of a policy that is currently active, you must reapply it to + extend the policy to that group. +- When you reapply a policy after its effective dates, it has no impact. + **Example:** Let’s assume a policy is active from Jan. 20-31. Reapplying it on Feb 1 will have no + impact.\ + +NOTE: When you move a group from a target OU in a policy (OUA) to an OU that is not the target of +any policy (OUB), the policy applied to the group in OUA will continue to apply to till its end +date. + +**To reapply a policy:** + +1. In Admin Center, click **Identity Stores** in the left pane. +2. On the **Identity Stores** page, click the ellipsis button for an identity store and select + **Edit**. +3. Click **Configurations** under **Settings** in the left pane. Then click **Membership Life + Cycle**. +4. On the **Group/OU Based Membership Life Cycle** page, click the ellipsis button for a policy and + select **Reapply**. +5. On the **Reapply Membership Lifecycle Policy** dialog box, click **Yes** to reapply the policy to + the target groups’ new and existing members or **No** to close the dialog box without reapplying + the policy. +6. Click **Save**. + +## Delete a Policy + +Deleting a membership lifecycle policy has the following impact: + +- When a policy is deleted before or after its effective dates, it has no impact. +- When a policy is deleted during its effective dates, all members of the target groups and those of + groups in the target OUs become permanent members of the respective groups. + +To delete a policy: + +1. In Admin Center, click **Identity Stores** in the left pane. +2. On the **Identity Stores** page, click the ellipsis button for an identity store and select + **Edit**. +3. Click **Configurations** under **Settings** in the left pane. Then click **Membership Life + Cycle**. +4. On the **Group/OU Based Membership Life Cycle** page, click the ellipsis button for a policy and + select **Delete**. +5. The **Delete Membership Lifecycle Policy** message box is displayed. + + - On clicking **Yes**, all members of the target groups and those of groups in the target OUs + become permanent members of the respective groups and the policy is deleted. + - On clicking **No**, the policy is not deleted and continues to apply to the target groups and + OUs. + +6. Click **Save**. + +**See Also** + +- [Membership Life Cycle Schedule](/docs/directorymanager/11.1/signin/schedule/membershiplifecycle.md) diff --git a/docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/messagingprovider.md b/docs/directorymanager/11.1/signin/identitystore/configure/messagingprovider.md similarity index 97% rename from docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/messagingprovider.md rename to docs/directorymanager/11.1/signin/identitystore/configure/messagingprovider.md index fb4b32ea8a..977b916562 100644 --- a/docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/messagingprovider.md +++ b/docs/directorymanager/11.1/signin/identitystore/configure/messagingprovider.md @@ -1,3 +1,9 @@ +--- +title: "Configure a Messaging Provider" +description: "Configure a Messaging Provider" +sidebar_position: 100 +--- + # Configure a Messaging Provider Directory Manager can create email addresses for mail-enabled objects (groups, users, and contacts) @@ -199,4 +205,4 @@ Step 5 – Click **Save**. **See Also** -- [Configure an SMTP Server](/docs/directorymanager/11.1/admincenter/identitystore/configure/smtpserver.md) +- [Configure an SMTP Server](/docs/directorymanager/11.1/signin/identitystore/configure/smtpserver.md) diff --git a/docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/outofbounds.md b/docs/directorymanager/11.1/signin/identitystore/configure/outofbounds.md similarity index 96% rename from docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/outofbounds.md rename to docs/directorymanager/11.1/signin/identitystore/configure/outofbounds.md index 0b59141796..900822ee41 100644 --- a/docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/outofbounds.md +++ b/docs/directorymanager/11.1/signin/identitystore/configure/outofbounds.md @@ -1,3 +1,9 @@ +--- +title: "Manage Group Membership Settings" +description: "Manage Group Membership Settings" +sidebar_position: 70 +--- + # Manage Group Membership Settings Directory Manager enables you to update group membership in the following ways: @@ -157,5 +163,5 @@ Smart Group Update schedule responsible for updating the respective group. **See Also** -- [Manage Dynasty Settings](/docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/dynastysettings.md) -- [Smart Group Update Schedule](/docs/directorymanager/11.1/admincenter/schedule/smartgroupupdate.md) +- [Manage Dynasty Settings](/docs/directorymanager/11.1/signin/identitystore/configure/dynastysettings.md) +- [Smart Group Update Schedule](/docs/directorymanager/11.1/signin/schedule/smartgroupupdate.md) diff --git a/docs/directorymanager/11.1/admincenter/identitystore/configure/security/passwordoptions.md b/docs/directorymanager/11.1/signin/identitystore/configure/passwordoptions.md similarity index 92% rename from docs/directorymanager/11.1/admincenter/identitystore/configure/security/passwordoptions.md rename to docs/directorymanager/11.1/signin/identitystore/configure/passwordoptions.md index 4cfbcaea96..4e8d8aae93 100644 --- a/docs/directorymanager/11.1/admincenter/identitystore/configure/security/passwordoptions.md +++ b/docs/directorymanager/11.1/signin/identitystore/configure/passwordoptions.md @@ -1,3 +1,9 @@ +--- +title: "Configure Password Options" +description: "Configure Password Options" +sidebar_position: 160 +--- + # Configure Password Options You can define the following password restrictions and rules for an identity store: @@ -16,7 +22,7 @@ configurations for the master account apply. In addition to these password restrictions, you can define a password policy for a security role in an identity store. See the -[Directory Manage Password Policy ](/docs/directorymanager/11.1/admincenter/securityrole/policy/password.md) topic. +[Directory Manage Password Policy ](/docs/directorymanager/11.1/signin/securityrole/policy/password.md) topic. What do you want to do? @@ -51,7 +57,7 @@ expression. not allowed. - **Regular Expression:** passwords that satisfy the regular expression you specify in the **Exception Value** box are not allowed. See the - [What are Regular Expressions?](/docs/directorymanager/11.1/admincenter/portal/displaytype/textbox.md#what-are-regular-expressions) + [What are Regular Expressions?](/docs/directorymanager/11.1/signin/applications/portal/categories/textbox.md#what-are-regular-expressions) topic to learn about regular expressions and their syntax. 6. Type a value for the selected operator in the **Exception Value** box. @@ -80,7 +86,7 @@ users follow certain rules and patterns. 4. In the **Password Rules** area on the **Password Options** page, click **Add Password Rule**. 5. On the **Add Rules** dialog box, type a regular expression in the **Regular Expression** box. See the - [What are Regular Expressions?](/docs/directorymanager/11.1/admincenter/portal/displaytype/textbox.md#what-are-regular-expressions) + [What are Regular Expressions?](/docs/directorymanager/11.1/signin/applications/portal/categories/textbox.md#what-are-regular-expressions) topic to learn about regular expressions and their syntax. 6. Click **OK**. The regular expression is displayed in the In the **Password Rules** area. 7. Follow steps 4 to 6 to define as many regular expressions as required. Passwords that satisfy any @@ -114,4 +120,4 @@ importing another file will replace the existing one. **See Also** -- [Directory Manage Password Policy ](/docs/directorymanager/11.1/admincenter/securityrole/policy/password.md) +- [Directory Manage Password Policy ](/docs/directorymanager/11.1/signin/securityrole/policy/password.md) diff --git a/docs/directorymanager/11.1/signin/identitystore/configure/ppe/_category_.json b/docs/directorymanager/11.1/signin/identitystore/configure/ppe/_category_.json new file mode 100644 index 0000000000..876e3cd3cf --- /dev/null +++ b/docs/directorymanager/11.1/signin/identitystore/configure/ppe/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Netwrix Password Policy Enforcer Policies", + "position": 170, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/directorymanager/11.1/signin/identitystore/configure/ppe/messages.md b/docs/directorymanager/11.1/signin/identitystore/configure/ppe/messages.md new file mode 100644 index 0000000000..c7d4296805 --- /dev/null +++ b/docs/directorymanager/11.1/signin/identitystore/configure/ppe/messages.md @@ -0,0 +1,44 @@ +--- +title: "Set up messages for your users" +description: "Set up messages for your users" +sidebar_position: 50 +--- + +# Set up messages for your users + +Each Password Policy Enforcer password policy has multiple message templates, one for each of the +Password Policy messages. + +- Password Policy – Displays the password policy guidelines on that have the Netwrix Password Policy + Enforcer installed. +- [POLICY] – Customize the text for the active rules. +- [LIVE_POLICY] – Password Policy messages can be configured to display live feedback for the active + rules to users as they reset or change their passwords. This feature enables users to see if their + passwords meet the requirements of the policy set by the organization. +- Rejection Reason – Displays why an intended password was rejected. +- Generic Rejection – Displays if Password Policy Enforcer does not have a specific reason for the + rejection, generally because the password does not comply with the Windows password policy + +Follow the steps to set up message template for active rules. + +Step 1 – In Admin Center, click **Identity Stores** in the left pane. + +Step 2 – On the Identity Stores page, click the **ellipsis** button for an identity store and select +**Edit**. + +Step 3 – Click **Configurations** under Settings in the left pane. Then click **PPE Policies**. The +PPE Policies page is displayed. + +Step 4 – Click the **three vertical dots** icon next to the policy , click **Edit**. + +Or + +Click on a policy name to open the policy configuration page. + +Step 5 – Open the **Messages** tab. + +Step 6 – Select the message language from the drop-down list. You can set messages for multiple +languages. + +Step 7 – Edit the message templates in the Password policy, [POLICY], [LIVE_POLICY], Rejection +Reason, and Generic rejection messages. diff --git a/docs/directorymanager/11.1/signin/identitystore/configure/ppe/overview.md b/docs/directorymanager/11.1/signin/identitystore/configure/ppe/overview.md new file mode 100644 index 0000000000..97495a458f --- /dev/null +++ b/docs/directorymanager/11.1/signin/identitystore/configure/ppe/overview.md @@ -0,0 +1,128 @@ +--- +title: "Netwrix Password Policy Enforcer Policies" +description: "Netwrix Password Policy Enforcer Policies" +sidebar_position: 170 +--- + +# Netwrix Password Policy Enforcer Policies + +Netwrix Password Policy Enforcer (PPE) helps secure your network by ensuring users set strong +passwords. You can now enforce PPE policies to Active Directory domain accounts when they change and +reset their passwords in Directory Manager. + +Remember, You can only use PPE policies in Directory Manager when Password Policy Enforcer 11 is +deployed on your domain controller. + +The PPE policies use rules to decide if it should accept or reject a password. You can assign these +policies to users, groups, and containers (Organizational Units). You can also: + +- define a different set of rules for passphrases +- define a default password character set +- Select a template based on the requirements of the most popular regulatory frameworks +- provide the name of an executable you want to execute upon change and reset password functions in + Directory Manager. + +Directory Manager also has its Password policy which can be defined at an identity store level and +for a particular security role in that identity store. At one point in time, you can either apply +Directory Manager Password policy or PPE policies. See the +[Directory Manage Password Policy ](/docs/directorymanager/11.1/signin/securityrole/policy/password.md)for additional +information. + +In Directory Manager, you can + +- Add a PPE Policy +- Edit a PPE Policy +- Delete a PPE Policy + +## Add a PPE Policy + +Follow these steps to add a new policy + +Step 1 – In Admin Center, click **Identity Stores** in the left pane. + +Step 2 – On the Identity Stores page, click the **ellipsis** button for an identity store and select +**Edit**. + +Step 3 – Click **Configurations** under Settings in the left pane. Then click **PPE Policies**. The +PPE Policies page is displayed. + +Step 4 – Select the domain of the connected identity store from the **Select Domain** box for which +you wish to add a policy. No PPE policies found message is displayed on the page if no policy is +defined so far. + +Step 5 – Click the **Add Policy** button. + +Step 6 – Password Policy Enforcer contains the out-of-the-box policy templates based on the +requirements of the most popular regulatory frameworks. Select one of the following: + +- Policy – Blank policy with no configurations +- CIS Password Policy Guide – Center for Internet Security (CIS) Password Policy Guide – See the + [CIS Password Policy Guide ](https://www.cisecurity.org/insights/white-papers/cis-password-policy-guide)article + for additional information. +- CIS Password Policy Guide MFA – Center for Internet Security (CIS) Password Policy Guide MFA – See + the + [CIS Password Policy Guide](https://www.cisecurity.org/insights/white-papers/cis-password-policy-guide) + article for additional information. +- CISA – Cybersecurity Information Sharing Act (CISA) +- CJIS – minal Justice Information Services (CJIS) Security Policy +- CMMC – Cybersecurity Maturity Model Certification (CMMC) +- DFARS – Defense Federal Acquisition Regulation Supplement (DFARS) + +After the selection of a policy template, the Add Policy page is displayed. + +Step 7 – Click **Add**. +The policy gets listed on PPE Policies page by the name of the template selected while adding the +policy. See the [Set up policy properties](/docs/directorymanager/11.1/signin/identitystore/configure/ppe/policyproperties.md) topic for additional information on +renaming a policy. + +## Edit a PPE Policy + +Once you add a Password Policy Enforcer policy either on the basis of a blank template or on the +basis of pre-configured template, you can edit the policy as per your needs. + +Follow the steps to edit a PPE policy. + +Step 1 – In Admin Center, click **Identity Stores** in the left pane. + +Step 2 – On the Identity Stores page, click the **ellipsis** button for an identity store and select +**Edit**. + +Step 3 – Click **Configurations** under Settings in the left pane. Then click **PPE Policies**. The +PPE Policies page is displayed. + +Step 4 – Click the **three vertical dots** icon next to the policy , you want to edit and click +**Edit**. + +Step 5 – The Edit Policy page displays, while editing you can + +- [Set up Rules](/docs/directorymanager/11.1/signin/identitystore/configure/ppe/rules/overview.md) +- [Assign Policies to Users, Groups & Containers](/docs/directorymanager/11.1/signin/identitystore/configure/ppe/usersgroups.md) +- [Enable the use of an optional passphrase](/docs/directorymanager/11.1/signin/identitystore/configure/ppe/passphrases.md) +- [Set up policy properties](/docs/directorymanager/11.1/signin/identitystore/configure/ppe/policyproperties.md) +- [Set up messages for your users](/docs/directorymanager/11.1/signin/identitystore/configure/ppe/messages.md) + +Step 6 – After setting up the policy, click **Update**. + +When users of the specified domain reset or change their password, they can only do that as per the +settings of the applied PPE policy. + +## Delete a PPE Policy + +If a PPE policy is no longer needed, you can delete it. + +Follow the steps to delete a PPE policy + +Step 1 – In Admin Center, click **Identity Stores** in the left pane. + +Step 2 – On the Identity Stores page, click the **ellipsis** button for an identity store and select +**Edit**. + +Step 3 – Click **Configurations** under Settings in the left pane. Then click **PPE Policies**. The +PPE Policies page is displayed. + +Step 4 – Click the **three vertical dots** icon against the policy you intend to delete. + +Step 5 – Select **Delete.** A warning confirmation is displayed when you delete a policy. + +When you delete a policy from Directory Manager it is deleted from the policy OU of Password Policy +Enforcer on the domain the policy will not be available to PPE users as well. diff --git a/docs/directorymanager/11.1/signin/identitystore/configure/ppe/passphrases.md b/docs/directorymanager/11.1/signin/identitystore/configure/ppe/passphrases.md new file mode 100644 index 0000000000..dd6ad13bb6 --- /dev/null +++ b/docs/directorymanager/11.1/signin/identitystore/configure/ppe/passphrases.md @@ -0,0 +1,45 @@ +--- +title: "Enable the use of an optional passphrase" +description: "Enable the use of an optional passphrase" +sidebar_position: 30 +--- + +# Enable the use of an optional passphrase + +Passphrases have gained popularity in recent years as they can be more difficult to crack and easier +to remember than passwords. The difference between passwords and passphrases is their length. +Passwords are rarely longer than 15 characters, but passphrases commonly contain 20 or more +characters. + +Complexity and dictionary rules are less important for passphrases as passphrases rely primarily on +length for security. You may want to relax some password policy requirements for passphrases. + +Step 1 – In Admin Center, click **Identity Stores** in the left pane. + +Step 2 – On the Identity Stores page, click the **ellipsis** button for an identity store and select +**Edit**. + +Step 3 – Click **Configurations** under Settings in the left pane. Then click **PPE Policies**. The +PPE Policies page is displayed. + +Step 4 – Click the **three vertical dots** icon next to the policy , click **Edit**. + +Or + +Click on a policy name to open the policy configuration page. + +Step 5 – Open the **Passphrase** tab. + +Step 6 – Select the number of characters the password must contain before the selected rules are +disabled. + +Step 7 – Select the rules to be disabled. + +Disabled rules are not counted when calculating the compliance level, but Password Policy Enforcer +accepts passphrases that comply with all enabled rules, irrespective of the compliance level. This +ensures that passphrases can be used, even if they do not meet the compliance level when Password +Policy Enforcer is configured to disable one or more rules for passphrases. + +NOTE: Opinions differ on how long a passphrase needs to be. Even a 30 character passphrase can be +weaker than a well-chosen password. Do not disable too many rules under the assumption that length +alone makes up for the reduced complexity. diff --git a/docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/ppe/policyproperties.md b/docs/directorymanager/11.1/signin/identitystore/configure/ppe/policyproperties.md similarity index 85% rename from docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/ppe/policyproperties.md rename to docs/directorymanager/11.1/signin/identitystore/configure/ppe/policyproperties.md index 914fb221ef..1655908faa 100644 --- a/docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/ppe/policyproperties.md +++ b/docs/directorymanager/11.1/signin/identitystore/configure/ppe/policyproperties.md @@ -1,3 +1,9 @@ +--- +title: "Set up policy properties" +description: "Set up policy properties" +sidebar_position: 40 +--- + # Set up policy properties Sets the properties for the selected policy. @@ -42,12 +48,12 @@ Step 5 – Open the **Properties** tab. drop-down list to specify the required compliance level for this policy. The default value **(all the rules**) requires users to comply with all enabled rules. Choose an alternative option if Password Policy Enforcer should enforce a more lenient password policy. The - [Age (Min) Rule](/docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/ppe/rules/minimum_age_rule.md) and [Age (Max) Rule](/docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/ppe/rules/maximum_age_rule.md) rules - are excluded from compliance level calculations. See the [Set up Rules](/docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/ppe/rules/overview.md) topic + [Age (Min) Rule](/docs/directorymanager/11.1/signin/identitystore/configure/ppe/rules/minimum_age_rule.md) and [Age (Max) Rule](/docs/directorymanager/11.1/signin/identitystore/configure/ppe/rules/maximum_age_rule.md) rules + are excluded from compliance level calculations. See the [Set up Rules](/docs/directorymanager/11.1/signin/identitystore/configure/ppe/rules/overview.md) topic for additional information. When setting the compliance level, consider that some rules may be disabled when a user enters a - passphrase. See the [Enable the use of an optional passphrase](/docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/ppe/passphrases.md) topic for + passphrase. See the [Enable the use of an optional passphrase](/docs/directorymanager/11.1/signin/identitystore/configure/ppe/passphrases.md) topic for additional information. Password Policy Enforcer accepts passphrases that comply with all enabled rules, irrespective of the compliance level. This ensures that passphrases can be used, even if they do not meet the compliance level when Password Policy Enforcer is configured to diff --git a/docs/directorymanager/11.1/signin/identitystore/configure/ppe/rules/_category_.json b/docs/directorymanager/11.1/signin/identitystore/configure/ppe/rules/_category_.json new file mode 100644 index 0000000000..74386a14a9 --- /dev/null +++ b/docs/directorymanager/11.1/signin/identitystore/configure/ppe/rules/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Set up Rules", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/ppe/rules/characterrules.md b/docs/directorymanager/11.1/signin/identitystore/configure/ppe/rules/characterrules.md similarity index 97% rename from docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/ppe/rules/characterrules.md rename to docs/directorymanager/11.1/signin/identitystore/configure/ppe/rules/characterrules.md index 33335a324d..b06516205b 100644 --- a/docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/ppe/rules/characterrules.md +++ b/docs/directorymanager/11.1/signin/identitystore/configure/ppe/rules/characterrules.md @@ -1,3 +1,9 @@ +--- +title: "Character (Granular) Rules" +description: "Character (Granular) Rules" +sidebar_position: 30 +--- + # Character (Granular) Rules Password Policy Enforcer has seven Character rules that reject passwords if they contain, or do not diff --git a/docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/ppe/rules/complexityrule.md b/docs/directorymanager/11.1/signin/identitystore/configure/ppe/rules/complexityrule.md similarity index 94% rename from docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/ppe/rules/complexityrule.md rename to docs/directorymanager/11.1/signin/identitystore/configure/ppe/rules/complexityrule.md index 8cb182801f..97ea01bf47 100644 --- a/docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/ppe/rules/complexityrule.md +++ b/docs/directorymanager/11.1/signin/identitystore/configure/ppe/rules/complexityrule.md @@ -1,3 +1,9 @@ +--- +title: "Characters (Complexity) Rule" +description: "Characters (Complexity) Rule" +sidebar_position: 40 +--- + # Characters (Complexity) Rule The Complexity rule rejects passwords that do not contain characters from a variety of character diff --git a/docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/ppe/rules/compromisedrule.md b/docs/directorymanager/11.1/signin/identitystore/configure/ppe/rules/compromisedrule.md similarity index 84% rename from docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/ppe/rules/compromisedrule.md rename to docs/directorymanager/11.1/signin/identitystore/configure/ppe/rules/compromisedrule.md index 1ccd7c669f..510a825c57 100644 --- a/docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/ppe/rules/compromisedrule.md +++ b/docs/directorymanager/11.1/signin/identitystore/configure/ppe/rules/compromisedrule.md @@ -1,3 +1,9 @@ +--- +title: "Compromised Rule" +description: "Compromised Rule" +sidebar_position: 50 +--- + # Compromised Rule The Compromised rule rejects passwords from prior breaches. These passwords should not be used as diff --git a/docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/ppe/rules/dictionaryrule.md b/docs/directorymanager/11.1/signin/identitystore/configure/ppe/rules/dictionaryrule.md similarity index 98% rename from docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/ppe/rules/dictionaryrule.md rename to docs/directorymanager/11.1/signin/identitystore/configure/ppe/rules/dictionaryrule.md index 94d1a72e2d..313c5ccd7e 100644 --- a/docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/ppe/rules/dictionaryrule.md +++ b/docs/directorymanager/11.1/signin/identitystore/configure/ppe/rules/dictionaryrule.md @@ -1,3 +1,9 @@ +--- +title: "Dictionary Rule" +description: "Dictionary Rule" +sidebar_position: 60 +--- + # Dictionary Rule The Dictionary rule rejects passwords that are vulnerable to guessing, hybrid, and precomputed diff --git a/docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/ppe/rules/historyrule.md b/docs/directorymanager/11.1/signin/identitystore/configure/ppe/rules/historyrule.md similarity index 95% rename from docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/ppe/rules/historyrule.md rename to docs/directorymanager/11.1/signin/identitystore/configure/ppe/rules/historyrule.md index 0b067c7e67..c273af0e62 100644 --- a/docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/ppe/rules/historyrule.md +++ b/docs/directorymanager/11.1/signin/identitystore/configure/ppe/rules/historyrule.md @@ -1,3 +1,9 @@ +--- +title: "History Rule" +description: "History Rule" +sidebar_position: 70 +--- + # History Rule The History rule rejects passwords that are identical to recently used passwords. Password reuse diff --git a/docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/ppe/rules/lengthrule.md b/docs/directorymanager/11.1/signin/identitystore/configure/ppe/rules/lengthrule.md similarity index 92% rename from docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/ppe/rules/lengthrule.md rename to docs/directorymanager/11.1/signin/identitystore/configure/ppe/rules/lengthrule.md index c7f1e5b497..083e45e71f 100644 --- a/docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/ppe/rules/lengthrule.md +++ b/docs/directorymanager/11.1/signin/identitystore/configure/ppe/rules/lengthrule.md @@ -1,3 +1,9 @@ +--- +title: "Length Rule" +description: "Length Rule" +sidebar_position: 80 +--- + # Length Rule The Length rule rejects passwords that contain too few or too many characters. Longer passwords are diff --git a/docs/directorymanager/11.1/signin/identitystore/configure/ppe/rules/maximum_age_rule.md b/docs/directorymanager/11.1/signin/identitystore/configure/ppe/rules/maximum_age_rule.md new file mode 100644 index 0000000000..2bed4cd82d --- /dev/null +++ b/docs/directorymanager/11.1/signin/identitystore/configure/ppe/rules/maximum_age_rule.md @@ -0,0 +1,90 @@ +--- +title: "Age (Max) Rule" +description: "Age (Max) Rule" +sidebar_position: 10 +--- + +# Age (Max) Rule + +The Maximum Age rule forces users to change their passwords regularly. This decreases the likelihood +of an attacker discovering a password before it changes. This rule can only be enforced by PPE +policies. + +- Enable/Disable button – Enable the **Age (Max)** rule button to enable the Maximum Age rule. + +- Users must change password after days – Choose a value from the drop-down list to specify how many + days must elapse before passwords expire. + +- Delay expiration by `<_number of days_>` if the password contains `<_number of characters_>` or + more characters – You can encourage users to choose longer passwords by extending the lifetime of + their password if it exceeds a certain length. To enable this feature, choose a higher value from + the number of days drop-down list and a minimum length from the number of characters drop-down + list. Passwords that contain the required number of characters do not expire until the number of + days (higher) days value. If both days values (i.e. number of days in Users must change password + after days and number of days in this in this field) are identical, then passwords will expire + after the specified number of days, irrespective of length. + + NOTE: When the Maximum Age rule is configured to delay the expiry of longer passwords, it + creates an Active Directory security group called "PPE Extended Maximum Age Users". Password + Policy Enforcer uses this group to identify which users are eligible for a delayed password + expiry. Users are added and removed from the group automatically. You can move and rename this + group, but do not change the pre-Windows 2000 name. Contact Netwrix support if you must change + the pre-Windows 2000 name. Change a Password Policy Enforcer configuration setting (any setting) + after moving or renaming the group to trigger a cache update in Password Policy Enforcer. + Password Policy Enforcer recreates this group if you delete it. To stop creating a group, make + the two days values equal in all policies. + +- Mode – Mode Choose a value from the Mode drop-down list to specify how Password Policy Enforcer + handles expired passwords. The Standard mode forces all users with expired passwords to change + their password during logon. The Transitional modes force a percentage of users with expired + passwords to change their password during logon. The Warning mode warns users that their password + has expired without forcing them to change it. + + Use the Warning and Transitional modes to gradually introduce a new password policy. These modes + reduce the number of forced password changes, allowing the help desk to deal with any extra + calls relating to the new policy. Switch to the Standard mode after most users have had a chance + to change their password. + + It takes approximately 50 days for all users with expired passwords to be forced to change them + in the 2% Transitional mode (2% every day). The 5% Transitional mode reduces this to 20 days, + and the 10% Transitional mode further reduces it to 10 days. The selection algorithm is + randomized, so these are estimates only. You must switch to the Standard mode to ensure that all + old passwords will expire. + + Users with expired passwords are always prompted to change their password, even in the + Transitional and Warning modes. Users can ignore the prompt to change their password unless they + are being forced to change it. + + NOTE: The password expiry prompt is a Windows client feature, and is displayed even if the + Password Policy Client is not installed. Windows clients display the prompt 5 days before + passwords expire by default. You can alter this behavior in the Windows Group Policy security + settings. See the + [Interactive logon: Prompt user to change password before expiration](https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/interactive-logon-prompt-user-to-change-password-before-expiration) + Microsoft article for additional information. + + Password Policy Enforcer expires passwords at 1:00 AM every day on the domain controller holding + the PDC emulator operations master role. It sets "User must change password at next logon" for + users whose password has expired, or is due to expire on that day. Password Policy Enforcer does + not expire passwords if the Maximum Age rule is in Warning mode, or for users with "Password + never expires" set in Active Directory. Some passwords will not expire immediately when the + Maximum Age rule is in a Transitional mode. + +## Set up Email + +Click the **Set up email** to configure the e-mail message options. + +Type the _name_ and _email address_ you wish to appear in the email's From field in the From text +box. The correct format is "Display Name" `` + +Type the text for the email's **Subject** field in the Subject text box. + +Type the _body_ of the email in the large text box. + +### Set up SMTP + +Currently not supported . + +## Expired Password Log + +If you want to record every event of an expired password in a log check the Log event for every +expired password check box. It will record the event in a log named at the following path. diff --git a/docs/directorymanager/11.1/signin/identitystore/configure/ppe/rules/minimum_age_rule.md b/docs/directorymanager/11.1/signin/identitystore/configure/ppe/rules/minimum_age_rule.md new file mode 100644 index 0000000000..9f4ba71401 --- /dev/null +++ b/docs/directorymanager/11.1/signin/identitystore/configure/ppe/rules/minimum_age_rule.md @@ -0,0 +1,17 @@ +--- +title: "Age (Min) Rule" +description: "Age (Min) Rule" +sidebar_position: 20 +--- + +# Age (Min) Rule + +The Minimum Age rule stops users from quickly cycling through a series of passwords in order to +evade the History and Similarity rules. This rule can only be enforced by domain policies. + +- Enable the **Age (Min)** button to enable the Minimum Age rule. + +- Select the number of days before a user can change their password. + +NOTE: The Minimum Age rule is unique because users cannot comply with it by choosing a different +password; they must wait until the required number of days has elapsed. diff --git a/docs/directorymanager/11.1/signin/identitystore/configure/ppe/rules/overview.md b/docs/directorymanager/11.1/signin/identitystore/configure/ppe/rules/overview.md new file mode 100644 index 0000000000..7a5d26526f --- /dev/null +++ b/docs/directorymanager/11.1/signin/identitystore/configure/ppe/rules/overview.md @@ -0,0 +1,95 @@ +--- +title: "Set up Rules" +description: "Set up Rules" +sidebar_position: 10 +--- + +# Set up Rules + +Netwrix Password Policy Enforcer uses rules to decide if it should accept or reject a password. Each +policy has rules that are configured independently of the rules in other policies. + +Follow the steps to define rules a PPE policy + +Step 1 – The Rules tab opens by default and the following rules are listed in the left pane. + +- [Age (Max) Rule](/docs/directorymanager/11.1/signin/identitystore/configure/ppe/rules/maximum_age_rule.md) +- [Age (Min) Rule](/docs/directorymanager/11.1/signin/identitystore/configure/ppe/rules/minimum_age_rule.md) +- [Characters (Complexity) Rule](/docs/directorymanager/11.1/signin/identitystore/configure/ppe/rules/complexityrule.md) +- [Character (Granular) Rules](/docs/directorymanager/11.1/signin/identitystore/configure/ppe/rules/characterrules.md) +- [Compromised Rule](/docs/directorymanager/11.1/signin/identitystore/configure/ppe/rules/compromisedrule.md) +- [Dictionary Rule](/docs/directorymanager/11.1/signin/identitystore/configure/ppe/rules/dictionaryrule.md) +- [History Rule](/docs/directorymanager/11.1/signin/identitystore/configure/ppe/rules/historyrule.md) +- [Length Rule](/docs/directorymanager/11.1/signin/identitystore/configure/ppe/rules/lengthrule.md) +- [Patterns Rule](/docs/directorymanager/11.1/signin/identitystore/configure/ppe/rules/patternsrule.md) +- [Repetition Rule](/docs/directorymanager/11.1/signin/identitystore/configure/ppe/rules/repetitionrule.md) +- [Similarity Rule](/docs/directorymanager/11.1/signin/identitystore/configure/ppe/rules/similarityrule.md) +- [Unique Characters Rule](/docs/directorymanager/11.1/signin/identitystore/configure/ppe/rules/uniquecharacters.md) + +A button beside a rule indicates that the rule is enabled (being enforced) or not. Click a rule to +set the rule's properties and save it. + +Prior to setting up the rules for the policy, review the sections on Detecting Character +Substitutionand Tolerance . + +## Detecting Character Substitution + +Character substitution is a technique used by some users to improve password quality. They replace +some alphabetic characters with non-alphabetic characters that have a similar appearance. For +example, "sold" becomes "$old". Many of these substitutions are well known and do little to improve +password strength. + +Some Password Policy Enforcer rules have a Detect Character Substitution check box. When this check +box is selected, Password Policy Enforcer tests passwords with, and without character substitution. +This stops users from circumventing the rule by substituting some characters. Password Policy +Enforcer detects these common character substitutions: + +| Original | Substituted | +| -------- | -------------- | +| A a | `^ @` | +| B b | `8` | +| C c | `( or { < [` | +| D d | `) or } > ]` | +| E e | `3` | +| G g | `6 or 9` | +| I i | `! or 1` | +| O o | `0 or (zero)` | +| S s | `$ or 5` | +| T t | `+ or 7` | +| Z z | `2` | + +## Tolerance + +Some Password Policy Enforcer rules have a Tolerance drop-down list that allows you to control how +strictly the rule is enforced. Tolerance is normally expressed as the maximum allowable number of +consecutive matching characters in the password and some other parameter. Password Policy Enforcer +rejects a password if the specified tolerance is exceeded. For example, the logon name +"mary**jones**", and the password "**Jones**town" contain five consecutive matching characters +(shown in bold type). Password Policy Enforcer will reject this password if the tolerance for the +User Logon Name rule is four (or lower), and accept it if the tolerance is five (or higher). + +The User Logon Name, User Display Name, Similarity, and Character Patter rules have an Auto +tolerance option. Setting the tolerance to Auto instructs Password Policy Enforcer to only reject +passwords that contain the entire parameter being compared. This is very useful when the length of +the comparison parameter is unknown. For example, if you want Password Policy Enforcer to reject +passwords that contain the user's entire logon name, then you cannot specify a fixed tolerance +unless all logon names have the same length. Setting the tolerance to Auto allows Password Policy +Enforcer to calculate an appropriate tolerance during every password change. + +Password Policy Enforcer sets the tolerance to the length of the comparison parameter minus one. The +table below shows some parameter values and the calculated tolerance. Password Policy Enforcer +rejects a password if it contains all the text in the Value column (or a derivative of it if +character substitution detection or bi-directional analysis is enabled). + +| Rule | Parameter | Value | Tolerance | +| ----------------- | ----------------- | ---------- | --------- | +| User Logon Name | Logon name | maryjones | 8 | +| User Display Name | Display name | Mary Jones | 9 | +| Similarity | Current password | oldpass | 6 | +| Character Pattern | Character pattern | abcdefgh | 7 | + +Password Policy Enforcer's Auto tolerance calculation has a minimum limit to stop passwords from +being rejected when the comparison parameter is very short. The limit is set to two characters by +default, so Password Policy Enforcer accepts passwords that contain the parameter value if the +comparison parameter only contains one or two characters. Contact Netwrix support if you need to +change the minimum limit. diff --git a/docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/ppe/rules/patternsrule.md b/docs/directorymanager/11.1/signin/identitystore/configure/ppe/rules/patternsrule.md similarity index 96% rename from docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/ppe/rules/patternsrule.md rename to docs/directorymanager/11.1/signin/identitystore/configure/ppe/rules/patternsrule.md index a78c5fe75f..0a8c132f67 100644 --- a/docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/ppe/rules/patternsrule.md +++ b/docs/directorymanager/11.1/signin/identitystore/configure/ppe/rules/patternsrule.md @@ -1,3 +1,9 @@ +--- +title: "Patterns Rule" +description: "Patterns Rule" +sidebar_position: 90 +--- + # Patterns Rule The Patterns rule rejects passwords that contain character patterns such as "abcde". Character diff --git a/docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/ppe/rules/repetitionrule.md b/docs/directorymanager/11.1/signin/identitystore/configure/ppe/rules/repetitionrule.md similarity index 94% rename from docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/ppe/rules/repetitionrule.md rename to docs/directorymanager/11.1/signin/identitystore/configure/ppe/rules/repetitionrule.md index e0e67bf852..d4daa9e036 100644 --- a/docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/ppe/rules/repetitionrule.md +++ b/docs/directorymanager/11.1/signin/identitystore/configure/ppe/rules/repetitionrule.md @@ -1,3 +1,9 @@ +--- +title: "Repetition Rule" +description: "Repetition Rule" +sidebar_position: 100 +--- + # Repetition Rule The Repetition rule rejects passwords that contain excessive character or pattern repetition. diff --git a/docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/ppe/rules/similarityrule.md b/docs/directorymanager/11.1/signin/identitystore/configure/ppe/rules/similarityrule.md similarity index 94% rename from docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/ppe/rules/similarityrule.md rename to docs/directorymanager/11.1/signin/identitystore/configure/ppe/rules/similarityrule.md index 8995483506..60faeb6f3d 100644 --- a/docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/ppe/rules/similarityrule.md +++ b/docs/directorymanager/11.1/signin/identitystore/configure/ppe/rules/similarityrule.md @@ -1,3 +1,9 @@ +--- +title: "Similarity Rule" +description: "Similarity Rule" +sidebar_position: 110 +--- + # Similarity Rule The Similarity rule rejects passwords that are similar to a user's current password. Password diff --git a/docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/ppe/rules/uniquecharacters.md b/docs/directorymanager/11.1/signin/identitystore/configure/ppe/rules/uniquecharacters.md similarity index 88% rename from docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/ppe/rules/uniquecharacters.md rename to docs/directorymanager/11.1/signin/identitystore/configure/ppe/rules/uniquecharacters.md index 0f8305114f..bb3d73b162 100644 --- a/docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/ppe/rules/uniquecharacters.md +++ b/docs/directorymanager/11.1/signin/identitystore/configure/ppe/rules/uniquecharacters.md @@ -1,3 +1,9 @@ +--- +title: "Unique Characters Rule" +description: "Unique Characters Rule" +sidebar_position: 120 +--- + # Unique Characters Rule The Unique Characters rule rejects passwords that do not contain a minimum number of unique diff --git a/docs/directorymanager/11.1/signin/identitystore/configure/ppe/usersgroups.md b/docs/directorymanager/11.1/signin/identitystore/configure/ppe/usersgroups.md new file mode 100644 index 0000000000..24e2b61334 --- /dev/null +++ b/docs/directorymanager/11.1/signin/identitystore/configure/ppe/usersgroups.md @@ -0,0 +1,108 @@ +--- +title: "Assign Policies to Users, Groups & Containers" +description: "Assign Policies to Users, Groups & Containers" +sidebar_position: 20 +--- + +# Assign Policies to Users, Groups & Containers + +Password Policy Enforcer uses policy assignments to decide which policy to enforce for each user. +Domain policies can be assigned to users, groups, and containers (Organizational Units). + +Step 1 – In Admin Center, click **Identity Stores** in the left pane. + +Step 2 – On the Identity Stores page, click the **ellipsis** button for an identity store and select +**Edit**. + +Step 3 – Click **Configurations** under Settings in the left pane. Then click **PPE Policies**. The +PPE Policies page is displayed. + +Step 4 – Click the **three vertical dots** icon next to the policy , click **Edit**. + +Or + +Click on a policy name to open the policy configuration page. + +Step 5 – Open the **Users & Groups** tab. + +Assign Policies to Users + +Step 6 – When a domain policy is assigned to a user, Password Policy Enforcer stores the user's +information in the configuration. The assignment remains valid even if the user is renamed. + +1. Click **+Add User** to add user(s) you want to apply policy on. +2. On the Add Object(s) dialog box, select a container from the **Search Container** drop down list. +3. By default, the Include Sub-Contaners check box is selected. If you do not want to apply the + policy on the users in the sub-containers, uncheck it. +4. Click **Advanced**, to search users using the search fields displayed such as Name, Display Name, + First Name, Last Name and so on. +5. Click **Search**. Users matching the given criteria get listed. +6. Click the **Add** button next to the users name listed on the page. +7. After adding all the required users from the search list, Click **Add** on the Add Objects dialog + box. +8. The selected users get listed in the Users box. You can remove a user from the list by clicking + the cross (x) icon next to its name. + +Assign Policies to Groups + +Step 7 – When a domain policy is assigned to a group, Password Policy Enforcer stores the group's +information in the configuration. The assignment remains valid even if the group is renamed. +Password Policy Enforcer enforces the policy for all members of the group as well as any nested +groups. For example, if the Helpdesk group is a member of the Info Tech group, then any policy +assigned to the Info Tech group also applies to the members of the Helpdesk group. If this behavior +is not desired, then you can assign a different policy to the Helpdesk group. + +1. Click **+Add Group** to add groups for the policy assignment. +2. On the Add Object(s) dialog box, select a container from the **Search Container** drop down list. +3. By default, the Include Sub-Contaners check box is selected. If you do not want to apply the + policy on the groups in the sub-containers, uncheck it. +4. Click **Advanced**, to search groups using the Name, Display Name, and Description fields. +5. Click **Search**. Groups matching the given criteria get listed. +6. Click the **Add** button next to the users name listed on the page. +7. After adding all the required groups from the search list, Click **Add** on the Add Objects + dialog box. +8. The selected groups get listed in the Groups box. You can remove a group from the list by + clicking the cross (x) icon next to its name. + +Assign Policies to Containers + +Step 8 – When a policy is assigned to a container, Password Policy Enforcer enforces the policy for +all users in the container as well as any child containers. For example, if the Helpdesk and +Managers OUs are children of the Info Tech OU, then any policy assigned to the Info Tech OU also +applies to the two child OUs. If this behavior is not desired, then you can assign a different +policy to a child OU. + +NOTE: Different assignment types can be used for a single policy. For example, you may assign users +to a policy by both OU and group at the same time. + +1. Click **+Add Container** to add groups for the policy assignment. +2. On the Add Container (s) dialog box, click **+** to expand the Entire Directory. +3. Select the check box before the domain name to select the entire directory or select desired + containers you You can remove a containervfrom the list by clicking the cross (x) icon next to + its name. + +Step 9 – Click **Update**. + +## Policy Assignment Conflicts + +A policy assignment conflict occurs when more than one policy is assigned to a user. Password Policy +Enforcer can resolve these conflicts and choose one policy for each user. + +Password Policy Enforcer first tries to resolve a policy assignment conflict by examining the +assignment type. Assignments by user take precedence over assignments by group, which in turn take +precedence over assignments by container. For example, if Policy A is assigned to a user by group, +and Policy B is assigned to the same user by container, then Password Policy Enforcer enforces +Policy A because assignments by group take precedence over assignments by container. + +If all the policies are assigned to the user by container, then Password Policy Enforcer enforces +the policy that is assigned to the nearest parent container. For example, if Policy A is assigned to +the Users OU, and Policy B is assigned to the Users\Students OU, then Password Policy Enforcer +enforces Policy B for all users in the Users\Students and Users\Students\Science OUs because it is +the policy assigned to the nearest parent container. + +If a policy assignment conflict still exists, then Password Policy Enforcer checks the priority of +each remaining policy, and enforces the policy with the highest priority. See the Manage Policies +topic for a diagrammatic representation of this algorithm. + +Click **Test Policy** and expand the **View log** to see which policy Password Policy Enforcer +enforces for a particular user. diff --git a/docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/prefixes.md b/docs/directorymanager/11.1/signin/identitystore/configure/prefixes.md similarity index 92% rename from docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/prefixes.md rename to docs/directorymanager/11.1/signin/identitystore/configure/prefixes.md index d9ed8e6b89..ccfde26ac5 100644 --- a/docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/prefixes.md +++ b/docs/directorymanager/11.1/signin/identitystore/configure/prefixes.md @@ -1,3 +1,9 @@ +--- +title: "Group Name Prefixes" +description: "Group Name Prefixes" +sidebar_position: 80 +--- + # Group Name Prefixes You can standardize group names in the directory by defining prefixes. When users create groups @@ -36,7 +42,7 @@ Consider the following: and cannot be changed or removed later. A group naming policy defined in Microsoft Entra Admin Center has no impact in Directory Manager. -For details, see the [Group Naming Policy](/docs/directorymanager/11.1/admincenter/identitystore/advsentraid.md#group-naming-policy) topic. +For details, see the [Group Naming Policy](/docs/directorymanager/11.1/signin/identitystore/advsentraid.md#group-naming-policy) topic. What do you want to do? @@ -86,5 +92,5 @@ Delete a Prefix **See Also** -- [Security Roles](/docs/directorymanager/11.1/admincenter/securityrole/overview.md) -- [Security Role Policies](/docs/directorymanager/11.1/admincenter/securityrole/policy/overview.md) +- [Security Roles](/docs/directorymanager/11.1/signin/securityrole/overview.md) +- [Security Role Policies](/docs/directorymanager/11.1/signin/securityrole/policy/overview.md) diff --git a/docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/profilevalidation.md b/docs/directorymanager/11.1/signin/identitystore/configure/profilevalidation.md similarity index 96% rename from docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/profilevalidation.md rename to docs/directorymanager/11.1/signin/identitystore/configure/profilevalidation.md index b16bad9e51..8736ae69da 100644 --- a/docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/profilevalidation.md +++ b/docs/directorymanager/11.1/signin/identitystore/configure/profilevalidation.md @@ -1,3 +1,9 @@ +--- +title: "Configure User Profile Validation" +description: "Configure User Profile Validation" +sidebar_position: 110 +--- + # Configure User Profile Validation The profile validation process in Directory Manager is designed to ensure the accuracy of users’ @@ -14,7 +20,7 @@ applies. By default, a few attributes (fields) are available in the Directory Manager portal for profile validation. You can add and remove fields as required. See the -[Manage Property Validation Attributes](/docs/directorymanager/11.1/admincenter/portal/design/propertyvalidation.md) topic. +[Manage Property Validation Attributes](/docs/directorymanager/11.1/signin/applications/portal/displaytype/propertyvalidation.md) topic. ## What can Users do While Validating their Profiles? @@ -43,7 +49,7 @@ When performing profile validation, a user can: rejects it, the direct report remains with the manager. For workflows in an identity store, see the -[System Workflows](/docs/directorymanager/11.1/admincenter/workflow/overview.md#system-workflows) topic. +[System Workflows](/docs/directorymanager/11.1/signin/workflow/overview.md#system-workflows) topic. ## What Happens When Users do not Validate their Profiles? @@ -61,7 +67,7 @@ Accounts Expired due to Non-Profile Validation topic. ## The User Life Cycle Schedule -The [User Life Cycle Schedule](/docs/directorymanager/11.1/admincenter/schedule/userlifecycle.md) monitors the profile validation +The [User Life Cycle Schedule](/docs/directorymanager/11.1/signin/schedule/userlifecycle.md) monitors the profile validation function in Directory Manager. It: - Monitors the profile validation dates for users. @@ -198,7 +204,7 @@ You can change the number of reminders to be sent along with their _Before # of User Life Cycle schedule sends reminder notifications to users according to the specified settings. For email notifications, an SMTP Server must be configured for the identity store. See the an -[Configure an SMTP Server](/docs/directorymanager/11.1/admincenter/identitystore/configure/smtpserver.md) topic. +[Configure an SMTP Server](/docs/directorymanager/11.1/signin/identitystore/configure/smtpserver.md) topic. **To set a new reminder:** diff --git a/docs/directorymanager/11.1/admincenter/identitystore/configure/security/secondwayauthentication.md b/docs/directorymanager/11.1/signin/identitystore/configure/secondwayauthentication.md similarity index 92% rename from docs/directorymanager/11.1/admincenter/identitystore/configure/security/secondwayauthentication.md rename to docs/directorymanager/11.1/signin/identitystore/configure/secondwayauthentication.md index 79a68bd401..77931288de 100644 --- a/docs/directorymanager/11.1/admincenter/identitystore/configure/security/secondwayauthentication.md +++ b/docs/directorymanager/11.1/signin/identitystore/configure/secondwayauthentication.md @@ -1,3 +1,9 @@ +--- +title: "Second Way Authentication - SWA" +description: "Second Way Authentication - SWA" +sidebar_position: 150 +--- + # Second Way Authentication - SWA You can configure second way Authentication (SWA) to allow unenrolled users to access the following @@ -89,7 +95,7 @@ it, you must enable one or more authentication types. NOTE: If an SMTP server is not defined for the identity store, **Configure Now** is displayed in place of the toggle button. Click it to go to the **Notifications** page for configuring an SMTP - server. See the [Configure an SMTP Server](/docs/directorymanager/11.1/admincenter/identitystore/configure/smtpserver.md) topic. + server. See the [Configure an SMTP Server](/docs/directorymanager/11.1/signin/identitystore/configure/smtpserver.md) topic. 5. In the **Email Attribute** drop-down list, select an attribute that stores email addresses in the directory. @@ -119,6 +125,6 @@ type(s) they want to use for authentication. **See Also** -- [Authentication Policy](/docs/directorymanager/11.1/admincenter/identitystore/configure/authpolicy.md) -- [Configure an SMTP Server](/docs/directorymanager/11.1/admincenter/identitystore/configure/smtpserver.md) -- [SMS Gateway](/docs/directorymanager/11.1/admincenter/smsgateway/overview.md) +- [Authentication Policy](/docs/directorymanager/11.1/signin/authpolicy/authpolicy.md) +- [Configure an SMTP Server](/docs/directorymanager/11.1/signin/identitystore/configure/smtpserver.md) +- [SMS Gateway](/docs/directorymanager/11.1/signin/smsgateway/overview.md) diff --git a/docs/directorymanager/11.1/signin/identitystore/configure/securityquestions.md b/docs/directorymanager/11.1/signin/identitystore/configure/securityquestions.md new file mode 100644 index 0000000000..9f6430b56b --- /dev/null +++ b/docs/directorymanager/11.1/signin/identitystore/configure/securityquestions.md @@ -0,0 +1,60 @@ +--- +title: "Manage the Local Question Pool" +description: "Manage the Local Question Pool" +sidebar_position: 130 +--- + +# Manage the Local Question Pool + +When you create a new identity store, four questions from the global question pool are added to the +identity store’s local pool by default. A local pool is maintained individually by each identity +store. You can modify a local pool by (a) adding questions from the global question pool, (b) adding +questions of your choice (questions that are not in the global pool), and (c) by removing questions +from it. + +To enroll using security questions, identity store users must select a certain number of questions +from the local pool and provide answers. + +What do you want to do? + +- Add a Question to the Local Pool from the Global Pool +- Add a Question of your Choice to the Local Pool +- Remove a Question from the Local Pool + +## Add a Question to the Local Pool from the Global Pool + +1. In Admin Center, click **Identity Stores** in the left pane. +2. On the **Identity Stores** page, click the ellipsis button for an identity store and select + **Edit**. +3. Click **Configurations** under **Settings** in the left pane. Then click **Security Questions**. +4. On the **Security Questions** page, click in the box at the top and select a security question + from the list of global security questions. You can also type a search string to filter the + questions containing the string. After selecting a question, click **Add**. The question is added + to the **Questions** list. +5. Click **Save**. + +## Add a Question of your Choice to the Local Pool + +1. In Admin Center, click **Identity Stores** in the left pane. +2. On the **Identity Stores** page, click the ellipsis button for an identity store and select + **Edit**. +3. Click **Configurations** under **Settings** in the left pane. Then click **Security Questions**. +4. On the **Security Questions** page, click in the box at the top and type a security question. + Then click **Add**. The question is added to the **Questions** list. +5. Click **Save**. + +## Remove a Question from the Local Pool + +1. In Admin Center, click **Identity Stores** in the left pane. +2. On the **Identity Stores** page, click the ellipsis button for an identity store and select + **Edit**. +3. Click **Configurations** under **Settings** in the left pane. Then click **Security Questions**. +4. On the **Security Questions** page, click **Remove** for a security question to remove it from + the local pool. To remove all questions, click **Remove All**. +5. Click **Save**. + Deleting a question does not impact the users currently enrolled with the question. + +**See Also** + +- [Manage the Global Question Pool ](/docs/directorymanager/11.1/signin/concepts/globalpool.md) +- [Set up Authentication via Security Questions](/docs/directorymanager/11.1/signin/authpolicy/setupauth/securityquestions.md) diff --git a/docs/directorymanager/11.1/admincenter/identitystore/configure/security/smsauthentication.md b/docs/directorymanager/11.1/signin/identitystore/configure/smsauthentication.md similarity index 83% rename from docs/directorymanager/11.1/admincenter/identitystore/configure/security/smsauthentication.md rename to docs/directorymanager/11.1/signin/identitystore/configure/smsauthentication.md index 3c0bfa34c0..505b216d5e 100644 --- a/docs/directorymanager/11.1/admincenter/identitystore/configure/security/smsauthentication.md +++ b/docs/directorymanager/11.1/signin/identitystore/configure/smsauthentication.md @@ -1,10 +1,16 @@ +--- +title: "SMS Authentication" +description: "SMS Authentication" +sidebar_position: 140 +--- + # SMS Authentication To enable users to enroll and authenticate their identity store accounts using SMS, you must make sure that an SMS gateway account is linked with the identity store. Using this gateway account, Directory Manager sends confirmation codes to the users' mobile phone numbers for verification. -See the [Manage SMS Gateway Accounts](/docs/directorymanager/11.1/admincenter/smsgateway/manage.md) topic for creating and managing +See the [Manage SMS Gateway Accounts](/docs/directorymanager/11.1/signin/smsgateway/manage.md) topic for creating and managing SMS gateway accounts. What do you want to do? @@ -18,7 +24,7 @@ What do you want to do? The SMS authentication type must be enabled for an identity store before users can use it for second factor authentication and multi-factor authentication. -To enable it, see the [Enable Authentication Types](/docs/directorymanager/11.1/admincenter/identitystore/configure/authtypes.md) topic. +To enable it, see the [Enable Authentication Types](/docs/directorymanager/11.1/signin/identitystore/configure/authtypes.md) topic. ## Link an SMS Gateway Account to an Identity Store @@ -39,7 +45,7 @@ To enable it, see the [Enable Authentication Types](/docs/directorymanager/11.1/ ## Enforce SMS Authentication for a Security Role To enforce an authentication type, see the -[Authentication Policy for Security Roles](/docs/directorymanager/11.1/admincenter/securityrole/policy/authentication.md) topic. +[Authentication Policy for Security Roles](/docs/directorymanager/11.1/signin/securityrole/policy/authentication.md) topic. Role members must use an enforced authentication type for multifactor authentication. When an authentication type is enabled but not enforced, role members can choose to use it for enrollment @@ -47,5 +53,5 @@ and authentication. **See Also** -- [Authentication Policy](/docs/directorymanager/11.1/admincenter/identitystore/configure/authpolicy.md) -- [Manage SMS Gateway Accounts](/docs/directorymanager/11.1/admincenter/smsgateway/manage.md) +- [Authentication Policy](/docs/directorymanager/11.1/signin/authpolicy/authpolicy.md) +- [Manage SMS Gateway Accounts](/docs/directorymanager/11.1/signin/smsgateway/manage.md) diff --git a/docs/directorymanager/11.1/admincenter/identitystore/configure/smtpserver.md b/docs/directorymanager/11.1/signin/identitystore/configure/smtpserver.md similarity index 94% rename from docs/directorymanager/11.1/admincenter/identitystore/configure/smtpserver.md rename to docs/directorymanager/11.1/signin/identitystore/configure/smtpserver.md index de6aed4f9e..a8cc4abfb7 100644 --- a/docs/directorymanager/11.1/admincenter/identitystore/configure/smtpserver.md +++ b/docs/directorymanager/11.1/signin/identitystore/configure/smtpserver.md @@ -1,3 +1,9 @@ +--- +title: "Configure an SMTP Server" +description: "Configure an SMTP Server" +sidebar_position: 10 +--- + # Configure an SMTP Server An identity store requires an SMTP server for sending email notifications. It can be an Exchange @@ -140,7 +146,7 @@ the **Also Notify** area, select the required check boxes. from the membership of a group. - Public group owner for membership – To send email notifications to the primary and additional owners of a public group on membership change. See the - [Group Security Types](/docs/directorymanager/11.1/admincenter/general/concepts.md#group-security-types) topic. + [Group Security Types](/docs/directorymanager/11.1/signin/concepts/concepts.md#group-security-types) topic. Step 6 – Click **Save** on the **Notifications** page. @@ -186,7 +192,7 @@ Membership lifecycle notifications are triggered on the following events: or removes him or her from group membership. - Users are also notified when they are temporarily added or removed from group membership according to membership lifecycle policies. See the - [Manage Membership Life Cycle Policies](/docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/membershiplifecycle.md) topic. + [Manage Membership Life Cycle Policies](/docs/directorymanager/11.1/signin/identitystore/configure/membershiplifecycle.md) topic. You can choose to send notification when users are temporarily added to groups, removed from groups, or on both events. @@ -212,7 +218,7 @@ Step 4 – In the Membership Lifecycle Notifications section, select your desire group membership by the Membership Life Cycle schedule. This setting also applies to users who have been marked for removal from group membership in the group attestation process. (See the **Specify member inactive period** setting in the - [Enable Group Attestation](directoryservice/grouplifecycle.md#enable-group-attestation) topic. + [Enable Group Attestation](/docs/directorymanager/11.1/signin/identitystore/configure/grouplifecycle.md#enable-group-attestation) topic. Step 5 – Click **Save** on the **Notifications** page. @@ -255,6 +261,6 @@ Step 5 – Click **Save** on the Notifications page. **See Also** -- [Notifications](/docs/directorymanager/11.1/admincenter/notification/overview.md) -- [Membership Life Cycle Schedule](/docs/directorymanager/11.1/admincenter/schedule/membershiplifecycle.md) -- [Managed By Life Cycle Schedule](/docs/directorymanager/11.1/admincenter/schedule/managedbylifecycle.md) +- [Notifications](/docs/directorymanager/11.1/signin/notification/overview.md) +- [Membership Life Cycle Schedule](/docs/directorymanager/11.1/signin/schedule/membershiplifecycle.md) +- [Managed By Life Cycle Schedule](/docs/directorymanager/11.1/signin/schedule/managedbylifecycle.md) diff --git a/docs/directorymanager/11.1/signin/identitystore/create.md b/docs/directorymanager/11.1/signin/identitystore/create.md new file mode 100644 index 0000000000..08c76e725c --- /dev/null +++ b/docs/directorymanager/11.1/signin/identitystore/create.md @@ -0,0 +1,210 @@ +--- +title: "Create an Identity Store" +description: "Create an Identity Store" +sidebar_position: 10 +--- + +# Create an Identity Store + +To perform group and identity management operations in an identity provider using Directory Manager, +the first step is to create an identity store for that provider. + +You can create identity stores for the following providers: + +- Active Directory +- Microsoft Entra ID +- Generic LDAP +- Google Workspace + +To create an identity store, you have to specify an identity provider and its connection details. + +After creating an identity store, you must configure certain settings for it. These configurations +are discussed in the [Configure an Identity Store](/docs/directorymanager/11.1/signin/identitystore/configure/configure.md) topic. + +## Create an Identity Store for Active Directory + +Follow the steps to create an identity store for Active Directory. + +Step 1 – In Admin Center, click **Identity Stores** in the left pane. + +Step 2 – On the Identity Stores page, click **Create Identity Store** in the top right corner. + +Step 3 – On the Create Identity Store page, use the Store Type drop-down list to select an identity +provider to create an identity store for. +This list displays the supported providers. By default, Active Directory is selected. Fields on this +page vary, depending on the provider you select. + +Step 4 – Enter a name for the identity store in the Name box. + +Step 5 – In the Domain Name box, enter the fully qualified name of the Active Directory domain you +want to create the identity store for. + +Step 6 – In theService Accout box, enter the username of a service account or a group managed +service account (gMSA) to connect to Active Directory. + +- For a service account – The service account must have sufficient privileges on the provider to + facilitate group and identity management operations using Directory Manager. The minimum + permissions the service account requires for Active Directory are discussed in the + [Service Account for Active Directory and Exchange](/docs/directorymanager/11.1/requirements/permissions/adserviceaccount.md) + topic. +- For a gMSA – If you provide a service account with + ‘$’ as its last character (as in MyAdminAccounts$), Directory Manager entertains it as a Group + Managed Service Account (gMSA). To use a gMSA to connect an identity store to Active Directory, + make sure the gMSA is configured properly and has sufficient permissions. See the + [gMSA for Active Directory](/docs/directorymanager/11.1/requirements/permissions/gmsarequirements.md) topic. + +Step 7 – In the **Service Account Password** box, enter the service account password. +Skip this box for a gMSA. + +Step 8 – Select the **SSL Enabled** check box if the directory server is LDAP over SSL enabled. + +NOTE: Directory Manager 11 supports LDAPS; however, the Replication Service will still connect to +the domain controller via the LDAP 389 port. Hence, both LDAP and LDAPS protocols must be enabled on +the domain controller. + +Step 9 – Click **Create Identity Store**. The **Replicate Identity Store** message is displayed. +Select: + +- Later – replicates all the objects to Elasticsearch at the next due replication time as per the + replication settings. +- Replicate Now – replicates all the objects to Elasticsearch now. + +The identity store is available on the Identity Stores page. You can specify different +configurations for it. + +## Create an Identity Store for Microsoft Entra ID + +In Admin Center, click **Identity Stores** in the left pane. + +Step 1 – On the Identity Stores page, click **Create Identity Store** in the top right corner. + +Step 2 – On the Identity Stores page, use the Store Type drop-down list to select an identity +provider to create an identity store for. +This list displays the supported providers. Select _Microsoft Azure_. + +Step 3 – Enter a name for the identity store in the Name box. + +Step 4 – From the Cloud drop-down list, select the cloud where your Microsoft Entra ID tenant +exists. + +Step 5 – In the Domain Name box, enter the fully qualified name of the Microsoft Entra ID domain you +want to create the identity store for. + +Step 6 – Specify the path to the .pfx certificate in the PFX Certificate box. For that, click +**Choose File** and browse for the file. Select it and click **Open**. +As a prerequisite, the .pfx certificate must be generated on the Directory Manager machine. See the +[Certificate for Entra ID Authentication ](/docs/directorymanager/11.1/configureentraid/register/modauth.md)topic for +information on generating a certificate and then converting it into the .pfx format. + +Step 7 – In the PFX Certificate Password box, enter the password that was created while exporting +the .pfx certificate. + +Step 8 – In the Registered Application ID on Azure Active Directory box, enter the application ID +assigned to the Directory Manager application when you registered it in Microsoft Entra Admin +Center. + +Step 9 – In the **Registered Client Secret on EntraID** box, provide the client secret value +generated against the certificate uploaded to Microsoft Entra Admin Center while registering the +Directory Manager application. + +Step 10 – If you bind a custom domain with your Microsoft Entra ID tenant and create an identity +store for Microsoft Entra ID using the credentials of that custom domain, then you must provide the +name of the primary domain in the **Primary Domain Name** box, so that the _write_ operations are +not affected. + +Step 11 – Click **Create Identity Store**. The Replicate Identity Store message is displayed. +Select: + +- Later – replicates all the objects to Elasticsearch at the next due replication time as per the + replication settings. +- Replicate Now – replicates all the objects to Elasticsearch now. + +The identity store is available on the Identify Stores page. You can specify different +configurations for it. + +NOTE: Microsoft’s throttling policy restricts an application (such as Directory Manager) to create a +maximum of 3 concurrent sessions with Microsoft Entra ID. With this in view, Directory Manager +allows only one active session at any given time, which is used by Data service and Replication +service. + +## Create an Identity Store for Generic LDAP + +Create a Generic LDAP identity store to connect to any LDAP version 3-compliant directory server, +such as Sun ONE directory server. This provider does not support dynamic schema detection. The +schema included for this provider mostly contains commonly used fields. + +Follow the steps to create an identity store + +Step 1 – In Admin Center, click **Identity Stores** in the left pane. + +Step 2 – On the **Identity Stores** page, click **Create Identity Store** in the top right corner. + +Step 3 – On the **Create Identity Store** page, use the **Store Type** drop-down list to select an +identity provider to create an identity store for. +This list displays the supported providers. Select _Generic LDAP_. + +Step 4 – Enter a name for the identity store in the **Name** box. + +Step 5 – In the **Hostname** box, enter the fully qualified domain name or IP address of the machine +that hosts the generic LDAP server. + +Step 6 – In the **Port Number** box, enter the port on which LDAP is running. This port is used to +communicate with the host machine. + +Step 7 – In the **Domain Name** box, enter the fully qualified name of the domain you want to create +the identity store for. + +Step 8 – In the **Service Account** box, enter the fully qualified username of a service account +(for example, CN=Admin,CN=Users,DC=Imanami,DC=COM) to connect to _Generic LDAP_. The service account +must have sufficient privileges on the provider to facilitate group and identity management +operations using Directory Manager. + +Step 9 – In the **Service Account Password** box, enter the service account password. + +Step 10 – Click **Create Identity Store**. The **Replicate Identity Store** message is displayed. +Select: + +- Later – replicates all the objects to Elasticsearch at the next due replication time as per the + replication settings. +- Replicate Now – replicates all the objects to Elasticsearch now. + +The identity store is available on the Identity Stores page. You can specify different +configurations for it. + +## Create an Identity Store for Google Workspace + +Step 1 – In Admin Center, click **Identity Stores** in the left pane. + +Step 2 – On the Identify Stores page, click **Create Identity Store** in the top right corner. + +Step 3 – On the Create Identity Store page, use the Store Type drop-down list to select an identity +provider to create an identity store for. +This list displays the supported providers. Select _Google Workspace_. + +Step 4 – Enter a name for the identity store in the **Name** box. + +Step 5 – In the Service Account box, enter the service account name assigned to you when you created +your Google Workspace account. + +Step 6 – In the Admin Username box, enter the username of an authorized user account to connect to +the provider. +The account must have the _Super Admin_ role in Google Workspace to facilitate group and identity +management operations using Directory Manager. + +Step 7 – In theAPI Keybox, enter the API key generated for your account in Google Workspace. +To generate the key, see +[Create access credentials](https://developers.google.com/workspace/guides/create-credentials). + +Step 8 – Specify the path to the p12 key file in the P12 Certificatebox. For that, click **Choose +File** and browse for the file. Select it and click **Open**. +As a prerequisite, the p12 key file for your account must be generated in Google Cloud Console and +downloaded to a machine. + +Step 9 – Click **Create Identity Store**. The Replicate Identity Store message is displayed. Select: + +- Later – replicates all the objects to Elasticsearch at the next due replication time as per the + replication settings. +- Replicate Now – replicates all the objects to Elasticsearch now. + +The identity store is available on the Identity Stores page. You can specify different +configurations for it. diff --git a/docs/directorymanager/11.1/signin/identitystore/link/_category_.json b/docs/directorymanager/11.1/signin/identitystore/link/_category_.json new file mode 100644 index 0000000000..c4a5458ee7 --- /dev/null +++ b/docs/directorymanager/11.1/signin/identitystore/link/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Link Identity Stores", + "position": 60, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/directorymanager/11.1/signin/identitystore/link/manage.md b/docs/directorymanager/11.1/signin/identitystore/link/manage.md new file mode 100644 index 0000000000..f095152a43 --- /dev/null +++ b/docs/directorymanager/11.1/signin/identitystore/link/manage.md @@ -0,0 +1,234 @@ +--- +title: "Manage Identity Store Links" +description: "Manage Identity Store Links" +sidebar_position: 10 +--- + +# Manage Identity Store Links + +You can link identity stores built on the supported identity providers in Directory Manager. In this +way, identical user and group objects existing in multiple identity stores (domains) can be linked +together and auto synced. Directory Manager further enables you to manage these linked identity +stores. + +What do you want to do? + +- Link Two Identity Stores +- View the Identity Store Links +- Edit a Link +- Disable or Enable a Link +- Delete a Link + +## Link Two Identity Stores + +1. In Admin Center, click **Identity Stores** in the left pane. +2. On the **Identity Stores** page, click **Link Identity Stores Now** in the **Identity Store + Links** area. In case a link already exists, the **Create Identity Store Link** button is + available. +3. On the **Link Identity Stores** page, click **Add**. The **Add Identity Stores** dialog box lists + all the Active Directory and Microsoft Entra ID identity stores created in Directory Manager. +4. Select two identity stores and click **Add 2 Stores**. The selected identity stores are displayed + on the **Link Identity Stores** page. +5. Next, you have to specify the attributes for linking user and group objects in the identity + stores. Separate filter expressions for user and group objects have to be created for this + purpose. + + - To create a filter expression for linking user objects, click **Users**. + - To create a filter expression for linking group objects, click **Groups**. + + The **Add Filter for Users** or **Add Filter for Groups** pane is displayed. + +6. For mapping, follow these steps: + + 1. Click **Add Filter** to create a filter expression to map objects. + + - The first list displays schema attributes from the first identity store. + - Next you have one condition, i.e., _Is Exactly_. + - The third list displays schema attributes from the second identity store. + + Select a schema attribute from the first and third lists to map them. Users with identical + values for both attributes in the respective identity stores will be linked. + + 2. (Optional) You can add more clauses to enhance the filter. These clauses must be joined by a + logical ‘and’ or ‘or’. + - Click **Add More Filters**. + - Select a schema attribute from the first and third lists to map them, with _Is Exactly_ as + the condition. + - Select two clauses and then group them by inserting a logical ‘and’ or ‘or’. + To select a clause, click the down arrow next to it and choose **Select row**. On + selecting the second clause, _AND_ and _OR_ are displayed. Select an option to group the + clauses. + You can add as many clauses as required. Moreover, you can group and regroup clauses. + Users that satisfy the filter expression will be linked. + 3. On clicking the operator, a menu is displayed with the following options: + + - **Select Group / Deselect Group:** This option is not relevant when there is only one + group containing multiple clauses. It is relevant when you have two or more groups. Click + it to select the respective group. Then select another group to bind them with a logical + AND/OR. + - **Ungroup:** Removes the logical AND/OR to ungroup the clauses in the filter expression. + In case the operator binds two groups, this option removes the operator to ungroup them. + - **Change to AND/OR**: Changes the logical AND to OR and vice versa. + - **Add Clause:** Adds a new clause to the filter. + - **Delete:** Deletes the operator along with all the clauses that the operator joins. + + 4. Notice the two buttons: **Clear** and **Preview**, at the top of the filter expression. + + - **Clear:** Clears the entire filter expression, thereby deleting all attribute mappings. + - **Preview:** Launches the **Preview Results** dialog box, where you can view identical + user objects in the identity stores, based on the filter expression. + On the **Preview Results** dialog box, enter the name of an object (user or group) in the + first box, select an identity store, and click **Preview**. + + - For an Active Directory identity store, Directory Manager looks up the values of the + name, sAMAccountName, objectGUID, and distinguishedName attributes to match the string + using the _Is exactly_ operator. + - For a Microsoft Entra ID identity store, Directory Managerlooks up the values of the + userPrinicipalName, ObjectGUID, distinguishedName, and name (which is equivalent to + display name) attributes to match the string using the _Is exactly_ operator. + Note that Microsoft Entra ID does not contain the distinguishedName attribute; however + it is available as a pseudo attribute in Directory Manager and its value is the same + as that of the distinguishedName attribute in Active Directory. + + The **Preview Results** dialog box displays the user object found in the selected + identity store on the basis of the search string. Next to it, one of the following is + displayed: + + - The user object identical to it in the other identity store. This is fetched on the + basis of the mapped attributes. The display name and distinguished name of the user + are displayed in both identity stores. + - If no identical object is found, nothing is displayed next to the user. + - If multiple identities of a user are found in the other identity store, then a + **Multiple Objects** link is displayed. Click it to open a popup that lists all + identical objects for the user found in the other identity store. + + If, on the **Preview Results** dialog box, you do not enter a user name but simply + select an identity store and click **Preview**, all user objects from the selected + identity store are displayed along with their linked identities in the other identity + store. If the process takes too long, you can click the orange button at the bottom to + terminate the process. + + 5. Click **Add Filter for Users** in the bottom right corner of the **Add Filter for Users** or + **Add Filter for Groups** pane. + + NOTE: If you have added multiple clauses but do not group them using the AND/OR operator, + Directory Manager auto groups them using AND. Similarly, if you add two groups of clauses + but do not group them using the AND/OR operator, Directory Manager auto groups them using + AND. + + The filter is added and displayed on the **Link Identity Stores** page. + You can specify one filter expression for the user object and one filter expression for the + group object. + + 6. Click **Add Filter Scope** to specify a container for linked identities Directory Manager to + link and sync later on when they are updated. New objects are also created in this container. + +7. Click **Create Link** to save the link. + + NOTE: An identity store link is effective when the two identity stores linked together are also + associated with a Directory Manager portal, say Portal A. If a portal does not exist with both + identity store associated with it, a message is displayed to alert you to it. + + The link is displayed on the **Identity Stores** page. + +## View the Identity Store Links + +All identity store links created in Directory Manager are displayed under **Identity Store Links** +on the **Identity Stores**page. + +**To view the links:** + +1. In Admin Center, click **Identity Stores** in the left pane. + On the **Identity Stores** page, each card under **Identity Store Links** represents a distinct + link between two identity stores. The following information is displayed for a link: + + - The names of the two linked identity stores and the identity providers they have been created + on. + - The object types that are linked, i.e., user and group. + - The link status, displayed in the top right corner of the card. A link can have one of the + following statuses: + + - **Healthy** - Indicates that both the identity stores are fully functional with + replication occurring regularly. + - **Errors** - Indicates that one or both the identity stores have run into errors due to + replication or connectivity issues. Check the concerned identity store to resolve the + issue. You will notice that the card for the respective identity store also shows ‘Error’ + as status. + +2. Click the ellipsis button to launch a shortcut menu with the following options: + + - **Edit:** launches the **Link Identity Stores** page, where you can update the link. + - **Disable:** disables the link between the two identity stores. + - **Delete:** deletes the link. + +## Edit a Link + +A link between two identity stores involves (a) two identity stores (b) a filter that identifies +identical user objects in the identity stores to link them, and (c) a filter that identifies +identical group objects in the identity stores to link them. + +You can edit a link to: + +- Replace an identity store in the link +- Update the filter expression for a user or group object +- Remove the filter expression for a user or group object + +**To edit a link:** + +1. In Admin Center, click **Identity Stores** in the left pane. + On the **Identity Stores** page, each card under **Identity Store Links** represents a distinct + link between two identity stores. +2. Click the ellipsis button on a card and select **Edit**. + The **Link Identity Stores** page opens, displaying the linked identity stores and the filters. + + - **Replace an identity store** - To change the identity store(s) in the link, either click + **Edit** next to the identity stores’ names. On the **Add Identity Stores** dialog box, select + the identity stores to replace the existing ones. Then click **Add 2 Stores**. + When one or both identity stores are replaced, the filter expression is automatically removed. + You must create a new filter expression to establish a link between the identity stores. + - **Modify the filter expression for user or group object** - Click **Edit** on the filter card + for the user or group object. The **Add Filter** pane is displayed, where you can update the + filter expression. Follow step 6a-e in the Link Two Identity Stores topic to update the filter + expression. + Modifying the filter expression for the user or group object breaks the link for the + respective objects in the linked identity stores. Objects will be relinked on the basis of the + new filter expression and will be synced accordingly in the Directory Manager portal. + - **Delete a filter expression** - Click **Remove** on the filter card for a user or group + object to delete it. Deleting the filter expression for the user or group object breaks the + link for the respective objects in the linked identity stores. + + NOTE: At least one filter expression for the user object and one filter expression for the + group object must exist for the identity store link. Else changes will not be saved. + +3. After making the required changes, click **Update Link**. + +## Disable or Enable a Link + +When you disable a link between two identity stores, it becomes inactive and the objects in the +identity stores are not linked anymore in the Directory Manager portal. + +A disabled link can be enabled again to relink objects in the identity stores. + +**To disable a link:** + +1. In Admin Center, click **Identity Stores** in the left pane. + On the **Identity Stores** page, each card under **Identity Store Links** represents a distinct + link between two identity stores. +2. Click the ellipsis button on a card and select **Disable** to disable the link. + Click the ellipsis button for a disabled link and select **Enable** to reactivate it. + +## Delete a Link + +When you delete a link between two identity stores, the objects in the identity stores are not +linked anymore in the Directory Manager portal. + +**To delete a link:** + +1. In Admin Center, click **Identity Stores** in the left pane. + On the **Identity Stores** page, each card under **Identity Store Links** represents a distinct + link between two identity stores. +2. Click the ellipsis button on a card and select **Delete** to delete the link. + +**See Also** + +- [Link Identity Stores](/docs/directorymanager/11.1/signin/identitystore/link/overview.md) diff --git a/docs/directorymanager/11.1/signin/identitystore/link/overview.md b/docs/directorymanager/11.1/signin/identitystore/link/overview.md new file mode 100644 index 0000000000..42a521817e --- /dev/null +++ b/docs/directorymanager/11.1/signin/identitystore/link/overview.md @@ -0,0 +1,130 @@ +--- +title: "Link Identity Stores" +description: "Link Identity Stores" +sidebar_position: 60 +--- + +# Link Identity Stores + +You can link identity stores in Directory Manager. In this way, identical user and group objects +existing in multiple identity stores (domains) can be linked together and auto synced. + +For example, you can create a link between the following types of identity stores: + +- Two Active Directory identity stores +- An Active Directory identity store and a Microsoft Entra ID identity store +- Two Microsoft Entra ID identity stores +- An Active Directory identity store and a Google Workspace identity store + +NOTE: (1) Two identity stores built on the same domain cannot be linked. +(2) An identity store must be replicated in Directory Manager before it can be linked. + +## Linked Identity Stores and the Directory Manager Portal + +Linking, in itself, is not effective until the identity stores joined via linking are associated +with a Directory Manager portal, say Portal_A. Consider the following: + +- The administrator links IdentityStoreA and identityStoreB. +- The administrator creates a portal, Portal_A, and associates both the linked identity stores with + it. +- This enables portal users to view data from IdentityStoreA and identityStoreB at the same time, + rather than having to switch identity stores. Users can also filter data for identical objects in + both the identity stores. + Users can choose to view data for a single identity store or switch to the ‘linked’’ mode to view + data simultaneously from both the linked identity stores. + +When only IdentityStoreA or IdentityStoreB is associated with Portal_A, the linking between the two +identity stores serves no purpose. + +### Benefits of Running the Portal Under the ‘Linked’ Mode + +A portal running under the ‘linked’ mode is effectively connected to all the linked identity stores +that are associated with it. You can access objects in different identity stores in a single +instance of the portal, rather than having to log out and connect the portal to another identity +store. + +The following portal functions are impacted under the ‘linked’ mode: + +- When a user performs a search, results are fetched from all the linked identity stores. +- When an action is performed on a user or group object, it is replicated to all the identical + objects in the linked identity store(s). In this way, identical user and group objects in the + linked identity stores are auto synced. Consider the following: + + - When you create a static group, its identical static group is created in a linked identity + store. + - When you create a Smart Group, its identical group is created as a static group in a linked + identity store. + - When you create a mail-enabled group, an identical simple group is created in a linked + identity store. + - When you create a mailbox or a mail-enabled user, an identical simple user is created in a + linked identity store. + - When you delete a user or group object in an identity store, its linked object(s) are also + deleted. + - When you update the properties of a user or group object, those same properties are also + updated for its linked object(s) in the linked identity store(s). + - When you execute the query for a Smart Group to update it, its linked Smart Group(s) will not + be auto updated. + - When you upgrade a static group (say, GroupA) to a Smart Group, the linked static group(s) + (say, GroupB and GroupC) in the linked identity store(s) will not be upgraded to Smart Groups. + +- Group listings in the portal (namely All Groups, My Groups, and Deleted Groups) display the groups + from all the linked identity stores. Users can select groups from any identity store to perform an + action in bulk, such as expire them. +- User listings in the portal, such as My Direct Reports, display user objects from all the linked + identity stores. Users can select user objects from any identity store to perform an action in + bulk, such as terminate them. +- For entitlements, the portal shows Active Directory file server and SharePoint permissions from + all the linked identity stores. + +When the logged-in user exists in multiple linked identity stores, he or she can perform actions in +an identity store according to his or her role and permissions in the respective identity store. For +example, if the user is an administrator in IdentityStoreA and a standard user in IdentityStoreB, he +or she can perform administrative actions on groups in IdentityStoreA only, even though the group +listing displays all groups from both the linked identity stores. + +## How to Link Two Identity Stores + +Linking two identity stores follows a simple and straight-forward process: + +- Select the required identity stores. +- Create a filter expression to map attributes. Select a schema attribute from IdentityStoreA and + another from IdentityStoreB. This mapping establishes a link between the two identity stores. + You can also create an advanced filter expression by adding multiple clauses to the filter (where + each clause is a one-to-one mapping of attributes) and joining them with the ‘and’ or ‘or’ + operator. + You have to create a separate filter expression for user and group objects. +- When two objects have the same value for the mapped attributes in the two identity stores, + Directory Manager identifies them as identical objects, and hence links them. + +For example, to link IdentityStoreA to IdentityStoreB, select the displayName and cn attributes from +IdentityStoreA and IdentityStoreB respectively to map them. Now when an object has _Mary Jones_ as +value for the distinguishedname attribute in dentityStoreA and an object has _Mary Jones_ as value +for the cn attribute in dentityStoreB, Directory Manager identifies them as identical objects +existing in two distinct directories, and links them. + +RECOMMENDED: For mapping, always use attributes that store unique values. + +## How to Link Multiple Identity Stores + +You can link more than two identity stores; in fact, Directory Manager empowers you to link identity +stores created for Directory Manager supported providers. + +You cannot just create one link to link multiple identity stores. Rather, if you want to link three +identity stores, you will have to create two links; to link four identity stores, create three +links, and so on. Each link involves two identity stores, thereby creating a chain of linked +identity stores. + +Here is how it works: + +- Link two identity stores, IdentityStoreA and IdentityStoreB, by following the discussion in the + How to Link Two Identity Stores topic. + Directory Manager now considers this link as one entity. Let’s call it Entity1. +- Next, link IdentityStoreA or IdentityStoreB to IdentityStoreC using the same method. + This establishes a link between Entity1 and IdentityStoreC. + +In this way, you can create a chain of links between identity stores. + +**See Also** + +- [Identity Stores](/docs/directorymanager/11.1/signin/identitystore/overview.md) +- [Manage Identity Store Links](/docs/directorymanager/11.1/signin/identitystore/link/manage.md) diff --git a/docs/directorymanager/11.1/signin/identitystore/manage.md b/docs/directorymanager/11.1/signin/identitystore/manage.md new file mode 100644 index 0000000000..00d2e88556 --- /dev/null +++ b/docs/directorymanager/11.1/signin/identitystore/manage.md @@ -0,0 +1,231 @@ +--- +title: "Manage an Identity Store" +description: "Manage an Identity Store" +sidebar_position: 20 +--- + +# Manage an Identity Store + +Once you create and configure an identity store, you can perform group and identity management +operations in the identity provider using Directory Manager. + +What do you want to do? + +- View Identity Store Details +- Enable or Disable an Identity Store +- Update General Info for an Identity Store +- Exclude an Active Directory Domain from Replication +- Set DC Priority for an Active Directory Identity Store +- Delete an Identity Store + +## View Identity Store Details + +In Admin Center, click **Identity Stores** in the left pane. The **Identity Stores** page displays +the identity stores created in Directory Manager. + +The card for an identity store displays the following information: + +| Info | Description | +| ------------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Basic info | The display name of the identity store and the identity provider it is built on, such as Active Directory. | +| Identity store status | The status is displayed on the top right corner of the card. An identity store has one of the following statuses: - **Healthy:** Indicates that the identity store is fully functional. Hover the mouse over the status to view the factors used to determine health. - **Errors:** Indicates that the identity store has run into one or both of the following errors: - It cannot connect to the identity provider using the service account provided on the **Identity Store Details** page. - Data from the provider is not replicated to Elasticsearch within the required time interval. The last replication time and date is displayed at the bottom of the card. Hover the mouse over the status to view the reason for the _Errors_ status. | +| History | Indicates whether history tracking for the identity store is enabled or disabled. See the [Configure History Tracking](/docs/directorymanager/11.1/signin/identitystore/configure/historytracking.md) topic to enable or disable history tracking. | +| MFA | Indicates whether second factor authentication is enabled for security roles in the identity store. See the [Configure Second Factor Authentication](/docs/directorymanager/11.1/signin/authpolicy/sfa.md) topic. One of the following is displayed for MFA: - **Available for x/x roles:** Indicates the number of security roles that second factor authentication is enabled for, out of the total security roles in the identity store. For example, 1/3 indicates that there are 3 security roles defined for the identity store and second factor authentication is enabled for one of those roles. - **Not Available:** Indicates that second factor authentication is not enabled for any security role in the identity store. | +| Last replication date and time | The last run date and time of the Replication service. If the service does not run at the specified interval, the identity store status changes to **Errors**. | +| Ellipsis | Click it to launch a shortcut menu with the following options: - **Edit:** launches the identity store properties page, where you can manage identity store settings, workflows, security roles, replication attributes, and more. See the [Configure an Identity Store](/docs/directorymanager/11.1/signin/identitystore/configure/configure.md) topic. - **Disable:** disables the identity store. - **Replicate Objects:** runs the Replication service to replicate object data in the identity store. See the [Force Run the Replication Service (for Object Replication)](replication.md#force-run-the-replication-service-for-object-replication) topic. - **Replicate Deleted Objects:** runs the Replication service to remove those objects from Elasticsearch that have been deleted from the identity provider. See the [Force Run the Replication Service (for Deleting Objects)](replication.md#force-run-the-replication-service-for-deleting-objects) topic. - **Delete:** deletes the identity store from Directory Manager. | + +## Enable or Disable an Identity Store + +When you disable an identity store, all users logged into Directory Manager with that store are +logged out, and the identity store is unavailable for operations. + +You can disable an identity store in any of the following ways. However, a disabled identity store +can be enabled using **Method 1** only. + +**Method 1: Enable or disable an identity store** + +1. In Admin Center, click **Identity Stores** in the left pane. +2. On the **Identity Stores** page, click the ellipsis button for an identity store and select + **Enable** or **Disable**. + +**Method 2: Disable an identity store** + +1. In Admin Center, click Identity Stores in the left pane. +2. On the **Identity Stores** page, click the ellipsis button for an identity store and select + **Edit**. +3. On the **Identity Store Details** page, use the toggle button in the top right to disable the + identity store. +4. Click **Save**. + +## Update General Info for an Identity Store + +You can change the display name for an identity store, add a description for it, change the service +account credentials to connect to the identity provider, and update any other information you +provided while creating it. + +**To update the info:** + +1. In Admin Center, click **Identity Stores** in the left pane. +2. On the **Identity Stores** page, click the ellipsis button for an identity store and select + **Edit**. +3. On the **Identity Store Details** page, update the required information on the **General** tab. + This page differs by provider. Refer to the steps for creating the respective provider in the + [Create an Identity Store](/docs/directorymanager/11.1/signin/identitystore/create.md) topic for more information. +4. Click **Save**. + +## Exclude an Active Directory Domain from Replication + +By default, Directory Manager replicates the domain specified for the identity store and its child +domains. You can exclude a domain or a child domain from replication, in which case the Replication +service will not replicate it. See the [Elasticsearch and Replication ](/docs/directorymanager/11.1/signin/replication/overview.md) +topic. + +You can still create and manage objects in an excluded domain using Directory Manager. + +**To exclude a domain:** + +1. In Admin Center, click **Identity Stores** in the left pane. +2. On the **Identity Stores** page, click the ellipsis button for an identity store and select + **Edit**. +3. On the **Identity Store Details** page, click the **Connection** tab. +4. In the **Excluded Domains** areas, select the check boxes for the domains you want to exclude + from replication. + To select all domains, select the check box in the header area. +5. Click **Save**. + +## Set DC Priority for an Active Directory Identity Store + +You can select a domain controller in an Active Directory domain to work with Directory Manager. +Data service and Replication service will connect to this domain controller to perform their +respective operations in the domain. In this way, you can ensure that the selected domain controller +is always available with minimum downtime. + +To understand how the DC priority function works, let’s assume the following: + +- gene.local is your parent domain with two child domains. +- You have four domain controllers in the parent domain: DC_N, DC_S, DC_E, and DC_W. +- You also have two domain controllers in each of the two child domains. + +You can set a separate DC priority list for the parent domain and each of the child domains. + +To create a DC priority list for a domain, list the domain controllers in the order of priority. +Let’s say you set priority for the parent domain as: + +Priority 1:     DC_E +Priority 2:    DC_S +DC_N and DC_W are not included in your priority list. + +When the Data service restarts for reasons such as IIS restart, it does the following: + +- The Data service attempts to connect to the first domain controller in the priority list, i.e., + DC_E. +- If DC_E is not available, the Data service attempts to connect to the second domain controller in + the priority list, i.e., DC_S. +- If DC_S is not available either, the Data service will resort to the normal lookup process. + +Normal lookup process for Data service + +Data service makes a connection with a domain controller through the System.DirectoryServices API. +It sends a request to the API, which, in turn, connects to any domain controller in the domain. In +this way, Data Service communicates with the domain controller to perform the required function. + +System.DirectoryServices does not evaluate the domain controller in the DC priority list for +creating a connection. Hence, in the above example, the API will connect to DC_N or DC_W. + +“Server Not Operational” error + +When Data service connects to a domain controller (say DC_E), it caches the domain logon information +and uses it to create all subsequent sessions with the domain controller. Hence it does not iterate +on the DC priority list every time it has to create a session. + +In case DC_E is down, the ‘Server Not Operational” error will be displayed in Directory Manager. It +indicates that Data service has lost connection with the domain and needs to re-establish a +connection. + +To resolve the error, restart IIS. In this way, Data service will make a connection again using the +process discussed above. It will connect to a different domain controller and cache the domain logon +information (and continue to make a session with this domain controller unless Data service is +restarted). + +DC priority and Replication + +Every time the Replication service is triggered, it consults the DC priority list to connect to a +domain controller for replication. If it is unable to connect to any domain controller in the +priority list, it reverts to the normal lookup process to connect to a domain controller in the +domain. + +In a nutshell + +- If DC priority is defined for a domain, Data service and Replication service will connect to a + domain controller in the domain using the defined DC priority list. If no domain controller in the + list is available, the services will rely on the normal lookup process to connect to a domain + controller in the domain. +- If DC priority is not defined for a domain, Data service and Replication service will connect to + it using the normal lookup process. + +**To set DC priority for a domain:** + +1. In Admin Center, click **Identity Stores** in the left pane. +2. On the **Identity Stores** page, click the ellipsis button for an identity store and select + **Edit**. +3. On the **Identity Store Details** page, click the **Connection** tab. The **DC Priority** area + displays two options: + + - **Set default priority:** This tile is selected by default and indicates that no DC priority + is set for the identity store domain. As a result, Data service and Replication service will + connect to it using the normal lookup process. + - **Choose my own priority:** Select this tile to set a DC priority list for the identity store + domain and its child domains, if any. + +4. On selecting the **Choose my own priority** tile, the following fields are displayed: + + 1. **Select Domain:** This drop-down list displays the identity store domain and its child + domains, if any. Excluded domains are not listed. Select a domain to define a DC priority + list for it. + Note that each domain in the list has either _Priority set_ or _Default Priority_ displayed + next to it. + + - _Priority set:_ indicates that DC priority has been defined for the domain, even if it is + set for one DC and not for all DCs in the domain. + - _Default Priority:_ indicates that priority has not been set for any DC in the domain. + + 2. The table displays the domain controllers in the selected domain. The **DC Name** column + displays the name of the DC while the **Priority** column displays the priority assigned to + it, with ‘1’ being the highest priority. When no priority is assigned to a DC, _Not set_ is + displayed for it. + You can choose to assign priority to selected DCs in the domain. For example, if a domain has + 4 DCs, you can set priority for two and leave the rest. + + - To assign priority to a domain controller, click **Set priority** for it. The **Priority** + column displays the priority assigned to it. To revoke priority, click **Reset priority**. + - To change the priority for a DC, click in the row, hold down the left mouse button, and + drag to change its position in the list. By default, "1" is assigned as priority to the + first DC in the list, followed by '2' to the second DC in the list, and so on. + - To revoke priority for all DCs in the domain, click **Reset all to default**. With this, + _Default Priority_ is displayed next to the domain in name in the **Select Domain** + drop-down list. + +5. Click **Save**. + +NOTE: When you change the DC priority for a domain or a child domain, it takes effect instantly. +Data service reestablishes a connection with a DC based on new priority. + +## Delete an Identity Store + +You can delete an identity store with all its configurations. As a result, Directory Manager cannot +be connected to that identity store, nor can it be used in a Synchronize job. + +NOTE: You cannot delete an identity store that has been linked to another identity store. You must +first delete the link(s) before deleting the identity store. + +**To delete an identity store:** + +1. In Admin Center, click **Identity Stores** in the left pane. +2. On the **Identity Stores** page, click the ellipsis button for an identity store and select + **Delete**. + +**See Also** + +- [Identity Stores](/docs/directorymanager/11.1/signin/identitystore/overview.md) +- [Configure an Identity Store](/docs/directorymanager/11.1/signin/identitystore/configure/configure.md) +- [Replication Service](/docs/directorymanager/11.1/signin/service/replicationservice.md) diff --git a/docs/directorymanager/11.1/signin/identitystore/overview.md b/docs/directorymanager/11.1/signin/identitystore/overview.md new file mode 100644 index 0000000000..620c3b0724 --- /dev/null +++ b/docs/directorymanager/11.1/signin/identitystore/overview.md @@ -0,0 +1,43 @@ +--- +title: "Identity Stores" +description: "Identity Stores" +sidebar_position: 30 +--- + +# Identity Stores + +Directory Manager enables you to create an identity store on an identity provider and perform +different functions in that provider through the identity store. These functions include: + +- Group management tasks, such as creating groups, scheduling group updates, and expiring groups. +- User management tasks, such as creating users and mailboxes, managing users’ profiles, and + managing direct reports. +- Bulk user provisioning and deprovisioning in an identity provider, database or even a file, such + as an Excel file. +- Entitlement related tasks, such as updating the effective NTFS permissions for shared resources on + a file server. +- Reporting and analytics. + +Directory Manager supports the following identity providers for creating an identity store, to +perform identity and access management tasks: + +- Active Directory +- Microsoft Entra ID +- Generic LDAP +- Google Workspace + +Identity stores created for these providers can also be used as source and destination in +Synchronize jobs for bulk user management tasks. + +You can also link Active Directory and Microsoft Entra ID identity stores to sync identical objects +there. + +NOTE: You can define a custom identity store for non-supported identity providers in Directory +Manager. Contact Netwrix Client Services for support. + +**See Also** + +- [Create an Identity Store](/docs/directorymanager/11.1/signin/identitystore/create.md) +- [Manage an Identity Store](/docs/directorymanager/11.1/signin/identitystore/manage.md) +- [Configure an Identity Store](/docs/directorymanager/11.1/signin/identitystore/configure/configure.md) +- [Link Identity Stores](/docs/directorymanager/11.1/signin/identitystore/link/overview.md) diff --git a/docs/directorymanager/11.1/admincenter/identitystore/replication.md b/docs/directorymanager/11.1/signin/identitystore/replication.md similarity index 94% rename from docs/directorymanager/11.1/admincenter/identitystore/replication.md rename to docs/directorymanager/11.1/signin/identitystore/replication.md index 3cc6ae378c..667e8bebd9 100644 --- a/docs/directorymanager/11.1/admincenter/identitystore/replication.md +++ b/docs/directorymanager/11.1/signin/identitystore/replication.md @@ -1,3 +1,9 @@ +--- +title: "Manage Local Replication Settings" +description: "Manage Local Replication Settings" +sidebar_position: 30 +--- + # Manage Local Replication Settings You can manage the following replication settings for an identity store: @@ -41,7 +47,7 @@ and click **Save**. The attributes are added to the Attribute Name column on the NOTE: If in a Microsoft Entra ID based identity store extension attributes are added, Directory Manager Schema Replication schedule fetches the latest schema at its next run and add the newly added extension attributes to the Select Replication Attributes list. See the -[Schema Replication Schedule](/docs/directorymanager/11.1/admincenter/schedule/schemareplication.md) for additional information. +[Schema Replication Schedule](/docs/directorymanager/11.1/signin/schedule/schemareplication.md) for additional information. Select the required extension attributes from the Select Replication Attributes list and add them to the attribute to replicate list. See the Specify Object Attributes to Replicate section of the Manage Local Replication Settings topic. @@ -89,7 +95,7 @@ for an identity store to replicate object attributes to Elasticsearch. Force-starting the service has no impact on the interval set for triggering the service on the Replication page. See the -[Specify a Replication Interval for Objects](/docs/directorymanager/11.1/admincenter/replication/settings.md#specify-a-replication-interval-for-objects)topic. +[Specify a Replication Interval for Objects](/docs/directorymanager/11.1/signin/replication/settings.md#specify-a-replication-interval-for-objects)topic. You can force run the Replication service for an identity store in any of the following ways: @@ -124,7 +130,7 @@ force run the Replication service for an identity store any time to remove delet Force-starting the service has no impact on the interval set for triggering the service on the **Replication** page. See the -[Specify Interval for Deleting Tombstone Objects](/docs/directorymanager/11.1/admincenter/replication/settings.md#specify-interval-for-deleting-tombstone-objects) +[Specify Interval for Deleting Tombstone Objects](/docs/directorymanager/11.1/signin/replication/settings.md#specify-interval-for-deleting-tombstone-objects) topic. For an identity store, you can force run the Replication service (for deleting objects) in any of diff --git a/docs/directorymanager/11.1/signin/identitystore/view/_category_.json b/docs/directorymanager/11.1/signin/identitystore/view/_category_.json new file mode 100644 index 0000000000..1d04a721bb --- /dev/null +++ b/docs/directorymanager/11.1/signin/identitystore/view/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Identity Store History", + "position": 70, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "view" + } +} \ No newline at end of file diff --git a/docs/directorymanager/11.1/signin/identitystore/view/details.md b/docs/directorymanager/11.1/signin/identitystore/view/details.md new file mode 100644 index 0000000000..3167a539ee --- /dev/null +++ b/docs/directorymanager/11.1/signin/identitystore/view/details.md @@ -0,0 +1,75 @@ +--- +title: "History Item Details" +description: "History Item Details" +sidebar_position: 20 +--- + +# History Item Details + +Details of a history item are displayed on the **History Details** dialog box. If the target +attribute is single-valued, the old and new values of the attribute are shown. For multi-valued +attributes, the lists of added items and removed items are displayed. + +Information includes: + +- **Attribute Modified** - The name of the target attribute. +- **Object Name** - The name of the Directory Manager function this history item pertains to. For + example, if it pertains to a workflow, the name of the workflow is displayed here. +- **Who** - The name of the user who performed the action. +- **Where** - The name of the computer the action was performed on. +- **When** - The date and time of the action. + +The following lists are available when the target attribute is multi-valued: + +- **Added Item** - A list of values that were added to the multi-value attribute. +- **Removed Items** - A list of values that were removed from the multi-value attribute. + +The following lists are available when the target attribute is single-valued: + +- **Old Value** - The value before the action was performed. +- **New Value** - The value after the action was performed. + +## Annotate History Items + +Directory Manager enables a user to add notes to history actions that he or she performed. A note +may explain the reason for an action, such as why he or she changed the security type for a group. +Only the user who added a note can update it. Other users can view it, but they cannot edit it or +add comments. + +On the **History Details** dialog box, one of the following is available to you: + +- **The Add Note button** - When you are the user who performed the action that logged this history + item, and you haven’t added any note yet. +- **The Save Note button** - When you are the user who performed the action that logged this history + item and you have already added a note. +- **The note text** - When the user who performed the action has added a note. +- **None of the above** - When you are not the user who performed the action and the user performing + the action has not added any note. + +### Add a Note + +Notes can be added to history items logged for an identity store. Only the user (i.e., the doer of +the action) can add and update notes. + +**To add a note:** + +1. Click **Add Note** to add a note to the history item. The **Note** text box is displayed. +2. Type a note for the history item. Your note can have a maximum of 500 characters. +3. Click **Save Note**. On the **History** page, the annotated item is displayed with a **View + Note** button next to it. This helps distinguish annotated items from non-annotated items. + +### Edit a Note + +1. On the **History Details** dialog box, the **Note** box displays your note for the history item. + Make the required changes to the text. +2. Click **Save Note**. + +### Remove a Note + +On the **History Details** dialog box, the **Note** box displays your note. Remove it and click +**Save Note**. + +**See Also** + +- [Identity Store History](/docs/directorymanager/11.1/signin/identitystore/view/view.md) +- [Admin Center History](/docs/directorymanager/11.1/signin/concepts/history_1.md) diff --git a/docs/directorymanager/11.1/admincenter/identitystore/history/eventlogging.md b/docs/directorymanager/11.1/signin/identitystore/view/eventlogging.md similarity index 87% rename from docs/directorymanager/11.1/admincenter/identitystore/history/eventlogging.md rename to docs/directorymanager/11.1/signin/identitystore/view/eventlogging.md index 60c1bf13e7..464be5948a 100644 --- a/docs/directorymanager/11.1/admincenter/identitystore/history/eventlogging.md +++ b/docs/directorymanager/11.1/signin/identitystore/view/eventlogging.md @@ -1,3 +1,9 @@ +--- +title: "Event Logging" +description: "Event Logging" +sidebar_position: 10 +--- + # Event Logging Directory Manager employs Windows logging and file logging to maintain event logs for all Directory @@ -45,5 +51,5 @@ application log. **See Also** -- [Directory Manage Applications](/docs/directorymanager/11.1/admincenter/portal/applications.md) -- [Get Logs](/docs/directorymanager/11.1/admincenter/general/logs.md) +- [Directory Manage Applications](/docs/directorymanager/11.1/signin/applications/applications.md) +- [Get Logs](/docs/directorymanager/11.1/signin/concepts/logs.md) diff --git a/docs/directorymanager/11.1/admincenter/identitystore/history/view.md b/docs/directorymanager/11.1/signin/identitystore/view/view.md similarity index 94% rename from docs/directorymanager/11.1/admincenter/identitystore/history/view.md rename to docs/directorymanager/11.1/signin/identitystore/view/view.md index 7a5ba1b6ee..41a248cc1d 100644 --- a/docs/directorymanager/11.1/admincenter/identitystore/history/view.md +++ b/docs/directorymanager/11.1/signin/identitystore/view/view.md @@ -1,3 +1,9 @@ +--- +title: "Identity Store History" +description: "Identity Store History" +sidebar_position: 70 +--- + # Identity Store History In Admin Center, you can view the history data that the Directory Manager history-tracking function @@ -34,7 +40,7 @@ viewed in Admin Center. The **Identity Store History** page displays history data in a descriptive and concise manner. Items are sorted according to the date and time they were last updated, with the most recent at the top. - Click a history item to view its details. See the [History Item Details](/docs/directorymanager/11.1/admincenter/identitystore/history/details.md) topic. + Click a history item to view its details. See the [History Item Details](/docs/directorymanager/11.1/signin/identitystore/view/details.md) topic. ## Filter History Data @@ -156,6 +162,6 @@ You can export identity store history to Microsoft Excel, CSV, and XML formats. **See Also** -- [Configure History Tracking](/docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/historytracking.md) -- [History in Directory Manager](/docs/directorymanager/11.1/admincenter/history.md) -- [Event Logging](/docs/directorymanager/11.1/admincenter/identitystore/history/eventlogging.md) +- [Configure History Tracking](/docs/directorymanager/11.1/signin/identitystore/configure/historytracking.md) +- [History in Directory Manager](/docs/directorymanager/11.1/signin/concepts/history.md) +- [Event Logging](/docs/directorymanager/11.1/signin/identitystore/view/eventlogging.md) diff --git a/docs/directorymanager/11.1/signin/notification/_category_.json b/docs/directorymanager/11.1/signin/notification/_category_.json new file mode 100644 index 0000000000..363c304acb --- /dev/null +++ b/docs/directorymanager/11.1/signin/notification/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Notifications", + "position": 90, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/directorymanager/11.1/admincenter/notification/customize.md b/docs/directorymanager/11.1/signin/notification/customize.md similarity index 98% rename from docs/directorymanager/11.1/admincenter/notification/customize.md rename to docs/directorymanager/11.1/signin/notification/customize.md index c7f60fad36..06c7718278 100644 --- a/docs/directorymanager/11.1/admincenter/notification/customize.md +++ b/docs/directorymanager/11.1/signin/notification/customize.md @@ -1,9 +1,15 @@ +--- +title: "Customize Notifications" +description: "Customize Notifications" +sidebar_position: 20 +--- + # Customize Notifications Directory Manager generates a variety of notifications for different events, such as when changes are made to a group, when workflows are triggered, and when profile validation is due for users. Supported languages for notifications are listed in the -[Localization](/docs/directorymanager/11.1/gettingstarted.md#localization) topic. +[Localization](/docs/directorymanager/11.1/introduction/gettingstarted.md#localization) topic. Templates for all Directory Manager notifications are available in these languages. You can customize a notification template for the following in each of the supported languages: diff --git a/docs/directorymanager/11.1/signin/notification/overview.md b/docs/directorymanager/11.1/signin/notification/overview.md new file mode 100644 index 0000000000..4873f4f04a --- /dev/null +++ b/docs/directorymanager/11.1/signin/notification/overview.md @@ -0,0 +1,26 @@ +--- +title: "Notifications" +description: "Notifications" +sidebar_position: 90 +--- + +# Notifications + +Directory Manager generates email notifications whenever certain events are triggered. The +notifications are sent to administrators, object owners and other specified recipients. + +To enable notifications, you must define an SMTP server for an identity store. Admin Center and the +Directory Manager portal, use the SMTP server for the respective identity store to send email +notifications. + +Templates for all kinds of email notifications are predefined in Directory Manager. These are +available in different languages, enabling you to customize a notification template for any +language. + +Since notification templates are global and work for all identity stores, any customization to a +template would change that notification for all identity stores. + +Directory Manager also features an email service that maintains a queue of all notification requests +generated by different identity stores, and sends them one by one. This is especially helpful when +the SMTP server for an identity store is down, as notifications stay in the queue until they are +delivered when the SMTP server is up again. diff --git a/docs/directorymanager/11.1/admincenter/notification/queue.md b/docs/directorymanager/11.1/signin/notification/queue.md similarity index 89% rename from docs/directorymanager/11.1/admincenter/notification/queue.md rename to docs/directorymanager/11.1/signin/notification/queue.md index 7c566e434d..0d94d660cf 100644 --- a/docs/directorymanager/11.1/admincenter/notification/queue.md +++ b/docs/directorymanager/11.1/signin/notification/queue.md @@ -1,3 +1,9 @@ +--- +title: "Manage the Notification Queue" +description: "Manage the Notification Queue" +sidebar_position: 10 +--- + # Manage the Notification Queue Directory Manager maintains a queue of the email notification generated on events that occur in the @@ -13,7 +19,7 @@ notifications as well as delete notifications. Both actions are tracked in Admin Directory Manager also features a Notification Editor that lists the notification templates for all notifications that Directory Manager generates on various events. See the -[Customize Notifications](/docs/directorymanager/11.1/admincenter/notification/customize.md) topic for details. +[Customize Notifications](/docs/directorymanager/11.1/signin/notification/customize.md) topic for details. What do you want to do? @@ -61,7 +67,7 @@ In the **Categories** list on the **Filter** dialog box, select one of the follo - Click **Delete** for a notification in the **Actions** column to delete it. - Click **Refresh** to refresh the notification queue. - Click **Notification Editor** to launch the Notification Editor, where you can view and modify - notification templates. See the [Customize Notifications](/docs/directorymanager/11.1/admincenter/notification/customize.md) topic for details. + notification templates. See the [Customize Notifications](/docs/directorymanager/11.1/signin/notification/customize.md) topic for details. ## Send a Notification Urgently @@ -99,6 +105,6 @@ To delete a notification: **See Also** -- [Notifications](/docs/directorymanager/11.1/admincenter/notification/overview.md) -- [Email Service](/docs/directorymanager/11.1/admincenter/service/emailservice.md) -- [Admin Center History](/docs/directorymanager/11.1/admincenter/general/history.md) +- [Notifications](/docs/directorymanager/11.1/signin/notification/overview.md) +- [Email Service](/docs/directorymanager/11.1/signin/service/emailservice.md) +- [Admin Center History](/docs/directorymanager/11.1/signin/concepts/history_1.md) diff --git a/docs/directorymanager/11.1/signin/replication/_category_.json b/docs/directorymanager/11.1/signin/replication/_category_.json new file mode 100644 index 0000000000..49919d04c2 --- /dev/null +++ b/docs/directorymanager/11.1/signin/replication/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Elasticsearch and Replication", + "position": 130, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/directorymanager/11.1/signin/replication/overview.md b/docs/directorymanager/11.1/signin/replication/overview.md new file mode 100644 index 0000000000..366bb733f1 --- /dev/null +++ b/docs/directorymanager/11.1/signin/replication/overview.md @@ -0,0 +1,73 @@ +--- +title: "Elasticsearch and Replication" +description: "Elasticsearch and Replication" +sidebar_position: 130 +--- + +# Elasticsearch and Replication + +Searches performed in Directory Manager are catered through Elasticsearch. + +Elasticsearch relies on two services: + +- **Elasticsearch Service** is responsible for searching the Elasticsearch repository and displaying + search results when a search is performed through Directory Manager. If this service stops, + Elasticsearch will not work. +- **Replication Service** is responsible for replicating attributes of the following objects from + the provider (such as Active Directory) to Elasticsearch. + + - Group + - User + - Contact + - Computers + - Organizational Unit + +The [Replication Service](/docs/directorymanager/11.1/signin/service/replicationservice.md) only replicates changes that are made to +these objects on the directory server. Changes made to these objects using Admin Center, Directory +Manager portal, or Management Shell, are directly saved in the Elasticsearch repository and +replicated to the Directory Manager database by the Data service. See the +[Data Service](/docs/directorymanager/11.1/signin/service/dataservice/overview.md) topic. + +Synchronize directly updates objects in the directory. As soon as objects are provisioned, +de-provisioned, or updated in the directory using Synchronize, the Replication service replicates +them to Elasticsearch. + +Synchronize history is saved to Elasticsearch when Active Directory, Microsoft Entra ID, Generic +LDAP, or Google Workspace is the destination provider in the respective Synchronize job. This +history is replicated to the Directory Manager database by the Data s ervice. + +NOTE: The **Recycle Bin** in the Directory Manager portal fetches data from the directory server and +not from Elasticsearch. + +## Replication Settings + +In Admin Center, you can specify settings for the Replication service at the global and local +levels. Global settings apply to all identity stores in Directory Manager while local settings are +specific to an identity store. + +- At the global level, you can schedule the service to run every x minutes to replicate object + attributes to Elasticsearch. You can also manually restore object data to Elasticsearch. See the + [Manage Global Replication Settings](/docs/directorymanager/11.1/signin/replication/settings.md) topic. +- For an identity store, you can specify the object attributes the service should replicate to + Elasticsearch. See the [Manage Local Replication Settings](/docs/directorymanager/11.1/signin/identitystore/replication.md) topic. + +NOTE: The Replication service does not replicate excluded domains for an identity store. See the +[Exclude an Active Directory Domain from Replication](/docs/directorymanager/11.1/signin/identitystore/manage.md#exclude-an-active-directory-domain-from-replication) +topic. + +## Replication Service Logs + +Logs for the Replication service are stored in the folder for the service on the Directory Manager +server. + +To view the logs: + +1. Launch IIS on the Directory Manager server and navigate to: + …\Sites\GroupIDSite11\GroupIDReplicationService +2. Right-click this folder and select **Explore**. +3. Locate the **Logs** folder to read the logs. + +Events are logged in a text file. When the file size reaches 100 MB, Directory Manager archives it +in the same directory by replacing the file extension with the suffix .Log.X and then creating a new +text file with the original name. X in .Log.X is a number from 1 to 10 representing the archiving +order; where ‘1’ denotes the most recent file. diff --git a/docs/directorymanager/11.1/signin/replication/settings.md b/docs/directorymanager/11.1/signin/replication/settings.md new file mode 100644 index 0000000000..6982a2eee0 --- /dev/null +++ b/docs/directorymanager/11.1/signin/replication/settings.md @@ -0,0 +1,306 @@ +--- +title: "Manage Global Replication Settings" +description: "Manage Global Replication Settings" +sidebar_position: 10 +--- + +# Manage Global Replication Settings + +The Replication service is responsible for replicating attributes of the group, user, contact, +computer, and organizational unit objects from a provider (such as Active Directory) to +Elasticsearch. + +You can configure certain settings for the Replication service in Admin Center. You can schedule it +to run every x minutes, force run it at any time, set a threshold for triggering replication error +notifications, and view the Elasticsearch health status. + +On every successful run of the Replication service, Directory Manager generates the replication +status of object types for each domain in an identity store and alerts you to any errors that may +have occurred during the replication process. + +NOTE: The Replication service does not replicate excluded domains for an identity store. See the +[Exclude an Active Directory Domain from Replication](/docs/directorymanager/11.1/signin/identitystore/manage.md#exclude-an-active-directory-domain-from-replication) +topic. + +### How to Resolve Replication Errors + +Possible actions to eliminate replication errors are: + +- Make sure the Replication service and Elasticsearch service are running. +- Make sure Search Guard or any other security plugin you use for Elasticsearch is operational. +- Consult the Replication service logs. They provide elaborate information about the object type in + the specific domain of the identity store the error occurred for, and whether that error comes + from the identity provider or Elasticsearch. See the + [Replication Service Logs](overview.md#replication-service-logs) topic. + +What do you want to do? + +- Monitor Elasticsearch Health Status +- Specify a Replication Interval for Objects +- Force Run the Replication Service (for Object Replication) +- View the Replication Status for Objects +- Specify Interval for Deleting Tombstone Objects +- Force Run the Replication Service (for Deleting Objects) +- Restore Object Data to Elasticsearch +- Clear Unused Indices +- Change the Search Guard Password +- Set a Threshold to Trigger Replication Error Notifications + +## Monitor Elasticsearch Health Status + +Directory Manager enables you to monitor the Elasticsearch service for the following: + +- The status of the Elasticsearch service. See the + [Elasticsearch Service](/docs/directorymanager/11.1/signin/concepts/dashboard.md#elasticsearch-service) card on the Admin Center + dashboard. +- Elasticsearch cluster health stats, which include: + + - Cluster name, health status, node info and shards info + - Cluster indices information, like health, number of documents, and status + +Directory Manager checks if the Elasticsearch service is running, if all nodes are working, and if +the cluster is intact. It also checks the health of each index. + +**To view Elasticsearch health status:** + +1. In Admin Center, click **Replication** in the left pane. +2. On the **Replication** page, click **Elasticsearch Health Monitor**. + + ![es_health_monitor](/img/product_docs/directorymanager/11.1/admincenter/replication/es_health_monitor.webp) + + This dialog box lists the Elasticsearch clusters in your environment, with the following + information for each cluster: + + - **Health:** the cluster health status denoted by the following colors: + + - Green – the service is running and the cluster is intact. Moreover, two or more nodes + exist within the cluster. + - Yellow – the cluster is running but with warnings. It also indicates that a single node + exists within the cluster. Elasticsearch recommends a three-node topology for improved + performance and high availability. + - Red – the service has stopped or the cluster is broken (for reasons such as network + connectivity. + + - **Nodes:** the number of nodes in the cluster. + - **Master:** the name of the master node in the cluster. + +3. To refresh the information displayed, click the **Refresh** icon. +4. Click a cluster name to view it in detail. + + ![cluster_info](/img/product_docs/directorymanager/11.1/admincenter/replication/cluster_info.webp) + + This dialog box displays the total number of nodes in the cluster. Each node is represented by a + card, that displays the following for the node: + + - The name of the node + - The system resources the node uses, such as hard disk space, RAM, and heap size + - Node health with respect to disk space usage, denoted by the following colors: + + - Green – when hard disk space usage is 79.99% or less + - Yellow – when hard disk space usage is 80-89.99% + - Red – when hard disk space usage is 90% or more + +5. The indices in the cluster are listed in the gird. + + - The **Name** column displays the names of the indices. + - The **Health** column displays the health of the index, which is denoted by the following + colors: + + - Green – the index is replicated to all nodes within the cluster. + - Yellow – the index is replicated to some but not all nodes within the cluster. + - Red – the index is not replicated to any node within the cluster. + + - The **Document** column shows the number of documents in the index. + +6. Click the back arrow to return to the **Elasticsearch Health Monitor** dialog box. + +## Specify a Replication Interval for Objects + +The Replication service interval applies to all identity stores defined in Admin Center. Object +attributes to be replicated are specified in the respective identity store settings. See the +[Manage Local Replication Settings](/docs/directorymanager/11.1/signin/identitystore/replication.md) topic. + +**To set global replication interval:** + +1. In Admin Center, click **Replication** in the left pane. +2. On the **Replication** page, the **Replication Service Interval** card displays: + + - the date and time the Replication service last ran + - the date and time the service will run next + - the interval (in minutes) between each run of the service + +3. By default, the interval is set to 10 minutes, which indicates that the service is triggered + every 10 minutes. In this way, changes made to objects in the directory during the last 10 + minutes are replicated to Elasticsearch. In Active Directory, the _whenChanged_ attribute stores + the time and date the object was last changed. This service checks the value of this attribute + and replicates any changes to Elasticsearch. + To change the interval, click **Edit** next to **Service Interval** on the on the **Replication + Service Interval** card. Specify the interval (in minutes) between each run of the service and + click the check mark. + +## Force Run the Replication Service (for Object Replication) + +1. In Admin Center, click **Replication** in the left pane. +2. On the **Replication** page, click **Force Replication Now** on the **Replication Service + Interval** card to run the Replications service instantly. + Changes made to objects in the directory between the last and current run are replicated to + Elasticsearch. Force-starting the service has no impact on the interval set in the **Service + Interval** box for triggering the service. + +## View the Replication Status for Objects + +After every run of the Replication service, you can view the replication status of each object type +for each domain in an identity store. You can view which object types were successfully replicated +and which ones failed to replicate. + +**To view the replication status:** + +1. In Admin Center, click **Replication** in the left pane. +2. On the **Replication** page, click **Advanced Replication Status**. The **Advanced Replication + Status** dialog box displays the status of object types for each domain in an identity store. + + 1. The domains or object types that failed to replicate in the last run of the Replication + service are displayed in red. Reasons could be inaccessibility or partial failure. + Replication errors are brought to the administrator’s notice in the following ways: + + - On the **Identity Stores** page, the card for the identity store turns red and _Errors_ is + displayed as the identity store status. + - A notification is sent to relevant personnel. See the Set a Threshold to Trigger + Replication Error Notifications topic. + + These alerts are triggered when replication fails in the last run of the Replication + service, or if the service does not run at the required triggering interval. To resolve + replication errors, see the How to Resolve Replication Errors topic. + + 2. The ‘Never replicated’ status indicates that the particular object type is not replicated + yet. Similarly, a child domain that is not being used will have its status marked in red. To + avoid these recurring errors, set the dates for these objects to a distant future date in the + Directory Manager database. Or you can exclude a domain from replication. See the + [Exclude an Active Directory Domain from Replication](/docs/directorymanager/11.1/signin/identitystore/manage.md#exclude-an-active-directory-domain-from-replication) + topic. + +## Specify Interval for Deleting Tombstone Objects + +Objects that are deleted from the directory must also be removed from Elasticsearch. For this +purpose, you can specify a triggering interval for the Replication service to remove tombstone +objects from the Elasticsearch repository. By default, the interval is set to 60 minutes, indicating +that the service is triggered every 60 minutes. As a result, objects deleted in the directory during +the last 60 minutes are removed from Elasticsearch. + +To identify objects that have been deleted in the directory but exist in Elasticsearch, the +Replication service compares the objects in both, and deletes objects that do not exist in the +directory anymore. + +**To specify an interval:** + +1. In Admin Center, click **Replication** in the left pane. +2. On the **Replication** page, the **Deleted Objects Replication Interval** card displays: + + - the date and time the Replication service last ran to remove tombstone objects from + Elasticsearch + - the date and time the service will run again + - the interval (in minutes) between each run of the service + +3. By default, the interval is set to 60 minutes, which indicates that the service is triggered + every 60 minutes. In this way, objects that are deleted in the directory during the last 60 + minutes are removed from Elasticsearch. + To change the interval, click **Edit** next to **Service Interval** on the **Deleted Objects + Replication Interval** card. Specify the interval (in minutes) between each run of the service + and click the check mark. This Replication service interval applies to all identity stores in + Directory Manager. + +## Force Run the Replication Service (for Deleting Objects) + +1. In Admin Center, click **Replication** in the left pane. +2. On the **Replication** page, click **Force Replication Now** on the **Deleted Objects Replication + Interval** card to run the Replication service instantly. + Objects deleted in the directory between the last and current run of the service, will be removed + from Elasticsearch. Force-starting the service has no impact on the interval set in the **Service + Interval** box for triggering the service. + +## Restore Object Data to Elasticsearch + +You may need to restore object data to Elasticsearch. The restore object data function restores the +following for all identity stores in Directory Manager: + +- the current attribute values of objects (groups, users, contacts, computers, and OUs) from the + provider (for example, Active Directory) +- the Directory Manager pseudo attributes of these objects from the Directory Manager database to + Elasticsearch + +**To restore object data:** + +1. In Admin Center, click **Replication** in the left pane. +2. On the **Replication** page, click **Restore Now** in the **Restore Objects Data** area to + restore data to Elasticsearch. + +## Clear Unused Indices + +Directory Manager stores object attributes and their values in Elasticsearch, where each object type +in an identity store is distinctly indexed. In a situation where an identity store is deleted from +Directory Manager, its indices are not required anymore. So, you can clear them from Elasticsearch +to avoid glut. + +**To clear unused indices:** + +1. In Admin Center, click **Replication** in the left pane. +2. On the **Replication** page, click **Clear Now** in the **Clear Unused Indices** area. The system + checks if there exist any indices in Elasticsearch for an identity store that no longer exists in + Directory Manager. +3. The **Delete Unused Indices** dialog box displays the indices that will be deleted from + Elasticsearch. Click **Delete** to proceed or click **Don't Delete** to close the dialog box + without clearing the indices. + In case no unused indices are found, a notification pops up in the bottom right corner to inform + that no unused indices were found. + +## Change the Search Guard Password + +Search Guard is a security plugin used to induce an authentication mechanism in Elasticsearch. The +option to change the Search Guard password is available when you install and manage Elasticsearch +with Directory Manager. Users who use their own instance of Elasticsearch cannot change the Search +Guard password using Directory Manager. + +You can change the password of the admin account that Directory Manager uses to access +Elasticsearch. + +**To change the password:** + +1. In Admin Center, click **Replication** in the left pane. +2. On the **Replication** page, click **Change Password** in the **Search Guard Settings** area. +3. On the **Change Password** dialog box, provide the current password for the Search Guard admin + account in the **Your current password** box. +4. Specify a new password in the **New Password** and **Confirm Password** boxes. +5. Click **Change Password**. + +## Set a Threshold to Trigger Replication Error Notifications + +The Replication service runs every x minutes to replicate objects in an identity store. In case it +fails to replicate during a run, a replication error is displayed, as discussed in the View the +Replication Status for Objects topic. + +Directory Manager generates notifications to alert administrators to replication errors. By default, +the triggering threshold is set to ‘3 attempts’, which means that notifications will be sent when +errors occur in three consecutive runs of the Replication service. You can change the threshold +value as required. + +Replication error notifications are sent to recipients whose email addresses are specified in the +_To_ and _CC_ boxes on the **Notifications** page. See the +[Specify Notification Recipients](/docs/directorymanager/11.1/signin/identitystore/configure/smtpserver.md#specify-notification-recipients) +topic. + +**To set a triggering threshold:** + +1. In Admin Center, click **Replication** in the left pane. +2. On the **Replication** page, the **Replication Error Notification** area displays ‘3 Attempts’ as + the default threshold for initiating notifications. This means that notifications will be sent + when three consecutive runs of the replication service result in error. Notifications will not be + sent when errors occur say, in two consecutive runs but no error shows in the third consecutive + run. + To change the threshold value, click **Edit**. Specify a threshold value to trigger replication + error notifications and click the check mark. + +**See Also** + +- [Elasticsearch and Replication ](/docs/directorymanager/11.1/signin/replication/overview.md) +- [Manage Local Replication Settings](/docs/directorymanager/11.1/signin/identitystore/replication.md) +- [Replication Service](/docs/directorymanager/11.1/signin/service/replicationservice.md) diff --git a/docs/directorymanager/11.1/signin/schedule/_category_.json b/docs/directorymanager/11.1/signin/schedule/_category_.json new file mode 100644 index 0000000000..c89e65d466 --- /dev/null +++ b/docs/directorymanager/11.1/signin/schedule/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Schedules", + "position": 60, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/directorymanager/11.1/signin/schedule/entitlement.md b/docs/directorymanager/11.1/signin/schedule/entitlement.md new file mode 100644 index 0000000000..ab595e94dc --- /dev/null +++ b/docs/directorymanager/11.1/signin/schedule/entitlement.md @@ -0,0 +1,104 @@ +--- +title: "GroupID Entitlement Schedule" +description: "GroupID Entitlement Schedule" +sidebar_position: 40 +--- + +# GroupID Entitlement Schedule + +An Entitlement schedule is automatically created for an identity store when: + +- A server is added for permission analysis on the Entitlement page in an Active Directory identity + store. See the [Manage File Servers](/docs/directorymanager/11.1/signin/entitlement/manage.md) for additional information on + adding a server. + + Or + +- A SharePoint site is added for permission analysis on the Entitlement page in a Microsoft Entra ID + identity store. See the [Manage SharePoint Sites](/docs/directorymanager/11.1/signin/entitlement/manage_1.md) topic for + additional information on adding a SharePoint site. + +By default, the schedule runs weekly to compute permissions on shared files and folders residing on +the specified servers (for Active Directory), and the document libraries present in the specified +sites (for SharePoint). It then replicates these permissions to Elasticsearch, enabling users to +view, manage and update these permissions in the Directory Manager portal. + +On the very first run of the Entitlement schedule, it computes all permissions from scratch and +performs a complete replication. On each next run, it will create a parallel index for that specific +server/SharePoint site index with the suffix \_replication which computes all permissions from +scratch. In the meantime, user can perform actions on Directory Manager Entitlement. The actions +performed during this parallel replication are committed directly at the provider and stored in the +database. These changes are then immediately committed to elastic after the replication is complete. + +The scope schedule changes are replicated after the new index is done replicating permissions from +the server/SharePoint. When this parallel index gets completely replicated, it becomes the new +primary index for this server/SharePoint site and the \_replication index is deleted from indices. + +The GroupID Entitlement schedule runs in the context of the following accounts: + +- For file servers, the schedule runs in the context of the service account defined for the identity + store. In case you specify a different account for a file server, the schedule runs in the context + of the changed account. See the + [Connect to a File Server Using a Different Account](/docs/directorymanager/11.1/signin/entitlement/manage.md#connect-to-a-file-server-using-a-different-account) + topic. +- For a SharePoint site, the schedule runs in the context of the account you specified to connect to + the SharePoint admin site. In case you specify a different account for a site, the schedule runs + in the context of the changed account. See the + [Connect to a Site Using a Different Account](/docs/directorymanager/11.1/signin/entitlement/manage_1.md#connect-to-a-site-using-a-different-account) + topic. + +You cannot create or delete a GroupID Entitlement schedule; only edit the existing schedule. + +## Update the Schedule + +Follow the steps to update the GroupID Entitlement schedule. + +Step 1 – In Admin Center, click **Identity Stores** in the left pane. + +Step 2 – On the Identity Stores page, click the ellipsis button for an identity store and select +**Edit**. + +Step 3 – Click **Schedules** under Settings in the left pane. + +Step 4 – On the Schedules page, click the plus sign next to **GroupID Entitlement**. Then click the +ellipsis button for the schedule and select **Edit**. + +Step 5 – On the Edit Schedule page, the Schedule Name and Name Preview boxes display the name of the +schedule as read-only. The name format is +`_Entitlement_`. + +Step 6 – In the Scheduler Service Name drop-down list, select a Scheduler service that would be +responsible for triggering this schedule. The number of services displayed in the list depend on the +number of nodes in all Elasticsearch clusters in the environment, as each node has its own Scheduler +service. See the [Scheduler Service](/docs/directorymanager/11.1/signin/service/schedulerservice.md) topic for additional +information. + +Please note the following while selecting a Scheduler service: + +- The Scheduler service for the Directory Manager instance on which you are creating the schedule is + selected by default. However, you can select the Scheduler service of another instance as well. + +- The Scheduler service can be changed even after creating the schedule. Upon the next run, the + schedule will be triggered by the newly-selected Scheduler service. + +- If the selected Scheduler service fails to trigger the schedule, then no other Scheduler service + can be selected automatically. + +- If a schedule is run manually on the Admin Center, then the Scheduler service of that instance + will be used. + +Step 7 – The **Triggers** area displays the default triggering frequency for the schedule. + +- To change a trigger, click **Edit** for it. +- To add a new trigger, click **Add Trigger**. + +Step 8 – Follow step 11 in the +[Create a Group Usage Service Schedule](groupusageservice.md#create-a-group-usage-service-schedule) +topic to manage triggers. + +Step 9 – After making the changes, click **Update Schedule**. + +Step 10 – On the Schedules page, click **Save**. +For general schedule info, see the +[View the Schedules in an Identity Store ](manage.md#view-the-schedules-in-an-identity-store) topic +for additional information. diff --git a/docs/directorymanager/11.1/admincenter/schedule/entitlementscope.md b/docs/directorymanager/11.1/signin/schedule/entitlementscope.md similarity index 88% rename from docs/directorymanager/11.1/admincenter/schedule/entitlementscope.md rename to docs/directorymanager/11.1/signin/schedule/entitlementscope.md index 44057120b1..cc8b6b4d8b 100644 --- a/docs/directorymanager/11.1/admincenter/schedule/entitlementscope.md +++ b/docs/directorymanager/11.1/signin/schedule/entitlementscope.md @@ -1,15 +1,21 @@ +--- +title: "Entitlement Scope Schedule" +description: "Entitlement Scope Schedule" +sidebar_position: 50 +--- + # Entitlement Scope Schedule An Entitlement Scope schedule is automatically created for an identity store when: - A server is added for permission analysis on the Entitlement page in an Active Directory identity - store. See the [Manage File Servers](/docs/directorymanager/11.1/admincenter/entitlement/ad/manage.md) for additional information on + store. See the [Manage File Servers](/docs/directorymanager/11.1/signin/entitlement/manage.md) for additional information on adding a server. Or - A SharePoint site is added for permission analysis on the Entitlement page in a Microsoft Entra ID - identity store. See the [Manage SharePoint Sites](/docs/directorymanager/11.1/admincenter/entitlement/entraid/manage.md) topic for + identity store. See the [Manage SharePoint Sites](/docs/directorymanager/11.1/signin/entitlement/manage_1.md) topic for additional information on adding a SharePoint site. Using the Directory Manager portal, users can update the permissions on files and folders residing @@ -24,7 +30,7 @@ sub-trees, till the nth level. Changes made to permissions outside of Directory the scope of this schedule. Permissions replicated by the Entitlement Scope schedule are also replicated by the -[GroupID Entitlement Schedule](/docs/directorymanager/11.1/admincenter/schedule/entitlement.md), as the latter replicates permissions from scratch. +[GroupID Entitlement Schedule](/docs/directorymanager/11.1/signin/schedule/entitlement.md), as the latter replicates permissions from scratch. However, the default triggering frequency for the Directory Manager Entitlement schedule (i.e., weekly) necessitates a separate Entitlement Scope schedule. @@ -33,12 +39,12 @@ The Entitlement Scope schedule runs in the context of the following accounts: - For file servers, the schedule runs in the context of the service account defined for the identity store. In case you specify a different account for a file server, the schedule runs in the context of the changed account. See the - [Connect to a File Server Using a Different Account](/docs/directorymanager/11.1/admincenter/entitlement/ad/manage.md#connect-to-a-file-server-using-a-different-account) + [Connect to a File Server Using a Different Account](/docs/directorymanager/11.1/signin/entitlement/manage.md#connect-to-a-file-server-using-a-different-account) topic for additional information. - For a SharePoint site, the schedule runs in the context of the account you specified to connect to the SharePoint admin site. In case you specify a different account for a site, the schedule runs in the context of the changed account. See the - [Connect to a Site Using a Different Account](/docs/directorymanager/11.1/admincenter/entitlement/entraid/manage.md#connect-to-a-site-using-a-different-account) + [Connect to a Site Using a Different Account](/docs/directorymanager/11.1/signin/entitlement/manage_1.md#connect-to-a-site-using-a-different-account) topic for additional information. You cannot create or delete an Entitlement Scope schedule; only edit the existing schedule. @@ -64,7 +70,7 @@ _Entitlement_``_Scope_. Step 6 – In the **Scheduler Service Name** drop-down list, select a Scheduler service that would be responsible for triggering this schedule. The number of services displayed in the list depend on the number of nodes in all Elasticsearch clusters in the environment, as each node has its own Scheduler -service. See the [Scheduler Service](/docs/directorymanager/11.1/admincenter/service/schedulerservice.md) topic for additional +service. See the [Scheduler Service](/docs/directorymanager/11.1/signin/service/schedulerservice.md) topic for additional information. Please note the following while selecting a Scheduler service: diff --git a/docs/directorymanager/11.1/admincenter/schedule/entitlementtemporarypermissions.md b/docs/directorymanager/11.1/signin/schedule/entitlementtemporarypermissions.md similarity index 90% rename from docs/directorymanager/11.1/admincenter/schedule/entitlementtemporarypermissions.md rename to docs/directorymanager/11.1/signin/schedule/entitlementtemporarypermissions.md index 0eae7fe9f3..8809aff7b4 100644 --- a/docs/directorymanager/11.1/admincenter/schedule/entitlementtemporarypermissions.md +++ b/docs/directorymanager/11.1/signin/schedule/entitlementtemporarypermissions.md @@ -1,15 +1,21 @@ +--- +title: "Entitlement Temporary Permissions Schedule" +description: "Entitlement Temporary Permissions Schedule" +sidebar_position: 60 +--- + # Entitlement Temporary Permissions Schedule An Entitlement Temporary Permissions schedule is automatically created for an identity store when: - A server is added for permission analysis on the Entitlement page in an Active Directory identity - store. See the [Manage File Servers](/docs/directorymanager/11.1/admincenter/entitlement/ad/manage.md) for additional information on + store. See the [Manage File Servers](/docs/directorymanager/11.1/signin/entitlement/manage.md) for additional information on adding a server. Or - A SharePoint site is added for permission analysis on the **Entitlement** page in a Microsoft - Entra ID identity store. See the [Manage SharePoint Sites](/docs/directorymanager/11.1/admincenter/entitlement/entraid/manage.md) topic + Entra ID identity store. See the [Manage SharePoint Sites](/docs/directorymanager/11.1/signin/entitlement/manage_1.md) topic for additional information on adding a SharePoint site. The Entitlement Temporary Permissions schedule updates the temporary permissions granted to objects @@ -35,12 +41,12 @@ The Entitlement Temporary Permissions schedule runs in the context of the follow - For file servers, the schedule runs in the context of the service account defined for the identity store. In case you specify a different account for a file server, the schedule runs in the context of the changed account. See the - [Connect to a File Server Using a Different Account](/docs/directorymanager/11.1/admincenter/entitlement/ad/manage.md#connect-to-a-file-server-using-a-different-account) + [Connect to a File Server Using a Different Account](/docs/directorymanager/11.1/signin/entitlement/manage.md#connect-to-a-file-server-using-a-different-account) topic. - For a SharePoint site, the schedule runs in the context of the account you specified to connect to the SharePoint admin site. In case you specify a different account for a site, the schedule runs in the context of the changed account. See the - [Connect to a Site Using a Different Account](/docs/directorymanager/11.1/admincenter/entitlement/entraid/manage.md#connect-to-a-site-using-a-different-account) + [Connect to a Site Using a Different Account](/docs/directorymanager/11.1/signin/entitlement/manage_1.md#connect-to-a-site-using-a-different-account) topic. You cannot create or delete an Entitlement Temporary Permissions schedule; only edit the existing @@ -67,7 +73,7 @@ _Entitlement_``_ TemporaryPe Step 6 – In the Scheduler Service Name drop-down list, select a Scheduler service that would be responsible for triggering this schedule. The number of services displayed in the list depend on the number of nodes in all Elasticsearch clusters in the environment, as each node has its own Scheduler -service. See the [Scheduler Service](/docs/directorymanager/11.1/admincenter/service/schedulerservice.md) topic for additional +service. See the [Scheduler Service](/docs/directorymanager/11.1/signin/service/schedulerservice.md) topic for additional information. Please note the following while selecting a Scheduler service: diff --git a/docs/directorymanager/11.1/signin/schedule/grouplifecycle.md b/docs/directorymanager/11.1/signin/schedule/grouplifecycle.md new file mode 100644 index 0000000000..3b85e0b7cd --- /dev/null +++ b/docs/directorymanager/11.1/signin/schedule/grouplifecycle.md @@ -0,0 +1,105 @@ +--- +title: "Group Life Cycle Schedule" +description: "Group Life Cycle Schedule" +sidebar_position: 20 +--- + +# Group Life Cycle Schedule + +Directory Manager enables you to define group lifecycle settings for an identity store. See the +[Manage Group Lifecycle Settings](/docs/directorymanager/11.1/signin/identitystore/configure/grouplifecycle.md) +topic for additional information. Based on these settings, the Group Lifecycle schedule expires and +logically deletes groups in the identity store on a scheduled basis, keeping your directory clean +and preventing group glut. + +While creating a Group Lifecycle schedule, you have to specify a job triggering criterion, the +containers the job will process, and notification options. + +The Group Lifecycle schedule performs the following main functions: + +- Expires and logically delete groups according to their respective expiry policies. See the + [ Group Expiry and Deletion](/docs/directorymanager/11.1/signin/identitystore/configure/groupexpirydeletion.md) + topic for additional information. +- Sends email notifications to relevant personnel before expiring a group. Also initiates + notifications for group attestation. +- Extends or reduces the life of mail-enabled distribution groups based on their usage. +- Initiates group attestation for expiring groups. + +## Create a Group Life Cycle Schedule + +Step 1 – In Admin Center, click **Identity Stores** in the left pane. + +Step 2 – On the Identity Stores page, click the ellipsis button for an identity store and select +**Edit**. + +Step 3 – Click **Schedules** under Settings in the left pane. + +Step 4 – On the Schedules page, click **Add Schedule** and select **Group Life Cycle Job**. +The Create Schedule page is displayed. + +Step 5 – In the Schedule Name box, enter a name for the schedule. + +Step 6 – The Name Preview box displays the schedule name prefixed with \_Glm\_\_; the schedule is +displayed with this name in email notifications. + +Step 7 – Select a Directory Manager portal URL in the Portal URL drop-down list to include it in +notifications generated for this schedule. Users are redirected to this portal to perform any +necessary action. + +Step 8 – In the Scheduler Service Name drop-down list, select a Scheduler service that would be +responsible for triggering this schedule. The number of services displayed in the list depend on the +number of nodes in all Elasticsearch clusters in the environment, as each node has its own Scheduler +service. See the [Scheduler Service](/docs/directorymanager/11.1/signin/service/schedulerservice.md) topic for additional +information. + +Please note the following while selecting a Scheduler service: + +- The Scheduler service for the Directory Manager instance on which you are creating the schedule is + selected by default. However, you can select the Scheduler service of another instance as well. + +- The Scheduler service can be changed even after creating the schedule. Upon the next run, the + schedule will be triggered by the newly-selected Scheduler service. + +- If the selected Scheduler service fails to trigger the schedule, then no other Scheduler service + can be selected automatically. + +- If a schedule is run manually on the Admin Center, then the Scheduler service of that instance + will be used. + +Step 9 – You can specify containers as targets for the schedule. To do so, follow step 9 in the +[Create a Group Usage Service Schedule](groupusageservice.md#create-a-group-usage-service-schedule) +topic. The schedule will process all groups in the containers and their sub-containers listed in the +Target(s) area in keeping with the Group Lifecycle settings for the identity store. + +NOTE: In Group Lifecycle settings, the administrator can specify container(s) for exclusively +applying or not applying the Group Life cycle policy. See the +[Apply Policy on Specific Containers](/docs/directorymanager/11.1/signin/identitystore/configure/grouplifecycle.md#apply-policy-on-specific-containers) +topic. With containers specified in the Target(s) area, there may be a conflict or overlapping of +containers, in which case, the Group Lifecycle settings take precedence. + +Step 10 – Click **Add Triggers** in the Triggers area to specify a triggering criterion for the +schedule, that, when met, starts the execution of the schedule. Follow step 11 in the +[Create a Group Usage Service Schedule](groupusageservice.md#create-a-group-usage-service-schedule) +topic to manage triggers. + +Step 11 – Click **Add Authentication** in the Authentication area to specify an account for running +the schedule in the identity store. Follow step 12 in the +[Create a Group Usage Service Schedule](groupusageservice.md#create-a-group-usage-service-schedule) +topic for additional information. + +Step 12 – To set notifications for the schedule, click **Notifications**. + +1. On the Notifications dialog box, select the **Send group life extension notification** check box + to send email notifications to a group’s primary and additional owners when the job extends the + life of a group, based on group usage settings in the Group Lifecycle policy. For group usage + settings, see the + [Enable Group Usage Lifecycle](/docs/directorymanager/11.1/signin/identitystore/configure/grouplifecycle.md#enable-group-usage-lifecycle) + topic for additional information. +2. Click **Save**. + +Step 13 – On the Create Schedule page, click **Create Schedule**. + +Step 14 – On the Schedules page, click **Save**. +The schedule is displayed under Group Life Cycle. See the +[View the Schedules in an Identity Store ](manage.md#view-the-schedules-in-an-identity-store) topic +for additional information. diff --git a/docs/directorymanager/11.1/admincenter/schedule/groupusageservice.md b/docs/directorymanager/11.1/signin/schedule/groupusageservice.md similarity index 91% rename from docs/directorymanager/11.1/admincenter/schedule/groupusageservice.md rename to docs/directorymanager/11.1/signin/schedule/groupusageservice.md index b28917782e..779fcb7ec6 100644 --- a/docs/directorymanager/11.1/admincenter/schedule/groupusageservice.md +++ b/docs/directorymanager/11.1/signin/schedule/groupusageservice.md @@ -1,3 +1,9 @@ +--- +title: "Group Usage Service Schedule" +description: "Group Usage Service Schedule" +sidebar_position: 10 +--- + # Group Usage Service Schedule A Group Usage Service schedule monitors expansion events and timestamps affected groups of the @@ -7,9 +13,9 @@ An expansion event occurs when an Exchange Server expands a distribution list fo The event is recorded in the Exchange Server's message tracking log, which the Group Usage Service schedule reads, parsing for the timestamp that indicates when the distribution list was last used. -The timestamp is then used by the [Group Life Cycle Schedule](/docs/directorymanager/11.1/admincenter/schedule/grouplifecycle.md) to extend or reduce +The timestamp is then used by the [Group Life Cycle Schedule](/docs/directorymanager/11.1/signin/schedule/grouplifecycle.md) to extend or reduce the life of mail-enabled distribution groups based on their usage. See the -[Enable Group Usage Lifecycle](/docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/grouplifecycle.md#enable-group-usage-lifecycle) +[Enable Group Usage Lifecycle](/docs/directorymanager/11.1/signin/identitystore/configure/grouplifecycle.md#enable-group-usage-lifecycle) topic. While creating a Group Usage Service schedule, you have to specify a job triggering criterion, the @@ -39,7 +45,7 @@ necessary action. Step 8 – In the Scheduler Service Name drop-down list, select a Scheduler service that would be responsible for triggering this schedule. The number of services displayed in the list depend on the number of nodes in all Elasticsearch clusters in the environment, as each node has its own Scheduler -service. See the [Scheduler Service](/docs/directorymanager/11.1/admincenter/service/schedulerservice.md) topic for additional +service. See the [Scheduler Service](/docs/directorymanager/11.1/signin/service/schedulerservice.md) topic for additional information. Please note the following while selecting a Scheduler service: @@ -85,7 +91,7 @@ these servers. 3. Click **Add**. The messaging server(s) are displayed in the Messaging Server area. Step 11 – Click **Add Triggers** in the Triggers area to specify a triggering criterion for the -schedule, that, when met, starts the execution of the schedule. See the [Triggers](/docs/directorymanager/11.1/admincenter/schedule/triggers.md) +schedule, that, when met, starts the execution of the schedule. See the [Triggers](/docs/directorymanager/11.1/signin/schedule/triggers.md) topic for information on the triggering criterion setting. Step 12 – After specifying the settings for triggers, click **Add**. The trigger is displayed in the @@ -109,7 +115,7 @@ in the identity store (for example, Administrator). NOTE: If you are creating this schedule in a Microsoft Entra ID identity store, you can only specify the logged-in user's account. See the [Schedules for Microsoft Entra ID Identity Store](overview.md#schedules-for-microsoft-entra-id-identity-store) -section of the [Schedules](/docs/directorymanager/11.1/admincenter/schedule/overview.md) topic for additional information. +section of the [Schedules](/docs/directorymanager/11.1/signin/schedule/overview.md) topic for additional information. Step 14 – On the Create Schedule page, click **Create Schedule**. diff --git a/docs/directorymanager/11.1/admincenter/schedule/historyretention.md b/docs/directorymanager/11.1/signin/schedule/historyretention.md similarity index 89% rename from docs/directorymanager/11.1/admincenter/schedule/historyretention.md rename to docs/directorymanager/11.1/signin/schedule/historyretention.md index 547474ac05..d7165f2902 100644 --- a/docs/directorymanager/11.1/admincenter/schedule/historyretention.md +++ b/docs/directorymanager/11.1/signin/schedule/historyretention.md @@ -1,8 +1,14 @@ +--- +title: "History Retention Schedule" +description: "History Retention Schedule" +sidebar_position: 30 +--- + # History Retention Schedule While configuring history tracking for an identity store, you can choose to keep history records forever in the Directory Manager database or retain history for a specific period. See the -[Configure History Tracking](/docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/historytracking.md) topic +[Configure History Tracking](/docs/directorymanager/11.1/signin/identitystore/configure/historytracking.md) topic for additional information. In case you select the latter option, the History Retention schedule is auto created for the identity store. This schedule runs on a specified frequency to check if the retention period is over for any history records, and if so, move them from the Directory Manager @@ -12,13 +18,13 @@ database to the following .csv files: Management Shell, and scheduled jobs. It also contains history data for the identity store, security roles, and workflow configurations. - AuditingHistory – Contains history data of all authentication actions performed in Directory - Manager, as logged in Helpdek history. See the [History in Helpdesk](/docs/directorymanager/11.1/admincenter/helpdesk/history.md) topic + Manager, as logged in Helpdek history. See the [History in Helpdesk](/docs/directorymanager/11.1/signin/helpdesk/history.md) topic for additional information. - PasswordCenterHistory – Contains history data of all actions tracked in Helpdesk, except the - authentication action. See the [History in Helpdesk](/docs/directorymanager/11.1/admincenter/helpdesk/history.md) topic for additional + authentication action. See the [History in Helpdesk](/docs/directorymanager/11.1/signin/helpdesk/history.md) topic for additional information. - AdminCenterHistory – Contains Admin Center history data. See the - [Admin Center History](/docs/directorymanager/11.1/admincenter/general/history.md) topic for additional information. + [Admin Center History](/docs/directorymanager/11.1/signin/concepts/history_1.md) topic for additional information. These files are available at the following location on the Directory Manager server: @@ -62,7 +68,7 @@ displayed with this name in email notifications. Step 7 – In the Scheduler Service Name drop-down list, select a Scheduler service that would be responsible for triggering this schedule. The number of services displayed in the list depend on the number of nodes in all Elasticsearch clusters in the environment, as each node has its own Scheduler -service. See the [Scheduler Service](/docs/directorymanager/11.1/admincenter/service/schedulerservice.md) topic for additional +service. See the [Scheduler Service](/docs/directorymanager/11.1/signin/service/schedulerservice.md) topic for additional information. Please note the following while selecting a Scheduler service: diff --git a/docs/directorymanager/11.1/signin/schedule/manage.md b/docs/directorymanager/11.1/signin/schedule/manage.md new file mode 100644 index 0000000000..c24550aaa6 --- /dev/null +++ b/docs/directorymanager/11.1/signin/schedule/manage.md @@ -0,0 +1,240 @@ +--- +title: "Manage Schedules" +description: "Manage Schedules" +sidebar_position: 160 +--- + +# Manage Schedules + +Directory Manager enables you to run, modify, disable, and delete the schedules defined for an +identity store. + +## View the Schedules in an Identity Store + +Follow the steps to view the schedules in an identity store. + +Step 1 – In Admin Center, click **Identity Stores** in the left pane. + +Step 2 – On the Identity Stores page, click the ellipsis button for an identity store and select +**Edit**. + +Step 3 – Click **Schedules** under Settings in the left pane. + +Step 4 – On the Schedules page, click the plus sign next to a job name to view the schedules defined +for it. +The following is displayed for a schedule: + +| Label | Description | +| --------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | +| Enable | Shows whether a schedule is enabled or disabled. Use the toggle button next to a schedule to disable an enabled schedule and vice versa. Directory Manager does not execute a disabled schedule. | +| Job Name | The name of a schedule. | +| Target(s) | The group(s) and container(s) that a schedule processes. | +| Last Run | The date and time a schedule last ran. | +| Next Run | The next date and time a schedule will run. | +| Actions | Click the ellipsis button for a schedule in the **Actions** column and select an option: - Edit – To update the schedule's settings, such as targets, triggers, and notifications. - Delete – To delete a schedule. - Run – To manually run a schedule instantly. - Terminate – To manually terminate a running schedule instantly. This option is available for schedules that are currently running. | + +### Search a Schedule + +Directory Manager enables you to search for a schedule by different attributes, such as job name, +job target, last run time, the kind of notifications set for a job and the user name used for +authentication in a job. + +Follow the steps to apply a filter. + +Step 1 – On the Schedules page, expand the Schedule Filters area by clicking the plus sign. + +Step 2 – In the _Select a Filter_ box, select an attribute to filter schedules. + +Step 3 – In the _Select an Operator_ drop-down list, select an operator to apply to the selected +attribute. This drop-down displays the operators on the basis of the selected attribute. Available +operators are: + +| Condition | Description | +| ------------------- | --------------------------------------------------------------------------------------------------------------------------- | +| Starts with | Returns everything that starts with the value. | +| Does not start with | Returns everything that does not start with the value. | +| Ends with | Returns everything that ends with the value. Searching with this condition is resource-intensive for the directory. | +| Does not end with | Returns everything that does not end with the value. Searching with this condition is resource-intensive for the directory. | +| Is exactly | Returns everything that matches the value. | +| Is not | Returns everything that does not match the value. | +| Contains | Returns everything that contains the value. Searching with this condition is resource-intensive for the directory. | +| Not contain | Returns everything that does not contain the value. Searching with this condition is resource-intensive for the directory. | +| Present | Returns everything that has a value. | +| Not present | Returns everything that does not have a value. | +| Greater or equal | Returns everything with a value greater than or equal to the given value. | +| Less or equal | Returns everything with a value lesser than or equal to the given value. | + +Step 4 – In the _Select a Value_ box, specify a value for the attribute. The selected attribute and +operator determine the kind of value that can be entered in this box. For some operators, such as +_Present_ and _Not Present_, this field is not available. These operators check if a value for the +attribute is present or not. + +- To add more filters – On adding a filter, the next row is displayed, so you can add another + filter. +- To remove a filter row – To remove a filter row, click **Remove** for it. +- To remove the filter – To remove all the filter rows, click **Clear**. + +Step 5 – To apply the filter, click **Apply**. With multiple filters, schedules that satisfy all the +filters are displayed. + +## Enable/Disable a Schedule + +Follow the steps to enable/disable a schedule. + +Step 1 – In Admin Center, click **Identity Stores** in the left pane. + +Step 2 – On the Identity Stores page, click the ellipsis button for an identity store and select +**Edit**. + +Step 3 – Click **Schedules** under Settings in the left pane. + +Step 4 – On the Schedules page, click the plus sign for a job to view the schedules defined for it. + +Step 5 – Use the Enable toggle button for a schedule to enable or disable it. +A disabled schedule is not executed in the identity store. + +Step 6 – Click **Save**. + +## Update Triggers for a Schedule + +A trigger is a criterion that, when met, starts the execution of a schedule. + +Follow the steps to update triggers for a schedule. + +Step 1 – In Admin Center, click **Identity Stores** in the left pane. + +Step 2 – On the Identity Stores page, click the ellipsis button for an identity store and select +**Edit**. + +Step 3 – Click **Schedules** under Settings in the left pane. + +Step 4 – On the Schedules page, click the plus sign for a job to view the schedules defined for it. + +Step 5 – Click the ellipsis button for a schedule and select **Edit**. + +Step 6 – On the Edit Schedule page, the Triggers area displays the trigger(s) set for the schedule. + +- To update a trigger, click **Edit** for it. +- To add a new trigger, click **Add Trigger**. +- To remove a trigger, click **Remove** for it. + +Follow step 11 in the [Group Usage Service Schedule](/docs/directorymanager/11.1/signin/schedule/groupusageservice.md) topic to manage triggers. + +Step 7 – Click **Update Schedule**. + +Step 8 – Click **Save** on the Schedules page. + +## Update Targets for a Schedule + +Targets in a schedule are the objects processed by that schedule. + +Follow the steps to update the targets. + +Step 1 – In Admin Center, click **Identity Stores** in the left pane. + +Step 2 – On the Identity Stores page, click the ellipsis button for an identity store and select +**Edit**. + +Step 3 – Click **Schedules** under Settings in the left pane. + +Step 4 – On the Schedules page, click the plus sign for a job to view the schedules defined for it. + +Step 5 – Click the ellipsis button for a schedule and select **Edit**. + +Step 6 – On the Edit Schedule page, the Target(s) area displays the target objects for the +schedule. +Target types differ for different schedule types. For example, you can set containers as targets for +a Group Lifecycle schedule; and jobs and job collections for a Synchronize schedule. Other +schedules, such as a User Lifecycle schedule, may not require a target, as they execute certain +functions for an identity store. + +- To add a target object to a schedule, refer to the instructions for the respective schedule. +- To remove a target object, click **Remove** for it. +- To remove all target objects, click **Remove All**. + +Step 7 – Click **Update Schedule**. + +Step 8 – Click **Save** on the Schedules page. + +## Update Notification Settings for a Schedule + +Follow the steps to update notification settings for a schedule. + +Step 1 – In Admin Center, click **Identity Stores** in the left pane. + +Step 2 – On the Identity Stores page, click the ellipsis button for an identity store and select +**Edit**. + +Step 3 – Click **Schedules** under Settings in the left pane. + +Step 4 – On the Schedules page, click the plus sign for a job to view the schedules defined for it. + +Step 5 – Click the ellipsis button for a schedule and select **Edit**. + +Step 6 – On the Edit Schedule page, click the **Notifications** button to update notification +settings for the schedule. +Notification settings differ for different schedule types. For example, a Smart Group Update +schedule has a different set of notification options from a Group Lifecycle schedule. Other +schedules, such as the Directory Manager Entitlement and Workflow Acceleration schedules, do not +have notification settings. +To manage the notification settings for a schedule, refer to the instructions for the respective +schedule. + +Step 7 – Click **Update Schedule**. + +Step 8 – Click **Save** on the Schedules page. + +## Run a Schedule Instantly + +Follow the steps to run a schedule instantly. + +Step 1 – In Admin Center, click **Identity Stores** in the left pane. + +Step 2 – On the Identity Stores page, click the ellipsis button for an identity store and select +**Edit**. + +Step 3 – Click **Schedules** under Settings in the left pane. + +Step 4 – On the Schedules page, click the plus sign for a job to view the schedules defined for it. + +Step 5 – Click the ellipsis button for a schedule and select **Run** to execute it instantly. + +## Terminate a Running Schedule + +You can terminate a schedule that is currently running in an identity store. On termination, objects +that have already been processed by the schedule will not be reverted while the remaining stay +unprocessed. + +Follow the steps to terminate a running schedule. + +Step 1 – In Admin Center, click **Identity Stores** in the left pane. + +Step 2 – On the Identity Stores page, click the ellipsis button for an identity store and select +**Edit**. + +Step 3 – Click **Schedules** under Settings in the left pane. + +Step 4 – On the Schedules page, click the plus sign for a job to view the schedules defined for it. + +Step 5 – Click the ellipsis button for a currently running schedule and select **Terminate** to stop +it instantly. + +## Delete a Schedule + +Follow the steps to delete a schedule. + +Step 1 – In Admin Center, click **Identity Stores** in the left pane. + +Step 2 – On the Identity Stores page, click the ellipsis button for an identity store and select +**Edit**. + +Step 3 – Click **Schedules** under Settings in the left pane. + +Step 4 – On the Schedules page, click the plus sign for a job to view the schedules defined for it. + +Step 5 – Click the ellipsis button for a schedule and select **Delete**. +The Delete option is not available for system-defined schedules. + +Step 6 – On the Delete Schedule dialog box, click **Delete**. + +Step 7 – Click **Save** on the Schedules page. diff --git a/docs/directorymanager/11.1/admincenter/schedule/managedbylifecycle.md b/docs/directorymanager/11.1/signin/schedule/managedbylifecycle.md similarity index 94% rename from docs/directorymanager/11.1/admincenter/schedule/managedbylifecycle.md rename to docs/directorymanager/11.1/signin/schedule/managedbylifecycle.md index a51be9505c..c9d5a9b46a 100644 --- a/docs/directorymanager/11.1/admincenter/schedule/managedbylifecycle.md +++ b/docs/directorymanager/11.1/signin/schedule/managedbylifecycle.md @@ -1,3 +1,9 @@ +--- +title: "Managed By Life Cycle Schedule" +description: "Managed By Life Cycle Schedule" +sidebar_position: 70 +--- + # Managed By Life Cycle Schedule The Managed By Life Cycle schedule updates the temporary additional owners for groups and temporary @@ -29,7 +35,7 @@ frequency that meets your temporary ownership requirements. Directory Manager generates notifications when the Managed By Life Cycle schedule adds or removes temporary additional owners/managers. See the -[Manage Managed by Life Cycle Notifications](/docs/directorymanager/11.1/admincenter/identitystore/configure/smtpserver.md#manage-managed-by-life-cycle-notifications) +[Manage Managed by Life Cycle Notifications](/docs/directorymanager/11.1/signin/identitystore/configure/smtpserver.md#manage-managed-by-life-cycle-notifications) topic for additional information. ## Create a Managed By Life Cycle Schedule @@ -58,7 +64,7 @@ necessary action. Step 8 – In the Scheduler Service Name drop-down list, select a Scheduler service that would be responsible for triggering this schedule. The number of services displayed in the list depend on the number of nodes in all Elasticsearch clusters in the environment, as each node has its own Scheduler -service. See the [Scheduler Service](/docs/directorymanager/11.1/admincenter/service/schedulerservice.md) topic for additional +service. See the [Scheduler Service](/docs/directorymanager/11.1/signin/service/schedulerservice.md) topic for additional information. Step 9 – You can specify containers as targets for the schedule. The schedule will process all diff --git a/docs/directorymanager/11.1/signin/schedule/membershiplifecycle.md b/docs/directorymanager/11.1/signin/schedule/membershiplifecycle.md new file mode 100644 index 0000000000..1f797f072b --- /dev/null +++ b/docs/directorymanager/11.1/signin/schedule/membershiplifecycle.md @@ -0,0 +1,111 @@ +--- +title: "Membership Life Cycle Schedule" +description: "Membership Life Cycle Schedule" +sidebar_position: 80 +--- + +# Membership Life Cycle Schedule + +The Membership Life Cycle schedule updates the temporary membership of groups in an identity store. +It performs the following functions: + +- Group owners (primary owner, additional owners, and Exchange additional owners) can set a start + and end date to: + + - Add an object as a temporary member of a group + - Remove a member for a temporary period from group membership + + The Membership Life Cycle schedule temporarily adds and removes an object from group membership + on the specified dates. + +- Managers and peers can join and leave a group temporarily on behalf of other users. When the + Membership Life Cycle schedule runs, it adds and removes those users from group membership on the + specified dates. +- The Membership Life Cycle schedule executes the Membership Life Cycle policy for the identity + store. See the + [Manage Membership Life Cycle Policies](/docs/directorymanager/11.1/signin/identitystore/configure/membershiplifecycle.md) + topic. +- The schedule also removes members when group owners inactivate them during group attestation. See + the + [Enable Group Attestation](/docs/directorymanager/11.1/signin/identitystore/configure/grouplifecycle.md#enable-group-attestation) + topic. + +Let’s assume that the Membership Life Cycle schedule is scheduled to run once a week, say Mondays. +If an object is to be added to group membership for three days - Wednesday till Friday, it will not +be added. This happens because the Membership Life Cycle schedule did not run on the specific days +for temporary membership update. Make sure that the schedule is set to run at a frequency that meets +your temporary membership requirements. + +Directory Manager generates notifications when the Membership Life Cycle schedule adds or removes +users from group membership. See the +[Manage Membership Life Cycle Notifications](/docs/directorymanager/11.1/signin/identitystore/configure/smtpserver.md#manage-membership-life-cycle-notifications) +topic. + +## Create a Membership Life Cycle Schedule + +Follow the steps to create a Membership Life Cycle Schedule. + +Step 1 – In Admin Center, click **Identity Stores** in the left pane. + +Step 2 – On the Identity Stores page, click the ellipsis button for an identity store and select +**Edit**. + +Step 3 – Click **Schedules** under Settings in the left pane. + +Step 4 – On the Schedules page, click **Add Schedule** and select **Membership Life Cycle Job**. The +Create Schedule page is displayed. + +Step 5 – In the Schedule Name box, enter a name for the schedule. + +Step 6 – The Name Preview box displays the schedule name prefixed with \_MembershipLifeCycle\_\_; +the schedule is displayed with this name in email notifications. + +Step 7 – Select a Directory Manager portal URL in the Portal URL drop-down list to include it in +notifications generated by the schedule. Users are redirected to this portal to perform any +necessary action. + +Step 8 – In the Scheduler Service Name drop-down list, select a Scheduler service that would be +responsible for triggering this schedule. The number of services displayed in the list depend on the +number of nodes in all Elasticsearch clusters in the environment, as each node has its own Scheduler +service. See the [Scheduler Service](/docs/directorymanager/11.1/signin/service/schedulerservice.md) topic for additional +information. + +Please note the following while selecting a Scheduler service: + +- The Scheduler service for the Directory Manager instance on which you are creating the schedule is + selected by default. However, you can select the Scheduler service of another instance as well. + +- The Scheduler service can be changed even after creating the schedule. Upon the next run, the + schedule will be triggered by the newly-selected Scheduler service. + +- If the selected Scheduler service fails to trigger the schedule, then no other Scheduler service + can be selected automatically. + +- If a schedule is run manually on the Admin Center, then the Scheduler service of that instance + will be used. + +Step 9 – You can specify containers as targets for the schedule. The schedule will process all +groups in these containers and their sub-containers. To specific containers as target, follow step 9 +in the +[Create a Group Usage Service Schedule](groupusageservice.md#create-a-group-usage-service-schedule) +topic for additional information. + +NOTE: Membership Lifecycle policies are not applied to OUs specified here. Target OUs and groups are +set in the respective policy. + +Step 10 – Click **Add Triggers** in the Triggers area to specify a triggering criterion for the +schedule, that, when met, starts the execution of the schedule. Follow step 11 in the +[Create a Group Usage Service Schedule](groupusageservice.md#create-a-group-usage-service-schedule) +topic to add triggers. + +Step 11 – Click **Add Authentication** in the Authentication area to specify an account for running +the schedule in the identity store. Follow step 12 in the +[Create a Group Usage Service Schedule](groupusageservice.md#create-a-group-usage-service-schedule) +topic for additional information. + +Step 12 – On the Create Schedule page, click **Create Schedule**. + +Step 13 – On the Schedules page, click **Save**. +The schedule is displayed under **Membership Life Cycle**. See the +[View the Schedules in an Identity Store ](manage.md#view-the-schedules-in-an-identity-store) topic +for additional information. diff --git a/docs/directorymanager/11.1/admincenter/schedule/orphangroupupdate.md b/docs/directorymanager/11.1/signin/schedule/orphangroupupdate.md similarity index 92% rename from docs/directorymanager/11.1/admincenter/schedule/orphangroupupdate.md rename to docs/directorymanager/11.1/signin/schedule/orphangroupupdate.md index a910b74488..1edea30517 100644 --- a/docs/directorymanager/11.1/admincenter/schedule/orphangroupupdate.md +++ b/docs/directorymanager/11.1/signin/schedule/orphangroupupdate.md @@ -1,3 +1,9 @@ +--- +title: "Orphan Group Update Schedule" +description: "Orphan Group Update Schedule" +sidebar_position: 90 +--- + # Orphan Group Update Schedule An orphan group is one without a primary owner. @@ -22,11 +28,11 @@ sent to the promoted owner. Note the following: The promotion of an additional owner to primary owner may violate the Group Owners policy for the minimum number of additional owners required. A notification is sent to the promoted owner to add an additional owner to comply with the policy. See the -[Group Owners Policy](/docs/directorymanager/11.1/admincenter/securityrole/policy/groupowners.md) topic. +[Group Owners Policy](/docs/directorymanager/11.1/signin/securityrole/policy/groupowners.md) topic. With history tracking enabled, history is logged at the group level and at the promoted owner’s level. See the -[Configure History Tracking](/docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/historytracking.md) topic. +[Configure History Tracking](/docs/directorymanager/11.1/signin/identitystore/configure/historytracking.md) topic. ## Create an Orphan Group Update Schedule @@ -54,7 +60,7 @@ necessary action. Step 8 – In the Scheduler Service Name drop-down list, select a Scheduler service that would be responsible for triggering this schedule. The number of services displayed in the list depend on the number of nodes in all Elasticsearch clusters in the environment, as each node has its own Scheduler -service. See the [Scheduler Service](/docs/directorymanager/11.1/admincenter/service/schedulerservice.md) topic for additional +service. See the [Scheduler Service](/docs/directorymanager/11.1/signin/service/schedulerservice.md) topic for additional information. Please note the following while selecting a Scheduler service: diff --git a/docs/directorymanager/11.1/signin/schedule/overview.md b/docs/directorymanager/11.1/signin/schedule/overview.md new file mode 100644 index 0000000000..e9edc36e94 --- /dev/null +++ b/docs/directorymanager/11.1/signin/schedule/overview.md @@ -0,0 +1,78 @@ +--- +title: "Schedules" +description: "Schedules" +sidebar_position: 60 +--- + +# Schedules + +The scheduling feature in Directory Manager enables you to perform several operations by creating +scheduled jobs for an identity store. These schedules auto run at the specified day, time, and +frequency. + +## Schedules for Active Directory, Google Workspae, and Generic LDAP Identity Stores + +You can define the following schedules for an identity store: + +- A [Group Usage Service Schedule](/docs/directorymanager/11.1/signin/schedule/groupusageservice.md) monitors group usage and time stamps groups + with the date and time they were last used. +- A [Group Life Cycle Schedule](/docs/directorymanager/11.1/signin/schedule/grouplifecycle.md) expires and deletes groups according to their + expiry policy. It executes the Group Lifecycle policy for the identity store. +- A [History Retention Schedule](/docs/directorymanager/11.1/signin/schedule/historyretention.md) archives identity store history data in + Directory Manager. +- A [GroupID Entitlement Schedule](/docs/directorymanager/11.1/signin/schedule/entitlement.md) replicates object permissions on file servers and + SharePoint sites for an Active Directory and Microsoft Entra ID identity store respectively. +- An [Entitlement Scope Schedule](/docs/directorymanager/11.1/signin/schedule/entitlementscope.md) replicates changes made to object permissions + on file servers and SharePoint sites using Directory Manager. +- An [Entitlement Temporary Permissions Schedule](/docs/directorymanager/11.1/signin/schedule/entitlementtemporarypermissions.md) updates the + temporary permissions for objects on file servers and SharePoint sites. +- A [Managed By Life Cycle Schedule](/docs/directorymanager/11.1/signin/schedule/managedbylifecycle.md) manages the temporary additional owners + for groups and temporary additional managers for users. +- A [Membership Life Cycle Schedule](/docs/directorymanager/11.1/signin/schedule/membershiplifecycle.md) updates the temporary membership of + groups. +- An [Orphan Group Update Schedule](/docs/directorymanager/11.1/signin/schedule/orphangroupupdate.md) sets the primary owner for an orphan + group. +- A [Reports Schedule](/docs/directorymanager/11.1/signin/schedule/reports.md)can automatically generate reports that you link with the + schedule. +- A [Schema Replication Schedule](/docs/directorymanager/11.1/signin/schedule/schemareplication.md) replicates the schema of an identity + provider to the Directory Manager database. +- A [Smart Group Update Schedule](/docs/directorymanager/11.1/signin/schedule/smartgroupupdate.md)updates Smart Groups and Dynasties. +- A [Synchronize Schedule](/docs/directorymanager/11.1/signin/schedule/synchronize.md) can execute Synchronize jobs and job groups at a set + frequency. +- A [User Life Cycle Schedule](/docs/directorymanager/11.1/signin/schedule/userlifecycle.md) disables users who do not validate their profiles + within a given period, based on the settings defined for user profile validation. +- A [Workflow Acceleration Schedule](/docs/directorymanager/11.1/signin/schedule/workflowacceleration.md) forwards workflow requests to + approvers and auto approves requests according to workflow approver acceleration rules. + +NOTE: Role members with the _Manage Scheduling_ permission in an identity store can create and +manage scheduled jobs. See the +[Modify Role Permissions](/docs/directorymanager/11.1/signin/securityrole/manage.md#modify-role-permissions) topic for additional +information. + +Schedules are saved in the Directory Manager database. The GroupIDSchedulerService, created in the +GroupIDSite11 site in native IIS is responsible for initiating schedule runs. + +## Schedules for Microsoft Entra ID Identity Store + +The following schedules are automatically created when their associated configurations are done in +an identity store. + +- Entitlement ([GroupID Entitlement Schedule](/docs/directorymanager/11.1/signin/schedule/entitlement.md), + [Entitlement Scope Schedule](/docs/directorymanager/11.1/signin/schedule/entitlementscope.md), + [Entitlement Temporary Permissions Schedule](/docs/directorymanager/11.1/signin/schedule/entitlementtemporarypermissions.md)) +- [User Life Cycle Schedule](/docs/directorymanager/11.1/signin/schedule/userlifecycle.md) +- [History Retention Schedule](/docs/directorymanager/11.1/signin/schedule/historyretention.md) +- [Workflow Acceleration Schedule](/docs/directorymanager/11.1/signin/schedule/workflowacceleration.md) + +In a Microsoft Entra ID identity provider, the Entra ID user must be logged into the Admin Center +while making configurations of these schedules. The schedules are then run in the context of the +logged in user. The following dialog box displays the username of the logged-in user when you +configure a schedule: + +![entraidscheduleauthenticate](/img/product_docs/directorymanager/11.1/admincenter/schedule/entraidscheduleauthenticate.webp) + +Use the Login with a different user option to provide the credentials of another account to run the +schedule in the identity store is not available for a Microsoft Entra ID identity store. + +NOTE: The existing schedules will continue to work. The SAML provider authentication does not apply +on them. diff --git a/docs/directorymanager/11.1/signin/schedule/reports.md b/docs/directorymanager/11.1/signin/schedule/reports.md new file mode 100644 index 0000000000..de10c6b52f --- /dev/null +++ b/docs/directorymanager/11.1/signin/schedule/reports.md @@ -0,0 +1,114 @@ +--- +title: "Reports Schedule" +description: "Reports Schedule" +sidebar_position: 100 +--- + +# Reports Schedule + +Directory Manager can generate reports for an identity store on a scheduled basis. + +You can create a Reports schedule and add reports to it. When the schedule runs, all added reports +are auto generated. The Reports schedule also sends email notifications to the designated +recipients. + +## Create a Reports Schedule + +Follow the steps to create a Reports Schedule. + +Step 1 – In Admin Center, click **Identity Stores** in the left pane. + +Step 2 – On the Identity Stores page, click the ellipsis button for an identity store and select +**Edit**. + +Step 3 – Click **Schedules** under Settings in the left pane. + +Step 4 – On the Schedules page, click **Add Schedule** and select **Reports Job**. The Create +Schedule page is displayed. + +Step 5 – In the Schedule Name box, enter a name for the schedule. + +Step 6 – The Name Preview box displays the schedule name prefixed with \_ReportPortal\_\_; the +schedule is displayed with this name in email notifications. + +Step 7 – In the Scheduler Service Name drop-down list, select a Scheduler service that would be +responsible for triggering this schedule. The number of services displayed in the list depend on the +number of nodes in all Elasticsearch clusters in the environment, as each node has its own Scheduler +service. See the [Scheduler Service](/docs/directorymanager/11.1/signin/service/schedulerservice.md) topic for additional +information. + +Please note the following while selecting a Scheduler service: + +- The Scheduler service for the Directory Manager instance on which you are creating the schedule is + selected by default. However, you can select the Scheduler service of another instance as well. + +- The Scheduler service can be changed even after creating the schedule. Upon the next run, the + schedule will be triggered by the newly-selected Scheduler service. + +- If the selected Scheduler service fails to trigger the schedule, then no other Scheduler service + can be selected automatically. + +- If a schedule is run manually on the Admin Center, then the Scheduler service of that instance + will be used. + +Step 8 – To add reports to the schedule, click **Add Report(s)** in the Reports area. The Add +Reports to Schedule dialog box is displayed. + +NOTE: You can only add reports that have been generated in the Directory Manager portal, since the +schedule uses the settings provided there to generate the report. Moreover, you cannot change the +settings here, such as the container and filter settings. + +1. In the Object Category drop-down list, select a report category. Available categories are: _All + Categories, Users, Groups, Contacts and Computers_. In the Directory Manager portal, reports are + classified under these categories. +2. The Reports drop-down list shows all reports in the selected category. On selecting a report, one + of the following happens: + + - The report is displayed in the grid on the dialog box. This is because it has previously been + added, and you do not need to add it again. If the report has been generated multiple times in + the Directory Manager portal, all instances are displayed, since each instance has its own + _title_, _container_, and _filter_ settings. + - If the report is not displayed in the grid, you have to add it using the Add button. (The Add + button gets enabled if this report has been generated in the Directory Manager portal.) + + Notice that when you select a category, a report may get listed in the grid. This is because the + first report in the category is auto selected in the **Reports** drop-down list. If that report + has previously been added, it is displayed in the grid. + +3. The report is listed in the grid on the dialog box with the following info: + + - Report Title – the name given to the report by the user while generating it. + - Report Name – the name of the report in Directory Manager. + - Container – the container the report will fetch results from. This container was specified by + the user while generating the report. + - Filter – the criteria applied to get the results. + + You can add as many reports as required. + +4. Select the check box for a report and click **Add**. The selected reports are displayed in the + Reports area on the Create Schedule page. When this Reports schedule runs, it auto generates all + added reports. + To remove a report , click **Remove** for it. + +Step 9 – Click **Add Triggers** in the Triggers area to specify a triggering criterion for the +schedule, that, when met, starts the execution of the schedule. Follow step 11 in the +[Create a Group Usage Service Schedule](groupusageservice.md#create-a-group-usage-service-schedule) +topic to add triggers. + +Step 10 – Click **Add Authentication** in the **Authentication** area to specify an account for +running the schedule in the identity store. Follow step 12 in the +[Create a Group Usage Service Schedule](groupusageservice.md#create-a-group-usage-service-schedule) +topic for additional information. + +Step 11 – To set up notifications for the schedule, click **Notifications**. + +1. On the Notifications dialog box, enter the email address of recipient(s) to whom you want to send + the reports generated by the schedule. Use a semicolon to separate multiple addresses. +2. Click **Save**. + +Step 12 – On the Create Schedule page, click **Create Schedule**. + +Step 13 – On the Schedules page, click **Save**. +The schedule is displayed under **Reports**. See the +[View the Schedules in an Identity Store ](manage.md#view-the-schedules-in-an-identity-store)topic +for details. diff --git a/docs/directorymanager/11.1/admincenter/schedule/schemareplication.md b/docs/directorymanager/11.1/signin/schedule/schemareplication.md similarity index 94% rename from docs/directorymanager/11.1/admincenter/schedule/schemareplication.md rename to docs/directorymanager/11.1/signin/schedule/schemareplication.md index 3fd47276b0..770d1a9bfa 100644 --- a/docs/directorymanager/11.1/admincenter/schedule/schemareplication.md +++ b/docs/directorymanager/11.1/signin/schedule/schemareplication.md @@ -1,3 +1,9 @@ +--- +title: "Schema Replication Schedule" +description: "Schema Replication Schedule" +sidebar_position: 110 +--- + # Schema Replication Schedule An Identity store is built on an identity provider, that could be Active Directory, Microsoft Entra @@ -15,7 +21,7 @@ manually or according to its triggers. When the Schema Replication schedule runs for the first time, it replicates schema from scratch. In all subsequent runs, it replicates any changes made to the schema. Of this replicated schema, you can choose the object attributes you actually want to use in an identity store. See the -[Specify Object Attributes to Replicate](/docs/directorymanager/11.1/admincenter/identitystore/replication.md#specify-object-attributes-to-replicate) +[Specify Object Attributes to Replicate](/docs/directorymanager/11.1/signin/identitystore/replication.md#specify-object-attributes-to-replicate) topic for details. NOTE: For Microsoft Entra ID, schema is replicated from the schema file for Graph API v 3.26.0. @@ -42,7 +48,7 @@ schedule as read-only. Step 6 – In the Scheduler Service Name drop-down list, select a Scheduler service that would be responsible for triggering this schedule. The number of services displayed in the list depend on the number of nodes in all Elasticsearch clusters in the environment, as each node has its own Scheduler -service. See the [Scheduler Service](/docs/directorymanager/11.1/admincenter/service/schedulerservice.md) topic for additional +service. See the [Scheduler Service](/docs/directorymanager/11.1/signin/service/schedulerservice.md) topic for additional information. Please note the following while selecting a Scheduler service: diff --git a/docs/directorymanager/11.1/admincenter/schedule/smartgroupupdate.md b/docs/directorymanager/11.1/signin/schedule/smartgroupupdate.md similarity index 97% rename from docs/directorymanager/11.1/admincenter/schedule/smartgroupupdate.md rename to docs/directorymanager/11.1/signin/schedule/smartgroupupdate.md index 90a9a8cee0..ff4b5d3d66 100644 --- a/docs/directorymanager/11.1/admincenter/schedule/smartgroupupdate.md +++ b/docs/directorymanager/11.1/signin/schedule/smartgroupupdate.md @@ -1,3 +1,9 @@ +--- +title: "Smart Group Update Schedule" +description: "Smart Group Update Schedule" +sidebar_position: 120 +--- + # Smart Group Update Schedule You can create a Smart Group Update schedule and bind it to Smart Groups and Dynasties in an @@ -41,7 +47,7 @@ necessary action. Step 8 – In the Scheduler Service Name drop-down list, select a Scheduler service that would be responsible for triggering this schedule. The number of services displayed in the list depend on the number of nodes in all Elasticsearch clusters in the environment, as each node has its own Scheduler -service. See the [Scheduler Service](/docs/directorymanager/11.1/admincenter/service/schedulerservice.md) topic for additional +service. See the [Scheduler Service](/docs/directorymanager/11.1/signin/service/schedulerservice.md) topic for additional information. Please note the following while selecting a Scheduler service: diff --git a/docs/directorymanager/11.1/signin/schedule/synchronize.md b/docs/directorymanager/11.1/signin/schedule/synchronize.md new file mode 100644 index 0000000000..34eee2418d --- /dev/null +++ b/docs/directorymanager/11.1/signin/schedule/synchronize.md @@ -0,0 +1,80 @@ +--- +title: "Synchronize Schedule" +description: "Synchronize Schedule" +sidebar_position: 130 +--- + +# Synchronize Schedule + +The Directory Manager scheduling function enables you to set any Synchronize job or job collection +to run automatically. Create a Synchronize schedule and add Synchronize jobs and job collections as +targets. When the schedule runs, the target jobs and job collections are executed. + +## Create a Synchronize Schedule + +Follow the steps to create a Synchronize Schedule. + +Step 1 – In Admin Center, click **Identity Stores** in the left pane. + +Step 2 – On the Identity Stores page, click the ellipsis button for an identity store and select +**Edit**. + +Step 3 – Click **Schedules** under Settings in the left pane. + +Step 4 – On the Schedules page, click **Add Schedule** and select **Synchronize Job**. The Create +Schedule page is displayed. + +Step 5 – In the Schedule Name box, enter a name for the schedule. + +Step 6 – The Name Preview displays the schedule name prefixed with \_SynchronizeJobPortal\_\_; the +schedule is displayed with this name in email notifications. + +Step 7 – In the Scheduler Service Name drop-down list, select a Scheduler service that would be +responsible for triggering this schedule. The number of services displayed in the list depend on the +number of nodes in all Elasticsearch clusters in the environment, as each node has its own Scheduler +service. See the [Scheduler Service](/docs/directorymanager/11.1/signin/service/schedulerservice.md) topic for additional +information. + +Please note the following while selecting a Scheduler service: + +- The Scheduler service for the Directory Manager instance on which you are creating the schedule is + selected by default. However, you can select the Scheduler service of another instance as well. + +- The Scheduler service can be changed even after creating the schedule. Upon the next run, the + schedule will be triggered by the newly-selected Scheduler service. + +- If the selected Scheduler service fails to trigger the schedule, then no other Scheduler service + can be selected automatically. + +- If a schedule is run manually on the Admin Center, then the Scheduler service of that instance + will be used. + +Step 8 – Add a Synchronize job or a job collection or both to this schedule. + +- Click **Add Jobs** to add a Synchronize job to this schedule. The Select Jobs to Add dialog box + displays Synchronize jobs. Select one or more jobs and click **Add**. +- Click **Add Job Collection** to add a Synchronize job collection to this schedule. The Select Job + Collections to Add dialog box displays job collections from Synchronize. Select one or more job + collections from the list and click **Add**. + +The selected job(s) and job collection(s) are listed in the Target(s) area. They will be executed +when the schedule runs. +To remove a job or job collection in the Target(s)area, click **Remove** for it. +To remove all target objects, click **Remove All**. + +Step 9 – Click **Add Triggers** in the Triggers area to specify a triggering criterion for the +schedule, that, when met, starts the execution of the schedule. Follow step 11 in the +[Create a Group Usage Service Schedule](groupusageservice.md#create-a-group-usage-service-schedule) +topic to add triggers. + +Step 10 – Click **Add Authentication** in the Authentication area to specify an account for running +the schedule in the identity store. Follow step 12 in the +[Create a Group Usage Service Schedule](groupusageservice.md#create-a-group-usage-service-schedule) +topic for additional information. + +Step 11 – On the Create Schedule page, click **Create Schedule**. + +Step 12 – On the Schedules page, click **Save**. +The schedule is displayed under **Synchronize**. See the +[View the Schedules in an Identity Store ](manage.md#view-the-schedules-in-an-identity-store) topic +for additional information. diff --git a/docs/directorymanager/11.1/admincenter/schedule/triggers.md b/docs/directorymanager/11.1/signin/schedule/triggers.md similarity index 99% rename from docs/directorymanager/11.1/admincenter/schedule/triggers.md rename to docs/directorymanager/11.1/signin/schedule/triggers.md index 06d7c29395..c0a2f4b8d2 100644 --- a/docs/directorymanager/11.1/admincenter/schedule/triggers.md +++ b/docs/directorymanager/11.1/signin/schedule/triggers.md @@ -1,3 +1,9 @@ +--- +title: "Triggers" +description: "Triggers" +sidebar_position: 170 +--- + # Triggers Follow the steps to define a trigger. diff --git a/docs/directorymanager/11.1/admincenter/schedule/userlifecycle.md b/docs/directorymanager/11.1/signin/schedule/userlifecycle.md similarity index 95% rename from docs/directorymanager/11.1/admincenter/schedule/userlifecycle.md rename to docs/directorymanager/11.1/signin/schedule/userlifecycle.md index 381abfdb0c..e1f8e167ed 100644 --- a/docs/directorymanager/11.1/admincenter/schedule/userlifecycle.md +++ b/docs/directorymanager/11.1/signin/schedule/userlifecycle.md @@ -1,3 +1,9 @@ +--- +title: "User Life Cycle Schedule" +description: "User Life Cycle Schedule" +sidebar_position: 140 +--- + # User Life Cycle Schedule The User Life Cycle schedule monitors the profile validation process in Directory Manager. It @@ -34,7 +40,7 @@ necessary action. Step 8 – In the Scheduler Service Name drop-down list, select a Scheduler service that would be responsible for triggering this schedule. The number of services displayed in the list depend on the number of nodes in all Elasticsearch clusters in the environment, as each node has its own Scheduler -service. See the [Scheduler Service](/docs/directorymanager/11.1/admincenter/service/schedulerservice.md) topic for additional +service. See the [Scheduler Service](/docs/directorymanager/11.1/signin/service/schedulerservice.md) topic for additional information. Please note the following while selecting a Scheduler service: diff --git a/docs/directorymanager/11.1/admincenter/schedule/workflowacceleration.md b/docs/directorymanager/11.1/signin/schedule/workflowacceleration.md similarity index 93% rename from docs/directorymanager/11.1/admincenter/schedule/workflowacceleration.md rename to docs/directorymanager/11.1/signin/schedule/workflowacceleration.md index 943411b2d1..566a17faee 100644 --- a/docs/directorymanager/11.1/admincenter/schedule/workflowacceleration.md +++ b/docs/directorymanager/11.1/signin/schedule/workflowacceleration.md @@ -1,8 +1,14 @@ +--- +title: "Workflow Acceleration Schedule" +description: "Workflow Acceleration Schedule" +sidebar_position: 150 +--- + # Workflow Acceleration Schedule A Workflow Acceleration schedule facilitates the workflow approver acceleration process for workflow requests. This schedule is auto created when approver acceleration is enabled for the identity -store. See the [Workflow Approver Acceleration](/docs/directorymanager/11.1/admincenter/workflow/approveracceleration.md) topic for +store. See the [Workflow Approver Acceleration](/docs/directorymanager/11.1/signin/workflow/approveracceleration.md) topic for additional information. By default, the schedule runs daily to accelerate workflow requests to approvers, according to @@ -32,7 +38,7 @@ notifications Step 6 – In the Scheduler Service Name drop-down list, select a Scheduler service that would be responsible for triggering this schedule. The number of services displayed in the list depend on the number of nodes in all Elasticsearch clusters in the environment, as each node has its own Scheduler -service. See the [Scheduler Service](/docs/directorymanager/11.1/admincenter/service/schedulerservice.md) topic for additional +service. See the [Scheduler Service](/docs/directorymanager/11.1/signin/service/schedulerservice.md) topic for additional information. Please note the following while selecting a Scheduler service: diff --git a/docs/directorymanager/11.1/signin/securityrole/_category_.json b/docs/directorymanager/11.1/signin/securityrole/_category_.json new file mode 100644 index 0000000000..6447c41766 --- /dev/null +++ b/docs/directorymanager/11.1/signin/securityrole/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Security Roles", + "position": 40, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/directorymanager/11.1/admincenter/securityrole/checkrole.md b/docs/directorymanager/11.1/signin/securityrole/checkrole.md similarity index 88% rename from docs/directorymanager/11.1/admincenter/securityrole/checkrole.md rename to docs/directorymanager/11.1/signin/securityrole/checkrole.md index dd65f39882..d95720f1b1 100644 --- a/docs/directorymanager/11.1/admincenter/securityrole/checkrole.md +++ b/docs/directorymanager/11.1/signin/securityrole/checkrole.md @@ -1,3 +1,9 @@ +--- +title: "Check the Roles of a User" +description: "Check the Roles of a User" +sidebar_position: 50 +--- + # Check the Roles of a User As discussed in the @@ -5,7 +11,7 @@ As discussed in the topic, a user in an identity store can have different security roles assigned to it in different Directory Manager clients. Moreover, a user can also have multiple roles in a client, in which case the highest priority role takes precedence when the user logs into that specific client. See -[Priority](/docs/directorymanager/11.1/admincenter/securityrole/manage.md). +[Priority](/docs/directorymanager/11.1/signin/securityrole/manage.md). Directory Manager enables you to view the highest priority role of a user in a client. This role identifies the access level of that user in the client. Select a client and specify a user. @@ -47,5 +53,5 @@ Directory Manager fetches the highest priority role of the user with respect to See Also -- [Security Roles](/docs/directorymanager/11.1/admincenter/securityrole/overview.md) -- [Manage Security Roles](/docs/directorymanager/11.1/admincenter/securityrole/manage.md) +- [Security Roles](/docs/directorymanager/11.1/signin/securityrole/overview.md) +- [Manage Security Roles](/docs/directorymanager/11.1/signin/securityrole/manage.md) diff --git a/docs/directorymanager/11.1/signin/securityrole/create.md b/docs/directorymanager/11.1/signin/securityrole/create.md new file mode 100644 index 0000000000..034d8a2315 --- /dev/null +++ b/docs/directorymanager/11.1/signin/securityrole/create.md @@ -0,0 +1,89 @@ +--- +title: "Create a Security Role" +description: "Create a Security Role" +sidebar_position: 10 +--- + +# Create a Security Role + +To create a security role for an identity store, you have to specify the following: + +- Criteria - See [Criteria ](/docs/directorymanager/11.1/signin/securityrole/manage.md). +- Priority - See [Priority](/docs/directorymanager/11.1/signin/securityrole/manage.md). +- Permissions - Permissions refer to the different actions that role members can perform using + Directory Manager, for example, creating directory objects, managing groups, managing scheduled + jobs, managing user profiles, and more. +- Policies - Policies refer to settings that apply to role members. For example, the search policy + limits role members to search for objects in a particular container. + +You can create a role from scratch or by copying an existing role. See the +[Security Roles](/docs/directorymanager/11.1/signin/securityrole/overview.md) topic for additional information on security roles. + +NOTE: You can disable a role to prevent its members from accessing Directory Manager. To prevent an +individual role member from accessing Directory Manager, you must remove him or her from the group +or container specified as role criteria. + +What do you want to do? + +- Create a Security Role from Scratch +- Create a Role by Copying an Existing Role + +## Create a Security Role from Scratch + +Follow the steps to create a security role + +Step 1 – In Admin Center, click **Identity Stores** in the left pane. + +Step 2 – On the Identity Stores page, click the ellipsis button for an identity store and select +**Edit**. + +Step 3 – Click **Security Roles** under Settings in the left pane. + +Step 4 – On the **Security Roles** page, click **Add Security Role**. The **Create Security Role** +page is displayed. + +Step 5 – Enter a name for the security role in the **Name** box. + +Step 6 – Enter a brief description for the role in the **Description** box. + +Step 7 – In the **Priority** box, type or select a value in the range, 1-99, to set the role +priority. This should be a unique value for each role in an identity store. + +Step 8 – In the **Criteria** area, specify a criterion to determine role members. For details, see +the [Security Role – Criteria](/docs/directorymanager/11.1/signin/securityrole/criteria.md) topic. + +Step 9 – Next, assign group management, user management, and other permissions to the security role. +For details, see the [Security Role – Permissions](/docs/directorymanager/11.1/signin/securityrole/permissions.md) topic. + +Step 10 – Select the **HelpDesk Role** checkbox if you want to restrict role members to the Helpdesk +node of Admin Center. + +Step 11 – Click **Create Security Role**. + +Step 12 – Click **Save** on the **Security Roles** page. See the [Manage Security Roles](/docs/directorymanager/11.1/signin/securityrole/manage.md) +topic. + +## Create a Role by Copying an Existing Role + +You can use a security role as a template to create a new role. In this case, the criteria, +permissions, and policies of the template role are copied to the new role. + +Follow the steps to copy a role + +Step 1 – In Admin Center, click **Identity Stores** in the left pane. + +Step 2 – On the Identity Stores page, click the ellipsis button for an identity store and select +**Edit**. + +Step 3 – Click **Security Roles** under Settings in the left pane. + +Step 4 – On the **Security Roles** page, click the ellipsis button for the security role you want to +use as template and select **Copy**. The **Copy Security Role** page is displayed. + +Step 5 – Follow steps 5-9 in the Create a Security Role from Scratch topic to update role info and +click **Update Security Role**. + +Step 6 – On the Security Roles page, click **Save**. + +Step 7 – To update the policies for the new role, see the +[Security Role Policies](/docs/directorymanager/11.1/signin/securityrole/policy/overview.md) topic. diff --git a/docs/directorymanager/11.1/admincenter/securityrole/criteria.md b/docs/directorymanager/11.1/signin/securityrole/criteria.md similarity index 92% rename from docs/directorymanager/11.1/admincenter/securityrole/criteria.md rename to docs/directorymanager/11.1/signin/securityrole/criteria.md index 3b5be6bb53..1ba3729cdc 100644 --- a/docs/directorymanager/11.1/admincenter/securityrole/criteria.md +++ b/docs/directorymanager/11.1/signin/securityrole/criteria.md @@ -1,3 +1,9 @@ +--- +title: "Security Role – Criteria" +description: "Security Role – Criteria" +sidebar_position: 30 +--- + # Security Role – Criteria You can specify a criterion that determines which users fall in the security role. @@ -86,6 +92,6 @@ you may want role members to access Portal A only. See Also -- [Security Roles](/docs/directorymanager/11.1/admincenter/securityrole/overview.md) -- [Create a Security Role](/docs/directorymanager/11.1/admincenter/securityrole/create.md) -- [Manage Security Roles](/docs/directorymanager/11.1/admincenter/securityrole/manage.md) +- [Security Roles](/docs/directorymanager/11.1/signin/securityrole/overview.md) +- [Create a Security Role](/docs/directorymanager/11.1/signin/securityrole/create.md) +- [Manage Security Roles](/docs/directorymanager/11.1/signin/securityrole/manage.md) diff --git a/docs/directorymanager/11.1/signin/securityrole/manage.md b/docs/directorymanager/11.1/signin/securityrole/manage.md new file mode 100644 index 0000000000..d4a70006d1 --- /dev/null +++ b/docs/directorymanager/11.1/signin/securityrole/manage.md @@ -0,0 +1,148 @@ +--- +title: "Manage Security Roles" +description: "Manage Security Roles" +sidebar_position: 20 +--- + +# Manage Security Roles + +After creating a security role, you can manage various settings for it, such as tole criteria, +permissions, and policies. + +What do you want to do? + +- View Security Roles +- Enable or Disable a Role +- Change Role Priority +- Criteria  +- Modify Role Permissions +- Define Policies for a Role +- Delete a Role + +## View Security Roles + +1. In Admin Center, click **Identity Stores** in the left pane. +2. On the **Identity Stores** page, click the ellipsis button for an identity store and select + **Edit**. +3. Click **Security Roles** under **Settings** in the left pane. + On the **Security Roles** page, the following information is displayed for a role: + + | Label | Description | + | ------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | + | Enable | Shows whether the security role is enabled or disabled. Use the toggle button for an enabled role to disable it and vice versa. Members of a disabled role cannot access Directory Manager. | + | Display name | The display name of the security role. | + | Priority | Each security role is assigned a value from 1-99, where 1 indicates the highest priority and 99 indicates the lowest priority. Role priority is unique for a role in an identity store. Role priority is used to resolve conflicts when a user has more than one role in Directory Manager. For example, when a user has two roles, Administrator and User, with role priority set to 1 and 25 respectively, then permissions and policies for the higher priority role (i.e., Administrator), will apply when the user logs into Directory Manager. | + | Criteria | Role criteria determines the users the role applies to. You can specify as container or group as criteria for a role. - In case of a container, all users residing in it are assigned the role. - For a group, all group members are assigned the role. | + | Description | A description for the security role. | + | Actions | - Click **Edit** for a security role to update its details, criteria, policies, and permissions. - Click the ellipsis button and select Delete to delete the security role. - Click the ellipsis button and select Copy to create a new security role by copying the respective role. | + +## Enable or Disable a Role + +You can disable a role to prevent its members from signing into Directory Manager. You can also +enable a disabled role to allow its members to access Directory Manager. By default, all new roles +created for an identity store are enabled. + +NOTE: To prevent an individual role member from accessing Directory Manager, you must remove him or +her from the group or container specified as role criteria. + +**To enable or disable a security role:** + +**Method 1:** + +1. In Admin Center, click **Identity Stores** in the left pane. +2. On the **Identity Stores** page, click the ellipsis button for an identity store and select + **Edit**. +3. Click **Security Roles** under **Settings** in the left pane. +4. On the **Security Roles** page, use the **Enable** toggle button for a role to enable or disable + it. +5. Click **Save**. + +**Method 2:** + +1. In Admin Center, click **Identity Stores** in the left pane. +2. On the **Identity Stores** page, click the ellipsis button for an identity store and select + **Edit**. +3. Click **Security Roles** under **Settings** in the left pane. +4. On the **Security Roles** page, click **Edit** for a security role. +5. On the **Update Security Role** page, use the toggle button in the top left corner to enable or + disable the role. +6. Click **Update Security Role**. +7. On the **Security Roles** page, click **Save**. + +## Change Role Priority + +While changing role priority, remember that the priority number must be unique for a role in an +identity store. + +**To change role priority:** + +1. In Admin Center, click **Identity Stores** in the left pane. +2. On the **Identity Stores** page, click the ellipsis button for an identity store and select + **Edit**. +3. Click **Security Roles** under **Settings** in the left pane. +4. On the **Security Roles** page, click **Edit** for a security role. +5. In the **Priority** box on the **Edit Security Role** page, change the value for role priority. + This value must fall in the range, 1-99, where 1 indicates the highest and 99 indicates the + lowest priority. See Priority. +6. Click **Update Security Role**. +7. On the **Security Roles** page, click **Save**. + +## Change Role Criteria + +By changing role criteria , you can specify a different set of users as members of a role. + +**To change role criteria:** + +1. In Admin Center, click **Identity Stores** in the left pane. +2. On the **Identity Stores** page, click the ellipsis button for an identity store and select + **Edit**. +3. Click **Security Roles** under **Settings** in the left pane. +4. On the **Security Roles** page, click **Edit** for a security role. +5. On the **Edit Security Role** page, the **Criteria** area displays the role criteria. Click **Add + Criteria** to change it. On the **Add Criteria** dialog box, update the criteria. See the + [Security Role – Criteria](/docs/directorymanager/11.1/signin/securityrole/criteria.md) topic for details. +6. Click **Update Security Role**. +7. On the **Security Roles** page, click **Save**. + +## Modify Role Permissions + +You can update the permissions assigned to a role. + +**To update role permissions:** + +1. In Admin Center, click **Identity Stores** in the left pane. +2. On the **Identity Stores** page, click the ellipsis button for an identity store and select + **Edit**. +3. Click **Security Roles** under **Settings** in the left pane. +4. On the **Security Roles** page, click **Edit** for a security role. +5. On the **Edit Security Role** page, click **Select what members can do** in the **Permissions** + area to change role permissions. +6. On the **Add Permissions** dialog box, select **Allow** for a permission to assign it to the + role. Select **Deny** for a permission to deny it to the role. To learn about the available + permissions, see the [Security Role – Permissions](/docs/directorymanager/11.1/signin/securityrole/permissions.md) topic. +7. After assigning the required permissions, click **OK**. +8. Click **Update Security Role**. +9. On the **Security Roles** page, click **Save**. + +## Define Policies for a Role + +To define policies for a security role, see the [Security Role Policies](/docs/directorymanager/11.1/signin/securityrole/policy/overview.md) topic. + +## Delete a Role + +When you delete a security role, role members will not be able to access Directory Manager. + +**To delete a role:** + +1. In Admin Center, click **Identity Stores** in the left pane. +2. On the **Identity Stores** page, click the ellipsis button for an identity store and select + **Edit**. +3. Click **Security Roles** under **Settings** in the left pane. +4. On the **Security Roles** page, click the ellipsis button for a security role and select + **Delete** to delete it. +5. Click **Save**. + +See Also + +- [Security Roles](/docs/directorymanager/11.1/signin/securityrole/overview.md) +- [Create a Security Role](/docs/directorymanager/11.1/signin/securityrole/create.md) diff --git a/docs/directorymanager/11.1/signin/securityrole/overview.md b/docs/directorymanager/11.1/signin/securityrole/overview.md new file mode 100644 index 0000000000..c8fe191345 --- /dev/null +++ b/docs/directorymanager/11.1/signin/securityrole/overview.md @@ -0,0 +1,67 @@ +--- +title: "Security Roles" +description: "Security Roles" +sidebar_position: 40 +--- + +# Security Roles + +Security roles enable you to control access to Directory Manager and the directory. An identity +store in Directory Manager has the following built-in roles that you can assign to users: + +- **Administrator:** By default, this role has permissions on all functions that can be performed in + an identity store. +- **Helpdesk:** This role is available for helpdesk users, who can reset identity store account + passwords and unlock identity store accounts on behalf of other users. Admin Center for this role, + by default, is available in the Helpdesk mode only. + + NOTE: The Helpdesk role is not available by default for a Microsoft Entra ID identity store. + +- **User:** This role can be assigned to standard users, who can create new groups, manage their + groups, update their directory profiles, and manage their direct reports. + +These roles are highly customizable. You can modify their display name, priority level, permissions, +policies, and more. If the built-in roles do not meet your specific needs, you can create custom +security roles. See the [Manage Security Roles](/docs/directorymanager/11.1/signin/securityrole/manage.md) and [Create a Security Role](/docs/directorymanager/11.1/signin/securityrole/create.md) +topics for additional information. + +**View security role info** + +To view information about a security role, see the +[View Security Roles](manage.md#view-security-roles) topic. + +**User policies and permissions** + +Settings defined for an identity store apply to all users while role-based permissions and policies +only apply to members of a role. See the +[Configure an Identity Store](/docs/directorymanager/11.1/signin/identitystore/configure/configure.md)topic for additional information. + +## Assign Distinct Roles to a User in Directory Manager Clients + +You can assign different roles to a user in different Directory Manager clients. For example, a user +can have the administrator role in Directory Manager Management Shell and the role of a standard +user in a Directory Manager portal. This flexibility is built into security roles using client-based +criteria. See the [Security Role – Criteria](/docs/directorymanager/11.1/signin/securityrole/criteria.md) topic. + +Directory Manager clients include: + +- Admin Center +- All Directory Manager portals created using Admin Center +- Directory Manager Management Shell + +Consider the following scenario: + +- For the Administrator role, you allow role members to access one Directory Manager client: + Directory Manager Management Shell. User A is a member of the Administrator role, so it gets + access to Management Shell as an admin. User A cannot access any other Directory Manager client. +- For the User role, you allow role members to access the Directory Manager portal only. User A is a + member of the User role, so it gets access to the portal as a standard user. + +As a result, User A has two different roles in two Directory Manager clients. + +Not only that, a user can also have multiple roles in a Directory Manager client, in which case role +priority is used to determine the access level of the user on the specific client. See +[Priority](/docs/directorymanager/11.1/signin/securityrole/manage.md). + +To view the highest priority role of a user with respect to a Directory Manager client, see the +[Check the Roles of a User](/docs/directorymanager/11.1/signin/securityrole/checkrole.md) topic. diff --git a/docs/directorymanager/11.1/signin/securityrole/permissions.md b/docs/directorymanager/11.1/signin/securityrole/permissions.md new file mode 100644 index 0000000000..52e9472cbd --- /dev/null +++ b/docs/directorymanager/11.1/signin/securityrole/permissions.md @@ -0,0 +1,200 @@ +--- +title: "Security Role – Permissions" +description: "Security Role – Permissions" +sidebar_position: 40 +--- + +# Security Role – Permissions + +You can allow or deny permissions to a security role on different Directory Manager functions. + +On the Create Security Role/Copy Security Role/Update Security Role page, click **Select what +members can do** in the Permissions area to grant permissions to role members. + +By default, all permissions displayed on the Add Permissions dialog box are denied to the new role. +Select the **Allow** option button for a permission to grant it to the role. To deny a permission, +select the **Deny** option button. After assigning the required permissions, click **OK**. + +Permissions are grouped under the following heads, with each tab representing a different head: + +- Users +- Groups +- Admin Center +- Synchronize +- Password Management +- Miscellaneous +- Container +- Entitlement + +## Users + +User-related permissions apply to all the Directory Manager clients that facilitate user management, +such as the Directory Manager portal and Management Shell. + +Click the **Users** tab on the Add Permissions dialog box. + +Permissions are discussed in the following table: + +| | Permissions | Descriptions | +| --- | -------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------ | +| 1. | Create Mailbox | Enables role members to create mailbox-enabled users. | +| 2. | Manage My Direct Reports | Enables role members to update the properties of their respective direct reports and add/remove them from the membership of groups. | +| 3. | Create Contact | Enables role members to create contact objects. | +| 4. | Create User | Enables role members to create users (both mail-enabled and non-mail enabled). | +| 5. | Delete | Enables role members to delete users from the directory. | +| 6. | Join/Leave on behalf of any user | Enables role members to add/remove any user from the membership of groups. | +| 7. | Join/Leave on behalf of Peer | Enables role members to add/remove their peers from the membership of groups. ‘Peers’ refer to users who report to the same manager as the user. | +| 8. | Manage Any Profile | Enables role members to update the profiles of other users. | +| 9. | Manage My Profile | Enables role members to update their directory profiles. | + +Remember, Generalized permissions override limited permissions. Hence, if Manage My Profile is +denied and Manage Any Profile allowed, role members can manage their own profiles as well. + +## Groups + +Group-related permissions apply to all the Directory Manager clients that facilitate group +management, such as the Directory Manager portal and Management Shell. + +Click the **Groups** tab on the Add Permissions dialog box. + +Permissions are discussed in the following table: + +| | Permissions | Descriptions | +| --- | ------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| 1. | Manage My Groups | Enables role members to modify the groups they own as primary owner, additional owner, and Exchange 2013/2016/2019 additional owner. Role members can update group properties, delete groups, expire groups, and more. | +| 2. | Create Static Group | Enables role members to create static (unmanaged) groups. | +| 3. | Create Smart Group | Enables role members to create Smart Groups and Dynasties (managed groups). | +| 4. | Manage Any Group | Enables role members to update the properties of any group, delete any group, expire any group, and more. | + +Remember, Generalized permissions override limited permissions. So, if Manage My Groups is denied +and Manage Any Group allowed, role members can manage all groups, including their own groups. + +## Admin Center + +To manage permissions for Admin Center, click the **Admin Center** tab on the Add Permissions dialog +box. + +Permissions are discussed in the following table: + +| | Permissions | Descriptions | +| --- | ------------------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| 1. | Create Application | Enables role members to create a new application using the **Applications** node in Admin Center: This permission only allows role members to create an application from scratch. They cannot create an application by copying an existing one or create another instance of an application. | +| 2. | Create Data Source | Enables role members to create data sources for Synchronize jobs. | +| 3. | Create Identity Store | Enables role members to create identity stores in Directory Manager. | +| 4. | Manage Admin Center Settings | Enables role members to manage the following in Admin Center settings: - Add and remove question to the global question pool. - Add, edit, and remove Directory Manager licenses. - Download log files for Directory Manager. These options can be accessed by clicking the **Settings** button at the bottom of the left navigation pane in Admin Center. If this permission is denied, role members can view the question pool, licenses, and dump logs function as read-only. | +| 5. | Manage Application Design Settings | Enables role members to update the design settings for an application in Admin Center. Applications can be accessed using the Applications node in the left pane. If this permission is denied, design settings are displayed to role members as read-only. The Manage Applications permission must be granted to the role as a prerequisite to the Manage Application Design Settings permission. | +| 6. | Manage Application Server Settings | Enables role members to update the server settings for an application in Admin Center. Applications can be accessed using the Applications node in the left pane. If this permission is denied, server settings are displayed to role members as read-only. The Manage Applications permission must be granted to the role as a prerequisite to the Manage Application Server Settings permission. | +| 7. | Manage Applications | Enables role members to do the following using the Applications node in Admin Center: - Create new applications by copying an existing application, deploy instances of an application, and delete an application. - View the already created applications as read-only. If you allow this permission to the role while denying the Manage Application Server Settings and Manage Application Design Settings permissions, role members will not be able to update the server and design settings for an application. These settings will be displayed as read-only. To enable them to update the server and design configurations for an application, this permission must be granted as a prerequisite along with the respective permission(s). | +| 8. | Manage Data Source | Enables role members to update and delete the data sources created for Synchronize jobs. | +| 9. | Manage Entitlement | For an Active Directory identity store: Enables role members to specify and manage file servers for entitlement analysis in an Active Directory identity store. For a Microsoft Entra ID identity store: Enables role members to specify and manage SharePoint sites for entitlement analysis in a Microsoft Entra ID identity store. If this permission is denied, the Entitlement page in identity store properties will be read-only for role members. The Manage Identity Store permission must be granted to the role as a prerequisite to the Manage Entitlement permission. | +| 10. | Manage Identity Store | Enables role members to do the following using the Identity Stores node in Admin Center: - Disable and delete identity stores. - View the properties of identity stores as read-only. To enable role members to define and update identity store properties, you must grant the Manage Identity Store permission along with the following identity store-specific permissions: - Manage Entitlement - Manage Identity Store Configurations - Manage Identity Store General Info - Manage Replication - Manage Scheduling - Manage Security Roles - Manage Workflows If you deny any of the above permissions, the respective area in identity store properties will be read-only. | +| 11. | Manage Identity Store Configurations | Enables role members to manage all the configurations for an identity store. These configurations are displayed when you select the **Configurations** option in identity store properties. If this permission is denied, these configurations will be read-only for role members. The Manage Identity Store permission must be granted to the role as a prerequisite to the Manage Identity Store Configurations permission. | +| 12. | Manage Identity Store General Info | Enables role members to: - Update the general info for an identity store, such as the identity store name and the service account used to connect to the provider. - Include/exclude child domains from replication. - Set DC priority. If this permission is denied, the Identity Store Detail page in identity store properties will be read-only for role members. The Manage Identity Store permission must be granted to the role as a prerequisite to the Manage Identity Store General Info permission. | +| 13. | Manage Identity Store Link | Enables role members to create, update, and delete identity store links. | +| 14. | Manage Notifications Editor | Enables role members to manage the Notification Editor in Admin Center, such as search and edit notification templates. The Notification Editor can be accessed in any of the following ways: - Using the Notification Editor button at the bottom of the left navigation pane in Admin Center. - Using the Notification Editor button on the Notification Queue page. If this permission is denied, the following happens: - The Notification Editor button on the Notification Queue page is disabled. - When launched using the Notification Editor button in the navigation pane, the Notification Editor page is displayed as read-only. | +| 15. | Manage Notifications Queue | Enables role members to manage the notification queue in Admin Center, such as resend and delete queued notifications . The Notification Queue page can be accessed using the Notifications node in the left pane. If this permission is denied, role members can only view the page as read-only. | +| 16. | Manage Replication | Enables role members to manage replication in Directory Manager. Role members will be able to manage the following: - Global replication settings on the Replication page, that can be accessed by clicking the Replication node in Admin Center. - Replication settings for an identity store, that are controlled from within that identity store. - Run replication for an identity store from the identity store card pinned on the Identity Stores page. If this permission is denied, the Replication pages for both global and identity store settings will be read-only, while the replication option will not be available on the identity store card. The Manage Identity Store permission must be granted to the role as a prerequisite to the Manage Replication permission. | +| 17. | Manage SAML | Enables role members to access Authenticate and manage: - Directory Manager as an identity provider - Directory Manager as a service provider | +| 18. | Manage Scheduling | Enables role members to create, update, and delete scheduled jobs for the identity store. If this permission is denied, the Scheduling page in identity store properties will be read-only for role members. The Manage Identity Store permission must be granted to the role as a prerequisite to the Manage Scheduling permission. | +| 19. | Manage Security Roles | Enables role members to manage security roles in the identity store, such as create, update, and delete roles. Role members would also be able to manage policies and permissions for roles. If this permission is denied, security roles and their configurations in identity store properties will be read-only for role members. The Manage Identity Store permission must be granted to the role as a prerequisite to the Manage Security Roles permission. | +| 20. | Manage SMS Gateways | Enables role members to create, update, and delete SMS gateway accounts in Admin Center. If this permission is denied, role members can view the gateway accounts as read-only. | +| 21. | Manage Workflows | Enables role members to manage workflows in the identity store, such as create, update, and delete workflows. Role members can also manage advanced workflow settings for the identity store. If this permission is denied, workflows and related settings in identity store properties will be read-only for role members. The Manage Identity Store permission must be granted to the role as a prerequisite to the Manage Workflows permission. | + +## Synchronize + +To manage permissions for Synchronize in the Directory Manager portal, click the **Synchronize** tab +on the Add Permissions dialog box. + +Permissions are discussed in the following table: + +| | Permissions | Descriptions | +| --- | ------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| 1. | Create Job | Enables role members to create Synchronize jobs and job collections in the identity store. | +| 2. | Delete Job | Enables role members to delete the Synchronize jobs and job collections for which they are the owners. To enable them to delete any job, grant the **View Any Job** permission with this permission. | +| 3. | Edit Job | Enables role members to edit Synchronize jobs and job collections in the identity store, such as change field mappings, apply transformations, update notification options, schedule the job run, and add/remove jobs from a job collection. Role members can only edit the jobs and job collections for which they are the owners. To enable them to edit any job, grant the **View Any Job** permission with this permission. | +| 4. | Run Job | Enables role members to manually run the jobs and job collections for which they are the owners. To enable them to run any job, grant the **View Any Job** permission with this permission. | +| 5. | View Any Job | Enables role members to view a list of all jobs and job collections in the identity store, regardless of whether they are the job owner or not. If you only grant this permission to the role, jobs and job collections will be displayed to role members as read-only. To enable them to edit, delete, or run jobs and job collections, this permission must be granted as a prerequisite along with the respective permission(s). | + +## Password Management + +To manage password reset and account unlock permissions, click the **Password Management** tab on +the Add Permissions dialog box. + +End-users can manage their identity store account passwords and unlock their accounts using the +Directory Manager portal while helpdesk users can reset passwords and unlock accounts for other +users through Admin Center. + +Permissions are discussed in the following table: + +| | Permissions | Descriptions | +| --- | --------------------- | ---------------------------------------------------------------------------------------- | +| 1. | Unlock My Account | Enables role members to unlock their identity store account. | +| 2. | Manage Linked Account | Enables role members to link their accounts that exist in different identity stores. | +| 3. | Change My Password | Enables role members to change their identity store account password. | +| 4. | Reset Any Password | Enables helpdesk users to reset the account password for any user in the identity store. | +| 5. | Reset My Password | Enables role members to reset their identity store account password. | +| 6. | Unenroll | Enables helpdesk users to unenroll a user’s identity store account in Directory Manager. | +| 7. | Unlock Any Account | Enables helpdesk users to unlock the identity store account for any user. | + +Remember, Generalized permissions override limited permissions. For example, if Unlock My Account is +denied and Unlock Any Account allowed, role members can unlock all accounts, including their own. + +## Miscellaneous + +To grant permissions on miscellaneous functions in Directory Manager, click the **Misc** tab on the +Add Permissions dialog box. + +Permissions are discussed in the following table: + +| | Permissions | Descriptions | +| --- | -------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| 1. | Enable Login to Service Provider | Enables role members to log into third-party applications using Directory Manager as an identity provider. | +| 2. | Manage All Requests | Enables roles members to approve/deny workflow requests, even when they are not designated as approvers of those requests. | +| 3. | Manage Report | Enables role members to create, edit, and delete reports for the identity store in the Directory Manager portal. Role members will not be able to view and download the reports. | +| 4. | View and Download Report | Enables role members to view and download the reports generated for the identity store in the Directory Manager portal. | + +## Container + +To manage permissions related to containers in the directory, click the **Container** tab on the Add +Permissions dialog box. + +Permissions are discussed in the following table: + +| | Permissions | Descriptions | +| --- | ---------------- | -------------------------------------------------------------------------------- | +| 1. | Create Container | Enables role members to create new containers in the directory (identity store). | + +## Entitlement + +To grant permissions on entitlements in the Directory Manager portal, click the **Entitlement** tab +on the Add Permissions dialog box. + +For an Active Directory identity store, this tab lists the file servers that have been selected for +permissions analysis on the Entitlement page. Click a file server to manage permissions for it. + +Permissions are discussed in the following table: + +| | Permissions | Descriptions | +| --- | ------------------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| 1. | Permission Set | Select the kind of permission set to grant to role members. - Administrative: Grants all the effective NTFS permissions to role members on all the file server shares. - Basic: Enables role members to navigate within the file server to view shared resources and the permissions assigned on them. You can change the permission set for both Administrative and Basic. Use the toggle button for each of the listed permissions to allow or deny it. | +| 2. | Allow user to navigate to this share | Enables role members to navigate this file server and explore the shared resources along with the permissions assigned on them. If this check box is not selected, role members will be able to view basic information about the file server only. They will not be able to navigate the file server to view the shares and permissions. | +| 3. | Add new user / group | Enables role members to search and select users/groups from the directory and grant permissions to them on one or more shares on the file server. The Type column lists the effective NTFS permissions. While adding users, role members will be able to grant permissions that you enable here. | +| 4. | Modify user / group | Enables role members to update the permissions assigned to users and groups on file server shares. The Type column lists the effective NTFS permissions. Role members will only be able to modify the permissions that you enable here. | +| 5. | Remove user / group | Enables role members to remove users and groups from the permission list of shares on the file server. Removed users and groups will not be able to access the respective share on the file server. | + +For a Microsoft Entra ID identity store, this tab lists the SharePoint sites that have been selected +for permissions analysis on the Entitlement page. Click a site to manage permissions for it. + +Permissions are discussed in the following table: + +| | Permissions | Descriptions | +| --- | ------------------------------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| 1. | Permission Set | Select the kind of permission set to grant to role members. - Administrative: Grants all the effective permissions to role members on all the document libraries in the site. - Basic: Enables role members to navigate within the site to view the document libraries and the permissions assigned on them. You can change the permission set for both Administrative and Basic. Use the toggle button for each of the listed permissions to allow or deny it. | +| 2. | Allow user to navigate to this share | Enables role members to navigate this SharePoint site and explore the document libraries along with the permissions assigned on them. If this check box is not selected, role members will be able to view basic information about the site only. They will not be able to navigate the site to view the document libraries and permissions. | +| 3. | Add new user | Enables role members to search and select users from the directory and grant permissions to them on one or more document libraries in the site. The facility to search and select groups is not available. Groups have to be added from SharePoint. Using Directory Manager, role members can manage group permissions. The Type column lists the effective permissions. While adding users, role members will be able to grant permissions that you enable here. | +| 4. | Modify user / group | Enables role members to update the permissions assigned to users and groups on document libraries in the site. The Type column lists the effective permissions. Role members will only be able to modify the permissions that you enable here. | +| 5. | Remove user / group | Enables role members to remove users and groups from the permission list of document libraries in the site. Removed users and groups will not be able to access the respective document library in the site. | + +NOTE: For more information on role permissions, see the +[User Roles in Microsoft Entra ID and Directory Manager ](/docs/directorymanager/11.1/signin/identitystore/advsentraid.md#user-roles-in-microsoft-entra-id-and-directory-manager) +topic. diff --git a/docs/directorymanager/11.1/signin/securityrole/policy/_category_.json b/docs/directorymanager/11.1/signin/securityrole/policy/_category_.json new file mode 100644 index 0000000000..796a9eb6c0 --- /dev/null +++ b/docs/directorymanager/11.1/signin/securityrole/policy/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Security Role Policies", + "position": 60, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/directorymanager/11.1/admincenter/securityrole/policy/authentication.md b/docs/directorymanager/11.1/signin/securityrole/policy/authentication.md similarity index 90% rename from docs/directorymanager/11.1/admincenter/securityrole/policy/authentication.md rename to docs/directorymanager/11.1/signin/securityrole/policy/authentication.md index c47e0ae794..f0445b2df4 100644 --- a/docs/directorymanager/11.1/admincenter/securityrole/policy/authentication.md +++ b/docs/directorymanager/11.1/signin/securityrole/policy/authentication.md @@ -1,3 +1,9 @@ +--- +title: "Authentication Policy for Security Roles" +description: "Authentication Policy for Security Roles" +sidebar_position: 50 +--- + # Authentication Policy for Security Roles Having enabled and configured authentication types for an identity store, you can: @@ -9,7 +15,7 @@ Having enabled and configured authentication types for an identity store, you ca - Enable second factor authentication (SFA) for a security role in an identity store. NOTE: For MFA and SFA to work for an identity store, make sure you enable enrollment for it. See the -[Enable Enrollment](/docs/directorymanager/11.1/admincenter/identitystore/configure/authtypes.md#enable-enrollment) topic. +[Enable Enrollment](/docs/directorymanager/11.1/signin/identitystore/configure/authtypes.md#enable-enrollment) topic. What do you want to do? @@ -81,5 +87,5 @@ Manager portal. **See Also** -- [Authentication Policy](/docs/directorymanager/11.1/admincenter/identitystore/configure/authpolicy.md) -- [Security Role Policies](/docs/directorymanager/11.1/admincenter/securityrole/policy/overview.md) +- [Authentication Policy](/docs/directorymanager/11.1/signin/authpolicy/authpolicy.md) +- [Security Role Policies](/docs/directorymanager/11.1/signin/securityrole/policy/overview.md) diff --git a/docs/directorymanager/11.1/admincenter/securityrole/policy/groupowners.md b/docs/directorymanager/11.1/signin/securityrole/policy/groupowners.md similarity index 93% rename from docs/directorymanager/11.1/admincenter/securityrole/policy/groupowners.md rename to docs/directorymanager/11.1/signin/securityrole/policy/groupowners.md index 7b0acc7ebd..de0b4592a5 100644 --- a/docs/directorymanager/11.1/admincenter/securityrole/policy/groupowners.md +++ b/docs/directorymanager/11.1/signin/securityrole/policy/groupowners.md @@ -1,3 +1,9 @@ +--- +title: "Group Owners Policy" +description: "Group Owners Policy" +sidebar_position: 10 +--- + # Group Owners Policy The Group Owners policy enables you to specify a group ownership criterion that role members must @@ -81,5 +87,5 @@ additional owners cannot be added. **See Also** -- [Security Roles](/docs/directorymanager/11.1/admincenter/securityrole/overview.md) -- [Security Role Policies](/docs/directorymanager/11.1/admincenter/securityrole/policy/overview.md) +- [Security Roles](/docs/directorymanager/11.1/signin/securityrole/overview.md) +- [Security Role Policies](/docs/directorymanager/11.1/signin/securityrole/policy/overview.md) diff --git a/docs/directorymanager/11.1/admincenter/securityrole/policy/helpdesk.md b/docs/directorymanager/11.1/signin/securityrole/policy/helpdesk.md similarity index 95% rename from docs/directorymanager/11.1/admincenter/securityrole/policy/helpdesk.md rename to docs/directorymanager/11.1/signin/securityrole/policy/helpdesk.md index 540e21a95e..bf74cf5302 100644 --- a/docs/directorymanager/11.1/admincenter/securityrole/policy/helpdesk.md +++ b/docs/directorymanager/11.1/signin/securityrole/policy/helpdesk.md @@ -1,3 +1,9 @@ +--- +title: "Helpdesk Policy" +description: "Helpdesk Policy" +sidebar_position: 70 +--- + # Helpdesk Policy The Helpdesk policy is meant for the helpdesk role in an identity store. @@ -17,8 +23,8 @@ them to perform their job: If these permissions are denied, the Helpdesk policy would have no impact, as role members would not be authorized to perform the respective operations. See -[Password Management](/docs/directorymanager/11.1/admincenter/securityrole/permissions.md#password-management) in the -[Security Role – Permissions](/docs/directorymanager/11.1/admincenter/securityrole/permissions.md) topic. +[Password Management](/docs/directorymanager/11.1/signin/securityrole/permissions.md#password-management) in the +[Security Role – Permissions](/docs/directorymanager/11.1/signin/securityrole/permissions.md) topic. The Helpdesk policy defines: @@ -152,7 +158,7 @@ authenticate end-users before unlocking their identity store accounts or resetti RECOMMENDED: As a prerequisite to applying this setting, make sure that the Security Questions authentication type is enabled and configured for the identity store, as well as enforced as an account enrollment method for security roles. See the -[Set up Authentication via Security Questions](/docs/directorymanager/11.1/admincenter/setupauth/securityquestions.md) topic. +[Set up Authentication via Security Questions](/docs/directorymanager/11.1/signin/authpolicy/setupauth/securityquestions.md) topic. Follow the steps to enforce security questions for authentication. @@ -283,10 +289,10 @@ Step 10 – On the Security Roles page, click **Save**. NOTE: (1) An SMS gateway account must be linked with the identity store for an SMS to be sent on the end-users’ mobile phones. See the -[Link an SMS Gateway Account to an Identity Store](/docs/directorymanager/11.1/admincenter/identitystore/configure/security/smsauthentication.md#link-an-sms-gateway-account-to-an-identity-store) +[Link an SMS Gateway Account to an Identity Store](/docs/directorymanager/11.1/signin/identitystore/configure/smsauthentication.md#link-an-sms-gateway-account-to-an-identity-store) topic. (2) An SMTP server must be configured for the identity store for email to be sent to end-users. See -the [Configure an SMTP Server](/docs/directorymanager/11.1/admincenter/identitystore/configure/smtpserver.md) topic. +the [Configure an SMTP Server](/docs/directorymanager/11.1/signin/identitystore/configure/smtpserver.md) topic. ### Force Users to Change Password on Next Logon diff --git a/docs/directorymanager/11.1/admincenter/securityrole/policy/membershipobjecttypeenforcement.md b/docs/directorymanager/11.1/signin/securityrole/policy/membershipobjecttypeenforcement.md similarity index 91% rename from docs/directorymanager/11.1/admincenter/securityrole/policy/membershipobjecttypeenforcement.md rename to docs/directorymanager/11.1/signin/securityrole/policy/membershipobjecttypeenforcement.md index bf87788c0f..c71815f1c9 100644 --- a/docs/directorymanager/11.1/admincenter/securityrole/policy/membershipobjecttypeenforcement.md +++ b/docs/directorymanager/11.1/signin/securityrole/policy/membershipobjecttypeenforcement.md @@ -1,3 +1,9 @@ +--- +title: "Membership Object Type Enforcement Policy" +description: "Membership Object Type Enforcement Policy" +sidebar_position: 100 +--- + # Membership Object Type Enforcement Policy The Membership Object Type Enforcement policy applies to static groups only. It enables you to limit @@ -28,7 +34,7 @@ Limitations domain controllers and computers). Therefore, even if the policy allows these objects to be added to group membership, they will not show up in search results when users search for objects for adding to group membership. -- The Membership Object Type Enforcement policy may conflict with the [Search Policy](/docs/directorymanager/11.1/admincenter/securityrole/policy/search.md) you +- The Membership Object Type Enforcement policy may conflict with the [Search Policy](/docs/directorymanager/11.1/signin/securityrole/policy/search.md) you define for the same user role in an identity store. An example of a conflict is: the Search policy prevents a security role from searching for user objects in the portal while the Membership Object Type Enforcement policy allows that same role to add only user objects to group membership. To @@ -37,7 +43,7 @@ Limitations specify on the Properties page under the Design node for a portal. For example, for the Members tab in group properties, you can allow/disallow object types that can be searched for adding to group membership (see step 17 in the - [Add a Field to a Tab](/docs/directorymanager/11.1/admincenter/portal/design/objectproperties.md#add-a-field-to-a-tab)topic). If the + [Add a Field to a Tab](/docs/directorymanager/11.1/signin/applications/portal/displaytype/objectproperties.md#add-a-field-to-a-tab)topic). If the design settings prevent users from searching for user objects to set as members while the Membership Object Type Enforcement policy allows role members to add only user objects to group membership, a conflict may arise. To avoid these, make sure the settings in the policy and the @@ -91,10 +97,10 @@ What do you want to do? groups, or to groups that reside in the specified container(s) and their sub-containers. 1. To specific containers as target, follow step 9 in the - [Create a Group Usage Service Schedule](/docs/directorymanager/11.1/admincenter/schedule/groupusageservice.md#create-a-group-usage-service-schedule) + [Create a Group Usage Service Schedule](/docs/directorymanager/11.1/signin/schedule/groupusageservice.md#create-a-group-usage-service-schedule) topic. 2. To add groups as target, follow step 9b in the - [Create a Smart Group Update Schedule](/docs/directorymanager/11.1/admincenter/schedule/smartgroupupdate.md#create-a-smart-group-update-schedule) + [Create a Smart Group Update Schedule](/docs/directorymanager/11.1/signin/schedule/smartgroupupdate.md#create-a-smart-group-update-schedule) topic, replacing Smart Groups and Dynasties with static groups. 3. To remove a container or group in the **Target(s)** area, click **Remove** for it. To remove all target objects, click **Remove All**. diff --git a/docs/directorymanager/11.1/admincenter/securityrole/policy/newobject.md b/docs/directorymanager/11.1/signin/securityrole/policy/newobject.md similarity index 95% rename from docs/directorymanager/11.1/admincenter/securityrole/policy/newobject.md rename to docs/directorymanager/11.1/signin/securityrole/policy/newobject.md index f942493e71..2e02573cc8 100644 --- a/docs/directorymanager/11.1/admincenter/securityrole/policy/newobject.md +++ b/docs/directorymanager/11.1/signin/securityrole/policy/newobject.md @@ -1,3 +1,9 @@ +--- +title: "New Object Policy" +description: "New Object Policy" +sidebar_position: 30 +--- + # New Object Policy The New Object policy applies when role members create directory objects using the Directory Manager @@ -108,5 +114,5 @@ the directory. **See Also** -- [Security Roles](/docs/directorymanager/11.1/admincenter/securityrole/overview.md) -- [Security Role Policies](/docs/directorymanager/11.1/admincenter/securityrole/policy/overview.md) +- [Security Roles](/docs/directorymanager/11.1/signin/securityrole/overview.md) +- [Security Role Policies](/docs/directorymanager/11.1/signin/securityrole/policy/overview.md) diff --git a/docs/directorymanager/11.1/signin/securityrole/policy/overview.md b/docs/directorymanager/11.1/signin/securityrole/policy/overview.md new file mode 100644 index 0000000000..508e2728b1 --- /dev/null +++ b/docs/directorymanager/11.1/signin/securityrole/policy/overview.md @@ -0,0 +1,34 @@ +--- +title: "Security Role Policies" +description: "Security Role Policies" +sidebar_position: 60 +--- + +# Security Role Policies + +You can define policies for security roles. Along with role permissions, these policies also control +what role members can do in Directory Manager. + +You can define the following policies for a role: + +- [Group Owners Policy](/docs/directorymanager/11.1/signin/securityrole/policy/groupowners.md) +- [Group Name Prefixes](/docs/directorymanager/11.1/signin/identitystore/configure/prefixes.md) +- [New Object Policy](/docs/directorymanager/11.1/signin/securityrole/policy/newobject.md) +- [Search Policy](/docs/directorymanager/11.1/signin/securityrole/policy/search.md) +- [Authentication Policy for Security Roles](/docs/directorymanager/11.1/signin/securityrole/policy/authentication.md) +- [Directory Manage Password Policy ](/docs/directorymanager/11.1/signin/securityrole/policy/password.md) +- [Netwrix Password Policy Enforcer Policies](/docs/directorymanager/11.1/signin/identitystore/configure/ppe/overview.md) +- [Helpdesk Policy](/docs/directorymanager/11.1/signin/securityrole/policy/helpdesk.md) +- [Synchronize Policy](/docs/directorymanager/11.1/signin/securityrole/policy/synchronize.md) +- [Membership Object Type Enforcement Policy](/docs/directorymanager/11.1/signin/securityrole/policy/membershipobjecttypeenforcement.md) + +NOTE: For users with multiple roles, the policies specified for the highest priority role apply (see +[Priority](/docs/directorymanager/11.1/signin/securityrole/manage.md)). The _[Search Policy](/docs/directorymanager/11.1/signin/securityrole/policy/search.md)_, _[New Object Policy](/docs/directorymanager/11.1/signin/securityrole/policy/newobject.md)_, +and _[Group Name Prefixes](/docs/directorymanager/11.1/signin/identitystore/configure/prefixes.md)_ policy, +however, apply with respect to all assigned roles. For example, if different search containers are +specified for two different roles of a user, that user can search and view objects in both +containers. See the following topics for additional information on security roles: + +- [Security Roles](/docs/directorymanager/11.1/signin/securityrole/overview.md) +- [Create a Security Role](/docs/directorymanager/11.1/signin/securityrole/create.md) +- [Manage Security Roles](/docs/directorymanager/11.1/signin/securityrole/manage.md) diff --git a/docs/directorymanager/11.1/signin/securityrole/policy/password.md b/docs/directorymanager/11.1/signin/securityrole/policy/password.md new file mode 100644 index 0000000000..092291bb4f --- /dev/null +++ b/docs/directorymanager/11.1/signin/securityrole/policy/password.md @@ -0,0 +1,144 @@ +--- +title: "Directory Manage Password Policy" +description: "Directory Manage Password Policy" +sidebar_position: 60 +--- + +# Directory Manage Password Policy + +Using Directory Manager, you can implement a Password policy (a) for an identity store, (b) for +security roles in an identity store, or (c) both at the identity store and role levels. + +- For an identity store, you can specify rules and restrictions for identity store account + passwords. +- For a security role, you can specify validation checks for passwords that role members create for + their identity store accounts using Directory Manager. Hence, password validation checks are + role-specific + +The Password policy also enables you to manage settings related to security questions and account +lockout for security roles in an identity store. + +What do you want to do? + +- Set Password Restrictions and Rules for an Identity Store +- Define Security Question Settings for a Security Role +- Specify an Authentication Lockout Policy for a Security Role +- Specify Password Validation Checks for a Security Role + +## Set Password Restrictions and Rules for an Identity Store + +See the [Configure Password Options](/docs/directorymanager/11.1/signin/identitystore/configure/passwordoptions.md) +topic. + +## Define Security Question Settings for a Security Role + +You can specify certain settings related to security questions for user roles in an identity store. +As a result, different roles in an identity store can have different settings for the following: + +- the number of questions role members must select to enroll their account in Directory Manager +- the minimum number of characters an answer should contain + +**To specify settings for security questions:** + +1. In Admin Center, click **Identity Stores** in the left pane. +2. On the **Identity Stores** page, click the ellipsis button for an identity store and select + **Edit**. +3. Click **Security Roles** under **Settings** in the left pane. +4. On the **Security Roles** page, click **Edit** for a security role. +5. On the **Edit Security Role** page, click **Specify policies for the members** in the + **Policies** area. +6. On the **Add Policies** pane, click the **Password** tab. + The following settings in the **Password Policies** area relate to security questions: + + | Setting | Description | + | --------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | + | Number of Questions | The number of security questions role members must select while enrolling their accounts in Directory Manager for multifactor authentication or second factor authentication. The default number is 4. Changing the number of security questions for a role has no impact on already enrolled role members unless they update their security questions information. | + | Minimum Answer Length | The minimum number of characters that a role member must type when saving the answer to a security question at the time of account enrollment. Answers with less than the specified number of characters will not be saved. | + +7. Click **OK**. +8. On the **Edit Security Role** page, click **Update Security Role**. +9. On the **Security Roles** page, click **Save**. + +## Specify an Authentication Lockout Policy for a Security Role + +The authentication lockout policy comes into play when users authenticate for multifactor +authentication and second factor authentication in Directory Manager. The policy controls the +following: + +- The consecutive number of times a role member can provide a wrong value for an authentication type + in Directory Manager, after which authentication is disabled. +- The duration for authentication to remain disabled. + +With authentication disabled, role members cannot sign into Directory Manager. + +NOTE: The authentication lockout policy only disables the user account in Directory Manager. It does +not disable it in the provider, such as Active Directory. + +**To specify an authentication lockout policy:** + +1. In Admin Center, click **Identity Stores** in the left pane. +2. On the **Identity Stores** page, click the ellipsis button for an identity store and select + **Edit**. +3. Click **Security Roles** under **Settings** in the left pane. +4. On the **Security Roles** page, click **Edit** for a security role. +5. On the **Edit Security Role** page, click **Specify policies for the members** in the + **Policies** area. +6. On the **Add Policies** pane, click the **Password** tab. + The following settings in the **Password Policies** area control authentication lockout: + + | | Setting | Description | + | --- | ---------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | + | 1. | Failed Authentication Attempts Threshold | The number of consecutive attempts to provide a wrong value for an authentication type. Authentication is disabled for a user when the number of consecutive unsuccessful attempts by him or her reach the number given here. | + | 2. | Account Locked out Duration | The number of minutes to disable authentication in Directory Manager after consecutive unsuccessful attempts to provide the right value for an authentication type. Note the following: - Authentication is automatically enabled after the specified duration. - Else it is enabled when, during the lockout period, the user correctly enters his or her identity store account credentials to sign into Directory Manager. | + +7. Click **OK**. +8. On the **Edit Security Role** page, click **Update Security Role**. +9. On the **Security Roles** page, click **Save**. + +## Specify Password Validation Checks for a Security Role + +Identity providers have password validation and complexity policies defined, and users must follow +them while creating passwords. With Directory Manager, you can extend these policies. + +Directory Manager enables you to specify password validation checks for a security role in an +identity store. This extended policy applies when: + +- Role members change or reset their identity store account passwords using Directory Manager. +- Administrators or helpdesk members reset the identity store account passwords of role members + using the Helpdesk section in Admin Center. + +The policy does not apply when password is reset using the **Reset Password** option in user +properties in the Directory Manager portal. + +**To specify password validation checks:** + +1. In Admin Center, click **Identity Stores** in the left pane. +2. On the **Identity Stores** page, click the ellipsis button for an identity store and select + **Edit**. +3. Click **Security Roles** under **Settings** in the left pane. +4. On the **Security Roles** page, click **Edit** for a security role. +5. On the **Edit Security Role** page, click **Specify policies for the members** in the + **Policies** area. +6. On the **Add Policies** pane, click the **Password** tab. +7. Password validation settings are listed in the **Password Validation Options** area. Select the + check box for a setting to apply it. + + | | Setting | Descriptions | + | --- | --------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------- | + | 1. | Reject User Name in Password | Prevent role members from creating passwords that contain the user's account name. | + | 2. | Reject Display Name in Password | Prevent role members from creating passwords that contain the user's display name. | + | 3. | Reject First Name in Password | Prevent role members from creating passwords that contain the user's first name. | + | 4. | Reject Last Name in Password | Prevent role members from creating passwords that contain the user's last name. | + | 5. | Reject Number as First Character in Password | Prevent role members from creating passwords that begin with a number. | + | 6. | Reject Number as Last Character in Password | Prevent role members from creating passwords that end with a number. | + | 7. | Reject Consecutive Identical Characters in Password | Prevent role members from creating passwords that contain the consecutive use of identical characters. | + | 8. | Enforce Password History (Domain Policy) | Prevent role members from creating passwords that do not satisfy the password policy for password age/history, as defined for the domain. | + +8. Click **OK**. +9. On the **Edit Security Role** page, click **Update Security Role**. +10. On the **Configure Access Control** page, click **Save**. + +**See Also** + +- [Security Roles](/docs/directorymanager/11.1/signin/securityrole/overview.md) +- [Security Role Policies](/docs/directorymanager/11.1/signin/securityrole/policy/overview.md) diff --git a/docs/directorymanager/11.1/admincenter/securityrole/policy/querydesigner.md b/docs/directorymanager/11.1/signin/securityrole/policy/querydesigner.md similarity index 96% rename from docs/directorymanager/11.1/admincenter/securityrole/policy/querydesigner.md rename to docs/directorymanager/11.1/signin/securityrole/policy/querydesigner.md index 04ff02403a..8000589f94 100644 --- a/docs/directorymanager/11.1/admincenter/securityrole/policy/querydesigner.md +++ b/docs/directorymanager/11.1/signin/securityrole/policy/querydesigner.md @@ -1,8 +1,14 @@ +--- +title: "Query Designer Policy" +description: "Query Designer Policy" +sidebar_position: 90 +--- + # Query Designer Policy You can define a role-based access policy for the Query Designer. Using the Query Designer, users can create queries for various purposes, as discussed in the -[ Specify Smart Group Query Attributes](/docs/directorymanager/11.1/admincenter/portal/design/queryattributes.md) topic. +[ Specify Smart Group Query Attributes](/docs/directorymanager/11.1/signin/applications/portal/displaytype/queryattributes.md) topic. The Query Designer policy enables you to restrict the following Query Designer features for a security role: @@ -134,7 +140,7 @@ By default, several object types are available to users on the Query Designer fo queries. Users select an object type from the **Find** drop-down list and then select its sub-types on the _General_ tab of the Query Designer. The query returns the specified object types to include in group membership. The object types and their sub-types are discussed in the -[Query Designer - General tab](/docs/directorymanager/11.1/portal/group/querydesigner/general.md) topic. +[Query Designer - General tab](/docs/directorymanager/11.1/welcome/group/querydesigner/general.md) topic. You can limit the object types available to role members for use in queries. You can also enforce the object types so that role members cannot exclude an allowed object type from queries. @@ -246,7 +252,7 @@ the query (see the **Filter Criteria** tab of the Query Designer). You can: NOTE: This schema attribute setting will override the schema attribute setting specified on the Smart Group Attribute page in portal's design settings. See the - [ Specify Smart Group Query Attributes](/docs/directorymanager/11.1/admincenter/portal/design/queryattributes.md) topic. + [ Specify Smart Group Query Attributes](/docs/directorymanager/11.1/signin/applications/portal/displaytype/queryattributes.md) topic. 9. Click **Save Selection** on the **Allowed Attributes** dialog box. The **Attributes** area displays the allowed attributes count. @@ -295,7 +301,7 @@ attributes and operators are available to create a default filter criteria. can change it as required. 8. You can also create an advanced query by adding more rows and applying the **AND** or **OR** - operator to group them. See steps 1-2 in the[Advanced Filter](/docs/directorymanager/11.1/admincenter/securityrole/policy/search.md) section of the + operator to group them. See steps 1-2 in the[Advanced Filter](/docs/directorymanager/11.1/signin/securityrole/policy/search.md) section of the [Designate a Criterion for the Search Scope](search.md#designate-a-criterion-for-the-search-scope) topic. After creating a query, you can: @@ -311,5 +317,5 @@ attributes and operators are available to create a default filter criteria. **See Also** -- [Security Roles](/docs/directorymanager/11.1/admincenter/securityrole/overview.md) -- [Security Role Policies](/docs/directorymanager/11.1/admincenter/securityrole/policy/overview.md) +- [Security Roles](/docs/directorymanager/11.1/signin/securityrole/overview.md) +- [Security Role Policies](/docs/directorymanager/11.1/signin/securityrole/policy/overview.md) diff --git a/docs/directorymanager/11.1/signin/securityrole/policy/search.md b/docs/directorymanager/11.1/signin/securityrole/policy/search.md new file mode 100644 index 0000000000..864e6b360a --- /dev/null +++ b/docs/directorymanager/11.1/signin/securityrole/policy/search.md @@ -0,0 +1,153 @@ +--- +title: "Search Policy" +description: "Search Policy" +sidebar_position: 40 +--- + +# Search Policy + +The Search policy sets the search scope for the Directory Manager portal and Management Shell. + +By default, any search performed by role members returns objects from all containers in the identity +store. Use the Search policy to: + +- Limit the search scope to one container for role members. +- Designate a criterion to limit the objects that role members can search. + +NOTE: Microsoft Entra ID supports a single container only, so the search scope cannot be restricted +container-wise in a Microsoft Entra ID identity store. + +## How does the Search Policy Work? + +Let’s assume you specify a container, localOU, and set the LDAP filter to (Country=United States\*) +for an Active Directory identity store. Now consider these scenarios: + +- When a role member performs a search, Directory Manager looks up the localOU container and + displays objects with the _Country_ attribute set to _United States_. +- If you specify a container only, a search performed by role members returns all matching objects + residing in that container. +- If you specify an LDAP filter only, a search performed by role members displays objects with the + _Country_ attribute set to _United States_ from all containers in the identity store. + +## Impact of the Search Policy on the Portal + +The Search policy has the following impact on the Directory Manager portal: + +- It determines the groups to display in all group listings, such as those on the **All Groups** and + **My Groups** pages. +- It determines the users to display in user listings, namely **My Direct Reports** and **Disabled + Users**. +- It sets the search scope for the Find dialog box. +- It sets the scope for quick search and advanced search. + +What do you want to do? + +- Set the Search Scope to a Specific Container +- Set the Search Scope to all Containers in the Identity Store +- Designate a Criterion for the Search Scope + +## Set the Search Scope to a Specific Container + +1. In Admin Center, click **Identity Stores** in the left pane. +2. On the **Identity Stores** page, click the ellipsis button for an identity store and select + **Edit**. +3. Click **Security Roles** under **Settings** in the left pane. +4. On the **Security Roles** page, click **Edit** for a security role. +5. On the **Edit Security Role** page, click **Specify policies for the members** in the + **Policies** area. +6. On the **Add Policies** pane, click the **Search** tab. +7. Click **Add** next to **Add Container**. +8. On the **Add Container** dialog box, select a container and click **Add**. + Search performed by role members will display objects from this container and its sub-containers. +9. Click **OK**. +10. On the **Edit Security Role** page, click **Update Security Role**. +11. On the **Security Roles** page, click **Save**. + +NOTE: An advanced setting for the Directory Manager portal, _Search Default_, controls the search +scope of the portal. If its value is "Global Catalog", the container specified here is ignored and +the portal shows objects from the entire directory. See the +[Manage Advanced Settings](/docs/directorymanager/11.1/signin/applications/portal/server/advanced.md) topic. + +## Set the Search Scope to all Containers in the Identity Store + +When no container is specified as the search scope for an identity store, search performed by role +members fetches objects from all OUs in the identity store. + +**To set the search scope to all containers:** + +1. In Admin Center, click **Identity Stores** in the left pane. +2. On the **Identity Stores** page, click the ellipsis button or an identity store and select + **Edit.** +3. Click **Security Roles** under **Settings** in the left pane. +4. On the **Security Roles** page, click **Edit** for a security role. +5. On the **Edit Security Role** page, click **Specify policies for the members** in the + **Policies** area. +6. On the **Add Policies** pane, click the **Search** tab. +7. In the **Container** area, click **Remove** for a container to remove it. +8. Click **OK**. +9. On the **Edit Security Role** page, click **Update Security Role**. +10. On the **Security Roles** page, click **Save**. + +## Designate a Criterion for the Search Scope + +When you apply a filter criterion, search performed by role members shows objects that match the +criteria. + +**To designate a criterion:** + +1. In Admin Center, click **Identity Stores** in the left pane. +2. On the **Identity Stores** page, click the ellipsis button for an identity store and select + **Edit**. +3. Click **Security Roles** under **Settings** in the left pane. +4. On the **Security Roles** page, click **Edit** for a security role. +5. On the **Edit Security Role** page, click **Specify policies for the members** in the + **Policies** area. +6. On the **Add Policies** pane, click the **Search** tab. +7. In the **Filters** area, click **Add Filter**. +8. A row is displayed for adding a criterion. + + 1. Select a schema attribute in the first drop-down list (for example, _mail_). + 2. Select an operator in the second drop-down list (for example, _Ends with_). + 3. Enter a value for the schema attribute in the third box (for example, _@Netwrix.com_). + + With this filter, search performed by role members will display objects with email addresses + created on the netwrix.com domain. + +Advanced Filter + +You can also define a query by adding more rows and applying the **AND** or **OR** operator to group +them. + +1. After defining two or more filter expressions, select two or more rows and apply one of these + operators: + (To select a row, click the down arrow next to it and click **Select Row**.) + + - **AND:** to display the objects having the specified values for all attributes. + - **OR:** to display objects having the specified value for any one of the attributes. + + ![search_query](/img/product_docs/directorymanager/11.1/admincenter/securityrole/policy/search_query.webp) + +2. Click the ellipsis button for an applied operator to display the context menu, which has the + following options: + + - **Select Group:** to select all rows that make up the query. + - **Ungroup:** to remove the operator and ungroup the rows. + - **Change to OR:** to change the AND operator to OR and vice versa. + - **Add Clause:** to add a new row for specifying another clause for the query. + - **Delete:** to delete the operator along with all the rows that the operator joins. + + You can also: + + - Click **Tree View** to view a list of all queries defined. + - Click **Preview** to preview the search results that will be displayed with this Search + policy, i.e., with the container and filter settings on the **Search** tab. + - Click **Clear** to clear the **Filter** area. + +3. After defining a filter, click **OK**. +4. On the **Edit Security Role** page, click **Update Security Role**. +5. On the **Security Roles** page, click **Save**. + +**See Also** + +- [Security Roles](/docs/directorymanager/11.1/signin/securityrole/overview.md) +- [Security Role Policies](/docs/directorymanager/11.1/signin/securityrole/policy/overview.md) diff --git a/docs/directorymanager/11.1/signin/securityrole/policy/synchronize.md b/docs/directorymanager/11.1/signin/securityrole/policy/synchronize.md new file mode 100644 index 0000000000..c7b04af623 --- /dev/null +++ b/docs/directorymanager/11.1/signin/securityrole/policy/synchronize.md @@ -0,0 +1,243 @@ +--- +title: "Synchronize Policy" +description: "Synchronize Policy" +sidebar_position: 80 +--- + +# Synchronize Policy + +Using Directory Manager, you can create identity stores for several identity providers (such as +Active Directory and Microsoft Entra ID) as well as create data sources for providers such as files +and databases. These identity stores and data sources can be used as source and destination in +Synchronize jobs. Moreover, all object types with all their attributes in an identity store or data +source are available for use. + +Using the Synchronize policy, you can: + +- Allow or disallow a provider to be used as a source in a Synchronize job - You can apply this + setting to all or specific identity stores/data sources created for the provider. For example, you + may have three data sources created for the MS Excel provider. You can choose to prevent a + security role from using the data sources created for MS Excel as a source, or prevent two of the + three data sources from being used as a source in a Synchronize job. +- Allow or disallow a provider to be used as a destination in a Synchronize job - You can apply this + setting to all or specific identity stores/data sources created for the provider. +- Choose the object types that can be created or synced at the destination using a Synchronize job - + This setting is individually defined for each identity store and data source. +- For each object type in an identity store and data source, specify the attributes that will be + available for mapping the source and destination fields in a Synchronize job - This setting is + individually defined for each object type in an identity store and data source. + +These granular controls enable you to drill down from the provider to the attribute level. + +- You can disallow a provider as a whole, or disallow a specific identity store/data source created + for the provider. +- At the next level, you can disallow certain object type(s) in a specific identity store or data + source built on a provider. +- Further down, you can disallow certain attributes for an object type in a specific identity store + or data source built on a provider. + +What do you want to do? + +- Prevent Role Members from Using a Provider as Source or Destination +- Prevent Role Members from Using an Identity Store or Data Source as Source or Destination +- Prevent Role Members from Manipulating Specific Object Type(s) +- Prevent Role Members from Using Specific Attributes for Mapping + +## Prevent Role Members from Using a Provider as Source or Destination + +When creating or modifying a Synchronize job, users can specify any identity store or data source in +Directory Manager as a source and destination. You can prevent role members from using the identity +stores and data sources build on specific provider(s) in a job. + +**To disallow a provider:** + +1. In Admin Center, click **Identity Stores** in the left pane. +2. On the **Identity Stores** page, click the ellipsis button for an identity store and select + **Edit**. +3. Click **Security Roles** under **Settings** in the left pane. +4. On the **Security Roles** page, click **Edit** for a security role. +5. On the **Edit Security Role** page, click **Specify policies for the members** in the + **Policies** area. +6. On the **Add Policies** pane, click the **Synchronize** tab. + This tab lists the providers that can be used as source and destination in Synchronize jobs. + + **Allow a provider to be used as source and destination:** + + - Select the **Source** check box for a provider to enable role members to use the identity + stores/data sources for the provider as source in Synchronize jobs. + - Select the **Destination** check box for a provider to enable role members to use the identity + stores/data sources for the provider as destination in Synchronize jobs. + + **Disallow a provider to be used as source and destination:** + + - Clear the **Source** check box for a provider to prevent role members from using the identity + stores/data sources for it as source in Synchronize jobs. + - Clear the **Destination** check box for a provider to prevent role members from using the + identity stores/data sources for it as destination in Synchronize jobs. + +7. Click **OK**. +8. On the **Edit Security Role** page, click **Update Security Role**. +9. On the **Security Roles** page, click **Save**. + +NOTE: If you disallow a provider as a source, all Synchronize jobs already using an identity +store/data source for that provider as source will become read-only for role members and they will +not be able to run them. Similarly, if you disallow a provider as a destination, all Synchronize +jobs already using an identity store/data source for that provider as destination will become +read-only for role members and they will not be able to run them. + +## Prevent Role Members from Using an Identity Store or Data Source as Source or Destination + +When creating or modifying a Synchronize job, users can specify any identity store or data source in +Directory Manager as a source and destination. You can prevent role members from using a specific +identity store or data source in a job. + +**To disallow an identity store or data source:** + +1. In Admin Center, click **Identity Stores** in the left pane. +2. On the **Identity Stores** page, click the ellipsis button for an identity store and select + **Edit**. +3. Click **Security Roles** under **Settings** in the left pane. +4. On the **Security Roles** page, click **Edit** for a security role. +5. On the **Edit Security Role** page, click **Specify policies for the members** in the + **Policies** area. +6. On the **Add Policies** pane, click the **Synchronize** tab. +7. Click the plus sign for a provider to get a list of the identity stores or data sources created + for it in Directory Manager. + + **To allow an identity store or data source to be used as source and destination:** + + - Select the **Source** check box for an identity store or data source to enable role members to + use it as source in Synchronize jobs. + - Select the **Destination** check box for an identity store or data source to enable role + members to use it as destination in Synchronize jobs. + + **To disallow an identity store or data source to be used as source and destination:** + + - Clear the **Source** check box for an identity store or data source to prevent role members + from using it as source in Synchronize jobs. + - Clear the **Destination** check box for an identity store or data source to prevent role + members from using it as destination in Synchronize jobs. + +8. Click **OK**. +9. On the **Edit Security Role** page, click **Update Security Role**. +10. On the **Security Roles** page, click **Save**. + +NOTE: If you disallow an identity store or data source as a source, all Synchronize jobs already +using it as source will become read-only for role members and they will not be able to run them. +Similarly, if you disallow an identity store or data source as destination, all Synchronize jobs +already using it as destination will become read-only for role members and they will not be able to +run them. + +## Prevent Role Members from Manipulating Specific Object Type(s) + +Using a Synchronize job, users can create and update different object types from a source to a +destination identity store. For an Active Directory identity store, for example, users can create +and update the following object types: + +- User +- Group +- Contact +- Mail-enabled User +- Mailbox-enabled User +- Linked-Mailbox +- Mail-enabled Contact + +You can disallow any of these object types for an identity store. When that identity store is used +as source or destination in a Synchronize job, role members will not be able to create or update the +disallowed objects at the destination. For example, if you disallow the user object type for +IdentityStore_A, role members will not be able to provision, update and deprovision user objects in +identityStore_A through a Synchronize job. + +NOTE: If you disallow an object type in an identity store or data source, all Synchronize jobs +already using that identity store or data source (either as source or destination) while only +provisioning or updating the disallowed object type, will become read-only for role members and they +will not be able to run them. If a job provisions or updates multiple objects, where the disallowed +object is one of the object types it processes, it will run as usual, except that the disallowed +object will not be processed. +**Example:** Suppose you disallow the mailbox object type in IdentityStore_A, when this identity +store is already used as a destination in a Synchronize job that provisions mailbox objects, then +the job will become read-only for role members and they will not be able to run it. +If IdentityStore_A is used as a source or destination in a Synchronize job that provisions multiple +objects types, then the job will run as usual, except that the mailbox object will not be processed. + +For data sources, you can disallow the following to role members as an alternate to object types: + +- Sheets in an Excel workbook +- Tables in an Access, Oracle, and SQL database +- For ODBC, you can disallow tables in case of an SQL database and sheets in case of Excel +- For text/CSV, this does not apply + +**To disallow object types in an identity store or data source:** + +1. In Admin Center, click **Identity Stores** in the left pane. +2. On the **Identity Stores** page, click the ellipsis button for an identity store and select + **Edit**. +3. Click **Security Roles** under **Settings** in the left pane. +4. On the **Security Roles** page, click **Edit** for a security role. +5. On the **Edit Security Role** page, click **Specify policies for the members** in the + **Policies** area. +6. On the **Add Policies** pane, click the **Synchronize** tab. +7. Click the plus sign for a provider to get a list of the identity stores or data sources created + for it in Directory Manager. +8. Click **Edit Object Policies** for an identity store or data source. The next page displays the + object types that can be created in the identity store. For data sources, it displays alternate + options, such as sheets for Excel and tables for databases. + + - Select the **Allow** check box for an object type to enable role members to use it in a + Synchronize job that uses the particular identity store or data source as source or + destination. + - Clear the **Allow** check box for an object type to prevent role members from using it in a + Synchronize job that uses the particular identity store as source or destination. + +9. Click **OK**. +10. On the **Edit Security Role** page, click **Update Security Role**. +11. On the **Security Roles** page, click **Save**. + +## Prevent Role Members from Using Specific Attributes for Mapping + +A Synchronize job makes use of attribute mapping, where object attributes from the source provider +are mapped to attributes of the destination provider to facilitate data syncing. + +Each object type in an identity store has a different set of attributes. By default, all attributes +of the allowed object types in the source and destination identity stores are available for mapping +in a Synchronize job. You can disallow any number of attributes for an object type in an identity +store, so that the disallowed attributes are not available to role members for mapping. + +For data sources, you can disallow the following to role members as an alternate to object +attributes: + +- Columns in an Excel sheet +- Columns in an Access, Oracle, and SQL table +- For ODBC, you can disallow columns in case of an SQL table and columns in case of an Excel sheet +- For text/CSV, each value in the first row, as separated by the delimiter + +**To disallow attributes for an object type in an identity store or data source:** + +1. In Admin Center, click **Identity Stores** in the left pane. +2. On the **Identity Stores** page, click the ellipsis button for an identity store and select + **Edit**. +3. Click **Security Roles** under **Settings** in the left pane. +4. On the **Security Roles** page, click **Edit** for a security role. +5. On the **Edit Security Role** page, click **Specify policies for the members** in the + **Policies** area. +6. On the **Add Policies** pane, click the **Synchronize** tab. +7. Click the plus sign for a provider to get a list of the identity stores or data sources created + for it in Directory Manager. +8. Click **Edit Object Policies** for an identity store or data source. +9. On the next page, click **Edit Attribute Selection** for an object type. This option is available + for the ‘allowed’ object types only. +10. By default, all attributes are selected on the **Edit Attribute Selection** dialog box. Clear + the check box for an attribute to disallow them to role members. Use the search box to search + and locate the required attributes. When done, click **Save Selection**. + Disallowed attributes will not be available to role members for the object type in the identity + store or data source. When this identity store or data source is used as a source or destination + in a Synchronize job that works with the respective object type, the disallowed attributes will + not be available for mapping. +11. Click **OK**. +12. On the **Edit Security Role** page, click **Update Security Role**. +13. On the **Security Roles** page, click **Save**. + +**See Also** + +- [Security Roles](/docs/directorymanager/11.1/signin/securityrole/overview.md) +- [Security Role Policies](/docs/directorymanager/11.1/signin/securityrole/policy/overview.md) diff --git a/docs/directorymanager/11.1/signin/service/_category_.json b/docs/directorymanager/11.1/signin/service/_category_.json new file mode 100644 index 0000000000..163c68b9c8 --- /dev/null +++ b/docs/directorymanager/11.1/signin/service/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Services", + "position": 110, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/directorymanager/11.1/signin/service/dataservice/_category_.json b/docs/directorymanager/11.1/signin/service/dataservice/_category_.json new file mode 100644 index 0000000000..0cee758ae2 --- /dev/null +++ b/docs/directorymanager/11.1/signin/service/dataservice/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Data Service", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/directorymanager/11.1/signin/service/dataservice/create.md b/docs/directorymanager/11.1/signin/service/dataservice/create.md new file mode 100644 index 0000000000..8be6045aa0 --- /dev/null +++ b/docs/directorymanager/11.1/signin/service/dataservice/create.md @@ -0,0 +1,158 @@ +--- +title: "Create a Data Service" +description: "Create a Data Service" +sidebar_position: 10 +--- + +# Create a Data Service + +You can create a Data service in native IIS, remote IIS, and Docker. + +## Create a Data Service in Native IIS + +When you deploy a Data service in native IIS, Directory Manager does the following: + +- It creates a directory with the Data service’s name at the following physical path on the + Directory Manager server, and copies the service files from its template directory to the new + service directory: + + `X:\Program Files\Imanami\GroupID 11.0\GroupIDDataService\Inetpub\` + + (X represents the Directory Manager installation drive) + +- It also creates a virtual directory for the service in your desired IIS site. + +The Data service runs within a virtual directory in IIS while the service files are physically +located on disk. + +Follow the to create a Data service. + +Step 1 – In Admin Center, click **Applications** in the left pane. + +Step 2 – Click **Add Application**. + +Step 3 – On the next page, select **Data Service** and click **Next step**. + +Step 4 – On the Create Directory Manager Application page, make sure the **IIS** tile is selected. + +Step 5 – In the Application Name box, enter a unique name for the service or use the default name. +The service is displayed with this name in Directory Manager. + +Step 6 – In the Deployment Name box, enter a deployment name for the service. +The application name and deployment name are displayed on the service card. It is as: + +![Data Service Card](/img/product_docs/directorymanager/11.1/admincenter/service/dataservice/dataservicecard.webp) + +Step 7 – In the IIS Application Name box, enter an IIS deployment name for the service. The name +should be unique for each Data service deployed in IIS. +The IIS application name is used to name the service’s directory in IIS and its physical directory +under `X:\Program Files\Imanami\GroupID 11.0\GroupIDDataService\Inetpub\` on the Directory Manager +server. +(X represents the Directory Manager installation drive) + +Step 8 – In the **IIS Site** drop-down list, select a website to host the service files. +The list displays the websites defined on the local IIS server. GroupIDSite11 is the default +selection. + +Step 9 – In the Service Endpoints area, bind an Elasticsearch service, Replication service, and +Scheduler service with the Data service. + +1. In the Elasticsearch Service drop-down list, select an Elasticsearch service to bind to this Data + service. + The list displays the Elasticsearch services running in the environment. Requests sent to the + Data service for performing a search in the Elasticsearch repository will be carried out through + the Elasticsearch service you select here. +2. On selecting an Elasticsearch service, the Replication Service drop-down list displays the + Replication services running on the same machine as the Elasticsearch service. Select a + Replication service to bind to this Data service. + When a user force runs the replication service (whether globally or for a specific identity + store), a request is sent to the Data service, that is then passed on to the Replication service + bound to that Data service. +3. In the Scheduler Service drop-down list, select a scheduler service to bind to this Data service. + The number of services displayed in the list depends on the number of nodes in Directory Manager + clusters, as each node has its own Scheduler service. + This Data service will send requests to the selected Scheduler service to trigger schedule runs. + +Step 10 – Click **Create Application**. +The Data service is created and displayed on the Data Service tab. + +## Create a Data Service in Remote IIS + +You can deploy a Data service within a site in remote IIS. For this, you need to connect with the +Microsoft IIS Administration API running on the remote IIS machine. + +When you create a Data service in remote IIS, Directory Manager does the following: + +- It creates a virtual directory for the service in a preconfigured site in remote IIS. +- It creates a physical directory for the service in the folder that is mapped to this preconfigured + site. + +The Data service runs within a virtual directory in remote IIS while the service files are +physically located on disk. + +To learn about the remote IIS settings and configurations before deploying a service there, see the +[Prerequisites for Deployments in Remote IIS](/docs/directorymanager/11.1/signin/applications/remoteiisprerequisites.md) topic. + +Follow the steps to create a Data service. + +Step 1 – In Admin Center, click **Applications** in the left pane. + +Step 2 – Click **Add Application**. + +Step 3 – On the next page, select **Data Service** and click **Next step**. + +Step 4 – On the Create Directory Manager Application page, select the **Remote IIS** tile. + +Step 5 – In the Application Name box, enter a unique name for the Data service or use the default +name. The Data service is displayed in Directory Manager with this name. + +Step 6 – In the Deployment Name box, enter a deployment name for the service. The application name +and deployment name are displayed on the service card. + +Step 7 – To enter information for API URL, Access Token, Username, Password, IIS Application Name, +and Website, refer to steps 7-11 in the +[Create a Portal in Remote IIS](/docs/directorymanager/11.1/signin/applications/portal/create.md#create-a-portal-in-remote-iis) topic. Replace +any reference to the portal with the Data service. + +Step 8 – For entering information in the Service Endpoints area, follow steps 9 in the Create a Data +Service in Native IIS topic. + +Step 9 – Click **Create Application**. +The new Data service is displayed on the Data Service tab. + +## Create a Data Service in Docker + +Directory Manager enables you to deploy a Data service in Docker. For this, you need to connect with +the API running on a Docker deamon in your environment, so that Directory Manager can create a +container for the service there and run the service from within that container. + +For an overview on application deployment in Docker, see the +[Prerequisites for Deployments in Docker](/docs/directorymanager/11.1/signin/applications/dockerprerequisites.md) topic. + +NOTE: To host the Data service, Docker daemon should be configured to run Windows containers. + +Follow the steps to create a Data service. + +Step 1 – In Admin Center, click **Applications** in the left pane. + +Step 2 – Click **Add Application**. + +Step 3 – On the next page, select **Data Service** and click **Next step**. + +Step 4 – On the Create Directory Manager Application page, select the **Docker** tile. + +Step 5 – In the Application Name box, enter a unique name for the Data service or use the default +name. The Data service is displayed in Directory Manager with this name. + +Step 6 – In the Deployment Name box, enter a deployment name for the service. The application name +and deployment name are displayed on the service card. + +Step 7 – To enter information for Port, Service URL, and Container Name, refer to steps 7-9 in the +[Create a Portal in Docker](/docs/directorymanager/11.1/signin/applications/portal/create.md#create-a-portal-in-docker) topic. Replace any +reference to the portal with the Data service. + +Step 8 – For entering information in the Service Endpoints area, follow step 9 in the Create a Data +Service in Native IIS topic. + +Step 9 – Click **Create Application**. +The Data service is created and displayed on the Data Service tab. diff --git a/docs/directorymanager/11.1/signin/service/dataservice/manage.md b/docs/directorymanager/11.1/signin/service/dataservice/manage.md new file mode 100644 index 0000000000..d76a323bb3 --- /dev/null +++ b/docs/directorymanager/11.1/signin/service/dataservice/manage.md @@ -0,0 +1,279 @@ +--- +title: "Manage Data Service Settings" +description: "Manage Data Service Settings" +sidebar_position: 20 +--- + +# Manage Data Service Settings + +Data services in Directory Manager are displayed on the **Data Service** tab. A card for a service +displays information such as its name and status. + +You can manage several settings for a service, such as: + +- Change the display name of a service +- Start or stop a service +- Configure file logging for a service +- Delete a service + +## View Data Service Details + +Follow the steps to vew Data Service details. + +Step 1 – In Admin Center, click **Applications** in the left pane. + +Step 2 – On the Applications page, click the **Data Service** tab. The Data Service tab page is +displayed, that lists the default Data service created while configuring Directory Manager and any +other Data service that you have created. + +When multiple Directory Manager instances have been deployed, you will find multiple default Data +services on this tab page, as each instance has its own default Data service. See the +[Elasticsearch Clusters, Nodes, and Directory Manager](/docs/directorymanager/11.1/signin/service/overview.md#elasticsearch-clusters-nodes-and-directory-manager) +topic. + +Step 3 – The card for a Data service displays the following information: + +| Info | Description | +| -------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Name | The name given to the service. | +| Deployment Instances | Displays the deployment name of the service and the web server where it is deployed. | +| Status | A service has one of the following statuses: - Running – Indicates that the service is up and running. - Stopped – Indicates that Directory Manager is unable to communicate with the service. To troubleshoot, go to the web server where the service is deployed (IIS, remote IIS, or Docker) and make sure the service is running. - Error – Any issue other than _stopped_ is categorized as _error_. Contact your system administrator to resolve it. | +| Launch Application | Click it to launch the service page. - For a Data service, Replication service, Email service, and Scheduler service, a page is displayed that simply shows the status of the service as _running_, _stopped_, or _error_. - For a Security service, the **GroupID Applications** page is displayed. Performing an action on this page will be carried out through the respective Security service. See the [Access your Applications](/docs/directorymanager/11.1/signin/concepts/accessapplications.md) topic. - For Admin Center, this link launches the Admin Center application. | +| Ellipsis | Click it to launch a shortcut menu with the following options: - Settings – launches the service settings page, where you can manage deployment settings and log settings. - Delete – deletes the service. This option is not available for the default services. | + +## Change a Service’s Display Name + +A service is assigned an application name during creation, which is used as it's display name in +Directory Manager. On changing it, the service is displayed with the new name. + +Follow the steps to change the display name. + +Step 1 – In Admin Center, select **Applications** in the left pane. + +Step 2 – On the Applications page, click the tab for the desired service. For example, click the +**Data Service** tab. + +Step 3 – Click the ellipsis button for a service and select **Settings**. + +Step 4 – In the Application Name box on the General Settings page, enter a new name for the service. + +Step 5 – Click **Save**. + +## Start or Stop a Service + +You can start and stop a service deployed in native IIS, remote IIS, and Docker. When you stop a +service, the following happens: + +- For a native IIS deployment, Directory Manager stops the service’s application pool. +- For a remote IIS deployment, Directory Manager stops the site that hosts the service. +- For a Docker deployment, Directory Manager stops the container where the service is deployed. + +Follow the steps to start or stop a service. + +Step 1 – In Admin Center, select **Applications** in the left pane. + +Step 2 – On the Applications page, click the tab for the desired service. For example, click the +**Data Service** tab. + +Step 3 – Click the ellipsis button for a service and select **Settings**. + +Step 4 – Click **Deployments** under Server Settings. +The Deployment Settings page displays the web server (IIS, remote IIS, or Docker) where the service +is deployed. + +Step 5 – The Select Application Deployment drop-down list displays the deployment name of the +service. + +- When the service is running, Stop is displayed next to it. Click it to stop the service. +- When the service is stopped, Start is displayed next to it. Click it to start the service. + +## View the Launch URL for a Service + +Follow the steps to view the launch URL for a service. + +Step 1 – In Admin Center, select **Applications** in the left pane. + +Step 2 – On the Applications page, click the tab for the desired service. For example, click the +**Data Service** tab. + +Step 3 – Click the ellipsis button for a service and select **Settings**. + +Step 4 – Click **Deployments** under Server Settings. +The Deployment Settings page displays the web server (IIS, remote IIS, or Docker) where the service +is deployed. The Select Application Deployment drop-down list displays the deployment name of the +service. + +Step 5 – The Launch URL box on the Deployment Configurations tab displays the URL. Copy and paste it +in the browser to launch the service. See the table in the View Data Service Details topic to +understand what is displayed with this URL. + +## View the Deployment Settings for a Service + +Follow the steps to view the deployment settings for a service. + +Step 1 – In Admin Center, select **Applications** in the left pane. + +Step 2 – On the Applications page, click the tab for the desired service. For example, click the +**Data Service** tab. + +Step 3 – Click the ellipsis button for a service and select **Settings**. + +Step 4 – Click **Deployments** under Server Settings. +The Deployment Settings page displays the web server (IIS, remote IIS, or Docker) where the service +is deployed. The Select Application Deployment drop-down list displays the deployment name of the +service. + +Step 5 – On the Deployment Configurations tab: + +- For a native IIS deployment, you can view the name of the service application in IIS, the site + where it is hosted, the URL to launch the service page, and any other services that this service + uses. +- For a remote IIS deployment, you can view the Microsoft IIS Administration API URL, access token, + and credentials. You can also view the name of the service application in remote IIS, the site + where it is hosted, the URL to launch the service page, and any other services that this service + uses. +- For a Docker deployment, you can view the port and service URL used to communicate with Docker + engine. You can also view the URL to launch the service page, and any other services that this + service uses. + +## Specify Log Settings for a Service + +Directory Manager uses file logging and Windows logging to monitor events from a service. You can +set the logging level for a service to track a specific set of information for it. + +For details on file logging and Windows logging, see the +[File Logging](/docs/directorymanager/11.1/signin/applications/portal/server/log.md#file-logging) and +[Windows Logging](/docs/directorymanager/11.1/signin/applications/portal/server/log.md#windows-logging) topics. Replace references to the +portal with the respective service. + +NOTE: Windows logging is not available for Data service and Security service. + +### Change the File Logging Level for a Service + +Follow the steps to change the file logging level for a service. + +Step 1 – In Admin Center, click **Applications** in the left pane. + +Step 2 – On the Applications page, click the tab for the desired service. For example, click the +**Data Service** tab. + +Step 3 – Click the ellipsis button for a service and select **Settings**. + +Step 4 – Click **Deployments** under Server Settings. +The Deployment Settings page displays the web server (IIS, remote IIS, or Docker) where the service +is deployed. The Select Application Deployment drop-down list displays the deployment name of the +service. + +Step 5 – Click the **Logging** tab. + +Step 6 – In the File Logging area, select a logging level for the service in the Log Events +drop-down list. +File logging groups events into different levels, based on the type of information captured. See the +table in the +[Change the File Logging Level for a Portal Instance](/docs/directorymanager/11.1/signin/applications/portal/server/log.md#change-the-file-logging-level-for-a-portal-instance)topic +for information on the logging levels. Replace references to the portal with the respective service. + +Step 7 – Click **Save**. + +### Turn off File Logging for a Service + +Follow the steps to turn off file logging for a service. + +Step 1 – In Admin Center, click **Applications** in the left pane. + +Step 2 – On the Applications page, click the tab for the desired service. For example, click the +**Data Service** tab. + +Step 3 – Click the ellipsis button for a service and select **Settings**. + +Step 4 – Click **Deployments** under Server Settings. +The Deployment Settings page displays the web server (IIS, remote IIS, or Docker) where the service +is deployed. The Select Application Deployment drop-down list displays the deployment name of the +service. + +Step 5 – Click the **Logging** tab. + +Step 6 – In the File Logging area, select _Off_ in the Log Events drop-down list. + +Step 7 – Click **Save**. + +### Change the Windows Logging Level for a Service + +Follow the steps to change the Windows logging level for a service. + +Step 1 – In Admin Center, click **Applications** in the left pane. + +Step 2 – On the Applications page, click the tab for the desired service. For example, click the +**Replication Service** tab. + +Step 3 – Click the ellipsis button for a service and select **Settings**. + +Step 4 – Click **Deployments** under Server Settings. +The Deployment Settings page displays the web server (IIS, remote IIS, or Docker) where the service +is deployed. The Select Application Deployment drop-down list displays the deployment name of the +service. + +Step 5 – Click the **Logging** tab. + +Step 6 – In the Windows Logging area, select a logging level for the service in the **Log Events** +drop-down list. +Windows logging groups events into different levels, based on the type of information captured. See +the table in the +[Change the File Logging Level for a Portal Instance](/docs/directorymanager/11.1/signin/applications/portal/server/log.md#change-the-file-logging-level-for-a-portal-instance)topic +for information on the logging levels. Replace references to the portal with the respective service. + +Step 7 – Click **Save**. + +### Turn Off Windows Logging for a Service + +Follow the steps to turn off Windows logging for a service. + +Step 1 – In Admin Center, click **Applications** in the left pane. + +Step 2 – On the Applications page, click the tab for the desired service. For example, click the +**Replication Service** tab. + +Step 3 – Click the ellipsis button for a service and select **Settings**. + +Step 4 – Click **Deployments** under Server Settings. +The Deployment Settings page displays the web server (IIS, remote IIS, or Docker) where the service +is deployed. The Select Application Deployment drop-down list displays the deployment name of the +service. + +Step 5 – Click the **Logging** tab. + +Step 6 – In the Windows Logging area, select _Off_ in the Log Events drop-down list. + +Step 7 – Click **Save**. + +## Delete a Data Service + +Deleting a Data service removes the following: + +- For a native IIS deployment: + + - The Data service directory under the following location on the Directory Manager server: + X:\Program Files\Imanami\GroupID 11.0\GroupIDDataService\Inetpub\ + (X represents the Directory Manager installation drive) + - The Data service directory from the website in IIS + +- For a remote IIS deployment: + + - The service's directory in the remote IIS site + - The service's physical directory under the folder mapped to the remote IIS site + +- For a Docker deployment: + + The container created in Docker Engine for the Data service + +Follow the steps to delete a Data service. + +Step 1 – In Admin Center, click **Applications** in the left pane. + +Step 2 – On the **Applications** page, click the **Data Service** tab. + +Step 3 – On the **Data Service** tab page, click the ellipsis button for a Data service and select +**Delete**. + +NOTE: You cannot delete the default Data service. You cannot also delete a Data service that has +been linked with a Directory Manager client, such as the Directory Manager portal. diff --git a/docs/directorymanager/11.1/signin/service/dataservice/overview.md b/docs/directorymanager/11.1/signin/service/dataservice/overview.md new file mode 100644 index 0000000000..d10ca729cc --- /dev/null +++ b/docs/directorymanager/11.1/signin/service/dataservice/overview.md @@ -0,0 +1,39 @@ +--- +title: "Data Service" +description: "Data Service" +sidebar_position: 10 +--- + +# Data Service + +Admin Center lets you quickly create and deploy a Data service. This service is responsible for core +Directory Manager operations, such as communication with identity providers, communications with the +Directory Manager database, object creation and update, and more. + +You can create multiple Data services; the default service is created while configuring Directory +Manager. + +## The Default Data Service + +While configuring Directory Manager using the Configuration Tool, the administrator can create a +Data service and a Security service in native IIS. + +To deploy these services in native IIS, the Configuration Tool creates and configures a new website +named GroupIDSite11 in IIS. By default, it binds this site to any of the available ports; the +administrator can change it if required. The Data service and Security service directories are +created within GroupIDSite11. + +Admin Center uses the default Data service and Security service; you cannot change this binding. + +To view the default services, see the +[View Data Service Details](manage.md#view-data-service-details) topic. + +## Why Create Multiple Data Services? + +For load balancing and high availability, Directory Manager facilitates you to create and maintain +multiple Data services. While creating a Directory Manager portal, you can choose a Data service to +bind to it. In this way, different portals can use different Data services for improved response +times and load balancing. + +Directory Manager enables you to create and deploy a Data service in any of these web servers: +native IIS, remote IIS, and Docker. diff --git a/docs/directorymanager/11.1/signin/service/emailservice.md b/docs/directorymanager/11.1/signin/service/emailservice.md new file mode 100644 index 0000000000..a8921ceb80 --- /dev/null +++ b/docs/directorymanager/11.1/signin/service/emailservice.md @@ -0,0 +1,47 @@ +--- +title: "Email Service" +description: "Email Service" +sidebar_position: 30 +--- + +# Email Service + +The Email service maintains a queue of all email notification generated by the identity stores in +Directory Manager, and sends them one by one through the SMTP server configured for the respective +identity store. + +When the SMTP server for an identity store is down, notifications stay in the queue, until they are +delivered when the server is up again. Successfully delivered emails are removed from the queue. + +For more on the notification queue, see the +[Manage the Notification Queue](/docs/directorymanager/11.1/signin/notification/queue.md) topic. + +## View Email Service Details + +Follow the steps to view Email service details. + +Step 1 – In Admin Center, click **Applications** in the left pane. + +Step 2 – On the **Applications** page, click the **Email Service** tab. +The tab displays the default Email service(s) hosted in native IIS. The number of services displayed +on the tab depend on the number of nodes in all Elasticsearch clusters in your environment, as each +node has its own Email service. On each Directory Manager instance, notifications will be generated +for Directory Manager operations and will be queued in Notification queue. All the deployed services +on each Directory Manager instance will check notification queue every 100 second and will send 10 +notifications in Notification queue for processing. + +See the +[Elasticsearch Clusters, Nodes, and Directory Manager](overview.md#elasticsearch-clusters-nodes-and-directory-manager) +topic for additional information. For details displayed on a service card, see the table in the +[View Data Service Details](dataservice/manage.md#view-data-service-details) topic. + +You cannot create a new Email service or delete the existing one. + +## Manage Email Service Settings + +You can manage the following settings for the Email service: + +- [Change a Service’s Display Name](dataservice/manage.md#change-a-services-display-name) +- [Start or Stop a Service](dataservice/manage.md#start-or-stop-a-service) +- [View the Deployment Settings for a Service](dataservice/manage.md#view-the-deployment-settings-for-a-service) +- [Specify Log Settings for a Service](dataservice/manage.md#specify-log-settings-for-a-service) diff --git a/docs/directorymanager/11.1/signin/service/overview.md b/docs/directorymanager/11.1/signin/service/overview.md new file mode 100644 index 0000000000..3f310e577b --- /dev/null +++ b/docs/directorymanager/11.1/signin/service/overview.md @@ -0,0 +1,97 @@ +--- +title: "Services" +description: "Services" +sidebar_position: 110 +--- + +# Services + +Directory Manager services are long-running, non-UI software applications that operate in the +background and run in their own Windows sessions. They are usually started when you boot the machine +they are hosted on, and are scheduled to run in the background to execute some tasks. You can also +start, pause, and stop them manually. + +Directory Manager relies on a few of its own services and third-party services for different +functions. + +## Directory Manager Services + +The following table discusses Directory Manager services. + +| Service | Description | +| ------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Data service | Directory Manager uses it to perform core operations and to communicate with Microsoft SQL Server for storing and fetching data in the database. | +| Security service | - Authenticates and authorizes users on different Directory Manager functions in accordance with their roles. - Encrypts and decrypts data that Directory Manager Data service stores and fetches from the SQL database. | +| Replication service | Replicates attributes of the group, user, contact, computer, and organizational unit object from the provider (such as Active Directory) to the Elasticsearch repository. In case of multiple Elasticsearch clusters, this service is also responsible for syncing data between clusters. | +| Email service | Maintains a queue of all notification requests generated by identity stores, and sends them one by one. | +| Scheduler service | Initiates schedule runs for scheduled jobs defined in Directory Manager. | + +These services run in the context of specific accounts that are different from the logged-on user or +the default computer account. See the Accounts to Run the Servicestopic for details. + +### Where are these Services Hosted? + +Directory Manager services are hosted on a web server, that could be native IIS, remote IIS, and +Docker. + +You can create multiple Data services and Security services while hosting them on different web +servers. For example, you can host one Data service in native IIS and another in Docker. + +- To launch IIS on a machine, see + [Opening IIS Manager](https://docs.microsoft.com/en-us/previous-versions/iis/6.0-sdk/ms525920(v=vs.90)). + +![in_iis](/img/product_docs/directorymanager/11.1/admincenter/portal/in_iis.webp) + +- To open Docker Desktop on Windows, search for Docker and select Docker Desktop in the search + results. + +![indocker](/img/product_docs/directorymanager/11.1/admincenter/service/indocker.webp) + +## Third-party Services + +Directory Manager requires the following third-party services: + +| Service | Description | +| ------------------------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| SQL Server Browser service | This service fetches the SQL servers present in the environment and displays them on the Database Settings page of the Directory Manager Configuration Tool, where you configure a database for Directory Manager. Moreover, Directory Manager stops when this service stops. | +| Key Distribution Service (KDS) | You must enable the Key Distribution Service (KDS) on the Directory Manager server if you want to use Group Managed Service Accounts (gMSA) in Directory Manager. Directory Manager supports a gMSA in various contexts, such as for the Directory Manager app pool and as service account for an identity store. | +| Elasticsearch service | This service is responsible for searching the Elasticsearch repository to display object listings and search results in Directory Manager. If this service stops, Directory Manager will not work. | + +### Where are these Services Hosted? + +Third-party services are created as Windows services in Windows Services Manager: + +To launch the Services Manager, type ‘ services.msc’ in the Run dialog box and click OK. Here is an +example of services in Windows Services Manager. You can start, stop, disable, and delay a service. + +![inwindowsservicesmanager](/img/product_docs/directorymanager/11.1/admincenter/service/inwindowsservicesmanager.webp) + +## Accounts to Run the Services + +The Directory Manager Configuration Tool enables you to specify the service accounts to use for the +Directory Manager app pool and Windows services. + +| Services | Service Account Description | +| --------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Directory Manager App Pool in IIS | Use a domain account or a Group Managed Service Account (gMSA). The account must be a member of the Administrators group or both the Backup Operators and IIS_IUSRS groups. The account is used to manage the Directory Manager app pool in IIS. Data service, Security service, and the portals run under the app pool. For a Microsoft Entra ID identity store, you can specify a local account (with local administrator rights) in app pool for a machine that is not joined to any domain. | +| Windows services | Use a domain account, system user account, or gMSA. The account must be a member of the Backup Operators group. The account is used to run the Windows services for Directory Manager, as discussed in the Third-party Services topic. | + +## Elasticsearch Clusters, Nodes, and Directory Manager + +When you have multiple Elasticsearch clusters in your environment and each cluster has multiple +nodes, you will notice that for each node in a cluster the following are created. + +- An Admin Center +- A Data service +- A Security service +- A Replication service +- A Scheduler service +- An Email service + +Cluster syncing + +To sync data between clusters, Directory Manager uses the Replication service. You have to enable +data sync for at least one Replication service within a cluster to sync the cluster's data to other +clusters. See the +[Enable Elastic Cluster Syncing](replicationservice.md#enable-elastic-cluster-syncing) topic for +additional information. diff --git a/docs/directorymanager/11.1/signin/service/replicationservice.md b/docs/directorymanager/11.1/signin/service/replicationservice.md new file mode 100644 index 0000000000..c3b587b983 --- /dev/null +++ b/docs/directorymanager/11.1/signin/service/replicationservice.md @@ -0,0 +1,81 @@ +--- +title: "Replication Service" +description: "Replication Service" +sidebar_position: 40 +--- + +# Replication Service + +The Replication service replicates the attributes of the following objects from the provider (such +as Active Directory) to the Elasticsearch repository. + +- Group +- User +- Contact +- Computers +- Organizational Unit + +For more on the Replication service, see the +[Elasticsearch and Replication ](/docs/directorymanager/11.1/signin/replication/overview.md)topic for additional information. + +The service is also responsible for syncing data between the Elasticsearch clusters in your +environment. + +## View Replication Service Details + +Follow the steps to view Replication Service details. + +Step 1 – In Admin Center, click **Applications** in the left pane. + +Step 2 – On the **Applications** page, click the **Service** tab. +The tab displays the default Replication service hosted in native IIS. When multiple Directory +Manager instances have been deployed, you will find multiple default Replication services on this +tab page, as each instance has its own default Replication service. See the +[Elasticsearch Clusters, Nodes, and Directory Manager](overview.md#elasticsearch-clusters-nodes-and-directory-manager) +topic for additional information. +For details displayed on a service card, see the table in the +[View Data Service Details](dataservice/manage.md#view-data-service-details) topic. + +You cannot create a Replication Service or delete an existing one from Admin Center. + +## Manage Replication Service Settings + +You can manage the following settings for a Replication service. + +- [Change a Service’s Display Name](dataservice/manage.md#change-a-services-display-name) +- [Start or Stop a Service](dataservice/manage.md#start-or-stop-a-service) +- [View the Deployment Settings for a Service](dataservice/manage.md#view-the-deployment-settings-for-a-service) +- [Specify Log Settings for a Service](dataservice/manage.md#specify-log-settings-for-a-service) + +## Enable Elastic Cluster Syncing + +In an environment with multiple Elasticsearch clusters, you can choose to sync data between +clusters. You can also specify an interval for syncing. + +NOTE: In Directory Manager, a separate Replication service is created for each node in a cluster. To +enable data syncing between clusters, simply enable the sync option for one Replications service +within each cluster. + +Follow the steps to sync data between clusters. + +Step 1 – In Admin Center, select **Applications** in the left pane. + +Step 2 – On the Applications page, click the **Replication Service** tab. + +Step 3 – Click the ellipsis button for a service and select **Settings**. + +Step 4 – Click **Configurations** under Server Settings. + +Step 5 – On the Configurations page, enable the **Elastic Cluster Syncing** toggle button to sync +data from all other clusters to the cluster that uses this Replication service. +If this toggle button is disabled for a cluster (say, ClusterA), data from other clusters will not +be synced to ClusterA. +Suppose syncing is disabled for ClusterA but enabled for ClusterB and ClusterC. This means that (a) +data from ClusterB and ClusterC will not be synced to ClusterA (b) data from ClusterA will be synced +to ClusterB and ClusterC. + +Step 6 – You can specify an interval for syncing data. Click **Edit** under Elastic Cluster Syncing +Interval, specify an interval (in seconds) and click the check mark. +By default, the interval is set to 5 seconds. You can specify a maximum interval of 900 seconds. + +Step 7 – Click **Save**. diff --git a/docs/directorymanager/11.1/signin/service/schedulerservice.md b/docs/directorymanager/11.1/signin/service/schedulerservice.md new file mode 100644 index 0000000000..bfcbe01ecb --- /dev/null +++ b/docs/directorymanager/11.1/signin/service/schedulerservice.md @@ -0,0 +1,38 @@ +--- +title: "Scheduler Service" +description: "Scheduler Service" +sidebar_position: 50 +--- + +# Scheduler Service + +In Directory Manager, schedules perform different tasks in an identity store. They run at a +specified frequency to auto execute their respective functions. The Scheduler service is responsible +for triggering these schedules at their respective frequency. + +## View Scheduler Service Details + +Follow the steps to view details of Scheduler service. + +Step 1 – In Admin Center, click **Applications** in the left pane. + +Step 2 – On the Applications page, click the **Scheduler Service** tab. + +The tab displays the default Scheduler service(s) hosted in native IIS. The number of services +displayed on the tab depend on the number of nodes in all Elasticsearch clusters in your +environment, as each cluster has its own Scheduler services. See the +[Elasticsearch Clusters, Nodes, and Directory Manager](overview.md#elasticsearch-clusters-nodes-and-directory-manager) +topic for additional information. +For details displayed on a service card, see the table in the +[View Data Service Details](dataservice/manage.md#view-data-service-details) topic. + +You cannot create a new Scheduler service or delete the existing one. + +## Manage Scheduler Service Settings + +You can manage the following settings for a Scheduler service: + +- [Change a Service’s Display Name](dataservice/manage.md#change-a-services-display-name) +- [Start or Stop a Service](dataservice/manage.md#start-or-stop-a-service) +- [View the Deployment Settings for a Service](dataservice/manage.md#view-the-deployment-settings-for-a-service) +- [Specify Log Settings for a Service](dataservice/manage.md#specify-log-settings-for-a-service) diff --git a/docs/directorymanager/11.1/signin/service/securityservice/_category_.json b/docs/directorymanager/11.1/signin/service/securityservice/_category_.json new file mode 100644 index 0000000000..a33046419f --- /dev/null +++ b/docs/directorymanager/11.1/signin/service/securityservice/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Security Service", + "position": 20, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/directorymanager/11.1/signin/service/securityservice/create.md b/docs/directorymanager/11.1/signin/service/securityservice/create.md new file mode 100644 index 0000000000..e7be8ea529 --- /dev/null +++ b/docs/directorymanager/11.1/signin/service/securityservice/create.md @@ -0,0 +1,138 @@ +--- +title: "Create a Security Service" +description: "Create a Security Service" +sidebar_position: 10 +--- + +# Create a Security Service + +You can create a Security service in native IIS, remote IIS, and Docker. + +What do you want to do? + +- Create a Security Service in Native IIS +- Create a Security Service in Remote IIS +- Create a Security Service in Docker +- Launch a Security Service + +## Create a Security Service in Native IIS + +When you deploy a Security service in native IIS, Directory Manager does the following: + +- It creates a directory with the Security service’s name at the following physical path on the + Directory Manager server, and copies the service files from its template directory to the new + service directory: + X:\Program Files\Imanami\GroupID 11.0\GroupIDSecurityService\Inetpub\ + (X represents the Directory Manager installation drive) +- It also creates a virtual directory for the service in your desired IIS site. + +The Security service runs within a virtual directory in IIS while the service files are physically +located on disk. + +**To create a Security service:** + +1. In Admin Center, click **Applications** in the left pane. +2. Click **Add Application**. +3. On the next page, select **Security Service** and click **Next step**. +4. On the **Create GroupID Application** page, make sure the **IIS** tile is selected. +5. In the **Application Name** box, enter a name for the service or use the default name. The + Security service is displayed with this name in Directory Manager. +6. In the **Deployment Name** box, enter a deployment name for the service. The application name and + deployment name are displayed on the service card, as shown below: + + ![securityservicecard](/img/product_docs/directorymanager/11.1/admincenter/service/securityservice/securityservicecard.webp) + +7. In the **IIS Application Name** box, enter an IIS deployment name for the service. This name is + used to name the service’s directory in IIS and its physical directory under X:\Program + Files\Imanami\GroupID 11.0\GroupIDSecurityService\Inetpub\ on the Directory Manager server. + (X represents the Directory Manager installation drive) + The IIS application name should be unique for each Security service deployed in IIS. +8. In the **IIS Site** drop-down list, select a website to host the service files. + The list displays the websites defined on the local IIS server. GroupIDSite11 is the default + selection. +9. In the **Data Service** drop-down list, select a Data service to bind to this Security service. + A Security service needs a Data service to perform various tasks, such as authentication and + multifactor authentication. +10. Click **Create Application**. + The Security service is created and displayed on the **Security Service** tab. + +## Create a Security Service in Remote IIS + +You can deploy a Security service within a site in remote IIS. For this, you need to connect with +the Microsoft IIS Administration API running on the remote IIS machine. + +When you create a Data service in remote IIS, Directory Manager does the following: + +- It creates a virtual directory for the service in a preconfigured site in remote IIS. +- It creates a physical directory for the service in the folder that is mapped to this preconfigured + site. + +The Security service runs within a virtual directory in remote IIS while the service files are +physically located on disk. + +To learn about the remote IIS settings and configurations before deploying a service there, see the +[Prerequisites for Deployments in Remote IIS](/docs/directorymanager/11.1/signin/applications/remoteiisprerequisites.md) topic. + +**To create a Security service:** + +1. In Admin Center, click **Applications** in the left pane. +2. Click **Add Application**. +3. On the next page select **Security Service** and click **Next step**. +4. On the **Create GroupID Application** page, select the **Remote IIS** tile. +5. In the **Application Name** box, enter a name for the service or use the default name. The + Security service is displayed in Directory Manager with this name. +6. In the **Deployment Name** box, enter a deployment name for the service. The application name and + deployment name are displayed on the service card. +7. To enter information for **API URL**, **Access Token**, **Username**, **Password**, **IIS + Application Name**, and **Website**, refer to steps 7-11 in the + [Create a Portal in Remote IIS](/docs/directorymanager/11.1/signin/applications/portal/create.md#create-a-portal-in-remote-iis) topic. + Replace any reference to the portal with the Security service. +8. In the **Data Service** drop-down list, select a Data service to bind to this Security service. + A Security service needs a Data service to perform various tasks, such as authentication and + multifactor authentication. +9. Click **Create Application**. + The Security service is displayed on the **Security Service** tab. + +## Create a Security Service in Docker + +Directory Manager enables you to deploy a Security service in Docker. For this, you need to connect +with the API running on a Docker deamon in your environment, so that Directory Manager can create a +container for the service there and run the service from within that container. + +For an overview on application deployment in Docker, see the +[Prerequisites for Deployments in Docker](/docs/directorymanager/11.1/signin/applications/dockerprerequisites.md) topic. + +NOTE: To host the Security service, Docker daemon should be configured to run Windows containers. + +**To create a Security service:** + +1. In Admin Center, click **Applications** in the left pane. +2. Click **Add Application**. +3. On the next page, select **Security Service** and click **Next step**. +4. On the **Create GroupID Application** page, select the **Docker** tile. +5. In the **Application Name** box, enter a name for the Security service or use the default name. + The service is displayed in Directory Manager with this name. +6. In the **Deployment Name** box, enter a deployment name for the service. The application name and + deployment name are displayed on the service card. +7. To enter information for **Port**, **Service URL**, and **Container Name**, refer to steps 7-9 in + the [Create a Portal in Docker](/docs/directorymanager/11.1/signin/applications/portal/create.md#create-a-portal-in-docker) topic. Replace + any reference to the portal with the Security service. +8. In the **Data Service** drop-down list, select a Data service to bind to this Security service. + A Security service needs a Data service to perform various tasks, such as authentication and + multifactor authentication. +9. Click **Create Application**. + The Security service is created and displayed on the **Security Service** tab. + +## Launch a Security Service + +1. In Admin Center, select **Applications** in the left pane. +2. On the **Security Service** tab, click **Launch Application** for a service. The **GroupID + Applications** page is displayed. Options on this page are discussed in the + [Access your Applications](/docs/directorymanager/11.1/signin/concepts/accessapplications.md) topic. Any actions you perform + will be carried out through the respective Security service. + +**See Also** + +- [Directory Manage Applications](/docs/directorymanager/11.1/signin/applications/applications.md) +- [Services](/docs/directorymanager/11.1/signin/service/overview.md) +- [Manage Security Service Settings](/docs/directorymanager/11.1/signin/service/securityservice/manage.md) diff --git a/docs/directorymanager/11.1/signin/service/securityservice/manage.md b/docs/directorymanager/11.1/signin/service/securityservice/manage.md new file mode 100644 index 0000000000..253230f309 --- /dev/null +++ b/docs/directorymanager/11.1/signin/service/securityservice/manage.md @@ -0,0 +1,98 @@ +--- +title: "Manage Security Service Settings" +description: "Manage Security Service Settings" +sidebar_position: 20 +--- + +# Manage Security Service Settings + +Security services in Directory Manager are displayed on the **Security Service** tab. A card for a +service displays information such as its name and status. + +You can manage several settings for a service, such as: + +- Change the name of a service +- Start or stop a service +- Configure file logging for a service +- Delete a service + +## View Service Details + +Follow the steps to view the service details. + +Step 1 – In Admin Center, click **Applications** in the left pane. + +Step 2 – On the **Applications** page, click the **Security Service** tab. +The tab displays the default Security service created while configuring Directory Manager and any +other Security service that you have created. When multiple Directory Manager instances have been +deployed, you will find multiple default Security services on this tab page, as each instance has +its own default Security service. See the +[Elasticsearch Clusters, Nodes, and Directory Manager](/docs/directorymanager/11.1/signin/service/overview.md#elasticsearch-clusters-nodes-and-directory-manager) +topic for additional information. +For details displayed on a service card, see the table in the +[View Data Service Details](/docs/directorymanager/11.1/signin/service/dataservice/manage.md#view-data-service-details) topic. + +## Manage Security Service Settings + +See the [Manage Data Service Settings](/docs/directorymanager/11.1/signin/service/dataservice/manage.md) topic to manage settings for a +Security service, such as deployment and log settings. + +## Manage Advanced Settings + +If you have created multiple Security services for load balancing and high availability, the +Advanced Settings option enables the services to share session information. + +Follow the steps to enable communication between multiple Security services. + +Step 1 – In Admin Center, click **Applications** in the left pane. + +Step 2 – On the Applications page, click the **Security Service** tab. +The tab displays the default Security service created while configuring Directory Manager and any +other Security service that you have created. When multiple Directory Manager instances have been +deployed, you will find multiple default Security services on this tab page, as each instance has +its own default Security service. See the +[Elasticsearch Clusters, Nodes, and Directory Manager](/docs/directorymanager/11.1/signin/service/overview.md#elasticsearch-clusters-nodes-and-directory-manager) +topics for additional information. +For details displayed on a service card, see the table in the +[View Data Service Details](/docs/directorymanager/11.1/signin/service/dataservice/manage.md#view-data-service-details) topic for additional +information. + +Step 3 – Click the **ellipsis button** for a Security service and select **Settings**. + +Step 4 – Select **Advanced Settings** under Server Settings. + +Step 5 – Enable the **Distributed Cache** toggle button to enable communication among defined +Security services. + +Communication between Security services is now enabled. + +## Delete a Security Service + +Deleting a Security service removes the following: + +- **For a native IIS deployment:** + + - The Security service directory under the following location on the Directory Manager server: + X:\Program Files\Imanami\GroupID 11.0\GroupIDSecurityService\Inetpub\ + (X represents the Directory Manager installation drive) + - The Security service directory from the website in IIS + +- **For a remote IIS deployment:** + + - The service's directory in the remote IIS site + - The service's physical directory under the folder mapped to the remote IIS site + +- **For a Docker deployment:** + + The container created in Docker Engine for the Security service + +Follow the steps to delete a Security service. + +Step 1 – In Admin Center, click **Applications** in the left pane. + +Step 2 – On the **Applications** page, click the **Security Service** tab. + +Step 3 – Click the ellipsis button for a Security service and select **Delete**. + +NOTE: You cannot delete the default Security service. You cannot also delete a Security service that +has been linked with a Directory Manager client, such as the Directory Manager portal. diff --git a/docs/directorymanager/11.1/signin/service/securityservice/overview.md b/docs/directorymanager/11.1/signin/service/securityservice/overview.md new file mode 100644 index 0000000000..978392bfd5 --- /dev/null +++ b/docs/directorymanager/11.1/signin/service/securityservice/overview.md @@ -0,0 +1,36 @@ +--- +title: "Security Service" +description: "Security Service" +sidebar_position: 20 +--- + +# Security Service + +Admin Center lets you quickly create and deploy a Security service. This web-based service is a +single sign-on implantation for Directory Manager clients. It is responsible for authenticating and +authorizing users on different Directory Manager clients and functionalities in accordance with +their roles. The service also encrypts and decrypts data that Data service stores and fetches from +the Directory Manager database on SQL Server. + +You can create multiple Security services; the default service is created while configuring +Directory Manager. + +## The Default Security Service + +See [The Default Data Service](/docs/directorymanager/11.1/signin/service/dataservice/overview.md#the-default-data-service) topic. + +At the time of Directory Manager installation, a generic signing key is assigned to the Directory +Manager Security Service. For security reasons, it is recommended that a unique signing key is used +which is specific to your environment. Using Netwrix Directory Manager (formerly GroupID) Signing +Key Utility you can replace the old signing key with a new key. See the +[Signing Key Utility](/docs/directorymanager/11.1/signin/service/securityservice/signkeyutility.md) topic for additional information. + +## Why Create Multiple Security Services? + +See the +[Why Create Multiple Data Services?](/docs/directorymanager/11.1/signin/service/dataservice/overview.md#why-create-multiple-data-services) +topic while replacing references to Data service with Security service. After defining multiple +Security services, you can enable communication between them. As a result of their communication, +logged in session-related information persists across multiple Directory Manager clients. See the +[Manage Advanced Settings](manage.md#manage-advanced-settings) section of the +[Manage Security Service Settings](/docs/directorymanager/11.1/signin/service/securityservice/manage.md) topics for additional information. diff --git a/docs/directorymanager/11.1/admincenter/service/securityservice/signkeyutility.md b/docs/directorymanager/11.1/signin/service/securityservice/signkeyutility.md similarity index 97% rename from docs/directorymanager/11.1/admincenter/service/securityservice/signkeyutility.md rename to docs/directorymanager/11.1/signin/service/securityservice/signkeyutility.md index 7608b59858..c7b919882e 100644 --- a/docs/directorymanager/11.1/admincenter/service/securityservice/signkeyutility.md +++ b/docs/directorymanager/11.1/signin/service/securityservice/signkeyutility.md @@ -1,3 +1,9 @@ +--- +title: "Signing Key Utility" +description: "Signing Key Utility" +sidebar_position: 30 +--- + # Signing Key Utility This utility was created to remediate the vulnerability described in Netwrix security advisory diff --git a/docs/directorymanager/11.1/admincenter/signin.md b/docs/directorymanager/11.1/signin/signin.md similarity index 90% rename from docs/directorymanager/11.1/admincenter/signin.md rename to docs/directorymanager/11.1/signin/signin.md index 5a5adf6065..b494300371 100644 --- a/docs/directorymanager/11.1/admincenter/signin.md +++ b/docs/directorymanager/11.1/signin/signin.md @@ -1,3 +1,9 @@ +--- +title: "Access Admin Center" +description: "Access Admin Center" +sidebar_position: 40 +--- + # Access Admin Center Admin Center is a web-based application that can be accessed over the Internet and Intranet. It @@ -17,7 +23,7 @@ Use any of the following methods to connect and sign in: NOTE: To sign in using the Directory Manager provider, enter the username and password you provided for the _GroupID administrator_ on the Service Account Settings page of the Configuration Tool. See the - [Configure a New Directory Manager Server with a New or an Existing Database](/docs/directorymanager/11.1/install/configure/gidserver.md) + [Configure a New Directory Manager Server with a New or an Existing Database](/docs/directorymanager/11.1/about/configure/gidserver.md) topic. - Select an identity store and sign in using a SAML provider. This option is available if a SAML @@ -84,11 +90,11 @@ For second factor authentication, one of the following applies: - If you have not enrolled your identity store account in Directory Manager, the Enroll Account page is displayed. You must enroll using at least one authentication type. See the - [Enroll your Identity Store Account](/docs/directorymanager/11.1/admincenter/enroll.md) topic. + [Enroll your Identity Store Account](/docs/directorymanager/11.1/signin/concepts/enroll.md) topic. - If you have already enrolled your identity store account in Directory Manager, the Authenticate page is displayed. It lists the authentication type(s) your account is enrolled with. Select an authentication type to authenticate. See the - [Authenticate your Identity Store Account](/docs/directorymanager/11.1/admincenter/authenticate.md) topic. + [Authenticate your Identity Store Account](/docs/directorymanager/11.1/signin/concepts/authenticate.md) topic. ## Sign Out @@ -103,6 +109,6 @@ Directory Manager version. See Also -- [Getting Started](/docs/directorymanager/11.1/gettingstarted.md) -- [Dashboard](/docs/directorymanager/11.1/admincenter/general/dashboard.md) -- [Navigation](/docs/directorymanager/11.1/admincenter/general/navigation.md) +- [Getting Started](/docs/directorymanager/11.1/introduction/gettingstarted.md) +- [Dashboard](/docs/directorymanager/11.1/signin/concepts/dashboard.md) +- [Navigation](/docs/directorymanager/11.1/signin/concepts/navigation.md) diff --git a/docs/directorymanager/11.1/signin/smsgateway/_category_.json b/docs/directorymanager/11.1/signin/smsgateway/_category_.json new file mode 100644 index 0000000000..a75a3d956a --- /dev/null +++ b/docs/directorymanager/11.1/signin/smsgateway/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "SMS Gateway", + "position": 140, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/directorymanager/11.1/signin/smsgateway/custom/_category_.json b/docs/directorymanager/11.1/signin/smsgateway/custom/_category_.json new file mode 100644 index 0000000000..6dde566d36 --- /dev/null +++ b/docs/directorymanager/11.1/signin/smsgateway/custom/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "ISMSGateway Members", + "position": 30, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/directorymanager/11.1/admincenter/smsgateway/custom/accountid.md b/docs/directorymanager/11.1/signin/smsgateway/custom/accountid.md similarity index 82% rename from docs/directorymanager/11.1/admincenter/smsgateway/custom/accountid.md rename to docs/directorymanager/11.1/signin/smsgateway/custom/accountid.md index ca77c27356..d4c8d7ce0c 100644 --- a/docs/directorymanager/11.1/admincenter/smsgateway/custom/accountid.md +++ b/docs/directorymanager/11.1/signin/smsgateway/custom/accountid.md @@ -1,3 +1,9 @@ +--- +title: "ISmsGateway.AccountId" +description: "ISmsGateway.AccountId" +sidebar_position: 10 +--- + # ISmsGateway.AccountId Gets or sets the account ID for connecting with the SMS gateway. @@ -26,4 +32,4 @@ gateway needs for authenticating a connection. **See Also** -- [Implement and Deploy a Custom SMS Gateway](/docs/directorymanager/11.1/admincenter/smsgateway/implementcustom.md) +- [Implement and Deploy a Custom SMS Gateway](/docs/directorymanager/11.1/signin/smsgateway/implementcustom.md) diff --git a/docs/directorymanager/11.1/signin/smsgateway/custom/class/_category_.json b/docs/directorymanager/11.1/signin/smsgateway/custom/class/_category_.json new file mode 100644 index 0000000000..a836b22f41 --- /dev/null +++ b/docs/directorymanager/11.1/signin/smsgateway/custom/class/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "ShortMessage class", + "position": 150, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "class" + } +} \ No newline at end of file diff --git a/docs/directorymanager/11.1/signin/smsgateway/custom/class/accesscode.md b/docs/directorymanager/11.1/signin/smsgateway/custom/class/accesscode.md new file mode 100644 index 0000000000..0146d570c4 --- /dev/null +++ b/docs/directorymanager/11.1/signin/smsgateway/custom/class/accesscode.md @@ -0,0 +1,29 @@ +--- +title: "ShortMessage.AccessCode" +description: "ShortMessage.AccessCode" +sidebar_position: 10 +--- + +# ShortMessage.AccessCode + +Gets or sets the confirmation code that will be sent to registered mobile phone users. + +**Namespace:** Imanami.directorymanager.DataTransferObjects.DataContracts.SMS + +**Assembly:** Imanami.directorymanager.DataTransferObjects.dll + +**Syntax** + +``` +public string AccessCode { get; set; } +``` + +**Return Value** + +Type: [System.String](http://msdn.microsoft.com/en-us/library/system.string.aspx) + +The confirmation code. + +See Also + +- [ShortMessage class](/docs/directorymanager/11.1/signin/smsgateway/custom/class/class.md) diff --git a/docs/directorymanager/11.1/signin/smsgateway/custom/class/class.md b/docs/directorymanager/11.1/signin/smsgateway/custom/class/class.md new file mode 100644 index 0000000000..d97ae1fe5a --- /dev/null +++ b/docs/directorymanager/11.1/signin/smsgateway/custom/class/class.md @@ -0,0 +1,31 @@ +--- +title: "ShortMessage class" +description: "ShortMessage class" +sidebar_position: 150 +--- + +# ShortMessage class + +ShortMessage is a DTO (Data Transfer Object) class that defines the elements of the text message. + +Following is a list of its members with description: + +- [ShortMessage.AccessCode](/docs/directorymanager/11.1/signin/smsgateway/custom/class/accesscode.md) +- [ShortMessage.MaxLength](/docs/directorymanager/11.1/signin/smsgateway/custom/class/maxlength.md) +- [ShortMessage.Message](/docs/directorymanager/11.1/signin/smsgateway/custom/class/message.md) +- [ShortMessage.PhoneNumbers](/docs/directorymanager/11.1/signin/smsgateway/custom/class/phonenumbers.md) +- [ShortMessage.ReferenceId](/docs/directorymanager/11.1/signin/smsgateway/custom/class/referenceid.md) +- [ShortMessage.Validate](/docs/directorymanager/11.1/signin/smsgateway/custom/class/validate.md) + +| Member | Description | +| ----------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------- | +| [ShortMessage.AccessCode](/docs/directorymanager/11.1/signin/smsgateway/custom/class/accesscode.md) property | Gets or sets the confirmation code that will be sent to registered mobile phone users. | +| [ShortMessage.MaxLength](/docs/directorymanager/11.1/signin/smsgateway/custom/class/maxlength.md) property | Defines the maximum length of an SMS message. | +| [ShortMessage.Message](/docs/directorymanager/11.1/signin/smsgateway/custom/class/message.md) property | Gets or sets the supporting message text that will be sent to registered mobile phone users along with the confirmation code. | +| [ShortMessage.PhoneNumbers](/docs/directorymanager/11.1/signin/smsgateway/custom/class/phonenumbers.md) property | Gets or sets the list of phone numbers to send the message to. | +| [ShortMessage.ReferenceId](/docs/directorymanager/11.1/signin/smsgateway/custom/class/referenceid.md) property | Gets or sets the reference ID for the text message. | +| [ShortMessage.Validate](/docs/directorymanager/11.1/signin/smsgateway/custom/class/validate.md) method | Validates various elements in an SMS message, such as message length and phone number. | + +**See Also** + +- [ISMSGateway Members](/docs/directorymanager/11.1/signin/smsgateway/custom/overview.md) diff --git a/docs/directorymanager/11.1/signin/smsgateway/custom/class/class_1.md b/docs/directorymanager/11.1/signin/smsgateway/custom/class/class_1.md new file mode 100644 index 0000000000..23f1d90ce5 --- /dev/null +++ b/docs/directorymanager/11.1/signin/smsgateway/custom/class/class_1.md @@ -0,0 +1,26 @@ +--- +title: "SendSmsMessageResult class" +description: "SendSmsMessageResult class" +sidebar_position: 160 +--- + +# SendSmsMessageResult class + +Returns the message delivery status (success or failure) and exceptions (if any) that occur while +sending the text message to the target mobile phone numbers. + +Following is a list of its members with description: + +- [SendSmsMessageResult.ExceptionMessage](/docs/directorymanager/11.1/signin/smsgateway/custom/class/exceptionmessage.md) +- [SendSmsMessageResult.Message](/docs/directorymanager/11.1/signin/smsgateway/custom/class/message_1.md) +- [SendSmsMessageResult.Success](/docs/directorymanager/11.1/signin/smsgateway/custom/class/success.md) + +| Member | Description | +| ------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------- | +| ExceptionMessage property | Gets the exception message if one occurs while sending the text message. | +| Message property | Returns the [ShortMessage class](/docs/directorymanager/11.1/signin/smsgateway/custom/class/class.md) object processed by the [ISmsGateway.SendShortMessage](/docs/directorymanager/11.1/signin/smsgateway/custom/sendshortmessage.md) method. | +| Success property | Returns a boolean value indicating whether the text message is successfully sent to the target mobile phone numbers. | + +**See Also** + +- [ISMSGateway Members](/docs/directorymanager/11.1/signin/smsgateway/custom/overview.md) diff --git a/docs/directorymanager/11.1/signin/smsgateway/custom/class/exceptionmessage.md b/docs/directorymanager/11.1/signin/smsgateway/custom/class/exceptionmessage.md new file mode 100644 index 0000000000..02da0c3bff --- /dev/null +++ b/docs/directorymanager/11.1/signin/smsgateway/custom/class/exceptionmessage.md @@ -0,0 +1,29 @@ +--- +title: "SendSmsMessageResult.ExceptionMessage" +description: "SendSmsMessageResult.ExceptionMessage" +sidebar_position: 10 +--- + +# SendSmsMessageResult.ExceptionMessage + +Gets the exception message if one occurs while sending SMS. + +**Namespace:** Imanami.directorymanager.DataTransferObjects.DataContracts.SMS + +**Assembly:** Imanami.directorymanager.DataTransferObjects.dll + +**Syntax** + +``` +public string ExceptionMessage +``` + +**Return Value** + +Type: [System.String](http://msdn.microsoft.com/en-us/library/system.string.aspx) + +The exception details. + +See Also + +- [SendSmsMessageResult class](/docs/directorymanager/11.1/signin/smsgateway/custom/class/class_1.md) diff --git a/docs/directorymanager/11.1/admincenter/smsgateway/custom/shortmessage/maxlength.md b/docs/directorymanager/11.1/signin/smsgateway/custom/class/maxlength.md similarity index 79% rename from docs/directorymanager/11.1/admincenter/smsgateway/custom/shortmessage/maxlength.md rename to docs/directorymanager/11.1/signin/smsgateway/custom/class/maxlength.md index b028813e7d..74f96a07e0 100644 --- a/docs/directorymanager/11.1/admincenter/smsgateway/custom/shortmessage/maxlength.md +++ b/docs/directorymanager/11.1/signin/smsgateway/custom/class/maxlength.md @@ -1,3 +1,9 @@ +--- +title: "ShortMessage.MaxLength" +description: "ShortMessage.MaxLength" +sidebar_position: 20 +--- + # ShortMessage.MaxLength Defines the maximum length of an SMS message. @@ -27,4 +33,4 @@ more from the gateway. See Also -- [ShortMessage class](/docs/directorymanager/11.1/admincenter/smsgateway/custom/shortmessage/class.md) +- [ShortMessage class](/docs/directorymanager/11.1/signin/smsgateway/custom/class/class.md) diff --git a/docs/directorymanager/11.1/signin/smsgateway/custom/class/message.md b/docs/directorymanager/11.1/signin/smsgateway/custom/class/message.md new file mode 100644 index 0000000000..d745091b4f --- /dev/null +++ b/docs/directorymanager/11.1/signin/smsgateway/custom/class/message.md @@ -0,0 +1,30 @@ +--- +title: "ShortMessage.Message" +description: "ShortMessage.Message" +sidebar_position: 30 +--- + +# ShortMessage.Message + +Gets or sets the supporting message text that will be sent to registered mobile phone users along +with the confirmation code. + +**Namespace:** Imanami.directorymanager.DataTransferObjects.DataContracts.SMS + +**Assembly:** Imanami.directorymanager.DataTransferObjects.dll + +**Syntax** + +``` +public string Message { get; set; } +``` + +**Return Value** + +Type: [System.String](http://msdn.microsoft.com/en-us/library/system.string.aspx) + +The message text. + +See Also + +- [ShortMessage class](/docs/directorymanager/11.1/signin/smsgateway/custom/class/class.md) diff --git a/docs/directorymanager/11.1/signin/smsgateway/custom/class/message_1.md b/docs/directorymanager/11.1/signin/smsgateway/custom/class/message_1.md new file mode 100644 index 0000000000..b09411d192 --- /dev/null +++ b/docs/directorymanager/11.1/signin/smsgateway/custom/class/message_1.md @@ -0,0 +1,32 @@ +--- +title: "SendSmsMessageResult.Message" +description: "SendSmsMessageResult.Message" +sidebar_position: 20 +--- + +# SendSmsMessageResult.Message + +Returns the [ShortMessage class](/docs/directorymanager/11.1/signin/smsgateway/custom/class/class.md) object processed by the +[ISmsGateway.SendShortMessage](/docs/directorymanager/11.1/signin/smsgateway/custom/sendshortmessage.md) method. + +**Namespace:** Imanami.directorymanager.DataTransferObjects.DataContracts.SMS + +**Assembly:** Imanami.directorymanager.DataTransferObjects.dll + +**Syntax** + +``` +public ShortMessage Message; +``` + +**Return Value** + +Type: Imanami.directorymanager.DataTransferObjects.DataContracts.SMS.ShortMessage + +Object containing elements of the text message. + +See Also + +- [SendSmsMessageResult class](/docs/directorymanager/11.1/signin/smsgateway/custom/class/class_1.md) +- [ShortMessage class](/docs/directorymanager/11.1/signin/smsgateway/custom/class/class.md) +- [Implement and Deploy a Custom SMS Gateway](/docs/directorymanager/11.1/signin/smsgateway/implementcustom.md) diff --git a/docs/directorymanager/11.1/signin/smsgateway/custom/class/phonenumbers.md b/docs/directorymanager/11.1/signin/smsgateway/custom/class/phonenumbers.md new file mode 100644 index 0000000000..c0108a0f74 --- /dev/null +++ b/docs/directorymanager/11.1/signin/smsgateway/custom/class/phonenumbers.md @@ -0,0 +1,30 @@ +--- +title: "ShortMessage.PhoneNumbers" +description: "ShortMessage.PhoneNumbers" +sidebar_position: 40 +--- + +# ShortMessage.PhoneNumbers + +Gets or sets the list of mobile phone numbers to send the message to. + +**Namespace:** Imanami.directorymanager.DataTransferObjects.DataContracts.SMS + +**Assembly:** Imanami.directorymanager.DataTransferObjects.dll + +**Syntax** + +``` +public List PhoneNumbers { get; set; } +``` + +**Return Value** + +Type: +[](http://msdn.microsoft.com/en-us/library/system.string.aspx)[System.Collection.Generic.List(of T)](http://msdn.microsoft.com/en-us/library/6sh2ey19.aspx) + +A list of mobile phone numbers. + +See Also + +- [ShortMessage class](/docs/directorymanager/11.1/signin/smsgateway/custom/class/class.md) diff --git a/docs/directorymanager/11.1/signin/smsgateway/custom/class/referenceid.md b/docs/directorymanager/11.1/signin/smsgateway/custom/class/referenceid.md new file mode 100644 index 0000000000..fe3a28afcb --- /dev/null +++ b/docs/directorymanager/11.1/signin/smsgateway/custom/class/referenceid.md @@ -0,0 +1,29 @@ +--- +title: "ShortMessage.ReferenceId" +description: "ShortMessage.ReferenceId" +sidebar_position: 50 +--- + +# ShortMessage.ReferenceId + +Gets or sets the reference ID for the text message. + +**Namespace:** Imanami.directorymanager.DataTransferObjects.DataContracts.SMS + +**Assembly:** Imanami.directorymanager.DataTransferObjects.dll + +**Syntax** + +``` +public string ReferenceId { get; set; } +``` + +**Return Value** + +Type: [System.String](http://msdn.microsoft.com/en-us/library/system.string.aspx) + +The reference ID for the text message. + +See Also + +- [ShortMessage class](/docs/directorymanager/11.1/signin/smsgateway/custom/class/class.md) diff --git a/docs/directorymanager/11.1/signin/smsgateway/custom/class/success.md b/docs/directorymanager/11.1/signin/smsgateway/custom/class/success.md new file mode 100644 index 0000000000..3cc2f79089 --- /dev/null +++ b/docs/directorymanager/11.1/signin/smsgateway/custom/class/success.md @@ -0,0 +1,30 @@ +--- +title: "SendSmsMessageResult.Success" +description: "SendSmsMessageResult.Success" +sidebar_position: 30 +--- + +# SendSmsMessageResult.Success + +Returns a boolean value indicating whether the text message is successfully sent to the target +mobile phone numbers. + +**Namespace:** Imanami.directorymanager.DataTransferObjects.DataContracts.SMS + +**Assembly:** Imanami.directorymanager.DataTransferObjects.dll + +**Syntax** + +``` +public bool Success; +``` + +**Return Value** + +Type: [System.Boolean](http://msdn.microsoft.com/en-us/library/system.boolean.aspx) + +True if the message is delivered successfully. + +See Also + +- [SendSmsMessageResult class](/docs/directorymanager/11.1/signin/smsgateway/custom/class/class_1.md) diff --git a/docs/directorymanager/11.1/admincenter/smsgateway/custom/shortmessage/validate.md b/docs/directorymanager/11.1/signin/smsgateway/custom/class/validate.md similarity index 77% rename from docs/directorymanager/11.1/admincenter/smsgateway/custom/shortmessage/validate.md rename to docs/directorymanager/11.1/signin/smsgateway/custom/class/validate.md index 07a55bfec2..4c0be0c2cc 100644 --- a/docs/directorymanager/11.1/admincenter/smsgateway/custom/shortmessage/validate.md +++ b/docs/directorymanager/11.1/signin/smsgateway/custom/class/validate.md @@ -1,3 +1,9 @@ +--- +title: "ShortMessage.Validate" +description: "ShortMessage.Validate" +sidebar_position: 60 +--- + # ShortMessage.Validate The Validate method validates the following: @@ -25,4 +31,4 @@ True if all validation checks are passed. See Also -- [ShortMessage class](/docs/directorymanager/11.1/admincenter/smsgateway/custom/shortmessage/class.md) +- [ShortMessage class](/docs/directorymanager/11.1/signin/smsgateway/custom/class/class.md) diff --git a/docs/directorymanager/11.1/signin/smsgateway/custom/clone.md b/docs/directorymanager/11.1/signin/smsgateway/custom/clone.md new file mode 100644 index 0000000000..3e50414d75 --- /dev/null +++ b/docs/directorymanager/11.1/signin/smsgateway/custom/clone.md @@ -0,0 +1,29 @@ +--- +title: "ISmsGateway.Clone" +description: "ISmsGateway.Clone" +sidebar_position: 20 +--- + +# ISmsGateway.Clone + +Returns a clone object of the **ISMSGateway** interface. + +**Namespace:** Imanami.PublicInterfaces + +**Assembly:** Imanami.PublicInterfaces.dll + +**Syntax** + +``` +ISmsGateway Clone(); +``` + +**Return Value** + +Type: Imanami.PublicInterfaces.ISmsGateway + +The clone object. + +**See Also** + +- [Implement and Deploy a Custom SMS Gateway](/docs/directorymanager/11.1/signin/smsgateway/implementcustom.md) diff --git a/docs/directorymanager/11.1/signin/smsgateway/custom/overview.md b/docs/directorymanager/11.1/signin/smsgateway/custom/overview.md new file mode 100644 index 0000000000..de473c3635 --- /dev/null +++ b/docs/directorymanager/11.1/signin/smsgateway/custom/overview.md @@ -0,0 +1,42 @@ +--- +title: "ISMSGateway Members" +description: "ISMSGateway Members" +sidebar_position: 30 +--- + +# ISMSGateway Members + +To define a custom gateway, a list of ISMSGateway members that you must implement are listed below: + +- [ISmsGateway.AccountId](/docs/directorymanager/11.1/signin/smsgateway/custom/accountid.md) +- [ISmsGateway.Clone](/docs/directorymanager/11.1/signin/smsgateway/custom/clone.md) +- [ISmsGateway.Password](/docs/directorymanager/11.1/signin/smsgateway/custom/password.md) +- [ISmsGateway.ProxyDomain](/docs/directorymanager/11.1/signin/smsgateway/custom/proxydomain.md) +- [ISmsGateway.ProxyHostName](/docs/directorymanager/11.1/signin/smsgateway/custom/proxyhostname.md) +- [ISmsGateway.ProxyPassword](/docs/directorymanager/11.1/signin/smsgateway/custom/proxypassword.md) +- [ISmsGateway.ProxyPort](/docs/directorymanager/11.1/signin/smsgateway/custom/proxyport.md) +- [ISmsGateway.ProxyUsername](/docs/directorymanager/11.1/signin/smsgateway/custom/proxyusername.md) +- [ISmsGateway.SendShortMessage](/docs/directorymanager/11.1/signin/smsgateway/custom/sendshortmessage.md) +- [ISmsGateway.TestConnection](/docs/directorymanager/11.1/signin/smsgateway/custom/testconnection.md) +- [ISmsGateway.TestCredentials](/docs/directorymanager/11.1/signin/smsgateway/custom/testcredentials.md) +- [ISmsGateway.TestProxy](/docs/directorymanager/11.1/signin/smsgateway/custom/testproxy.md) +- [ISmsGateway.Url](/docs/directorymanager/11.1/signin/smsgateway/custom/url.md) +- [ISmsGateway.UserId](/docs/directorymanager/11.1/signin/smsgateway/custom/userid.md) + +- ShortMessage ([ShortMessage class](/docs/directorymanager/11.1/signin/smsgateway/custom/class/class.md)) + + - [ShortMessage.AccessCode](/docs/directorymanager/11.1/signin/smsgateway/custom/class/accesscode.md) + - [ShortMessage.MaxLength](/docs/directorymanager/11.1/signin/smsgateway/custom/class/maxlength.md) + - [ShortMessage.Message](/docs/directorymanager/11.1/signin/smsgateway/custom/class/message.md) + - [ShortMessage.PhoneNumbers](/docs/directorymanager/11.1/signin/smsgateway/custom/class/phonenumbers.md) + - [ShortMessage.ReferenceId](/docs/directorymanager/11.1/signin/smsgateway/custom/class/referenceid.md) + - [ShortMessage.Validate](/docs/directorymanager/11.1/signin/smsgateway/custom/class/validate.md) + +- SendSmsMessageResult ([SendSmsMessageResult class](/docs/directorymanager/11.1/signin/smsgateway/custom/class/class_1.md)) + - [SendSmsMessageResult.ExceptionMessage](/docs/directorymanager/11.1/signin/smsgateway/custom/class/exceptionmessage.md) + - [SendSmsMessageResult.Message](/docs/directorymanager/11.1/signin/smsgateway/custom/class/message_1.md) + - [SendSmsMessageResult.Success](/docs/directorymanager/11.1/signin/smsgateway/custom/class/success.md) + +**See Also** + +- [Implement and Deploy a Custom SMS Gateway](/docs/directorymanager/11.1/signin/smsgateway/implementcustom.md) diff --git a/docs/directorymanager/11.1/signin/smsgateway/custom/password.md b/docs/directorymanager/11.1/signin/smsgateway/custom/password.md new file mode 100644 index 0000000000..b45281f95b --- /dev/null +++ b/docs/directorymanager/11.1/signin/smsgateway/custom/password.md @@ -0,0 +1,29 @@ +--- +title: "ISmsGateway.Password" +description: "ISmsGateway.Password" +sidebar_position: 30 +--- + +# ISmsGateway.Password + +Gets or sets the password of the user account registered with the SMS gateway provider. + +**Namespace:** Imanami.PublicInterfaces + +**Assembly:** Imanami.PublicInterfaces.dll + +**Syntax** + +``` +string Password { get; set; } +``` + +**Return Value** + +Type: [System.String](http://msdn.microsoft.com/en-us/library/system.string.aspx) + +The value of the password. + +**See Also** + +- [Implement and Deploy a Custom SMS Gateway](/docs/directorymanager/11.1/signin/smsgateway/implementcustom.md) diff --git a/docs/directorymanager/11.1/admincenter/smsgateway/custom/proxydomain.md b/docs/directorymanager/11.1/signin/smsgateway/custom/proxydomain.md similarity index 80% rename from docs/directorymanager/11.1/admincenter/smsgateway/custom/proxydomain.md rename to docs/directorymanager/11.1/signin/smsgateway/custom/proxydomain.md index 9854ebc627..87d6e079b3 100644 --- a/docs/directorymanager/11.1/admincenter/smsgateway/custom/proxydomain.md +++ b/docs/directorymanager/11.1/signin/smsgateway/custom/proxydomain.md @@ -1,3 +1,9 @@ +--- +title: "ISmsGateway.ProxyDomain" +description: "ISmsGateway.ProxyDomain" +sidebar_position: 40 +--- + # ISmsGateway.ProxyDomain Gets or sets the domain name or IP address of the proxy server. @@ -25,4 +31,4 @@ the domain name or IP address of that proxy server. **See Also** -- [Implement and Deploy a Custom SMS Gateway](/docs/directorymanager/11.1/admincenter/smsgateway/implementcustom.md) +- [Implement and Deploy a Custom SMS Gateway](/docs/directorymanager/11.1/signin/smsgateway/implementcustom.md) diff --git a/docs/directorymanager/11.1/admincenter/smsgateway/custom/proxyhostname.md b/docs/directorymanager/11.1/signin/smsgateway/custom/proxyhostname.md similarity index 79% rename from docs/directorymanager/11.1/admincenter/smsgateway/custom/proxyhostname.md rename to docs/directorymanager/11.1/signin/smsgateway/custom/proxyhostname.md index 28d46e9684..6883057253 100644 --- a/docs/directorymanager/11.1/admincenter/smsgateway/custom/proxyhostname.md +++ b/docs/directorymanager/11.1/signin/smsgateway/custom/proxyhostname.md @@ -1,3 +1,9 @@ +--- +title: "ISmsGateway.ProxyHostName" +description: "ISmsGateway.ProxyHostName" +sidebar_position: 50 +--- + # ISmsGateway.ProxyHostName Gets or sets the host name of the proxy server. @@ -25,4 +31,4 @@ provide the host name of the proxy server. **See Also** -- [Implement and Deploy a Custom SMS Gateway](/docs/directorymanager/11.1/admincenter/smsgateway/implementcustom.md) +- [Implement and Deploy a Custom SMS Gateway](/docs/directorymanager/11.1/signin/smsgateway/implementcustom.md) diff --git a/docs/directorymanager/11.1/admincenter/smsgateway/custom/proxypassword.md b/docs/directorymanager/11.1/signin/smsgateway/custom/proxypassword.md similarity index 79% rename from docs/directorymanager/11.1/admincenter/smsgateway/custom/proxypassword.md rename to docs/directorymanager/11.1/signin/smsgateway/custom/proxypassword.md index 2229c73cce..108b4360dd 100644 --- a/docs/directorymanager/11.1/admincenter/smsgateway/custom/proxypassword.md +++ b/docs/directorymanager/11.1/signin/smsgateway/custom/proxypassword.md @@ -1,3 +1,9 @@ +--- +title: "ISmsGateway.ProxyPassword" +description: "ISmsGateway.ProxyPassword" +sidebar_position: 60 +--- + # ISmsGateway.ProxyPassword Gets or sets the password of the user account that will be used for connecting to the proxy server. @@ -24,4 +30,4 @@ Use this property if your proxy server requires a user name and password for con **See Also** -- [Implement and Deploy a Custom SMS Gateway](/docs/directorymanager/11.1/admincenter/smsgateway/implementcustom.md) +- [Implement and Deploy a Custom SMS Gateway](/docs/directorymanager/11.1/signin/smsgateway/implementcustom.md) diff --git a/docs/directorymanager/11.1/admincenter/smsgateway/custom/proxyport.md b/docs/directorymanager/11.1/signin/smsgateway/custom/proxyport.md similarity index 79% rename from docs/directorymanager/11.1/admincenter/smsgateway/custom/proxyport.md rename to docs/directorymanager/11.1/signin/smsgateway/custom/proxyport.md index 350265df37..abdc22c364 100644 --- a/docs/directorymanager/11.1/admincenter/smsgateway/custom/proxyport.md +++ b/docs/directorymanager/11.1/signin/smsgateway/custom/proxyport.md @@ -1,3 +1,9 @@ +--- +title: "ISmsGateway.ProxyPort" +description: "ISmsGateway.ProxyPort" +sidebar_position: 70 +--- + # ISmsGateway.ProxyPort Gets or sets the port number used by the proxy server. @@ -25,4 +31,4 @@ the port number the proxy server uses. **See Also** -- [Implement and Deploy a Custom SMS Gateway](/docs/directorymanager/11.1/admincenter/smsgateway/implementcustom.md) +- [Implement and Deploy a Custom SMS Gateway](/docs/directorymanager/11.1/signin/smsgateway/implementcustom.md) diff --git a/docs/directorymanager/11.1/admincenter/smsgateway/custom/proxyusername.md b/docs/directorymanager/11.1/signin/smsgateway/custom/proxyusername.md similarity index 78% rename from docs/directorymanager/11.1/admincenter/smsgateway/custom/proxyusername.md rename to docs/directorymanager/11.1/signin/smsgateway/custom/proxyusername.md index 7f91d55b03..9991727a5d 100644 --- a/docs/directorymanager/11.1/admincenter/smsgateway/custom/proxyusername.md +++ b/docs/directorymanager/11.1/signin/smsgateway/custom/proxyusername.md @@ -1,3 +1,9 @@ +--- +title: "ISmsGateway.ProxyUsername" +description: "ISmsGateway.ProxyUsername" +sidebar_position: 80 +--- + # ISmsGateway.ProxyUsername Gets or sets the user name for connecting to the proxy server. @@ -24,4 +30,4 @@ Use this property if your proxy server requires a user name and password for con **See Also** -- [Implement and Deploy a Custom SMS Gateway](/docs/directorymanager/11.1/admincenter/smsgateway/implementcustom.md) +- [Implement and Deploy a Custom SMS Gateway](/docs/directorymanager/11.1/signin/smsgateway/implementcustom.md) diff --git a/docs/directorymanager/11.1/signin/smsgateway/custom/sendshortmessage.md b/docs/directorymanager/11.1/signin/smsgateway/custom/sendshortmessage.md new file mode 100644 index 0000000000..31fdb575e9 --- /dev/null +++ b/docs/directorymanager/11.1/signin/smsgateway/custom/sendshortmessage.md @@ -0,0 +1,39 @@ +--- +title: "ISmsGateway.SendShortMessage" +description: "ISmsGateway.SendShortMessage" +sidebar_position: 90 +--- + +# ISmsGateway.SendShortMessage + +Sends text messages to the target mobile phone numbers. + +**Namespace:** Imanami.PublicInterfaces + +**Assembly:** Imanami.PublicInterfaces.dll + +**Syntax** + +``` +SendSmsMessageResult SendShortMessage(ShortMessage shortMessage); +``` + +Parameters + +**ShortMessage** + +Type: Imanami.directorymanager.DataTransferObjects.DataContracts.SMS.ShortMessage + +The object defining the message elements including the target mobile phone numbers. + +**Return Value** + +Type: Imanami.directorymanager.DataTransferObjects.DataContracts.SMS.SendSmsMessageResult + +The object containing the message delivery status and exception details. + +See Also + +- [ShortMessage class](/docs/directorymanager/11.1/signin/smsgateway/custom/class/class.md) +- [SendSmsMessageResult class](/docs/directorymanager/11.1/signin/smsgateway/custom/class/class_1.md) +- [Implement and Deploy a Custom SMS Gateway](/docs/directorymanager/11.1/signin/smsgateway/implementcustom.md) diff --git a/docs/directorymanager/11.1/signin/smsgateway/custom/testconnection.md b/docs/directorymanager/11.1/signin/smsgateway/custom/testconnection.md new file mode 100644 index 0000000000..356543c2d8 --- /dev/null +++ b/docs/directorymanager/11.1/signin/smsgateway/custom/testconnection.md @@ -0,0 +1,29 @@ +--- +title: "ISmsGateway.TestConnection" +description: "ISmsGateway.TestConnection" +sidebar_position: 100 +--- + +# ISmsGateway.TestConnection + +Tests your connection with the SMS gateway. + +**Namespace:** Imanami.PublicInterfaces + +**Assembly:** Imanami.PublicInterfaces.dll + +**Syntax** + +``` +bool TestConnection(); +``` + +**Return Value** + +Type: [System.Boolean](http://msdn.microsoft.com/en-us/library/system.boolean.aspx) + +True if a connection is established with the SMS gateway. + +**See Also** + +- [Implement and Deploy a Custom SMS Gateway](/docs/directorymanager/11.1/signin/smsgateway/implementcustom.md) diff --git a/docs/directorymanager/11.1/signin/smsgateway/custom/testcredentials.md b/docs/directorymanager/11.1/signin/smsgateway/custom/testcredentials.md new file mode 100644 index 0000000000..0199ebd38b --- /dev/null +++ b/docs/directorymanager/11.1/signin/smsgateway/custom/testcredentials.md @@ -0,0 +1,29 @@ +--- +title: "ISmsGateway.TestCredentials" +description: "ISmsGateway.TestCredentials" +sidebar_position: 110 +--- + +# ISmsGateway.TestCredentials + +Tests the credentials for communicating with the SMS gateway for validity. + +**Namespace:** Imanami.PublicInterfaces + +**Assembly:** Imanami.PublicInterfaces.dll + +**Syntax** + +``` +bool TestCredentials(); +``` + +**Return Value** + +Type: [System.Boolean](http://msdn.microsoft.com/en-us/library/system.boolean.aspx) + +True if the credentials are valid. + +**See Also** + +- [Implement and Deploy a Custom SMS Gateway](/docs/directorymanager/11.1/signin/smsgateway/implementcustom.md) diff --git a/docs/directorymanager/11.1/signin/smsgateway/custom/testproxy.md b/docs/directorymanager/11.1/signin/smsgateway/custom/testproxy.md new file mode 100644 index 0000000000..96a9351817 --- /dev/null +++ b/docs/directorymanager/11.1/signin/smsgateway/custom/testproxy.md @@ -0,0 +1,29 @@ +--- +title: "ISmsGateway.TestProxy" +description: "ISmsGateway.TestProxy" +sidebar_position: 120 +--- + +# ISmsGateway.TestProxy + +Tests the proxy settings. + +**Namespace:** Imanami.PublicInterfaces + +**Assembly:** Imanami.PublicInterfaces.dll + +**Syntax** + +``` +bool TestProxy(); +``` + +**Return Value** + +Type: [System.Boolean](http://msdn.microsoft.com/en-us/library/system.boolean.aspx) + +True if the proxy settings are valid. + +**See Also** + +- [Implement and Deploy a Custom SMS Gateway](/docs/directorymanager/11.1/signin/smsgateway/implementcustom.md) diff --git a/docs/directorymanager/11.1/admincenter/smsgateway/custom/url.md b/docs/directorymanager/11.1/signin/smsgateway/custom/url.md similarity index 84% rename from docs/directorymanager/11.1/admincenter/smsgateway/custom/url.md rename to docs/directorymanager/11.1/signin/smsgateway/custom/url.md index edadc323d7..8a70a61432 100644 --- a/docs/directorymanager/11.1/admincenter/smsgateway/custom/url.md +++ b/docs/directorymanager/11.1/signin/smsgateway/custom/url.md @@ -1,3 +1,9 @@ +--- +title: "ISmsGateway.Url" +description: "ISmsGateway.Url" +sidebar_position: 130 +--- + # ISmsGateway.Url Gets or sets the URL that the SMS gateway provides for sending messages. @@ -26,4 +32,4 @@ is the case with your SMS gateway provider, you can use this property to specify **See Also** -- [Implement and Deploy a Custom SMS Gateway](/docs/directorymanager/11.1/admincenter/smsgateway/implementcustom.md) +- [Implement and Deploy a Custom SMS Gateway](/docs/directorymanager/11.1/signin/smsgateway/implementcustom.md) diff --git a/docs/directorymanager/11.1/admincenter/smsgateway/custom/userid.md b/docs/directorymanager/11.1/signin/smsgateway/custom/userid.md similarity index 76% rename from docs/directorymanager/11.1/admincenter/smsgateway/custom/userid.md rename to docs/directorymanager/11.1/signin/smsgateway/custom/userid.md index 6830d31cc0..ebe87b1ade 100644 --- a/docs/directorymanager/11.1/admincenter/smsgateway/custom/userid.md +++ b/docs/directorymanager/11.1/signin/smsgateway/custom/userid.md @@ -1,3 +1,9 @@ +--- +title: "ISmsGateway.UserId" +description: "ISmsGateway.UserId" +sidebar_position: 140 +--- + # ISmsGateway.UserId Gets or sets the user name of the account registered with the SMS gateway provider. @@ -20,4 +26,4 @@ The value of the user name. **See Also** -- [Implement and Deploy a Custom SMS Gateway](/docs/directorymanager/11.1/admincenter/smsgateway/implementcustom.md) +- [Implement and Deploy a Custom SMS Gateway](/docs/directorymanager/11.1/signin/smsgateway/implementcustom.md) diff --git a/docs/directorymanager/11.1/signin/smsgateway/implementcustom.md b/docs/directorymanager/11.1/signin/smsgateway/implementcustom.md new file mode 100644 index 0000000000..6afd025200 --- /dev/null +++ b/docs/directorymanager/11.1/signin/smsgateway/implementcustom.md @@ -0,0 +1,110 @@ +--- +title: "Implement and Deploy a Custom SMS Gateway" +description: "Implement and Deploy a Custom SMS Gateway" +sidebar_position: 20 +--- + +# Implement and Deploy a Custom SMS Gateway + +You can integrate with additional SMS gateways using the Custom Gateway API. After creating a +gateway, you can add an account for it. See the +[Create an SMS Gateway Account](manage.md#create-an-sms-gateway-account) topic. + +What do you want to do? + +- Implement a Custom SMS Gateway +- Deploy a Custom SMS Gateway + +## Implement a Custom SMS Gateway + +1. Define a class that implements the **ISMSGateway interface** which is defined in the + **Imanami.PublicInterfaces** namespace (_Imanami.PublicInterfaces.dll_). The core method for + dispatching text messages makes use of objects that are defined in the + **Imanami.directorymanager.DataTransferObjects.DataContracts.SMS** namespace + (_Imanami.directorymanager.DataTransferObjects.dll_). + The DLLs for both the namespaces are available at the Directory Manager installation directory. A + list of **ISMSGateway members** that you must implement are discussed in the following table: + + | Member | Description | + | ----------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | + | [ISmsGateway.SendShortMessage](/docs/directorymanager/11.1/signin/smsgateway/custom/sendshortmessage.md) method | Takes as input the [ShortMessage class](/docs/directorymanager/11.1/signin/smsgateway/custom/class/class.md) object, which defines elements of the text message, sends messages to the target recipients, and returns the [SendSmsMessageResult class](/docs/directorymanager/11.1/signin/smsgateway/custom/class/class_1.md) object, which contains  message delivery status and exception details | + | [ISmsGateway.TestCredentials](/docs/directorymanager/11.1/signin/smsgateway/custom/testcredentials.md) method | Returns a boolean value indicating whether the credentials for communicating with the SMS gateway are valid. | + | [ISmsGateway.TestConnection](/docs/directorymanager/11.1/signin/smsgateway/custom/testconnection.md) method | Returns a boolean value indicating whether the connection with the SMS gateway is established successfully. | + | [ISmsGateway.TestProxy](/docs/directorymanager/11.1/signin/smsgateway/custom/testproxy.md) method | Returns a boolean value informing whether the given proxy setting are valid. | + | [ISmsGateway.Clone](/docs/directorymanager/11.1/signin/smsgateway/custom/clone.md) method | Returns the member-wise clone of the ISMSGateway interface. | + | [ISmsGateway.AccountId](/docs/directorymanager/11.1/signin/smsgateway/custom/accountid.md) property | Gets or sets the account ID for connecting to the SMS gateway. | + | [ISmsGateway.Password](/docs/directorymanager/11.1/signin/smsgateway/custom/password.md) property | Gets or sets the password of the user name assigned by the SMS gateway provider. | + | [ISmsGateway.Url](/docs/directorymanager/11.1/signin/smsgateway/custom/url.md) property | Gets or sets the URL that the SMS gateway provides for sending messages. | + | [ISmsGateway.UserId](/docs/directorymanager/11.1/signin/smsgateway/custom/userid.md) property | Gets or sets the user name assigned to you by the SMS gateway provider. | + | [ISmsGateway.ProxyHostName](/docs/directorymanager/11.1/signin/smsgateway/custom/proxyhostname.md) property | Gets or sets the host name of the proxy server. | + | [ISmsGateway.ProxyPort](/docs/directorymanager/11.1/signin/smsgateway/custom/proxyport.md) property | Gets or sets the port number used by the proxy server. | + | [ISmsGateway.ProxyUsername](/docs/directorymanager/11.1/signin/smsgateway/custom/proxyusername.md) property | Gets or set the user name for connecting to the proxy server. | + | [ISmsGateway.ProxyPassword](/docs/directorymanager/11.1/signin/smsgateway/custom/proxypassword.md) property | Gets or sets the password of the user account that will be used for connecting to the proxy server. | + | [ISmsGateway.ProxyDomain](/docs/directorymanager/11.1/signin/smsgateway/custom/proxydomain.md) property | Gets or sets the domain name or IP address of the proxy server. | + +2. Reference **System.ComponentModel.Composition** + (_System.ComponentModel.Composition.dll_). + + This namespace is required as the **ISMSGateway** is built on top of Microsoft Extensibility + Framework (MEF) and at the core uses it for most of its functionality. + +## Deploy a Custom SMS Gateway + +After you have implemented all members of the **ISMSGateway** interface for your custom SMS gateway, +you must add to it the metadata for the MEF's importing interface. This metadata contains basic +attributes that define the custom gateway assembly. + +### Adding the MEF Exporting Interface + +The following example code shows how to set the SMS gateways basic, defining attributes. You must +add these attributes before the class definition. + +``` +namespace ClickatellCustomSMSGateway  +{ +/// Exporting interface of ISMSGateway  +[Export(typeof(ISmsGateway))]  +/// The syntax of initializing the meta data attributes  +// [SMSGatewayMetadataAttribute ( AccountIdRequired=Is Account ID required by the SMS Gateway? Possible values can be true or False,  +// Description = "a description of the Custom SMS Gateway",  +// Name="Name by which the SMS Gateway should appear in GroupID Management Console",  +// PasswordRequired= Does the SMS Gateway require a password for connecting with it? Possible values can be true or False,  +// UserIdRequired=Does the SMS Gateway require a user ID for connecting with it? Possible values can be true or False,       +// UrlRequired=Does the SMS Gateway expose some URL for sending text messages? Possible values can be true or False,  +// ProxyDomainRequired=Does a proxy domain require for communicating with the SMS Gateway? Possible values can be true or False,       +// ProxyHostNameRequired=Is proxy host name required for connecting with the proxy server? Possible values can be true or False,  +// ProxyPasswordRequired=Does the proxy server require a password for connecting with it? Possible values can be true or False,       +// ProxyPortRequired=Does the port number required for connecting with the proxy server? Possible values can be true or False,  +// ProxyUsernameRequired=Does the proxy server require a user name for connecting with it? Possible values can be true or False,,       +// URL="The address provided by SMS gateway for sending messages. If no URL is required by the SMS gateway, provide an empty string like """)] +/// Meta data attributes initialization  +[SMSGatewayMetadataAttribute ( AccountIdRequired=false, Description = "Clickatell SMS Gateway",Name="Clickatell",PasswordRequired=true, UserIdRequired=true,UrlRequired=true,ProxyDomainRequired=false,ProxyHostNameRequired=false,      ProxyPasswordRequired=false,ProxyPortRequired=false, ProxyUsernameRequired=false,URL="http://api.clickatell.com/http/sendmsg?")]  +Class ClickatellCustomSMSGatewayBasic : ISMSGateway  +{ +... +... +... +} +} + +``` + +### Register your Custom SMS Gateway with Directory Manager + +1. On the Directory Manager server, go to: + X:\Program Files\Imanami\GroupID + 11.0\GroupIDDataService\Inetpub\GroupIDDataService\Web\SMSGateways\ + (X represents the Directory Manager installation drive). +2. Create a new folder here using the name that was specified for the **Name** SMS gateway meta data + attribute. +3. Compile and generate the DLL file for your custom SMS gateway. +4. Restart IIS services by typing the following command in the **Run** dialog box: + _iisreset_ + +If the SMS gateway is successfully registered, it will get listed in the **Gateway Type** list (on +the **Create SMS Gateway** page) for selection when creating an SMS gateway account. + +**See Also** + +- [SMS Gateway](/docs/directorymanager/11.1/signin/smsgateway/overview.md) +- [ISMSGateway Members](/docs/directorymanager/11.1/signin/smsgateway/custom/overview.md) diff --git a/docs/directorymanager/11.1/signin/smsgateway/manage.md b/docs/directorymanager/11.1/signin/smsgateway/manage.md new file mode 100644 index 0000000000..c32e30e9be --- /dev/null +++ b/docs/directorymanager/11.1/signin/smsgateway/manage.md @@ -0,0 +1,128 @@ +--- +title: "Manage SMS Gateway Accounts" +description: "Manage SMS Gateway Accounts" +sidebar_position: 10 +--- + +# Manage SMS Gateway Accounts + +You can create one or more SMS gateway accounts in Directory Manager and link an account with an +identity store. You can also set an account as the default account, so that it is automatically +linked to an identity store created thereafter. + +Directory Manager supports several SMS gateway providers. You can also use the Custom Gateway API to +integrate with an unsupported provider. + +What do you want to do? + +- Create an SMS Gateway Account +- Modify an SMS Gateway Account +- Set an SMS Gateway Account as Default +- Test SMS Gateway Account Connection +- Link an SMS Gateway Account to an Identity Store +- Delete an SMS Gateway Account + +## Create an SMS Gateway Account + +1. In Admin Center, click **SMS Gateway** at the bottom of the left navigation pane. +2. On the **SMS Gateways** page, do either of the following: + + - Click **Setup SMS Gateway** - This button is displayed when no gateway account exists in + Directory Manager. + - Click **Create SMS Gateway** - This button is displayed when one or more gateway accounts have + been created in Directory Manager. + + The **Create SMS Gateway** page is displayed. + +3. Enter a name for the gateway account in the **Name** box. +4. In the **Gateway Type** drop-down list, select an SMS gateway provider. + The list includes the gateways that Directory Manager supports and any custom SMS gateways that + you have written. Selecting a gateway type displays the gateway URL, which is the web service + address the SMS gateway uses for sending text messages. +5. Enter an account ID for the gateway type in the **Account ID** box. +6. Enter the username and password for the account in the **User Name** and **Password** boxes. +7. To communicate with the SMS gateway through a proxy server, click **Show Proxy Options**. This + displays some additional fields for entering proxy settings. Enter the following proxy + information: + + - **Proxy User Name** - the proxy user name, if required by the proxy server. + - **Proxy Password** - the password for the user name. + - **Description** - a description of the proxy connection. + - **Proxy Domain** - the domain name or IP address of the proxy server. + - **Proxy Host Name** - the host name of the proxy server. + - **Proxy Port** - the port number the proxy uses. + +8. Test the account settings: + + 1. Click **Test Connection**. + 2. In the **Test SMS Gateway Connection** dialog box, enter a mobile phone number for receiving + a test message. Use International format, with no spaces or special characters. For example: + 18588123169, 447079692712, 923225867987. + 3. Click **OK** to send the message to the mobile number. + +9. Select the **Set as default account** check box to link this gateway account with the identity + stores created from this point forward. +10. Click **Create SMS Gateway** to create the gateway account. + +## Modify an SMS Gateway Account + +You can update the details of an SMS gateway account, such as its name and the credentials used to +connect to the gateway. + +**To modify an account:** + +1. In Admin Center, click **SMS Gateway** at the bottom of the left navigation pane. + The **SMS Gateways** page is displayed with a list of the SMS gateway accounts that you have + created. +2. To update a gateway account, click **Edit** for it in the **Actions** column. +3. On the **Edit SMS Gateway** page, update the required details. Refer to step 3 and onwards in the + Create an SMS Gateway Account topic for details. + +## Set an SMS Gateway Account as Default + +1. In Admin Center, click **SMS Gateway** at the bottom of the left navigation pane. + The **SMS Gateways** page is displayed with a list of the SMS gateway accounts that you have + created. +2. Click **Edit** for a gateway account in the **Actions** column. +3. On the **Edit SMS Gateway** page, select the **Set as default account** check box to set this + gateway account as default, which means that it will be linked with the identity stores created + hereafter. +4. Click **Save SMS Gateway**. + +## Test SMS Gateway Account Connection + +1. In Admin Center, click **SMS Gateway** at the bottom of the left navigation pane. + The **SMS Gateways** page is displayed with a list of the SMS gateway accounts that you have + created. +2. Click **Test Connection** for a gateway to test whether Directory Manager can successfully send + text messages through it. +3. In the **Test SMS Gateway Connection** dialog box, enter a mobile phone number for receiving a + test message. Use International format, with no spaces or special characters. For example: + 18588123169, 447079692712, 923225867987. +4. Click **OK** to send the message to the mobile number. + +## Link an SMS Gateway Account to an Identity Store + +See the +[Link an SMS Gateway Account to an Identity Store](/docs/directorymanager/11.1/signin/identitystore/configure/smsauthentication.md#link-an-sms-gateway-account-to-an-identity-store) +topic. + +## Delete an SMS Gateway Account + +You can delete an SMS gateway account that is not linked with any identity store. + +**To delete an account:** + +1. In Admin Center, click **SMS Gateway** at the bottom of the left navigation pane. +2. On the **SMS Gateways** page, click **Delete** for a gateway account to delete it. +3. One of the following happens: + + - If the gateway account is not linked with an identity store, a message is displayed, asking + you to confirm its deletion. Clicking **Delete** will delete the account. + - If the gateway account is linked with an identity store, Directory Manager will not allow you + to delete it. + +See Also + +- [SMS Gateway](/docs/directorymanager/11.1/signin/smsgateway/overview.md) +- [Implement and Deploy a Custom SMS Gateway](/docs/directorymanager/11.1/signin/smsgateway/implementcustom.md) diff --git a/docs/directorymanager/11.1/signin/smsgateway/overview.md b/docs/directorymanager/11.1/signin/smsgateway/overview.md new file mode 100644 index 0000000000..53fc9d31af --- /dev/null +++ b/docs/directorymanager/11.1/signin/smsgateway/overview.md @@ -0,0 +1,36 @@ +--- +title: "SMS Gateway" +description: "SMS Gateway" +sidebar_position: 140 +--- + +# SMS Gateway + +In Directory Manager, an SMS gateway account is required for: + +- SMS verification for multifactor authentication, second factor authentication, and Second Way + Authentication. Directory Manager uses an SMS gateway account to send verification codes to the + users’ mobile numbers. +- Sending new passwords and password reset links to the users’ mobile numbers by the helpdesk users, + when they reset end users’ passwords using the Helpdesk node in Admin Center. + +The SMS gateway can be any third-party service provider capable of sending text messages to mobile +phone numbers. + +Directory Manager supports these SMS gateways: + +- Bulletin.net +- Nexmo +- RedOxygen + +To use a gateway not in this list, write your own custom gateway using Directory Manager's Custom +Gateway API. + +For a gateway, you can set up as many gateway accounts as required and then link a gateway account +to an identity store. + +**See Also** + +- [Manage SMS Gateway Accounts](/docs/directorymanager/11.1/signin/smsgateway/manage.md) +- [Implement and Deploy a Custom SMS Gateway](/docs/directorymanager/11.1/signin/smsgateway/implementcustom.md) +- [Authentication Policy](/docs/directorymanager/11.1/signin/authpolicy/authpolicy.md) diff --git a/docs/directorymanager/11.1/signin/workflow/_category_.json b/docs/directorymanager/11.1/signin/workflow/_category_.json new file mode 100644 index 0000000000..43b0f78b26 --- /dev/null +++ b/docs/directorymanager/11.1/signin/workflow/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Workflows", + "position": 80, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/directorymanager/11.1/admincenter/workflow/advancedsettings.md b/docs/directorymanager/11.1/signin/workflow/advancedsettings.md similarity index 90% rename from docs/directorymanager/11.1/admincenter/workflow/advancedsettings.md rename to docs/directorymanager/11.1/signin/workflow/advancedsettings.md index c42909a020..704f862635 100644 --- a/docs/directorymanager/11.1/admincenter/workflow/advancedsettings.md +++ b/docs/directorymanager/11.1/signin/workflow/advancedsettings.md @@ -1,10 +1,16 @@ +--- +title: "Manage Advanced Workflow Settings" +description: "Manage Advanced Workflow Settings" +sidebar_position: 20 +--- + # Manage Advanced Workflow Settings You can specify advanced settings for workflow, such as set a default approver for workflow requests and define approver acceleration settings. NOTE: Functions discussed in this topic are licensed under different add-ons. See the -[ Licensing ](/docs/directorymanager/11.1/admincenter/general/licensing.md) topic. +[ Licensing ](/docs/directorymanager/11.1/signin/concepts/licensing.md) topic. ## Specify a Default Approver @@ -53,7 +59,7 @@ owners. The workflow approver acceleration feature ensures that no workflow request remains undecided. To apply setting related to approver acceleration, see the -[Workflow Approver Acceleration](/docs/directorymanager/11.1/admincenter/workflow/approveracceleration.md) topic. +[Workflow Approver Acceleration](/docs/directorymanager/11.1/signin/workflow/approveracceleration.md) topic. ## Delete Workflow Requests @@ -83,4 +89,4 @@ example, you can delete the ‘denied’ requests that are old by 30 days or mor ## Integrate with Microsoft Power Automate You can also link your Power Automate flows to Directory Manager workflows. For details, see the -[Integrate with Power Automate](/docs/directorymanager/11.1/admincenter/workflow/integrate.md) topic. +[Integrate with Power Automate](/docs/directorymanager/11.1/signin/workflow/integrate.md) topic. diff --git a/docs/directorymanager/11.1/admincenter/workflow/approveracceleration.md b/docs/directorymanager/11.1/signin/workflow/approveracceleration.md similarity index 97% rename from docs/directorymanager/11.1/admincenter/workflow/approveracceleration.md rename to docs/directorymanager/11.1/signin/workflow/approveracceleration.md index 48de2b825c..22c7ca6ed7 100644 --- a/docs/directorymanager/11.1/admincenter/workflow/approveracceleration.md +++ b/docs/directorymanager/11.1/signin/workflow/approveracceleration.md @@ -1,3 +1,9 @@ +--- +title: "Workflow Approver Acceleration" +description: "Workflow Approver Acceleration" +sidebar_position: 30 +--- + # Workflow Approver Acceleration The workflow approver acceleration feature ensures that no workflow request remains undecided. It @@ -26,7 +32,7 @@ To configure approver acceleration for an identity store, you have to: A scheduled job, Workflow Acceleration, is responsible for accelerating requests to the next level, auto approve requests, and send notifications. See the -[Workflow Acceleration Schedule](/docs/directorymanager/11.1/admincenter/schedule/workflowacceleration.md) topic. +[Workflow Acceleration Schedule](/docs/directorymanager/11.1/signin/schedule/workflowacceleration.md) topic. **To apply approver acceleration:** diff --git a/docs/directorymanager/11.1/admincenter/workflow/implement.md b/docs/directorymanager/11.1/signin/workflow/implement.md similarity index 99% rename from docs/directorymanager/11.1/admincenter/workflow/implement.md rename to docs/directorymanager/11.1/signin/workflow/implement.md index 29bf0995bf..124fc4c378 100644 --- a/docs/directorymanager/11.1/admincenter/workflow/implement.md +++ b/docs/directorymanager/11.1/signin/workflow/implement.md @@ -1,3 +1,9 @@ +--- +title: "Implement Workflows" +description: "Implement Workflows" +sidebar_position: 10 +--- + # Implement Workflows To create a workflow, you have to specify the following: @@ -199,7 +205,7 @@ approver acceleration, and link it to a Power Automate flow. update the required information. 6. To link this workflow to a Power Automate flow, click **Power Automate Settings** in the top right corner; the **Power Automate Settings** dialog box is displayed. Follow step - [6](/docs/directorymanager/11.1/admincenter/workflow/integrate.md) and onwards in the + [6](/docs/directorymanager/11.1/signin/workflow/integrate.md) and onwards in the [Link an Identity Store Workflow to a Flow](integrate.md#link-an-identity-store-workflow-to-a-flow) topic to complete the task. 7. After making the required changes, click **Update Workflow** on the **Edit Workflow** page to diff --git a/docs/directorymanager/11.1/admincenter/workflow/integrate.md b/docs/directorymanager/11.1/signin/workflow/integrate.md similarity index 98% rename from docs/directorymanager/11.1/admincenter/workflow/integrate.md rename to docs/directorymanager/11.1/signin/workflow/integrate.md index 919eddb8e2..ad5ffe9c16 100644 --- a/docs/directorymanager/11.1/admincenter/workflow/integrate.md +++ b/docs/directorymanager/11.1/signin/workflow/integrate.md @@ -1,3 +1,9 @@ +--- +title: "Integrate with Power Automate" +description: "Integrate with Power Automate" +sidebar_position: 40 +--- + # Integrate with Power Automate You can link an identity store in Directory Manager to Power Automate to achieve the following: diff --git a/docs/directorymanager/11.1/signin/workflow/overview.md b/docs/directorymanager/11.1/signin/workflow/overview.md new file mode 100644 index 0000000000..120e0a26ec --- /dev/null +++ b/docs/directorymanager/11.1/signin/workflow/overview.md @@ -0,0 +1,107 @@ +--- +title: "Workflows" +description: "Workflows" +sidebar_position: 80 +--- + +# Workflows + +A workflow is a set of rules that Directory Manager uses as a built-in auditing system to ensure +that changes made to an object are approved by an authorized user before they are committed to the +directory. + +Workflows are defined for an identity store and apply to the different operations, such as group +creation and expiry. + +A workflow triggers when a certain operation, performed by a user, meets the criteria defined for +that workflow. Designated users can approve or deny workflow requests using the Directory Manager +portal. + +NOTE: Workflows require an SMTP server to be configured for the identity store. See the +[Configure an SMTP Server](/docs/directorymanager/11.1/signin/identitystore/configure/smtpserver.md) topic. + +## System Workflows + +Directory Manager provides the following predefined workflows (also called system workflows) that +trigger when their associated events occur: + +| | Workflow Name | Description | Default Approver | +| --- | ------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ---------------------------------------------------------- | +| 1. | Workflow to Reset Password | When a user resets his or her password. It does not apply when helpdesk users reset the passwords of other users. | Primary and additional managers of the user | +| 2. | Workflow to Change Group Expiration Policy | When a user changes the expiry policy of a group By default, this workflow is disabled and no approver is specified. You can edit the workflow to add an approver. | None | +| 3. | Workflow to Nest a Group | When a user adds a group (Group A) to the membership of another group (Group B) | Primary and additional owners of the added group (Group A) | +| 4. | Workflow to Join a Group | When a user joins a semi-private group | Primary and additional owners of the group | +| 5. | Workflow to Leave a Group | When a user leaves a semi-private group | Primary and additional owners of the group | +| 6. | Workflow to Transfer a User | When a user transfers his or her direct report | The new manager | +| 7. | Workflow to Terminate a User | When a manager terminates a direct report By default, this workflow is disabled and no approver is specified. You can edit the workflow to add an approver. | None | +| 8. | Workflow to Change Manager | When a user changes his or her primary or additional manager | Existing primary and additional managers of the user | + +You can also define new workflows for an identity store. + +NOTE: You cannot delete a system workflow, but you can disable it. You can also modify it to a +limited extent. + +## Synchronize Jobs and Workflows + +Workflows apply to Synchronize jobs as follows: + +- When you manually run a Synchronize job, Directory Manager evaluates whether the task it will + perform falls under the scope of a workflow. If yes, then a workflow request is triggered. The job + will run when the request is approved. + Workflows do not apply to Synchronize jobs that auto run through a Synchronize schedule. + **Example:** You have a Synchronize job that changes the job title of users in bulk. You also have + a ‘Change Title’ workflow that triggers when the job title of a user is changed. In this case, the + Synchronize job falls under the scope of the ‘Change Title’ workflow. When the job is run + manually, the workflow triggers and an approval request goes to the recipient set as the workflow + approver. If the approver approves the request, the job will run. If not, then it will not run. +- When you manually run a job collection in which some jobs fall under the scope of workflows while + others do not, workflow requests will be triggered for the respective jobs while the other jobs + will run as usual. +- When a workflow request against a Synchronize job is pending for approval, another request will be + triggered when the same user or any other user runs the same job again. +- When a Synchronize job runs to set the manager for a user who does not already have a manager, the + following happens: + + - The _Workflow to Change Manager_ will trigger if a default approver is set in advanced + workflow settings. + - If the default approver is not set, the workflow will not trigger and the user's manager will + be set without requiring any approval. + +- When a Synchronize job updates multiple attributes for an object type and different workflows have + been defined for the various attributes that it updates, then a separate request is triggered for + each of the applicable workflows and sent to the respective approvers. Even when one of these + requests is approved, the job runs, irrespective of whether another approver denies it. + **Example:** A Synchronize job falls under the scope of three workflows. Hence, three requests are + generated and sent to three different recipients for approval. If an approver approves it, another + denies it, and the third does not take any action, the job will run and update all target + attributes. +- Filters in workflows do not apply to Synchronize jobs. + +## How are Workflow Requests Handled + +When a workflow is triggered, an approval request is generated and sent to the designated +approver(s), informing them of the actions that a user wants to perform in an identity store. The +approver can view these requests in the Directory Manager portal. + +- If the approver is satisfied with the requested actions, he or she can approve the request and the + changes are committed to the directory. +- If the approver deems the actions inappropriate, he or she can deny the request and provide a + reason for denial. + +In any case, the requester and other approvers (in case of multiple approvers) are notified of the +outcome. + +## Workflow Approval Scenarios + +The following scenarios are valid when workflow approver acceleration settings are not applied. + +- When the object specified as an approver for a workflow is not available (such as if it is + disabled or not specified), workflow requests are sent to the default approver. If the default + approver is disabled or not specified either, the requests are auto approved. See the + [Specify a Default Approver](advancedsettings.md#specify-a-default-approver) topic. +- If the requester is also the approver for that workflow, the request is auto approved. + +## Integration with Microsoft Power Automate + +To automate your everyday tasks, you can also link your Directory Manager workflows to Power +Automate flows. diff --git a/docs/directorymanager/11.1/ssprportal/_category_.json b/docs/directorymanager/11.1/ssprportal/_category_.json new file mode 100644 index 0000000000..c0a6cb5248 --- /dev/null +++ b/docs/directorymanager/11.1/ssprportal/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Welcome to the SSPR Portal", + "position": 60, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/directorymanager/11.1/ssprportal/functions.md b/docs/directorymanager/11.1/ssprportal/functions.md index 1511250020..09eda65adc 100644 --- a/docs/directorymanager/11.1/ssprportal/functions.md +++ b/docs/directorymanager/11.1/ssprportal/functions.md @@ -1,3 +1,9 @@ +--- +title: "Manage your Identity Store Accounts" +description: "Manage your Identity Store Accounts" +sidebar_position: 20 +--- + # Manage your Identity Store Accounts When you launch the SSPR portal, the Welcome to GroupID page lists the following functions: @@ -33,24 +39,24 @@ in. The Your Enrollments page opens, where you can enroll the identity store account you used to sign into the portal. Tabs on this page represent the different authentication types the administrator -has enabled for enrollment. See the [Enroll your identity store account](/docs/directorymanager/11.1/admincenter/enroll.md) +has enabled for enrollment. See the [Enroll your identity store account](/docs/directorymanager/11.1/signin/concepts/enroll.md) topic for enrollment details, starting at step 3. ## Unlock your Account Click the **Unlock** tile to unlock your account. See the -[Unlock your accounts](/docs/directorymanager/11.1/portal/user/manage/unlockaccount.md) topic for additional information. +[Unlock your accounts](/docs/directorymanager/11.1/welcome/user/manage/unlockaccount.md) topic for additional information. ## Reset your Account Password Click the **Reset Password** tile to reset your identity store account password. See the -[Reset Passwords](/docs/directorymanager/11.1/portal/user/authentication/passwordreset.md) topic for additional information. +[Reset Passwords](/docs/directorymanager/11.1/welcome/secondfactorauthentication/passwordreset.md) topic for additional information. ## Change your Account Password You can change the password of any of your identity store accounts. Click the **Change Password** tile. Then sign into the portal, if not signed in. See -the[ Change your password](/docs/directorymanager/11.1/portal/user/manage/changepassword.md) topic for additional +the[ Change your password](/docs/directorymanager/11.1/welcome/user/manage/changepassword.md) topic for additional information. ## Link your Identity Store Accounts @@ -63,4 +69,4 @@ Active Directory and another in Microsoft Entra ID. This has multiple benefits, - A user can then unlock or reset the password of any linked account through the master account. After signing into the portal, click the **Linked Accounts** tile. See the -[Linked Accounts](/docs/directorymanager/11.1/portal/user/linkedaccounts.md) topic for additional information. +[Linked Accounts](/docs/directorymanager/11.1/welcome/user/linkedaccounts.md) topic for additional information. diff --git a/docs/directorymanager/11.1/ssprportal/navigation.md b/docs/directorymanager/11.1/ssprportal/navigation.md index 2ecc9e1e9f..e68c93c4eb 100644 --- a/docs/directorymanager/11.1/ssprportal/navigation.md +++ b/docs/directorymanager/11.1/ssprportal/navigation.md @@ -1,3 +1,9 @@ +--- +title: "Navigation" +description: "Navigation" +sidebar_position: 10 +--- + # Navigation On signing into SSPR portal, you land on the main portal page, that displays all the functions the @@ -10,7 +16,7 @@ The top right corner of the application displays the following: | Icon | Description | | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | Help icon | Click it to launch the help pages for the SSPR portal. | -| Profile icon | Displays your profile picture with your name and the identity store the portal is connected to. Click it to launch a menu that displays the Directory Manager version and the security role assigned to you in Directory Manager. The menu also displays the following options: - My Applcations – Opens the GroupID Applications page, that displays the Directory Manager clients that you have access to. See the [Access your Applications](/docs/directorymanager/11.1/admincenter/general/accessapplications.md) topic for additional information. - Enroll your account – The Your Enrollments page opens, where you can enroll the identity store account you used to sign into the portal. Tabs on this page represent the different authentication types the administrator has enabled for enrollment. See the [Enroll your identity store account](/docs/directorymanager/11.1/admincenter/enroll.md) topic for enrollment details, starting at step 3. - Change password – Enables you to change your identity store account password. See the[ Change your password](/docs/directorymanager/11.1/portal/user/manage/changepassword.md) topic for additional information. - Switch Account – Enables you to switch the account so as to access the portal with a different account. See the [Switch Accounts](/docs/directorymanager/11.1/admincenter/general/switchaccount.md) topic for additional information. - Sign Out – Click it to sign out of the SSPR portal. | +| Profile icon | Displays your profile picture with your name and the identity store the portal is connected to. Click it to launch a menu that displays the Directory Manager version and the security role assigned to you in Directory Manager. The menu also displays the following options: - My Applcations – Opens the GroupID Applications page, that displays the Directory Manager clients that you have access to. See the [Access your Applications](/docs/directorymanager/11.1/signin/concepts/accessapplications.md) topic for additional information. - Enroll your account – The Your Enrollments page opens, where you can enroll the identity store account you used to sign into the portal. Tabs on this page represent the different authentication types the administrator has enabled for enrollment. See the [Enroll your identity store account](/docs/directorymanager/11.1/signin/concepts/enroll.md) topic for enrollment details, starting at step 3. - Change password – Enables you to change your identity store account password. See the[ Change your password](/docs/directorymanager/11.1/welcome/user/manage/changepassword.md) topic for additional information. - Switch Account – Enables you to switch the account so as to access the portal with a different account. See the [Switch Accounts](/docs/directorymanager/11.1/signin/concepts/switchaccount.md) topic for additional information. - Sign Out – Click it to sign out of the SSPR portal. | ## Portal Functions diff --git a/docs/directorymanager/11.1/ssprportal/overview.md b/docs/directorymanager/11.1/ssprportal/overview.md index 0a35e46da3..3af52ca8f1 100644 --- a/docs/directorymanager/11.1/ssprportal/overview.md +++ b/docs/directorymanager/11.1/ssprportal/overview.md @@ -1,3 +1,9 @@ +--- +title: "Welcome to the SSPR Portal" +description: "Welcome to the SSPR Portal" +sidebar_position: 60 +--- + # Welcome to the SSPR Portal A Self-Service Password Reset portal (SSPR) is a type of Directory Manager portal that only @@ -13,8 +19,8 @@ Using the portal, users can: - Unlock their identity store (directory) accounts - Link their accounts in different identity stores -See the [Compatibility](/docs/directorymanager/11.1/gettingstarted.md#compatibility) and -[Localization](/docs/directorymanager/11.1/gettingstarted.md#localization) topics for information on the devices, browsers, +See the [Compatibility](/docs/directorymanager/11.1/introduction/gettingstarted.md#compatibility) and +[Localization](/docs/directorymanager/11.1/introduction/gettingstarted.md#localization) topics for information on the devices, browsers, and languages that Directory Manager supports. ## Launch the Portal @@ -31,10 +37,10 @@ You can either click a function and then sign in to perform that function or fir select a function. - Click a link to perform the specific function. Since you are not signed in, you will be redirected - to the GroupID Authenticate page. See the [Log in](/docs/directorymanager/11.1/portal/login.md#log-in) topic for signing + to the GroupID Authenticate page. See the [Log in](/docs/directorymanager/11.1/welcome/login.md#log-in) topic for signing into the portal. Then you can proceed to perform the specific function. See the [Manage your Identity Store Accounts](/docs/directorymanager/11.1/ssprportal/functions.md) topic for a discussion of these functions. - To sign in before accessing any function, click the Login link in the top right corner. You will - be redirected to the GroupID Authenticate page. See the [Log in](/docs/directorymanager/11.1/portal/login.md#log-in) topic + be redirected to the GroupID Authenticate page. See the [Log in](/docs/directorymanager/11.1/welcome/login.md#log-in) topic for signing into the portal. On signing in, the main portal page is displayed. See the [Navigation](/docs/directorymanager/11.1/ssprportal/navigation.md) topic for additional information. diff --git a/docs/directorymanager/11.1/welcome/_category_.json b/docs/directorymanager/11.1/welcome/_category_.json new file mode 100644 index 0000000000..4e56755fb6 --- /dev/null +++ b/docs/directorymanager/11.1/welcome/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Welcome to the Portal", + "position": 50, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "welcome" + } +} \ No newline at end of file diff --git a/docs/directorymanager/11.1/api/commonerrors.md b/docs/directorymanager/11.1/welcome/commonerrors.md similarity index 91% rename from docs/directorymanager/11.1/api/commonerrors.md rename to docs/directorymanager/11.1/welcome/commonerrors.md index 78a09cea9a..4966bddf00 100644 --- a/docs/directorymanager/11.1/api/commonerrors.md +++ b/docs/directorymanager/11.1/welcome/commonerrors.md @@ -1,3 +1,9 @@ +--- +title: "Common Errors" +description: "Common Errors" +sidebar_position: 100 +--- + # Common Errors This section lists the errors common to all APIs. diff --git a/docs/directorymanager/11.1/welcome/contactapis/_category_.json b/docs/directorymanager/11.1/welcome/contactapis/_category_.json new file mode 100644 index 0000000000..3eb3a10468 --- /dev/null +++ b/docs/directorymanager/11.1/welcome/contactapis/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Contact APIs", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "contactapis" + } +} \ No newline at end of file diff --git a/docs/directorymanager/11.1/welcome/contactapis/contactapis.md b/docs/directorymanager/11.1/welcome/contactapis/contactapis.md new file mode 100644 index 0000000000..193e679830 --- /dev/null +++ b/docs/directorymanager/11.1/welcome/contactapis/contactapis.md @@ -0,0 +1,18 @@ +--- +title: "Contact APIs" +description: "Contact APIs" +sidebar_position: 10 +--- + +# Contact APIs + +Directory Manager provides the following APIs to perform contact-specific functions: + +- [Create a Contact](/docs/directorymanager/11.1/welcome/contactapis/createcontact.md) +- [Delete a Contact](/docs/directorymanager/11.1/welcome/contactapis/deletecontact.md) +- [Delete Contacts](/docs/directorymanager/11.1/welcome/contactapis/deletecontacts.md) +- [Get a Contact](/docs/directorymanager/11.1/welcome/contactapis/getcontact.md) +- [Get Contacts](/docs/directorymanager/11.1/welcome/contactapis/getcontacts.md) +- [Update a Contact](/docs/directorymanager/11.1/welcome/contactapis/updatecontact.md) + +NOTE: The contact object type is not supported in a Microsoft Entra ID based identity store. diff --git a/docs/directorymanager/11.1/api/contact/createcontact.md b/docs/directorymanager/11.1/welcome/contactapis/createcontact.md similarity index 94% rename from docs/directorymanager/11.1/api/contact/createcontact.md rename to docs/directorymanager/11.1/welcome/contactapis/createcontact.md index 5181858680..40209c9a24 100644 --- a/docs/directorymanager/11.1/api/contact/createcontact.md +++ b/docs/directorymanager/11.1/welcome/contactapis/createcontact.md @@ -1,3 +1,9 @@ +--- +title: "Create a Contact" +description: "Create a Contact" +sidebar_position: 10 +--- + # Create a Contact Using this API you can create a contact in the specified identity store. diff --git a/docs/directorymanager/11.1/api/contact/deletecontact.md b/docs/directorymanager/11.1/welcome/contactapis/deletecontact.md similarity index 88% rename from docs/directorymanager/11.1/api/contact/deletecontact.md rename to docs/directorymanager/11.1/welcome/contactapis/deletecontact.md index b3b088a3a8..9717196c5e 100644 --- a/docs/directorymanager/11.1/api/contact/deletecontact.md +++ b/docs/directorymanager/11.1/welcome/contactapis/deletecontact.md @@ -1,3 +1,9 @@ +--- +title: "Delete a Contact" +description: "Delete a Contact" +sidebar_position: 20 +--- + # Delete a Contact Using this API you can delete a specified contact from the specified identity store. diff --git a/docs/directorymanager/11.1/api/contact/deletecontacts.md b/docs/directorymanager/11.1/welcome/contactapis/deletecontacts.md similarity index 95% rename from docs/directorymanager/11.1/api/contact/deletecontacts.md rename to docs/directorymanager/11.1/welcome/contactapis/deletecontacts.md index ae61c7ea54..ce116188c8 100644 --- a/docs/directorymanager/11.1/api/contact/deletecontacts.md +++ b/docs/directorymanager/11.1/welcome/contactapis/deletecontacts.md @@ -1,3 +1,9 @@ +--- +title: "Delete Contacts" +description: "Delete Contacts" +sidebar_position: 30 +--- + # Delete Contacts This API is for deleting multiple contacts from a specified identity store. diff --git a/docs/directorymanager/11.1/api/contact/getcontact.md b/docs/directorymanager/11.1/welcome/contactapis/getcontact.md similarity index 98% rename from docs/directorymanager/11.1/api/contact/getcontact.md rename to docs/directorymanager/11.1/welcome/contactapis/getcontact.md index b3d9c2f47e..ac06385b21 100644 --- a/docs/directorymanager/11.1/api/contact/getcontact.md +++ b/docs/directorymanager/11.1/welcome/contactapis/getcontact.md @@ -1,3 +1,9 @@ +--- +title: "Get a Contact" +description: "Get a Contact" +sidebar_position: 40 +--- + # Get a Contact Use this API to retrieve information about a contact in a specified identity store. diff --git a/docs/directorymanager/11.1/api/contact/getcontacts.md b/docs/directorymanager/11.1/welcome/contactapis/getcontacts.md similarity index 99% rename from docs/directorymanager/11.1/api/contact/getcontacts.md rename to docs/directorymanager/11.1/welcome/contactapis/getcontacts.md index 6d8fd568b8..838643836c 100644 --- a/docs/directorymanager/11.1/api/contact/getcontacts.md +++ b/docs/directorymanager/11.1/welcome/contactapis/getcontacts.md @@ -1,3 +1,9 @@ +--- +title: "Get Contacts" +description: "Get Contacts" +sidebar_position: 50 +--- + # Get Contacts Use this API to retrieve information of multiple contacts from a specified identity store. diff --git a/docs/directorymanager/11.1/api/contact/updatecontact.md b/docs/directorymanager/11.1/welcome/contactapis/updatecontact.md similarity index 96% rename from docs/directorymanager/11.1/api/contact/updatecontact.md rename to docs/directorymanager/11.1/welcome/contactapis/updatecontact.md index 5b15fa2e09..ac50cb8e30 100644 --- a/docs/directorymanager/11.1/api/contact/updatecontact.md +++ b/docs/directorymanager/11.1/welcome/contactapis/updatecontact.md @@ -1,3 +1,9 @@ +--- +title: "Update a Contact" +description: "Update a Contact" +sidebar_position: 60 +--- + # Update a Contact Use this API if you want to update a contact's attribute(s) and their value(s) in a specified diff --git a/docs/directorymanager/11.1/welcome/dashboard.md b/docs/directorymanager/11.1/welcome/dashboard.md new file mode 100644 index 0000000000..bd994874a2 --- /dev/null +++ b/docs/directorymanager/11.1/welcome/dashboard.md @@ -0,0 +1,69 @@ +--- +title: "Dashboard" +description: "Dashboard" +sidebar_position: 20 +--- + +# Dashboard + +The interface of the portal is designed in a manner that you can quickly access the main functions +of the portal. These functions are available as links on the top and left navigation bars. + +On logging into Directory Manager portal, you land on the dashboard. + +![dashboard](/img/product_docs/directorymanager/11.1/portal/dashboard.webp) + +Use the following to navigate within the application: + +- Quick Search +- Top right options +- Menu pane +- The Dashboard + +## Quick Search + +Look on the top of the page for **Search**. This element appears on every page. Use it to locate and +display information for objects. See the [Directory Search](/docs/directorymanager/11.1/welcome/generalfeatures/search.md) topic. + +- Use Quick Search to locate an object by its name. +- Use Advanced Search to search an object using a range of attributes. + +## Top right options + +The top right corner of the application displays: + +| Icon | Description | +| --------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Background tasks icon | View the status of Smart Group update jobs. A Smart Group Update job updates the membership of a Smart Group on the basis of a query. | +| Portal Settings | Personalize the portal | +| Help icon | Launch the portal help | +| User profile icon | Displays your profile picture with your name and the identity store that Directory Manager portal is connected to. Click it to launch the menu that displays the following: - Directory Manager version you’re using - The security role assigned to you in Directory Manager. The menu also displays the following options: - See full profile. See the [Object properties - General tab](/docs/directorymanager/11.1/welcome/user/properties/activedirectory/useroverview/general.md) topic. - My Applications. See the [Access your Applications](/docs/directorymanager/11.1/signin/concepts/accessapplications.md) topic. - Enroll your identity store account. See the [Enroll your Identity Store Account](/docs/directorymanager/11.1/signin/concepts/enroll.md) topic. - Change Password. See the [Change your Password](/docs/directorymanager/11.1/signin/concepts/changepassword.md) topic. - Switch account. See the [Switch Accounts](/docs/directorymanager/11.1/signin/concepts/switchaccount.md) topic. - Sign Out | + +## Menu pane + +Look on the left side of the page for the navigation pane, which lists links to: + +- Create New (Group, User, Contact) +- The Dashboard +- Groups +- Users +- Requests +- History +- Entitlement +- Synchronize +- Reports + +## The Dashboard + +The dashboard comprises of a few cards. + +| Cards | Description | +| ------------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| My Profile | View and update your profile in the directory. | +| All Users | Displays number of active users. Clicking it takes you to the **Users** page. | +| My Expiring Groups | Directs your attention to your expiring groups and any workflow requests that you may have to approve. | +| My Groups | Takes you to a listing of groups that you own. | +| Available Servers | Displays number of available servers for computing the effective NTFS permissions granted on the shared resources residing on those server. | +| Pending Requests | Displays logged-in user's requests that have not been approved yet. | +| Account Protection | Displays logged-in user's requests that have not been approved yet. | +| My Account History | Keeps track of the actions you performed using the portal. Use the **Add Note** button next to a history item to explain the reason for performing the action. | diff --git a/docs/directorymanager/11.1/welcome/dashboard/_category_.json b/docs/directorymanager/11.1/welcome/dashboard/_category_.json new file mode 100644 index 0000000000..a35d45a352 --- /dev/null +++ b/docs/directorymanager/11.1/welcome/dashboard/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Reports", + "position": 110, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "dashboard" + } +} \ No newline at end of file diff --git a/docs/directorymanager/11.1/portal/report/computer.md b/docs/directorymanager/11.1/welcome/dashboard/computer.md similarity index 95% rename from docs/directorymanager/11.1/portal/report/computer.md rename to docs/directorymanager/11.1/welcome/dashboard/computer.md index b70982a26c..b3469a57be 100644 --- a/docs/directorymanager/11.1/portal/report/computer.md +++ b/docs/directorymanager/11.1/welcome/dashboard/computer.md @@ -1,9 +1,15 @@ +--- +title: "Computer Reports" +description: "Computer Reports" +sidebar_position: 50 +--- + # Computer Reports Computer Reports contains reports for the Computer objects in the directory. Search a specific report by typing its name in the **Search Reports** box. -Click any of the report template from the list to [Generate Reports](/docs/directorymanager/11.1/portal/report/generate.md). +Click any of the report template from the list to [Generate Reports](/docs/directorymanager/11.1/welcome/dashboard/generate.md). Following is the list of reports for this category: diff --git a/docs/directorymanager/11.1/welcome/dashboard/contact.md b/docs/directorymanager/11.1/welcome/dashboard/contact.md new file mode 100644 index 0000000000..9fe0f2f858 --- /dev/null +++ b/docs/directorymanager/11.1/welcome/dashboard/contact.md @@ -0,0 +1,19 @@ +--- +title: "Contact Reports" +description: "Contact Reports" +sidebar_position: 60 +--- + +# Contact Reports + +Contact Reports contains reports for the Contact objects in the directory. Search a specific report +by typing its name in the **Search Reports** box. + +Click any of the report template from the list to [Generate Reports](/docs/directorymanager/11.1/welcome/dashboard/generate.md). + +Following is the list of reports for this category: + +| Report | Description | +| --------------------------------------------------------------- | ----------------------------------------------- | +| Mail-enabled users and contacts with a phone number (Exchange). | Returns all recipients who have a phone number. | +| User and contacts with a phone number. | Returns all recipients who have a phone number. | diff --git a/docs/directorymanager/11.1/welcome/dashboard/dashboard.md b/docs/directorymanager/11.1/welcome/dashboard/dashboard.md new file mode 100644 index 0000000000..8396fed33e --- /dev/null +++ b/docs/directorymanager/11.1/welcome/dashboard/dashboard.md @@ -0,0 +1,73 @@ +--- +title: "Reports" +description: "Reports" +sidebar_position: 110 +--- + +# Reports + +The Directory Manager Reports enables you to generate web-based reports for an identity store. It +offers a wizard guided report generation process that accounts for quick and easy reporting. + +Directory Manager reports are organized into four categories: + +- [User Reports](/docs/directorymanager/11.1/welcome/dashboard/user.md) +- [Group Reports](/docs/directorymanager/11.1/welcome/dashboard/group.md) +- [Computer Reports](/docs/directorymanager/11.1/welcome/dashboard/computer.md) +- [Contact Reports](/docs/directorymanager/11.1/welcome/dashboard/contact.md) + +NOTE: A Microsoft Entra ID based identity store does not support the computer and contact object +types. + +You can view, edit, and delete the created reports. You can also download them in Excel and PDF +formats. + +The user interface of Reports Dashboard is as follows: + +![reportsdashboard](/img/product_docs/directorymanager/11.1/portal/report/reportsdashboard.webp) + +Different elements of the Dashboard are described below: + +- Look on the top of the page for Reports Search. Use it to locate and display information for + reports. +- In the top right corner, you will find the following icons: + + - Click the **Help** icon to launch the portal help. + - Your name also appears as an icon. On clicking it, you are presented with the following + options: + + - Connected identity store. + - Directory Manager version + - See full profile. + - My Applications + + Displays Directory Manager and third party applications that the user is connected to. + Click **Add Apps** to add new applications. + + - Enroll your account. + - Change Password. + - Switch account + - Sign Out of the portal. + +- The **Dashboard** displays general information about the Reports portal such as: + + - Name of the identity store the Reports portal is connected to. + - Name of the domain. + - Number of each type directory objects in the directory. + +- In the **Pinned Reports** section, you can pin the reports you most frequently will use. + + You can unpin the pinned reports from the dashboard by clicking the unpin icon on the top right + corner of the card. + +- In the **Recent Reports** section, you can view the most recent reports you have created or used. + + You can pin the recent reports by clicking pin icon on the top right corner of the card. + +- Look on the left side of the page for the navigation pane, which lists links to the following: + + - Dashboard + - [User Reports](/docs/directorymanager/11.1/welcome/dashboard/user.md) + - [Group Reports](/docs/directorymanager/11.1/welcome/dashboard/group.md) + - [Computer Reports](/docs/directorymanager/11.1/welcome/dashboard/computer.md) + - [Contact Reports](/docs/directorymanager/11.1/welcome/dashboard/contact.md) diff --git a/docs/directorymanager/11.1/portal/report/generate.md b/docs/directorymanager/11.1/welcome/dashboard/generate.md similarity index 95% rename from docs/directorymanager/11.1/portal/report/generate.md rename to docs/directorymanager/11.1/welcome/dashboard/generate.md index 7b997f82b4..857a5d965b 100644 --- a/docs/directorymanager/11.1/portal/report/generate.md +++ b/docs/directorymanager/11.1/welcome/dashboard/generate.md @@ -1,3 +1,9 @@ +--- +title: "Generate Reports" +description: "Generate Reports" +sidebar_position: 10 +--- + # Generate Reports Generating reports in Directory Manager portal is a two step process that makes the reporting @@ -74,4 +80,4 @@ is joined to a domain, techwr5.local, reports would display data for techwr5.loc ## Scheduled Report job You can create a **Scheduled Report job** on Directory Manager Admin Center. See -[Reports Schedule](/docs/directorymanager/11.1/admincenter/schedule/reports.md) +[Reports Schedule](/docs/directorymanager/11.1/signin/schedule/reports.md) diff --git a/docs/directorymanager/11.1/welcome/dashboard/group.md b/docs/directorymanager/11.1/welcome/dashboard/group.md new file mode 100644 index 0000000000..c971faf9fc --- /dev/null +++ b/docs/directorymanager/11.1/welcome/dashboard/group.md @@ -0,0 +1,88 @@ +--- +title: "Group Reports" +description: "Group Reports" +sidebar_position: 40 +--- + +# Group Reports + +Directory Manager Reports contains reports for the Group objects in the directory. Search a specific +report by typing its name in the **Search Reports** box. + +Click any of the report template from the list to [Generate Reports](/docs/directorymanager/11.1/welcome/dashboard/generate.md). + +Following is the list of reports for this category: + +| Reports | Description | +| ------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| All distribution groups in domain | Provides a list of distribution groups in the domain. | +| All domain local distribution groups in domain | Provides a list of distribution groups with Domain Local scope in the domain. | +| All domain local groups in domain | Provides a list of groups with Domain Local scope in the domain. | +| All domain local security groups in domain | Provides a list of security groups with Domain Local scope in the domain. | +| All global distribution groups in domain | Provides a list of distribution groups with Global scope in the domain. | +| All global groups in domain | Provides a list of groups with Global scope in the domain. | +| All global security groups in domain | Provides a list of security groups with Global scope in the domain. | +| All groups in domain | Provides a list of groups in the domain. | +| All groups with report to originator set to False | Provides a list of groups with the ‘Send delivery reports to message originator’ option not selected. The message sender does not receive a delivery report on sending a message/email. | +| All groups with report to originator set to True | Provides a list of groups with the ‘Send delivery reports to message originator’ option selected. The message sender receives a delivery report on sending a message/email. | +| All groups with report to owner set to False | Provides a list of groups with the ‘Send delivery reports to group manager’ option not selected. The manager does not receive delivery reports for the group. | +| All groups with report to owner set to True | Provides a list of groups with the ‘Send delivery reports to group manager’ option selected. The manager receives delivery reports for the group. | +| All security groups in domain | Provides a list of security groups in the domain. | +| All universal distribution groups in domain | Provides a list of distribution groups with Universal scope in the domain. | +| All universal groups in domain | Provides a list of groups with Universal scope in the domain. | +| All universal security groups in domain | Provides a list of security groups with Universal scope in the domain. | +| All unmanaged groups in domain | Provides a list of unmanaged (static) groups in the domain. Any change in the membership of an unmanaged group is made manually. | +| Deleted groups | Provides a list of logically deleted groups. Logically deleted groups are those expired groups that are not renewed within the time interval set in the identity store configurations. | +| Distribution Lists managed by GroupID | Provides a list of the distribution lists that are managed by Directory Manager. | +| Distribution lists with no delivery restrictions (Exchange) | Provides a list of groups that can receive email from everyone. | +| Dynasty with Script | Provides a list of Dynasties that have a script provided on the Smart Script tab of the Query Designer window. | +| Expired groups | Provides a list of groups that are either expired by the Group Life Cycle job according to their associated expiry policy or are manually expired by users. | +| Expiring groups | Provides a list of groups that are approaching their expiry date. | +| Groups and members | Provides a list of members for each group in the domain. | +| Groups and Members with Membership Type | Provides a list of groups with members along with their membership type. | +| Groups and number of members | Provides a count of total members per group. | +| Groups and number of members with nesting | Provides the grand total number of members of all groups in the selected container of the domain. | +| Groups and owners | Provides a list of owners and the groups they own. | +| Groups and their last modified time | Provides the date and time of the last change made to a group, such as change in membership. | +| Groups changed in X days | Provides a list of groups that are changed in one day, seven days or one month. | +| Groups created in X days | Provides a list of groups created in the last one day, seven days or one month. | +| Groups hidden from address list | Provides a list of groups that do not appear in global address list (GAL) and other address lists that are defined in the Exchange organization. | +| Groups that have no members | Provides a list of groups without members. | +| Groups which do not require authentication to send to (Exchange) | Provides a list of groups that can receive messages from anonymous users. This allows external senders to send messages to distribution groups. | +| Groups which require authentication to send to (Exchange) | Provides a list of groups that cannot receive messages from anonymous users. This prevents external senders from sending messages to distribution groups. | +| Groups with expiration policy defined | Provides a list of groups with an expiration policy defined. | +| Groups with membership hidden | Sometimes, to protect the privacy of the recipients, it is necessary to hide the members of a mail-enabled group. This report provides a list of such mail-enabled groups. | +| Groups with membership not hidden | Provides a list of mail-enabled groups with membership not hidden. | +| Groups with message delivery restrictions | Provides a list of groups with message delivery restrictions options specified. | +| Groups with message size restrictions | Provides a list of groups with restriction on the maximum message size. | +| Groups with no owner | Provides a list of groups that do not have an owner. | +| Groups with security types | Provides a list of the groups with security types. Directory Manager supports three security types: Public, Private, and Semi-Private. | +| Groups without additional owners | Provides a list of groups that do not have any Directory Manager or Microsoft Exchange additional owner. | +| Groups without expiration policy defined | Provides a list of groups without an expiration policy defined. | +| Groups without message delivery restriction | Provides a list of groups with no message delivery restrictions. Members of such groups can send messages to users in your Exchange organization and can accept or reject messages sent by any user. | +| Groups without message size restrictions | Provides a list of groups that have no message size restriction on an entire message as a whole, or the size of individual parts of a message, or both. | +| Mail-enabled groups and members (Exchange) | Provides a list of mail-enabled groups and members. | +| Mail-enabled groups and number of members (Exchange) | Provides a list of mail-enabled groups and the count of members they have. | +| Mail-enabled groups and number of members with nesting (Exchange) | Provides the grand total number of members of all mail-enabled groups in the selected container of the domain. | +| Mail-enabled groups and owners (Exchange) | Provides a list of all mail-enabled groups and their owners. | +| Mail-enabled groups and the time they were last used (Exchange) | Provides a list of groups with a time stamp of the last time mail was sent to the group. The Group Usage Service job is required for this report. | +| Mail-enabled groups and their last modified time (Exchange) | Provides a list of all mail-enabled groups and the date and time when they were last modified. | +| Mail-enabled groups with no members (Exchange) | Provides a list of all mail-enabled groups having no members. | +| Mail-enabled groups with no owner (Exchange) | Provides a list of mail-enabled groups having no owner. | +| Mail enabled Security Groups (Exchange) | Provides a list of mail-enabled groups in the domain. | +| Owners and objects they own Listed in [User Reports](/docs/directorymanager/11.1/welcome/dashboard/user.md) category as well. | Provides a list of managers and their direct reports. | +| Security Groups managed by GroupID | Provides a list of the security groups that are managed by Directory Manager. | +| Smart Groups/Dynasties with their update status | Provides a list of Smart Groups and Dynasties with their update status information. | +| Smart Groups and Included members | Provides a list of Smart Group members that are mentioned in the Include list on the Include/Exclude tab of the Query Designer window. | +| Smart Groups and number of expected members | Provides a count of the expected members for the Smart Groups in the selected container or domain. | +| Smart Groups and their expected membership | Provides information of expected members for the Smart Groups in the selected container or domain. | +| Smart Groups in current domain | Provides a list of Smart Groups in the domain. | +| Smart Groups with Exclude members | Provides a list of Smart Group members that are mentioned in the Exclude list on the Include/Exclude tab of the Query Designer window. | + +**See Also:** + +- [Generate Reports](/docs/directorymanager/11.1/welcome/dashboard/generate.md) +- [Manage Reports](/docs/directorymanager/11.1/welcome/dashboard/manage.md) +- [User Reports](/docs/directorymanager/11.1/welcome/dashboard/user.md) +- [Computer Reports](/docs/directorymanager/11.1/welcome/dashboard/computer.md) +- [Contact Reports](/docs/directorymanager/11.1/welcome/dashboard/contact.md) diff --git a/docs/directorymanager/11.1/welcome/dashboard/manage.md b/docs/directorymanager/11.1/welcome/dashboard/manage.md new file mode 100644 index 0000000000..ae6fb0b639 --- /dev/null +++ b/docs/directorymanager/11.1/welcome/dashboard/manage.md @@ -0,0 +1,79 @@ +--- +title: "Manage Reports" +description: "Manage Reports" +sidebar_position: 20 +--- + +# Manage Reports + +Once you generate a report, the report is listed under the template you used to create it. The +Reports listings displays the following for each report: + +- Report name +- Category +- Created On +- Modified On +- Actions + +You can run, edit, download, and delete the job from the Reports listing. + +## Run a Report + +You can run a previously generated report to view the latest data for it. + +Step 1 – In Directory Manager portal, select Reports from the left pane. + +Step 2 – On Reports Portal, select the type of object (User, Group, Computer, or Contact) whose +report you generated and click on the template that you used. + +The template page will list the generated report. + +Step 3 – Click the **Run arrow** icon next to the report. It will run the report and display it on +the page. + +## Edit a Report + +When you generate a report, Directory Manager portal saves the settings provided in the respective +report. You can launch this wizard again for a report and edit the settings. + +Step 1 – In Directory Manager portal, select **Reports** from the left pane. + +Step 2 – On Reports Portal, select the type of object (User, Group, Computer, or Contact) whose +report you generated and click on the template that you used. + +The template page will list the generated report. + +Step 3 – Click the **Edit** icon next to the report and follow +[In Step 1 of generating a report:](/docs/directorymanager/11.1/welcome/dashboard/generate.md). Make the relevant changes and click Finish to +generate the report. + +## Download a Report + +You can also download a report directly from the Report listing page. + +Step 1 – In Directory Manager portal, select **Reports** from the left pane. + +Step 2 – On Reports Portal, select the type of object (User, Group, Computer, or Contact) whose +report you generated and click on the template that you used. + +The template page will list generated report. + +Step 3 – Click the **Download** icon next to the report and select one of the following format to +download the report: + +1. Excel +2. PDF +3. HTML + +## Delete a Report + +When you delete a report, all its settings are removed. + +Step 1 – In Directory Manager portal, select **Reports** from the left pane. + +Step 2 – On Reports Portal, select the type of object (User, Group, Computer, or Contact) whose +report you generated and click on the template that you used. + +The template page will list the generated report. + +Step 3 – Click the **Delete** button next to the report. It will permanently delete the report. diff --git a/docs/directorymanager/11.1/welcome/dashboard/user.md b/docs/directorymanager/11.1/welcome/dashboard/user.md new file mode 100644 index 0000000000..7b9190905c --- /dev/null +++ b/docs/directorymanager/11.1/welcome/dashboard/user.md @@ -0,0 +1,74 @@ +--- +title: "User Reports" +description: "User Reports" +sidebar_position: 30 +--- + +# User Reports + +User Reports contains reports for the User objects in the directory. Search a specific report by +typing its name in the **Search Reports** box. + +Click any of the report template from the list to [Generate Reports](/docs/directorymanager/11.1/welcome/dashboard/generate.md). + +Following is the list of reports for this category: + +| Report | Description | +| ------------------------------------------------------------------------------------------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Direct Reports of X Manager | Provides a list of the direct reports of the specific manager. | +| Disabled Users | Provides a list of accounts with no authentication access to mail or computers in an organization. | +| Enabled Users | Provides a list of enabled users in the selected container. | +| Inactive Users | Provides a list of inactive users in the selected container. | +| Mailbox users hidden from exchange address lists (Exchange) | Provides a list of all the mailboxes that are currently hidden from the Exchange global address list (GAL) or other address lists. | +| Mailbox users with default message receiving size restriction (Exchange) | Provides a list of mailbox users with default message size for receiving messages. | +| Mailbox users with default message sending size restriction (Exchange) | Provides a list of mailbox users with default message size for sending messages. | +| Mailbox users with Default recipient limit (Exchange) | Provides a list of mailbox users with default recipients limits. | +| Mailbox users with default storage limit (Exchange) | Provides a list of mailbox users with default mailbox size for Microsoft Exchange. | +| Mailbox users with IMAP disabled (Exchange) | Provides a list of mailbox users that have IMAP mailbox protocol disabled for Microsoft Exchange Server. | +| Mailbox users with IMAP4 enabled (Exchange) | Provides a list of mailbox users that have IMAP mailbox protocol enabled for Microsoft Exchange Server. | +| Mailbox users with message receiving size restriction (Exchange) | Provides a list of mailbox users with message receiving size restriction. | +| Mailbox users with message sending size restriction (Exchange) | Provides a list of mailbox users with message sending size restriction. | +| Mailbox users with OWA disabled (Exchange) | Provides a list of mailbox users that have Outlook Web App disabled for them. | +| Mailbox users with OWA enabled (Exchange) | Provides a list of mailbox users that have Outlook Web App enabled for them. | +| Mailbox users with POP3 disabled (Exchange) | Provides a list of mailbox users that have POP3 mailbox protocol disabled for Microsoft Exchange Server. | +| Mailbox users with POP3 enabled (Exchange) | Provides a list of mailbox users that have POP3 mailbox protocol enabled for Microsoft Exchange Server. | +| Mailbox users with storage limit (Exchange) | Provides a list of mailbox users with default mailbox size for Microsoft Exchange. | +| Mail-enabled Recipients and the groups they are a member of (Exchange) | Provides a list of all mail-enabled recipients and the groups that they hold membership of. | +| Mail-enabled users and contacts with a phone number (Exchange) | Provides a phone list of accounts within an organization for only mail-enabled users and contacts. | +| Mail-enabled users hosted on Exchange server X (Exchange) | Provides a list of mail enabled users that are hosted on a specific exchange sever. | +| Mail-enabled users who can receive messages from all users (Exchange) | Provide a list of mail enabled users that can receive messages from all users. | +| Mail-enabled users who can send Email to maximum X recipients (Exchange) | Provides a list of mail-enabled users who can send email to specified number of recipients per message. | +| Managers and their Direct Reports | Provides a list of managers and their direct reports. | +| Non expiring user accounts | Provides a list of users account that will never expire. | +| OUs created in X days | Provides a list of organization units (OUs) that are created in specified number of days. | +| OUs modified in X days | Provides a list of organization units (OUs) modified in specified number of days. | +| Owners and objects they own Listed in [Group Reports](/docs/directorymanager/11.1/welcome/dashboard/group.md) category as well. | Provides a list of owners and their direct reports. | +| Pending Terminate Users | Provides a list of users that have been terminated by their managers, but their termination request is pending for approval/rejection by an approver. | +| Recently expired users | Provides a list of users expired in one day, seven days or one month. | +| Recipients and the groups they are a member of | Provides a list of users and each group that they are a member of. | +| Tombstone Users | Provides a list of deleted users in the selected container. The deleted user remains in the directory for a period defined for tombstone lifetime. | +| User Life Cycle – Expired Users | Provides a list of expired users in a container. | +| User Life Cycle – Expiring Users | Provides a list of expiring users for a specific period. Expiring users are those who have been sent the final reminder because they have not validated their profiles within the profile validation life cycle period. | +| User Life Cycle – Extended Users | Provides a list of users for whom the profile validation period has been extended. | +| User Life Cycle – Terminated Users | Provides a list of terminated users in the selected container. | +| User Life Cycle – Transfer Pending Users | Provides a list of direct reports that have been transferred but the transfer has to be accepted or rejected yet. | +| User Life Cycle – Transferred Users | Provides a list of transferred users in the selected container. | +| User Life Cycle – Verified Users | Provides a list of users who have validated their directory profiles. | +| Users and contacts with a phone number Listed in [Contact Reports](/docs/directorymanager/11.1/welcome/dashboard/contact.md) category as well. | Provides a phone list of accounts within an organization. | +| Users changed in X days | Provides a list of users modified in one day, seven days or one month. | +| Users created in X days | Provides a list of users created in one day, seven days or one month. | +| Users member of Built in Security Groups | Provides a list of users that are member of default security groups, such as the Domain Admins group. | +| Users with multiple DL membership | Provides a list of users that are members of multiple distribution lists. | +| Users who are locked out | Provides a list of accounts that have been denied access to their computer. | +| Users who never logged on | Provides a list of users that have never logged on to the network. | +| Users with bad logon attempts in X days | Provides a list of users with bad logon attempts in specified time period. | +| Users with changed password | Provides a list all users accounts who changed their passwords. | +| Users with expiration set | Provides a list of user accounts set to expire after a certain number of days. | +| Users with expired password | Provides a list of user accounts with expired passwords. | +| Users with manager | Provides a list of users with a manager. | +| Users with missing contact numbers | Provides a list of users with missing contact numbers. | +| Users with password never expire | Provides a list of users whose passwords never expire. | +| Users with profile photo | Provides a list of users with profile photo. | +| Users with unchanged passwords | Provides a list all users accounts with unchanged passwords. | +| Users without manager | Provides a list of users without a manager. | +| Users without profile photo | Provides a list of users who do not have profile photo. | diff --git a/docs/directorymanager/11.1/welcome/datasourceapis/_category_.json b/docs/directorymanager/11.1/welcome/datasourceapis/_category_.json new file mode 100644 index 0000000000..fb1de005bf --- /dev/null +++ b/docs/directorymanager/11.1/welcome/datasourceapis/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Data Source APIs", + "position": 20, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "datasourceapis" + } +} \ No newline at end of file diff --git a/docs/directorymanager/11.1/welcome/datasourceapis/createds/_category_.json b/docs/directorymanager/11.1/welcome/datasourceapis/createds/_category_.json new file mode 100644 index 0000000000..4c9bdf25da --- /dev/null +++ b/docs/directorymanager/11.1/welcome/datasourceapis/createds/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Create a Data Source", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "createds" + } +} \ No newline at end of file diff --git a/docs/directorymanager/11.1/welcome/datasourceapis/createds/createds.md b/docs/directorymanager/11.1/welcome/datasourceapis/createds/createds.md new file mode 100644 index 0000000000..d5c3398d65 --- /dev/null +++ b/docs/directorymanager/11.1/welcome/datasourceapis/createds/createds.md @@ -0,0 +1,18 @@ +--- +title: "Create a Data Source" +description: "Create a Data Source" +sidebar_position: 10 +--- + +# Create a Data Source + +Using this API, you can create data sources for the supported providers. The data sources are +primarily used in Synchronize jobs, but you can also use them in queries to search for directory +objects and in queries for group membership update. + +- [Create a Data Source for a Text/CSV File](/docs/directorymanager/11.1/welcome/datasourceapis/createds/dstext.md) +- [Create a Data Source for MS Access](/docs/directorymanager/11.1/welcome/datasourceapis/createds/dsaccess.md) +- [Create a Data Source for MS Excel](/docs/directorymanager/11.1/welcome/datasourceapis/createds/dsexcel.md) +- [Create a Data Source for ODBC](/docs/directorymanager/11.1/welcome/datasourceapis/createds/dsodbc.md) +- [Create a Data Source for Oracle](/docs/directorymanager/11.1/welcome/datasourceapis/createds/dsoracle.md) +- [Create a Data Source for SQL Server](/docs/directorymanager/11.1/welcome/datasourceapis/createds/dssql.md) diff --git a/docs/directorymanager/11.1/api/datasource/dsaccess.md b/docs/directorymanager/11.1/welcome/datasourceapis/createds/dsaccess.md similarity index 86% rename from docs/directorymanager/11.1/api/datasource/dsaccess.md rename to docs/directorymanager/11.1/welcome/datasourceapis/createds/dsaccess.md index 011edf80c0..6d24ac5ef5 100644 --- a/docs/directorymanager/11.1/api/datasource/dsaccess.md +++ b/docs/directorymanager/11.1/welcome/datasourceapis/createds/dsaccess.md @@ -1,10 +1,16 @@ +--- +title: "Create a Data Source for MS Access" +description: "Create a Data Source for MS Access" +sidebar_position: 20 +--- + # Create a Data Source for MS Access Use this API to create a new data source. See the -[Create a Data Source for MS Access](/docs/directorymanager/11.1/admincenter/datasource/create.md#create-a-data-source-for-ms-access) -section of the [Create a Data Source](/docs/directorymanager/11.1/admincenter/datasource/create.md) topic to create an +[Create a Data Source for MS Access](/docs/directorymanager/11.1/signin/datasource/create.md#create-a-data-source-for-ms-access) +section of the [Create a Data Source](/docs/directorymanager/11.1/signin/datasource/create.md) topic to create an MS Access data source using Directory Manager . ## Endpoint diff --git a/docs/directorymanager/11.1/api/datasource/dsexcel.md b/docs/directorymanager/11.1/welcome/datasourceapis/createds/dsexcel.md similarity index 84% rename from docs/directorymanager/11.1/api/datasource/dsexcel.md rename to docs/directorymanager/11.1/welcome/datasourceapis/createds/dsexcel.md index 648e887060..93d896c7e9 100644 --- a/docs/directorymanager/11.1/api/datasource/dsexcel.md +++ b/docs/directorymanager/11.1/welcome/datasourceapis/createds/dsexcel.md @@ -1,10 +1,16 @@ +--- +title: "Create a Data Source for MS Excel" +description: "Create a Data Source for MS Excel" +sidebar_position: 30 +--- + # Create a Data Source for MS Excel Use this API to create a new data source. See the -[Create a Data Source for MS Excel](/docs/directorymanager/11.1/admincenter/datasource/create.md#create-a-data-source-for-ms-excel) -section of the [Create a Data Source](/docs/directorymanager/11.1/admincenter/datasource/create.md) topic for additional +[Create a Data Source for MS Excel](/docs/directorymanager/11.1/signin/datasource/create.md#create-a-data-source-for-ms-excel) +section of the [Create a Data Source](/docs/directorymanager/11.1/signin/datasource/create.md) topic for additional information on creating an Excel data source using Directory Manager. ## Endpoint diff --git a/docs/directorymanager/11.1/api/datasource/dsodbc.md b/docs/directorymanager/11.1/welcome/datasourceapis/createds/dsodbc.md similarity index 82% rename from docs/directorymanager/11.1/api/datasource/dsodbc.md rename to docs/directorymanager/11.1/welcome/datasourceapis/createds/dsodbc.md index 4d62c6cfa3..08b77a6c6f 100644 --- a/docs/directorymanager/11.1/api/datasource/dsodbc.md +++ b/docs/directorymanager/11.1/welcome/datasourceapis/createds/dsodbc.md @@ -1,10 +1,16 @@ +--- +title: "Create a Data Source for ODBC" +description: "Create a Data Source for ODBC" +sidebar_position: 40 +--- + # Create a Data Source for ODBC Use this APi to create a new data source. See the -[Create a Data Source for ODBC](/docs/directorymanager/11.1/admincenter/datasource/create.md#create-a-data-source-for-odbc) -section of the [Create a Data Source](/docs/directorymanager/11.1/admincenter/datasource/create.md) topic to create an +[Create a Data Source for ODBC](/docs/directorymanager/11.1/signin/datasource/create.md#create-a-data-source-for-odbc) +section of the [Create a Data Source](/docs/directorymanager/11.1/signin/datasource/create.md) topic to create an ODBC data source using Directory Manager. ## Endpoint diff --git a/docs/directorymanager/11.1/api/datasource/dsoracle.md b/docs/directorymanager/11.1/welcome/datasourceapis/createds/dsoracle.md similarity index 85% rename from docs/directorymanager/11.1/api/datasource/dsoracle.md rename to docs/directorymanager/11.1/welcome/datasourceapis/createds/dsoracle.md index 0f94f36746..4889324388 100644 --- a/docs/directorymanager/11.1/api/datasource/dsoracle.md +++ b/docs/directorymanager/11.1/welcome/datasourceapis/createds/dsoracle.md @@ -1,10 +1,16 @@ +--- +title: "Create a Data Source for Oracle" +description: "Create a Data Source for Oracle" +sidebar_position: 50 +--- + # Create a Data Source for Oracle Use this API to create a new data source. See the -[Create a Data Source for Oracle](/docs/directorymanager/11.1/admincenter/datasource/create.md#create-a-data-source-for-oracle) -section of the [Create a Data Source](/docs/directorymanager/11.1/admincenter/datasource/create.md) topic to create an +[Create a Data Source for Oracle](/docs/directorymanager/11.1/signin/datasource/create.md#create-a-data-source-for-oracle) +section of the [Create a Data Source](/docs/directorymanager/11.1/signin/datasource/create.md) topic to create an MS Access data source using Directory Manager. ## Endpoint diff --git a/docs/directorymanager/11.1/api/datasource/dssql.md b/docs/directorymanager/11.1/welcome/datasourceapis/createds/dssql.md similarity index 84% rename from docs/directorymanager/11.1/api/datasource/dssql.md rename to docs/directorymanager/11.1/welcome/datasourceapis/createds/dssql.md index 8bfcbac890..b886213d58 100644 --- a/docs/directorymanager/11.1/api/datasource/dssql.md +++ b/docs/directorymanager/11.1/welcome/datasourceapis/createds/dssql.md @@ -1,10 +1,16 @@ +--- +title: "Create a Data Source for SQL Server" +description: "Create a Data Source for SQL Server" +sidebar_position: 60 +--- + # Create a Data Source for SQL Server Use this API to create a new data source. See the -[Create a Data Source for SQL Server](/docs/directorymanager/11.1/admincenter/datasource/create.md#create-a-data-source-for-sql-server) -section of the [Create a Data Source](/docs/directorymanager/11.1/admincenter/datasource/create.md) topic for creating an +[Create a Data Source for SQL Server](/docs/directorymanager/11.1/signin/datasource/create.md#create-a-data-source-for-sql-server) +section of the [Create a Data Source](/docs/directorymanager/11.1/signin/datasource/create.md) topic for creating an SQL data source using Directory Manager. ## Endpoint diff --git a/docs/directorymanager/11.1/api/datasource/dstext.md b/docs/directorymanager/11.1/welcome/datasourceapis/createds/dstext.md similarity index 86% rename from docs/directorymanager/11.1/api/datasource/dstext.md rename to docs/directorymanager/11.1/welcome/datasourceapis/createds/dstext.md index 330d424e9c..672b65d3c0 100644 --- a/docs/directorymanager/11.1/api/datasource/dstext.md +++ b/docs/directorymanager/11.1/welcome/datasourceapis/createds/dstext.md @@ -1,10 +1,16 @@ +--- +title: "Create a Data Source for a Text/CSV File" +description: "Create a Data Source for a Text/CSV File" +sidebar_position: 10 +--- + # Create a Data Source for a Text/CSV File Use this API to create a new data source. See the -[Create a Data Source for a Text/CSV File](/docs/directorymanager/11.1/admincenter/datasource/create.md#create-a-data-source-for-a-textcsv-file) -section of the [Create a Data Source](/docs/directorymanager/11.1/admincenter/datasource/create.md) topic to create a +[Create a Data Source for a Text/CSV File](/docs/directorymanager/11.1/signin/datasource/create.md#create-a-data-source-for-a-textcsv-file) +section of the [Create a Data Source](/docs/directorymanager/11.1/signin/datasource/create.md) topic to create a Text/CSV data source using Directory Manager. ## Endpoint diff --git a/docs/directorymanager/11.1/welcome/datasourceapis/datasourceapis.md b/docs/directorymanager/11.1/welcome/datasourceapis/datasourceapis.md new file mode 100644 index 0000000000..a61d840c00 --- /dev/null +++ b/docs/directorymanager/11.1/welcome/datasourceapis/datasourceapis.md @@ -0,0 +1,38 @@ +--- +title: "Data Source APIs" +description: "Data Source APIs" +sidebar_position: 20 +--- + +# Data Source APIs + +Directory Manager provides the following APIs to perform functions related to data sources: + +- [Create a Data Source](/docs/directorymanager/11.1/welcome/datasourceapis/createds/createds.md) + + - [Create a Data Source for a Text/CSV File](/docs/directorymanager/11.1/welcome/datasourceapis/createds/dstext.md) + - [Create a Data Source for MS Access](/docs/directorymanager/11.1/welcome/datasourceapis/createds/dsaccess.md) + - [Create a Data Source for MS Excel](/docs/directorymanager/11.1/welcome/datasourceapis/createds/dsexcel.md) + - [Create a Data Source for ODBC](/docs/directorymanager/11.1/welcome/datasourceapis/createds/dsodbc.md) + - [Create a Data Source for Oracle](/docs/directorymanager/11.1/welcome/datasourceapis/createds/dsoracle.md) + - [Create a Data Source for SQL Server](/docs/directorymanager/11.1/welcome/datasourceapis/createds/dssql.md) + +- [Delete a Data Source](/docs/directorymanager/11.1/welcome/datasourceapis/deleteds.md) +- [Get a Data Source](/docs/directorymanager/11.1/welcome/datasourceapis/getds.md) +- [Get a Data Source by Type and Name](/docs/directorymanager/11.1/welcome/datasourceapis/getdstypename.md) +- [Get a Data Source by Type and with ID](/docs/directorymanager/11.1/welcome/datasourceapis/getdstypeid.md) +- [Get All Data Sources](/docs/directorymanager/11.1/welcome/datasourceapis/getallds.md) +- [Get All Data Sources by Type](/docs/directorymanager/11.1/welcome/datasourceapis/getalldstype.md) +- [Get Filenames by Type](/docs/directorymanager/11.1/welcome/datasourceapis/getfntype.md) +- [ Get Filtered Data Sources by isSource](/docs/directorymanager/11.1/welcome/datasourceapis/getfilterds.md) +- [Get Parameters of a Data Source](/docs/directorymanager/11.1/welcome/datasourceapis/getdsparameter.md) +- [Get File Server Metadata by Type ](/docs/directorymanager/11.1/welcome/datasourceapis/gefsmdtype.md) +- [ Get Metadata of Data Source by Server Type and ID ](/docs/directorymanager/11.1/welcome/datasourceapis/getmdtypest.md) +- [Get Metadata of Data Sources](/docs/directorymanager/11.1/welcome/datasourceapis/getmd.md) +- [Get Provider Options of a Data Source](/docs/directorymanager/11.1/welcome/datasourceapis/getdspo.md) +- [Parse a Connection String](/docs/directorymanager/11.1/welcome/datasourceapis/parsecs.md) +- [Update a Data Source](/docs/directorymanager/11.1/welcome/datasourceapis/updateds.md) +- [Validate Data Connectivity of a Data Source](/docs/directorymanager/11.1/welcome/datasourceapis/validatedc.md) + +See the[ Data Sources](/docs/directorymanager/11.1/signin/datasource/overview.md) topic for additional information on +data sources. diff --git a/docs/directorymanager/11.1/api/datasource/deleteds.md b/docs/directorymanager/11.1/welcome/datasourceapis/deleteds.md similarity index 87% rename from docs/directorymanager/11.1/api/datasource/deleteds.md rename to docs/directorymanager/11.1/welcome/datasourceapis/deleteds.md index 69c3faf972..b0572aa93c 100644 --- a/docs/directorymanager/11.1/api/datasource/deleteds.md +++ b/docs/directorymanager/11.1/welcome/datasourceapis/deleteds.md @@ -1,3 +1,9 @@ +--- +title: "Delete a Data Source" +description: "Delete a Data Source" +sidebar_position: 20 +--- + # Delete a Data Source This API can be used for deleting a specified data source. diff --git a/docs/directorymanager/11.1/api/datasource/gefsmdtype.md b/docs/directorymanager/11.1/welcome/datasourceapis/gefsmdtype.md similarity index 97% rename from docs/directorymanager/11.1/api/datasource/gefsmdtype.md rename to docs/directorymanager/11.1/welcome/datasourceapis/gefsmdtype.md index b71c4dbe1f..edb479e922 100644 --- a/docs/directorymanager/11.1/api/datasource/gefsmdtype.md +++ b/docs/directorymanager/11.1/welcome/datasourceapis/gefsmdtype.md @@ -1,3 +1,9 @@ +--- +title: "Get File Server Metadata by Type" +description: "Get File Server Metadata by Type" +sidebar_position: 100 +--- + # Get File Server Metadata by Type Using this API you can get metadata information of data source(s) by server type. For example, all diff --git a/docs/directorymanager/11.1/api/datasource/getallds.md b/docs/directorymanager/11.1/welcome/datasourceapis/getallds.md similarity index 96% rename from docs/directorymanager/11.1/api/datasource/getallds.md rename to docs/directorymanager/11.1/welcome/datasourceapis/getallds.md index 3cba5e9e28..0e7a1ad03b 100644 --- a/docs/directorymanager/11.1/api/datasource/getallds.md +++ b/docs/directorymanager/11.1/welcome/datasourceapis/getallds.md @@ -1,3 +1,9 @@ +--- +title: "Get All Data Sources" +description: "Get All Data Sources" +sidebar_position: 60 +--- + # Get All Data Sources Using this API you can get information of all data source defined so far in Directory Manager. diff --git a/docs/directorymanager/11.1/api/datasource/getalldstype.md b/docs/directorymanager/11.1/welcome/datasourceapis/getalldstype.md similarity index 88% rename from docs/directorymanager/11.1/api/datasource/getalldstype.md rename to docs/directorymanager/11.1/welcome/datasourceapis/getalldstype.md index cb134b9fb5..5bab232271 100644 --- a/docs/directorymanager/11.1/api/datasource/getalldstype.md +++ b/docs/directorymanager/11.1/welcome/datasourceapis/getalldstype.md @@ -1,3 +1,9 @@ +--- +title: "Get All Data Sources by Type" +description: "Get All Data Sources by Type" +sidebar_position: 70 +--- + # Get All Data Sources by Type Use this API to retrieve information of all data sources of a specific type such as all SQL server diff --git a/docs/directorymanager/11.1/api/datasource/getds.md b/docs/directorymanager/11.1/welcome/datasourceapis/getds.md similarity index 93% rename from docs/directorymanager/11.1/api/datasource/getds.md rename to docs/directorymanager/11.1/welcome/datasourceapis/getds.md index fcf3175619..546f884150 100644 --- a/docs/directorymanager/11.1/api/datasource/getds.md +++ b/docs/directorymanager/11.1/welcome/datasourceapis/getds.md @@ -1,3 +1,9 @@ +--- +title: "Get a Data Source" +description: "Get a Data Source" +sidebar_position: 30 +--- + # Get a Data Source Using this API you can retrieve information of a specific data source specified in the end point diff --git a/docs/directorymanager/11.1/api/datasource/getdsparameter.md b/docs/directorymanager/11.1/welcome/datasourceapis/getdsparameter.md similarity index 90% rename from docs/directorymanager/11.1/api/datasource/getdsparameter.md rename to docs/directorymanager/11.1/welcome/datasourceapis/getdsparameter.md index 09a8625157..20febe68c1 100644 --- a/docs/directorymanager/11.1/api/datasource/getdsparameter.md +++ b/docs/directorymanager/11.1/welcome/datasourceapis/getdsparameter.md @@ -1,3 +1,9 @@ +--- +title: "Get Parameters of a Data Source" +description: "Get Parameters of a Data Source" +sidebar_position: 130 +--- + # Get Parameters of a Data Source Using this API, you can retrieve parameters information of a data source specified in end point URL. diff --git a/docs/directorymanager/11.1/api/datasource/getdspo.md b/docs/directorymanager/11.1/welcome/datasourceapis/getdspo.md similarity index 84% rename from docs/directorymanager/11.1/api/datasource/getdspo.md rename to docs/directorymanager/11.1/welcome/datasourceapis/getdspo.md index 45782b94ed..41a3d8b183 100644 --- a/docs/directorymanager/11.1/api/datasource/getdspo.md +++ b/docs/directorymanager/11.1/welcome/datasourceapis/getdspo.md @@ -1,3 +1,9 @@ +--- +title: "Get Provider Options of a Data Source" +description: "Get Provider Options of a Data Source" +sidebar_position: 140 +--- + # Get Provider Options of a Data Source Use this API to retrieve information about the provider of a specified data source. diff --git a/docs/directorymanager/11.1/api/datasource/getdstypeid.md b/docs/directorymanager/11.1/welcome/datasourceapis/getdstypeid.md similarity index 95% rename from docs/directorymanager/11.1/api/datasource/getdstypeid.md rename to docs/directorymanager/11.1/welcome/datasourceapis/getdstypeid.md index 779f7271db..47f404f688 100644 --- a/docs/directorymanager/11.1/api/datasource/getdstypeid.md +++ b/docs/directorymanager/11.1/welcome/datasourceapis/getdstypeid.md @@ -1,3 +1,9 @@ +--- +title: "Get a Data Source by Type and with ID" +description: "Get a Data Source by Type and with ID" +sidebar_position: 50 +--- + # Get a Data Source by Type and with ID Using this API, you can retrieve information of a data source by its type and ID. For example, an diff --git a/docs/directorymanager/11.1/api/datasource/getdstypename.md b/docs/directorymanager/11.1/welcome/datasourceapis/getdstypename.md similarity index 89% rename from docs/directorymanager/11.1/api/datasource/getdstypename.md rename to docs/directorymanager/11.1/welcome/datasourceapis/getdstypename.md index 8433b65ee5..6087edd224 100644 --- a/docs/directorymanager/11.1/api/datasource/getdstypename.md +++ b/docs/directorymanager/11.1/welcome/datasourceapis/getdstypename.md @@ -1,3 +1,9 @@ +--- +title: "Get a Data Source by Type and Name" +description: "Get a Data Source by Type and Name" +sidebar_position: 40 +--- + # Get a Data Source by Type and Name Using this API you can retrieve information of specific type data source, let's say a Text/CSV based diff --git a/docs/directorymanager/11.1/api/datasource/getfilterds.md b/docs/directorymanager/11.1/welcome/datasourceapis/getfilterds.md similarity index 95% rename from docs/directorymanager/11.1/api/datasource/getfilterds.md rename to docs/directorymanager/11.1/welcome/datasourceapis/getfilterds.md index daa09c4e24..4eff2eecbb 100644 --- a/docs/directorymanager/11.1/api/datasource/getfilterds.md +++ b/docs/directorymanager/11.1/welcome/datasourceapis/getfilterds.md @@ -1,3 +1,9 @@ +--- +title: "Get Filtered Data Sources by isSource" +description: "Get Filtered Data Sources by isSource" +sidebar_position: 90 +--- + # Get Filtered Data Sources by isSource This API is for getting information of data sources filtered on the basis of your role policy. if diff --git a/docs/directorymanager/11.1/api/datasource/getfntype.md b/docs/directorymanager/11.1/welcome/datasourceapis/getfntype.md similarity index 89% rename from docs/directorymanager/11.1/api/datasource/getfntype.md rename to docs/directorymanager/11.1/welcome/datasourceapis/getfntype.md index 5e7c69b43a..3be3f4f20f 100644 --- a/docs/directorymanager/11.1/api/datasource/getfntype.md +++ b/docs/directorymanager/11.1/welcome/datasourceapis/getfntype.md @@ -1,3 +1,9 @@ +--- +title: "Get Filenames by Type" +description: "Get Filenames by Type" +sidebar_position: 80 +--- + # Get Filenames by Type Use this API to get source file name(s) residing on local server(s) or in cloud for a specific type diff --git a/docs/directorymanager/11.1/api/datasource/getmd.md b/docs/directorymanager/11.1/welcome/datasourceapis/getmd.md similarity index 99% rename from docs/directorymanager/11.1/api/datasource/getmd.md rename to docs/directorymanager/11.1/welcome/datasourceapis/getmd.md index 1959c43e9e..a8e65998cc 100644 --- a/docs/directorymanager/11.1/api/datasource/getmd.md +++ b/docs/directorymanager/11.1/welcome/datasourceapis/getmd.md @@ -1,9 +1,15 @@ +--- +title: "Get Metadata of Data Sources" +description: "Get Metadata of Data Sources" +sidebar_position: 120 +--- + # Get Metadata of Data Sources Using this API, you can get metadata information of data sources defined so far in Directory Manager. -See the [Create a Data Source](/docs/directorymanager/11.1/admincenter/datasource/create.md) topic for creating a data +See the [Create a Data Source](/docs/directorymanager/11.1/signin/datasource/create.md) topic for creating a data source using Directory Manager. ## Endpoint diff --git a/docs/directorymanager/11.1/api/datasource/getmdtypest.md b/docs/directorymanager/11.1/welcome/datasourceapis/getmdtypest.md similarity index 98% rename from docs/directorymanager/11.1/api/datasource/getmdtypest.md rename to docs/directorymanager/11.1/welcome/datasourceapis/getmdtypest.md index a585feeacd..2831e6db52 100644 --- a/docs/directorymanager/11.1/api/datasource/getmdtypest.md +++ b/docs/directorymanager/11.1/welcome/datasourceapis/getmdtypest.md @@ -1,3 +1,9 @@ +--- +title: "Get Metadata of Data Source by Server Type and ID" +description: "Get Metadata of Data Source by Server Type and ID" +sidebar_position: 110 +--- + # Get Metadata of Data Source by Server Type and ID Use this API to retrieve metadata information of all data sources defined so far in Directory diff --git a/docs/directorymanager/11.1/api/datasource/parsecs.md b/docs/directorymanager/11.1/welcome/datasourceapis/parsecs.md similarity index 85% rename from docs/directorymanager/11.1/api/datasource/parsecs.md rename to docs/directorymanager/11.1/welcome/datasourceapis/parsecs.md index 4ced101221..b0170fe2d5 100644 --- a/docs/directorymanager/11.1/api/datasource/parsecs.md +++ b/docs/directorymanager/11.1/welcome/datasourceapis/parsecs.md @@ -1,3 +1,9 @@ +--- +title: "Parse a Connection String" +description: "Parse a Connection String" +sidebar_position: 150 +--- + # Parse a Connection String This API parses the connection string given in one line format. diff --git a/docs/directorymanager/11.1/api/datasource/updateds.md b/docs/directorymanager/11.1/welcome/datasourceapis/updateds.md similarity index 91% rename from docs/directorymanager/11.1/api/datasource/updateds.md rename to docs/directorymanager/11.1/welcome/datasourceapis/updateds.md index d336cdea1a..5e578381ac 100644 --- a/docs/directorymanager/11.1/api/datasource/updateds.md +++ b/docs/directorymanager/11.1/welcome/datasourceapis/updateds.md @@ -1,3 +1,9 @@ +--- +title: "Update a Data Source" +description: "Update a Data Source" +sidebar_position: 160 +--- + # Update a Data Source Using this API you can update information of an already created data source. diff --git a/docs/directorymanager/11.1/api/datasource/validatedc.md b/docs/directorymanager/11.1/welcome/datasourceapis/validatedc.md similarity index 88% rename from docs/directorymanager/11.1/api/datasource/validatedc.md rename to docs/directorymanager/11.1/welcome/datasourceapis/validatedc.md index b0ae7aa664..da41c78551 100644 --- a/docs/directorymanager/11.1/api/datasource/validatedc.md +++ b/docs/directorymanager/11.1/welcome/datasourceapis/validatedc.md @@ -1,3 +1,9 @@ +--- +title: "Validate Data Connectivity of a Data Source" +description: "Validate Data Connectivity of a Data Source" +sidebar_position: 170 +--- + # Validate Data Connectivity of a Data Source Use this API to validate connection of a data source with the provider or with a source file. diff --git a/docs/directorymanager/11.1/welcome/entitlement/_category_.json b/docs/directorymanager/11.1/welcome/entitlement/_category_.json new file mode 100644 index 0000000000..5ce296e926 --- /dev/null +++ b/docs/directorymanager/11.1/welcome/entitlement/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Entitlement", + "position": 80, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/directorymanager/11.1/portal/entitlement/fileservers.md b/docs/directorymanager/11.1/welcome/entitlement/fileservers.md similarity index 96% rename from docs/directorymanager/11.1/portal/entitlement/fileservers.md rename to docs/directorymanager/11.1/welcome/entitlement/fileservers.md index 556528b034..5099059757 100644 --- a/docs/directorymanager/11.1/portal/entitlement/fileservers.md +++ b/docs/directorymanager/11.1/welcome/entitlement/fileservers.md @@ -1,6 +1,12 @@ +--- +title: "File Servers" +description: "File Servers" +sidebar_position: 10 +--- + # File Servers -The [ Entitlement](/docs/directorymanager/11.1/portal/entitlement/overview.md) page lists the servers specified for permission analysis in the +The [ Entitlement](/docs/directorymanager/11.1/welcome/entitlement/overview.md) page lists the servers specified for permission analysis in the identity store, displaying granular level permission granted to objects on shared files and folders. This data is subject to the date and time the permissions were last replicated. diff --git a/docs/directorymanager/11.1/welcome/entitlement/overview.md b/docs/directorymanager/11.1/welcome/entitlement/overview.md new file mode 100644 index 0000000000..79f4b9e4b4 --- /dev/null +++ b/docs/directorymanager/11.1/welcome/entitlement/overview.md @@ -0,0 +1,13 @@ +--- +title: "Entitlement" +description: "Entitlement" +sidebar_position: 80 +--- + +# Entitlement + +Directory Manager Entitlement enables you to stay informed on the permissions assigned to objects +residing on your Active Directory servers and SharePoint sites. + +See the [Entitlement](/docs/directorymanager/11.1/signin/entitlement/overview.md) topic for detailed information on +Entitlement. diff --git a/docs/directorymanager/11.1/portal/entitlement/sharepointsites.md b/docs/directorymanager/11.1/welcome/entitlement/sharepointsites.md similarity index 98% rename from docs/directorymanager/11.1/portal/entitlement/sharepointsites.md rename to docs/directorymanager/11.1/welcome/entitlement/sharepointsites.md index 4da0992d7b..3db8f87bd2 100644 --- a/docs/directorymanager/11.1/portal/entitlement/sharepointsites.md +++ b/docs/directorymanager/11.1/welcome/entitlement/sharepointsites.md @@ -1,3 +1,9 @@ +--- +title: "Explore SharePoint Sites" +description: "Explore SharePoint Sites" +sidebar_position: 20 +--- + # Explore SharePoint Sites The **SharePoint Sites** page lists the sites specified for permission analysis in the identity diff --git a/docs/directorymanager/11.1/welcome/generalfeatures/_category_.json b/docs/directorymanager/11.1/welcome/generalfeatures/_category_.json new file mode 100644 index 0000000000..535cc16965 --- /dev/null +++ b/docs/directorymanager/11.1/welcome/generalfeatures/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "General Portal Features", + "position": 30, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "generalfeatures" + } +} \ No newline at end of file diff --git a/docs/directorymanager/11.1/portal/search/find.md b/docs/directorymanager/11.1/welcome/generalfeatures/find.md similarity index 96% rename from docs/directorymanager/11.1/portal/search/find.md rename to docs/directorymanager/11.1/welcome/generalfeatures/find.md index 72a4903029..fb95ac0c9b 100644 --- a/docs/directorymanager/11.1/portal/search/find.md +++ b/docs/directorymanager/11.1/welcome/generalfeatures/find.md @@ -1,3 +1,9 @@ +--- +title: "Find Dialog Box" +description: "Find Dialog Box" +sidebar_position: 20 +--- + # Find Dialog Box This dialog box enables you to search **User**, **Group**, and **Contact** objects in the connected diff --git a/docs/directorymanager/11.1/welcome/generalfeatures/generalfeatures.md b/docs/directorymanager/11.1/welcome/generalfeatures/generalfeatures.md new file mode 100644 index 0000000000..70eb0da489 --- /dev/null +++ b/docs/directorymanager/11.1/welcome/generalfeatures/generalfeatures.md @@ -0,0 +1,53 @@ +--- +title: "General Portal Features" +description: "General Portal Features" +sidebar_position: 30 +--- + +# General Portal Features + +Directory Manager portal encompasses various functionalities available for the users that are: + +- Directory Search +- Find Dialog Box +- Portal Settings +- User Account Settings +- Toolbars + +## Directory Search + +The Directory Manager portal provides a robust search feature that empowers users to efficiently +manage various directory objects within their identity store. These objects include mailboxes, +users, groups, and contacts. Once a search is performed, the results are displayed on the Search +Results page. + +See the [Directory Search](/docs/directorymanager/11.1/welcome/generalfeatures/search.md) topic for additional information. + +## Find Dialog Box + +The Find dialog box enables you to search User, Group, and Contact objects in the connected identity +store. The object types av ailable for search may vary, depending on the page you launch the +**Find** dialog box from. + +See the [Find Dialog Box](/docs/directorymanager/11.1/welcome/generalfeatures/find.md) topic for additional information. + +## Portal Settings + +Directory Manager portal offers flexible portal settings to customize the user experience and +personalize the portal for each user. + +See the [Portal Settings](/docs/directorymanager/11.1/welcome/generalfeatures/portal.md) topic for additional information. + +## User Account Settings + +Users can manage their own profile information and perform various account-related actions through +the User Settings. + +See the [User Account Settings](/docs/directorymanager/11.1/welcome/generalfeatures/user.md) topic for additional information. + +## Toolbars + +The portal provides toolbars with diverse options that users can use on the objects. These actions +include editing properties, managing membership, viewing history, and more. + +See the [Toolbar](/docs/directorymanager/11.1/welcome/generalfeatures/toolbar.md) topic for additional information. diff --git a/docs/directorymanager/11.1/welcome/generalfeatures/portal.md b/docs/directorymanager/11.1/welcome/generalfeatures/portal.md new file mode 100644 index 0000000000..a2f177d2e4 --- /dev/null +++ b/docs/directorymanager/11.1/welcome/generalfeatures/portal.md @@ -0,0 +1,246 @@ +--- +title: "Portal Settings" +description: "Portal Settings" +sidebar_position: 50 +--- + +# Portal Settings + +You can fine-tune your portal pages by customizing display options. This also enables you to +personalize the GroupID portal. + +These settings are saved for a user with respect to the identity store. When this user logs on to +another GroupID portal for the same identity store, the settings apply there too. + +## Set Identity Store mode + +GroupID portal works with a single identity store. However, GroupID also enables administrators to +link different identity stores. If an administrator creates a GroupID Portal and associates it with +the linked identity stores, the portal users can view the data from the linked identity stores at +the same time, rather than having to switch identity stores. + +Via Portal settings, you can choose either of the two modes by following these steps: + +Step 1 – Click the **Settings** icon at the top of the page. + +Step 2 – From the **Identity Store Mode** list, select one of the following mode: + +- Stand-alone mode +- Linked mode + +Step 3 – Click **Save**. + +## Set a language for notifications + +GroupID generates a number of notifications that are, by default, sent to users in the English +language. However, a user can opt to receive notifications in a different language by personalizing +the language settings from the **User Settings** panel in the portal. + +However, there are a few exceptions to it. See the +[Notifications](/docs/directorymanager/11.1/signin/notification/overview.md) topic for more information. + +Step 1 – Click the **Settings** icon at the top of the page. + +Step 2 – From the **Notification Language** list, select a language for receiving the notifications. + +Step 3 – Click **Save**. + +## Set the time zone + +You can set the portal's date and time for your time zone. + +Step 1 – Click the **Settings** icon at the top of the page. + +Step 2 – In the **User Time Zone** list, select the time zone for your region. + +Step 3 – Click **Save**. + +## Set a default start page + +You can set the first page you see when you log into the portal. + +1. Click the **Settings** icon at the top of the page. +2. From the **Default startup page** list, select a page to set as your start page. +3. Click **Save**. + +## Set the number of history items to show on the home page + +You can specify the number of history items to display in the History section on the portal's home +page. + +Step 1 – Click the **Settings** icon at the top of the page. + +Step 2 – In the **History items to display on home page** box, set the maximum number of history +items to be displayed on the portal's home page. + +Step 3 – Click **Save**. + +History is displayed if the administrator has enabled history tracking for the identity store. + +## Set the number of history items to show for objects + +Set the number of history items to display on the History tab. This tab is displayed when viewing +the properties for a User, Group, Contact or Mailbox. + +This setting also controls the number of history items displayed on the +[My History](/docs/directorymanager/11.1/welcome/history/myhistory.md), [My Direct Reports' History](/docs/directorymanager/11.1/welcome/history/mydirectreport.md), +and [My Groups' History](/docs/directorymanager/11.1/welcome/history/mydirectorygroup.md) pages. + +Step 1 – Click the **Settings** icon at the top of the page. + +Step 2 – In the **History items to display** box, set the number of history items to display on the +pages that display history data. + +Step 3 – Click **Save**. + +History is displayed if the administrator has enabled history tracking for the identity store. + +## Set the number of recent objects to show + +The GroupID portal keeps a list of recently viewed objects on the left navigation bar. This provides +a convenient way to navigate back to objects later. You can specify the number of recent objects to +be shown on the navigation bar. + +Step 1 – Click the **Settings** icon at the top of the page. + +Step 2 – In the **Most recent objects** box, type the number of recent objects to display on the +navigation bar. + +Step 3 – Click **Save**. + +## Set the default domains for search lists + +You can specify the default domains to be searched when you perform a search using the portal. If +portal is running in: + +- **Stand-alone mode**: domain of the associated identity store is listed. + +- **Linked mode**: domains of all the linked identity stores are listed. + +To select domain(s) for searches: + +Step 1 – Click the **Settings** icon at the top of the page. + +Step 2 – In the **Domains to search** list, select the domains that you use frequently in your +searches. + +Step 3 – Click **Save**. + +## Set the number of results to show on a page + +You can specify the number of search results to be displayed on a portal page. + +Step 1 – Click the **Settings** icon at the top of the page. + +Step 2 – In the **Search results per page** box, type or select the number of search results to +display on a page. + +Step 3 – Click **Save**. + +## Show additional group ownership in My Groups + +By default, the **My Groups** page displays the groups that you are a primary owner for. You can, +however, set this page to display those groups too for which you are an additional owner. + +Step 1 – Click the **Settings** icon at the top of the page. + +Step 2 – Select the **Display additional group ownership in My Groups** check box. + +Step 3 – Selecting this option also displays the history of these groups in the **My Groups +History** view. + +Step 4 – Click **Save**. + +## Show additional group ownership in My Expiring Groups + +By default, the **My Expiring Groups** page displays the soon-to-expire groups that you are the +primary owner of. You can, however, set this page to display those expiring groups too for which you +are an additional owner. + +Step 1 – Click the **Settings** icon at the top of the page. + +Step 2 – Select the **Display additional group ownership in My Expiring Groups** check box. + +Step 3 – Click **Save**. + +## Show additional group ownership in My Expired Groups + +By default, the **My Expired Groups** page displays the expired groups that you are the primary +owner for. You can, however, set this page to display those expired groups too for which you are an +additional owner. + +Step 1 – Click the **Settings** icon at the top of the page. + +Step 2 – Select the **Display additional group ownership in My Expired Groups** check box. + +Step 3 – Click **Save**. + +## Show additional group ownership in My Deleted Groups + +By default, the **My Deleted Groups** page displays the deleted groups that you are the primary +owner for. You can, however, set this page to display those deleted groups too for which you are an +additional owner. + +Step 1 – Click the **Settings** icon at the top of the page. + +Step 2 – Select the **Display additional group ownership in My Deleted Groups** check box. + +Step 3 – Click **Save**. + +## Display additional group ownership in my Smart Groups + +By default, the **My Smart Groups** page displays the Smart Group that you are the primary owner +for. You can, however, set this page to display those Smart Groups too for which you are an +additional owner. + +Step 1 – Click the **Settings** icon at the top of the page. + +Step 2 – Select the **Display additional group ownership in My Smart Groups** check box. + +Step 3 – Click **Save**. + +## Display additional group ownership in my Dynasties + +By default, the My Dynasties page displays the Dynasties that you are the primary owner for. You +can, however, set this page to display those Dynasties too for which you are an additional owner. + +Step 1 – Click the **Settings** icon at the top of the page. + +Step 2 – Select the **Display additional group ownership in My Dynasties** check box. + +Step 3 – Click **Save**. + +## Display Additional Manager Direct Reports + +By default, the **My Direct Reports** page displays the users that you are the primary manager for. +You can, however, set this page to display those users too for which you are an additional manager. + +Step 1 – Click the **Settings** icon at the top of the page. + +Step 2 – Select the **Display Additional Manager Direct Reports** check box. + +Step 3 – Click **Save**. + +## Reset default user options + +You can reset the settings on the **User Settings** panel to their default values. + +Step 1 – Click the **Settings** icon at the top of the page. + +Step 2 – On the **User Settings** page, click **Reset Defaults**. + +The following table lists the default values that are reset: + +| Option | Default Value | +| ---------------------------------------------- | ------------------------------------------------ | +| Identity Store Mode | Stand-alone | +| Notification Language | English | +| User Time Zone | The time zone set on the GroupID server machine. | +| Default startup page | Welcome | +| History items to display on home page | 10 | +| History items to display | 10 | +| Most recent objects | 5 | +| Domains to Search | Entire Directory | +| Search results per page | 25 | +| Display additional group ownership check boxes | Not selected | +| Display Additional Manager Direct Reports | Not selected | diff --git a/docs/directorymanager/11.1/portal/search/querysearch.md b/docs/directorymanager/11.1/welcome/generalfeatures/querysearch.md similarity index 83% rename from docs/directorymanager/11.1/portal/search/querysearch.md rename to docs/directorymanager/11.1/welcome/generalfeatures/querysearch.md index 15be62d2a1..e88aac4cf0 100644 --- a/docs/directorymanager/11.1/portal/search/querysearch.md +++ b/docs/directorymanager/11.1/welcome/generalfeatures/querysearch.md @@ -1,3 +1,9 @@ +--- +title: "Query Based Advanced Search" +description: "Query Based Advanced Search" +sidebar_position: 40 +--- + # Query Based Advanced Search Directory Manager portal enables you to search directory objects (users, mailboxes, contacts, @@ -5,7 +11,7 @@ groups) in the identity store based on a query. You can create queries and save directory objects searches. The Query Designer option on the Advanced Search page is available which presents you the -[Query Designer](/docs/directorymanager/11.1/portal/group/querydesigner/overview.md) dialog box similar to the query designer dialog +[Query Designer](/docs/directorymanager/11.1/welcome/group/querydesigner/overview.md) dialog box similar to the query designer dialog box used for creating queries for Smart Groups and Dynasties. In Linked mode – Query based searches cannot be performed. @@ -25,7 +31,7 @@ automatically. Step 3 – Click **Query Designer** to create queries to search directory objects. -Step 4 – Select an option from the [Query Designer - General tab](/docs/directorymanager/11.1/portal/group/querydesigner/general.md) +Step 4 – Select an option from the [Query Designer - General tab](/docs/directorymanager/11.1/welcome/group/querydesigner/general.md) list to specify the type of object the query should fetch. Step 5 – You must specify the containers that the query should search for retrieving the directory @@ -38,26 +44,26 @@ Step 6 – The **Query Designer** dialog box groups similar query options by tab 1. **General tab**: lets you select object categories that you want the query to search in. The available options vary according to the object type selected in the **Find** list. See the - [Query Designer - General tab](/docs/directorymanager/11.1/portal/group/querydesigner/general.md) topic for additional + [Query Designer - General tab](/docs/directorymanager/11.1/welcome/group/querydesigner/general.md) topic for additional information. 2. **Storage tab**: lets you filter the mailboxes to return. See the - [Query Designer - Storage tab](/docs/directorymanager/11.1/portal/group/querydesigner/storage.md) topic for additional + [Query Designer - Storage tab](/docs/directorymanager/11.1/welcome/group/querydesigner/storage.md) topic for additional information. 3. **Filter Criteria tab**: lets you add additional filter criteria. For example, you can add criteria to retrieve all directory users who live in Houston and have a fax number. You can also apply logical operators (AND, OR) to your custom query to achieve the most accurate results. The condition list may vary while creating queries for object searches. See the - [Query Designer - Filter Criteria tab](/docs/directorymanager/11.1/portal/group/querydesigner/filtercriteria.md) topic for + [Query Designer - Filter Criteria tab](/docs/directorymanager/11.1/welcome/group/querydesigner/filtercriteria.md) topic for additional information. 4. **Include/Exclude tab:** lets you include or exclude objects regardless of whether they are returned by the query or not. Use the Add and Remove buttons to add and remove objects in the Include and Exclude sections respectively. See the - [Query Designer - Include/Exclude tab](/docs/directorymanager/11.1/portal/group/querydesigner/includeexclude.md) topic for + [Query Designer - Include/Exclude tab](/docs/directorymanager/11.1/welcome/group/querydesigner/includeexclude.md) topic for additional information. 5. **Database tab**: enables you to combine an external data source with the directory to search - directory objects. See the [Query Designer - Database tab](/docs/directorymanager/11.1/portal/group/querydesigner/database.md) + directory objects. See the [Query Designer - Database tab](/docs/directorymanager/11.1/welcome/group/querydesigner/database.md) topic for additional information. Step 7 – Click the **LDAP Query** button to view the query generated from the settings you have diff --git a/docs/directorymanager/11.1/welcome/generalfeatures/search.md b/docs/directorymanager/11.1/welcome/generalfeatures/search.md new file mode 100644 index 0000000000..08dc65fc44 --- /dev/null +++ b/docs/directorymanager/11.1/welcome/generalfeatures/search.md @@ -0,0 +1,125 @@ +--- +title: "Directory Search" +description: "Directory Search" +sidebar_position: 30 +--- + +# Directory Search + +Using the Directory Manager portal, you can search and manage different directory objects (users, +groups, contacts and mailboxes). + +NOTE: The contact object type is not supported in a Microsoft Entra ID based identity store. + +## Search directory objects (Quick Search) + +Use Quick Search to quickly locate objects in the identity store. You can search the entire +directory or specific OU(s) within the directory, depending on search permissions granted to your +role in the identity store. + +Step 1 – In the Quick Search box in the top-of the page, enter the display name, first name, or +email address of an object to search for it. + +A list of matched objects is displayed as you type the search string. + +Step 2 – Select your required object or click magnifying glass icon. + +Matches are displayed on the **Search Results** page. + +NOTE: Display name, first name and email address are the default schema attributes for Quick Search. +If the Directory Manager administrator specifies different attributes, you will not get the desired +results when you perform a search with the display name, first name or email address. + +## Search directory objects (Advanced Search) + +Use the portal's Advanced Search to search for directory objects (users, mailboxes, contacts, +groups) in the identity store. You can search the entire directory or specific OU(s) within the +directory, depending on search permissions granted to your role in the identity store. + +Multiple filters are available to search for objects. You can use them individually or in +combination to get the most appropriate search results. + +NOTE: In portal's linked mode, you cannot search contacts in linked Azure / Google Workspace / +Generic LDAP store as contact object is not available in these providers. + +Step 1 – Click **Advanced Search** at the top. The **Advanced Search** page is displayed. + +Step 2 – In the **Search** box: + +In **Stand-alone** mode: select the check boxes for the entire directory or the OUs that you want to +search in. You can also specify the default search OUs using the **Domains to Search** setting on +the User Settings panel. + +NOTE: In **Linked** mode: the **Search** and the **Domains to Search** boxes will list all the +domains of the linked identity stores. You can select domain(s) or OUs you want to search in. + +Step 3 – In the **Objects** box, select the objects (User, mailboxes, contact, group) you want to +search for. + +In **Linked** mode: If you log into the portal with an AD primary store, you can search a contact +object and if you log in with any of the other providers i.e., Microsoft Entra ID, Google Workspace +or Generic LDAP, you cannot search as they do not support the contact object type. + +Step 4 – Enter search criteria as needed: + +- Type the display name, first name, last name, title, alias, company, department, office, and/or + city of an object to search for it. +- You can select a custom attribute from the **Select a field** list and type a search string in the + box next to the list. + +Step 5 – Click **Search**. + +Objects matching the search criteria are displayed on the **Search Results** page. + +## Search directory objects (Query Based Advanced Search) + +Directory Manager portal enables you to search directory objects (users, mailboxes, contacts, +groups) in the identity store based on a query. See the +[Query Based Advanced Search](/docs/directorymanager/11.1/welcome/generalfeatures/querysearch.md) topic. + +NOTE: In portal's linked mode, you cannot search contacts in linked Azure / Google Workspace / +Generic LDAP store as contact object is not available in these providers. + +## View Search Results + +On performing a search, all objects matching your filter criteria are displayed on the **Search +Results** page. + +The **Modify Search Directory** box in: + +- **Stand-alone** mode: displays Entire Directory option. You can select a specific child domain or + particular OUs to view search results from. + +- **linked** mode: lists all domains of the linked identity stores. You can select domain(s) or OUs + to view the search result from. + +The page has multiple tabs, namely: + +- **All**: displays all objects that match the search criterion. +- **Groups**: displays groups that match the search criterion. +- **Users**: displays users and mailboxes that match the search criterion. +- **Contacts**: displays contacts that match the search criterion. + +The Search **Results** page displays results against the following columns: + +- Type +- Display name +- Department +- Office +- Business +- Email + +If portal is running in the Linked mode, the **Identity Store** column is displayed. It displays the +name of the identity store in which the object resides. + +**Important**: For performing searches in customized portal using the Linked mode, it is important +that customized portal fields, which are used while creating filter expressions for use and group +objects, are bind with similar attributes of stores. Otherwise, Directory Manager will not be able +to linked identities. + +You can perform multiple actions on objects. See the [Toolbar](/docs/directorymanager/11.1/welcome/generalfeatures/toolbar.md) topic for additional +information. + +To move through search results, use the page numbers given at the bottom of the listing. You can +also control the number of results per page by modifying the **Search results per page** setting on +the User Settings panel. diff --git a/docs/directorymanager/11.1/portal/toolbar.md b/docs/directorymanager/11.1/welcome/generalfeatures/toolbar.md similarity index 99% rename from docs/directorymanager/11.1/portal/toolbar.md rename to docs/directorymanager/11.1/welcome/generalfeatures/toolbar.md index adc55ab11d..a82f0c1fd7 100644 --- a/docs/directorymanager/11.1/portal/toolbar.md +++ b/docs/directorymanager/11.1/welcome/generalfeatures/toolbar.md @@ -1,3 +1,9 @@ +--- +title: "Toolbar" +description: "Toolbar" +sidebar_position: 10 +--- + # Toolbar Use the toolbar to perform different actions on the portal pages. Buttons on the toolbar vary, diff --git a/docs/directorymanager/11.1/welcome/generalfeatures/user.md b/docs/directorymanager/11.1/welcome/generalfeatures/user.md new file mode 100644 index 0000000000..202ed3895a --- /dev/null +++ b/docs/directorymanager/11.1/welcome/generalfeatures/user.md @@ -0,0 +1,114 @@ +--- +title: "User Account Settings" +description: "User Account Settings" +sidebar_position: 60 +--- + +# User Account Settings + +Using the Directory Managerportal, you can manage your profile information and even change your +password, provided that the Directory Manager administrator has granted you the required +permissions. You can also add your picture to your profile. + +Administrators can also reset the passwords of other user accounts in the identity store. They can +also set the expiration policy of user accounts, lock or unlock accounts, and enable or disable +accounts. + +## Update your account information + +Follow the steps to update your account information. + +Step 1 – Make the required changes to your profile on the My Profile page. + +Step 2 – Click **Save**. + +NOTE: If the administrator has specified this action for review, your changes will not take effect +until verified by an approver. + +## Add a photo to your profile + +Follow the steps to add a photo to your profile. + +Step 1 – In Directory Manager portal, click **Dashboard** in the left pane and click the **My +Profile** card. + +Step 2 – Click the **General** tab. + +Step 3 – Click **Modify** next to the **Photo** box. + +The **Manage Photo** dialog box is displayed. + +Step 4 – Click **Browse** to browse the file system to select the photo. The size of the image +should not exceed the size displayed in the header area of the dialog box. + +Use the options on the dialog box to edit the photo as desired. + +Step 5 – Click **OK** to close the **Manage Photo** dialog box. + +Step 6 – Click **Save.** + +NOTE: If the administrator has specified this action for review, your changes will not take effect +until verified by an approver. + +## Set a user account to never expire + +Follow the steps to set a user account to never expire. + +Step 1 – Search a user to set its directory account to 'never expire'. + +Step 2 – Select this user on the **Search Results** page and click **Properties** on the toolbar. + +The user's properties page is displayed. + +Step 3 – On the **Account** tab, select the **Never** option button for **Account Expires**. + +Step 4 – Click **Save**. + +## Set a user account to expire on a specific date + +Follow the steps to set a user account to expire on a specific date. + +Step 1 – Search a user to set its directory account to expire on a specific date. + +Step 2 – Select this user on the **Search Results** page and click **Properties** on the toolbar. + +The user's properties page is displayed. + +Step 3 – On the **Account** tab, select **End of** from the **Account Expire** options and click the +Calendar button to set the date for expiring the user account. + +Step 4 – Click **Save**. + +## Lock/Unlock a user account + +Follow the steps to lock/unlock a user account. + +Step 1 – Search a user to lock or unlock their directory account. + +Step 2 – Select this user on the **Search Results** page and click **Properties** on the toolbar. + +The user's properties page is displayed. + +Step 3 – On the **Account** tab: + +- Select the **Account is locked out** check box to lock the user account. +- Clear the **Account is locked out** check box to unlock the account. + +Step 4 – Click **Save**. + +## Enable/Disable a user account + +Follow the steps to enable/disable a user account. + +Step 1 – Search a user to disable or enable their directory account. + +Step 2 – Select this user on the **Search Results** page and click **Properties** on the toolbar. + +Step 3 – The user's properties page is displayed. + +Step 4 – On the **Account** tab: + +- Select the **Account is disabled** check box to disable the user account. +- Clear the **Account is disabled** check box to enable the user account. + +Step 5 – Click **Save**. diff --git a/docs/directorymanager/11.1/api/gettoken.md b/docs/directorymanager/11.1/welcome/gettoken.md similarity index 96% rename from docs/directorymanager/11.1/api/gettoken.md rename to docs/directorymanager/11.1/welcome/gettoken.md index aba053ef84..75acaec1ab 100644 --- a/docs/directorymanager/11.1/api/gettoken.md +++ b/docs/directorymanager/11.1/welcome/gettoken.md @@ -1,3 +1,9 @@ +--- +title: "Get Token" +description: "Get Token" +sidebar_position: 90 +--- + # Get Token This API generates a token for a user to access the Directory Manager APIs. This API is also used to diff --git a/docs/directorymanager/11.1/welcome/group/_category_.json b/docs/directorymanager/11.1/welcome/group/_category_.json new file mode 100644 index 0000000000..7525cf29eb --- /dev/null +++ b/docs/directorymanager/11.1/welcome/group/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Group Management", + "position": 70, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/directorymanager/11.1/welcome/group/allgroups/_category_.json b/docs/directorymanager/11.1/welcome/group/allgroups/_category_.json new file mode 100644 index 0000000000..54d4bf545a --- /dev/null +++ b/docs/directorymanager/11.1/welcome/group/allgroups/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "All Groups", + "position": 30, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "allgroups" + } +} \ No newline at end of file diff --git a/docs/directorymanager/11.1/portal/group/alldynasties.md b/docs/directorymanager/11.1/welcome/group/allgroups/alldynasties.md similarity index 83% rename from docs/directorymanager/11.1/portal/group/alldynasties.md rename to docs/directorymanager/11.1/welcome/group/allgroups/alldynasties.md index 62e6e309c1..f8211303c5 100644 --- a/docs/directorymanager/11.1/portal/group/alldynasties.md +++ b/docs/directorymanager/11.1/welcome/group/allgroups/alldynasties.md @@ -1,6 +1,12 @@ +--- +title: "Dynasties" +description: "Dynasties" +sidebar_position: 70 +--- + # Dynasties -A [Dynasty](/docs/directorymanager/11.1/portal/group/dynasty/overview.md)is a Smart Group that creates and manages other Smart Groups using +A [Dynasty](/docs/directorymanager/11.1/welcome/group/dynasty/overview.md)is a Smart Group that creates and manages other Smart Groups using information in the directory. This view lists only the Dynasties created in Directory Manager in the connected identity store, and does not include expired and deleted Dynasties. diff --git a/docs/directorymanager/11.1/portal/group/allexpiredgroups.md b/docs/directorymanager/11.1/welcome/group/allgroups/allexpiredgroups.md similarity index 86% rename from docs/directorymanager/11.1/portal/group/allexpiredgroups.md rename to docs/directorymanager/11.1/welcome/group/allgroups/allexpiredgroups.md index 1e5334fc40..91740c5ca2 100644 --- a/docs/directorymanager/11.1/portal/group/allexpiredgroups.md +++ b/docs/directorymanager/11.1/welcome/group/allgroups/allexpiredgroups.md @@ -1,3 +1,9 @@ +--- +title: "Expired Groups" +description: "Expired Groups" +sidebar_position: 40 +--- + # Expired Groups This page lists expired groups. A group expires when: diff --git a/docs/directorymanager/11.1/portal/group/allexpiringgroups.md b/docs/directorymanager/11.1/welcome/group/allgroups/allexpiringgroups.md similarity index 88% rename from docs/directorymanager/11.1/portal/group/allexpiringgroups.md rename to docs/directorymanager/11.1/welcome/group/allgroups/allexpiringgroups.md index 03d031d9c1..081aeb3a35 100644 --- a/docs/directorymanager/11.1/portal/group/allexpiringgroups.md +++ b/docs/directorymanager/11.1/welcome/group/allgroups/allexpiringgroups.md @@ -1,3 +1,9 @@ +--- +title: "Expiring Groups" +description: "Expiring Groups" +sidebar_position: 50 +--- + # Expiring Groups This page shows only the expiring groups in the connected identity store. diff --git a/docs/directorymanager/11.1/welcome/group/allgroups/allgroups.md b/docs/directorymanager/11.1/welcome/group/allgroups/allgroups.md new file mode 100644 index 0000000000..d858e73c3d --- /dev/null +++ b/docs/directorymanager/11.1/welcome/group/allgroups/allgroups.md @@ -0,0 +1,134 @@ +--- +title: "All Groups" +description: "All Groups" +sidebar_position: 30 +--- + +# All Groups + +This tab lists all groups defined in the identity store including all active groups: + +- [Private Groups](/docs/directorymanager/11.1/welcome/group/allgroups/privategroups.md) +- [Semi Private Groups](/docs/directorymanager/11.1/welcome/group/allgroups/semiprivategroups.md) +- [Public Groups](/docs/directorymanager/11.1/welcome/group/allgroups/publicgroups.md) +- [Expired Groups](/docs/directorymanager/11.1/welcome/group/allgroups/allexpiredgroups.md) +- [Expiring Groups](/docs/directorymanager/11.1/welcome/group/allgroups/allexpiringgroups.md) +- [Smart Groups](/docs/directorymanager/11.1/welcome/group/allgroups/allsmartgroups.md) +- [Dynasties](/docs/directorymanager/11.1/welcome/group/allgroups/alldynasties.md) +- [Password Expiry Groups](/docs/directorymanager/11.1/welcome/group/allgroups/passwordexpirygroups.md) +- [Teams](/docs/directorymanager/11.1/welcome/group/allgroups/teams.md) (for Microsoft Entra ID based identity store) + +Viewing all groups from the directory source may slow down the loading of groups in the view, +especially when there are more than 100 groups. + +**You can:** + +- Manually update the membership of a Smart Group using the **Update** command. You can also view + update details on **Processing Object (s)** wizard. Click **OK** once done. + + If you click **Background**, the update runs in the background and will show in the **Background + Tasks** tab. + +- View and modify the [Group Properties](/docs/directorymanager/11.1/welcome/group/properties/overview.md) of a group. +- [Expire a group manually ](/docs/directorymanager/11.1/welcome/group/workingwithgroups/groupexpiryfunction.md#expire-a-group-manually). After expiring + the group, it will be listed in **Expired Group** list. +- Select a smart group and click **Renew** on the toolbar; this re-applies the expiry policy of the + group starting from today, thus renewing the group. +- Join a group as a [Join a group temporarily](/docs/directorymanager/11.1/welcome/group/workingwithgroups/groupjoinleave.md#join-a-group-temporarily) or + [Join a group permanently](/docs/directorymanager/11.1/welcome/group/workingwithgroups/groupjoinleave.md#join-a-group-permanently) + + Select **Other** to add other users to the group. + +- Leave a group’s membership + [Leave a group temporarily](/docs/directorymanager/11.1/welcome/group/workingwithgroups/groupjoinleave.md#leave-a-group-temporarily) or + [Leave a group permanently](/docs/directorymanager/11.1/welcome/group/workingwithgroups/groupjoinleave.md#leave-a-group-permanently). + + Select **Other** to remove other users from the group. + +- To Join/Leave the group, you can also click on **Want to write reason to group owner?** and state + the reason for joining or leaving the group for the group owner. +- Update the security type of a group group using **Set Security Type** option. You can select one + of the following security types: + + - Public + - Semi Private + - Private + +- Update the expiration policy of a group using **Set Expiration Policy** option. + + - Never Expire + - Expire Every 30 Days + - Expire Every 60 Days + - Expire Every 90 Days + - Expire Every 120 Days + - Expire Every 6 Months + - Expire Every Year + - Other + +- Set owner for a group using **Set Owner** option. The drop down list displays two options: + + - **Me**: You can set yourself as the Owner. + - **Other**: You can select some other user as the Owner. + +- Physically delete a group. Select a group and click **Delete** on the toolbar. +- Click **Attest Group** to update and verify group's attributes and memberships. +- Get a list of all groups managed by a particular group (i.e., all groups for which the selected + group is a primary or additional owner). + + Select a group and click **Managed By** on the toolbar to get a list of groups managed by the + selected group. + +- Select a group and click **Move Group** from the toolbar. You can specify a new container from + **Select Container** box where you want to move the group. +- Add a group’s email to your email contact list using the vCard. + + Select a group and click **Add to Contacts** on the toolbar. The portal creates the group's + vCard and prompts you to save it on your machine. You can then use it to add the group's email + address to your email contact list. + +- Click **Add to Group** to add the group into the membership of another group + ([Add a group to the membership of another group (nesting)](/docs/directorymanager/11.1/welcome/group/workingwithgroups/groupmembershipfunction.md#add-a-group-to-the-membership-of-another-group-nesting)). +- Select a group and click **Send Email** on the toolbar. This launches the default Windows email + application for sending an email to group members. +- Click **Export Results** on the toolbar to export the group list to a Microsoft Excel file. +- In the **Results** box, select the number of search results to display on a page. + +Use the page numbers under the group listing to page through all groups. + +You can also control the number of records to be displayed per page by modifying the **Search +results per page** setting on the [Portal Settings](/docs/directorymanager/11.1/welcome/generalfeatures/portal.md) panel. + +## Modify Search Directory + +You can modify the search results in **Modify Search Directory.** You can select entire directory or +a domain to search active groups from. + +## Transfer Ownership + +You can find [Transfer Ownership](/docs/directorymanager/11.1/welcome/group/transferownership.md) option on the top right corner. Transfer +Ownership enables you to: + +- Assign owners to orphan groups. +- Transfer group ownership (including Exchange 2013/2016/2019 additional ownership) from one + recipient to another. + +## Filter All Groups + +You can add filters in **All Group Grid Filters** while searching for specific groups. + +Step 1 – Click **Add Filter** to specify a criterion for filtering groups. + +Step 2 – From the **Select a Filter** list, select the attribute to filter groups. + +Step 3 – Two more boxes get displayed next to **Select a Filter** box upon selecting a filter. + +- **Select an Operator** from the first list. +- Specify a value for the selected operator in the second box. + +Step 4 – Click **Apply Filter**. + +Step 5 – All active groups that match the specified criterion are displayed. + +Step 6 – You can add additional filters by clicking **Add Filter.** + +Step 7 – To undo the filters, click **Reset Filter.** It will remove all the criteria set before. diff --git a/docs/directorymanager/11.1/welcome/group/allgroups/allsmartgroups.md b/docs/directorymanager/11.1/welcome/group/allgroups/allsmartgroups.md new file mode 100644 index 0000000000..4b76957e69 --- /dev/null +++ b/docs/directorymanager/11.1/welcome/group/allgroups/allsmartgroups.md @@ -0,0 +1,16 @@ +--- +title: "Smart Groups" +description: "Smart Groups" +sidebar_position: 60 +--- + +# Smart Groups + +This view lists only the Smart Groups created using Directory Manager in the connected identity +store. It does not list expired or deleted Smart Groups. To view the expired or deleted groups, +select the [Expired Groups](/docs/directorymanager/11.1/welcome/group/allgroups/allexpiredgroups.md) or [Deleted Groups](/docs/directorymanager/11.1/welcome/group/recyclebin/overview.md) +respectively. + +You can [Modify Search Directory](allgroups.md#modify-search-directory) to search smart groups and +add [Filter All Groups](allgroups.md#filter-all-groups)by clicking **Smart Group Grid Filter**. All +the smart groups matching the filters will be displayed. diff --git a/docs/directorymanager/11.1/portal/group/passwordexpirygroups.md b/docs/directorymanager/11.1/welcome/group/allgroups/passwordexpirygroups.md similarity index 89% rename from docs/directorymanager/11.1/portal/group/passwordexpirygroups.md rename to docs/directorymanager/11.1/welcome/group/allgroups/passwordexpirygroups.md index 5f83063cf7..97a6468ac8 100644 --- a/docs/directorymanager/11.1/portal/group/passwordexpirygroups.md +++ b/docs/directorymanager/11.1/welcome/group/allgroups/passwordexpirygroups.md @@ -1,3 +1,9 @@ +--- +title: "Password Expiry Groups" +description: "Password Expiry Groups" +sidebar_position: 80 +--- + # Password Expiry Groups A password expiry group is a Smart Group whose membership contains users whose identity store diff --git a/docs/directorymanager/11.1/welcome/group/allgroups/privategroups.md b/docs/directorymanager/11.1/welcome/group/allgroups/privategroups.md new file mode 100644 index 0000000000..3bb2db5757 --- /dev/null +++ b/docs/directorymanager/11.1/welcome/group/allgroups/privategroups.md @@ -0,0 +1,16 @@ +--- +title: "Private Groups" +description: "Private Groups" +sidebar_position: 10 +--- + +# Private Groups + +This view lists only the private groups created using Directory Manager in the connected identity +store. It does not list expired or deleted private groups. To view the expired or deleted groups, +select the [Expired Groups](/docs/directorymanager/11.1/welcome/group/allgroups/allexpiredgroups.md) or [Deleted Groups](/docs/directorymanager/11.1/welcome/group/recyclebin/overview.md) +respectively. + +You can [Modify Search Directory](allgroups.md#modify-search-directory) to search private groups and +add [Filter All Groups](allgroups.md#filter-all-groups) by clicking **Private Group Grid Filters**. +All the private groups matching the filters will be displayed. diff --git a/docs/directorymanager/11.1/welcome/group/allgroups/publicgroups.md b/docs/directorymanager/11.1/welcome/group/allgroups/publicgroups.md new file mode 100644 index 0000000000..a38f62fcc8 --- /dev/null +++ b/docs/directorymanager/11.1/welcome/group/allgroups/publicgroups.md @@ -0,0 +1,16 @@ +--- +title: "Public Groups" +description: "Public Groups" +sidebar_position: 30 +--- + +# Public Groups + +This view lists only the public groups created using Directory Manager in the connected identity +store. It does not list expired or deleted public groups. To view the expired or deleted groups, +select the [Expired Groups](/docs/directorymanager/11.1/welcome/group/allgroups/allexpiredgroups.md) or [Deleted Groups](/docs/directorymanager/11.1/welcome/group/recyclebin/overview.md) +respectively. + +You can [Modify Search Directory](allgroups.md#modify-search-directory) to search private groups and +add [Filter All Groups](allgroups.md#filter-all-groups) by clicking **Public Group Grid Filters**. +All the public groups matching the filters will be displayed. diff --git a/docs/directorymanager/11.1/welcome/group/allgroups/semiprivategroups.md b/docs/directorymanager/11.1/welcome/group/allgroups/semiprivategroups.md new file mode 100644 index 0000000000..70eff1ac27 --- /dev/null +++ b/docs/directorymanager/11.1/welcome/group/allgroups/semiprivategroups.md @@ -0,0 +1,16 @@ +--- +title: "Semi Private Groups" +description: "Semi Private Groups" +sidebar_position: 20 +--- + +# Semi Private Groups + +This view lists only the semi-private groups created using Directory Manager in the connected +identity store. It does not list expired or deleted semi private groups. To view the expired or +deleted groups, select the [Expired Groups](/docs/directorymanager/11.1/welcome/group/allgroups/allexpiredgroups.md) or +[Deleted Groups](/docs/directorymanager/11.1/welcome/group/recyclebin/overview.md) respectively. + +You can [Modify Search Directory](allgroups.md#modify-search-directory) to search semi private +groups and add [Filter All Groups](allgroups.md#filter-all-groups) by clicking **Private Group Grid +Filters**. All the semi private groups matching the filters will be displayed. diff --git a/docs/directorymanager/11.1/portal/group/teams.md b/docs/directorymanager/11.1/welcome/group/allgroups/teams.md similarity index 81% rename from docs/directorymanager/11.1/portal/group/teams.md rename to docs/directorymanager/11.1/welcome/group/allgroups/teams.md index 4b0c2928b6..b62a814a4a 100644 --- a/docs/directorymanager/11.1/portal/group/teams.md +++ b/docs/directorymanager/11.1/welcome/group/allgroups/teams.md @@ -1,3 +1,9 @@ +--- +title: "Teams" +description: "Teams" +sidebar_position: 90 +--- + # Teams This page lists all the Microsoft Teams groups. diff --git a/docs/directorymanager/11.1/welcome/group/create/_category_.json b/docs/directorymanager/11.1/welcome/group/create/_category_.json new file mode 100644 index 0000000000..f5bae9912f --- /dev/null +++ b/docs/directorymanager/11.1/welcome/group/create/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Groups", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/directorymanager/11.1/welcome/group/create/create.md b/docs/directorymanager/11.1/welcome/group/create/create.md new file mode 100644 index 0000000000..8c32598b6a --- /dev/null +++ b/docs/directorymanager/11.1/welcome/group/create/create.md @@ -0,0 +1,37 @@ +--- +title: "Create Teams" +description: "Create Teams" +sidebar_position: 80 +--- + +# Create Teams + +Using Directory Manager portal, you can create Team in the identity store. + +## Create Teams + +Follow the steps to create Teams group. + +Step 1 – In the Directory Manager portal, click the **Create New** button and select **Team**. + +Step 2 – The **Create Group** wizard opens to the **Group Type** page. + +Step 3 – Pages and fields on the Create Group wizard may vary, since the administrator can customize +the wizard by adding or removing pages and fields. + +Step 4 – On the [Group Type page](/docs/directorymanager/11.1/welcome/group/create/grouptype.md), select the required group type and click +**Next**. + +Step 5 – On the General page, specify basic information about the group. + +Step 6 – If you select Static Group, specify members for the group on the +[Members page](/docs/directorymanager/11.1/welcome/group/create/group/members.md). + +Step 7 – If you select Smart Group or a Dynasty, review and modify the query for updating group +membership on the [ Smart Group page](/docs/directorymanager/11.1/welcome/group/create/group/smartgroup.md). + +Step 8 – On the [Owners page](/docs/directorymanager/11.1/welcome/group/create/group/owners.md), specify primary and additional +owners for the group. + +Step 9 – On the [Summary Page](/docs/directorymanager/11.1/welcome/user/create/activedirectory/summary.md), review the settings +and then click Finish to complete the wizard. diff --git a/docs/directorymanager/11.1/welcome/group/create/group/_category_.json b/docs/directorymanager/11.1/welcome/group/create/group/_category_.json new file mode 100644 index 0000000000..832f2c37f2 --- /dev/null +++ b/docs/directorymanager/11.1/welcome/group/create/group/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Create Active Directory Groups", + "position": 20, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "group" + } +} \ No newline at end of file diff --git a/docs/directorymanager/11.1/welcome/group/create/group/general.md b/docs/directorymanager/11.1/welcome/group/create/group/general.md new file mode 100644 index 0000000000..6febb31ce1 --- /dev/null +++ b/docs/directorymanager/11.1/welcome/group/create/group/general.md @@ -0,0 +1,69 @@ +--- +title: "General page" +description: "General page" +sidebar_position: 10 +--- + +# General page + +Use this page to specify basic information about the group. + +1. Click **Browse** next to the **Container** box to select or create the container or + organizational unit to create the group in and click **OK**. + + If you want to create a container, click **Create** and then add container to create the group + in. Click **Refresh** to remove the changes. + + This field will be read-only if the administrator has predefined a container for creating new + groups. + +2. In the **Group Name** box, provide a name for the group by selecting a prefix and then entering a + name for the group. + + NOTE: The prefix box is displayed if the administrator has defined the prefixes. See Group name + prefixes. + These prefixes, when appended to group names, help standardize the group naming convention + across the enterprise. + +3. The **Name Preview** is displayed if the prefix list is available and displays a preview of the + prefix combined with the group name. +4. The group name is also displayed in the **Group Name (Pre Windows 2000)** box. Modify it, if + required. +5. Select the **Mail Enabled** check box to create the group as mail-enabled. A mail-enabled group + is one with an email address. Members of a mail-enabled group can receive emails. +6. The **Alias** box displays an alias for creating the group's email address. You can modify the + alias, if required. + + If Microsoft Exchange Server is the designated messaging provider for the identity store, then + the alias length is limited to 64 characters, it does not contain spaces, and it is unique to + the forest. For other messaging systems, the alias length must not exceed the number of + characters supported by the respective messaging system. + + Also, the alias must not contain characters that are invalid for the configured messaging + system. + + The **Alias** box is displayed if the **Mail Enabled** check box is selected. + +7. Set the group type by selecting an option for **Group Type**. + + - **Security** - this group will be used for securing public folders, printers and other network + resources. + - **Distribution** - this group will only be used for email distribution. + + NOTE: If the administrator has predefined a group type, you cannot change it. + +8. In the **Group Scope** list, select a scope for the group. + + - **Domain Local** - if the group is to contain only users in this domain. + - **Global Group** - if the group is to contain users from other domains, but should only be + visible within its own domain. + - **Universal Group** - if the group is to contain users and groups from any domain and be + visible in the Global Catalog. + + NOTE: (1) If the administrator has predefined a group scope, you cannot change it. + (2) To create a mail-enabled group (with Exchange 2013/2016/2019 as the messaging provider), you + must select **Universal** as the group scope. + +9. In the **Security** list, select a security type for the group. +10. Enter a description for the group in the **Description** box. +11. Click **Next**. diff --git a/docs/directorymanager/11.1/welcome/group/create/group/general_1.md b/docs/directorymanager/11.1/welcome/group/create/group/general_1.md new file mode 100644 index 0000000000..62ed24764c --- /dev/null +++ b/docs/directorymanager/11.1/welcome/group/create/group/general_1.md @@ -0,0 +1,39 @@ +--- +title: "General page" +description: "General page" +sidebar_position: 10 +--- + +# General page + +Use this page to specify basic information about the group. + +1. Click **Browse** next to the **Container** box to select the container or organizational unit to + create the group in. + + This field would be read-only if the administrator has predefined a container for creating new + groups. + +2. In the **Group Name** box, provide a name for the group by selecting a prefix and then entering a + name for the group. + + NOTE: The prefix box is displayed if the administrator has defined the prefixes. See the + [Group Name Prefixes](/docs/directorymanager/11.1/signin/identitystore/configure/prefixes.md) + topic for additional information. + These prefixes, when appended to group names, help standardize the group naming convention + across the enterprise. + +3. The **Name Preview** is displayed if the prefix list is available and displays a preview of the + prefix combined with the group name. +4. In the **Security** list, select a security type for the group. +5. Set the group type by selecting an option for **Group Type** + + - **Security** - this group will be used for securing public folders, printers and other network + resources. + - **Distribution** - this group will only be used for email distribution. + - **Teams** - this groups is used for manage Microsoft Teams and their associated channels. + - **Microsoft 365** - this group will be used to select a set of people to collaborate and use a + collection of resources. + +6. Enter a description for the group in the **Description** box. +7. Click **Next**. diff --git a/docs/directorymanager/11.1/welcome/group/create/group/group.md b/docs/directorymanager/11.1/welcome/group/create/group/group.md new file mode 100644 index 0000000000..09e5c6deef --- /dev/null +++ b/docs/directorymanager/11.1/welcome/group/create/group/group.md @@ -0,0 +1,101 @@ +--- +title: "Create Active Directory Groups" +description: "Create Active Directory Groups" +sidebar_position: 20 +--- + +# Create Active Directory Groups + +Using Directory Manager portal, you can create static groups and Smart Groups in an Active Directory +identity store. + +NOTE: If the Directory Manager administrator has specified the group creation action for review, the +new group will be created after it is verified by an approver. See the +[Requests](/docs/directorymanager/11.1/welcome/request/overview.md)topic for additional information. + +## Create a Static Group + +Follow the steps to create a static group. + +1. In the Directory Manager portal, click the **Create New** button in the left pane and select + **Group**. + + The **Create Group** wizard opens to the **Group Type** page. + + Pages and fields on the Create Group wizard may vary, since the administrator can customize the + wizard by adding or removing pages and fields. + +2. On the [Group Type page](/docs/directorymanager/11.1/welcome/group/create/grouptype.md), select the **Static Group** option button and click + **Next**. +3. On the [General page](/docs/directorymanager/11.1/welcome/group/create/group/general.md), specify basic information about the group. +4. On the [Members page](/docs/directorymanager/11.1/welcome/group/create/group/members.md), specify members for the group. +5. On the [Owners page](/docs/directorymanager/11.1/welcome/group/create/group/owners.md), specify primary and additional owners for the group. +6. On the [Summary Page](/docs/directorymanager/11.1/welcome/user/create/activedirectory/summary.md), review the settings and + then click Finish to complete the wizard. + +## Create a Smart Group + +A Smart Group is one that dynamically maintains its membership based on the rules applied by a +user-defined query, such as an LDAP query. + +Rather than specifying static user memberships, you can use a query (for example, "All full-time +employees in my company") to dynamically build membership in a Smart Group. Managing memberships +with queries significantly reduces administrative costs. + +Follow the steps to create a Smart Group: + +1. In the Directory Manager portal, click the **Create New** button in the left pane and select + **Group**. + + The **Create Group** wizard opens to the **Group Type** page. + + Pages and fields on the Create Group wizard may vary, since the administrator can customize the + wizard by adding or removing tabs and fields. + +2. On the [Group Type page](/docs/directorymanager/11.1/welcome/group/create/grouptype.md), select the **Smart Group** option button and click + **Next**. +3. On the [General page](/docs/directorymanager/11.1/welcome/group/create/group/general.md), specify basic information about the group. +4. On the [ Smart Group page](/docs/directorymanager/11.1/welcome/group/create/group/smartgroup.md), review and modify the query for updating group + membership. +5. On the [Owners page](/docs/directorymanager/11.1/welcome/group/create/group/owners.md), specify primary and additional owners for the group. + + When a Smart Group Update job runs on a group, the notification behavior is as follows: + Even when the **Do not Notify** check box is selected, the additional owner will receive the + notifications if the administrator has included its email address for job-specific + notifications. + +6. On the [1](/docs/directorymanager/11.1/welcome/user/create/activedirectory/summary.md), review the settings and then click + Finish to complete the wizard. + +## Create a Password Expiry Group + +A password expiry group is a Smart Group whose membership contains users whose identity store +account passwords are approaching their expiry dates. Members of this group are notified by email to +reset their passwords. When they do so, they are automatically removed from the group membership. + +NOTE: Password Expiry group is not supported in Microsoft Entra ID. + +Follow the steps to create a Password Expiry Group: + +1. In the Directory Manager portal, click the **Create New** button in the left pane and select + **Group**. + + The **Create Group** wizard opens to the **Group Type** page. + + Pages and fields on the Create Group wizard may vary, since the administrator can customize the + wizard by adding or removing tabs and fields. + +2. On the [Group Type page](/docs/directorymanager/11.1/welcome/group/create/grouptype.md), select the **Password Expiry Group** option button and + click **Next**. +3. On the [General page](/docs/directorymanager/11.1/welcome/group/create/group/general.md), specify basic information about the group. +4. On the [ Smart Group page](/docs/directorymanager/11.1/welcome/group/create/group/smartgroup.md), review and modify the query for updating group + membership. +5. On the [Owners page](/docs/directorymanager/11.1/welcome/group/create/group/owners.md), specify primary and additional owners for the group. + + When a Smart Group Update job runs on a group, the notification behavior is as follows: + Even when the **Do not Notify** check box is selected, the additional owner will receive the + notifications if the administrator has included its email address for job-specific + notifications. + +6. On the [Summary Page](/docs/directorymanager/11.1/welcome/user/create/activedirectory/summary.md), review the settings and + then click Finish to complete the wizard. diff --git a/docs/directorymanager/11.1/welcome/group/create/group/group_1.md b/docs/directorymanager/11.1/welcome/group/create/group/group_1.md new file mode 100644 index 0000000000..02d1406710 --- /dev/null +++ b/docs/directorymanager/11.1/welcome/group/create/group/group_1.md @@ -0,0 +1,78 @@ +--- +title: "Create Microsoft Entra ID Groups" +description: "Create Microsoft Entra ID Groups" +sidebar_position: 30 +--- + +# Create Microsoft Entra ID Groups + +Using Directory Manager portal, you can create static groups and Smart Groups in an Microsoft Entra +ID identity store. + +NOTE: If the Directory Manager administrator has specified the group creation action for review, the +new group will be created after it is verified by an approver. See the +[Requests](/docs/directorymanager/11.1/welcome/request/overview.md) topic for additional information. + +## Create a Static Group + +Follow the steps to create a static group. + +1. In the Directory Manager portal, click the **Create New** button in the left pane and select + **Group**. + + The **Create Group** wizard opens to the **Group Type** page. + + NOTE: Pages and fields on the Create Group wizard may vary, since the administrator can + customize the wizard by adding or removing tabs and fields. + +2. On the [Group Type page](/docs/directorymanager/11.1/welcome/group/create/grouptype.md), select the **Static Group** option button and click + **Next**. +3. On the [General page](/docs/directorymanager/11.1/welcome/group/create/group/general_1.md), specify basic information about the group. +4. On the [Members page](/docs/directorymanager/11.1/welcome/group/create/group/members.md), add objects to group membership. + + Only user objects can be added as members of an Office 365 group. + +5. On the [Owners page](/docs/directorymanager/11.1/welcome/group/create/group/owners.md), specify primary and additional owners for the + group. + + Only users can be set as primary owners. You can specify multiple primary owners for a group. At + least one primary owner is mandatory. + +6. On the [Summary Page](/docs/directorymanager/11.1/welcome/user/create/activedirectory/summary.md), review the settings and + then click Finish to complete the wizard. + +## Create a Smart Group + +Follow the steps to create a Smart Group. + +1. In the Directory Manager portal, click the **Create New** button in the left pane and select + **Group**. + + The **Create Group** wizard opens to the **Group Type** page. + + Remember, pages and fields on the Create Group wizard may vary, since the administrator can + customize the wizard by adding or removing tabs and fields. + +2. On the [Group Type page](/docs/directorymanager/11.1/welcome/group/create/grouptype.md) page, select the **Smart Group** option button and + click **Next**. +3. On the [General page](/docs/directorymanager/11.1/welcome/group/create/group/general_1.md) page, specify basic information about the group. +4. On the [ Smart Group page](/docs/directorymanager/11.1/welcome/group/create/group/smartgroup.md) page, review and modify the query + for updating group membership. + + Smart Groups in an Microsoft Entra ID based identity store use a device structured query + language to update group membership. You should either apply a query to a group in the Microsoft + Entra ID portal or in Directory Manager. + +5. On the [Owners page](/docs/directorymanager/11.1/welcome/group/create/group/owners.md), specify primary and additional owners for the + group. + + - Only users can be set as primary owners. + - You can specify multiple primary owners for a group. At least one primary owner is mandatory. + - When a Smart Group Update job runs on a group, the notification behavior is as follows: + + Even when the **Do not Notify** check box is selected, the additional owner will receive the + notifications if the administrator has included its email address for job-specific + notifications. + +6. On the [Summary Page](/docs/directorymanager/11.1/welcome/user/create/activedirectory/summary.md), review the settings and + then click **Finish** to complete the wizard. diff --git a/docs/directorymanager/11.1/welcome/group/create/group/members.md b/docs/directorymanager/11.1/welcome/group/create/group/members.md new file mode 100644 index 0000000000..b3a99969fa --- /dev/null +++ b/docs/directorymanager/11.1/welcome/group/create/group/members.md @@ -0,0 +1,44 @@ +--- +title: "Members page" +description: "Members page" +sidebar_position: 20 +--- + +# Members page + +You can add members to the group. You can also remove members. By default, you are a member of the +group. + +- To add member(s), click **Add**. Enter a search string to locate the object to add as a group + member, or click **Advance** to use the [Find Dialog Box](/docs/directorymanager/11.1/welcome/generalfeatures/find.md) for performing + a search. + + The selected members get listed in the grid on the **Members** page. + +- You can also add members to the group using an external file. You can also choose to import all + members of an existing group or groups to the membership of this group. + + Click **Import** to launch the **Import Members** wizard for importing group members. See + [Import Group Members](/docs/directorymanager/11.1/welcome/group/properties/importmembers.md) for information. + +- To remove an object from the members list, select it and click **Remove**. + +The **Members** table displays the following information: + +| Column Name | Description | +| ------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Type | The object type of the member object, such as user or group. | +| Display Name | The name of the member object. You can view the memberships of groups that are members of this group. For example, when you add a group (Group B) as a member of this group (Group A), you can view the membership of Group B. You can continue to view memberships of groups that are members of Group B, and so on. This enables the owner of a distribution group to view all users who will receive the messages sent to the distribution group. Click the plus sign (![plus](/img/product_docs/directorymanager/11.1/portal/group/create/activedirectory/plus.webp)) next to a member group to view its members. Group membership can be viewed up to the nth level. However, you cannot modify membership of nested groups here. For a parent Dynasty, all child Dynasties are listed as members. NOTE: For an expired security group and Office 365 group, the members list would be empty. | +| Membership | Indicates whether the object is a temporary or permanent member of this group. The available membership types are: - Perpetual – To make the object a permanent member of the group. - Temporary Member – To make the object a temporary member of the group for the period you specify in the Beginning and Ending boxes. At the end of the period, the object is removed from the group membership. - Addition Pending – Indicates that the object will be a temporary member of the group for a period in the future. Use the Beginning and Ending boxes to set a period. Before the beginning date, the object’s membership type is displayed as ‘Addition Pending’. On the beginning date, the membership type changes to ‘Temporary Member’. Example. You add Smith as a temporary member to Group A on May 15 for future dates, May 20-30. Smith will be displayed in Group A’s membership with ‘Addition Pending’ as its membership type from May 15 to 19. However, Smith would not be added to group membership in the provider. On May 20, Smith will become a temporary member of Group A and its membership type will change to ‘Temporary Member’ from May 20 to 30. Smith will also be added to group membership in the provider. After May 30, Smith will be removed from Group A as a member in Directory Manager and in the provider. - Removal Pending - Indicates that the object will be temporarily removed from group membership for a period in the future. Use the Beginning and Ending boxes to set a period. Before the beginning date, the object’s membership type is displayed as ‘Removal Pending’. On the beginning date, the membership type will change to ‘Temporary Removed’. Example. You remove Smith from Group A on May 15 for future dates, May 20-30. Smith will be displayed in Group A’s membership with ‘Removal Pending’ as membership type from May 15 to 19. On May 20, Smith’s membership type in Directory Manager will change to ‘Temporary Removed’; lasting till May 30. However, Smith will be removed from Group A’s membership in the provider. After May 30, Smith will be added back to Group A as a permanent member in Directory Manager and in the provider. - Temporary Removed – Indicates that the object is temporarily removed from group membership for the period specified in the Beginning and Ending boxes. At the end of the period, the object is added back to the group membership as a permanent member. When the object is a perpetual member, the Membership column is blank. Click anywhere in the row to make it editable for changing the membership type of the group member. NOTE: You cannot change the membership type when the member object is a group. | +| Beginning | Displays the beginning date of the temporary addition or removal. | +| Ending | Shows the ending date of the temporary addition or removal. | + +The Membership Life Cycle job updates the temporary membership of groups. It adds and removes +temporary members from group membership on the specified dates. + +Consider a scenario where the Membership Life Cycle job is scheduled to run once a week, say +Mondays. If an object is to be added to group membership for three days - Wednesday till Friday, it +will not be added. This happens because the Membership Life Cycle job did not run on the particular +days for temporary membership update. + +After adding members, click **Next**. diff --git a/docs/directorymanager/11.1/portal/group/create/activedirectory/owners.md b/docs/directorymanager/11.1/welcome/group/create/group/owners.md similarity index 97% rename from docs/directorymanager/11.1/portal/group/create/activedirectory/owners.md rename to docs/directorymanager/11.1/welcome/group/create/group/owners.md index ddcbaeaa11..6b63598e15 100644 --- a/docs/directorymanager/11.1/portal/group/create/activedirectory/owners.md +++ b/docs/directorymanager/11.1/welcome/group/create/group/owners.md @@ -1,3 +1,9 @@ +--- +title: "Owners page" +description: "Owners page" +sidebar_position: 30 +--- + # Owners page You can manage the primary and additional owners for the group. Additional owners have the same @@ -9,7 +15,7 @@ group, all its members are considered as owners. - The **Owner** box displays your name as the primary owner of the group. To change the primary owner, click **Browse** next to the **Owner** box to launch the - [Find Dialog Box](/docs/directorymanager/11.1/portal/search/find.md), where you can search and select a primary owner. + [Find Dialog Box](/docs/directorymanager/11.1/welcome/generalfeatures/find.md), where you can search and select a primary owner. - If the administrator has not enforced the selection of a primary owner (see Role policies), you can also remove the primary owner. Click the **Remove** button next to the **Owner** box to remove @@ -17,11 +23,11 @@ group, all its members are considered as owners. - To specify additional owner(s) for the group, click **Add**. Enter a search string to locate the object to add as an additional owner, or click **Advance** - to use the [Find Dialog Box](/docs/directorymanager/11.1/portal/search/find.md) for performing a search. + to use the [Find Dialog Box](/docs/directorymanager/11.1/welcome/generalfeatures/find.md) for performing a search. - You can also specify additional owners for the group using an external file. Click **Import** to launch the **Import Additional Owners** wizard for importing additional owners. See - [Import Additional Owners](/docs/directorymanager/11.1/portal/group/properties/importadditionalowners.md) for further information and + [Import Additional Owners](/docs/directorymanager/11.1/welcome/group/properties/importadditionalowners.md) for further information and instructions. - To remove an object from the additional owners list, select it and click **Remove**. diff --git a/docs/directorymanager/11.1/welcome/group/create/group/smartgroup.md b/docs/directorymanager/11.1/welcome/group/create/group/smartgroup.md new file mode 100644 index 0000000000..580753d9e0 --- /dev/null +++ b/docs/directorymanager/11.1/welcome/group/create/group/smartgroup.md @@ -0,0 +1,47 @@ +--- +title: "Smart Group page" +description: "Smart Group page" +sidebar_position: 40 +--- + +# Smart Group page + +This page displays the default query for the Smart Group; however, you can modify it. The group’s +membership is updated with the records fetched by the query. + +- The **Container(s)** area displays the domain or containers the query will run on. +- **Object Types**: Lists the object types the query will fetch. +- The **Server** and **Storage** areas are displayed if the query only fetches messaging system + recipients. These areas display the server and storage for the query to fetch the records from. + +In an Active Directory identity store, the default query returns the following: + +- If a messaging provider is configured for the identity store, the default query returns messaging + system recipients (users with mailboxes, users with external email addresses, and contacts with + external email addresses). +- Without a messaging provider, the default query returns all users, contacts and groups in the + identity store. + +In a Microsoft Entra ID identity store, the default query returns the following: + +- If a messaging provider is configured for the identity store, the default query returns messaging + system recipients (users with mailboxes and users with external email addresses). +- Without a messaging provider, the default query returns all users and groups. For an Office 365 + group, however, only user objects are added to group membership. + +You can do the following: + +Step 1 – To modify the query, click the **Query Designer** button. This launches the +[Query Designer](/docs/directorymanager/11.1/welcome/group/querydesigner/overview.md) dialog box, where you can modify the query. + +Step 2 – You can also associate a Smart Group Update job with the group; this is a scheduled job +that updates the group’s membership when it runs. + +From the **Scheduled Job** list, select a Smart Group Update job to associate with the group. + +This list contains Smart Group Update jobs defined in the identity store. + +NOTE: If the administrator has enforced the job selection option, you cannot proceed unless you +select a scheduled job for this group. + +Step 3 – Click **Next**. diff --git a/docs/directorymanager/11.1/welcome/group/create/grouptype.md b/docs/directorymanager/11.1/welcome/group/create/grouptype.md new file mode 100644 index 0000000000..83f8c6978a --- /dev/null +++ b/docs/directorymanager/11.1/welcome/group/create/grouptype.md @@ -0,0 +1,17 @@ +--- +title: "Group Type page" +description: "Group Type page" +sidebar_position: 10 +--- + +# Group Type page + +Select the type of group you want to create and click **Next**. Options are: + +- [Create a Static Group](/docs/directorymanager/11.1/welcome/group/create/group/group.md#create-a-static-group) +- [Create a Smart Group](/docs/directorymanager/11.1/welcome/group/create/group/group.md#create-a-smart-group) +- [Create a Password Expiry Group](/docs/directorymanager/11.1/welcome/group/create/group/group.md#create-a-password-expiry-group) (not + supported in Microsoft Entra ID) +- [Create a Dynasty using the Organizational/Geographical/Custom template](/docs/directorymanager/11.1/welcome/group/dynasty/createdynasty/createdynasty.md#create-a-dynasty-using-the-organizationalgeographicalcustom-template) +- [Create a Dynasty using the Managerial template](/docs/directorymanager/11.1/welcome/group/dynasty/createdynasty/createdynasty.md#create-a-dynasty-using-the-managerial-template) +- [Create Teams](/docs/directorymanager/11.1/welcome/group/create/create.md) (for Microsoft Entra ID only) diff --git a/docs/directorymanager/11.1/welcome/group/create/overview.md b/docs/directorymanager/11.1/welcome/group/create/overview.md new file mode 100644 index 0000000000..6d7b2d281b --- /dev/null +++ b/docs/directorymanager/11.1/welcome/group/create/overview.md @@ -0,0 +1,33 @@ +--- +title: "Groups" +description: "Groups" +sidebar_position: 10 +--- + +# Groups + +Using Directory Manager portal, you can create: + +- An unmanaged group or a static group. + + - A static group is a group you would normally create in a directory (for example, by using the + Active Directory Users and Computers snap-in). Though such groups can be created using + Directory Manager portal, Directory Manager does not support dynamic updates to them. Any + changes to the membership have to be updated manually. + +- A managed group or a Smart Group or a Dynasty. + + - A Smart Group (normal Smart Group and Smart Group with a password expiry condition) + + A Smart Group is one that dynamically maintains its membership based on rules. These rules + are applied in the form of a user-defined query, such as an LDAP query. This query is + defined once and scheduled for membership update using a Smart Group Update job. When the + Smart Group update job runs, it applies the defined rules to update the group's memberships. + + In this way, Smart Groups are automatically updated whenever the directory information + changes. This automated group management allows administrators to easily maintain large + distribution lists and security groups without having to manually add or remove members. + + - A Dynasty is a Smart Group that creates and manages other Smart Groups using information in + the directory. Dynasties help you manage large distribution lists by creating hierarchical + group structures that represent your organization’s hierarchy. diff --git a/docs/directorymanager/11.1/welcome/group/dynasty/_category_.json b/docs/directorymanager/11.1/welcome/group/dynasty/_category_.json new file mode 100644 index 0000000000..ba1fa4ad6f --- /dev/null +++ b/docs/directorymanager/11.1/welcome/group/dynasty/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Dynasty", + "position": 20, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/directorymanager/11.1/welcome/group/dynasty/createdynasty/_category_.json b/docs/directorymanager/11.1/welcome/group/dynasty/createdynasty/_category_.json new file mode 100644 index 0000000000..5c7410e758 --- /dev/null +++ b/docs/directorymanager/11.1/welcome/group/dynasty/createdynasty/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Create an Active Directory Dynasty", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "createdynasty" + } +} \ No newline at end of file diff --git a/docs/directorymanager/11.1/welcome/group/dynasty/createdynasty/createdynasty.md b/docs/directorymanager/11.1/welcome/group/dynasty/createdynasty/createdynasty.md new file mode 100644 index 0000000000..7c8bbd7cbe --- /dev/null +++ b/docs/directorymanager/11.1/welcome/group/dynasty/createdynasty/createdynasty.md @@ -0,0 +1,152 @@ +--- +title: "Create an Active Directory Dynasty" +description: "Create an Active Directory Dynasty" +sidebar_position: 10 +--- + +# Create an Active Directory Dynasty + +The Directory Manager portal provides the following templates for creating Dynasties: + +- **Organizational:** To create a Smart Group for every distinct company, then for each department + within a company, and finally for each title in a department. +- **Geographical:** To create a Smart Group for every distinct country, then for each state within a + country, and finally for each city within a state. +- **Managerial:** To either create separate Smart Groups for the direct reports of each manager or + add all direct reports of the top manager and sub-level managers to a single group. +- **Custom:** To begin with a blank Dynasty and select your own group-by attributes. + +These templates provide pre-defined grouping attributes for creating Dynasty levels. You can define +custom group-by attributes to expand the Dynasty levels to suit your organizational model. You can +also combine an external data source with the templates to provide extended criteria for determining +group membership. + +NOTE: Settings related to Dynasty membership are configured at the identity store level. + +NOTE: Do not move a Dynasty from one domain to another. Child Dynasties would get orphaned and +subsequently deleted. + +NOTE: You cannot create mail-enabled Dynasties of the Office 365 group type in a Microsoft Entra ID +based identity store, since an Office 365 group cannot have groups as its members. Only non +mail-enabled Dynasties of the security group type are supported. + +Naming conventions for Child Dynasties + +Dynasty names help you group a parent Dynasty with its respective child Dynasties. + +- For an Organizational/Geographical/Custom Dynasty: + + The name of a child Dynasty starts with the name of its parent Dynasty (unless you change the + naming template for Dynasty children). + +- For a Managerial Dynasty: + + By default, the naming template for its child Dynasties starts with "Direct reports of + `manager`". + +To modify the display name template for child Dynasties, see +[Modify alias and display name templates](/docs/directorymanager/11.1/welcome/group/workingwithgroups/dynastyfunction.md#modify-alias-and-display-name-templates). + +NOTE: In the Dynasty creation/update process, a child Dynasty will not be created if it bears the +same name as that of an existing object in the directory. For example, when you create a custom +Dynasty, test1, on one attribute, SamAccountName, it’s child Dynasties would be named as +test1-Robert, test1-John, and so on. However, if test1-Robert already exists as a user object, +Directory Manager will skip the test1-Robert child Dynasty and continue to create the rest of the +Dynasty. + +## Create a Dynasty using the Organizational/Geographical/Custom template + +Follow the steps to create a dynasty using the the Organizational/Geographical/Custom template. + +1. In the Directory Managerbportal, click the **Create New** button in the left pane and select + **Group**. + + The **Create Group** wizard opens to the **Group Type** page. + + NOTE: Pages and fields on the wizard may vary, since the administrator can customize the wizard + by adding or removing pages and fields. + +2. On the [Group Type page](/docs/directorymanager/11.1/welcome/group/create/grouptype.md), select the **Organizational Dynasty**, + **Geographical Dynasty**, or **Custom Dynasty** option button and click **Next**. +3. On the [General page](/docs/directorymanager/11.1/welcome/group/create/group/general.md), specify basic information about + the Dynasty. +4. On the [Dynasty Options page](/docs/directorymanager/11.1/welcome/group/dynasty/createdynasty/dynastyoptionsorggeocus.md), view or change the attributes in + the **Attributes** area and click **Next**. + + Dynasties create Smart Groups for each distinct value of each listed attribute. Depending on the + Dynasty template selected, the **Attributes** area displays the list of default attributes for + the template; however, you can add and remove attributes. For the Custom template, no attribute + is displayed. + +5. The [Query Designer](/docs/directorymanager/11.1/welcome/group/querydesigner/overview.md) page displays the default query that + Directory Manager will use to determine the Dynasty membership. The default query returns all + users with Exchange mailboxes, along with users and contacts with external email addresses, which + are then grouped by the specified group-by attributes. + + Review the query for selecting the group members, then click **Next**. + + For details, see the [ Smart Group page](/docs/directorymanager/11.1/welcome/group/create/group/smartgroup.md). + +6. On the [Owners page](/docs/directorymanager/11.1/welcome/group/create/group/owners.md), specify primary and additional + owners for the Dynasty. + + NOTE: (1) Additional owners are only set for the parent and are not inherited by child Dynasties + during update. + (2) When a Smart Group Update job runs on a group, the notification behavior is as follows: + Even when the **Do not Notify** check box is selected, the additional owner will receive the + notifications if the administrator has included its email address for job-specific + notifications. + +7. On the [Summary Page](/docs/directorymanager/11.1/welcome/user/create/activedirectory/summary.md), review the settings and + then click Finish to complete the wizard. + +## Create a Dynasty using the Managerial template + +Follow the steps to create a Dynasty using the Managerial template. + +1. In the Directory Manager portal, click the **Create New** button in the left pane and select + **Group**. + + The **Create Group** wizard opens to the **Group Type** page. + + NOTE: Pages and fields on the wizard may vary, since the administrator can customize the wizard + by adding or removing pages and fields. + +2. On the [Group Type page](/docs/directorymanager/11.1/welcome/group/create/grouptype.md), select the **Managerial Dynasty** option + button and click **Next**. +3. On the [General page](/docs/directorymanager/11.1/welcome/group/create/group/general.md), specify basic information about + the Dynasty. +4. On the [Dynasty Options page (Managerial Dynasty)](/docs/directorymanager/11.1/welcome/group/dynasty/createdynasty/dynastyoptionsmanagerial.md), specify a + structure for the Dynasty and click **Next**. + + By default, Directory Manager constructs a managerial Dynasty structure by first creating a + Smart Group for all direct reports of the selected top-level manager and then continues down the + Dynasty structure, creating separate Smart Groups for the direct reports to each sub-level + manager. However, you can choose to create a single Smart Group for the direct reports of all + levels of managers rather than creating separate groups. + +5. The [Query Designer](/docs/directorymanager/11.1/welcome/group/querydesigner/overview.md) page displays the default query that + Directory Manager will use to determine the Dynasty membership. This query returns all users with + Exchange mailboxes, along with users and contacts with external email addresses, which are then + grouped as per the managerial Dynasty structure. + + Review the query for selecting the group members, then click **Next.** + + For details, see the [ Smart Group page](/docs/directorymanager/11.1/welcome/group/create/group/smartgroup.md). + +6. On the [Owners page](/docs/directorymanager/11.1/welcome/group/create/group/owners.md), specify primary and additional + owners for the Dynasty. + + NOTE: (1) Additional owners are only set for the parent and are not inherited by child Dynasties + during update. + (2) When a Smart Group Update job runs on a group, the notification behavior is as follows: + Even when the **Do not Notify** check box is selected, the additional owner will receive the + notifications if the administrator has included its email address for job-specific + notifications. + (3) If you have selected the **Set Manager as owner** option on the **Dynasty Options** page, + the top manager would be displayed as the primary owner instead of the logged-in user. + In case you change the owner, the new recipient would be the Dynasty’s primary owner even if + the **Set Manager as owner** check box is selected. + +7. On the [Summary Page](/docs/directorymanager/11.1/welcome/user/create/activedirectory/summary.md), review the settings and + then click Finish to complete the wizard. diff --git a/docs/directorymanager/11.1/welcome/group/dynasty/createdynasty/createdynasty_1.md b/docs/directorymanager/11.1/welcome/group/dynasty/createdynasty/createdynasty_1.md new file mode 100644 index 0000000000..0a75303237 --- /dev/null +++ b/docs/directorymanager/11.1/welcome/group/dynasty/createdynasty/createdynasty_1.md @@ -0,0 +1,154 @@ +--- +title: "Create a Microsoft Entra ID Dynasty" +description: "Create a Microsoft Entra ID Dynasty" +sidebar_position: 20 +--- + +# Create a Microsoft Entra ID Dynasty + +The Directory Manager portal provides the following templates for creating Dynasties: + +- Organizational – To create a Smart Group for every distinct company, then for each department + within a company, and finally for each title in a department. +- Geographical – To create a Smart Group for every distinct country, then for each state within a + country, and finally for each city within a state. +- Managerial – To either create separate Smart Groups for the direct reports of each manager or add + all direct reports of the top manager and sub-level managers to a single group. +- Custom – To begin with a blank Dynasty and select your own group-by attributes. + +These templates provide pre-defined grouping attributes for creating Dynasty levels. You can define +custom group-by attributes to expand the Dynasty levels to suit your organizational model. You can +also combine an external data source with the templates to provide extended criteria for determining +group membership. + +NOTE: Settings related to Dynasty membership are configured at the identity store level. + +NOTE: Do not move a Dynasty from one domain to another. Child Dynasties would get orphaned and +subsequently deleted. + +NOTE: You cannot create mail-enabled Dynasties of the Office 365 group type in a Microsoft Entra ID +based identity store, since an Office 365 group cannot have groups as its members. Only non +mail-enabled Dynasties of the security group type are supported. + +**Naming conventions for Child Dynasties** + +Dynasty names help you group a parent Dynasty with its respective child Dynasties. + +- For an Organizational/Geographical/Custom Dynasty: + + The name of a child Dynasty starts with the name of its parent Dynasty (unless you change the + naming template for Dynasty children). + +- For a Managerial Dynasty: + + By default, the naming template for its child Dynasties starts with "Direct reports of + `manager`". + +To modify the display name template for child Dynasties, see +[Modify alias and display name templates](/docs/directorymanager/11.1/welcome/group/workingwithgroups/dynastyfunction.md#modify-alias-and-display-name-templates)topic +for additional information. + +NOTE: In the Dynasty creation/update process, a child Dynasty will not be created if it bears the +same name as that of an existing object in the directory. For example, when you create a custom +Dynasty, test1, on one attribute, SamAccountName, it’s child Dynasties would be named as +test1-Robert, test1-John, and so on. However, if test1-Robert already exists as a user object, +Directory Manager will skip the test1-Robert child Dynasty and continue to create the rest of the +Dynasty. + +## Create a Dynasty using the Organization/Geographical/Custom template + +Follow the steps to create a dynasty using the Organization/Geographical/Custom template. + +1. In the Directory Manager portal, click the **Create New** button in the left pane and select + **Group**. + + The **Create Group** wizard opens to the **Group Type** page. + + NOTE: Pages and fields on the wizard may vary, since the administrator can customize the wizard + by adding or removing pages and fields. + +2. On the [Group Type page](/docs/directorymanager/11.1/welcome/group/create/grouptype.md), select the **Organizational Dynasty**, + **Geographical Dynasty**, or **Custom Dynasty** option button and click **Next**. +3. On the [General - Microsoft Entra ID](/docs/directorymanager/11.1/welcome/group/dynasty/createdynasty/general.md)page, specify basic information about the + Dynasty. +4. On the [Dynasty Options page](/docs/directorymanager/11.1/welcome/group/dynasty/createdynasty/dynastyoptionsorggeocus.md), view or change the attributes in + the **Attributes** area and click **Next**. + + Dynasties create Smart Groups for each distinct value of each listed attribute. Depending on the + Dynasty template selected, the **Attributes** area displays the list of default attributes for + the template; however, you can add and remove attributes. For the Custom template, no attribute + is displayed. + +5. The [Query Designer](/docs/directorymanager/11.1/welcome/group/querydesigner/overview.md) page displays the default query that + Directory Manager will use to determine the Dynasty membership. The default query returns all + users with Exchange mailboxes, along with users and contacts with external email addresses, which + are then grouped by the specified group-by attributes. + + Review the query for selecting the group members, then click **Next**. + + For details, see the [ Smart Group page](/docs/directorymanager/11.1/welcome/group/create/group/smartgroup.md). + +6. On the [Owners page](/docs/directorymanager/11.1/welcome/group/create/group/owners.md), specify primary and additional + owners for the Dynasty. + + NOTE: (1) Additional owners are only set for the parent and are not inherited by child Dynasties + during update. + (2) When a Smart Group Update job runs on a group, the notification behavior is as follows: + Even when the **Do not Notify** check box is selected, the additional owner will receive the + notifications if the administrator has included its email address for job-specific + notifications. + +7. On the [Summary Page](/docs/directorymanager/11.1/welcome/user/create/activedirectory/summary.md), review the settings and + then click **Finish** to complete the wizard. + +## Create a Dynasty using the Managerial template + +Follow the steps to create a dynasty using the Managerial template. + +1. In the Directory Manager portal, click the **Create New** button in the left pane and select + **Group**. + + The **Create Group** wizard opens to the **Group Type** page. + + NOTE: Pages and fields on the wizard may vary, since the administrator can customize the wizard + by adding or removing pages and fields. + +2. On the [Group Type page](/docs/directorymanager/11.1/welcome/group/create/grouptype.md), select the **Managerial Dynasty** option + button and click **Next**. +3. On the [General - Microsoft Entra ID](/docs/directorymanager/11.1/welcome/group/dynasty/createdynasty/general.md)page, specify basic information about the + Dynasty. +4. On the [Dynasty Options page (Managerial Dynasty)](/docs/directorymanager/11.1/welcome/group/dynasty/createdynasty/dynastyoptionsmanagerial.md), specify a + structure for the Dynasty and click **Next**. + + By default, Directory Manager constructs a managerial Dynasty structure by first creating a + Smart Group for all direct reports of the selected top-level manager and then continues down the + Dynasty structure, creating separate Smart Groups for the direct reports to each sub-level + manager. However, you can choose to create a single Smart Group for the direct reports of all + levels of managers rather than creating separate groups. + +5. The [Query Designer](/docs/directorymanager/11.1/welcome/group/querydesigner/overview.md) page displays the default query that + Directory Manager will use to determine the Dynasty membership. This query returns all users with + Exchange mailboxes, along with users and contacts with external email addresses, which are then + grouped as per the managerial Dynasty structure. + + Review the query for selecting the group members, then click **Next**. + + For details, see the [ Smart Group page](/docs/directorymanager/11.1/welcome/group/create/group/smartgroup.md) topic for + additional information. + +6. On the [Owners page](/docs/directorymanager/11.1/welcome/group/create/group/owners.md), specify primary and additional + owners for the Dynasty. + + NOTE: (1) Additional owners are only set for the parent and are not inherited by child Dynasties + during update. + (2) When a Smart Group Update job runs on a group, the notification behavior is as follows: + Even when the **Do not Notify** check box is selected, the additional owner will receive the + notifications if the administrator has included its email address for job-specific + notifications. + (3) If you have selected the **Set Manager as owner** option on the **Dynasty Options** page, + the top manager would be displayed as the primary owner instead of the logged-in user. + In case you change the owner, the new recipient would be the Dynasty’s primary owner even if + the **Set Manager as owner** check box is selected. + +7. On the [Summary Page](/docs/directorymanager/11.1/welcome/user/create/activedirectory/summary.md), review the settings and + then click **Finish** to complete the wizard. diff --git a/docs/directorymanager/11.1/portal/group/dynasty/dynastyoptionsmanagerial.md b/docs/directorymanager/11.1/welcome/group/dynasty/createdynasty/dynastyoptionsmanagerial.md similarity index 96% rename from docs/directorymanager/11.1/portal/group/dynasty/dynastyoptionsmanagerial.md rename to docs/directorymanager/11.1/welcome/group/dynasty/createdynasty/dynastyoptionsmanagerial.md index 11bd3b736d..ad06ea06b8 100644 --- a/docs/directorymanager/11.1/portal/group/dynasty/dynastyoptionsmanagerial.md +++ b/docs/directorymanager/11.1/welcome/group/dynasty/createdynasty/dynastyoptionsmanagerial.md @@ -1,3 +1,9 @@ +--- +title: "Dynasty Options page (Managerial Dynasty)" +description: "Dynasty Options page (Managerial Dynasty)" +sidebar_position: 10 +--- + # Dynasty Options page (Managerial Dynasty) On the **Dynasty Options** page, select whether you want to create separate Smart Groups for the @@ -10,7 +16,7 @@ On the Dynasty Options page: 1. Use the **Top Manager** field to specify the top-level manager, and thus, the start location for the Dynasty. - Click the ellipsis button and use the [Find Dialog Box](/docs/directorymanager/11.1/portal/search/find.md) to select a top + Click the ellipsis button and use the [Find Dialog Box](/docs/directorymanager/11.1/welcome/generalfeatures/find.md) to select a top manager. 2. Select an option from **Dynasty Type** to specify the type of managerial Dynasty you want to @@ -89,7 +95,7 @@ On the Dynasty Options page: Members: April - On the [Query Designer](/docs/directorymanager/11.1/portal/group/querydesigner/overview.md) page, you can also specify a criterion + On the [Query Designer](/docs/directorymanager/11.1/welcome/group/querydesigner/overview.md) page, you can also specify a criterion to filter the managers for whom you want to create child groups in the Dynasty. 3. Select the **Include manager as member** check box to include the manager as a member of their diff --git a/docs/directorymanager/11.1/portal/group/dynasty/dynastyoptionsorggeocus.md b/docs/directorymanager/11.1/welcome/group/dynasty/createdynasty/dynastyoptionsorggeocus.md similarity index 97% rename from docs/directorymanager/11.1/portal/group/dynasty/dynastyoptionsorggeocus.md rename to docs/directorymanager/11.1/welcome/group/dynasty/createdynasty/dynastyoptionsorggeocus.md index cd4677f1db..e9f5ffcda3 100644 --- a/docs/directorymanager/11.1/portal/group/dynasty/dynastyoptionsorggeocus.md +++ b/docs/directorymanager/11.1/welcome/group/dynasty/createdynasty/dynastyoptionsorggeocus.md @@ -1,3 +1,9 @@ +--- +title: "Dynasty Options page" +description: "Dynasty Options page" +sidebar_position: 20 +--- + # Dynasty Options page Dynasties create Smart Groups for each distinct value of each attribute listed in the **Attributes** diff --git a/docs/directorymanager/11.1/welcome/group/dynasty/createdynasty/general.md b/docs/directorymanager/11.1/welcome/group/dynasty/createdynasty/general.md new file mode 100644 index 0000000000..2f72955e50 --- /dev/null +++ b/docs/directorymanager/11.1/welcome/group/dynasty/createdynasty/general.md @@ -0,0 +1,42 @@ +--- +title: "General - Microsoft Entra ID" +description: "General - Microsoft Entra ID" +sidebar_position: 10 +--- + +# General - Microsoft Entra ID + +Use this page to specify basic information about the group. + +1. Click **Browse** next to the **Container** box to select or create the container or + organizational unit to create the group in and click **OK**. + + If you want to create a container, click **Create** and then add container to create the group + in. Click **Refresh** to remove the changes. + + This field will be read-only if the administrator has predefined a container for creating new + groups. + +2. In the **Group Name** box, provide a name for the group by selecting a prefix and then entering a + name for the group. + + NOTE: The prefix box is displayed if the administrator has defined the prefixes. See the + [Group Name Prefixes](/docs/directorymanager/11.1/signin/identitystore/configure/prefixes.md) + topic. + These prefixes, when appended to group names, help standardize the group naming convention + across the enterprise. + +3. In the **Security** list, select a security type for the group. +4. Set the group type by selecting an option for **Group Type**. + + - **Security** - this group will be used for securing public folders, printers and other network + resources. + - **Distribution** - this group will only be used for email distribution. + - **Teams** - this groups is used for manage Microsoft Teams and their associated channels. + - **Microsoft 365** - this group will be used to select a set of people to collaborate and use a + collection of resources. + + NOTE: If the administrator has predefined a group type, you cannot change it. + +5. Enter a description for the group in the **Description** box. +6. Click **Next**. diff --git a/docs/directorymanager/11.1/welcome/group/dynasty/overview.md b/docs/directorymanager/11.1/welcome/group/dynasty/overview.md new file mode 100644 index 0000000000..2bd8e96f33 --- /dev/null +++ b/docs/directorymanager/11.1/welcome/group/dynasty/overview.md @@ -0,0 +1,67 @@ +--- +title: "Dynasty" +description: "Dynasty" +sidebar_position: 20 +--- + +# Dynasty + +A Dynasty is a Smart Group that creates and manages other Smart Groups using information in the +directory. Dynasties help you manage large distribution lists by creating hierarchical group +structures that represent your organization. The Smart Groups that the Dynasty creates are called +child groups and become members of their respective parent Dynasty. + +A Dynasty retrieves data from the directory on the same pattern as a Smart Group does, but it has +its own mechanism of dividing the query results into child groups. + +## The group-by field determines child groups + +When you create a Dynasty, you specify a query and a field, referred to as the _group-by_ field. The +group-by field is used to divide the query results into groups. + +For example, if you set ‘department’ as the group-by field, then each distinct value for the +‘department’ field is returned, for instance, Sales, Marketing, and Human Resources. Thus, a Dynasty +with the group-by field set to ‘department’ creates child groups for each distinct value: Sales, +Marketing, and Human Resources. + +## Built-in updates + +Directory Manager keeps the Dynasty active in two ways: + +- By adding new child groups as new values are returned for the group-by field. +- By removing existing child groups as previous values of the group-by field no longer exist in the + directory. + +Thus, as new values of the ‘department’ field appear, new groups are created, and as old values +disappear, the corresponding child groups are deleted. + +The same process occurs with the membership of each child group. When a user’s department changes +from Sales to Marketing, for example, the user is removed from the Sales child group and added to +the Marketing child group. + +## The child-parent relationship + +Dynasty children inherit their parent's characteristics and properties, such as group type, group +security, expiry policy, owner, delivery restrictions, message size restrictions and more. +Inheritance saves administrators incalculable time through the systematic application of pre-defined +properties to new groups. + +You can modify the values of all inherited attributes for a child, except the expiry policy. Child +Dynasties always inherit the expiry policy from the parent Dynasty and it can only be modified at +the parent level. + +Depending on the inheritance option selected for the parent Dynasty on the +[Group properties - Dynasty Options tab](/docs/directorymanager/11.1/welcome/group/properties/dynastyoptions.md) in group properties, the +modified values of inherited attributes may or may not persist. + +## Multi-level Structure + +Dynasties have a multi-level structure. For example, you can create a Dynasty that groups first by +country, then state, and then city. When updated, the Dynasty creates a group for every country, +then it creates a group for every state in a country, and finally it creates a group for each city +within each state. Thus, each user in the organization belongs to a country group, a state group, +and a city group, and as the groups are updated through their multi-level structure, you do not need +to worry that they will go out-of-date. + +Dynasties come in handy for creating and maintaining large dynamic distribution lists in your +organization. diff --git a/docs/directorymanager/11.1/welcome/group/mygroups/_category_.json b/docs/directorymanager/11.1/welcome/group/mygroups/_category_.json new file mode 100644 index 0000000000..314ee5b98d --- /dev/null +++ b/docs/directorymanager/11.1/welcome/group/mygroups/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "My Groups", + "position": 50, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "mygroups" + } +} \ No newline at end of file diff --git a/docs/directorymanager/11.1/welcome/group/mygroups/mydeletedgroups.md b/docs/directorymanager/11.1/welcome/group/mygroups/mydeletedgroups.md new file mode 100644 index 0000000000..fe1cf77167 --- /dev/null +++ b/docs/directorymanager/11.1/welcome/group/mygroups/mydeletedgroups.md @@ -0,0 +1,18 @@ +--- +title: "My Deleted Groups" +description: "My Deleted Groups" +sidebar_position: 40 +--- + +# My Deleted Groups + +To view a list of deleted groups, click **Groups** on the left navigation pane and select **My +Groups**. On the My Groups page, click the **My Deleted Groups** tab. + +The **My Deleted Groups** tab lists the deleted groups that you are the primary owner for. To +include the groups for which you are an additional owner, select the **Display additional group +ownership in My Deleted Groups** check box on the [Portal Settings](/docs/directorymanager/11.1/welcome/generalfeatures/portal.md) panel. + +You can [Modify Search Directory](/docs/directorymanager/11.1/welcome/group/allgroups/allgroups.md#modify-search-directory) to search deleted groups and +add [Filter All Groups](/docs/directorymanager/11.1/welcome/group/allgroups/allgroups.md#filter-all-groups)by clicking **My Deleted Groups Grid +Filters**. All your deleted groups matching the filters will be displayed. diff --git a/docs/directorymanager/11.1/welcome/group/mygroups/mydynasties.md b/docs/directorymanager/11.1/welcome/group/mygroups/mydynasties.md new file mode 100644 index 0000000000..41dca3176b --- /dev/null +++ b/docs/directorymanager/11.1/welcome/group/mygroups/mydynasties.md @@ -0,0 +1,15 @@ +--- +title: "My Dynasties" +description: "My Dynasties" +sidebar_position: 60 +--- + +# My Dynasties + +This page lists the Dynasties you are the primary owner of. To include the groups for which you are +an additional owner, select the **Display additional group ownership in My Dynasties** check box on +the [Portal Settings](/docs/directorymanager/11.1/welcome/generalfeatures/portal.md) panel. + +You can [Modify Search Directory](/docs/directorymanager/11.1/welcome/group/allgroups/allgroups.md#modify-search-directory) to search dynasties and add +[Filter All Groups](/docs/directorymanager/11.1/welcome/group/allgroups/allgroups.md#filter-all-groups)by clicking **My Dynasties Grid Filters**. All +the dynasties matching the filters will be displayed. diff --git a/docs/directorymanager/11.1/welcome/group/mygroups/myexpiredgroups.md b/docs/directorymanager/11.1/welcome/group/mygroups/myexpiredgroups.md new file mode 100644 index 0000000000..ce2c39130e --- /dev/null +++ b/docs/directorymanager/11.1/welcome/group/mygroups/myexpiredgroups.md @@ -0,0 +1,36 @@ +--- +title: "My Expired Groups" +description: "My Expired Groups" +sidebar_position: 20 +--- + +# My Expired Groups + +To view a list of your expired groups in the identity store, click **Groups** on the left navigation +pane and select **My Groups**. On the My Groups page, click the **My Expired Groups** tab. + +The following events occur when a group expires: + +- The group becomes inactive and is locked for all activities. +- "EXPIRED\_" is added as a prefix to the group name. +- A mail-enabled distribution group is mail-disabled, which means that any emails sent to the group + are bounced back with an expiry message. +- For an Office 365 group, its member list is backed up in the database and cleared from Office 365. +- For a security group, its member list is cleared and any permissions set for that group no longer + apply. However Directory Manager keeps a backup of its membership in the database. + +All groups that are expired by the Group Lifecycle job are available on the **My Expired Groups** +page. Moreover, when you manually expire a group that has an expiry policy other than ‘Never +expire’, it is also moved to this page. + +The Group Lifecycle job is responsible for logically deleting expired groups, but you can also +physically delete a group. See the [ Group Deletion](/docs/directorymanager/11.1/welcome/group/workingwithgroups/groupdeletion.md) topic for additional +information. + +By default, the **My Expired Groups** tab lists the groups that you are the primary owner for. To +include the groups for which you are an additional owner, select the **Display additional group +ownership in My Expired Groups** check box on the [Portal Settings](/docs/directorymanager/11.1/welcome/generalfeatures/portal.md) panel. + +You can [Modify Search Directory](/docs/directorymanager/11.1/welcome/group/allgroups/allgroups.md#modify-search-directory) to search expired groups and +add [Filter All Groups](/docs/directorymanager/11.1/welcome/group/allgroups/allgroups.md#filter-all-groups)by clicking **My Expired Group Grid +Filters**. All the expired groups matching the filters will be displayed. diff --git a/docs/directorymanager/11.1/welcome/group/mygroups/myexpiringgroups.md b/docs/directorymanager/11.1/welcome/group/mygroups/myexpiringgroups.md new file mode 100644 index 0000000000..bca4a9da15 --- /dev/null +++ b/docs/directorymanager/11.1/welcome/group/mygroups/myexpiringgroups.md @@ -0,0 +1,23 @@ +--- +title: "My Expiring Groups" +description: "My Expiring Groups" +sidebar_position: 30 +--- + +# My Expiring Groups + +To view a list of your expiring groups, click **Groups** on the left navigation pane and select **My +Groups**. On the My Groups page, click the **My Expiring Groups** tab. + +Groups that will expire in 30 days or less are considered as expiring groups. The expiry date is +calculated from a group’s expiry policy. The Group Life Cycle job is responsible for expiring these +groups on their respective expiry dates; however, you can also manually expire a group before it +reaches the expiry date. + +By default, the tab lists the groups that you are the primary owner for. To include the groups for +which you are an additional owner, select the **Display additional group ownership in My Expiring +Groups** check box on the [Portal Settings](/docs/directorymanager/11.1/welcome/generalfeatures/portal.md) panel. + +You can [Modify Search Directory](/docs/directorymanager/11.1/welcome/group/allgroups/allgroups.md#modify-search-directory) to search expiring groups +and add [Filter All Groups](/docs/directorymanager/11.1/welcome/group/allgroups/allgroups.md#filter-all-groups)by clicking **My Expiring Group Grid +Filters**. All the expiring groups matching the filters will be displayed. diff --git a/docs/directorymanager/11.1/welcome/group/mygroups/mygroups.md b/docs/directorymanager/11.1/welcome/group/mygroups/mygroups.md new file mode 100644 index 0000000000..772ec952a3 --- /dev/null +++ b/docs/directorymanager/11.1/welcome/group/mygroups/mygroups.md @@ -0,0 +1,123 @@ +--- +title: "My Groups" +description: "My Groups" +sidebar_position: 50 +--- + +# My Groups + +To view and manage the groups that you own in the identity store, click **Groups** on the left +navigation pane and select **My Groups**. This page lists all your active groups: + +- [My Memberships](/docs/directorymanager/11.1/welcome/group/mygroups/mymemberships.md) +- [My Expired Groups](/docs/directorymanager/11.1/welcome/group/mygroups/myexpiredgroups.md) +- [My Expiring Groups](/docs/directorymanager/11.1/welcome/group/mygroups/myexpiringgroups.md) +- [My Deleted Groups](/docs/directorymanager/11.1/welcome/group/mygroups/mydeletedgroups.md) +- [My Smart Groups](/docs/directorymanager/11.1/welcome/group/mygroups/mysmartgroups.md) +- [My Dynasties](/docs/directorymanager/11.1/welcome/group/mygroups/mydynasties.md) +- [My Teams](/docs/directorymanager/11.1/welcome/group/mygroups/myteams.md) (for Microsoft Entra ID based identity store) + +By default, the **My Groups** tab displays the groups that you are the primary owner for. To include +the groups for which you are an additional owner, select the **Display additional group ownership in +My Groups** check box on the [Portal Settings](/docs/directorymanager/11.1/welcome/generalfeatures/portal.md) panel. This tab lists active +groups only; expired and deleted groups are not displayed. + +You can [Modify Search Directory](/docs/directorymanager/11.1/welcome/group/allgroups/allgroups.md#modify-search-directory) to search your groups and +add [Filter All Groups](/docs/directorymanager/11.1/welcome/group/allgroups/allgroups.md#filter-all-groups)by clicking **My Groups Grid Filters**. All +your groups matching the filters will be displayed. + +**You can:** + +- Manually update the membership of a Smart Group using the **Update** command. You can also view + update details on **Processing Object (s)** wizard. Click **OK** once done. If you click + **Background**, the update runs in the background and will show in the **Background Tasks** tab. +- View and modify the [Group Properties](/docs/directorymanager/11.1/welcome/group/properties/overview.md) of a group. +- Manually expire your groups. After expiring the group, it will be listed in **My Expired Groups** + list. +- Select a smart group and click **Renew** on the toolbar; this re-applies the expiry policy of the + group starting from today, thus renewing the group. +- Join a group as a [Join a group temporarily](/docs/directorymanager/11.1/welcome/group/workingwithgroups/groupjoinleave.md#join-a-group-temporarily) or + [Join a group permanently](/docs/directorymanager/11.1/welcome/group/workingwithgroups/groupjoinleave.md#join-a-group-permanently) +- Leave a group’s membership + [Leave a group temporarily](/docs/directorymanager/11.1/welcome/group/workingwithgroups/groupjoinleave.md#leave-a-group-temporarily) or + [Leave a group permanently](/docs/directorymanager/11.1/welcome/group/workingwithgroups/groupjoinleave.md#leave-a-group-permanently). +- Join / leave a group + [Join or leave a group on behalf of a direct report or peer](/docs/directorymanager/11.1/welcome/group/workingwithgroups/groupjoinleave.md#join-or-leave-a-group-on-behalf-of-a-direct-report-or-peer)a + direct report or peer. +- To Join/Leave the group, you can also click on **Want to write reason to group owner?** and state + the the reason for joining or leaving the group for the group owner. +- Update the security type of your group using **Set Security Type** option. You can select one of + the following security types: + + - Public + - Semi Private + - Private + +- Select a group and click **Move Group** from the toolbar. You can specify a new container from + **Select Container** box where you want to move the group. +- Select a group and click **Add to Contacts** on the toolbar to add a group’s email to your email + contact list using the vCard. The portal creates the group's vCard and prompts you to save it on + your machine. You can then use it to add the group's email address to your email contact list. +- Click **Add to Group** to add the group into the membership of another group + ([Add a group to the membership of another group (nesting)](/docs/directorymanager/11.1/welcome/group/workingwithgroups/groupmembershipfunction.md#add-a-group-to-the-membership-of-another-group-nesting)). +- Select a group and click **Send Email** on the toolbar to send an email to the group. This + launches the default Windows email application for sending an email to group members. +- Click **Export Results** on the toolbar to export the group list to a Microsoft Excel file. +- Update the expiration policy of your group using **Set Expiration Policy** option. +- Update owner for your group using **Set Owner** option. The drop down list displays two options: + + - **Me:** You can set yourself as the Owner + - **Other:** You can select some other user as the owner. + +- Manually [ Group Deletion](/docs/directorymanager/11.1/welcome/group/workingwithgroups/groupdeletion.md) any of your group. +- Get a list of all groups managed by s particular group (i.e., all groups for which the selected + group is a primary or additional owner) + + Select a group and click **Managed By** on the toolbar to get a list of groups managed by the + selected group. + +- Click **Attest Group** to update smart groups and dynasties, and verify your group's attributes + and memberships. +- In the **Results** box, select the number of search results to display on a page. + +Use the page numbers under the group listing to page through all groups. + +You can control the number of records to be displayed per page by modifying the **Search results per +page** setting on the [Portal Settings](/docs/directorymanager/11.1/welcome/generalfeatures/portal.md) panel. + +## Modify Search Directory + +You can modify the search results in **Modify Search Directory.** You can select entire directory or +a domain to search active groups from. + +## Transfer Ownership + +You can find [Transfer Ownership](/docs/directorymanager/11.1/welcome/group/transferownership.md) option on the top right corner. Transfer +Ownership enables you to: + +- Assign owners to orphan groups. +- Transfer group ownership (including Exchange 2013/2016/2019 additional ownership) from one + recipient to another. + +## Filter My Groups + +You can add filters in **My Group Grid Filters** while searching for specific groups. + +Step 1 – Click **Add Filter** to specify a criterion for filtering groups. + +Step 2 – From the **Select a Filter** list, select the attribute to filter groups. + +Step 3 – Two more boxes get displayed next to **Select a Filter** box upon selecting a filter. + +- **Select an Operator** from the first list. +- Specify a value for the selected operator in the second box. + +Step 4 – Click **Apply Filter**. + +Step 5 – All your groups that match the specified criterion are displayed. + +Step 6 – You can add additional filters by clicking **Add Filter.** + +Step 7 – To undo the filters, click **Reset Filter.** + +It will remove all the criteria set before. diff --git a/docs/directorymanager/11.1/welcome/group/mygroups/mymemberships.md b/docs/directorymanager/11.1/welcome/group/mygroups/mymemberships.md new file mode 100644 index 0000000000..71fd7ea28d --- /dev/null +++ b/docs/directorymanager/11.1/welcome/group/mygroups/mymemberships.md @@ -0,0 +1,17 @@ +--- +title: "My Memberships" +description: "My Memberships" +sidebar_position: 10 +--- + +# My Memberships + +To view the groups that you are a member of, click **Groups** on the left navigation pane and select +**My Groups**. On the My Groups page, click the **My Memberships** tab. + +The **My Memberships** tab lists only active groups that you are a member of; expired and deleted +groups are not displayed. + +You can [Modify Search Directory](/docs/directorymanager/11.1/welcome/group/allgroups/allgroups.md#modify-search-directory) to search your memberships +and add [Filter All Groups](/docs/directorymanager/11.1/welcome/group/allgroups/allgroups.md#filter-all-groups)by clicking **My Memberships Grid +Filters**. All your memberships matching the filters will be displayed. diff --git a/docs/directorymanager/11.1/welcome/group/mygroups/mysmartgroups.md b/docs/directorymanager/11.1/welcome/group/mygroups/mysmartgroups.md new file mode 100644 index 0000000000..93cdcdc0dc --- /dev/null +++ b/docs/directorymanager/11.1/welcome/group/mygroups/mysmartgroups.md @@ -0,0 +1,15 @@ +--- +title: "My Smart Groups" +description: "My Smart Groups" +sidebar_position: 50 +--- + +# My Smart Groups + +This page lists only the Smart Groups that you are primary owner of. To include the groups for which +you are an additional owner, select the **Display additional group ownership in My Smart Groups** +check box on the [Portal Settings](/docs/directorymanager/11.1/welcome/generalfeatures/portal.md) panel. + +You can [Modify Search Directory](/docs/directorymanager/11.1/welcome/group/allgroups/allgroups.md#modify-search-directory) to search your smart groups +and add [Filter All Groups](/docs/directorymanager/11.1/welcome/group/allgroups/allgroups.md#filter-all-groups)by clicking **Smart Group Grid Filters**. +All the smart groups matching the filters will be displayed. diff --git a/docs/directorymanager/11.1/welcome/group/mygroups/myteams.md b/docs/directorymanager/11.1/welcome/group/mygroups/myteams.md new file mode 100644 index 0000000000..36b836d07b --- /dev/null +++ b/docs/directorymanager/11.1/welcome/group/mygroups/myteams.md @@ -0,0 +1,13 @@ +--- +title: "My Teams" +description: "My Teams" +sidebar_position: 70 +--- + +# My Teams + +This page lists all the Microsoft Teams groups that you own. + +You can [Modify Search Directory](/docs/directorymanager/11.1/welcome/group/allgroups/allgroups.md#modify-search-directory) to search teams and add +[Filter All Groups](/docs/directorymanager/11.1/welcome/group/allgroups/allgroups.md#filter-all-groups)by clicking **My Teams Grid Filters**. All the +teams matching the filters will be displayed. diff --git a/docs/directorymanager/11.1/welcome/group/overview.md b/docs/directorymanager/11.1/welcome/group/overview.md new file mode 100644 index 0000000000..7b4b2d80c0 --- /dev/null +++ b/docs/directorymanager/11.1/welcome/group/overview.md @@ -0,0 +1,33 @@ +--- +title: "Group Management" +description: "Group Management" +sidebar_position: 70 +--- + +# Group Management + +Directory Manager portal enables you to manage directory groups, that includes both static groups +and Smart Groups. You can: + +- Create static groups, Smart Groups and Dynasties. +- Manage the type, scope, security type, and ownerships of groups. +- Manage group membership dynamically. +- Specify an expiry policy for groups. This policy defines the period for which the group remains + active. When the period is over, the group becomes inactive and is locked for all activities. +- Groups can also be moved between domains within a single forest. + +Examples of directory groups include distribution lists and security groups. + +Directory Manager portal updates Smart Groups and Dynasties on the basis of user-defined queries. +When directory information changes, Directory Manager portal automatically updates the appropriate +groups, thus ensuring that groups are never out of date. + +This allows administrators to easily maintain large groups without having to manually add and remove +members. + +NOTE: You must [Log in](/docs/directorymanager/11.1/welcome/login.md#log-in) before using it for group management. + +NOTE: When two identity stores (say, ID1 and ID2) are connected to the same domain (for example, +demo1.com), then objects in demo1.com would have a distinct state in ID1 and ID2. For example, an +object’s state (such as expiry policy, Smart Group criteria, additional owners, etc.) would be +different in both identity stores. diff --git a/docs/directorymanager/11.1/welcome/group/properties/_category_.json b/docs/directorymanager/11.1/welcome/group/properties/_category_.json new file mode 100644 index 0000000000..395223c37a --- /dev/null +++ b/docs/directorymanager/11.1/welcome/group/properties/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Group Properties", + "position": 90, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/directorymanager/11.1/welcome/group/properties/advanced.md b/docs/directorymanager/11.1/welcome/group/properties/advanced.md new file mode 100644 index 0000000000..1e76c1c1b8 --- /dev/null +++ b/docs/directorymanager/11.1/welcome/group/properties/advanced.md @@ -0,0 +1,48 @@ +--- +title: "Group properties - Advanced tab" +description: "Group properties - Advanced tab" +sidebar_position: 80 +--- + +# Group properties - Advanced tab + +Use this tab to control the group's visibility in the messaging provider's address book and manage +out-of-office notifications. + +You can also specify non-delivery report (NDR) recipients when this group does not receive a message +sent to it. The non-delivery report lets the recipient know that the message was not delivered. + +**Admin Note** + +Notes from the administrator. + +**OOF Reply to originator** + +Set a mail-enabled group (Group A) to send out-of-office auto-replies to the message originator +(sender), when the group (Group A) receives a message and one or more group members have +out-of-office status. + +NOTE: This setting applies if Microsoft Exchange is configured as the messaging system for the +identity store. + +**Hide membership** + +Indicates whether to hide the membership of mail-enabled groups in the messaging provider's address +book (such as the Outlook address book). + +If selected, the group members will not be visible from within the address book. + +**Delivery Reports** + +Specify non-delivery report (NDR) recipients when a message sent to this group is not delivered. The +non-delivery report lets the recipient know that the message was not delivered. + +Options are: + +- **Report to originator** - The non-delivery report is sent to the sender to inform him or her that + the message was not delivered to the target group. +- **Report to owner** - The non-delivery report is sent to the group owner to inform him or her that + a message sent to the group was not delivered to group members. +- **Do not send delivery report** - Non-delivery reports are not sent to anyone. + +NOTE: Non-delivery reports are sent if an SMTP server is configured for the identity store. diff --git a/docs/directorymanager/11.1/portal/group/properties/attributes.md b/docs/directorymanager/11.1/welcome/group/properties/attributes.md similarity index 88% rename from docs/directorymanager/11.1/portal/group/properties/attributes.md rename to docs/directorymanager/11.1/welcome/group/properties/attributes.md index 25424111d7..802a96fcc2 100644 --- a/docs/directorymanager/11.1/portal/group/properties/attributes.md +++ b/docs/directorymanager/11.1/welcome/group/properties/attributes.md @@ -1,3 +1,9 @@ +--- +title: "Object properties - Attributes tab" +description: "Object properties - Attributes tab" +sidebar_position: 60 +--- + # Object properties - Attributes tab Use this tab to manage custom attributes for this object. These attributes are used to store diff --git a/docs/directorymanager/11.1/portal/group/properties/channels.md b/docs/directorymanager/11.1/welcome/group/properties/channels.md similarity index 87% rename from docs/directorymanager/11.1/portal/group/properties/channels.md rename to docs/directorymanager/11.1/welcome/group/properties/channels.md index 784e4465c2..40eb681b7f 100644 --- a/docs/directorymanager/11.1/portal/group/properties/channels.md +++ b/docs/directorymanager/11.1/welcome/group/properties/channels.md @@ -1,3 +1,9 @@ +--- +title: "Teams Properties - Channels" +description: "Teams Properties - Channels" +sidebar_position: 170 +--- + # Teams Properties - Channels Use this tab to view, add, and remove the channels in a Teams group. @@ -29,7 +35,7 @@ Add the information for the following: It is displayed only if you select Private from the Privacy drop-down list. Click **Add** and enter a search string to locate the user to add as a member, or click - **Advance** to use the [Find Dialog Box](/docs/directorymanager/11.1/portal/search/find.md) for performing a search. + **Advance** to use the [Find Dialog Box](/docs/directorymanager/11.1/welcome/generalfeatures/find.md) for performing a search. Click **Remove** if you want to remove any member. diff --git a/docs/directorymanager/11.1/portal/group/properties/deliveryrestrictions.md b/docs/directorymanager/11.1/welcome/group/properties/deliveryrestrictions.md similarity index 84% rename from docs/directorymanager/11.1/portal/group/properties/deliveryrestrictions.md rename to docs/directorymanager/11.1/welcome/group/properties/deliveryrestrictions.md index 27a627613f..9dfb8e9161 100644 --- a/docs/directorymanager/11.1/portal/group/properties/deliveryrestrictions.md +++ b/docs/directorymanager/11.1/welcome/group/properties/deliveryrestrictions.md @@ -1,3 +1,9 @@ +--- +title: "Group properties - Delivery Restrictions tab" +description: "Group properties - Delivery Restrictions tab" +sidebar_position: 50 +--- + # Group properties - Delivery Restrictions tab Use this tab to apply email restrictions to this group. You can manage the list of objects (users, @@ -23,7 +29,7 @@ Shows the objects whose emails will not be delivered to the group. **Add** To add an object to a list, click **Add** in the respective area. Enter a search string to locate -the required object, or click **Advance** to use the [Find Dialog Box](/docs/directorymanager/11.1/portal/search/find.md) for +the required object, or click **Advance** to use the [Find Dialog Box](/docs/directorymanager/11.1/welcome/generalfeatures/find.md) for performing a search. **Remove** diff --git a/docs/directorymanager/11.1/portal/group/properties/dynastyoptions.md b/docs/directorymanager/11.1/welcome/group/properties/dynastyoptions.md similarity index 96% rename from docs/directorymanager/11.1/portal/group/properties/dynastyoptions.md rename to docs/directorymanager/11.1/welcome/group/properties/dynastyoptions.md index fa5cbfafcc..2b8c28e65f 100644 --- a/docs/directorymanager/11.1/portal/group/properties/dynastyoptions.md +++ b/docs/directorymanager/11.1/welcome/group/properties/dynastyoptions.md @@ -1,3 +1,9 @@ +--- +title: "Group properties - Dynasty Options tab" +description: "Group properties - Dynasty Options tab" +sidebar_position: 100 +--- + # Group properties - Dynasty Options tab Directory Managerprovides advanced options that you can use to enhance the Dynasty structure and its @@ -48,7 +54,7 @@ You can view and change the attributes for parent and middle Dynasties. - Select an attribute and click **Edit** to modify it. - Click **Remove** to remove the selected attribute. -See the [Dynasty Options page](/docs/directorymanager/11.1/portal/group/dynasty/dynastyoptionsorggeocus.md) for details. +See the [Dynasty Options page](/docs/directorymanager/11.1/welcome/group/dynasty/createdynasty/dynastyoptionsorggeocus.md) for details. **Inheritance** @@ -89,7 +95,7 @@ the top manager and sub-level managers, or add all direct reports of the top man managers as members of a single group. You can view and change these structure options for parent and middle Dynasties. For details, see -the [Dynasty Options page (Managerial Dynasty)](/docs/directorymanager/11.1/portal/group/dynasty/dynastyoptionsmanagerial.md). +the [Dynasty Options page (Managerial Dynasty)](/docs/directorymanager/11.1/welcome/group/dynasty/createdynasty/dynastyoptionsmanagerial.md). NOTE: (1) If the **Set manager as owner** check box is selected, the **Always inherit** option is set for Inheritance, and the managedBy attribute is specified for inheritance, the **Set manager as @@ -106,7 +112,7 @@ Dynasties, replacing their respective primary owners. Set a custom attribute to create a managerial lineage in the context of this attribute. -See the [Dynasty Options page (Managerial Dynasty)](/docs/directorymanager/11.1/portal/group/dynasty/dynastyoptionsmanagerial.md)for a +See the [Dynasty Options page (Managerial Dynasty)](/docs/directorymanager/11.1/welcome/group/dynasty/createdynasty/dynastyoptionsmanagerial.md)for a discussion on attributes. In addition to the scenarios discussed, the following also apply on Dynasty update: diff --git a/docs/directorymanager/11.1/welcome/group/properties/email.md b/docs/directorymanager/11.1/welcome/group/properties/email.md new file mode 100644 index 0000000000..148774f436 --- /dev/null +++ b/docs/directorymanager/11.1/welcome/group/properties/email.md @@ -0,0 +1,38 @@ +--- +title: "Group properties - Email tab" +description: "Group properties - Email tab" +sidebar_position: 70 +--- + +# Group properties - Email tab + +Use this tab to view the email addresses assigned to this group. If your portal is connected to an +identity store having Exchange 2013/2016/2019 deployed; then on this tab, you can also specify +Exchange additional owners for the group. Exchange additional owners have the same privileges as the +primary owner. + +**Addresses** + +In case of a mail-enabled group, Microsoft Exchange assigns different addresses to it for +communication with different repositories (such as Address Book, SIP, Outlook). These addresses are +displayed in this box. + +**Managed by** + +Microsoft Exchange 2013/2016/2019 offers the co-managed by feature that enables you to specify +Exchange additional owners for a group. + +The **Managed by** section is displayed when Microsoft Exchange Server 2013/2016/2019 is deployed as +the messaging provider for the identity store your portal is connected to. This list shows Exchange +additional owners specified for the group. + +GroupID sends group expiry, deletion, and renewal notifications to all Exchange additional owners +along with the group’s primary owner and additional owners. See +[Group properties - Owner tab](/docs/directorymanager/11.1/welcome/group/properties/owner.md) in group properties. + +- Click **Add** to add an Exchange additional owner. Enter a search string to locate the required + object, or click **Advance** to use the [Find Dialog Box](/docs/directorymanager/11.1/welcome/generalfeatures/find.md) for performing a + search. +- To remove an Exchange additional owner, select it and click **Remove**. + +NOTE: Only mail-enabled users can be designated as Exchange additional owners. diff --git a/docs/directorymanager/11.1/portal/group/properties/entitlements.md b/docs/directorymanager/11.1/welcome/group/properties/entitlements.md similarity index 92% rename from docs/directorymanager/11.1/portal/group/properties/entitlements.md rename to docs/directorymanager/11.1/welcome/group/properties/entitlements.md index 234c9e9da1..3fb27a07a8 100644 --- a/docs/directorymanager/11.1/portal/group/properties/entitlements.md +++ b/docs/directorymanager/11.1/welcome/group/properties/entitlements.md @@ -1,3 +1,9 @@ +--- +title: "Group Properties - Entitlement tab" +description: "Group Properties - Entitlement tab" +sidebar_position: 120 +--- + # Group Properties - Entitlement tab Entitlement computes the effective NTFS permissions granted to objects on shared resources residing diff --git a/docs/directorymanager/11.1/welcome/group/properties/general.md b/docs/directorymanager/11.1/welcome/group/properties/general.md new file mode 100644 index 0000000000..9b7f0a8659 --- /dev/null +++ b/docs/directorymanager/11.1/welcome/group/properties/general.md @@ -0,0 +1,98 @@ +--- +title: "Group properties - General tab" +description: "Group properties - General tab" +sidebar_position: 10 +--- + +# Group properties - General tab + +This tab allows you to view or modify the general information about the group. + +**Display name** + +The display name of the group. + +**Alias** + +The alias for the group. + +**Manager can update membership** + +Select this check box to enable the group managers (primary owner and Exchange additional owners) to +update this group’s membership directly on the directory server. Additional owners are not included +because they are Directory Manager-specific and the directory does not recognize them. + +This is a provider-end permission and does not impact role-based permissions assigned at the +identity store level in Directory Manager. Nor do role-based permissions assigned at the identity +store level have any impact on this feature. + +Enabling this setting auto-grants the required permissions to the manager. For Active Directory, for +example, the manager is granted the following permissions: + +- Create, delete, and manage user accounts. +- Reset user password and force password change at next logon. +- Create, delete and manage groups. +- Modify the membership of a group. + +NOTE: Do not update Smart Group membership manually; changes might be reversed when the Smart Group +Update job runs. + +NOTE: The _manager can update membership_ feature is not available for groups in a Microsoft Entra +ID based identity store. + +**Description** + +The description provided for the group. + +**Expiration Policy** + +The expiry policy for this group. It specifies the duration the group remains active for. The group +would expire when the period ends. + +If you select the Other option from the list, two boxes are displayed under the Expiration Policy +box. First, select an option (Days, Months, or Years) from the second list. Then enter a value for +the selected option in the first box. the group will remain active for the duration you specify +here. + +The Group Life Cycle job is responsible for expiring groups. + +**Expiration Date** + +Displays the expiry date for the group. This box is blank when the expiration policy is set to +"Never expire". + +When you change the expiration policy of a group, the expiration date is updated when you save the +changes. + +**Group Scope** + +The scope set for this group. + +- **Domain Local** - Can only contain users in this domain. +- **Global Group** - Can contain users from other domains but is visible only within its own domain. +- **Universal Group** - Can contain users and groups from any domain and is visible in the Global + Catalog. + +NOTE: With Exchange 2013/2016/2019 configured as the messaging provider for the identity store, the +group scope must be set to _Universal_ for mail-enabled groups. + +NOTE: In a Microsoft Entra ID based identity store, the group scope does not apply. + +**Group Type** + +The group type set for the group. + +- **Security** - this group will be used for securing public folders, printers and other network + resources. +- **Distribution** - this group will only be used for email distribution. + +NOTE: In a Microsoft Entra ID based identity store, the group type is set to 'security' by default +and this option is not displayed. + +**Security** + +Indicates the security type set for the group. + +**Email** + +The email address of the group (applies to mail-enabled groups only, such as an Office 365 group). diff --git a/docs/directorymanager/11.1/welcome/group/properties/history.md b/docs/directorymanager/11.1/welcome/group/properties/history.md new file mode 100644 index 0000000000..8a55b1d467 --- /dev/null +++ b/docs/directorymanager/11.1/welcome/group/properties/history.md @@ -0,0 +1,101 @@ +--- +title: "Object properties - History tab" +description: "Object properties - History tab" +sidebar_position: 140 +--- + +# Object properties - History tab + +This tab displays the object's history, which includes all changes to the object since its creation. + +History is available if the administrator has enabled history tracking for the identity store. See +[History](/docs/directorymanager/11.1/welcome/history/overview.md). + +## View History + +The **History** area displays the history for the object. History items in the view are arranged +according to date, showing the most recent at the top. + +This view is also called the detailed view. + +### Switch to Administrative View + +Click the **Switch to Administrative View** link to switch to the administrative view. This view is +only available if you have administrative privileges. + +It displays history data in a tabular form. History items are grouped by date. Each date group +displays changes made to the object during that period. + +You can expand an item to view more details, such as the names of the attributes modified in an +action along with their old and new values. + +## Export History Data + +You can export history data displayed on this page to an external file. + +1. Click the **Export History** button and select the file type to export history data to. Supported + formats are: + + - Excel + - CSV + - XML + +2. The file is created at the download location specified in the browser settings. + +## Add notes to history items + +Directory Manager enables a user to add notes to history items that were logged as a result of any +change they made. A note may explain the reason for making a certain change, such as why they +changed the security type for a group. + +Only the user who added the note can update it. Other users can only view this note; they cannot +edit or add comments. + +- The Add Note button is available next to a history item listed. +- Once you add a note, the Add Note button changes to View Note. All portal users can use this + button to view the note. + +### Add a note + +The option to add a note is available on the My Account History card on Dashboard, and all History +pages i.e.[My History](/docs/directorymanager/11.1/welcome/history/myhistory.md), +[My Direct Reports' History](/docs/directorymanager/11.1/welcome/history/mydirectreport.md) and +[My Groups' History](/docs/directorymanager/11.1/welcome/history/mydirectorygroup.md) pages. + +Step 1 – Click the **Add Note** button next to a history item to add a note to it. + +Step 2 – On the Add Note dialog box, write a note and click **Add Note** to save it. + +Your note can have a maximum of 500 characters. + +### Edit a note + +You can only edit the note that you have added. + +Step 1 – Click the **View Note** button next to a history item to view or edit the note for it. + +Step 2 – On the Note dialog box, click the **Edit Note** button and update the note. + +Step 3 – Click **Update Note** to save the changes. + +### View a note + +Once a note is added, other users can view it, but they cannot edit it or add comments to it. + +- In the Detailed view: + + Click the **View Note** button next to a history item to view the note for it. + +- In the Administrative view: + + The Note column displays the note. + +### Remove a note + +You can only remove the note that you have added. + +Step 1 – Click the **View Note** button next to a history item to view or remove the note for it. + +Step 2 – Click the **Edit Note** button and remove the note. + +Step 3 – Click **Update Note**. diff --git a/docs/directorymanager/11.1/portal/group/properties/importadditionalowners.md b/docs/directorymanager/11.1/welcome/group/properties/importadditionalowners.md similarity index 95% rename from docs/directorymanager/11.1/portal/group/properties/importadditionalowners.md rename to docs/directorymanager/11.1/welcome/group/properties/importadditionalowners.md index 4338e77464..a32afa8245 100644 --- a/docs/directorymanager/11.1/portal/group/properties/importadditionalowners.md +++ b/docs/directorymanager/11.1/welcome/group/properties/importadditionalowners.md @@ -1,3 +1,9 @@ +--- +title: "Import Additional Owners" +description: "Import Additional Owners" +sidebar_position: 160 +--- + # Import Additional Owners The **Import Additional Owners** wizard enables you to specify additional owners for a group using diff --git a/docs/directorymanager/11.1/portal/group/properties/importmembers.md b/docs/directorymanager/11.1/welcome/group/properties/importmembers.md similarity index 95% rename from docs/directorymanager/11.1/portal/group/properties/importmembers.md rename to docs/directorymanager/11.1/welcome/group/properties/importmembers.md index 8c84e981bd..f6e651d95d 100644 --- a/docs/directorymanager/11.1/portal/group/properties/importmembers.md +++ b/docs/directorymanager/11.1/welcome/group/properties/importmembers.md @@ -1,3 +1,9 @@ +--- +title: "Import Group Members" +description: "Import Group Members" +sidebar_position: 150 +--- + # Import Group Members The **Import Members** wizard enables you to add members to the group using an external file. @@ -52,7 +58,7 @@ launch the **Import Members** wizard. - **External Data Source** - 1. On the **Providers** page, select [Query Designer](/docs/directorymanager/11.1/portal/group/querydesigner/overview.md) to + 1. On the **Providers** page, select [Query Designer](/docs/directorymanager/11.1/welcome/group/querydesigner/overview.md) to create a query. The query will fetch all those members that match the set criteria. The Query Designer is not working. After adding provider in the data source, it is @@ -110,7 +116,7 @@ launch the **Import Members** wizard. 1. On the **Lifecycle** page, select the **Import Members From Group(s)** option to add all members of another group or groups to the membership of this group. -2. Click the **Search Groups** button; the [Find Dialog Box](/docs/directorymanager/11.1/portal/search/find.md) is displayed, +2. Click the **Search Groups** button; the [Find Dialog Box](/docs/directorymanager/11.1/welcome/generalfeatures/find.md) is displayed, where you can search and select the group(s) whose members you want to import into the membership of this group. 3. Click **Next**. diff --git a/docs/directorymanager/11.1/welcome/group/properties/memberof.md b/docs/directorymanager/11.1/welcome/group/properties/memberof.md new file mode 100644 index 0000000000..13324c44dc --- /dev/null +++ b/docs/directorymanager/11.1/welcome/group/properties/memberof.md @@ -0,0 +1,41 @@ +--- +title: "properties - Member Of tab" +description: "properties - Member Of tab" +sidebar_position: 40 +--- + +# properties - Member Of tab + +Use this tab to view the groups of which this group is a member. You can add and remove this group +from the membership of other groups. + +**Member Of** + +This group is a member of all groups listed in this grid. + +For each group listed, you can view the display name, email, and description. + +For each column in the grid, an item level filter is also available that lets you filter records +based on a particular criterion. For example; to show groups whose display names start with D, type +**D** in the box under the **Display Name** header and press Enter. + +| Column Name | Description | +| ------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Display Name | Displays the names of the groups this user is a member of. | +| Membership | Indicates whether the user is a temporary or permanent member of the group. - Perpetual – To make the object a permanent member of the group. - Temporary Member – To make the object a temporary member of the group for the period you specify in the Beginning and Ending boxes. At the end of the period, the object is removed from the group membership. - Addition Pending – Indicates that the object will be a temporary member of the group for a period in the future. Use the Beginning and Ending boxes to set a period. Before the beginning date, the object’s membership type is displayed as ‘Addition Pending’. On the beginning date, the membership type changes to ‘Temporary Member’. Example. You add Smith as a temporary member to Group A on May 15 for future dates, May 20-30. Smith will be displayed in Group A’s membership with ‘Addition Pending’ as its membership type from May 15 to 19. However, Smith would not be added to group membership in the provider. On May 20, Smith will become a temporary member of Group A and its membership type will change to ‘Temporary Member’ from May 20 to 30. Smith will also be added to group membership in the provider. After May 30, Smith will be removed from Group A as a member in Directory Manager and in the provider. - Removal Pending - Indicates that the object will be temporarily removed from group membership for a period in the future. Use the Beginning and Ending boxes to set a period. Before the beginning date, the object’s membership type is displayed as ‘Removal Pending’. On the beginning date, the membership type will change to ‘Temporary Removed’. Example. You remove Smith from Group A on May 15 for future dates, May 20-30. Smith will be displayed in Group A’s membership with ‘Removal Pending’ as membership type from May 15 to 19. On May 20, Smith’s membership type in Directory Manager will change to ‘Temporary Removed’; lasting till May 30. However, Smith will be removed from Group A’s membership in the provider. After May 30, Smith will be added back to Group A as a permanent member in Directory Manager and in the provider. - Temporary Removed – Indicates that the object is temporarily removed from group membership for the period specified in the Beginning and Ending boxes. At the end of the period, the object is added back to the group membership as a permanent member. When the user is a perpetual member, the **Membership** column is blank. You cannot change the membership type of the user for any group on the **Member Of** tab. Rather, go to the properties of the specific group and change the user's membership type on the [Group properties - Members tab](/docs/directorymanager/11.1/welcome/group/properties/members.md). | +| Beginning | Displays the beginning date of the temporary addition or removal. | +| Ending | Displays the ending date of the temporary addition or removal. | + +**Add** + +Click it to add this group to the memberships of another group (for example, Group A). + +Enter a search string to locate the required group (Group A), or click **Advance** to use the +[Find Dialog Box](/docs/directorymanager/11.1/welcome/generalfeatures/find.md) for performing a search + +The selected group(s) get listed in the **Member Of** grid. + +**Remove** + +Select a group (Group A) from the Member Of list and click **Remove** to remove this group from the +membership of Group A. diff --git a/docs/directorymanager/11.1/welcome/group/properties/members.md b/docs/directorymanager/11.1/welcome/group/properties/members.md new file mode 100644 index 0000000000..aec13be04a --- /dev/null +++ b/docs/directorymanager/11.1/welcome/group/properties/members.md @@ -0,0 +1,78 @@ +--- +title: "Group properties - Members tab" +description: "Group properties - Members tab" +sidebar_position: 30 +--- + +# Group properties - Members tab + +Use this tab to view or modify the members of a group. By default, the primary owner is also a +member of the group. + +NOTE: In a Microsoft Entra ID based identity store, only user objects can be added as members of an +Office 365 group. + +**Members** + +Displays a list of member objects in this group. + +| Column Name | Description | +| ------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Type | The object type of the member object, such as user or group. | +| Display Name | The name of the member object. | +| | You can view the memberships of groups that are members of this group. For example, when you add a group (Group B) as a member of this group (Group A), you can view the membership of Group B. You can continue to view memberships of groups that are members of Group B, and so on. This enables the owner of a distribution group to view all users who will receive the messages sent to the distribution group. Click the plus sign next to a member group to view its members. Group membership can be viewed up to the nth level. However, you cannot modify membership of nested groups here. For a parent Dynasty, all child Dynasties are listed as members. NOTE: For an expired security group and Office 365 group, the members list would be empty. | +| Membership | Indicates whether the object is a temporary or permanent member of this group. The available membership types are: - Perpetual – To make the object a permanent member of the group. - Temporary Member – To make the object a temporary member of the group for the period you specify in the Beginning and Ending boxes. At the end of the period, the object is removed from the group membership. - Addition Pending – Indicates that the object will be a temporary member of the group for a period in the future. Use the Beginning and Ending boxes to set a period. Before the beginning date, the object’s membership type is displayed as ‘Addition Pending’. On the beginning date, the membership type changes to ‘Temporary Member’. Example. You add Smith as a temporary member to Group A on May 15 for future dates, May 20-30. Smith will be displayed in Group A’s membership with ‘Addition Pending’ as its membership type from May 15 to 19. However, Smith would not be added to group membership in the provider. On May 20, Smith will become a temporary member of Group A and its membership type will change to ‘Temporary Member’ from May 20 to 30. Smith will also be added to group membership in the provider. After May 30, Smith will be removed from Group A as a member in Directory Manager and in the provider. - Removal Pending - Indicates that the object will be temporarily removed from group membership for a period in the future. Use the Beginning and Ending boxes to set a period. Before the beginning date, the object’s membership type is displayed as ‘Removal Pending’. On the beginning date, the membership type will change to ‘Temporary Removed’. Example. You remove Smith from Group A on May 15 for future dates, May 20-30. Smith will be displayed in Group A’s membership with ‘Removal Pending’ as membership type from May 15 to 19. On May 20, Smith’s membership type in Directory Manager will change to ‘Temporary Removed’; lasting till May 30. However, Smith will be removed from Group A’s membership in the provider. After May 30, Smith will be added back to Group A as a permanent member in Directory Manager and in the provider. - Temporary Removed – Indicates that the object is temporarily removed from group membership for the period specified in the Beginning and Ending boxes. At the end of the period, the object is added back to the group membership as a permanent member. When the object is a perpetual member, the Membership column is blank. Click anywhere in the row to make it editable for changing the membership type of the group member. NOTE: You cannot change the membership type when the member object is a group. | +| Beginning | Shows the beginning date of the temporary addition or removal. | +| Ending | Shows the ending date of the temporary addition or removal. | + +NOTE: For each column, an item level filter is also available that lets you filter records based on +a particular criterion. For example; to show objects whose display names start with D, type **D** in +the box under the **Display Name** header and press Enter. + +The Membership Life Cycle job updates the temporary membership of groups. It adds and removes +temporary members from group membership on the specified dates. + +Consider a scenario where the Membership Life Cycle job is scheduled to run once a week, say +Mondays. If an object is to be added to group membership for three days - Wednesday till Friday, it +will not be added. This happens because the Membership Life Cycle job did not run on the particular +days for temporary membership update. + +**Add** + +To add member(s) to the group, click **Add**. Enter a search string to locate the object to add as a +member, or click **Advance** to use the [Find Dialog Box](/docs/directorymanager/11.1/welcome/generalfeatures/find.md) for performing a +search. + +The selected members get listed in the **Members** grid. + +NOTE: This button is disabled for Smart Groups and Dynasties since their memberships is determined +by the query set on the [Group properties - Smart Group/Query Designer tab](/docs/directorymanager/11.1/welcome/group/properties/smartgroup.md). + See +[Schedule periodic membership updates for Smart Groups/Dynasties](/docs/directorymanager/11.1/welcome/group/workingwithgroups/scheduleupdate.md#schedule-periodic-membership-updates-for-smart-groupsdynasties). + +**Import** + +You can add members to the group using an external file. + +You can also choose to import all members of an existing group or groups to the membership of this +group. + +Click **Import** to launch the **Import Members** wizard for importing group members. See +[Import Group Members](/docs/directorymanager/11.1/welcome/group/properties/importmembers.md) for information and instructions. + +**Export** + +You can export the list of members to an external file. Supported file formats are: .txt, .csv, +.xls, .xlsx and .xml. + +Click **Export** to launch the **Export Members** wizard for exporting group members. Select the +attributes you want to export. For information and instructions, see +[Export group members](/docs/directorymanager/11.1/welcome/group/workingwithgroups/groupmembershipfunction.md#export-group-members). + +**Remove All** + +To remove all the members at together, click **Remove all**. + +**Remove** + +To remove an object from the members list, select it and click **Remove**. diff --git a/docs/directorymanager/11.1/welcome/group/properties/overview.md b/docs/directorymanager/11.1/welcome/group/properties/overview.md new file mode 100644 index 0000000000..865e8a7eae --- /dev/null +++ b/docs/directorymanager/11.1/welcome/group/properties/overview.md @@ -0,0 +1,72 @@ +--- +title: "Group Properties" +description: "Group Properties" +sidebar_position: 90 +--- + +# Group Properties + +You can view and manipulate the properties of groups in the connected identity store, depending on +the permissions the Directory Manager administrator has granted you. + +Select the required object and click **Properties** on the toolbar. The object's properties page is +displayed. + +**On the group's properties page, you can:** + +1. Save the changes made in the properties by clicking **Save**. +2. Click **Delete** to delete the group. +3. **Join** a group as a + [Join a group temporarily](/docs/directorymanager/11.1/welcome/group/workingwithgroups/groupjoinleave.md#join-a-group-temporarily) or + [Join a group permanently](/docs/directorymanager/11.1/welcome/group/workingwithgroups/groupjoinleave.md#join-a-group-permanently) + + Select **Other** to add other users to the group. + +4. **Leave** a group’s membership + [Leave a group temporarily](/docs/directorymanager/11.1/welcome/group/workingwithgroups/groupjoinleave.md#leave-a-group-temporarily) or + [Leave a group permanently](/docs/directorymanager/11.1/welcome/group/workingwithgroups/groupjoinleave.md#leave-a-group-permanently). + + Select **Other** to remove other users from the group. + +5. To **Join/Leave** the group, you can also click on **Want to write reason to group owner?** and + state the the reason for joining or leaving the group for the group owner. +6. Click **Upgrade To** to change the group into one of the following: + + - Smart Group + - Dynasty + - Managerial Dynasty + +7. Select a group and click **Move Group** from the toolbar. You can specify a new container from + **Select Container** box where you want to move the group. +8. Add a group’s email to your email contact list using the vCard. + + Select a group and click **Add to Contacts** on the toolbar. The portal creates the group's + vCard and prompts you to save it on your machine. You can then use it to add the group's email + address to your email contact list. + +9. Select a group and click **Send Email** on the toolbar. This launches the default Windows email + application for sending an email to group members. +10. For Teams, click **Subscribe Group** to get subscriptions of that Teams channel. +11. To unsubscribe from the Teams channel, click **Unsubscribe Group** from the toolbar. + +## Group Properties + +- [Group properties - General tab](/docs/directorymanager/11.1/welcome/group/properties/general.md) +- [Group properties - Owner tab](/docs/directorymanager/11.1/welcome/group/properties/owner.md) +- [Group properties - Members tab](/docs/directorymanager/11.1/welcome/group/properties/members.md) +- [properties - Member Of tab](/docs/directorymanager/11.1/welcome/group/properties/memberof.md) +- [Group properties - Delivery Restrictions tab](/docs/directorymanager/11.1/welcome/group/properties/deliveryrestrictions.md) +- [Object properties - Attributes tab](/docs/directorymanager/11.1/welcome/group/properties/attributes.md) +- [Group properties - Email tab](/docs/directorymanager/11.1/welcome/group/properties/email.md) +- [Group properties - Advanced tab](/docs/directorymanager/11.1/welcome/group/properties/advanced.md) +- [Group properties - Tree View](/docs/directorymanager/11.1/welcome/group/properties/treeview.md) +- [Group Properties - Entitlement tab](/docs/directorymanager/11.1/welcome/group/properties/entitlements.md) +- [Group properties - Similar Groups tab](/docs/directorymanager/11.1/welcome/group/properties/similargroups.md) +- [Object properties - History tab](/docs/directorymanager/11.1/welcome/group/properties/history.md) +- [Teams Properties - Channels](/docs/directorymanager/11.1/welcome/group/properties/channels.md) (For Teams only) +- [Group properties - Smart Group/Query Designer tab](/docs/directorymanager/11.1/welcome/group/properties/smartgroup.md) (for Smart Groups and Dynasties + only) +- [Group properties - Dynasty Options tab](/docs/directorymanager/11.1/welcome/group/properties/dynastyoptions.md) (for Dynasties only) + +NOTE: The **Delivery Restrictions**, **Attributes**, **Email**, and **Advanced** tabs are not +available for groups in a Microsoft Entra IDbased identity store. diff --git a/docs/directorymanager/11.1/portal/group/properties/owner.md b/docs/directorymanager/11.1/welcome/group/properties/owner.md similarity index 96% rename from docs/directorymanager/11.1/portal/group/properties/owner.md rename to docs/directorymanager/11.1/welcome/group/properties/owner.md index 29241d6dbc..5e87a1e823 100644 --- a/docs/directorymanager/11.1/portal/group/properties/owner.md +++ b/docs/directorymanager/11.1/welcome/group/properties/owner.md @@ -1,3 +1,9 @@ +--- +title: "Group properties - Owner tab" +description: "Group properties - Owner tab" +sidebar_position: 20 +--- + # Group properties - Owner tab This tab displays the primary and additional owners of the group. You can do the following, @@ -13,7 +19,7 @@ group. If you specify a group, all its members are considered additional owners. You can also specify Exchange additional owners for the group. See the -[Group properties - Email tab](/docs/directorymanager/11.1/portal/group/properties/email.md) in group properties. +[Group properties - Email tab](/docs/directorymanager/11.1/welcome/group/properties/email.md) in group properties. NOTE: 1. For groups in an Microsoft Entra ID based identity store, only users can be set as primary owners. Moreover, Microsoft Entra ID supports multiple primary owners for a group. Exchange @@ -25,7 +31,7 @@ additional owners are not supported. The primary owner of the group. To change the primary owner, click **Browse** next to the **Owner** box to launch the -[Find Dialog Box](/docs/directorymanager/11.1/portal/search/find.md), where you can search and select a primary owner. +[Find Dialog Box](/docs/directorymanager/11.1/welcome/generalfeatures/find.md), where you can search and select a primary owner. If the administrator has not enforced the selection of a primary owner in the Group Owner policy, you can also remove the primary owner. Click the **Remove** button next to the **Owner** box to @@ -81,13 +87,13 @@ not run on the particular days for temporary ownership update. To specify additional owner(s) for the group, click **Add**. Enter a search string to locate the object to add as an additional owner, or click **Advance** to -use the [Find Dialog Box](/docs/directorymanager/11.1/portal/search/find.md) for performing a search. +use the [Find Dialog Box](/docs/directorymanager/11.1/welcome/generalfeatures/find.md) for performing a search. **Import** You can also specify additional owners for the group using an external file. Click **Import** to launch the **Import Additional Owners** wizard for importing additional owners. See -[Import Additional Owners](/docs/directorymanager/11.1/portal/group/properties/importadditionalowners.md) for further information and instructions. +[Import Additional Owners](/docs/directorymanager/11.1/welcome/group/properties/importadditionalowners.md) for further information and instructions. **Export** @@ -96,7 +102,7 @@ You can export the list of additional owners to an external file. Supported file Click **Export** to launch the **Export Additional Owners** wizard for exporting additional owners. Select the attributes you want to export. For information and instructions, see -[Export additional owners](/docs/directorymanager/11.1/portal/group/manage/groupownershipfunction.md#export-additional-owners). +[Export additional owners](/docs/directorymanager/11.1/welcome/group/workingwithgroups/groupownershipfunction.md#export-additional-owners). **Remove** diff --git a/docs/directorymanager/11.1/portal/group/properties/similargroups.md b/docs/directorymanager/11.1/welcome/group/properties/similargroups.md similarity index 85% rename from docs/directorymanager/11.1/portal/group/properties/similargroups.md rename to docs/directorymanager/11.1/welcome/group/properties/similargroups.md index 49afd9c26a..e054f259e4 100644 --- a/docs/directorymanager/11.1/portal/group/properties/similargroups.md +++ b/docs/directorymanager/11.1/welcome/group/properties/similargroups.md @@ -1,3 +1,9 @@ +--- +title: "Group properties - Similar Groups tab" +description: "Group properties - Similar Groups tab" +sidebar_position: 130 +--- + # Group properties - Similar Groups tab Directory Manager enables you to compare groups for similarity on the basis of: diff --git a/docs/directorymanager/11.1/welcome/group/properties/smartgroup.md b/docs/directorymanager/11.1/welcome/group/properties/smartgroup.md new file mode 100644 index 0000000000..618cf34843 --- /dev/null +++ b/docs/directorymanager/11.1/welcome/group/properties/smartgroup.md @@ -0,0 +1,68 @@ +--- +title: "Group properties - Smart Group/Query Designer tab" +description: "Group properties - Smart Group/Query Designer tab" +sidebar_position: 90 +--- + +# Group properties - Smart Group/Query Designer tab + +Use this tab to view and modify the query defined for the Smart Group/Dynasty, and even schedule +updates. + +The group’s membership is updated with the records fetched by the query. + +NOTE: In case of an Office 365 group in a Microsoft Entra ID based identity store, group membership +is updated with user objects only. + +Membership update settings defined for the identity store also impact Smart Group and Dynasty +membership update. + +**Container(s)** + +Displays the domain or containers the query will run on. + +**Object Types** + +Lists the object types the query will fetch. + +**Server and Storage** + +These areas are displayed if the query only fetches messaging system recipients. They display the +server and storage for the query to fetch the records from. + +**Query Designer** + +To modify the query, click the **Query Designer** button. This launches the +[Query Designer](/docs/directorymanager/11.1/welcome/group/querydesigner/overview.md) dialog box, where you can modify the query. + +Smart Groups and Dynasties in a Microsoft Entra IDbased identity store use a device structured query +language while those in an Active Directory based identity store use LDAP queries to update group +membership. + +**Membership Preview** + +You can preview the group members of the smart group before executing the changes. + +**Clear** + +To remove all the queries set in the Query Designer, click **Clear**. + +**Scheduled Job** + +You can associate a Smart Group Update job with the group; this is a scheduled job that updates the +group’s membership when it runs. + +From the **Scheduled Job** list, select a Smart Group Update job to associate with the group. + +This list contains Smart Group Update jobs define for the identity store. + +NOTE: If the administrator has enforced the job selection option, you cannot save any changes unless +you associate a scheduled job with this group. + +**Updated On** + +Display the date and time when the group was updated based on the schedule set for it. + +**Create a Schedule** + +You can create a new schedule other than the ones on the list. diff --git a/docs/directorymanager/11.1/portal/group/properties/treeview.md b/docs/directorymanager/11.1/welcome/group/properties/treeview.md similarity index 77% rename from docs/directorymanager/11.1/portal/group/properties/treeview.md rename to docs/directorymanager/11.1/welcome/group/properties/treeview.md index d9ed38940d..47bf2ccda4 100644 --- a/docs/directorymanager/11.1/portal/group/properties/treeview.md +++ b/docs/directorymanager/11.1/welcome/group/properties/treeview.md @@ -1,3 +1,9 @@ +--- +title: "Group properties - Tree View" +description: "Group properties - Tree View" +sidebar_position: 110 +--- + # Group properties - Tree View Using the Directory Managerportal, you can view the hierarchy for a group. This hierarchy is diff --git a/docs/directorymanager/11.1/welcome/group/querydesigner/_category_.json b/docs/directorymanager/11.1/welcome/group/querydesigner/_category_.json new file mode 100644 index 0000000000..6b0c31cf81 --- /dev/null +++ b/docs/directorymanager/11.1/welcome/group/querydesigner/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Query Designer", + "position": 70, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/directorymanager/11.1/welcome/group/querydesigner/database.md b/docs/directorymanager/11.1/welcome/group/querydesigner/database.md new file mode 100644 index 0000000000..7a9d94e197 --- /dev/null +++ b/docs/directorymanager/11.1/welcome/group/querydesigner/database.md @@ -0,0 +1,98 @@ +--- +title: "Query Designer - Database tab" +description: "Query Designer - Database tab" +sidebar_position: 70 +--- + +# Query Designer - Database tab + +You can combine an external data provider with the directory to determine a group's membership. + +The supported external data providers are: + +- Microsoft Access +- Microsoft Excel +- Oracle +- ODBC +- Microsoft SQL Server +- Text/CSV +- SCIM + +Before using any of the above external data providers, a data source for the provider must be +defined in Admin Center. See the [Create a Data Source](/docs/directorymanager/11.1/signin/datasource/create.md) +topic. + +A connection is configured in a data source, Directory Manager portal connects to the external +database, retrieves the results, and then queries the directory for matching records. + +You must map one column returned by the command on the Database tab with a directory attribute to +join the external data source to the identity store. The query compares the values of the mapped +attributes and extracts objects with matching values to add to the group’s membership. + +For example, if you want to add to group membership all employees whose employee IDs are present in +an external data source, you can select that data source and map a key attribute with a directory +attribute. Use attributes that store the employee ID. When group membership is updated, Directory +Manager will fetch only those users from the directory whose employee IDs also exist in the data +source. + +**External Data Provider** + +Select the data source from the drop-down list that you want to use to determine the group's +membership. + +**External Provider Table** + +Once the data source is selected, select the provider's table that contains the data. If the table +you need is not listed, type its name in the External Provider Table box to select the table. + +**Identity Store Attribute** + +Select an identity store attribute to map a database attribute to it. + +**External Provider Attribute** + +Select a data provider attribute to map it to the selected identity store attribute. + +**Command String** + +This field displays the command that the **Query Designer** executes to retrieve the query results +from the data source. The value can be a query statement and can include multiple columns separated +by commas. Field names are enclosed in brackets ([ ]) to prevent any ambiguity that the query engine +might encounter due to spaces between column names. + +You can modify the command and even write your own command. + +For better performance, it is recommended to select only the columns required to create your group. + +For example: + +``` +SELECT [Column1],[Column2] FROM [Filename.csv] +``` + +Execute + +Click this button to execute the command and preview the results. This process may take several +minutes depending on the size of your data source. + +**Clear** + +Click this button to clear the query. + +Preview + +Enables you to preview the results returned with the criteria specified on all tabs of the Query +Designer dialog box. This is a check to ensure the accuracy of data before changes are committed to +the directory. + +OK + +Saves settings and closes the dialog box. + +Cancel + +Discards settings and closes the dialog box. + +LDAP Query + +View the provider query in the LDAP Query box. diff --git a/docs/directorymanager/11.1/portal/group/querydesigner/filtercriteria.md b/docs/directorymanager/11.1/welcome/group/querydesigner/filtercriteria.md similarity index 98% rename from docs/directorymanager/11.1/portal/group/querydesigner/filtercriteria.md rename to docs/directorymanager/11.1/welcome/group/querydesigner/filtercriteria.md index 8b061f4679..c7d3ee2c46 100644 --- a/docs/directorymanager/11.1/portal/group/querydesigner/filtercriteria.md +++ b/docs/directorymanager/11.1/welcome/group/querydesigner/filtercriteria.md @@ -1,3 +1,9 @@ +--- +title: "Query Designer - Filter Criteria tab" +description: "Query Designer - Filter Criteria tab" +sidebar_position: 10 +--- + # Query Designer - Filter Criteria tab Use this tab to add custom criteria to your query that do not fit any of the categories represented @@ -8,8 +14,8 @@ directory users who live in Houston and have a fax number. You can also apply lo If the administrator in your role's Query Designer policy has defined a default filter criteria, that filter criteria is displayed on this tab. You can view and copy the query using the **View Query** button. See the -[Specify a Default Filter Criteria](/docs/directorymanager/11.1/admincenter/securityrole/policy/querydesigner.md#specify-a-default-filter-criteria) -section of the [ Query Designer Policy](/docs/directorymanager/11.1/admincenter/securityrole/policy/querydesigner.md) +[Specify a Default Filter Criteria](/docs/directorymanager/11.1/signin/securityrole/policy/querydesigner.md#specify-a-default-filter-criteria) +section of the [ Query Designer Policy](/docs/directorymanager/11.1/signin/securityrole/policy/querydesigner.md) topic. The default criteria is part of the policy; therefore, in Directory Manager portal it is visible to diff --git a/docs/directorymanager/11.1/welcome/group/querydesigner/general.md b/docs/directorymanager/11.1/welcome/group/querydesigner/general.md new file mode 100644 index 0000000000..6aa84525ac --- /dev/null +++ b/docs/directorymanager/11.1/welcome/group/querydesigner/general.md @@ -0,0 +1,43 @@ +--- +title: "Query Designer - General tab" +description: "Query Designer - General tab" +sidebar_position: 30 +--- + +# Query Designer - General tab + +Use this tab to specify the type of objects to include in your search. Options vary according to the +object type selected in the **Find** list. + +Select the sub-types of the selected object type to include in your search. + +The following table lists the options available on the **General** tab for each object type in the +**Find** list. + +| Find list option | Objects available for selection | +| --------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Messaging System Recipients | - Users with mailboxes – Includes users with messaging system mailboxes - Users with External Email Address – Includes users with email addresses that are external to your organization - Contacts with External Email Address – Includes contacts with email addresses that are external to your organization - Mail-Enabled Groups – Includes mail-enabled groups - Mail-Enabled Folders – Includes mail-enabled folders | +| Computers | - Workstations and Servers – Includes workstations and servers - Domain Controllers – Includes domain controllers | +| Custom | By default, it includes all object options for Messaging System Recipients, Computers, and Users, Contact, and Groups. For this reason, the General tab does not display any option for this object type. | +| Users, Contacts and Groups | - Users – Includes users - Contacts – Includes contacts - Groups – Includes groups | + +NOTE: The Computer and Contact object types are not supported in a Microsoft Entra ID identity +store. + +Preview + +Enables you to preview the results returned with the criteria specified on all tabs of the Query +Designer dialog box. This is a check to ensure the accuracy of data before changes are committed to +the directory. + +OK + +Saves settings and closes the dialog box. + +Cancel + +Discards settings and closes the dialog box. + +LDAP Query + +View the provider query in the LDAP Query box. diff --git a/docs/directorymanager/11.1/portal/group/querydesigner/includeexclude.md b/docs/directorymanager/11.1/welcome/group/querydesigner/includeexclude.md similarity index 93% rename from docs/directorymanager/11.1/portal/group/querydesigner/includeexclude.md rename to docs/directorymanager/11.1/welcome/group/querydesigner/includeexclude.md index 67ce58a248..ad7fc803aa 100644 --- a/docs/directorymanager/11.1/portal/group/querydesigner/includeexclude.md +++ b/docs/directorymanager/11.1/welcome/group/querydesigner/includeexclude.md @@ -1,3 +1,9 @@ +--- +title: "Query Designer - Include/Exclude tab" +description: "Query Designer - Include/Exclude tab" +sidebar_position: 20 +--- + # Query Designer - Include/Exclude tab Use this tab to include or exclude an object from group membership, regardless of whether it is diff --git a/docs/directorymanager/11.1/welcome/group/querydesigner/overview.md b/docs/directorymanager/11.1/welcome/group/querydesigner/overview.md new file mode 100644 index 0000000000..e231a4b4da --- /dev/null +++ b/docs/directorymanager/11.1/welcome/group/querydesigner/overview.md @@ -0,0 +1,104 @@ +--- +title: "Query Designer" +description: "Query Designer" +sidebar_position: 70 +--- + +# Query Designer + +The Query Designer enables you to create queries for Smart Groups, Dynasties and directory objects +searches. These queries provide a quick and consistent way to retrieve a common set of directory +objects on which you want to perform specific tasks. For example, you can construct a query to +retrieve all users having mailboxes on a particular Exchange Server or you can build a query to +retrieve all directory objects whose information is present in an external data source, such as +Microsoft SQL Server. + +If the administrator has defined a Query Designer access policy for your role, you can create +queries as per the defined policy. A banner is displayed on the Query Designer dialog box indicating +that the administrator has implemented a policy for your role. See the +[ Query Designer Policy](/docs/directorymanager/11.1/signin/securityrole/policy/querydesigner.md) topic. + +The query language depends on the identity store type. + +- An Active Directory based identity store supports an LDAP query. +- A Microsoft Entra ID based identity store supports a device structured query language. + +## Launch the Query Designer + +You can launch the Query Designer dialog box for a Smart Group or a Dynasty or a search query in any +of the following ways: + +- While creating a Smart Group or Dynasty - On the Smart Group/Query Designer page of the New Smart + Group wizard or New Dynasty wizard, click **Query Designer**. +- From group properties - On the Smart Group/Query Designer tab in Smart Group/Dynasty properties, + click **Query Designer**. +- When you upgrade a static group to a Smart Group or Dynasty. +- From the Queries page - On the Advanced Search page, click the **Or use the new query based + search** link. Then click **Query Designer**. + +## The Query Designer Interface + +The Query Designer dialog box provides a visual interface for designing queries, so that you do not +have to write the commands. Its preview feature returns the results for the query before you commit +them to the directory server. + +The Query Designer dialog box groups similar query options by tabs. Settings that are not grouped in +tabs are global; they apply to all tabs. + +### Common Settings and Buttons + +**Find** + +Select an option to specify the type of object to include in the membership of the group. + +- **Messaging System Recipients** - Mail-enabled objects +- **Computers** - Returns computers only +- **Custom** - Returns all objects regardless of objectClass. Be sure to add an objectClass + predicate on the Database tab to avoid unpredictable results. + + Be sure to combine an external data source with the directory to search directory objects on the + Database tab to avoid unpredictable results. + +- **Users, Contacts, and Groups** - Any user, contact, or group, whether mail-enabled or not. + +NOTE: The _Computers_ and _Contact_ object types are not supported in a Microsoft Entra ID identity +store. + +**Start in** + +Click this button to select the containers to search in. The query would search for objects only in +this container and its sub-containers to determine a group’s membership. + +Preview + +Enables you to preview the results returned with the criteria specified on all tabs of the Query +Designer dialog box. This is a check to ensure the accuracy of data before changes are committed to +the directory. + +OK + +Saves settings and closes the dialog box. + +Cancel + +Discards settings and closes the dialog box. + +LDAP Query + +View the provider query in the LDAP Query box. + +### Tabs + +The Query Designer has the following tabs: + +- [Query Designer - General tab](/docs/directorymanager/11.1/welcome/group/querydesigner/general.md) +- [Query Designer - Storage tab](/docs/directorymanager/11.1/welcome/group/querydesigner/storage.md) +- [Query Designer - Filter Criteria tab](/docs/directorymanager/11.1/welcome/group/querydesigner/filtercriteria.md) +- [Query Designer - Include/Exclude tab](/docs/directorymanager/11.1/welcome/group/querydesigner/includeexclude.md) +- [Query Designer - Database tab](/docs/directorymanager/11.1/welcome/group/querydesigner/database.md) +- [Query Designer - Script tab](/docs/directorymanager/11.1/welcome/group/querydesigner/script.md) +- [Query Designer - Password Expiry Options tab](/docs/directorymanager/11.1/welcome/group/querydesigner/passwordexpiryoptions.md)[Query Designer - Password Expiry Options tab](/docs/directorymanager/11.1/welcome/group/querydesigner/passwordexpiryoptions.md) + (only available for Smart Groups with a password expiry condition) + +NOTE: The **Storage** and **Script** tabs are not available for groups in a Microsoft Entra ID +identity store. diff --git a/docs/directorymanager/11.1/portal/group/querydesigner/passwordexpiryoptions.md b/docs/directorymanager/11.1/welcome/group/querydesigner/passwordexpiryoptions.md similarity index 96% rename from docs/directorymanager/11.1/portal/group/querydesigner/passwordexpiryoptions.md rename to docs/directorymanager/11.1/welcome/group/querydesigner/passwordexpiryoptions.md index 755ad1f2e4..10a5f142b3 100644 --- a/docs/directorymanager/11.1/portal/group/querydesigner/passwordexpiryoptions.md +++ b/docs/directorymanager/11.1/welcome/group/querydesigner/passwordexpiryoptions.md @@ -1,3 +1,9 @@ +--- +title: "Query Designer - Password Expiry Options tab" +description: "Query Designer - Password Expiry Options tab" +sidebar_position: 40 +--- + # Query Designer - Password Expiry Options tab The **Password Expiry Options** tab is only available for password expiry groups. You can create a @@ -53,7 +59,7 @@ The **Send email after update** options is enabled after the group is created. Warning emails are not sent to group members (users) whose passwords are set to 'never expire'. Such users are included in group membership when you select the **Include users whose password never expires** check box or add such users to the **Include** list on the -[Query Designer - Include/Exclude tab](/docs/directorymanager/11.1/portal/group/querydesigner/includeexclude.md). +[Query Designer - Include/Exclude tab](/docs/directorymanager/11.1/welcome/group/querydesigner/includeexclude.md). For warning emails to be sent, you must have an SMTP server configured for the identity store. diff --git a/docs/directorymanager/11.1/portal/group/querydesigner/script.md b/docs/directorymanager/11.1/welcome/group/querydesigner/script.md similarity index 92% rename from docs/directorymanager/11.1/portal/group/querydesigner/script.md rename to docs/directorymanager/11.1/welcome/group/querydesigner/script.md index a6156c6b75..058b3ecd2d 100644 --- a/docs/directorymanager/11.1/portal/group/querydesigner/script.md +++ b/docs/directorymanager/11.1/welcome/group/querydesigner/script.md @@ -1,3 +1,9 @@ +--- +title: "Query Designer - Script tab" +description: "Query Designer - Script tab" +sidebar_position: 50 +--- + # Query Designer - Script tab This tab is read-only and displays any script that has been added for the group. The scripting diff --git a/docs/directorymanager/11.1/portal/group/querydesigner/storage.md b/docs/directorymanager/11.1/welcome/group/querydesigner/storage.md similarity index 91% rename from docs/directorymanager/11.1/portal/group/querydesigner/storage.md rename to docs/directorymanager/11.1/welcome/group/querydesigner/storage.md index e598b65ffe..7c948ecf61 100644 --- a/docs/directorymanager/11.1/portal/group/querydesigner/storage.md +++ b/docs/directorymanager/11.1/welcome/group/querydesigner/storage.md @@ -1,3 +1,9 @@ +--- +title: "Query Designer - Storage tab" +description: "Query Designer - Storage tab" +sidebar_position: 60 +--- + # Query Designer - Storage tab Settings on the Storage tab are available when the ‘Messaging System Recipients’ option is selected diff --git a/docs/directorymanager/11.1/welcome/group/recyclebin/_category_.json b/docs/directorymanager/11.1/welcome/group/recyclebin/_category_.json new file mode 100644 index 0000000000..7e85c20bf1 --- /dev/null +++ b/docs/directorymanager/11.1/welcome/group/recyclebin/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Deleted Groups", + "position": 60, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/directorymanager/11.1/welcome/group/recyclebin/general.md b/docs/directorymanager/11.1/welcome/group/recyclebin/general.md new file mode 100644 index 0000000000..c766a80f8a --- /dev/null +++ b/docs/directorymanager/11.1/welcome/group/recyclebin/general.md @@ -0,0 +1,23 @@ +--- +title: "General tab" +description: "General tab" +sidebar_position: 10 +--- + +# General tab + +This tab displays the general attributes of the deleted group, such as the group name, last known +parent, creation date, and deletion date. + +Use this tab to view attributes of the deleted groups. + +This tab displays the following general attributes: + +- Name +- Creation Date +- Common Name +- Object GUID +- Last Known Parent +- Deletion Date +- Distinguished Name +- Group Type diff --git a/docs/directorymanager/11.1/welcome/group/recyclebin/overview.md b/docs/directorymanager/11.1/welcome/group/recyclebin/overview.md new file mode 100644 index 0000000000..befef45604 --- /dev/null +++ b/docs/directorymanager/11.1/welcome/group/recyclebin/overview.md @@ -0,0 +1,96 @@ +--- +title: "Deleted Groups" +description: "Deleted Groups" +sidebar_position: 60 +--- + +# Deleted Groups + +Directory Manager portal handles group deletion as either physical or logical. + +## Tombstone Groups + +Physically deleted groups have Tombstone as type. Physical group deletion refers to manually +deleting groups using the **Delete** option on the **Actions** menu or shortcut menu. Directory +Manager moves a physically deleted it to the Recycle Bin while stripping it of most of its +properties. You can delete or restore a group from the Recycle Bin. The restoration process not only +restores the group to its original container, but it also reinstates the home container for the +group, if deleted. + +When restored, a physically deleted group is restored with limited attributes; its membership is not +restored. + +A Smart Group and Dynasty is restored as a static group with no members and no query. + +NOTE: Tombstone groups are not available in Microsoft Entra ID. + +## Logical Deletion + +Groups that are deleted by the Group Lifecycle job are considered to be logically deleted. The job +deletes expired groups X number of days after group expiry, as specified in Group Lifecycle policy +settings. + +Upon deletion, logically deleted groups are moved to the Recycle Bin, with all their attributes +intact. As a result, a logically deleted group, when restored, returns to its state it had at the +time of deletion. The restoration process not only restores the group to the container from where it +was deleted but it also reinstates the home container for the group, if deleted. + +You can also manually delete a logically deleted group in the Recycle Bin, making it physically +deleted. Simply select the required group and select Delete on the shortcut menu. + +## Deletion notifications + +When the Group Lifecycle job deletes a group, it notifies the group owners or, if there is no owner, +the default approver specified in the Group Lifecycle policy. + +## Modify Search Directory + +You can modify the search results in **Modify Search Directory**. You can select entire directory or +a domain to search deleted groups from. + +## Filter Deleted Groups + +You can add filters while searching for specific deleted groups from Tombstone or Logically Deleted +Groups. + +1. Click **Add Filter** to specify a criterion for filtering deleted groups. +2. From the **Select a Filter** list, select the attribute to filter deleted groups. +3. Two more boxes get displayed next to **Select a Filter** box upon selecting a filter. + + - **Select an Operator** from the first list. + - Specify a value for the selected operator in the second box. + +4. Click **Apply Filter**. + + Deleted Groups that match the specified criterion are displayed. + +5. You can add additional filters by clicking **Add Filter**. +6. To undo the filters, click **Reset Filter.** It will remove all the criteria set before. + +## Delete a group from Recycle Bin + +Follow the steps to delete a group from Recycle Bin. + +1. In Directory Manager portal, select **Groups > Deleted Groups** from the left pane. +2. From the groups list, select one or more groups. +3. Click **Delete** on the shortcut menu. + +The group / groups will be permanently deleted from the recycle bin. + +## Restore a deleted group + +Follow the steps to restore a deleted group. + +1. In Directory Manager portal, select **Groups > Deleted Groups** from the left pane. +2. From the groups list, select one or more groups. +3. Click **Restore** on the shortcut menu. + +The group / groups will be restored in the directory. + +NOTE: You can only restore a physically deleted group from the Recycle Bin if the service account +for the connected identity store has the ‘Reanimate Tombstone’ permissions. + +NOTE: While all searches in Directory Manager are catered through Elasticsearch, the Recycle Bin is +an exception, as it fetches data from the directory. + +NOTE: The Recycle Bin does not display data for a Microsoft Entra ID based identity store. diff --git a/docs/directorymanager/11.1/portal/group/transferownership.md b/docs/directorymanager/11.1/welcome/group/transferownership.md similarity index 97% rename from docs/directorymanager/11.1/portal/group/transferownership.md rename to docs/directorymanager/11.1/welcome/group/transferownership.md index 6496b08052..7699b8f0ae 100644 --- a/docs/directorymanager/11.1/portal/group/transferownership.md +++ b/docs/directorymanager/11.1/welcome/group/transferownership.md @@ -1,3 +1,9 @@ +--- +title: "Transfer Ownership" +description: "Transfer Ownership" +sidebar_position: 100 +--- + # Transfer Ownership The Transfer Ownership wizard provides a convenient way to: diff --git a/docs/directorymanager/11.1/welcome/group/workingwithgroups/_category_.json b/docs/directorymanager/11.1/welcome/group/workingwithgroups/_category_.json new file mode 100644 index 0000000000..4508f0827a --- /dev/null +++ b/docs/directorymanager/11.1/welcome/group/workingwithgroups/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Working with Groups", + "position": 40, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "workingwithgroups" + } +} \ No newline at end of file diff --git a/docs/directorymanager/11.1/portal/group/manage/attestation.md b/docs/directorymanager/11.1/welcome/group/workingwithgroups/attestation.md similarity index 96% rename from docs/directorymanager/11.1/portal/group/manage/attestation.md rename to docs/directorymanager/11.1/welcome/group/workingwithgroups/attestation.md index 3dc1e19904..ee50b87c66 100644 --- a/docs/directorymanager/11.1/portal/group/manage/attestation.md +++ b/docs/directorymanager/11.1/welcome/group/workingwithgroups/attestation.md @@ -1,3 +1,9 @@ +--- +title: "Attest an Expiring Group" +description: "Attest an Expiring Group" +sidebar_position: 20 +--- + # Attest an Expiring Group If the Directory Manager administrator enables group attestation for the identity store, then group @@ -16,7 +22,7 @@ A group expires when it is not attested and renewed during its expiring days. **History Logging** Directory Manager tracks and maintains history for group attestation. On the -[Object properties - History tab](/docs/directorymanager/11.1/portal/group/properties/history.md) in group properties, the following is +[Object properties - History tab](/docs/directorymanager/11.1/welcome/group/properties/history.md) in group properties, the following is logged: - The date the group was attested on. diff --git a/docs/directorymanager/11.1/welcome/group/workingwithgroups/dynastyfunction.md b/docs/directorymanager/11.1/welcome/group/workingwithgroups/dynastyfunction.md new file mode 100644 index 0000000000..deccb0dee1 --- /dev/null +++ b/docs/directorymanager/11.1/welcome/group/workingwithgroups/dynastyfunction.md @@ -0,0 +1,118 @@ +--- +title: "Dynasties Functions" +description: "Dynasties Functions" +sidebar_position: 100 +--- + +# Dynasties Functions + +In Directory Manager portal, you can manage Dynasty structure and its membership using the following +functions. + +## Manage attributes for an Organizational/Geographical/Custom Dynasty + +Dynasties are built on attributes. For example, if the Country, State, and City attributes are +specified for a Geographical Dynasty, Directory Manager creates a Smart Group for every distinct +country, then for each state within a country, and finally for each city within a state. + +1. On the left navigation bar, click **Groups** and then select the **My Groups** tab. + + You can also [Directory Search](/docs/directorymanager/11.1/welcome/generalfeatures/search.md) the Organizational, Organizational, or + custom Dynasty you want to change the attributes for. + +2. Select the required Dynasty and click **Properties** on the toolbar. + + The Dynasty's [Group Properties](/docs/directorymanager/11.1/welcome/group/properties/overview.md) page is displayed with the + **General** tab in view. + +3. On the **Dynasty Options** tab, update the attributes in the **Attributes** area. + + Refer to the [Dynasty Options page](/docs/directorymanager/11.1/welcome/group/dynasty/createdynasty/dynastyoptionsorggeocus.md) for details. + +4. Click **Save**. + +## Manage Managerial Dynasty structure + +Follow the steps to manage structure of a Managerial Dynasty. + +1. On the left navigation bar, click **Groups** and then select the **My Groups** tab. + + You can also [Directory Search](/docs/directorymanager/11.1/welcome/generalfeatures/search.md) the Managerial Dynasty you want to + restructure. + +2. Select the required Dynasty and click **Properties** on the toolbar. + + The Dynasty's [Group Properties](/docs/directorymanager/11.1/welcome/group/properties/overview.md) page is displayed with the + **General** tab in view. + +3. On the **Dynasty Options** tab, modify the options related to the Dynasty structure. + + Refer to the [Dynasty Options page (Managerial Dynasty)](/docs/directorymanager/11.1/welcome/group/dynasty/createdynasty/dynastyoptionsmanagerial.md) + for details. + +4. Click **Save**. + +## Set attribute inheritance + +Follow the steps to set attribute inheritance of a dynasty. + +1. On the left navigation bar, click **Groups** and then select the **My Groups** tab. + + You can also [Directory Search](/docs/directorymanager/11.1/welcome/generalfeatures/search.md) the Dynasty you want to change the + inheritance option for. + +2. Select the required Dynasty and click **Properties** on the toolbar. + + The Dynasty's [Group Properties](/docs/directorymanager/11.1/welcome/group/properties/overview.md) page is displayed with the + **General** tab in view. + +3. On the **Dynasty Options** tab, select the required option from the **Inheritance** drop-down + list. + + See [Inheritance](/docs/directorymanager/11.1/welcome/group/properties/dynastyoptions.md). + +4. Click **Save**. + +## Modify alias and display name templates + +Follow the steps to modify alias of an Organizational/Geographical/Custom dynasty. + +1. On the left navigation bar, click **Groups** and then select the **My Groups** tab. + + You can also [Directory Search](/docs/directorymanager/11.1/welcome/generalfeatures/search.md) the Dynasty you want to change the alias + or display name template for. + +2. Select the required Organizational/Geographical/Custom Dynasty and click **Properties** on the + toolbar. + + The Dynasty's [Group Properties](/docs/directorymanager/11.1/welcome/group/properties/overview.md) page is displayed with the + **General** tab in view. + +3. On the **Dynasty Options** tab, use the **Alias Template** and **Display Name Template** boxes to + modify the respective templates. + + For details, see [Alias Template](/docs/directorymanager/11.1/welcome/group/properties/dynastyoptions.md) and + [Display Name Template](/docs/directorymanager/11.1/welcome/group/properties/dynastyoptions.md) for an + Organizational/Geographical/Custom Dynasty. + +4. Click **Save**. + +Follow the steps to modify aloas of a Managerial dynasty. + +1. On the left navigation bar, click **Groups** and then select the **My Groups** tab. + + You can also [Directory Search](/docs/directorymanager/11.1/welcome/generalfeatures/search.md) the Dynasty you want to change the alias + or display name template for. + +2. Select the required Managerial Dynasty and click **Properties** on the toolbar. + + The Dynasty's [Group Properties](/docs/directorymanager/11.1/welcome/group/properties/overview.md) page is displayed with the + **General** tab in view. + +3. On the **Dynasty Options** tab, use the **Alias Template** and **Display Name Template** boxes to + modify the respective templates. + + For details, see [Alias Template](/docs/directorymanager/11.1/welcome/group/properties/dynastyoptions.md) and + [Display Name Template](/docs/directorymanager/11.1/welcome/group/properties/dynastyoptions.md) for a Managerial Dynasty. + +4. Click **Save**. diff --git a/docs/directorymanager/11.1/welcome/group/workingwithgroups/generalfunction.md b/docs/directorymanager/11.1/welcome/group/workingwithgroups/generalfunction.md new file mode 100644 index 0000000000..955afed334 --- /dev/null +++ b/docs/directorymanager/11.1/welcome/group/workingwithgroups/generalfunction.md @@ -0,0 +1,76 @@ +--- +title: "General Group functions" +description: "General Group functions" +sidebar_position: 10 +--- + +# General Group functions + +You can perform the following general functions on your directory groups. + +## Search for groups + +See [Directory Search](/docs/directorymanager/11.1/welcome/generalfeatures/search.md). + +## View object properties + +You can view and modify the properties of a mailbox, group, user and contact. + +1. [Directory Search](/docs/directorymanager/11.1/welcome/generalfeatures/search.md) the required object. +2. Select this object on the **Search Results** page and click **Properties** on the toolbar. + + The object's [Group Properties](/docs/directorymanager/11.1/welcome/group/properties/overview.md) page is displayed. + +## View groups managed by an object + +You can get a list of all groups managed by a particular object (i.e., all groups for which the +selected object is a primary or additional owner). + +1. [Directory Search](/docs/directorymanager/11.1/welcome/generalfeatures/search.md) the required object. +2. Select this object on the **Search Results** page and click **Owner** on the toolbar. + +## Manage group access + +A group’s security type determines how non-members can access the group and become its members. + +A security type is assigned to the group when it is created. However, you can change it later, if +required. + +1. In Directory Manager portal, click **Groups** in the left navigation pane, select Groups. + + The Groups page is displayed with the **My Groups** tab in view. + +2. Select a group and click **Properties** on the toolbar. + + The group's [Group Properties](/docs/directorymanager/11.1/welcome/group/properties/overview.md) page is displayed with the **General** + tab in view. + +3. Select a different security type for the group from the **Security** list. +4. Click **Save**. + +## Set email delivery restrictions + +You can allow or restrict a group from receiving emails from specified recipients. + +NOTE: This feature is not available for groups in a Microsoft Entra ID based identity store. + +1. In Directory Manager portal, click **Groups** in the left navigation pane, select **My Groups**. + + The Groups page is displayed with the **My Groups** tab in view. + +2. Select the required group and click **Properties** on the toolbar. + + The group's [Group Properties](/docs/directorymanager/11.1/welcome/group/properties/overview.md) page is displayed. + +3. Click the **Delivery Restrictions** tab. +4. Specify the senders that the group can receive emails from: + + 1. Click the **Add** button in the **Accept from** area. + 2. Enter a search string to locate the required object, or click **Advanced** to use the + [Find Dialog Box](/docs/directorymanager/11.1/welcome/generalfeatures/find.md) for performing a search. + +5. Select the senders that the group cannot accept emails from: + 1. Click the **Add** button in the **Reject from** area. + 2. Enter a search string to locate the required object, or click **Advanced** to use the + [Find Dialog Box](/docs/directorymanager/11.1/welcome/generalfeatures/find.md) for performing a search. +6. Save the changes. diff --git a/docs/directorymanager/11.1/portal/group/manage/groupaccess.md b/docs/directorymanager/11.1/welcome/group/workingwithgroups/groupaccess.md similarity index 91% rename from docs/directorymanager/11.1/portal/group/manage/groupaccess.md rename to docs/directorymanager/11.1/welcome/group/workingwithgroups/groupaccess.md index c6c515e6a1..2d5fc516d1 100644 --- a/docs/directorymanager/11.1/portal/group/manage/groupaccess.md +++ b/docs/directorymanager/11.1/welcome/group/workingwithgroups/groupaccess.md @@ -1,3 +1,9 @@ +--- +title: "Manage Group Access" +description: "Manage Group Access" +sidebar_position: 40 +--- + # Manage Group Access A group's security type determines how non-members can access the group and become its members. diff --git a/docs/directorymanager/11.1/portal/group/manage/groupdeletion.md b/docs/directorymanager/11.1/welcome/group/workingwithgroups/groupdeletion.md similarity index 88% rename from docs/directorymanager/11.1/portal/group/manage/groupdeletion.md rename to docs/directorymanager/11.1/welcome/group/workingwithgroups/groupdeletion.md index 2e28c65f06..0a67a735da 100644 --- a/docs/directorymanager/11.1/portal/group/manage/groupdeletion.md +++ b/docs/directorymanager/11.1/welcome/group/workingwithgroups/groupdeletion.md @@ -1,3 +1,9 @@ +--- +title: "Group Deletion" +description: "Group Deletion" +sidebar_position: 60 +--- + # Group Deletion In Directory Manager, groups can be deleted in any of the following ways: @@ -31,12 +37,12 @@ To renew a physically deleted group, contact the Directory Manager administrator Groups that are deleted by the Group Life Cycle job are considered to be logically deleted. This job deletes expired groups automatically based on the Group Life Cycle policy for the identity store. -Logically deleted groups are moved to the [My Deleted Groups](/docs/directorymanager/11.1/portal/group/mydeletedgroups.md) page with the +Logically deleted groups are moved to the [My Deleted Groups](/docs/directorymanager/11.1/welcome/group/mygroups/mydeletedgroups.md) page with the 'Deleted\_' prefix added to their names. Such groups have all their attributes intact. As a result, a logically deleted group, when renewed, returns to the state it had at the time of deletion. See the -[What Happens When a Group is Deleted](/docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/groupexpirydeletion.md#what-happens-when-a-group-is-deleted) +[What Happens When a Group is Deleted](/docs/directorymanager/11.1/signin/identitystore/configure/groupexpirydeletion.md#what-happens-when-a-group-is-deleted) topic for additional information on group deletion. ## Group Deletion Notifications diff --git a/docs/directorymanager/11.1/portal/group/manage/groupexpiry.md b/docs/directorymanager/11.1/welcome/group/workingwithgroups/groupexpiry.md similarity index 93% rename from docs/directorymanager/11.1/portal/group/manage/groupexpiry.md rename to docs/directorymanager/11.1/welcome/group/workingwithgroups/groupexpiry.md index e53073d465..745133eb41 100644 --- a/docs/directorymanager/11.1/portal/group/manage/groupexpiry.md +++ b/docs/directorymanager/11.1/welcome/group/workingwithgroups/groupexpiry.md @@ -1,3 +1,9 @@ +--- +title: "Group Expiry" +description: "Group Expiry" +sidebar_position: 90 +--- + # Group Expiry Directory Manager provides two ways to expire a group: @@ -70,7 +76,7 @@ to all groups in the identity store and cannot be changed for individual groups. When the Group Lifeycle job executes the Group Lifecycle policy, it monitors group expiry dates as determined by each group’s expiration period. See the -[Set a Default Expiry Policy for Groups](/docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/grouplifecycle.md#set-a-default-expiry-policy-for-groups) +[Set a Default Expiry Policy for Groups](/docs/directorymanager/11.1/signin/identitystore/configure/grouplifecycle.md#set-a-default-expiry-policy-for-groups) topic. ## Group Expiry Notifications @@ -92,5 +98,5 @@ expiry, the job does the following: Directory Manager will extend the group’s expiration date by 7 days. Notifications are sent if an SMTP server is configured for the identity store. See the -[Set Group Expiry Notifications](/docs/directorymanager/11.1/admincenter/identitystore/configure/directoryservice/grouplifecycle.md#set-group-expiry-notifications) +[Set Group Expiry Notifications](/docs/directorymanager/11.1/signin/identitystore/configure/grouplifecycle.md#set-group-expiry-notifications) topic for additional information. diff --git a/docs/directorymanager/11.1/portal/group/manage/groupexpiryfunction.md b/docs/directorymanager/11.1/welcome/group/workingwithgroups/groupexpiryfunction.md similarity index 79% rename from docs/directorymanager/11.1/portal/group/manage/groupexpiryfunction.md rename to docs/directorymanager/11.1/welcome/group/workingwithgroups/groupexpiryfunction.md index e1532522b1..7aa306d37d 100644 --- a/docs/directorymanager/11.1/portal/group/manage/groupexpiryfunction.md +++ b/docs/directorymanager/11.1/welcome/group/workingwithgroups/groupexpiryfunction.md @@ -1,3 +1,9 @@ +--- +title: "Group Expiry Functions" +description: "Group Expiry Functions" +sidebar_position: 120 +--- + # Group Expiry Functions You can expire, renew or delete a group using Directory Manager portal. You can change expiry policy @@ -10,7 +16,7 @@ Follow the steps to expire a group manually. 1. On the left navigation bar, click **Groups** and then select the **My Groups**, **My Memberships**, or **My Expiring Groups** tab. - You can also [Directory Search](/docs/directorymanager/11.1/portal/search/search.md) the group you want to expire. + You can also [Directory Search](/docs/directorymanager/11.1/welcome/generalfeatures/search.md) the group you want to expire. 2. On the page displayed, select the required group and click **Expire** on the toolbar. @@ -19,7 +25,7 @@ NOTE: Note the following: - When you try to manually expire a group with the expiry policy set to ‘Never Expire’, an error message is displayed, informing you that the group cannot be expired. - When you manually expire a group with an expiry policy other than ‘Never Expire’, the group - expires and is moved it to the [My Expired Groups](/docs/directorymanager/11.1/portal/group/myexpiredgroups.md) page. + expires and is moved it to the [My Expired Groups](/docs/directorymanager/11.1/welcome/group/mygroups/myexpiredgroups.md) page. - A group without an expiry policy will not expire. Directory groups that are created outside of Directory Manager do not have an expiry policy. @@ -32,7 +38,7 @@ If expired groups are not renewed within a specific period (set by the Directory administrator in the Group Lifecycle policy for the identity store), they are logically deleted when the period ends. See Group life cycle job. -Logically deleted groups are moved to the [My Deleted Groups](/docs/directorymanager/11.1/portal/group/mydeletedgroups.md) page with the +Logically deleted groups are moved to the [My Deleted Groups](/docs/directorymanager/11.1/welcome/group/mygroups/mydeletedgroups.md) page with the “Deleted\_” prefix added to their names. ## Change the expiry policy for a group @@ -41,12 +47,12 @@ When a group is created, it has its expiry policy set to 'Never Expire'. You can as required. The Group Life Cycle job expires groups according to their respective expiry policies and moves them -to the [My Expired Groups](/docs/directorymanager/11.1/portal/group/myexpiredgroups.md) page. +to the [My Expired Groups](/docs/directorymanager/11.1/welcome/group/mygroups/myexpiredgroups.md) page. -1. [Directory Search](/docs/directorymanager/11.1/portal/search/search.md) the group you want to change the expiry policy for. +1. [Directory Search](/docs/directorymanager/11.1/welcome/generalfeatures/search.md) the group you want to change the expiry policy for. 2. Select this group on the **Search Results** page and click **Properties** on the toolbar. - The group's [Group Properties](/docs/directorymanager/11.1/portal/group/properties/overview.md) page is displayed with the **General** + The group's [Group Properties](/docs/directorymanager/11.1/welcome/group/properties/overview.md) page is displayed with the **General** tab in view. 3. From the **Expiration Policy** list, select the duration that the group would remain active for, @@ -62,11 +68,11 @@ to the [My Expired Groups](/docs/directorymanager/11.1/portal/group/myexpiredgro 4. Click **Save**. NOTE: If the Directory Manager administrator has specified this action for review, your changes will -not take effect until verified by an approver. See [Requests](/docs/directorymanager/11.1/portal/request/overview.md). +not take effect until verified by an approver. See [Requests](/docs/directorymanager/11.1/welcome/request/overview.md). ## Attest an expiring group -See [Attest an Expiring Group](/docs/directorymanager/11.1/portal/group/manage/attestation.md). +See [Attest an Expiring Group](/docs/directorymanager/11.1/welcome/group/workingwithgroups/attestation.md). ## Renew an expired group diff --git a/docs/directorymanager/11.1/portal/group/manage/groupjoinleave.md b/docs/directorymanager/11.1/welcome/group/workingwithgroups/groupjoinleave.md similarity index 84% rename from docs/directorymanager/11.1/portal/group/manage/groupjoinleave.md rename to docs/directorymanager/11.1/welcome/group/workingwithgroups/groupjoinleave.md index 18d72717a8..5ae78500ee 100644 --- a/docs/directorymanager/11.1/portal/group/manage/groupjoinleave.md +++ b/docs/directorymanager/11.1/welcome/group/workingwithgroups/groupjoinleave.md @@ -1,3 +1,9 @@ +--- +title: "Join/Leave a Group" +description: "Join/Leave a Group" +sidebar_position: 110 +--- + # Join/Leave a Group Directory Manager provides you the facility to join/leave a group temporarily or permanently for a @@ -7,26 +13,26 @@ specified period of time. You can join a semi-private or public group as a permanent member. -1. [Directory Search](/docs/directorymanager/11.1/portal/search/search.md) the group(s) you want to join. +1. [Directory Search](/docs/directorymanager/11.1/welcome/generalfeatures/search.md) the group(s) you want to join. 2. On the page displayed, select the group(s) to join. 3. Point to the **Join** button on the toolbar, make sure that the **Join Perpetually** option is selected, and click **Join**. - You can also join a group on the group's [Group Properties](/docs/directorymanager/11.1/portal/group/properties/overview.md) page by + You can also join a group on the group's [Group Properties](/docs/directorymanager/11.1/welcome/group/properties/overview.md) page by using the **Join** button on the toolbar. When a user joins a Smart Group or Dynasty, he or she is added to the **Include** list on the -[Query Designer - Include/Exclude tab](/docs/directorymanager/11.1/portal/group/querydesigner/includeexclude.md) of the Query Designer. As +[Query Designer - Include/Exclude tab](/docs/directorymanager/11.1/welcome/group/querydesigner/includeexclude.md) of the Query Designer. As a result, the user remains a group member even when it does not fall in the scope of the query. NOTE: For a semi-private group, the group owner must approve your _join_ request before you are -added to group membership. See [Requests](/docs/directorymanager/11.1/portal/request/overview.md). +added to group membership. See [Requests](/docs/directorymanager/11.1/welcome/request/overview.md). ## Join a group temporarily The logged-in user can join a semi-private or public group as a temporary member. -1. [Directory Search](/docs/directorymanager/11.1/portal/search/search.md) the group(s) you want to join. +1. [Directory Search](/docs/directorymanager/11.1/welcome/generalfeatures/search.md) the group(s) you want to join. 2. On the page displayed, select the group(s) to join. 3. Point to the **Join** button on the toolbar and select the **Join Temporarily** option. 4. In the **Duration** list, select one of the following options: @@ -41,15 +47,15 @@ The logged-in user can join a semi-private or public group as a temporary member 5. Click **Join**. - You can also join a group on the group's [Group Properties](/docs/directorymanager/11.1/portal/group/properties/overview.md) page by + You can also join a group on the group's [Group Properties](/docs/directorymanager/11.1/welcome/group/properties/overview.md) page by using the **Join** button on the toolbar. When a user joins a Smart Group or Dynasty, he or she is added to the **Include** list on the -[Query Designer - Include/Exclude tab](/docs/directorymanager/11.1/portal/group/querydesigner/includeexclude.md) of the Query Designer. As +[Query Designer - Include/Exclude tab](/docs/directorymanager/11.1/welcome/group/querydesigner/includeexclude.md) of the Query Designer. As a result, the user remains a group member even when it does not fall in the scope of the query. NOTE: For a semi-private group, the group owner must approve your _join_ request before you are -added to group membership. See [Requests](/docs/directorymanager/11.1/portal/request/overview.md). +added to group membership. See [Requests](/docs/directorymanager/11.1/welcome/request/overview.md). ## Leave a group permanently @@ -61,21 +67,21 @@ The logged-in user can permanently leave the membership of a semi-private or pub Or - [Directory Search](/docs/directorymanager/11.1/portal/search/search.md) the group(s) you want to leave. + [Directory Search](/docs/directorymanager/11.1/welcome/generalfeatures/search.md) the group(s) you want to leave. 2. On the page displayed, select the required group(s). 3. Point to the **Leave** button on the toolbar, make sure that the **Leave Perpetually** option is selected, and click **Leave**. - You can also leave a group on the group's [Group Properties](/docs/directorymanager/11.1/portal/group/properties/overview.md) page by + You can also leave a group on the group's [Group Properties](/docs/directorymanager/11.1/welcome/group/properties/overview.md) page by using the **Leave** button on the toolbar. When a user leaves a Smart Group or Dynasty, he or she is added to the **Exclude** list on the -[Query Designer - Include/Exclude tab](/docs/directorymanager/11.1/portal/group/querydesigner/includeexclude.md) of the Query Designer. As +[Query Designer - Include/Exclude tab](/docs/directorymanager/11.1/welcome/group/querydesigner/includeexclude.md) of the Query Designer. As a result, the user is not added to group membership even when it falls in the scope of the query. NOTE: For a semi-private group, the group owner must approve your _leave_ request before you are -removed from group membership. See [Requests](/docs/directorymanager/11.1/portal/request/overview.md). +removed from group membership. See [Requests](/docs/directorymanager/11.1/welcome/request/overview.md). ## Leave a group temporarily @@ -87,7 +93,7 @@ The logged-in user can leave the membership of a semi-private or public group on Or - [Directory Search](/docs/directorymanager/11.1/portal/search/search.md) the group(s) you want to leave. + [Directory Search](/docs/directorymanager/11.1/welcome/generalfeatures/search.md) the group(s) you want to leave. 2. On the page displayed, select the required group(s). 3. Point to the **Leave** button on the toolbar and select the **Leave Temporarily** option. @@ -103,15 +109,15 @@ The logged-in user can leave the membership of a semi-private or public group on 5. Click **Leave**. - You can also leave a group on the group's [Group Properties](/docs/directorymanager/11.1/portal/group/properties/overview.md) page by + You can also leave a group on the group's [Group Properties](/docs/directorymanager/11.1/welcome/group/properties/overview.md) page by using the **Leave** button on the toolbar. When a user leaves a Smart Group or Dynasty, he or she is added to the **Exclude** list on the -[Query Designer - Include/Exclude tab](/docs/directorymanager/11.1/portal/group/querydesigner/includeexclude.md) of the Query Designer. As +[Query Designer - Include/Exclude tab](/docs/directorymanager/11.1/welcome/group/querydesigner/includeexclude.md) of the Query Designer. As a result, the user is not added to group membership even when it falls in the scope of the query. NOTE: For a semi-private group, the group owner must approve your _leave_ request before you are -removed from group membership. See [Requests](/docs/directorymanager/11.1/portal/request/overview.md). +removed from group membership. See [Requests](/docs/directorymanager/11.1/welcome/request/overview.md). ## Join or leave a group on behalf of a direct report or peer @@ -137,7 +143,7 @@ The logged-in user can join a group on behalf of a direct report or peer. 1. On the left navigation bar, click **Groups** and then select the **My Groups**, **My Memberships**, or **My Expiring Groups** tab. - You can also [Directory Search](/docs/directorymanager/11.1/portal/search/search.md) the group you want to join on behalf of + You can also [Directory Search](/docs/directorymanager/11.1/welcome/generalfeatures/search.md) the group you want to join on behalf of a direct report or peer. 2. On the page displayed, select the group to join. @@ -157,7 +163,7 @@ The logged-in user can join a group on behalf of a direct report or peer. period, and click **Join**. When a user is joined on behalf to a Smart Group or Dynasty, he or she is added to the **Include** -list on the [Query Designer - Include/Exclude tab](/docs/directorymanager/11.1/portal/group/querydesigner/includeexclude.md) of the Query +list on the [Query Designer - Include/Exclude tab](/docs/directorymanager/11.1/welcome/group/querydesigner/includeexclude.md) of the Query Designer. As a result, the user remains a group member even when it does not fall in the scope of the query. @@ -168,7 +174,7 @@ The logged-in user can leave a group on behalf of a direct report or peer. 1. On the left navigation bar, click **Groups** and then select the **My Groups**, **My Memberships**, or **My Expiring Groups** tab. - You can also [Directory Search](/docs/directorymanager/11.1/portal/search/search.md) the group you want to leave on behalf of + You can also [Directory Search](/docs/directorymanager/11.1/welcome/generalfeatures/search.md) the group you want to leave on behalf of a direct report or peer. 2. On the page displayed, select the group to leave. @@ -188,7 +194,7 @@ The logged-in user can leave a group on behalf of a direct report or peer. period, and click **Leave**. When a user is removed on behalf from a Smart Group or Dynasty, he or she is added to the -**Exclude** list on the [Query Designer - Include/Exclude tab](/docs/directorymanager/11.1/portal/group/querydesigner/includeexclude.md) +**Exclude** list on the [Query Designer - Include/Exclude tab](/docs/directorymanager/11.1/welcome/group/querydesigner/includeexclude.md) of the Query Designer. As a result, the user is not added to group membership even when it falls in the scope of the query. diff --git a/docs/directorymanager/11.1/portal/group/manage/groupmembershipfunction.md b/docs/directorymanager/11.1/welcome/group/workingwithgroups/groupmembershipfunction.md similarity index 83% rename from docs/directorymanager/11.1/portal/group/manage/groupmembershipfunction.md rename to docs/directorymanager/11.1/welcome/group/workingwithgroups/groupmembershipfunction.md index 6a742f59ed..b276b5845c 100644 --- a/docs/directorymanager/11.1/portal/group/manage/groupmembershipfunction.md +++ b/docs/directorymanager/11.1/welcome/group/workingwithgroups/groupmembershipfunction.md @@ -1,3 +1,9 @@ +--- +title: "Group Membership functions" +description: "Group Membership functions" +sidebar_position: 80 +--- + # Group Membership functions Groups let you apply a common set of policies to multiple users. Groups also guarantee consistency @@ -40,7 +46,7 @@ will exist but without any link to Group A. Hence, Group A’s membership will b You can add one or more objects to the membership of one or more groups. These objects would be added as permanent members. You will find them listed as members on the Members tab in -[Group Properties](/docs/directorymanager/11.1/portal/group/properties/overview.md). +[Group Properties](/docs/directorymanager/11.1/welcome/group/properties/overview.md). NOTE: In a Microsoft Entra ID based identity store, only user objects can be added as members of an Office 365 group. @@ -49,21 +55,21 @@ Use any of the following methods to add members to groups. ### Method 1: -1. [Directory Search](/docs/directorymanager/11.1/portal/search/search.md) the required objects. +1. [Directory Search](/docs/directorymanager/11.1/welcome/generalfeatures/search.md) the required objects. 2. Select these objects on the **Search Results** page and click **Add to Group** on the toolbar. -3. The [Find Dialog Box](/docs/directorymanager/11.1/portal/search/find.md) is displayed, where you can search and select the +3. The [Find Dialog Box](/docs/directorymanager/11.1/welcome/generalfeatures/find.md) is displayed, where you can search and select the group(s) to add the objects to. ### Method 2: -1. [Directory Search](/docs/directorymanager/11.1/portal/search/search.md) the group you want to add members to. +1. [Directory Search](/docs/directorymanager/11.1/welcome/generalfeatures/search.md) the group you want to add members to. 2. Select this group on the **Search Results** page and click **Properties** on the toolbar. - The group's [Group Properties](/docs/directorymanager/11.1/portal/group/properties/overview.md) page is displayed. + The group's [Group Properties](/docs/directorymanager/11.1/welcome/group/properties/overview.md) page is displayed. 3. On the **Members** tab, click **Add**. 4. Enter a search string to locate the objects to add as members, or click **Advanced** to use the - [Find Dialog Box](/docs/directorymanager/11.1/portal/search/find.md) for performing a search. + [Find Dialog Box](/docs/directorymanager/11.1/welcome/generalfeatures/find.md) for performing a search. 5. Save the changes. NOTE: These methods for adding members are recommended for static (unmanaged) groups only. For Smart @@ -79,11 +85,11 @@ membership type of an object from permanent to temporary and vice versa. You can also add or remove an object from a group's membership for a temporary period. -1. [Directory Search](/docs/directorymanager/11.1/portal/search/search.md) a group to change the membership type of its +1. [Directory Search](/docs/directorymanager/11.1/welcome/generalfeatures/search.md) a group to change the membership type of its member(s). 2. Select this group on the **Search Results** page and click **Properties** on the toolbar. - The group's [Group Properties](/docs/directorymanager/11.1/portal/group/properties/overview.md) page is displayed, where the + The group's [Group Properties](/docs/directorymanager/11.1/welcome/group/properties/overview.md) page is displayed, where the **Members** tab lists the group members. 3. To change the membership type of a member, click anywhere in the respective row to make it @@ -150,10 +156,10 @@ days for temporary membership update. Follow the steps to remove members permanently from a group. -1. [Directory Search](/docs/directorymanager/11.1/portal/search/search.md) the group you want to remove member(s) from. +1. [Directory Search](/docs/directorymanager/11.1/welcome/generalfeatures/search.md) the group you want to remove member(s) from. 2. Select this group on the **Search Results** page and click **Properties** on the toolbar. - The group's [Group Properties](/docs/directorymanager/11.1/portal/group/properties/overview.md) page is displayed. + The group's [Group Properties](/docs/directorymanager/11.1/welcome/group/properties/overview.md) page is displayed. 3. On the **Members** tab, select the group members you want to remove and click **Remove**. 4. Save the changes. @@ -172,7 +178,7 @@ Follow the steps to add a group to the membership of another group (nesting). 2. Select the My Groups, **My Memberships**, or **My Expiring Groups** tab. 3. Select the group(s) to add to the membership of another group and click **Add to Group** on the toolbar. -4. On the [Find Dialog Box](/docs/directorymanager/11.1/portal/search/find.md), search and select the group to add members to it, +4. On the [Find Dialog Box](/docs/directorymanager/11.1/welcome/generalfeatures/find.md), search and select the group to add members to it, and click **OK**. ## Import members to a group @@ -188,11 +194,11 @@ Office 365 group. 2. Select the group you want to import members to, and click **Properties** on the toolbar. - The group's [Group Properties](/docs/directorymanager/11.1/portal/group/properties/overview.md) page is displayed. + The group's [Group Properties](/docs/directorymanager/11.1/welcome/group/properties/overview.md) page is displayed. -3. On the [Group properties - Members tab](/docs/directorymanager/11.1/portal/group/properties/members.md), click **Import** to launch the +3. On the [Group properties - Members tab](/docs/directorymanager/11.1/welcome/group/properties/members.md), click **Import** to launch the **Import Members** wizard. -4. See [Import Group Members](/docs/directorymanager/11.1/portal/group/properties/importmembers.md) for further information and +4. See [Import Group Members](/docs/directorymanager/11.1/welcome/group/properties/importmembers.md) for further information and instructions. 5. Save the changes. @@ -200,10 +206,10 @@ Office 365 group. You can export members of a group to an external file. -1. [Directory Search](/docs/directorymanager/11.1/portal/search/search.md) a group to export its members to an external file. +1. [Directory Search](/docs/directorymanager/11.1/welcome/generalfeatures/search.md) a group to export its members to an external file. 2. Select this group on the **Search Results** page and click **Properties** on the toolbar. - The group's [Group Properties](/docs/directorymanager/11.1/portal/group/properties/overview.md) page is displayed. + The group's [Group Properties](/docs/directorymanager/11.1/welcome/group/properties/overview.md) page is displayed. 3. On the **Members** tab, click **Export** to launch the **Export Members** wizard. 4. On the **Attributes** page: @@ -236,10 +242,10 @@ Microsoft Entra ID tenant to the membership of a group in your domain. Or - [Directory Search](/docs/directorymanager/11.1/portal/search/search.md) the group you want to invite a guest user to. + [Directory Search](/docs/directorymanager/11.1/welcome/generalfeatures/search.md) the group you want to invite a guest user to. 2. Select the required group from the list and click **Properties** on the toolbar. The group's - [Group Properties](/docs/directorymanager/11.1/portal/group/properties/overview.md) page is displayed. + [Group Properties](/docs/directorymanager/11.1/welcome/group/properties/overview.md) page is displayed. 3. On the **Members** tab, click the **Invite User** button. 4. On the **Invite User** dialog box, provide the following information: diff --git a/docs/directorymanager/11.1/portal/group/manage/groupownershipfunction.md b/docs/directorymanager/11.1/welcome/group/workingwithgroups/groupownershipfunction.md similarity index 86% rename from docs/directorymanager/11.1/portal/group/manage/groupownershipfunction.md rename to docs/directorymanager/11.1/welcome/group/workingwithgroups/groupownershipfunction.md index b2f202e4f2..3fcfe72c1c 100644 --- a/docs/directorymanager/11.1/portal/group/manage/groupownershipfunction.md +++ b/docs/directorymanager/11.1/welcome/group/workingwithgroups/groupownershipfunction.md @@ -1,3 +1,9 @@ +--- +title: "Group Ownership Functions" +description: "Group Ownership Functions" +sidebar_position: 50 +--- + # Group Ownership Functions The Directory Managerportal enables you to perform ownership related functions such as change @@ -60,11 +66,11 @@ Follow the steps to change a group's primary owner. 2. Select the required group and click **Properties** on the toolbar. 3. The group's properties page is displayed. -4. On the [Group properties - Owner tab](/docs/directorymanager/11.1/portal/group/properties/owner.md), the **Owner** box displays the +4. On the [Group properties - Owner tab](/docs/directorymanager/11.1/welcome/group/properties/owner.md), the **Owner** box displays the group's primary owner. To change the primary owner, click **Browse** to launch the - [Find Dialog Box](/docs/directorymanager/11.1/portal/search/find.md), where you can search and select another owner. + [Find Dialog Box](/docs/directorymanager/11.1/welcome/generalfeatures/find.md), where you can search and select another owner. 5. Save the changes. @@ -87,11 +93,11 @@ impact on the number of additional owners the group can have. The Groups page is displayed with the **My Groups** tab in view. 2. Select the required group and click **Properties** on the toolbar. -3. The group's [Group Properties](/docs/directorymanager/11.1/portal/group/properties/overview.md) page is displayed. -4. On the [Group properties - Owner tab](/docs/directorymanager/11.1/portal/group/properties/owner.md), click **Add** in the **Additional +3. The group's [Group Properties](/docs/directorymanager/11.1/welcome/group/properties/overview.md) page is displayed. +4. On the [Group properties - Owner tab](/docs/directorymanager/11.1/welcome/group/properties/owner.md), click **Add** in the **Additional Owners** area. 5. Enter a search string to locate the object to add as an additional owner, or click **Advanced** - to use the [Find Dialog Box](/docs/directorymanager/11.1/portal/search/find.md) for performing a search. + to use the [Find Dialog Box](/docs/directorymanager/11.1/welcome/generalfeatures/find.md) for performing a search. 6. By default, all group-related notifications (such as group expiry, deletion, and renewal notifications) are sent to the primary owner and all additional owners. To exclude an additional owner from receiving notifications, select the **Do not notify** check box. @@ -114,16 +120,16 @@ Follow the steps to import additional owners for a group. Or - [Directory Search](/docs/directorymanager/11.1/portal/search/search.md) a group to import its additional owners from an + [Directory Search](/docs/directorymanager/11.1/welcome/generalfeatures/search.md) a group to import its additional owners from an external file. 2. Select the required from the list. and click **Properties** on the toolbar. - The group's [Group Properties](/docs/directorymanager/11.1/portal/group/properties/overview.md) page is displayed. + The group's [Group Properties](/docs/directorymanager/11.1/welcome/group/properties/overview.md) page is displayed. -3. On the [Group properties - Owner tab](/docs/directorymanager/11.1/portal/group/properties/owner.md), click **Import** to launch the +3. On the [Group properties - Owner tab](/docs/directorymanager/11.1/welcome/group/properties/owner.md), click **Import** to launch the **Import Additional Owners** wizard. -4. See [Import Additional Owners](/docs/directorymanager/11.1/portal/group/properties/importadditionalowners.md) for further information +4. See [Import Additional Owners](/docs/directorymanager/11.1/welcome/group/properties/importadditionalowners.md) for further information and instructions. 5. Save the changes. @@ -137,12 +143,12 @@ You can export additional owners of a group to an external file. Or - [Directory Search](/docs/directorymanager/11.1/portal/search/search.md) a group to export its additional owners to an + [Directory Search](/docs/directorymanager/11.1/welcome/generalfeatures/search.md) a group to export its additional owners to an external file. 2. Select the group and click **Properties** on the toolbar. - The group's [Group Properties](/docs/directorymanager/11.1/portal/group/properties/overview.md) page is displayed. + The group's [Group Properties](/docs/directorymanager/11.1/welcome/group/properties/overview.md) page is displayed. 3. On the **Owner** tab, click **Export** to launch the **Export Additional Owners** wizard. 4. On the **Attributes** page: @@ -169,10 +175,10 @@ You can export additional owners of a group to an external file. Ownership type indicates whether an object is a temporary or permanent additional owner of a group. You can change the ownership type of an additional owner from temporary to permanent and vice versa. -1. [Directory Search](/docs/directorymanager/11.1/portal/search/search.md) a group to change the ownership type of its additional +1. [Directory Search](/docs/directorymanager/11.1/welcome/generalfeatures/search.md) a group to change the ownership type of its additional owner(s). 2. Select this group on the Search Results page and click **Properties** on the toolbar. -3. On the group's [Group Properties](/docs/directorymanager/11.1/portal/group/properties/overview.md) page, click the **Owner** tab. +3. On the group's [Group Properties](/docs/directorymanager/11.1/welcome/group/properties/overview.md) page, click the **Owner** tab. 4. To change the ownership type of an additional owner, click anywhere in the respective row to make it editable, and select an option from the **Ownership** list: @@ -246,10 +252,10 @@ Exchange additional group owners. The Groups page is displayed with the **My Groups** tab in view. 2. Select the required group and click **Properties** on the toolbar. -3. The group's [Group Properties](/docs/directorymanager/11.1/portal/group/properties/overview.md) page is displayed. +3. The group's [Group Properties](/docs/directorymanager/11.1/welcome/group/properties/overview.md) page is displayed. 4. On the **Email** tab, click **Add** in the **Managed By** area. 5. Enter a search string to locate the object to add as an Exchange additional owner, or click - **Advance** to use the [Find Dialog Box](/docs/directorymanager/11.1/portal/search/find.md) for performing a search. + **Advance** to use the [Find Dialog Box](/docs/directorymanager/11.1/welcome/generalfeatures/find.md) for performing a search. NOTE: Only mail-enabled users can be set as Exchange additional owners. diff --git a/docs/directorymanager/11.1/portal/group/manage/scheduleupdate.md b/docs/directorymanager/11.1/welcome/group/workingwithgroups/scheduleupdate.md similarity index 90% rename from docs/directorymanager/11.1/portal/group/manage/scheduleupdate.md rename to docs/directorymanager/11.1/welcome/group/workingwithgroups/scheduleupdate.md index c603247f0c..93123eed23 100644 --- a/docs/directorymanager/11.1/portal/group/manage/scheduleupdate.md +++ b/docs/directorymanager/11.1/welcome/group/workingwithgroups/scheduleupdate.md @@ -1,3 +1,9 @@ +--- +title: "Scheduled Updates Functions" +description: "Scheduled Updates Functions" +sidebar_position: 70 +--- + # Scheduled Updates Functions When a Smart Group or Dynasty is updated using a scheduled job, it involves the following: @@ -7,7 +13,7 @@ When a Smart Group or Dynasty is updated using a scheduled job, it involves the If the administrator has defined a Query Designer policy for your role, group membership is updated as per the defined policy. See the - [ Query Designer Policy](/docs/directorymanager/11.1/admincenter/securityrole/policy/querydesigner.md)topic for + [ Query Designer Policy](/docs/directorymanager/11.1/signin/securityrole/policy/querydesigner.md)topic for additional information. NOTE: Whatever the records returned by the query, the membership of an Office 365 group is @@ -46,10 +52,10 @@ In Directory Manager portal, you can perform the following functions for Smart G Or - [Directory Search](/docs/directorymanager/11.1/portal/search/search.md) the group you want to modify the query for. + [Directory Search](/docs/directorymanager/11.1/welcome/generalfeatures/search.md) the group you want to modify the query for. 2. Select the required Smart Group or Dynasty and click **Properties** on the toolbar. -3. Use the [Group properties - Smart Group/Query Designer tab](/docs/directorymanager/11.1/portal/group/properties/smartgroup.md) to view +3. Use the [Group properties - Smart Group/Query Designer tab](/docs/directorymanager/11.1/welcome/group/properties/smartgroup.md) to view the query defined for the group. Click the **Query Designer** button to launch the **Query Designer** dialog box, where you can @@ -75,12 +81,12 @@ membership update. Or - [Directory Search](/docs/directorymanager/11.1/portal/search/search.md) the group you want to associate a Smart Group Update + [Directory Search](/docs/directorymanager/11.1/welcome/generalfeatures/search.md) the group you want to associate a Smart Group Update job with. 2. Select the required Smart Group or Dynasty and click **Properties** on the toolbar. - The group's [Group Properties](/docs/directorymanager/11.1/portal/group/properties/overview.md) page is displayed. + The group's [Group Properties](/docs/directorymanager/11.1/welcome/group/properties/overview.md) page is displayed. 3. On the **Smart Group/Query Designer** tab, select a Smart Group Update job from the **Scheduled Job** list. diff --git a/docs/directorymanager/11.1/portal/group/manage/sendassendonbehalf.md b/docs/directorymanager/11.1/welcome/group/workingwithgroups/sendassendonbehalf.md similarity index 85% rename from docs/directorymanager/11.1/portal/group/manage/sendassendonbehalf.md rename to docs/directorymanager/11.1/welcome/group/workingwithgroups/sendassendonbehalf.md index 409b49924e..830b301279 100644 --- a/docs/directorymanager/11.1/portal/group/manage/sendassendonbehalf.md +++ b/docs/directorymanager/11.1/welcome/group/workingwithgroups/sendassendonbehalf.md @@ -1,3 +1,9 @@ +--- +title: "The Send As and Send on Behalf features" +description: "The Send As and Send on Behalf features" +sidebar_position: 30 +--- + # The Send As and Send on Behalf features The administrator can configure the Send As and Send on Behalf features for a Directory Manager @@ -16,7 +22,7 @@ when User B sends a message using User A’s address, the ‘From’ address wil `` on behalf of Mailbox ``. The administrator can provide the Send As and Send on Behalf features on any tab in -[Group Properties](/docs/directorymanager/11.1/portal/group/properties/overview.md). They are displayed as: +[Group Properties](/docs/directorymanager/11.1/welcome/group/properties/overview.md). They are displayed as: ![sendassendon](/img/product_docs/directorymanager/11.1/portal/group/manage/sendassendon.webp) diff --git a/docs/directorymanager/11.1/portal/group/manage/workingwithgroups.md b/docs/directorymanager/11.1/welcome/group/workingwithgroups/workingwithgroups.md similarity index 92% rename from docs/directorymanager/11.1/portal/group/manage/workingwithgroups.md rename to docs/directorymanager/11.1/welcome/group/workingwithgroups/workingwithgroups.md index ec22ba9824..348fa292dc 100644 --- a/docs/directorymanager/11.1/portal/group/manage/workingwithgroups.md +++ b/docs/directorymanager/11.1/welcome/group/workingwithgroups/workingwithgroups.md @@ -1,3 +1,9 @@ +--- +title: "Working with Groups" +description: "Working with Groups" +sidebar_position: 40 +--- + # Working with Groups A Directory Manager portal enables you to manage your directory groups in the identity store, so you @@ -15,7 +21,7 @@ General - [View groups managed by an object](generalfunction.md#view-groups-managed-by-an-object) - [Manage group access](generalfunction.md#manage-group-access) - [Set email delivery restrictions](generalfunction.md#set-email-delivery-restrictions) -- [The Send As and Send on Behalf features](/docs/directorymanager/11.1/portal/group/manage/sendassendonbehalf.md) +- [The Send As and Send on Behalf features](/docs/directorymanager/11.1/welcome/group/workingwithgroups/sendassendonbehalf.md) Group Membership @@ -60,12 +66,12 @@ Dynasties Group Expiry and Deletion -- [Group Expiry](/docs/directorymanager/11.1/portal/group/manage/groupexpiry.md) +- [Group Expiry](/docs/directorymanager/11.1/welcome/group/workingwithgroups/groupexpiry.md) - [Expire a group manually ](groupexpiryfunction.md#expire-a-group-manually) - [Change the expiry policy for a group](groupexpiryfunction.md#change-the-expiry-policy-for-a-group) - [Attest an expiring group](groupexpiryfunction.md#attest-an-expiring-group) - [Renew an expired group](groupexpiryfunction.md#renew-an-expired-group) -- [ Group Deletion](/docs/directorymanager/11.1/portal/group/manage/groupdeletion.md) +- [ Group Deletion](/docs/directorymanager/11.1/welcome/group/workingwithgroups/groupdeletion.md) Query Designer Policy for Groups diff --git a/docs/directorymanager/11.1/welcome/groupapis/_category_.json b/docs/directorymanager/11.1/welcome/groupapis/_category_.json new file mode 100644 index 0000000000..be10a7daf8 --- /dev/null +++ b/docs/directorymanager/11.1/welcome/groupapis/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Group APIs", + "position": 30, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "groupapis" + } +} \ No newline at end of file diff --git a/docs/directorymanager/11.1/api/group/createsmartgroup.md b/docs/directorymanager/11.1/welcome/groupapis/createsmartgroup.md similarity index 98% rename from docs/directorymanager/11.1/api/group/createsmartgroup.md rename to docs/directorymanager/11.1/welcome/groupapis/createsmartgroup.md index 94ebba110c..3a650df39e 100644 --- a/docs/directorymanager/11.1/api/group/createsmartgroup.md +++ b/docs/directorymanager/11.1/welcome/groupapis/createsmartgroup.md @@ -1,3 +1,9 @@ +--- +title: "Create a Smart Group" +description: "Create a Smart Group" +sidebar_position: 30 +--- + # Create a Smart Group Using this API, you can create a Smart Group in the identity store specified in the endpoint URL. diff --git a/docs/directorymanager/11.1/api/group/createsmartgroupentraid.md b/docs/directorymanager/11.1/welcome/groupapis/createsmartgroupentraid.md similarity index 99% rename from docs/directorymanager/11.1/api/group/createsmartgroupentraid.md rename to docs/directorymanager/11.1/welcome/groupapis/createsmartgroupentraid.md index dd48209807..83b4b20e7d 100644 --- a/docs/directorymanager/11.1/api/group/createsmartgroupentraid.md +++ b/docs/directorymanager/11.1/welcome/groupapis/createsmartgroupentraid.md @@ -1,3 +1,9 @@ +--- +title: "Create an Entra ID Smart Group" +description: "Create an Entra ID Smart Group" +sidebar_position: 40 +--- + # Create an Entra ID Smart Group Using this API you can create a Smart Group or a dynamic group in a Microsoft Entra ID identity diff --git a/docs/directorymanager/11.1/api/group/createstaticgroup.md b/docs/directorymanager/11.1/welcome/groupapis/createstaticgroup.md similarity index 96% rename from docs/directorymanager/11.1/api/group/createstaticgroup.md rename to docs/directorymanager/11.1/welcome/groupapis/createstaticgroup.md index 3663463cdb..4201b4c6d7 100644 --- a/docs/directorymanager/11.1/api/group/createstaticgroup.md +++ b/docs/directorymanager/11.1/welcome/groupapis/createstaticgroup.md @@ -1,3 +1,9 @@ +--- +title: "Create a Static Group" +description: "Create a Static Group" +sidebar_position: 10 +--- + # Create a Static Group Using this API, you can create a normal directory group, also called an unmanaged or static group, diff --git a/docs/directorymanager/11.1/api/group/createstaticgroupentraid.md b/docs/directorymanager/11.1/welcome/groupapis/createstaticgroupentraid.md similarity index 99% rename from docs/directorymanager/11.1/api/group/createstaticgroupentraid.md rename to docs/directorymanager/11.1/welcome/groupapis/createstaticgroupentraid.md index ac3ee7ec7d..5d71c32dbc 100644 --- a/docs/directorymanager/11.1/api/group/createstaticgroupentraid.md +++ b/docs/directorymanager/11.1/welcome/groupapis/createstaticgroupentraid.md @@ -1,3 +1,9 @@ +--- +title: "Create an Entra ID Static Group" +description: "Create an Entra ID Static Group" +sidebar_position: 20 +--- + # Create an Entra ID Static Group Using this API you can create a Static Group in a Microsoft Entra ID identity store. The following diff --git a/docs/directorymanager/11.1/api/group/deletegroup.md b/docs/directorymanager/11.1/welcome/groupapis/deletegroup.md similarity index 86% rename from docs/directorymanager/11.1/api/group/deletegroup.md rename to docs/directorymanager/11.1/welcome/groupapis/deletegroup.md index ff7af65e82..6e2b548168 100644 --- a/docs/directorymanager/11.1/api/group/deletegroup.md +++ b/docs/directorymanager/11.1/welcome/groupapis/deletegroup.md @@ -1,3 +1,9 @@ +--- +title: "Delete a Group" +description: "Delete a Group" +sidebar_position: 50 +--- + # Delete a Group Use this API to delete a group from an identity store. diff --git a/docs/directorymanager/11.1/api/group/deletegroups.md b/docs/directorymanager/11.1/welcome/groupapis/deletegroups.md similarity index 95% rename from docs/directorymanager/11.1/api/group/deletegroups.md rename to docs/directorymanager/11.1/welcome/groupapis/deletegroups.md index 4b4dec4fd8..d1234b3bc4 100644 --- a/docs/directorymanager/11.1/api/group/deletegroups.md +++ b/docs/directorymanager/11.1/welcome/groupapis/deletegroups.md @@ -1,3 +1,9 @@ +--- +title: "Delete Groups" +description: "Delete Groups" +sidebar_position: 60 +--- + # Delete Groups The Delete Groups API deletes multiple groups from an identity store. diff --git a/docs/directorymanager/11.1/api/group/expiregroup.md b/docs/directorymanager/11.1/welcome/groupapis/expiregroup.md similarity index 87% rename from docs/directorymanager/11.1/api/group/expiregroup.md rename to docs/directorymanager/11.1/welcome/groupapis/expiregroup.md index 893e540345..389dbd16d5 100644 --- a/docs/directorymanager/11.1/api/group/expiregroup.md +++ b/docs/directorymanager/11.1/welcome/groupapis/expiregroup.md @@ -1,3 +1,9 @@ +--- +title: "Expire a Group" +description: "Expire a Group" +sidebar_position: 70 +--- + # Expire a Group This API expires the group whose identity is provided in the endpoint URL. diff --git a/docs/directorymanager/11.1/api/group/expiregroups.md b/docs/directorymanager/11.1/welcome/groupapis/expiregroups.md similarity index 96% rename from docs/directorymanager/11.1/api/group/expiregroups.md rename to docs/directorymanager/11.1/welcome/groupapis/expiregroups.md index 89e0949009..df80865519 100644 --- a/docs/directorymanager/11.1/api/group/expiregroups.md +++ b/docs/directorymanager/11.1/welcome/groupapis/expiregroups.md @@ -1,3 +1,9 @@ +--- +title: "Expire Groups" +description: "Expire Groups" +sidebar_position: 80 +--- + # Expire Groups This API expires multiple groups whose identities are provided in the request body. diff --git a/docs/directorymanager/11.1/api/group/getgroup.md b/docs/directorymanager/11.1/welcome/groupapis/getgroup.md similarity index 98% rename from docs/directorymanager/11.1/api/group/getgroup.md rename to docs/directorymanager/11.1/welcome/groupapis/getgroup.md index 2f84c59f47..f22963c756 100644 --- a/docs/directorymanager/11.1/api/group/getgroup.md +++ b/docs/directorymanager/11.1/welcome/groupapis/getgroup.md @@ -1,3 +1,9 @@ +--- +title: "Get a Group" +description: "Get a Group" +sidebar_position: 90 +--- + # Get a Group This Get Group API retrieves details of a specified group. diff --git a/docs/directorymanager/11.1/api/group/getgroups.md b/docs/directorymanager/11.1/welcome/groupapis/getgroups.md similarity index 99% rename from docs/directorymanager/11.1/api/group/getgroups.md rename to docs/directorymanager/11.1/welcome/groupapis/getgroups.md index da5883e0b2..b5ceb391cd 100644 --- a/docs/directorymanager/11.1/api/group/getgroups.md +++ b/docs/directorymanager/11.1/welcome/groupapis/getgroups.md @@ -1,3 +1,9 @@ +--- +title: "Get Groups" +description: "Get Groups" +sidebar_position: 100 +--- + # Get Groups Using this API, you can fetch multiple groups from an identity store. diff --git a/docs/directorymanager/11.1/welcome/groupapis/groupapis.md b/docs/directorymanager/11.1/welcome/groupapis/groupapis.md new file mode 100644 index 0000000000..07c037071d --- /dev/null +++ b/docs/directorymanager/11.1/welcome/groupapis/groupapis.md @@ -0,0 +1,31 @@ +--- +title: "Group APIs" +description: "Group APIs" +sidebar_position: 30 +--- + +# Group APIs + +Directory Manager provides the following APIs for performing group-specific functions: + +- [Create a Static Group](/docs/directorymanager/11.1/welcome/groupapis/createstaticgroup.md) +- [Create an Entra ID Static Group](/docs/directorymanager/11.1/welcome/groupapis/createstaticgroupentraid.md) +- [Create a Smart Group](/docs/directorymanager/11.1/welcome/groupapis/createsmartgroup.md) +- [Create an Entra ID Smart Group](/docs/directorymanager/11.1/welcome/groupapis/createsmartgroupentraid.md) +- [Delete a Group](/docs/directorymanager/11.1/welcome/groupapis/deletegroup.md) +- [Delete Groups](/docs/directorymanager/11.1/welcome/groupapis/deletegroups.md) +- [Expire a Group](/docs/directorymanager/11.1/welcome/groupapis/expiregroup.md) +- [Expire Groups](/docs/directorymanager/11.1/welcome/groupapis/expiregroups.md) +- [Get a Group](/docs/directorymanager/11.1/welcome/groupapis/getgroup.md) +- [Get Groups](/docs/directorymanager/11.1/welcome/groupapis/getgroups.md) +- [Join a Group](/docs/directorymanager/11.1/welcome/groupapis/joingroup.md) +- [Join a Group on behalf of another user](/docs/directorymanager/11.1/welcome/groupapis/joingrouponbehalf.md) +- [Leave a Group](/docs/directorymanager/11.1/welcome/groupapis/leavegroup.md) +- [Leave a Group on behalf of another user](/docs/directorymanager/11.1/welcome/groupapis/leavegrouponbehalf.md) +- [Get Preview of a Smart Group Membership](/docs/directorymanager/11.1/welcome/groupapis/previewmembership.md) +- [Renew a Group](/docs/directorymanager/11.1/welcome/groupapis/renewgroup.md) +- [Renew Groups](/docs/directorymanager/11.1/welcome/groupapis/renewgroups.md) +- [Update a Group](/docs/directorymanager/11.1/welcome/groupapis/updategroup.md) +- [Update Groups](/docs/directorymanager/11.1/welcome/groupapis/updategroups.md) +- [Update a Smart Group](/docs/directorymanager/11.1/welcome/groupapis/updatesmartgroup.md) +- [Update Smart Groups](/docs/directorymanager/11.1/welcome/groupapis/updatesmartgroups.md) diff --git a/docs/directorymanager/11.1/api/group/joingroup.md b/docs/directorymanager/11.1/welcome/groupapis/joingroup.md similarity index 94% rename from docs/directorymanager/11.1/api/group/joingroup.md rename to docs/directorymanager/11.1/welcome/groupapis/joingroup.md index 322e6e3911..b1a1373e30 100644 --- a/docs/directorymanager/11.1/api/group/joingroup.md +++ b/docs/directorymanager/11.1/welcome/groupapis/joingroup.md @@ -1,3 +1,9 @@ +--- +title: "Join a Group" +description: "Join a Group" +sidebar_position: 110 +--- + # Join a Group Using this API, you can join a group as per the specified membership type. diff --git a/docs/directorymanager/11.1/api/group/joingrouponbehalf.md b/docs/directorymanager/11.1/welcome/groupapis/joingrouponbehalf.md similarity index 92% rename from docs/directorymanager/11.1/api/group/joingrouponbehalf.md rename to docs/directorymanager/11.1/welcome/groupapis/joingrouponbehalf.md index 6b608fa99d..80babd35f3 100644 --- a/docs/directorymanager/11.1/api/group/joingrouponbehalf.md +++ b/docs/directorymanager/11.1/welcome/groupapis/joingrouponbehalf.md @@ -1,3 +1,9 @@ +--- +title: "Join a Group on behalf of another user" +description: "Join a Group on behalf of another user" +sidebar_position: 120 +--- + # Join a Group on behalf of another user Using this API, you can join the group specified in the endpoint URL on behalf of another user. You diff --git a/docs/directorymanager/11.1/api/group/leavegroup.md b/docs/directorymanager/11.1/welcome/groupapis/leavegroup.md similarity index 94% rename from docs/directorymanager/11.1/api/group/leavegroup.md rename to docs/directorymanager/11.1/welcome/groupapis/leavegroup.md index 69079abce1..a2e65ba1f3 100644 --- a/docs/directorymanager/11.1/api/group/leavegroup.md +++ b/docs/directorymanager/11.1/welcome/groupapis/leavegroup.md @@ -1,3 +1,9 @@ +--- +title: "Leave a Group" +description: "Leave a Group" +sidebar_position: 130 +--- + # Leave a Group Using this API, you can leave a group according to the parameters specified in the body, such as diff --git a/docs/directorymanager/11.1/api/group/leavegrouponbehalf.md b/docs/directorymanager/11.1/welcome/groupapis/leavegrouponbehalf.md similarity index 92% rename from docs/directorymanager/11.1/api/group/leavegrouponbehalf.md rename to docs/directorymanager/11.1/welcome/groupapis/leavegrouponbehalf.md index f2e0e55a3a..81a7bace4c 100644 --- a/docs/directorymanager/11.1/api/group/leavegrouponbehalf.md +++ b/docs/directorymanager/11.1/welcome/groupapis/leavegrouponbehalf.md @@ -1,3 +1,9 @@ +--- +title: "Leave a Group on behalf of another user" +description: "Leave a Group on behalf of another user" +sidebar_position: 140 +--- + # Leave a Group on behalf of another user Using this API, you can leave a group on behalf of another user. You have to specify the identity diff --git a/docs/directorymanager/11.1/api/group/previewmembership.md b/docs/directorymanager/11.1/welcome/groupapis/previewmembership.md similarity index 98% rename from docs/directorymanager/11.1/api/group/previewmembership.md rename to docs/directorymanager/11.1/welcome/groupapis/previewmembership.md index 714857a4e5..9960a85b1f 100644 --- a/docs/directorymanager/11.1/api/group/previewmembership.md +++ b/docs/directorymanager/11.1/welcome/groupapis/previewmembership.md @@ -1,3 +1,9 @@ +--- +title: "Get Preview of a Smart Group Membership" +description: "Get Preview of a Smart Group Membership" +sidebar_position: 150 +--- + # Get Preview of a Smart Group Membership Using this API, you can preview membership changes that will occur in a Smart Group membership as diff --git a/docs/directorymanager/11.1/api/group/renewgroup.md b/docs/directorymanager/11.1/welcome/groupapis/renewgroup.md similarity index 87% rename from docs/directorymanager/11.1/api/group/renewgroup.md rename to docs/directorymanager/11.1/welcome/groupapis/renewgroup.md index 1836029c76..dfdf0929b3 100644 --- a/docs/directorymanager/11.1/api/group/renewgroup.md +++ b/docs/directorymanager/11.1/welcome/groupapis/renewgroup.md @@ -1,3 +1,9 @@ +--- +title: "Renew a Group" +description: "Renew a Group" +sidebar_position: 160 +--- + # Renew a Group It renews a group, identity of which is provided in the endpoint URL. diff --git a/docs/directorymanager/11.1/api/group/renewgroups.md b/docs/directorymanager/11.1/welcome/groupapis/renewgroups.md similarity index 96% rename from docs/directorymanager/11.1/api/group/renewgroups.md rename to docs/directorymanager/11.1/welcome/groupapis/renewgroups.md index 134b992979..09f962e91b 100644 --- a/docs/directorymanager/11.1/api/group/renewgroups.md +++ b/docs/directorymanager/11.1/welcome/groupapis/renewgroups.md @@ -1,3 +1,9 @@ +--- +title: "Renew Groups" +description: "Renew Groups" +sidebar_position: 170 +--- + # Renew Groups This API renews multiple groups, identities of which are provided in the request body. diff --git a/docs/directorymanager/11.1/api/group/updategroup.md b/docs/directorymanager/11.1/welcome/groupapis/updategroup.md similarity index 96% rename from docs/directorymanager/11.1/api/group/updategroup.md rename to docs/directorymanager/11.1/welcome/groupapis/updategroup.md index b36eac720d..b1fa2c815e 100644 --- a/docs/directorymanager/11.1/api/group/updategroup.md +++ b/docs/directorymanager/11.1/welcome/groupapis/updategroup.md @@ -1,3 +1,9 @@ +--- +title: "Update a Group" +description: "Update a Group" +sidebar_position: 180 +--- + # Update a Group Using this API, you can update a group's details. diff --git a/docs/directorymanager/11.1/api/group/updategroups.md b/docs/directorymanager/11.1/welcome/groupapis/updategroups.md similarity index 98% rename from docs/directorymanager/11.1/api/group/updategroups.md rename to docs/directorymanager/11.1/welcome/groupapis/updategroups.md index 9d28545692..3af3cd0450 100644 --- a/docs/directorymanager/11.1/api/group/updategroups.md +++ b/docs/directorymanager/11.1/welcome/groupapis/updategroups.md @@ -1,3 +1,9 @@ +--- +title: "Update Groups" +description: "Update Groups" +sidebar_position: 190 +--- + # Update Groups Using this API, you can update multiple groups. diff --git a/docs/directorymanager/11.1/api/group/updatesmartgroup.md b/docs/directorymanager/11.1/welcome/groupapis/updatesmartgroup.md similarity index 86% rename from docs/directorymanager/11.1/api/group/updatesmartgroup.md rename to docs/directorymanager/11.1/welcome/groupapis/updatesmartgroup.md index acf3e369f5..91eb38db86 100644 --- a/docs/directorymanager/11.1/api/group/updatesmartgroup.md +++ b/docs/directorymanager/11.1/welcome/groupapis/updatesmartgroup.md @@ -1,3 +1,9 @@ +--- +title: "Update a Smart Group" +description: "Update a Smart Group" +sidebar_position: 200 +--- + # Update a Smart Group This API updates a Smart Group, identity of which is provided in the endpoint URL. diff --git a/docs/directorymanager/11.1/api/group/updatesmartgroups.md b/docs/directorymanager/11.1/welcome/groupapis/updatesmartgroups.md similarity index 91% rename from docs/directorymanager/11.1/api/group/updatesmartgroups.md rename to docs/directorymanager/11.1/welcome/groupapis/updatesmartgroups.md index 4dded185e9..2a3433c5e6 100644 --- a/docs/directorymanager/11.1/api/group/updatesmartgroups.md +++ b/docs/directorymanager/11.1/welcome/groupapis/updatesmartgroups.md @@ -1,3 +1,9 @@ +--- +title: "Update Smart Groups" +description: "Update Smart Groups" +sidebar_position: 210 +--- + # Update Smart Groups This API updates multiple Smart Groups whose identities are provided in the request body. diff --git a/docs/directorymanager/11.1/welcome/history/_category_.json b/docs/directorymanager/11.1/welcome/history/_category_.json new file mode 100644 index 0000000000..7afd4779cc --- /dev/null +++ b/docs/directorymanager/11.1/welcome/history/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "History", + "position": 100, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/directorymanager/11.1/portal/history/mydirectorygroup.md b/docs/directorymanager/11.1/welcome/history/mydirectorygroup.md similarity index 94% rename from docs/directorymanager/11.1/portal/history/mydirectorygroup.md rename to docs/directorymanager/11.1/welcome/history/mydirectorygroup.md index 7ba3a0b8ec..129ac2c4b2 100644 --- a/docs/directorymanager/11.1/portal/history/mydirectorygroup.md +++ b/docs/directorymanager/11.1/welcome/history/mydirectorygroup.md @@ -1,3 +1,9 @@ +--- +title: "My Groups' History" +description: "My Groups' History" +sidebar_position: 30 +--- + # My Groups' History To view a detailed list of the actions that you have performed on the groups that you own using the @@ -80,7 +86,7 @@ edit or add comments. ### Add a note The option to add a note is available on the My Account History card on Dashboard, and all History -pages i.e.[My History](/docs/directorymanager/11.1/portal/history/myhistory.md), [My Direct Reports' History](/docs/directorymanager/11.1/portal/history/mydirectreport.md) and My Groups' +pages i.e.[My History](/docs/directorymanager/11.1/welcome/history/myhistory.md), [My Direct Reports' History](/docs/directorymanager/11.1/welcome/history/mydirectreport.md) and My Groups' History pages. Step 8 – Click the **Add Note** button next to a history item to add a note to it. diff --git a/docs/directorymanager/11.1/portal/history/mydirectreport.md b/docs/directorymanager/11.1/welcome/history/mydirectreport.md similarity index 93% rename from docs/directorymanager/11.1/portal/history/mydirectreport.md rename to docs/directorymanager/11.1/welcome/history/mydirectreport.md index ea7e3edf5d..3e3308ea49 100644 --- a/docs/directorymanager/11.1/portal/history/mydirectreport.md +++ b/docs/directorymanager/11.1/welcome/history/mydirectreport.md @@ -1,3 +1,9 @@ +--- +title: "My Direct Reports' History" +description: "My Direct Reports' History" +sidebar_position: 20 +--- + # My Direct Reports' History To view the history of updates and changes made to your direct reports, click **History** on the @@ -81,8 +87,8 @@ edit or add comments. ### Add a note The option to add a note is available on the My Account History card on Dashboard, and all History -pages i.e.[My History](/docs/directorymanager/11.1/portal/history/myhistory.md), My Direct Reports' History and -[My Groups' History](/docs/directorymanager/11.1/portal/history/mydirectorygroup.md) pages. +pages i.e.[My History](/docs/directorymanager/11.1/welcome/history/myhistory.md), My Direct Reports' History and +[My Groups' History](/docs/directorymanager/11.1/welcome/history/mydirectorygroup.md) pages. Step 8 – Click the **Add Note** button next to a history item to add a note to it. diff --git a/docs/directorymanager/11.1/portal/history/myhistory.md b/docs/directorymanager/11.1/welcome/history/myhistory.md similarity index 94% rename from docs/directorymanager/11.1/portal/history/myhistory.md rename to docs/directorymanager/11.1/welcome/history/myhistory.md index 64c20a52f3..73d9c2e5e6 100644 --- a/docs/directorymanager/11.1/portal/history/myhistory.md +++ b/docs/directorymanager/11.1/welcome/history/myhistory.md @@ -1,3 +1,9 @@ +--- +title: "My History" +description: "My History" +sidebar_position: 10 +--- + # My History To view a log of all actions you have performed in the identity store using the following: , click @@ -69,8 +75,8 @@ edit or add comments. ### Add a note The option to add a note is available on the My Account History card on Dashboard, and all History -pages i.e.My History, [My Direct Reports' History](/docs/directorymanager/11.1/portal/history/mydirectreport.md) and -[My Groups' History](/docs/directorymanager/11.1/portal/history/mydirectorygroup.md) pages. +pages i.e.My History, [My Direct Reports' History](/docs/directorymanager/11.1/welcome/history/mydirectreport.md) and +[My Groups' History](/docs/directorymanager/11.1/welcome/history/mydirectorygroup.md) pages. Step 7 – Click the **Add Note** button next to a history item to add a note to it. diff --git a/docs/directorymanager/11.1/welcome/history/overview.md b/docs/directorymanager/11.1/welcome/history/overview.md new file mode 100644 index 0000000000..6bb2a6091d --- /dev/null +++ b/docs/directorymanager/11.1/welcome/history/overview.md @@ -0,0 +1,57 @@ +--- +title: "History" +description: "History" +sidebar_position: 100 +--- + +# History + +The Directory Manager portal maintains a log of actions when objects are created, modified, and +deleted in the portal provided that the Directory Manager administrator has enabled history tracking +for the identity store. Directory Manager portal also tracks all actions that are committed to the +directory using: + +- Directory Manager Management Shell cmdlets +- Directory Manager APIs + +The administrator can configure the following for history tracking: + +- track all or specific events +- retain history data forever or for a specified duration + +Therefore, history data represents only the events that history-tracking is configured to track. +Furthermore, if history-tracking is not enabled or has been recently disabled for the identity +store, the portal does not display history data or it displays data that was logged before +history-tracking was turned off. + +A user can add a note to a history action that he/she performed. Other users can just view that +note. This note may explain the reason for performing that action. See the +[Configure History Tracking](/docs/directorymanager/11.1/signin/identitystore/configure/historytracking.md) +topic. + +## History views in the portal + +The Directory Manager Portal displays history as below: + +- **My Account History** on the portal's dashboard + Displays a list of actions performed by the logged-on user. +- The **History** tab in group / user / mailbox / contact properties. + Displays the actions performed on the object by different users. +- The [My History](/docs/directorymanager/11.1/welcome/history/myhistory.md) page. + Displays the actions performed by the logged-on user and any changes made to this user's profile + by another user. +- The [My Direct Reports' History](/docs/directorymanager/11.1/welcome/history/mydirectreport.md) page. + Displays the changes made to the logged-on user's direct reports by this user or by any other + user. +- The [My Groups' History](/docs/directorymanager/11.1/welcome/history/mydirectorygroup.md) page. + Displays the changes made by the logged-on user to a group that they own. + +Use the **History items to display on home page** setting on the User Settings panel to specify the +number of history items to display on Dashboard. + +Use the **History items to display** setting on the User Settings panel to specify the number of +history items to display on the History tab, My History page, My Direct Reports History page, and My +Groups History page. + +Use the **Most recent objects** setting on the User Settings panel to specify the number of recent +objects to show on the **My Account History** card on Dashboard. diff --git a/docs/directorymanager/11.1/welcome/jobsapis/_category_.json b/docs/directorymanager/11.1/welcome/jobsapis/_category_.json new file mode 100644 index 0000000000..8627317e7f --- /dev/null +++ b/docs/directorymanager/11.1/welcome/jobsapis/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Synchronize Jobs APIs", + "position": 60, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "jobsapis" + } +} \ No newline at end of file diff --git a/docs/directorymanager/11.1/api/syncjobs/createjob.md b/docs/directorymanager/11.1/welcome/jobsapis/createjob.md similarity index 98% rename from docs/directorymanager/11.1/api/syncjobs/createjob.md rename to docs/directorymanager/11.1/welcome/jobsapis/createjob.md index 95236acffa..e6c3010947 100644 --- a/docs/directorymanager/11.1/api/syncjobs/createjob.md +++ b/docs/directorymanager/11.1/welcome/jobsapis/createjob.md @@ -1,9 +1,15 @@ +--- +title: "Create a New Job" +description: "Create a New Job" +sidebar_position: 10 +--- + # Create a New Job Use this API to create a new Synchronize job which is a set of sequential commands that run in the background to move data from one data source to another data source. -See the [Create a Job](/docs/directorymanager/11.1/portal/synchronize/job/create.md) topic for more information about +See the [Create a Job](/docs/directorymanager/11.1/welcome/synchronize/create/create.md) topic for more information about creating a job. ## Endpoint diff --git a/docs/directorymanager/11.1/api/syncjobs/createnewjobcollection.md b/docs/directorymanager/11.1/welcome/jobsapis/createnewjobcollection.md similarity index 99% rename from docs/directorymanager/11.1/api/syncjobs/createnewjobcollection.md rename to docs/directorymanager/11.1/welcome/jobsapis/createnewjobcollection.md index 00c473ade9..daf1f827db 100644 --- a/docs/directorymanager/11.1/api/syncjobs/createnewjobcollection.md +++ b/docs/directorymanager/11.1/welcome/jobsapis/createnewjobcollection.md @@ -1,9 +1,15 @@ +--- +title: "Create a New Job Collection" +description: "Create a New Job Collection" +sidebar_position: 20 +--- + # Create a New Job Collection Using this API you can create a new job collection which is a group of individual jobs that run in a particular order. -See the [Create a Job Collection ](/docs/directorymanager/11.1/portal/synchronize/collection/create.md)topic for +See the [Create a Job Collection ](/docs/directorymanager/11.1/welcome/synchronize/create/create_1.md)topic for additional information on the Job collection. ## Endpoint diff --git a/docs/directorymanager/11.1/welcome/jobsapis/deletejob.md b/docs/directorymanager/11.1/welcome/jobsapis/deletejob.md new file mode 100644 index 0000000000..43baf06fab --- /dev/null +++ b/docs/directorymanager/11.1/welcome/jobsapis/deletejob.md @@ -0,0 +1,39 @@ +--- +title: "Delete Jobs" +description: "Delete Jobs" +sidebar_position: 30 +--- + +# Delete Jobs + +After creating job, you can modify a job or even delete a job if it is no more required. Use this +API to delete job(s) specified in the end point URL. + +See the [Deleting a Job](/docs/directorymanager/11.1/welcome/synchronize/manage/job.md#deleting-a-job) section of the +[Manage a Job](/docs/directorymanager/11.1/welcome/synchronize/manage/job.md) topic for additional information. + +## Endpoint + +https://machinename:4443/GroupIDDataService/api/DataSyncJobs?jobids=1&jobids=2 + +## HTTP Method + +DELETE + +#### Sample Response Syntax + +``` +{ +    "name": null, +    "type": 7, +    "status": 0, +    "message": null, +    "data": null, +    "identityStoreObject": null, +    "details": [], +    "currentDirectoryServer": null, +    "errorCode": null, +    "exceptionMessagesAttributeWise": null, +    "isResyncAble": true +} +``` diff --git a/docs/directorymanager/11.1/welcome/jobsapis/deletejobcollections.md b/docs/directorymanager/11.1/welcome/jobsapis/deletejobcollections.md new file mode 100644 index 0000000000..5d27ee7c9d --- /dev/null +++ b/docs/directorymanager/11.1/welcome/jobsapis/deletejobcollections.md @@ -0,0 +1,40 @@ +--- +title: "Delete Job Collections" +description: "Delete Job Collections" +sidebar_position: 40 +--- + +# Delete Job Collections + +Use this API to delete job collections specified in the end point URL. + +See the +[Delete a Job Collection](/docs/directorymanager/11.1/welcome/synchronize/manage/jobcollection.md#delete-a-job-collection) +section of the [Manage a Job Collection ](/docs/directorymanager/11.1/welcome/synchronize/manage/jobcollection.md) topic +for additional information on job collection. + +## Endpoint + +https://machinename:4443/GroupIDDataService/api/DataSyncJobs/Collections?jobids=1&jobids=2 + +## HTTP Method + +DELETE + +#### Sample Response Syntax + +``` +{ +    "name": null, +    "type": 7, +    "status": 0, +    "message": null, +    "data": null, +    "identityStoreObject": null, +    "details": [], +    "currentDirectoryServer": null, +    "errorCode": null, +    "exceptionMessagesAttributeWise": null, +    "isResyncAble": true +} +``` diff --git a/docs/directorymanager/11.1/api/syncjobs/getcollectionsdetails.md b/docs/directorymanager/11.1/welcome/jobsapis/getcollectionsdetails.md similarity index 93% rename from docs/directorymanager/11.1/api/syncjobs/getcollectionsdetails.md rename to docs/directorymanager/11.1/welcome/jobsapis/getcollectionsdetails.md index e9f4e10c1d..ad59cfb4a1 100644 --- a/docs/directorymanager/11.1/api/syncjobs/getcollectionsdetails.md +++ b/docs/directorymanager/11.1/welcome/jobsapis/getcollectionsdetails.md @@ -1,9 +1,15 @@ +--- +title: "Get Job Collections Details" +description: "Get Job Collections Details" +sidebar_position: 50 +--- + # Get Job Collections Details Use this API to retrieve information about jobs within a job collection based on the criteria provided in the request syntax. -See the [Create a Job Collection ](/docs/directorymanager/11.1/portal/synchronize/collection/create.md)topic for +See the [Create a Job Collection ](/docs/directorymanager/11.1/welcome/synchronize/create/create_1.md)topic for additional information on Job Collections. ## Endpoint diff --git a/docs/directorymanager/11.1/api/syncjobs/getjcdetailsbyjcid.md b/docs/directorymanager/11.1/welcome/jobsapis/getjcdetailsbyjcid.md similarity index 99% rename from docs/directorymanager/11.1/api/syncjobs/getjcdetailsbyjcid.md rename to docs/directorymanager/11.1/welcome/jobsapis/getjcdetailsbyjcid.md index b621c771b8..c305dfb143 100644 --- a/docs/directorymanager/11.1/api/syncjobs/getjcdetailsbyjcid.md +++ b/docs/directorymanager/11.1/welcome/jobsapis/getjcdetailsbyjcid.md @@ -1,9 +1,15 @@ +--- +title: "Get Job Collection Details By Job Collection ID" +description: "Get Job Collection Details By Job Collection ID" +sidebar_position: 60 +--- + # Get Job Collection Details By Job Collection ID Using this API you can retrieve information about a job collection ID of which is given in the endpoint URL. -See the [Create a Job Collection ](/docs/directorymanager/11.1/portal/synchronize/collection/create.md)topic for +See the [Create a Job Collection ](/docs/directorymanager/11.1/welcome/synchronize/create/create_1.md)topic for additional information. ## Endpoint diff --git a/docs/directorymanager/11.1/api/syncjobs/getjobcollections.md b/docs/directorymanager/11.1/welcome/jobsapis/getjobcollections.md similarity index 91% rename from docs/directorymanager/11.1/api/syncjobs/getjobcollections.md rename to docs/directorymanager/11.1/welcome/jobsapis/getjobcollections.md index ebc3c58c19..445efce06a 100644 --- a/docs/directorymanager/11.1/api/syncjobs/getjobcollections.md +++ b/docs/directorymanager/11.1/welcome/jobsapis/getjobcollections.md @@ -1,9 +1,15 @@ +--- +title: "Get Job Collections" +description: "Get Job Collections" +sidebar_position: 70 +--- + # Get Job Collections Use this API to retrieve information of job collection(s) based on filters provided in the request syntax. -See the [Create a Job Collection ](/docs/directorymanager/11.1/portal/synchronize/collection/create.md)topic for +See the [Create a Job Collection ](/docs/directorymanager/11.1/welcome/synchronize/create/create_1.md)topic for additional information on job collections. ## Endpoint diff --git a/docs/directorymanager/11.1/api/syncjobs/getjobs.md b/docs/directorymanager/11.1/welcome/jobsapis/getjobs.md similarity index 97% rename from docs/directorymanager/11.1/api/syncjobs/getjobs.md rename to docs/directorymanager/11.1/welcome/jobsapis/getjobs.md index 97bdb4478e..b1e11ad59b 100644 --- a/docs/directorymanager/11.1/api/syncjobs/getjobs.md +++ b/docs/directorymanager/11.1/welcome/jobsapis/getjobs.md @@ -1,3 +1,9 @@ +--- +title: "Get Jobs" +description: "Get Jobs" +sidebar_position: 80 +--- + # Get Jobs Use this API to get information about jobs based on the filters provided in the request syntax. diff --git a/docs/directorymanager/11.1/api/syncjobs/getjobsdetails.md b/docs/directorymanager/11.1/welcome/jobsapis/getjobsdetails.md similarity index 99% rename from docs/directorymanager/11.1/api/syncjobs/getjobsdetails.md rename to docs/directorymanager/11.1/welcome/jobsapis/getjobsdetails.md index 8eff96802c..7d50f8faea 100644 --- a/docs/directorymanager/11.1/api/syncjobs/getjobsdetails.md +++ b/docs/directorymanager/11.1/welcome/jobsapis/getjobsdetails.md @@ -1,3 +1,9 @@ +--- +title: "Get a Job Details" +description: "Get a Job Details" +sidebar_position: 90 +--- + # Get a Job Details Use this API to get details of a job specified in endpoint URL. diff --git a/docs/directorymanager/11.1/api/syncjobs/getjobsname.md b/docs/directorymanager/11.1/welcome/jobsapis/getjobsname.md similarity index 91% rename from docs/directorymanager/11.1/api/syncjobs/getjobsname.md rename to docs/directorymanager/11.1/welcome/jobsapis/getjobsname.md index b5042df72e..1e92bc2a3b 100644 --- a/docs/directorymanager/11.1/api/syncjobs/getjobsname.md +++ b/docs/directorymanager/11.1/welcome/jobsapis/getjobsname.md @@ -1,3 +1,9 @@ +--- +title: "Get Jobs Names" +description: "Get Jobs Names" +sidebar_position: 100 +--- + # Get Jobs Names Using this API you can get a list of job names both predefined and user created. diff --git a/docs/directorymanager/11.1/welcome/jobsapis/jobsapis.md b/docs/directorymanager/11.1/welcome/jobsapis/jobsapis.md new file mode 100644 index 0000000000..bfb36c4d0e --- /dev/null +++ b/docs/directorymanager/11.1/welcome/jobsapis/jobsapis.md @@ -0,0 +1,23 @@ +--- +title: "Synchronize Jobs APIs" +description: "Synchronize Jobs APIs" +sidebar_position: 60 +--- + +# Synchronize Jobs APIs + +Directory Manager Synchronize is used for transferring data from one data source to another. The +data sources may include directory servers, databases or files. The following APIs can be used for +performing Synchronize jobs-specific functions: + +- [Create a New Job](/docs/directorymanager/11.1/welcome/jobsapis/createjob.md) +- [Create a New Job Collection](/docs/directorymanager/11.1/welcome/jobsapis/createnewjobcollection.md) +- [Delete Jobs](/docs/directorymanager/11.1/welcome/jobsapis/deletejob.md) +- [Delete Job Collections](/docs/directorymanager/11.1/welcome/jobsapis/deletejobcollections.md) +- [Get Job Collections Details](/docs/directorymanager/11.1/welcome/jobsapis/getcollectionsdetails.md) +- [Get Job Collection Details By Job Collection ID](/docs/directorymanager/11.1/welcome/jobsapis/getjcdetailsbyjcid.md) +- [Get Jobs](/docs/directorymanager/11.1/welcome/jobsapis/getjobs.md) +- [Get Job Collections](/docs/directorymanager/11.1/welcome/jobsapis/getjobcollections.md) +- [Get a Job Details](/docs/directorymanager/11.1/welcome/jobsapis/getjobsdetails.md) +- [Get Jobs Names ](/docs/directorymanager/11.1/welcome/jobsapis/getjobsname.md) +- [Update a Job Collection](/docs/directorymanager/11.1/welcome/jobsapis/updatjobcollection.md) diff --git a/docs/directorymanager/11.1/api/syncjobs/updatjobcollection.md b/docs/directorymanager/11.1/welcome/jobsapis/updatjobcollection.md similarity index 99% rename from docs/directorymanager/11.1/api/syncjobs/updatjobcollection.md rename to docs/directorymanager/11.1/welcome/jobsapis/updatjobcollection.md index d66dd17784..d759f2a873 100644 --- a/docs/directorymanager/11.1/api/syncjobs/updatjobcollection.md +++ b/docs/directorymanager/11.1/welcome/jobsapis/updatjobcollection.md @@ -1,3 +1,9 @@ +--- +title: "Update a Job Collection" +description: "Update a Job Collection" +sidebar_position: 110 +--- + # Update a Job Collection Use this API to update information of a job collection. diff --git a/docs/directorymanager/11.1/welcome/login.md b/docs/directorymanager/11.1/welcome/login.md new file mode 100644 index 0000000000..781c36850e --- /dev/null +++ b/docs/directorymanager/11.1/welcome/login.md @@ -0,0 +1,96 @@ +--- +title: "Access the Portal" +description: "Access the Portal" +sidebar_position: 10 +--- + +# Access the Portal + +Use the Directory Manager portal URL the administrator has provided you to launch the portal. The +Welcome to Directory Manager page is displayed, where you can: + +- Log in +- Reset forgotten or lost passwords + See the [Reset Passwords](/docs/directorymanager/11.1/welcome/secondfactorauthentication/passwordreset.md) topic for additional information + on how to reset password. +- Unlock your identity store account + See the [Unlock your accounts](/docs/directorymanager/11.1/welcome/user/manage/unlockaccount.md) topic for additional information on + how to unlock account. + +To manage access in Directory Manager, security roles are defined for an identity store. Each role +is granted a set of permissions that enable role members to access specific functions. + +## Log in + +You must connect the portal to an identity store while signing in. + +Use any of the following methods to connect and sign in: + +- Select an identity store and enter the username and password of your identity store account. +- Select an identity store and sign in using a SAML provider. + This option is available if a SAML provider is configured with the selected identity store. + +Next, you may have to pass second factor authentication, depending on whether it is enabled for your +role in the identity store. You can perform tasks in Directory Manager portal in keeping with your +role and permissions in the identity store. + +Follow the steps to log in. + +Step 1 – Enter the portal URL in the address bar of a web browser and press Enter. For example: + +`https://[machine name]:4443/[portal name]` + +Step 2 – You can sign in using any of the following methods: + +- With your Identity Store Account +- With a SAML Provider + +With your Identity Store Account + +Step 1 – Click **Log in to continue** on the Welcome to Directory Manager page. + +Step 2 – On the Directory ManagerAuthenticate page, click an identity store to connect to. If only +one identity store is associated with the portal, it is selected by default. + +Step 3 – In the Username and Password boxes, enter the username and password of your identity store +account, or click **Edit** next to the identity store name to connect to a different identity store. + +Step 4 – After providing your credentials, click **Sign In**. + +NOTE: Microsoft Entra ID MFA enabled users cannot log into Directory Manager using their username +and password. They will be authenticated through the SAML provider configured in Directory Manager. + +With a SAML Provider + +You can opt for single sign-on across all Directory Manager clients by configuring a SAML provider +but for an Microsoft Entra ID identity store you must configure a SAML provider. See the following +topics for additional information on configuring a SAML provider: + +- [Configure Directory Manager in Microsoft Entra ID for SSO](/docs/directorymanager/11.1/authenticate/asserviceprovider/entrasso/configureinentra.md) +- [Configure the Microsoft Entra SSO Application in Directory Manager](/docs/directorymanager/11.1/authenticate/asserviceprovider/entrasso/configureproviderindirectorymanager.md) + +Follow the steps to log in with a SAML provider + +Step 1 – Click **Log in to continue** on the Welcome to Directory Managerpage. + +Step 2 – On the Directory Manager Authenticate page, click the button or image for the provider and +proceed to sign in. + +### Second Factor Authentication + +When [Second Factor Authentication](/docs/directorymanager/11.1/welcome/secondfactorauthentication/secondfactorauthentication.md) is enabled +for your role in the selected identity store, one of the following applies: + +- If you have not enrolled your identity store account in Directory Manager, the Enroll Account + window is displayed, where you must enroll your identity store account using at least one + authentication type. See the [Enroll your Identity Store Account](/docs/directorymanager/11.1/signin/concepts/enroll.md) topic + for additional information. +- If you have already enrolled your identity store account in Directory Manager, the Authenticate + window is displayed. It lists the authentication types that you enrolled your account with. You + must authenticate your identity store account with one authentication type. See the + [Authenticate your Identity Store Account](/docs/directorymanager/11.1/signin/concepts/authenticate.md) topic for additional + information. + +## Sign Out + +In the portal, click your profile info in the top right corner and click **Sign Out**. diff --git a/docs/directorymanager/11.1/welcome/logsapis/_category_.json b/docs/directorymanager/11.1/welcome/logsapis/_category_.json new file mode 100644 index 0000000000..9398a847aa --- /dev/null +++ b/docs/directorymanager/11.1/welcome/logsapis/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Logs APIs", + "position": 40, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "logsapis" + } +} \ No newline at end of file diff --git a/docs/directorymanager/11.1/welcome/logsapis/admincenter.md b/docs/directorymanager/11.1/welcome/logsapis/admincenter.md new file mode 100644 index 0000000000..62ac064958 --- /dev/null +++ b/docs/directorymanager/11.1/welcome/logsapis/admincenter.md @@ -0,0 +1,26 @@ +--- +title: "Admin Center Logs" +description: "Admin Center Logs" +sidebar_position: 10 +--- + +# Admin Center Logs + +Use this API to get Admin Center logs. See the [Get Logs](/docs/directorymanager/11.1/signin/concepts/logs.md) topic +for additional information. + +## Endpoint + +https://machinename:4443/AdminCenter/api/Logs/Download + +## HTTP Method + +GET + +#### Sample Response Syntax + +``` + +``` + +Save the encrypted response as a zip file to a desired location. diff --git a/docs/directorymanager/11.1/welcome/logsapis/dataservice.md b/docs/directorymanager/11.1/welcome/logsapis/dataservice.md new file mode 100644 index 0000000000..735e652c15 --- /dev/null +++ b/docs/directorymanager/11.1/welcome/logsapis/dataservice.md @@ -0,0 +1,27 @@ +--- +title: "Data Service Logs" +description: "Data Service Logs" +sidebar_position: 20 +--- + +# Data Service Logs + +Use this API to get Directory Manager Data service log. See the +[Data Service](/docs/directorymanager/11.1/signin/service/dataservice/overview.md) for additional information on Data +service. + +## Endpoint + +https://machinename:4443/GroupIDDataService/api/Logs/Download + +## HTTP Method + +GET + +#### Sample Response Syntax + +``` + +``` + +Save the encrypted response as a zip file to a desired location. diff --git a/docs/directorymanager/11.1/welcome/logsapis/emailservice.md b/docs/directorymanager/11.1/welcome/logsapis/emailservice.md new file mode 100644 index 0000000000..c7db61abf9 --- /dev/null +++ b/docs/directorymanager/11.1/welcome/logsapis/emailservice.md @@ -0,0 +1,26 @@ +--- +title: "Email Service Logs" +description: "Email Service Logs" +sidebar_position: 30 +--- + +# Email Service Logs + +Use this API to get Email service logs. See the +[Email Service](/docs/directorymanager/11.1/signin/service/emailservice.md) topic for additional on Email service. + +## Endpoint + +https://machinename:4443/GroupIDEmailService/api/Logs/Download + +## HTTP Method + +GET + +#### Sample Response Syntax + +``` + +``` + +Save the encrypted response as a zip file to a desired location. diff --git a/docs/directorymanager/11.1/welcome/logsapis/logsapis.md b/docs/directorymanager/11.1/welcome/logsapis/logsapis.md new file mode 100644 index 0000000000..9695c330ea --- /dev/null +++ b/docs/directorymanager/11.1/welcome/logsapis/logsapis.md @@ -0,0 +1,20 @@ +--- +title: "Logs APIs" +description: "Logs APIs" +sidebar_position: 40 +--- + +# Logs APIs + +Directory Manager generates logs for its services, clients, and Windows events. Using the following +APIs, you can collect and dump your required logs to a desired location. + +See the [Get Logs](/docs/directorymanager/11.1/signin/concepts/logs.md) topic for additional information on logs. + +- [Admin Center Logs](/docs/directorymanager/11.1/welcome/logsapis/admincenter.md) +- [Data Service Logs](/docs/directorymanager/11.1/welcome/logsapis/dataservice.md) +- [Email Service Logs](/docs/directorymanager/11.1/welcome/logsapis/emailservice.md) +- [Portal Logs](/docs/directorymanager/11.1/welcome/logsapis/portal.md) +- [Replication Service Logs](/docs/directorymanager/11.1/welcome/logsapis/replicationservice.md) +- [Scheduler Service Logs](/docs/directorymanager/11.1/welcome/logsapis/schedulerservice.md) +- [Security Service Logs](/docs/directorymanager/11.1/welcome/logsapis/securityservice.md) diff --git a/docs/directorymanager/11.1/welcome/logsapis/portal.md b/docs/directorymanager/11.1/welcome/logsapis/portal.md new file mode 100644 index 0000000000..ce9706b4f6 --- /dev/null +++ b/docs/directorymanager/11.1/welcome/logsapis/portal.md @@ -0,0 +1,26 @@ +--- +title: "Portal Logs" +description: "Portal Logs" +sidebar_position: 40 +--- + +# Portal Logs + +Use this API to get Directory Manager portal logs. See the +[History](/docs/directorymanager/11.1/welcome/history/overview.md) topic for additional information on Portal history. + +## Endpoint + +https://demomachine:4443/GroupIDPortal/api/Logs/Download + +## HTTP Method + +GET + +#### Sample Response Syntax + +``` + +``` + +Save the encrypted response as a zip file to a desired location. diff --git a/docs/directorymanager/11.1/welcome/logsapis/replicationservice.md b/docs/directorymanager/11.1/welcome/logsapis/replicationservice.md new file mode 100644 index 0000000000..369b562016 --- /dev/null +++ b/docs/directorymanager/11.1/welcome/logsapis/replicationservice.md @@ -0,0 +1,27 @@ +--- +title: "Replication Service Logs" +description: "Replication Service Logs" +sidebar_position: 50 +--- + +# Replication Service Logs + +Use this API to get Replication Service logs. See the +[Replication Service](/docs/directorymanager/11.1/signin/service/replicationservice.md) topic for additional +information on Replication service. + +## Endpoint + +https://demomachine:4443/GroupIDReplicationService/api/Logs/Download + +## HTTP Method + +GET + +#### Sample Response Syntax + +``` + +``` + +Save the encrypted response as a zip file to a desired location. diff --git a/docs/directorymanager/11.1/welcome/logsapis/schedulerservice.md b/docs/directorymanager/11.1/welcome/logsapis/schedulerservice.md new file mode 100644 index 0000000000..659b223968 --- /dev/null +++ b/docs/directorymanager/11.1/welcome/logsapis/schedulerservice.md @@ -0,0 +1,27 @@ +--- +title: "Scheduler Service Logs" +description: "Scheduler Service Logs" +sidebar_position: 60 +--- + +# Scheduler Service Logs + +Using this API you can get Scheduler Service logs. See the +[Scheduler Service](/docs/directorymanager/11.1/signin/service/schedulerservice.md)topic for additional information +on Scheduler service. + +## Endpoint + +https://demomachine:4443/GroupIDSchedulerService/api/Logs/Download + +## HTTP Method + +GET + +#### Sample Response Syntax + +``` + +``` + +Save the encrypted response as a zip file to a desired location. diff --git a/docs/directorymanager/11.1/welcome/logsapis/securityservice.md b/docs/directorymanager/11.1/welcome/logsapis/securityservice.md new file mode 100644 index 0000000000..81bed06412 --- /dev/null +++ b/docs/directorymanager/11.1/welcome/logsapis/securityservice.md @@ -0,0 +1,27 @@ +--- +title: "Security Service Logs" +description: "Security Service Logs" +sidebar_position: 70 +--- + +# Security Service Logs + +This API fetches Directory Manager Security service logs. See the +[Security Service](/docs/directorymanager/11.1/signin/service/securityservice/overview.md) topic for additional +information on Security service. + +## Endpoint + +https://demomachine:4443/GroupIDSecurityService/api/Logs/Download + +## HTTP Method + +GET + +#### Sample Response Syntax + +``` + +``` + +Save the encrypted response as a zip file to a desired location. diff --git a/docs/directorymanager/11.1/welcome/passwordmanagement.md b/docs/directorymanager/11.1/welcome/passwordmanagement.md new file mode 100644 index 0000000000..c6d99d5476 --- /dev/null +++ b/docs/directorymanager/11.1/welcome/passwordmanagement.md @@ -0,0 +1,44 @@ +--- +title: "Password Management" +description: "Password Management" +sidebar_position: 60 +--- + +# Password Management + +Complex passwords keep network infrastructure secure but there is a real cost to that security. +Users forget their complex passwords. They can be given two options: either they call helpdesk to +reset their password at an exorbitant cost or have a self-service tool. Directory Manager can serve +both these functions. Using it: + +- Helpdesk – Can reset passwords and unlock accounts for users after authentication. See the + [Reset Passwords](/docs/directorymanager/11.1/signin/helpdesk/operation/resetpassword.md) topic for detailed + information. +- Users – Can reset their own passwords and their own accounts after passing multifactor + authentication. They can perform these password related functions through various mediums, such + as: + + - Directory Manager portal – Using it, they can: + + - reset their forgotten passwords. See the + [Reset Passwords](/docs/directorymanager/11.1/welcome/secondfactorauthentication/passwordreset.md) topic for further information on how + to reset forgotten passwords. + - change their account passwords. See the [ Change your password](/docs/directorymanager/11.1/welcome/user/manage/changepassword.md) topic + for further information on how to change their account passwords. + - reset their own password or password of any other user. See the + [Reset your password](/docs/directorymanager/11.1/welcome/user/manage/resetpassword.md) topic for additional information. + - unlock their identity store account. See the [Unlock your accounts](/docs/directorymanager/11.1/welcome/user/manage/unlockaccount.md) + topic for detailed information on how to unlock their identity store accounts. + + - Client Software and Web Access + + The client software to install on user workstations is called + [ Credential Provider](/docs/directorymanager/11.1/credentialprovider/credentialprovider.md) and available for distribution using various + IT enabled distribution methods such as group policy and Microsoft System Center + Configuration Manager (SCCM). See the [Install Credential Provider](/docs/directorymanager/11.1/credentialprovider/installcp.md) topic for + additional information. + + The distributed client enables the **Forgot Password?** and **Unlock Account** links on the + Windows logon screen of users’ workstations. Users, who forget their passwords or are locked + out, can easily access these functions from their machine. There is also an option for web + access for users if they are on a remote computer. diff --git a/docs/directorymanager/11.1/welcome/request/_category_.json b/docs/directorymanager/11.1/welcome/request/_category_.json new file mode 100644 index 0000000000..620c2903c1 --- /dev/null +++ b/docs/directorymanager/11.1/welcome/request/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Requests", + "position": 120, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/directorymanager/11.1/portal/request/allrequest.md b/docs/directorymanager/11.1/welcome/request/allrequest.md similarity index 98% rename from docs/directorymanager/11.1/portal/request/allrequest.md rename to docs/directorymanager/11.1/welcome/request/allrequest.md index edb6a92146..65372a06b0 100644 --- a/docs/directorymanager/11.1/portal/request/allrequest.md +++ b/docs/directorymanager/11.1/welcome/request/allrequest.md @@ -1,3 +1,9 @@ +--- +title: "All Requests" +description: "All Requests" +sidebar_position: 20 +--- + # All Requests Use **All Requests** node to view workflow requests generated by enterprise users. The view displays diff --git a/docs/directorymanager/11.1/portal/request/myrequest.md b/docs/directorymanager/11.1/welcome/request/myrequest.md similarity index 89% rename from docs/directorymanager/11.1/portal/request/myrequest.md rename to docs/directorymanager/11.1/welcome/request/myrequest.md index aa591a4050..3b01d88db5 100644 --- a/docs/directorymanager/11.1/portal/request/myrequest.md +++ b/docs/directorymanager/11.1/welcome/request/myrequest.md @@ -1,3 +1,9 @@ +--- +title: "My Requests" +description: "My Requests" +sidebar_position: 10 +--- + # My Requests To view the workflow requests that you initiated, expand the **Requests** node on the left diff --git a/docs/directorymanager/11.1/welcome/request/overview.md b/docs/directorymanager/11.1/welcome/request/overview.md new file mode 100644 index 0000000000..9671b371da --- /dev/null +++ b/docs/directorymanager/11.1/welcome/request/overview.md @@ -0,0 +1,103 @@ +--- +title: "Requests" +description: "Requests" +sidebar_position: 120 +--- + +# Requests + +A workflow request is a set of rules that Directory Manager uses as a built-in auditing system to +ensure that users enter correct data before committing changes to a directory. A workflow triggers +when some Directory Manager operation, performed by a user, meets the criteria defined in the +workflow route. + +Workflow requests are defined for an identity store and applied to the different operations +performed using Directory Manager. + +Directory Manager provides the following predefined workflows (also called system workflows) that +trigger when their associated events occur: + +| | Workflow Name | Description | Default Approver | +| --- | ------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ---------------------------------------------------- | +| 1. | Workflow to Reset Password | When a user resets his or her password. It does not apply when helpdesk users reset the passwords of other users. | Primary and additional managers of the user | +| 2. | Workflow to Change Group Expiration Policy | When a user changes the expiry policy of a group. By default, this workflow is disabled and no approver is specified. You can edit the workflow to add an approver. | None | +| 3. | Workflow to Nest a Group | When a user adds a group (Group A) to the membership of another group (Group B). | Primary and additional owners of Group A | +| 4. | Workflow to Join a Group | When a user joins a semi-private group. | Primary and additional owners of the group | +| 5. | Workflow to Leave a Group | When a user leaves a semi-private group. | Primary and additional owners of the group | +| 6. | Workflow to Transfer a User | When a user transfers his or her direct report. | The new manager | +| 7. | Workflow to Terminate a User | When a manager terminates a direct report. By default, this workflow is disabled and no approver is specified. You can edit the workflow to add an approver. | None | +| 8. | Workflow to Change Manager | When a user changes his or her primary or additional manager. If the user does not have a primary manager, and no default approver is set, the request is auto approved. | Existing primary and additional managers of the user | + +The administrator can also define more workflows for the identity store. + +In case of a Synchronize job, Directory Manager evaluates whether the task it will perform falls +under the scope of a workflow. If yes, then a workflow request is triggered the first time the job +is executed. The job will run when the request is approved. + +On Directory Manager portal, use the **Requests** node to view and manage workflow requests for the +connected identity store. Expanding this node displays the following tabs: + +- [My Requests](/docs/directorymanager/11.1/welcome/request/myrequest.md) lists workflow requests that you have generated. It displays both + pending and processed requests. +- [Request Inbox](/docs/directorymanager/11.1/welcome/request/pending.md) lists the workflow requests for which you are the approver. You can + view, approve, deny, or reroute these requests. +- [All Requests](/docs/directorymanager/11.1/welcome/request/allrequest.md) lists all pending workflow requests generated by enterprise users. + +NOTE: If the user is high priority such as _Administrator_, only then they will see the _All +Requests_ tab. + +## Workflow Implementation + +Directory Manager workflows are carried out in a standard action sequence: + +- When a user performs an action in Directory Manager, it is evaluated according to the workflow + settings. +- If no approval is required, the change takes place in the directory and change notifications are + sent. +- If a workflow applies, Directory Manager routes an approval request to the approving authorities + and a 'request sent' notification is send to the requester. When the request is approved, the + requested changes are made in the directory and change notifications go to the requester and + approvers (except the one who has approved the request) by email. +- If the request is denied, information is not updated in the directory and an email notification is + sent to the requester and th pe approvers (except the one who has approved the request) with an + explanation of why it was denied. + +The administrator may enable the email approval option for a workflow route. Email notifications +generated for such workflow requests contain the **Accept** and **Deny** buttons. On clicking any of +these, the approver is redirected to the Directory Manager portal, where he or she can approve or +deny the request. Navigation within the portal will require authentication. + +NOTE: Email notifications are sent when an SMTP server has been configured for the identity store. + +## Approving authority for a Workflow Request (without Workflow Acceleration) + +For each workflow, an approving authority is also specified. The following scenarios are valid when +workflow approver acceleration settings are not applied: + +- If the object specified as an approver in a workflow route is not available (such as if it is + disabled or not specified), the workflow request would be routed to the default approver. If the + default approver is not specified or disabled, the request is auto approved. + + See the + [Specify a Default Approver](/docs/directorymanager/11.1/signin/workflow/advancedsettings.md#specify-a-default-approver) + topic. + +- If the requester is also the approver for that workflow, the request is auto-approved. +- When a Synchronize job runs to set the manager for a user who does not already have a manager, the + following happens: + + - The _Workflow to Change Manager_ will trigger if a default approver is set in advanced + workflow settings. + - If the default approver is not set, the workflow will not trigger and the user's manager will + be set without requiring any approval. + +## Workflow Acceleration + +The workflow approver acceleration feature in Directory Manager ensures that no workflow request +remains unnoticed and undecided. Based on certain rules, it automatically accelerates a request to +another approver if the current approver does not act on it for a certain number of days. + +The administrator can enable and configure workflow approver acceleration for an identity store in +Directory Manager Admin Center. + +See [Workflow Approver Acceleration](/docs/directorymanager/11.1/signin/workflow/approveracceleration.md) diff --git a/docs/directorymanager/11.1/portal/request/pending.md b/docs/directorymanager/11.1/welcome/request/pending.md similarity index 92% rename from docs/directorymanager/11.1/portal/request/pending.md rename to docs/directorymanager/11.1/welcome/request/pending.md index 6ab7967b65..6486f096c4 100644 --- a/docs/directorymanager/11.1/portal/request/pending.md +++ b/docs/directorymanager/11.1/welcome/request/pending.md @@ -1,3 +1,9 @@ +--- +title: "Request Inbox" +description: "Request Inbox" +sidebar_position: 30 +--- + # Request Inbox Using the Directory Managerportal, designated approvers can view the workflow requests and approve diff --git a/docs/directorymanager/11.1/welcome/searchapis/_category_.json b/docs/directorymanager/11.1/welcome/searchapis/_category_.json new file mode 100644 index 0000000000..6eac5a5c89 --- /dev/null +++ b/docs/directorymanager/11.1/welcome/searchapis/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Search APIs", + "position": 50, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "searchapis" + } +} \ No newline at end of file diff --git a/docs/directorymanager/11.1/api/search/byattribute.md b/docs/directorymanager/11.1/welcome/searchapis/byattribute.md similarity index 97% rename from docs/directorymanager/11.1/api/search/byattribute.md rename to docs/directorymanager/11.1/welcome/searchapis/byattribute.md index becd52b55a..80dbc18a84 100644 --- a/docs/directorymanager/11.1/api/search/byattribute.md +++ b/docs/directorymanager/11.1/welcome/searchapis/byattribute.md @@ -1,3 +1,9 @@ +--- +title: "Search an Object By a Single Value Attribute" +description: "Search an Object By a Single Value Attribute" +sidebar_position: 10 +--- + # Search an Object By a Single Value Attribute Use this API to search a directory object in an identity store based on the specified attribute. For diff --git a/docs/directorymanager/11.1/api/search/groupmembers.md b/docs/directorymanager/11.1/welcome/searchapis/groupmembers.md similarity index 99% rename from docs/directorymanager/11.1/api/search/groupmembers.md rename to docs/directorymanager/11.1/welcome/searchapis/groupmembers.md index 1934fa3cc3..535d5285f6 100644 --- a/docs/directorymanager/11.1/api/search/groupmembers.md +++ b/docs/directorymanager/11.1/welcome/searchapis/groupmembers.md @@ -1,3 +1,9 @@ +--- +title: "Search Group Members" +description: "Search Group Members" +sidebar_position: 20 +--- + # Search Group Members Use this API to search members of a specified group using the member attribute. diff --git a/docs/directorymanager/11.1/welcome/searchapis/searchapis.md b/docs/directorymanager/11.1/welcome/searchapis/searchapis.md new file mode 100644 index 0000000000..ef0ce5008f --- /dev/null +++ b/docs/directorymanager/11.1/welcome/searchapis/searchapis.md @@ -0,0 +1,13 @@ +--- +title: "Search APIs" +description: "Search APIs" +sidebar_position: 50 +--- + +# Search APIs + +Directory Manager provides the following APIs to search directory objects based on a single or a +multi-valued attribute.: + +- [Search an Object By a Single Value Attribute](/docs/directorymanager/11.1/welcome/searchapis/byattribute.md) +- [Search Group Members](/docs/directorymanager/11.1/welcome/searchapis/groupmembers.md) diff --git a/docs/directorymanager/11.1/welcome/secondfactorauthentication/_category_.json b/docs/directorymanager/11.1/welcome/secondfactorauthentication/_category_.json new file mode 100644 index 0000000000..4d01e3e9ee --- /dev/null +++ b/docs/directorymanager/11.1/welcome/secondfactorauthentication/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Second Factor Authentication", + "position": 40, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "secondfactorauthentication" + } +} \ No newline at end of file diff --git a/docs/directorymanager/11.1/portal/user/authentication/passwordreset.md b/docs/directorymanager/11.1/welcome/secondfactorauthentication/passwordreset.md similarity index 98% rename from docs/directorymanager/11.1/portal/user/authentication/passwordreset.md rename to docs/directorymanager/11.1/welcome/secondfactorauthentication/passwordreset.md index fdda6b654d..44f1bc3ceb 100644 --- a/docs/directorymanager/11.1/portal/user/authentication/passwordreset.md +++ b/docs/directorymanager/11.1/welcome/secondfactorauthentication/passwordreset.md @@ -1,3 +1,9 @@ +--- +title: "Reset Passwords" +description: "Reset Passwords" +sidebar_position: 30 +--- + # Reset Passwords The Directory Manager portal enables enrolled users in an identity store reset their account diff --git a/docs/directorymanager/11.1/portal/user/authentication/secondfactorauthentication.md b/docs/directorymanager/11.1/welcome/secondfactorauthentication/secondfactorauthentication.md similarity index 96% rename from docs/directorymanager/11.1/portal/user/authentication/secondfactorauthentication.md rename to docs/directorymanager/11.1/welcome/secondfactorauthentication/secondfactorauthentication.md index 7ddc6ff47a..a01d7508cc 100644 --- a/docs/directorymanager/11.1/portal/user/authentication/secondfactorauthentication.md +++ b/docs/directorymanager/11.1/welcome/secondfactorauthentication/secondfactorauthentication.md @@ -1,3 +1,9 @@ +--- +title: "Second Factor Authentication" +description: "Second Factor Authentication" +sidebar_position: 40 +--- + # Second Factor Authentication The Directory Manager administrator can enable second factor authentication for a user role in an @@ -9,11 +15,11 @@ an identity store, role members must authenticate themselves using an authentica Second factor authentication works as follows: - An unenrolled user must enroll his or her identity store account in Directory Manager. See the - [Enroll your Identity Store Account](/docs/directorymanager/11.1/admincenter/enroll.md) topic. Enrollment is a + [Enroll your Identity Store Account](/docs/directorymanager/11.1/signin/concepts/enroll.md) topic. Enrollment is a one-time process. - An enrolled user has to authenticate on the Directory Manager portal using the authentication type he or she used to enroll his or her identity store account with. See the - [Authenticate your Identity Store Account](/docs/directorymanager/11.1/admincenter/authenticate.md) topic. + [Authenticate your Identity Store Account](/docs/directorymanager/11.1/signin/concepts/authenticate.md) topic. Authentication is required every time the user logs into the portal. diff --git a/docs/directorymanager/11.1/welcome/synchronize/_category_.json b/docs/directorymanager/11.1/welcome/synchronize/_category_.json new file mode 100644 index 0000000000..921530382f --- /dev/null +++ b/docs/directorymanager/11.1/welcome/synchronize/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Synchronize", + "position": 90, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/directorymanager/11.1/welcome/synchronize/create/_category_.json b/docs/directorymanager/11.1/welcome/synchronize/create/_category_.json new file mode 100644 index 0000000000..a7bbf90477 --- /dev/null +++ b/docs/directorymanager/11.1/welcome/synchronize/create/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Create a Job", + "position": 30, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "create" + } +} \ No newline at end of file diff --git a/docs/directorymanager/11.1/portal/synchronize/collection/chooseyourjobcollectiontemplate.md b/docs/directorymanager/11.1/welcome/synchronize/create/chooseyourjobcollectiontemplate.md similarity index 86% rename from docs/directorymanager/11.1/portal/synchronize/collection/chooseyourjobcollectiontemplate.md rename to docs/directorymanager/11.1/welcome/synchronize/create/chooseyourjobcollectiontemplate.md index 3d72b52d4c..0e9c0fb387 100644 --- a/docs/directorymanager/11.1/portal/synchronize/collection/chooseyourjobcollectiontemplate.md +++ b/docs/directorymanager/11.1/welcome/synchronize/create/chooseyourjobcollectiontemplate.md @@ -1,3 +1,9 @@ +--- +title: "Choose your Job Template" +description: "Choose your Job Template" +sidebar_position: 10 +--- + # Choose your Job Template For creating a job, Directory Manager Synchronize enables you to create a new job collection based diff --git a/docs/directorymanager/11.1/portal/synchronize/job/chooseyourjobtemplate.md b/docs/directorymanager/11.1/welcome/synchronize/create/chooseyourjobtemplate.md similarity index 90% rename from docs/directorymanager/11.1/portal/synchronize/job/chooseyourjobtemplate.md rename to docs/directorymanager/11.1/welcome/synchronize/create/chooseyourjobtemplate.md index fa81416a71..24e461edf1 100644 --- a/docs/directorymanager/11.1/portal/synchronize/job/chooseyourjobtemplate.md +++ b/docs/directorymanager/11.1/welcome/synchronize/create/chooseyourjobtemplate.md @@ -1,3 +1,9 @@ +--- +title: "Choose Your Job Template" +description: "Choose Your Job Template" +sidebar_position: 20 +--- + # Choose Your Job Template For creating a job, Directory ManagerSynchronize enables you to create a new job based on your diff --git a/docs/directorymanager/11.1/welcome/synchronize/create/create.md b/docs/directorymanager/11.1/welcome/synchronize/create/create.md new file mode 100644 index 0000000000..e1f80f752b --- /dev/null +++ b/docs/directorymanager/11.1/welcome/synchronize/create/create.md @@ -0,0 +1,79 @@ +--- +title: "Create a Job" +description: "Create a Job" +sidebar_position: 30 +--- + +# Create a Job + +Synchronize allows you to move data from one data source to another using a set of sequential +commands that run in the background. The set of commands is called a job. You can create a job from +scratch, from a predefined template, or from a template that you create yourself. + +Synchronize provides these predefined job templates: + +- Linked Mailbox Creation in Active Directory +- Move and Disable Objects in Active Directory +- Move Objects in Active Directory +- Sync GAL in Active Directory + +These job templates represent common business scenarios. You can use these templates or modify them +to create your own custom templates. Templates offer predefined settings, which you can apply to the +new job (except for the source and destination configurations) and modify as required. You can also +create a new job by duplicating and modifying an existing one. + +Creating a job from scratch requires that you specify the source and destination resources involved +in the transfer of data. You must also map the fields for the source and destination objects in +which the data transfer takes place. + +You can also apply data transformations. A transformation allows you to modify data as it is being +transferred to the destination. + +Once you create a job, you can either run it manually or schedule it to run periodically. + +You can create templates from existing jobs on-the-fly and reuse their settings in new jobs. + +To understand how workflows work with Synchronize jobs, see the +[Synchronize Jobs and Workflows](/docs/directorymanager/11.1/signin/workflow/overview.md#synchronize-jobs-and-workflows) +topic. + +## Create a new job + +Step 1 – On Directory Manager portal, select **Synchronize**on left pane. + +Step 2 – On the Synchronize portal, click **Create New** and then click **Job**. + +Step 3 – On the [Choose Your Job Template](/docs/directorymanager/11.1/welcome/synchronize/create/chooseyourjobtemplate.md) page, enter the job details and +select whether to use a job template or create the job from scratch. + +Step 4 – Click **Next Step**. + +Step 5 – On the [Select Your Source and Destination](/docs/directorymanager/11.1/welcome/synchronize/create/sourceanddestination.md) page, specify the +source and destination providers. + +Step 6 – Click **Next Step**. + +Step 7 – On the [Objects, Fields and Mapping ](/docs/directorymanager/11.1/welcome/synchronize/create/objectfieldsandmapping.md) page, map the source and +destination fields and apply transformations. + +Step 8 – On the [Schedule Job and Notifications](/docs/directorymanager/11.1/welcome/synchronize/create/scheduleandnotification.md) page, choose a schedule +for a job and set up notification settings. + +NOTE: After creating the job, you can modify the schedule for the job and you can also create a new +schedule. + +Step 9 – Select **Preview job when finished** checkbox to preview the job. + +Step 10 – **Review your Changes** before finishing the job. + +Step 11 – Click **Finish** and create the job. + +Step 12 – Once you run the job, the job runs if workflow is not configured. If workflow is +configured, the request gets generated. + +Step 13 – Generated workflow request will be displayed in the [Requests](/docs/directorymanager/11.1/welcome/request/overview.md) +section for the workflow approver(s). If the approver approves the workflow request, the job will +execute the results. + +Step 14 – The **Review Job Run** dialog box appears, providing access to run statistics, reports, +and logs for the last job run. diff --git a/docs/directorymanager/11.1/welcome/synchronize/create/create_1.md b/docs/directorymanager/11.1/welcome/synchronize/create/create_1.md new file mode 100644 index 0000000000..14a750aace --- /dev/null +++ b/docs/directorymanager/11.1/welcome/synchronize/create/create_1.md @@ -0,0 +1,57 @@ +--- +title: "Create a Job Collection" +description: "Create a Job Collection" +sidebar_position: 40 +--- + +# Create a Job Collection + +A job collection is a group of individual jobs that you want to run in a particular order. For +instance, you can create a job collection to synchronize user accounts between multiple Active +Directory domains. You first create multiple Synchronize jobs to transfer data between two +directories, and then combine them in a job collection. Then you can execute the job collection +instead of executing each job one by one. + +To understand how workflows work with Synchronize jobs, see the +[Synchronize Jobs and Workflows](/docs/directorymanager/11.1/signin/workflow/overview.md#synchronize-jobs-and-workflows) +topic. + +## Create a job Collection + +Step 1 – On Directory Manager portal, select **Synchronize** on left pane. + +Step 2 – On the Synchronize portal, click **Create New** and then click **Job Collection.** + +Step 3 – On the [Choose your Job Template](/docs/directorymanager/11.1/welcome/synchronize/create/chooseyourjobcollectiontemplate.md) page, enter job +collection details and select whether to use a job collection template or create the job collection +from scratch. + +Step 4 – Click **Next Step** + +Step 5 – On the [Synchronized Job Collection](/docs/directorymanager/11.1/welcome/synchronize/create/synchronizedjobcollection.md) page, add jobs to the +collection. You can either add existing jobs or create new jobs to add them to the job collection. + +Step 6 – On the [Scheduling and Notifications](/docs/directorymanager/11.1/welcome/synchronize/create/schedulingandnotification.md) page, choose a schedule +for a job collection and set up notification settings. + +NOTE: After creating the job collection, you can modify the schedule for the job collection and you +can also create a new schedule. + +Step 7 – Select **Preview job collection when finished** checkbox to preview the job collection +before executing it. + +Step 8 – To review the information and changes regarding the job collection, click **Review Your +Change** at the bottom. + +Step 9 – Click **Finish** to exit the wizard and create the job collection. + +Step 10 – Once you run the job collection, the job collection runs and only those jobs will process +for which workflow is not configured. If workflow is configured for any job, the request gets +generated against that specific job. + +Step 11 – Generated workflow request will be displayed in the +“[Requests](/docs/directorymanager/11.1/welcome/request/overview.md)” section for the workflow approver(s). If the approver +approves the workflow request, the job will execute the results. + +Step 12 – **Run Job Collection** dialog box displays overall collection statistics for the run, +reports and individual logs for each job in the collection. diff --git a/docs/directorymanager/11.1/portal/synchronize/job/mappingfield.md b/docs/directorymanager/11.1/welcome/synchronize/create/mappingfield.md similarity index 99% rename from docs/directorymanager/11.1/portal/synchronize/job/mappingfield.md rename to docs/directorymanager/11.1/welcome/synchronize/create/mappingfield.md index 656f82461e..c973a3362e 100644 --- a/docs/directorymanager/11.1/portal/synchronize/job/mappingfield.md +++ b/docs/directorymanager/11.1/welcome/synchronize/create/mappingfield.md @@ -1,3 +1,9 @@ +--- +title: "Map Fields" +description: "Map Fields" +sidebar_position: 40 +--- + # Map Fields When creating a job, you select any of the following destination providers. diff --git a/docs/directorymanager/11.1/welcome/synchronize/create/messagingsystemoverview/_category_.json b/docs/directorymanager/11.1/welcome/synchronize/create/messagingsystemoverview/_category_.json new file mode 100644 index 0000000000..c9b5fdf5a2 --- /dev/null +++ b/docs/directorymanager/11.1/welcome/synchronize/create/messagingsystemoverview/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Messaging System", + "position": 70, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "messagingsystemoverview" + } +} \ No newline at end of file diff --git a/docs/directorymanager/11.1/welcome/synchronize/create/messagingsystemoverview/exchange.md b/docs/directorymanager/11.1/welcome/synchronize/create/messagingsystemoverview/exchange.md new file mode 100644 index 0000000000..77dafb8998 --- /dev/null +++ b/docs/directorymanager/11.1/welcome/synchronize/create/messagingsystemoverview/exchange.md @@ -0,0 +1,45 @@ +--- +title: "Exchange Subscription" +description: "Exchange Subscription" +sidebar_position: 10 +--- + +# Exchange Subscription + +While creating or editing mail enabled objects through a Synchronize job, Directory Manager provides +you the facility to sync or deprovision subscriptions from Office 365 messaging provider. + +## Sync Exchange subscriptions + +While creating or editing a Synchronize job (mailbox-enabled user) you can sync subscriptions from +Exchange messaging provider. + +On the **Object, Fields and Mapping** page: + +Step 1 – In the **Messaging Provider** drop-down list, select the **Exchange** version that you want +to use. + +Step 2 – Enter the domain name where the mail server resides in the **Domain** name box. + +Step 3 – Enter the username and password of an authorized user account on the mail server in the +**Username** and **Password** boxes. + +Step 4 – Set Exchange server priority. + +With Microsoft Exchange as the messaging provider, the **Server Name** column in the **Server Status +& Priority** area lists the mail servers in the environment. By default, Directory Manager randomly +assigns the highest priority to a server. You can change its priority level and set the priority for +other servers. + +If your required server is not listed, click **Sync Again**. + +1. In the **Server Status and Priority** section, select the check box for the server you want to + specify or change the priority for. + + Directory Manager checks the availability of the server and displays its status as _Online_ + (available) or _Offline_ (unavailable) in the **Status** column. + +2. In the **Priority** box, select a priority level for the server, with ‘1’ representing the + highest priority. + +Step 5 – Click **Save**. diff --git a/docs/directorymanager/11.1/portal/synchronize/job/googleapp.md b/docs/directorymanager/11.1/welcome/synchronize/create/messagingsystemoverview/googleapp.md similarity index 97% rename from docs/directorymanager/11.1/portal/synchronize/job/googleapp.md rename to docs/directorymanager/11.1/welcome/synchronize/create/messagingsystemoverview/googleapp.md index 8a83657cac..84b4299317 100644 --- a/docs/directorymanager/11.1/portal/synchronize/job/googleapp.md +++ b/docs/directorymanager/11.1/welcome/synchronize/create/messagingsystemoverview/googleapp.md @@ -1,3 +1,9 @@ +--- +title: "Google Workspace Subscription" +description: "Google Workspace Subscription" +sidebar_position: 20 +--- + # Google Workspace Subscription While creating or editing mail enabled objects through a Synchronize job, Directory Manager provides diff --git a/docs/directorymanager/11.1/welcome/synchronize/create/messagingsystemoverview/messagingsystemoverview.md b/docs/directorymanager/11.1/welcome/synchronize/create/messagingsystemoverview/messagingsystemoverview.md new file mode 100644 index 0000000000..f9e324f23f --- /dev/null +++ b/docs/directorymanager/11.1/welcome/synchronize/create/messagingsystemoverview/messagingsystemoverview.md @@ -0,0 +1,15 @@ +--- +title: "Messaging System" +description: "Messaging System" +sidebar_position: 70 +--- + +# Messaging System + +Directory Manager enables users to configure messaging systems to efficiently create or edit mail +enabled objects through a Synchronize job. Users can sync or deprovision subscriptions from the +following messaging systems: + +- [Exchange Subscription](/docs/directorymanager/11.1/welcome/synchronize/create/messagingsystemoverview/exchange.md) +- [Google Workspace Subscription](/docs/directorymanager/11.1/welcome/synchronize/create/messagingsystemoverview/googleapp.md) +- [Office 365 Subscription](/docs/directorymanager/11.1/welcome/synchronize/create/messagingsystemoverview/office365.md) diff --git a/docs/directorymanager/11.1/portal/synchronize/job/office365.md b/docs/directorymanager/11.1/welcome/synchronize/create/messagingsystemoverview/office365.md similarity index 96% rename from docs/directorymanager/11.1/portal/synchronize/job/office365.md rename to docs/directorymanager/11.1/welcome/synchronize/create/messagingsystemoverview/office365.md index 785d27e6df..e6a08801ab 100644 --- a/docs/directorymanager/11.1/portal/synchronize/job/office365.md +++ b/docs/directorymanager/11.1/welcome/synchronize/create/messagingsystemoverview/office365.md @@ -1,3 +1,9 @@ +--- +title: "Office 365 Subscription" +description: "Office 365 Subscription" +sidebar_position: 30 +--- + # Office 365 Subscription While creating or editing mail enabled objects through a Synchronize job, Directory Manager provides @@ -91,7 +97,7 @@ On the **Object, Fields and Mapping** page: 1. On the **Transform** dialog box, select _Static - assign a static value_ from the **Set the destination field to** box. 2. Click - [Auto-Generate Unique, Complex Passwords](/docs/directorymanager/11.1/portal/synchronize/transformation/autogenerateuniquepassword.md). + [Auto-Generate Unique, Complex Passwords](/docs/directorymanager/11.1/welcome/synchronize/transformation/autogenerateuniquepassword.md). 3. On the Password Complexity Options dialog box, enter 10 in the **Password Length** box. 4. Clear the **Special symbols** check box. 5. Click **Transform.** diff --git a/docs/directorymanager/11.1/portal/synchronize/job/objectfieldsandmapping.md b/docs/directorymanager/11.1/welcome/synchronize/create/objectfieldsandmapping.md similarity index 94% rename from docs/directorymanager/11.1/portal/synchronize/job/objectfieldsandmapping.md rename to docs/directorymanager/11.1/welcome/synchronize/create/objectfieldsandmapping.md index e97150f50c..3bc7c4a25d 100644 --- a/docs/directorymanager/11.1/portal/synchronize/job/objectfieldsandmapping.md +++ b/docs/directorymanager/11.1/welcome/synchronize/create/objectfieldsandmapping.md @@ -1,3 +1,9 @@ +--- +title: "Objects, Fields and Mapping" +description: "Objects, Fields and Mapping" +sidebar_position: 30 +--- + # Objects, Fields and Mapping On the **Object, Fields and Mappings** page, map the a attributes with source fields. @@ -34,15 +40,15 @@ On the **Object, Fields and Mappings** page, map the a attributes with source fi It displays the following list of new providers that you can use to create a job. - - [Google Workspace Subscription](/docs/directorymanager/11.1/portal/synchronize/job/googleapp.md) + - [Google Workspace Subscription](/docs/directorymanager/11.1/welcome/synchronize/create/messagingsystemoverview/googleapp.md) Add connection details for Google Workspace. - - [Office 365 Subscription](/docs/directorymanager/11.1/portal/synchronize/job/office365.md) + - [Office 365 Subscription](/docs/directorymanager/11.1/welcome/synchronize/create/messagingsystemoverview/office365.md) Add Connection details for Office 365. - - [Exchange Subscription](/docs/directorymanager/11.1/portal/synchronize/job/exchange.md) + - [Exchange Subscription](/docs/directorymanager/11.1/welcome/synchronize/create/messagingsystemoverview/exchange.md) Add connection details for Exchange. @@ -57,7 +63,7 @@ On the **Object, Fields and Mappings** page, map the a attributes with source fi 3. In the **Script Language** section, specify the scripting language you want to use. Select one of the following language: - - [Visual Basic .NET for Directory Manager (formerly GroupID)](/docs/directorymanager/11.1/portal/synchronize/script/visualbasicnetbasic.md) + - [Visual Basic .NET for Directory Manager (formerly GroupID)](/docs/directorymanager/11.1/welcome/synchronize/dtmscript/visualbasicnetbasic.md) - Python for Directory Manager (formerly GroupID) 4. The Global Script Editor allows the script author to extend the functionality of Synchronize by @@ -112,7 +118,7 @@ On the **Object, Fields and Mappings** page, map the a attributes with source fi 8. Click **Save** to save the changes made to the script. -5. On the [Selected Fields for object types](/docs/directorymanager/11.1/portal/synchronize/job/selectedfield.md) type section, click **Add/Edit +5. On the [Selected Fields for object types](/docs/directorymanager/11.1/welcome/synchronize/create/selectedfield.md) type section, click **Add/Edit Fields**. You can specify the action to take if the data or object being exported from the source does not exist at the destination. 6. Use the **Map Field** section to map the source and destination fields and to apply @@ -122,12 +128,12 @@ On the **Object, Fields and Mappings** page, map the a attributes with source fi Do one of the following: - - [Map Fields](/docs/directorymanager/11.1/portal/synchronize/job/mappingfield.md) + - [Map Fields](/docs/directorymanager/11.1/welcome/synchronize/create/mappingfield.md) In the Source column of each destination item, select the source fields that contribute the data for the destination. - - **Apply a [Transform](/docs/directorymanager/11.1/portal/synchronize/transformation/overview.md)** + - **Apply a [Transform](/docs/directorymanager/11.1/welcome/synchronize/transformation/overview.md)** In the **Transform** column, click the **More Options** button to open the **Transform** [ _field_] dialog box and apply a transformation to the field value before it is saved diff --git a/docs/directorymanager/11.1/portal/synchronize/job/scheduleandnotification.md b/docs/directorymanager/11.1/welcome/synchronize/create/scheduleandnotification.md similarity index 94% rename from docs/directorymanager/11.1/portal/synchronize/job/scheduleandnotification.md rename to docs/directorymanager/11.1/welcome/synchronize/create/scheduleandnotification.md index 1af420eb71..6eb41f8446 100644 --- a/docs/directorymanager/11.1/portal/synchronize/job/scheduleandnotification.md +++ b/docs/directorymanager/11.1/welcome/synchronize/create/scheduleandnotification.md @@ -1,3 +1,9 @@ +--- +title: "Schedule Job and Notifications" +description: "Schedule Job and Notifications" +sidebar_position: 60 +--- + # Schedule Job and Notifications On **Schedule Job and Notifications**, you can set the schedule on the basis of which the job can @@ -13,7 +19,7 @@ run in future and set the notifications settings for the job. manually or from the Synchronize job scheduler. If you are modifying an existing job, you can also a new schedule for the job. Visit - [Synchronize Schedule](/docs/directorymanager/11.1/admincenter/schedule/synchronize.md) + [Synchronize Schedule](/docs/directorymanager/11.1/signin/schedule/synchronize.md) 2. Set up email notification of job run results: @@ -83,6 +89,6 @@ run in future and set the notifications settings for the job. 9. **Review your Changes** before finishing the job. 10. Click **Finish** and create the job. 11. Once you run the job, a workflow request is triggered. -12. Generated workflow request will be displayed in the [Requests](/docs/directorymanager/11.1/portal/request/overview.md) +12. Generated workflow request will be displayed in the [Requests](/docs/directorymanager/11.1/welcome/request/overview.md) section for the workflow approver(s). If the approver approves the workflow request, the job will execute the results. diff --git a/docs/directorymanager/11.1/portal/synchronize/collection/schedulingandnotification.md b/docs/directorymanager/11.1/welcome/synchronize/create/schedulingandnotification.md similarity index 91% rename from docs/directorymanager/11.1/portal/synchronize/collection/schedulingandnotification.md rename to docs/directorymanager/11.1/welcome/synchronize/create/schedulingandnotification.md index 45a9458a3c..d8a4043eda 100644 --- a/docs/directorymanager/11.1/portal/synchronize/collection/schedulingandnotification.md +++ b/docs/directorymanager/11.1/welcome/synchronize/create/schedulingandnotification.md @@ -1,3 +1,9 @@ +--- +title: "Scheduling and Notifications" +description: "Scheduling and Notifications" +sidebar_position: 20 +--- + # Scheduling and Notifications On the **Scheduling and Notifications** page, you can set the schedule on the basis of which the job @@ -14,7 +20,7 @@ Step 1 – On the **Scheduling and Notifications** page: Synchronize job scheduler. If you are modifying an existing job collection, you can also a new schedule for the job - collection. Visit [Synchronize Schedule](/docs/directorymanager/11.1/admincenter/schedule/synchronize.md) + collection. Visit [Synchronize Schedule](/docs/directorymanager/11.1/signin/schedule/synchronize.md) Step 2 – On the **Notifications** section, set up email notification of job collection run results. This feature requires Microsoft Exchange. Notifications are disabled by default and can be enabled @@ -43,6 +49,6 @@ Step 7 – Click **Finish** to exit the wizard and create the job collection. Step 8 – Once you run the job collection, a workflow request is triggered. -Step 9 – Generated workflow request will be displayed in the [Requests](/docs/directorymanager/11.1/portal/request/overview.md) +Step 9 – Generated workflow request will be displayed in the [Requests](/docs/directorymanager/11.1/welcome/request/overview.md) section for the workflow approver(s). If the approver approves the workflow request, the job will execute the results. diff --git a/docs/directorymanager/11.1/portal/synchronize/job/selectedfield.md b/docs/directorymanager/11.1/welcome/synchronize/create/selectedfield.md similarity index 97% rename from docs/directorymanager/11.1/portal/synchronize/job/selectedfield.md rename to docs/directorymanager/11.1/welcome/synchronize/create/selectedfield.md index 121fa1bce8..7403b3ba78 100644 --- a/docs/directorymanager/11.1/portal/synchronize/job/selectedfield.md +++ b/docs/directorymanager/11.1/welcome/synchronize/create/selectedfield.md @@ -1,3 +1,9 @@ +--- +title: "Selected Fields for object types" +description: "Selected Fields for object types" +sidebar_position: 50 +--- + # Selected Fields for object types On the Selected Fields for Object type section, click Add/Edit Fields. You can specify the action to diff --git a/docs/directorymanager/11.1/portal/synchronize/job/sourceanddestination.md b/docs/directorymanager/11.1/welcome/synchronize/create/sourceanddestination.md similarity index 96% rename from docs/directorymanager/11.1/portal/synchronize/job/sourceanddestination.md rename to docs/directorymanager/11.1/welcome/synchronize/create/sourceanddestination.md index f109bedb8a..20d85f8696 100644 --- a/docs/directorymanager/11.1/portal/synchronize/job/sourceanddestination.md +++ b/docs/directorymanager/11.1/welcome/synchronize/create/sourceanddestination.md @@ -1,3 +1,9 @@ +--- +title: "Select Your Source and Destination" +description: "Select Your Source and Destination" +sidebar_position: 10 +--- + # Select Your Source and Destination You must create required identity providers and data sources before creating a job. They are created diff --git a/docs/directorymanager/11.1/portal/synchronize/collection/synchronizedjobcollection.md b/docs/directorymanager/11.1/welcome/synchronize/create/synchronizedjobcollection.md similarity index 87% rename from docs/directorymanager/11.1/portal/synchronize/collection/synchronizedjobcollection.md rename to docs/directorymanager/11.1/welcome/synchronize/create/synchronizedjobcollection.md index 343c2c74a7..6ace589c33 100644 --- a/docs/directorymanager/11.1/portal/synchronize/collection/synchronizedjobcollection.md +++ b/docs/directorymanager/11.1/welcome/synchronize/create/synchronizedjobcollection.md @@ -1,3 +1,9 @@ +--- +title: "Synchronized Job Collection" +description: "Synchronized Job Collection" +sidebar_position: 30 +--- + # Synchronized Job Collection On the Synchronize Job Collection page, you view the list of jobs that you have added to the @@ -9,7 +15,7 @@ Step 1 – On the **Synchronized Jobs Collection** page, add jobs to the collect - To add an existing job to the collection, select **Add Existing Job(s)** dialog box. Select the check box next to the name of each job to be added and click **Add in Collection**. - To add a new job to the collection, select **Add New Job** dialog box. Follow the steps from - [Create a Job](/docs/directorymanager/11.1/portal/synchronize/job/create.md). + [Create a Job](/docs/directorymanager/11.1/welcome/synchronize/create/create.md). Step 2 – Rename the jobs in the job collection by clicking the **three vertical dots** button and click **Rename**. diff --git a/docs/directorymanager/11.1/welcome/synchronize/dashboard.md b/docs/directorymanager/11.1/welcome/synchronize/dashboard.md new file mode 100644 index 0000000000..dd2b507573 --- /dev/null +++ b/docs/directorymanager/11.1/welcome/synchronize/dashboard.md @@ -0,0 +1,58 @@ +--- +title: "Dashboard" +description: "Dashboard" +sidebar_position: 10 +--- + +# Dashboard + +After signing into the Directory Manager portal, from the left pane select **Synchronize** to land +on the dashboard. + +![synchronizedashboard](/img/product_docs/directorymanager/11.1/portal/synchronize/synchronizedashboard.webp) + +The interface has intuitive navigation options: + +- Quick Search +- Top Right Options +- Menu Pane +- Dashboard + +## Quick Search + +Look on the top of the page for **Search**. Use it to locate and display information for the jobs +and job templates. + +## Top Right Options + +The top right corner of the application displays: + +| Icon | Description | +| -------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Background jobs icon | View the status of jobs and job collections that are running in the background. It displays: - Jobs - Completed Jobs: Jobs that have been completed. - In Progress Jobs: Jobs that are still in running. - Job Collections - Completed Jobs: Job collections that have been completed. - In Progress Jobs: Job collections that are still in running. | +| Help icon | Launch the synchronize portal help. | +| User profile icon | Displays your profile picture with your name and the identity store that Directory Manager portal is connected to. Click it to launch the menu that displays the option to [Sign Out](/docs/directorymanager/11.1/welcome/login.md#sign-out) of the portal. | + +## Menu Pane + +Look on the left side of the page for the navigation pane, which lists links to: + +- Create New ([Create a Job](/docs/directorymanager/11.1/welcome/synchronize/create/create.md) and [Create a Job Collection ](/docs/directorymanager/11.1/welcome/synchronize/create/create_1.md)) +- Dashboard +- [Manage a Job](/docs/directorymanager/11.1/welcome/synchronize/manage/job.md) +- [Manage a Job Collection ](/docs/directorymanager/11.1/welcome/synchronize/manage/jobcollection.md) +- [Job Templates](/docs/directorymanager/11.1/welcome/synchronize/manage/jobtemplate.md) +- [Job Collection Template](/docs/directorymanager/11.1/welcome/synchronize/manage/jobcollectiontemplate.md) + +## Dashboard + +The dashboard comprises of the following cards: + +| Cards | Description | +| ---------------------- | ----------------------------------------------------------- | +| Jobs For | Displays the jobs based on their object types. | +| Successful Jobs | Displays the jobs that have been completed successfully. | +| Jobs with Errors | Displays the jobs that are completed with errors. | +| Scheduled Jobs | Displays jobs that will run based on the time set for them. | +| My Pinned Jobs | Displays frequently used jobs. | +| Pinned Job Collections | Displays frequently used job collections. | diff --git a/docs/directorymanager/11.1/welcome/synchronize/dtmscript/_category_.json b/docs/directorymanager/11.1/welcome/synchronize/dtmscript/_category_.json new file mode 100644 index 0000000000..a6617f79b4 --- /dev/null +++ b/docs/directorymanager/11.1/welcome/synchronize/dtmscript/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Script", + "position": 70, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "dtmscript" + } +} \ No newline at end of file diff --git a/docs/directorymanager/11.1/portal/synchronize/script/dtmscript.md b/docs/directorymanager/11.1/welcome/synchronize/dtmscript/dtmscript.md similarity index 95% rename from docs/directorymanager/11.1/portal/synchronize/script/dtmscript.md rename to docs/directorymanager/11.1/welcome/synchronize/dtmscript/dtmscript.md index 3b35527ed7..c5e2c1e928 100644 --- a/docs/directorymanager/11.1/portal/synchronize/script/dtmscript.md +++ b/docs/directorymanager/11.1/welcome/synchronize/dtmscript/dtmscript.md @@ -1,3 +1,9 @@ +--- +title: "Script" +description: "Script" +sidebar_position: 70 +--- + # Script Synchronize scripts are written in Visual Basic .NET. A script is run after having established a @@ -11,12 +17,12 @@ The type of script determines the nature of the script result: ## Examples and Language Overview -- For examples of transform scripts, see the [Sample Transform Scripts](/docs/directorymanager/11.1/portal/synchronize/script/sampletransformscript.md) +- For examples of transform scripts, see the [Sample Transform Scripts](/docs/directorymanager/11.1/welcome/synchronize/dtmscript/sampletransformscript.md) topic -- For examples of container scripts, see the [Sample Container Scripts](/docs/directorymanager/11.1/portal/synchronize/script/samplecontainerscript.md) +- For examples of container scripts, see the [Sample Container Scripts](/docs/directorymanager/11.1/welcome/synchronize/dtmscript/samplecontainerscript.md) topic - For general information, see - [Visual Basic .NET for Directory Manager (formerly GroupID)](/docs/directorymanager/11.1/portal/synchronize/script/visualbasicnetbasic.md) topic + [Visual Basic .NET for Directory Manager (formerly GroupID)](/docs/directorymanager/11.1/welcome/synchronize/dtmscript/visualbasicnetbasic.md) topic - For general information, see Python for GroupID topic ## DTM keywords diff --git a/docs/directorymanager/11.1/portal/synchronize/script/samplecontainerscript.md b/docs/directorymanager/11.1/welcome/synchronize/dtmscript/samplecontainerscript.md similarity index 96% rename from docs/directorymanager/11.1/portal/synchronize/script/samplecontainerscript.md rename to docs/directorymanager/11.1/welcome/synchronize/dtmscript/samplecontainerscript.md index 907c704523..cd55b8b3f7 100644 --- a/docs/directorymanager/11.1/portal/synchronize/script/samplecontainerscript.md +++ b/docs/directorymanager/11.1/welcome/synchronize/dtmscript/samplecontainerscript.md @@ -1,3 +1,9 @@ +--- +title: "Sample Container Scripts" +description: "Sample Container Scripts" +sidebar_position: 10 +--- + # Sample Container Scripts ## Object Routing Case-By-Case diff --git a/docs/directorymanager/11.1/portal/synchronize/script/sampletransformscript.md b/docs/directorymanager/11.1/welcome/synchronize/dtmscript/sampletransformscript.md similarity index 96% rename from docs/directorymanager/11.1/portal/synchronize/script/sampletransformscript.md rename to docs/directorymanager/11.1/welcome/synchronize/dtmscript/sampletransformscript.md index 46649fe0f2..df484eea9a 100644 --- a/docs/directorymanager/11.1/portal/synchronize/script/sampletransformscript.md +++ b/docs/directorymanager/11.1/welcome/synchronize/dtmscript/sampletransformscript.md @@ -1,3 +1,9 @@ +--- +title: "Sample Transform Scripts" +description: "Sample Transform Scripts" +sidebar_position: 20 +--- + # Sample Transform Scripts ## Assembling a Full Name: ``, `` diff --git a/docs/directorymanager/11.1/portal/synchronize/script/visualbasicnetbasic.md b/docs/directorymanager/11.1/welcome/synchronize/dtmscript/visualbasicnetbasic.md similarity index 97% rename from docs/directorymanager/11.1/portal/synchronize/script/visualbasicnetbasic.md rename to docs/directorymanager/11.1/welcome/synchronize/dtmscript/visualbasicnetbasic.md index 95f9ec45d5..6bc89dcf98 100644 --- a/docs/directorymanager/11.1/portal/synchronize/script/visualbasicnetbasic.md +++ b/docs/directorymanager/11.1/welcome/synchronize/dtmscript/visualbasicnetbasic.md @@ -1,3 +1,9 @@ +--- +title: "Visual Basic .NET for Directory Manager (formerly GroupID)" +description: "Visual Basic .NET for Directory Manager (formerly GroupID)" +sidebar_position: 30 +--- + # Visual Basic .NET for Directory Manager (formerly GroupID) This topic discusses some points of information relevant to DTM scripting in Directory Manager. See diff --git a/docs/directorymanager/11.1/welcome/synchronize/manage/_category_.json b/docs/directorymanager/11.1/welcome/synchronize/manage/_category_.json new file mode 100644 index 0000000000..748ad3d8da --- /dev/null +++ b/docs/directorymanager/11.1/welcome/synchronize/manage/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Manage Jobs", + "position": 50, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/directorymanager/11.1/portal/synchronize/manage/job.md b/docs/directorymanager/11.1/welcome/synchronize/manage/job.md similarity index 95% rename from docs/directorymanager/11.1/portal/synchronize/manage/job.md rename to docs/directorymanager/11.1/welcome/synchronize/manage/job.md index c6ed7b5dad..c7bf600195 100644 --- a/docs/directorymanager/11.1/portal/synchronize/manage/job.md +++ b/docs/directorymanager/11.1/welcome/synchronize/manage/job.md @@ -1,3 +1,9 @@ +--- +title: "Manage a Job" +description: "Manage a Job" +sidebar_position: 10 +--- + # Manage a Job After creating a job, you can open a job to edit and change the settings of the job. You can also @@ -37,7 +43,7 @@ All the jobs that match the specified criterion are displayed. ## Open a Job When you open a job to view or change its settings, the **Edit Job** wizard opens, which is -virtually identical to the [Create a Job](/docs/directorymanager/11.1/portal/synchronize/job/create.md) wizard. +virtually identical to the [Create a Job](/docs/directorymanager/11.1/welcome/synchronize/create/create.md) wizard. Step 1 – On Directory Manager portal, select **Synchronize** on left pane. @@ -116,12 +122,12 @@ Step 2 – On Synchronize portal, click **All Jobs**. Step 3 – Click the **three vertical dots** icon of the job and select **Schedule** from the menu. -It will take you to the **Schedule and Job Notifications** page of [Create a Job](/docs/directorymanager/11.1/portal/synchronize/job/create.md). +It will take you to the **Schedule and Job Notifications** page of [Create a Job](/docs/directorymanager/11.1/welcome/synchronize/create/create.md). Update the schedule and click **Finish** to save the changes. ## Pin a Job -To pin a job to the [Dashboard](/docs/directorymanager/11.1/portal/synchronize/dashboard.md) under the pinned job card: +To pin a job to the [Dashboard](/docs/directorymanager/11.1/welcome/synchronize/dashboard.md) under the pinned job card: Step 1 – On Directory Manager portal, select **Synchronize** on left pane. @@ -129,7 +135,7 @@ Step 2 – On Synchronize portal, click **All Jobs**. Step 3 – Click the **three vertical dots** icon of the job and select **Pin Item** from the menu. -Step 4 – The job is displayed on **My Pinned Jobs** card on the [Dashboard](/docs/directorymanager/11.1/portal/synchronize/dashboard.md). +Step 4 – The job is displayed on **My Pinned Jobs** card on the [Dashboard](/docs/directorymanager/11.1/welcome/synchronize/dashboard.md). ## Save as Template diff --git a/docs/directorymanager/11.1/portal/synchronize/manage/jobcollection.md b/docs/directorymanager/11.1/welcome/synchronize/manage/jobcollection.md similarity index 97% rename from docs/directorymanager/11.1/portal/synchronize/manage/jobcollection.md rename to docs/directorymanager/11.1/welcome/synchronize/manage/jobcollection.md index 6992171389..cb7300c98b 100644 --- a/docs/directorymanager/11.1/portal/synchronize/manage/jobcollection.md +++ b/docs/directorymanager/11.1/welcome/synchronize/manage/jobcollection.md @@ -1,3 +1,9 @@ +--- +title: "Manage a Job Collection" +description: "Manage a Job Collection" +sidebar_position: 20 +--- + # Manage a Job Collection You can do the following in a job collection: @@ -170,7 +176,7 @@ reports. ## Pin a Job Collection -Follow the steps to pin a job to the [Dashboard](/docs/directorymanager/11.1/portal/synchronize/dashboard.md) under the pinned job card. +Follow the steps to pin a job to the [Dashboard](/docs/directorymanager/11.1/welcome/synchronize/dashboard.md) under the pinned job card. Step 1 – On Directory Manager portal, select **Synchronize** on left pane. @@ -180,7 +186,7 @@ Step 3 – Click the three vertical dots icon of the job collection and select * menu. Step 4 – The job collection is displayed on My Pinned Job Collections section on the -[Dashboard](/docs/directorymanager/11.1/portal/synchronize/dashboard.md). +[Dashboard](/docs/directorymanager/11.1/welcome/synchronize/dashboard.md). ## Save as Template diff --git a/docs/directorymanager/11.1/portal/synchronize/manage/jobcollectiontemplate.md b/docs/directorymanager/11.1/welcome/synchronize/manage/jobcollectiontemplate.md similarity index 97% rename from docs/directorymanager/11.1/portal/synchronize/manage/jobcollectiontemplate.md rename to docs/directorymanager/11.1/welcome/synchronize/manage/jobcollectiontemplate.md index 5898241699..735c7a4228 100644 --- a/docs/directorymanager/11.1/portal/synchronize/manage/jobcollectiontemplate.md +++ b/docs/directorymanager/11.1/welcome/synchronize/manage/jobcollectiontemplate.md @@ -1,3 +1,9 @@ +--- +title: "Job Collection Template" +description: "Job Collection Template" +sidebar_position: 30 +--- + # Job Collection Template You can create a job collection template either by converting an existing job collection into a job @@ -92,7 +98,7 @@ OR Double-click the job collection template you want to use for the new job collection. -Step 4 – This will launch [Create a Job Collection ](/docs/directorymanager/11.1/portal/synchronize/collection/create.md) wizard starting from +Step 4 – This will launch [Create a Job Collection ](/docs/directorymanager/11.1/welcome/synchronize/create/create_1.md) wizard starting from the Job Collection(s) page. Proceed to map the settings stored in the template on to the new job collection. diff --git a/docs/directorymanager/11.1/portal/synchronize/manage/jobtemplate.md b/docs/directorymanager/11.1/welcome/synchronize/manage/jobtemplate.md similarity index 95% rename from docs/directorymanager/11.1/portal/synchronize/manage/jobtemplate.md rename to docs/directorymanager/11.1/welcome/synchronize/manage/jobtemplate.md index 56019f2cc2..27489a9924 100644 --- a/docs/directorymanager/11.1/portal/synchronize/manage/jobtemplate.md +++ b/docs/directorymanager/11.1/welcome/synchronize/manage/jobtemplate.md @@ -1,3 +1,9 @@ +--- +title: "Job Templates" +description: "Job Templates" +sidebar_position: 40 +--- + # Job Templates Synchronize comes with a set of pre-defined job templates that represent some of the most common @@ -82,7 +88,7 @@ OR Click the job template you want to use for the new job. -This will launch [Create a Job](/docs/directorymanager/11.1/portal/synchronize/job/create.md) wizard. Proceed to map the settings stored in the +This will launch [Create a Job](/docs/directorymanager/11.1/welcome/synchronize/create/create.md) wizard. Proceed to map the settings stored in the template on to the new job. ## Rename a Job Template diff --git a/docs/directorymanager/11.1/welcome/synchronize/manage/overview.md b/docs/directorymanager/11.1/welcome/synchronize/manage/overview.md new file mode 100644 index 0000000000..c607793659 --- /dev/null +++ b/docs/directorymanager/11.1/welcome/synchronize/manage/overview.md @@ -0,0 +1,10 @@ +--- +title: "Manage Jobs" +description: "Manage Jobs" +sidebar_position: 50 +--- + +# Manage Jobs + +Synchronize allows its users to create, manage, and schedule jobs and job collections. Synchronize +simplifies this process by providing an efficient system to manage jobs and job collections. diff --git a/docs/directorymanager/11.1/welcome/synchronize/manage/schedule.md b/docs/directorymanager/11.1/welcome/synchronize/manage/schedule.md new file mode 100644 index 0000000000..cd326afe48 --- /dev/null +++ b/docs/directorymanager/11.1/welcome/synchronize/manage/schedule.md @@ -0,0 +1,14 @@ +--- +title: "Schedule a Job / Job Collection" +description: "Schedule a Job / Job Collection" +sidebar_position: 50 +--- + +# Schedule a Job / Job Collection + +The Directory Manager scheduling function enables you to set any Synchronize job or job collection +to run automatically. Create a Synchronize schedule and add Synchronize jobs and job collections as +targets. When the schedule runs, the target jobs and job collections are executed. + +To create a Synchronize schedule, see the +[Synchronize Schedule](/docs/directorymanager/11.1/signin/schedule/synchronize.md) topic. diff --git a/docs/directorymanager/11.1/welcome/synchronize/overview.md b/docs/directorymanager/11.1/welcome/synchronize/overview.md new file mode 100644 index 0000000000..3073382e90 --- /dev/null +++ b/docs/directorymanager/11.1/welcome/synchronize/overview.md @@ -0,0 +1,71 @@ +--- +title: "Synchronize" +description: "Synchronize" +sidebar_position: 90 +--- + +# Synchronize + +Directory Manager Synchronize is a web-based application that can be accessed using the Directory +Manager portal. The application is a bi-directional synchronization engine for transferring data +from one data source to another. The data sources may include directory servers, databases or files. +Utilizing a very intuitive GUI, you can create Synchronize jobs to provision, de-provision or +synchronize multiple data sources. + +The Synchronize portal is also capable of applying transformations to the data being transferred. +This allows you to convert data after retrieving it from the source and before it gets saved at the +destination. + +## Prerequisites for Synchronize + +Using Directory Manager, you can create identity stores for several identity providers (such as +Active Directory and Microsoft Entra ID) as well as create data sources for providers such as files +and databases. Directory Manager Synchronize uses user-defined identity stores (as source and +destination) built on databases, files and other applications such as Oracle, SQL and so on. To view +the list of supported Synchronize providers, see the [Synchronize Providers](/docs/directorymanager/11.1/welcome/synchronize/provider.md) topic. + +The following must be defined before you can use Synchronize: + +- Identity Store – Identity stores must be created in Admin Center for sources and destinations + providers. For working with Synchronize, create a Synchronize based identity store for creating + jobs and job collections. + + Synchronize data for AD and Microsoft Entra ID is directly saved to Elasticsearch and + Replication is not required. + +- Data Sources – You need to add the data sources in Admin Center like Microsoft Excel, Text, + Oracle, etc for creating job and job collections. +- Permissions – For performing Synchronize operations, the logged-in user must have Synchronize + specific permissions. These permissions enable the user to create, edit and run jobs or job + collections as per the defined Synchronize policy. +- Policies – Using the Synchronize policy, you can allow or disallow a provider to be used as a + source or destination. You can choose the object types that can be created or synced at the + destination using a Synchronize job. For each object type in an identity store and data source, + specify the attributes that will be available for mapping the source and destination fields in a + Synchronize job. +- History – Synchronize can maintain a complete track of actions performed in a directory through a + Synchronize job, provided that an identity store for the destination provider has been defined in + Directory Manager Admin Center and history tracking is enabled for that identity store. The + actions to be tracked for Synchronize are also specified in history settings of that identity + store. +- Workflows – Workflow requests can be enabled to run job or job collections. A workflow needs to be + created in the Admin Center and an approver must be assigned for that workflow. Each time if a + user runs a synchronize job, the job runs only when the approver approves the request. If they + deny, the job will not run. +- Notifications – An SMTP server must be configured for the destination's identity store. Using that + SMTP server email notification can be sent to designated recipients for different actions + performed while executing a Synchronize job. +- Messaging Provider – A messaging provider must be configured for the destination's identity store + so that mail-enabled objects can be created through Synchronize job in the destination. + +## Dashboard + +Synchronize dashboard displays performance widgets and cards displaying the data about your jobs and +job collections. On the navigation pane on the left side, you will see the following tabs: + +- Create New ([Create a Job](/docs/directorymanager/11.1/welcome/synchronize/create/create.md) and [Create a Job Collection ](/docs/directorymanager/11.1/welcome/synchronize/create/create_1.md)) +- [Dashboard](/docs/directorymanager/11.1/welcome/synchronize/dashboard.md) +- [Manage a Job](/docs/directorymanager/11.1/welcome/synchronize/manage/job.md) +- [Manage a Job Collection ](/docs/directorymanager/11.1/welcome/synchronize/manage/jobcollection.md) +- [Job Templates](/docs/directorymanager/11.1/welcome/synchronize/manage/jobtemplate.md) +- [Job Collection Template](/docs/directorymanager/11.1/welcome/synchronize/manage/jobcollectiontemplate.md) diff --git a/docs/directorymanager/11.1/portal/synchronize/provider.md b/docs/directorymanager/11.1/welcome/synchronize/provider.md similarity index 93% rename from docs/directorymanager/11.1/portal/synchronize/provider.md rename to docs/directorymanager/11.1/welcome/synchronize/provider.md index 2a23357c5a..28925ab069 100644 --- a/docs/directorymanager/11.1/portal/synchronize/provider.md +++ b/docs/directorymanager/11.1/welcome/synchronize/provider.md @@ -1,3 +1,9 @@ +--- +title: "Synchronize Providers" +description: "Synchronize Providers" +sidebar_position: 20 +--- + # Synchronize Providers You can create identity stores for several identity providers (such as Active Directory and @@ -45,7 +51,7 @@ source and destination. Use Google Workspace to connect to Google Workspace plans. You can use it as a source and destination provider. -See the [Identity Stores](/docs/directorymanager/11.1/admincenter/identitystore/overview.md) topic for additional +See the [Identity Stores](/docs/directorymanager/11.1/signin/identitystore/overview.md) topic for additional information on identity stores. ## Data Sources @@ -115,5 +121,5 @@ External data sources must be created first in Data Sources tab in Admin Center. files or tab-separated value (TSV) text files. This provider supports automatic schema detection if a header row is included in the file. -See the [ Data Sources](/docs/directorymanager/11.1/admincenter/datasource/overview.md) topic for additional information +See the [ Data Sources](/docs/directorymanager/11.1/signin/datasource/overview.md) topic for additional information on Data Sources. diff --git a/docs/directorymanager/11.1/welcome/synchronize/transformation/_category_.json b/docs/directorymanager/11.1/welcome/synchronize/transformation/_category_.json new file mode 100644 index 0000000000..2140c7ae95 --- /dev/null +++ b/docs/directorymanager/11.1/welcome/synchronize/transformation/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Transform", + "position": 60, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/directorymanager/11.1/portal/synchronize/transformation/autogenerateuniquepassword.md b/docs/directorymanager/11.1/welcome/synchronize/transformation/autogenerateuniquepassword.md similarity index 98% rename from docs/directorymanager/11.1/portal/synchronize/transformation/autogenerateuniquepassword.md rename to docs/directorymanager/11.1/welcome/synchronize/transformation/autogenerateuniquepassword.md index 4ebb61abb8..1c8fc87aba 100644 --- a/docs/directorymanager/11.1/portal/synchronize/transformation/autogenerateuniquepassword.md +++ b/docs/directorymanager/11.1/welcome/synchronize/transformation/autogenerateuniquepassword.md @@ -1,3 +1,9 @@ +--- +title: "Auto-Generate Unique, Complex Passwords" +description: "Auto-Generate Unique, Complex Passwords" +sidebar_position: 10 +--- + # Auto-Generate Unique, Complex Passwords In Directory Manager portal, you can auto-generate passwords based on password complexity rules diff --git a/docs/directorymanager/11.1/welcome/synchronize/transformation/overview.md b/docs/directorymanager/11.1/welcome/synchronize/transformation/overview.md new file mode 100644 index 0000000000..6252b27c32 --- /dev/null +++ b/docs/directorymanager/11.1/welcome/synchronize/transformation/overview.md @@ -0,0 +1,146 @@ +--- +title: "Transform" +description: "Transform" +sidebar_position: 60 +--- + +# Transform + +During the creation of synchronize jobs, you can apply transformation scripts to manipulate source +data before saving it to the destination. + +You can use transformations to perform these actions and more: + +- Combining the values of two source fields into one destination field. +- Extracting a set of characters from field values. +- Assigning a string constant to a field regardless of source restrictions. + +Synchronize includes a set of commonly used transformations, or you can write your own +transformation scripts using the Visual Basic .NET or Python editor. + +Synchronize provides these transformations: + +- Static +- Resolve +- Join +- Left +- Substring +- Script + +## Static + +During synchronization, the static transformation copies specified text to the destination field and +ignores the value in the source field mapped to it. + +- Type the text in the **Static text** box. This text is copied for the field at the destination. + + You can also specify Windows environment variables as static text. While transferring the data + during a job run, the job obtains the current value of the variable and saves it to the + destination field. + + Examples: + + - If static text is set to **%COMPUTERNAME%**, running the Job will save the host computer's + name in the target field. + - If static text is set to variables **%NOW%** and **%Computer%** as follows: + + _Updated by GroupID %NOW% from %COMPUTERNAME%._ + + Running the job will return the current date and the name of the host machine. The results + will look like as: + + _Updated by GroupID 1/12/2003 10:04 AM from EX01-DTM_ + + Environment variables may vary for different Windows releases and editions. Before using + environment variables, determine that they are supported by the Windows installed on your + host machine + +- [Auto-Generate Unique, Complex Passwords](/docs/directorymanager/11.1/welcome/synchronize/transformation/autogenerateuniquepassword.md) based on complexity rules + + You can assign a single password to all synced objects or generate individual passwords for each + object. + +## Resolve + +The Resolve transformation attempts to locate a recipient at the destination that matches the +selected filter and returns the distinguished name. It is useful for setting the manager or owner +fields. + +destination: The target location to which to copy data. Destinations must be Exchange 5.5, Active +Directory, SQL Server, or Excel. + +NOTE: This transformation can adversely affect performance, as it adds an additional query to each +record. It applies to Active Directory and Exchange only. + +## Join + +The Join transformation combines values from two source fields into a single destination field. + +For instance, you can use a Join transformation to create a Display Name field at the destination +from the source’s **FirstName** and **LastName** fields. The values for the two source fields are +saved as a single value in the destination. + +The following table list the three parameters the Join transformation requires: + +| Parameter | Description | +| ------------ | --------------------------------------------------------------------------------------------------------------------------------------- | +| First field | Select the first source field. | +| Separator | Specify the character to use as separator between the values of the two fields. You can specify more than one characters as separators. | +| Second field | Select the second source field. | + +## Left + +Use the Left transformation to return a specific number of characters from the left side of a source +value. You can use a Left transformation to pull characters from a value to create an abbreviation +or an alias. + +For example, your requirement is to set the first three characters of a user's logon name as their +initials. You can easily achieve this by applying the settings shown in the following figure. + +The following table lists the two parameters the Left transformation requires: + +| Parameter | Description | +| -------------------- | ----------------------------------------------------------------------- | +| Source field | Select the source field from which to get the value. | +| Number of characters | Specify here the number of character to extract starting from the left. | + +## Substring + +The Substring transformation returns a set of characters from the source value. The set of +characters to extract from the source value is determined form the **Start at** and **Length** +parameters passed to the transformation. + +Substring transformation is useful in cases where the set of characters to extract are from within a +value that has a fixed number of characters or digits. The use of this transformation can become +tricky if the number of characters or digits in values of the source field may vary. + +The following table lists the parameters the Substring transformation requires: + +| Parameter | Description | +| ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------- | +| Source field | Select the source field from which to get the value. | +| Start at | Specify the index number of the character to set as the starting point. The character at this position will not be included in the result itself. | +| Length | This represents the count of characters to extract from the starting point. | + +**Example:** + +Telephone numbers are usually written with country and city codes. You may have a destination field +where you may only require the country code to be copied excluding the city code and the number +itself. + +Consider the number, +92-42-5787711. Where: + +| Country Code | City Code | Telephone | +| ------------ | --------- | --------- | +| 92 | 42 | 5787711 | + +To extract the country code, you would set the parameters for this transformation. When executed, +this would extract 92 from the number and save it to the destination field. + +## Script + +Unlike the built-in transforms described above, the Script transformation is a template for writing +custom scripts. Use the **Script** template by selecting a built-in transform that provides most of +the functionality you need, select parameters, if any, and then switch the transform type to +**Script** to view the resulting script. You can then modify the script to add the functionality you +need. diff --git a/docs/directorymanager/11.1/welcome/user/_category_.json b/docs/directorymanager/11.1/welcome/user/_category_.json new file mode 100644 index 0000000000..1e3f2c03a1 --- /dev/null +++ b/docs/directorymanager/11.1/welcome/user/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "User Management", + "position": 50, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/directorymanager/11.1/welcome/user/create/_category_.json b/docs/directorymanager/11.1/welcome/user/create/_category_.json new file mode 100644 index 0000000000..21f9a9f962 --- /dev/null +++ b/docs/directorymanager/11.1/welcome/user/create/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Create User Objects", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/directorymanager/11.1/welcome/user/create/activedirectory/_category_.json b/docs/directorymanager/11.1/welcome/user/create/activedirectory/_category_.json new file mode 100644 index 0000000000..9d58eab829 --- /dev/null +++ b/docs/directorymanager/11.1/welcome/user/create/activedirectory/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Create Active Directory User Objects", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/directorymanager/11.1/welcome/user/create/activedirectory/account.md b/docs/directorymanager/11.1/welcome/user/create/activedirectory/account.md new file mode 100644 index 0000000000..ca6ba91771 --- /dev/null +++ b/docs/directorymanager/11.1/welcome/user/create/activedirectory/account.md @@ -0,0 +1,36 @@ +--- +title: "Account page" +description: "Account page" +sidebar_position: 40 +--- + +# Account page + +(of Create User and Create Mailbox wizards) + +Use this page to specify basic account info, such as the user's first name, last name, login ID and +the UPN suffix. + +Step 1 – Click **Browse** next to the Container box to select a container to create the user in. + +This field would be read-only if the administrator has predefined a container for creating new +users. + +Step 2 – Enter the user's First Name, Initials, and Last Name in the respective boxes. + +Step 3 – The wizard uses the provided information to populate the Full Name, Display Name, User +logon name, and User logon name (pre-windows 2000) boxes. You can modify this information, if +required. + +- The pre-Windows 2000 user logon name cannot exceed 24 characters. This name is used for logging on + to computers running Windows 95, Windows 98, or Windows NT. + +- The logon name is the user ID the user will use to log into the identity store. + +Step 4 – The UPN Suffix box displays the UPN suffix for the user account. This is the name of the +domain the connected identity store is running on. An example of a UPN suffix can be 'mydomain.com'. + +When a domain user account is created, the complete domain account comprises of a user logon name +followed by '@' and then the domain name. + +Step 5 – Click **Next**. diff --git a/docs/directorymanager/11.1/welcome/user/create/activedirectory/contact.md b/docs/directorymanager/11.1/welcome/user/create/activedirectory/contact.md new file mode 100644 index 0000000000..5e5a6784d5 --- /dev/null +++ b/docs/directorymanager/11.1/welcome/user/create/activedirectory/contact.md @@ -0,0 +1,44 @@ +--- +title: "Create an AD Contact" +description: "Create an AD Contact" +sidebar_position: 20 +--- + +# Create an AD Contact + +The Directory Manager portal enables you to create the contact object in the directory. + +NOTE: The contact object type is not supported in a Microsoft Entra ID based identity store. + +NOTE: Pages and fields on the Create Contact wizard may vary from those discussed here, since the +administrator can customize the wizard by adding or removing pages and fields. + +## Create a contact + +Follow the steps to create a contact in an Active Directory identity store. + +Step 1 – In the Directory Manager portal, click the **Create New** button in the left pane and +select **Contact**. + +Step 2 – The Create Contact wizard opens to the Account page. + +Step 3 – On the Account page: + +1. Click **Browse** next to Container to select a container to create the contact in. + + This field would be read-only if the administrator has pre-defined a container for creating new + contacts. + +2. Enter the contact's First Name, Initials, and Last Name in the respective boxes. + + The wizard uses this information to populate the Full Name and Display Name boxes. + +3. Click **Next**. + +Step 4 – Use the Exchange page to mail-enable the contact. + +Step 5 – On the Summary page, review the settings and then click Finish to complete the wizard. + +NOTE: If the Directory Manager administrator has specified the contact creation action for review, +your changes will not take effect until verified by an approver. See the +[Requests](/docs/directorymanager/11.1/welcome/request/overview.md) topic for additional information. diff --git a/docs/directorymanager/11.1/welcome/user/create/activedirectory/exchange.md b/docs/directorymanager/11.1/welcome/user/create/activedirectory/exchange.md new file mode 100644 index 0000000000..f1333078b6 --- /dev/null +++ b/docs/directorymanager/11.1/welcome/user/create/activedirectory/exchange.md @@ -0,0 +1,23 @@ +--- +title: "Exchange page" +description: "Exchange page" +sidebar_position: 80 +--- + +# Exchange page + +(of Create Mailbox wizard) + +Follow the steps to provide alias and subscriptions for a mailbox. + +Step 1 – In the Alias box, type an alias for the mailbox. + +Step 2 – In the Mailbox Store list, select a mailbox store to create the user's mailbox in. + +Step 3 – The Subscription List provides the subscriptions offered by Office 365 to a mailbox user. +Select the check boxes for the subscriptions you want to assign to this mailbox. + +The subscription list is displayed when Office 365 is configured as the messaging provider for the +identity store. + +Step 4 – Click **Next**. diff --git a/docs/directorymanager/11.1/welcome/user/create/activedirectory/mailbox.md b/docs/directorymanager/11.1/welcome/user/create/activedirectory/mailbox.md new file mode 100644 index 0000000000..c8dd707336 --- /dev/null +++ b/docs/directorymanager/11.1/welcome/user/create/activedirectory/mailbox.md @@ -0,0 +1,37 @@ +--- +title: "Create an AD Mailbox" +description: "Create an AD Mailbox" +sidebar_position: 30 +--- + +# Create an AD Mailbox + +You can create a mailbox using Directory Manager portal when a messaging provider has been +configured for the identity store. + +A mailbox is a user with a mailbox, such as an Exchange mailbox. + +NOTE: Pages and fields on the Create Mailbox wizard may vary from those discussed here, since the +administrator can customize the wizard by adding or removing pages and fields. + +## Create a mailbox in Active Directory + +Step 1 – In the Directory Manager portal, click the **Create New** button in the left pane and +select **Mailbox**. + +The Create Mailbox wizard opens to the Account page. + +Step 2 – On the [Account page](/docs/directorymanager/11.1/welcome/user/create/activedirectory/account.md), specify basic account info, such as the object's +first name, last name, login ID and the UPN suffix. + +Step 3 – On the [Password page](/docs/directorymanager/11.1/welcome/user/create/activedirectory/password.md), provide a password for the mailbox account and set +other password-specific options. + +Step 4 – On the [Exchange page](/docs/directorymanager/11.1/welcome/user/create/activedirectory/exchange.md), set the alias and Office 365 subscriptions. + +Step 5 – On the [Summary Page](/docs/directorymanager/11.1/welcome/user/create/activedirectory/summary.md), review the settings and then click **Finish** to +complete the wizard. + +NOTE: If the Directory Manager administrator has specified the mailbox creation action for review, +your changes will not take effect until verified by an approver. See the +[Requests](/docs/directorymanager/11.1/welcome/request/overview.md) topic for additional information. diff --git a/docs/directorymanager/11.1/portal/user/create/activedirectory/messaging.md b/docs/directorymanager/11.1/welcome/user/create/activedirectory/messaging.md similarity index 90% rename from docs/directorymanager/11.1/portal/user/create/activedirectory/messaging.md rename to docs/directorymanager/11.1/welcome/user/create/activedirectory/messaging.md index 3bae6a9010..d6a50e1a1d 100644 --- a/docs/directorymanager/11.1/portal/user/create/activedirectory/messaging.md +++ b/docs/directorymanager/11.1/welcome/user/create/activedirectory/messaging.md @@ -1,3 +1,9 @@ +--- +title: "Exchange page" +description: "Exchange page" +sidebar_position: 60 +--- + # Exchange page (of Create User and Create Mailbox wizards) diff --git a/docs/directorymanager/11.1/welcome/user/create/activedirectory/overview.md b/docs/directorymanager/11.1/welcome/user/create/activedirectory/overview.md new file mode 100644 index 0000000000..ea0fec00a0 --- /dev/null +++ b/docs/directorymanager/11.1/welcome/user/create/activedirectory/overview.md @@ -0,0 +1,13 @@ +--- +title: "Create Active Directory User Objects" +description: "Create Active Directory User Objects" +sidebar_position: 10 +--- + +# Create Active Directory User Objects + +In an Active Directory identity stores, you can create the following types of users: + +- User – See the [Create an AD User](/docs/directorymanager/11.1/welcome/user/create/activedirectory/user.md) topic for additional information. +- Mailbox – See the [Create an AD Mailbox](/docs/directorymanager/11.1/welcome/user/create/activedirectory/mailbox.md) topic for additional information. +- Contact – See the [Create an AD Contact](/docs/directorymanager/11.1/welcome/user/create/activedirectory/contact.md) topic for additional information. diff --git a/docs/directorymanager/11.1/welcome/user/create/activedirectory/password.md b/docs/directorymanager/11.1/welcome/user/create/activedirectory/password.md new file mode 100644 index 0000000000..db2913b2c8 --- /dev/null +++ b/docs/directorymanager/11.1/welcome/user/create/activedirectory/password.md @@ -0,0 +1,20 @@ +--- +title: "Password page" +description: "Password page" +sidebar_position: 50 +--- + +# Password page + +Provide a password for the user account and set other password-specific options. + +Step 1 – Type a password for the user account in the **Password** and **Confirm password** boxes. + +Step 2 – Select the following check boxes to set the security options for the user account: + +- User must change password at next logon – To force the user to change the password the next time + they log into their workstations with the account. +- Password never expires – To prevent the account password from expiring. +- Account is disabled – To disable the account, so that the user cannot log-on with it. + +Step 3 – Click **Next**. diff --git a/docs/directorymanager/11.1/portal/user/create/activedirectory/summary.md b/docs/directorymanager/11.1/welcome/user/create/activedirectory/summary.md similarity index 77% rename from docs/directorymanager/11.1/portal/user/create/activedirectory/summary.md rename to docs/directorymanager/11.1/welcome/user/create/activedirectory/summary.md index ba54b1a7f4..1c5c06ea6f 100644 --- a/docs/directorymanager/11.1/portal/user/create/activedirectory/summary.md +++ b/docs/directorymanager/11.1/welcome/user/create/activedirectory/summary.md @@ -1,3 +1,9 @@ +--- +title: "Summary Page" +description: "Summary Page" +sidebar_position: 70 +--- + # Summary Page The Summary page summarizes the selections you made on the previous pages. Review the settings diff --git a/docs/directorymanager/11.1/welcome/user/create/activedirectory/user.md b/docs/directorymanager/11.1/welcome/user/create/activedirectory/user.md new file mode 100644 index 0000000000..4ba33b5a93 --- /dev/null +++ b/docs/directorymanager/11.1/welcome/user/create/activedirectory/user.md @@ -0,0 +1,62 @@ +--- +title: "Create an AD User" +description: "Create an AD User" +sidebar_position: 10 +--- + +# Create an AD User + +In Directory Manager portal, you can create mail-enabled and non mail-enabled users. + +NOTE: In a Microsoft Entra ID based identity store, users can only be created as non mail-enabled. +Create a mailbox as an alternative to a mail-enabled user. + +NOTE: Pages and fields on the Create User wizard may vary from those discussed here, since the +administrator can customize the wizard by adding or removing pages and fields. + +## Create a mail-enabled user in Active Directory + +Step 1 – In the Directory Manager portal, click the **Create New** button in the left pane and +select **User**. + +The Create User wizard opens to the Account page. + +Step 2 – On the [Account page](/docs/directorymanager/11.1/welcome/user/create/activedirectory/account.md), specify basic account info, such as the user's first +name, last name, login ID and the UPN suffix. + +Step 3 – On the [Password page](/docs/directorymanager/11.1/welcome/user/create/activedirectory/password.md), provide a password for the user account and set other +password-specific options. + +Step 4 – Use the [Exchange page](/docs/directorymanager/11.1/welcome/user/create/activedirectory/messaging.md), to create the user as mail-enabled. + +Step 5 – On the [Summary Page](/docs/directorymanager/11.1/welcome/user/create/activedirectory/summary.md), review the settings and then click Finish to complete +the wizard. + +NOTE: If the Directory Manager administrator has specified the user creation action for review, your +changes will not take effect until verified by an approver. See the +[Requests](/docs/directorymanager/11.1/welcome/request/overview.md) topic for additional information. + +## Create a non mail-enabled user in Active Directory + +Step 1 – In the Directory Manager portal, click the **Create New** button in the left pane and +select **User**. + +The Create User wizard opens to the Account page. + +Step 2 – On the [Account page](/docs/directorymanager/11.1/welcome/user/create/activedirectory/account.md), specify basic account info, such as the user's first +name, last name, login ID and the UPN suffix. + +Step 3 – On the [Password page](/docs/directorymanager/11.1/welcome/user/create/activedirectory/password.md), provide a password for the user account and set other +password-specific options. + +Step 4 – On the [Exchange page](/docs/directorymanager/11.1/welcome/user/create/activedirectory/messaging.md), clear the **Mail-Enabled** check box to create the +user as non mail-enabled. This disables the remaining fields on the page. + +A non mail-enabled user does not have an email address. + +Step 5 – On the [Summary Page](/docs/directorymanager/11.1/welcome/user/create/activedirectory/summary.md), review the settings and then click Finish to complete +the wizard. + +NOTE: If the Directory Manager administrator has specified the user creation action for review, your +changes will not take effect until verified by an approver. See the +[Requests](/docs/directorymanager/11.1/welcome/request/overview.md) topic for additional information. diff --git a/docs/directorymanager/11.1/welcome/user/create/azure/_category_.json b/docs/directorymanager/11.1/welcome/user/create/azure/_category_.json new file mode 100644 index 0000000000..8dc6b7ad67 --- /dev/null +++ b/docs/directorymanager/11.1/welcome/user/create/azure/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Create Microsoft Entra ID User Objects", + "position": 20, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/directorymanager/11.1/welcome/user/create/azure/account.md b/docs/directorymanager/11.1/welcome/user/create/azure/account.md new file mode 100644 index 0000000000..3ba0412301 --- /dev/null +++ b/docs/directorymanager/11.1/welcome/user/create/azure/account.md @@ -0,0 +1,29 @@ +--- +title: "Account page" +description: "Account page" +sidebar_position: 30 +--- + +# Account page + +(of Microsoft Entra ID User and Mailbox wizards) + +Use this page to specify basic account info, such as the user's first name, last name, login ID and +the UPN suffix. + +Step 1 – Click **Browse** next to the Container box to select a container to create the user in. + +Step 2 – Enter the user's first name and last name in the respective boxes. + +Step 3 – The wizard uses the provided information to populate the Display Name and User logon name +boxes. You can modify this information, if required. + +The logon name is the user ID the user will use to log into the identity store. + +Step 4 – The UPN Suffix box displays the UPN suffix for the user account. This is the name of the +domain the identity store is running on. An example of a UPN suffix can be 'mydomain.com'. + +When a domain user account is created, the complete domain account comprises of a user logon name +followed by '@' and then the domain name. + +Step 5 – Click **Next**. diff --git a/docs/directorymanager/11.1/welcome/user/create/azure/directoryrole.md b/docs/directorymanager/11.1/welcome/user/create/azure/directoryrole.md new file mode 100644 index 0000000000..1e47da8271 --- /dev/null +++ b/docs/directorymanager/11.1/welcome/user/create/azure/directoryrole.md @@ -0,0 +1,19 @@ +--- +title: "Directory Roles page" +description: "Directory Roles page" +sidebar_position: 50 +--- + +# Directory Roles page + +Use this page to assign a role and role privileges to the user on the Microsoft Entra Admin Center +portal. + +Step 1 – The **Directory Roles** drop-down list displays the roles that can be assigned to users on +the Microsoft Entra Admin Center portal. These are: Global Administrator, Limited Administrator, and +User. + +Click the down arrow next to a role and select the check boxes for the privileges within that role +for assignment. + +Step 2 – Click **Next**. diff --git a/docs/directorymanager/11.1/welcome/user/create/azure/exchange.md b/docs/directorymanager/11.1/welcome/user/create/azure/exchange.md new file mode 100644 index 0000000000..ad5a1990b5 --- /dev/null +++ b/docs/directorymanager/11.1/welcome/user/create/azure/exchange.md @@ -0,0 +1,34 @@ +--- +title: "Exchange page (Create Mailbox wizard)" +description: "Exchange page (Create Mailbox wizard)" +sidebar_position: 60 +--- + +# Exchange page (Create Mailbox wizard) + +Follow the steps to set alias and Office 365 subscriptions for a Microsoft Entra ID mailbox + +Step 1 – In the **Alias** box, type an alias for the mailbox. + +Step 2 – From the **Usage Location** list, select a geographical location for the mailbox. + +The usage location determines what Office 365 licenses and associated features can be assigned to a +mailbox based on geographic availability and laws. This attribute is mandatory when you assign +subscriptions and licenses to Office 365 mailboxes. + +Step 3 – In the **Mailbox Store** list, select a mailbox store to create the user's mailbox on. + +Step 4 – The **Directory Roles** drop-down list displays the roles that can be assigned to mailboxes +on the Microsoft Entra Admin Center portal. These are: Global Administrator, Limited Administrator, +and User. + +Click the down arrow next to a role and select the check boxes for the privileges within that role +for assignment. + +Step 5 – The **Subscription List** provides the subscriptions offered by Office 365 to a mailbox +user. Select the check boxes for the subscriptions you want to assign to this mailbox. + +The subscription list is displayed when Office 365 is configured as the messaging provider for the +identity store. + +Step 6 – Click **Next**. diff --git a/docs/directorymanager/11.1/welcome/user/create/azure/mailbox.md b/docs/directorymanager/11.1/welcome/user/create/azure/mailbox.md new file mode 100644 index 0000000000..cb3bf0ba98 --- /dev/null +++ b/docs/directorymanager/11.1/welcome/user/create/azure/mailbox.md @@ -0,0 +1,37 @@ +--- +title: "Create a Microsoft Entra ID Mailbox" +description: "Create a Microsoft Entra ID Mailbox" +sidebar_position: 20 +--- + +# Create a Microsoft Entra ID Mailbox + +You can create a mailbox using Directory Manager portal when a messaging provider has been +configured for the identity store. + +A mailbox is a user with a mailbox, such as an Exchange mailbox. + +NOTE: Pages and fields on the Create Mailbox wizard may vary from those discussed here, since the +administrator can customize the wizard by adding or removing pages and fields. + +## Create a mailbox in an Microsoft Entra ID + +Follow the steps to create a mailbox object in an Microsoft Entra ID identity store. + +Step 1 – In the Directory Manager portal, click the **Create New** button and select **Mailbox**. + +The Create Mailbox wizard opens to the Account page. + +Step 2 – On the Account page, specify basic account info, such as the object's first name, last +name, login ID and the UPN suffix. + +Step 3 – On the Password page, provide a password for the mailbox account and set other +password-specific options. + +Step 4 – On the Exchange page, set the alias and Office 365 subscriptions for the mailbox. + +Step 5 – On the Summary page, review the settings and then click **Finish** to complete the wizard. + +NOTE: If the Directory Manager administrator has specified the mailbox creation action for review, +your changes will not take effect until verified by an approver. See the +[Requests](/docs/directorymanager/11.1/welcome/request/overview.md) topic for additional information. diff --git a/docs/directorymanager/11.1/welcome/user/create/azure/overview.md b/docs/directorymanager/11.1/welcome/user/create/azure/overview.md new file mode 100644 index 0000000000..54f558773d --- /dev/null +++ b/docs/directorymanager/11.1/welcome/user/create/azure/overview.md @@ -0,0 +1,14 @@ +--- +title: "Create Microsoft Entra ID User Objects" +description: "Create Microsoft Entra ID User Objects" +sidebar_position: 20 +--- + +# Create Microsoft Entra ID User Objects + +In a Microsoft Entra ID identity stores, you can create the following types of users: + +- User – See the [Create a Microsoft Entra ID User](/docs/directorymanager/11.1/welcome/user/create/azure/user.md) topic for additional information on how + to create a user in an Microsoft Entra ID identity store. +- Mailbox – See the [Create a Microsoft Entra ID Mailbox](/docs/directorymanager/11.1/welcome/user/create/azure/mailbox.md) topic for additional + information on how to create a mailbox in an Microsoft Entra ID identity store. diff --git a/docs/directorymanager/11.1/welcome/user/create/azure/password.md b/docs/directorymanager/11.1/welcome/user/create/azure/password.md new file mode 100644 index 0000000000..20f9fd3ee9 --- /dev/null +++ b/docs/directorymanager/11.1/welcome/user/create/azure/password.md @@ -0,0 +1,24 @@ +--- +title: "Password page" +description: "Password page" +sidebar_position: 40 +--- + +# Password page + +(of Microsoft Entra ID User and Mailbox wizards) + +Provide a password for the user account and set other password-specific options. + +Step 1 – Type a password for the user account in the **Password** and **Confirm password** boxes. + +Step 2 – Select the check boxes to set the security options for the user account: + +- User must change password at next logon – To force the user to change the password the next time + they log into their workstations with the account. +- Account is enabled – This check box is selected by default, indicating that the user account is + enabled. + + Clear it to disable the account, so that the user would not be able to log-on with it. + +Step 3 – Click **Next**. diff --git a/docs/directorymanager/11.1/welcome/user/create/azure/user.md b/docs/directorymanager/11.1/welcome/user/create/azure/user.md new file mode 100644 index 0000000000..c4595e3df5 --- /dev/null +++ b/docs/directorymanager/11.1/welcome/user/create/azure/user.md @@ -0,0 +1,38 @@ +--- +title: "Create a Microsoft Entra ID User" +description: "Create a Microsoft Entra ID User" +sidebar_position: 10 +--- + +# Create a Microsoft Entra ID User + +In Directory Manager portal, you can create mail-enabled and non mail-enabled users. + +NOTE: In a Microsoft Entra ID based identity store, users can only be created as non mail-enabled. +Create a mailbox as an alternative to a mail-enabled user. + +NOTE: Pages and fields on the Create User wizard may vary from those discussed here, since the +administrator can customize the wizard by adding or removing pages and fields. + +## Create a user in Microsoft Entra ID + +Step 1 – In the Directory Manager portal, click the **Create New** button in the left pane and +select **User**. + +The Create User wizard opens to the Account page. + +Step 2 – On the Account page, specify basic account info, such as the user's first name, last name, +login ID and the UPN suffix. See the [Account page ](/docs/directorymanager/11.1/welcome/user/create/azure/account.md)topic for additional information. + +Step 3 – On the Password page, provide a password for the user account and set other +password-specific options. See the [Password page ](/docs/directorymanager/11.1/welcome/user/create/azure/password.md)topic for additional information. + +Step 4 – Use the Directory Roles page to assign a role and role privileges to the user on the +Microsoft Entra Admin Center portal. See the [Directory Roles page](/docs/directorymanager/11.1/welcome/user/create/azure/directoryrole.md) for additional +information. + +Step 5 – On the Summary page, review the settings and then click **Finish** to complete the wizard. + +NOTE: If the Directory Manager administrator has specified the user creation action for review, your +changes will not take effect until verified by an approver. See the +[Requests](/docs/directorymanager/11.1/welcome/request/overview.md) topic for additional information. diff --git a/docs/directorymanager/11.1/welcome/user/create/overview.md b/docs/directorymanager/11.1/welcome/user/create/overview.md new file mode 100644 index 0000000000..0762991c0f --- /dev/null +++ b/docs/directorymanager/11.1/welcome/user/create/overview.md @@ -0,0 +1,20 @@ +--- +title: "Create User Objects" +description: "Create User Objects" +sidebar_position: 10 +--- + +# Create User Objects + +Directory Manager portal enables you to create following types of users: + +- User +- Mailbox +- Contact + +Directory Manager supports the following identity providers for creating the user objects: + +- Active Directory +- Microsoft Entra ID +- Generic LDAP +- Google Workspace diff --git a/docs/directorymanager/11.1/portal/user/linkedaccounts.md b/docs/directorymanager/11.1/welcome/user/linkedaccounts.md similarity index 98% rename from docs/directorymanager/11.1/portal/user/linkedaccounts.md rename to docs/directorymanager/11.1/welcome/user/linkedaccounts.md index c9e5f71b1b..ba28dff4fa 100644 --- a/docs/directorymanager/11.1/portal/user/linkedaccounts.md +++ b/docs/directorymanager/11.1/welcome/user/linkedaccounts.md @@ -1,3 +1,9 @@ +--- +title: "Linked Accounts" +description: "Linked Accounts" +sidebar_position: 40 +--- + # Linked Accounts A user can have accounts in multiple identity stores in Directory Manager. They have to enroll each diff --git a/docs/directorymanager/11.1/welcome/user/manage/_category_.json b/docs/directorymanager/11.1/welcome/user/manage/_category_.json new file mode 100644 index 0000000000..136389c480 --- /dev/null +++ b/docs/directorymanager/11.1/welcome/user/manage/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Manage Users", + "position": 20, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/directorymanager/11.1/welcome/user/manage/changepassword.md b/docs/directorymanager/11.1/welcome/user/manage/changepassword.md new file mode 100644 index 0000000000..636caf96cc --- /dev/null +++ b/docs/directorymanager/11.1/welcome/user/manage/changepassword.md @@ -0,0 +1,54 @@ +--- +title: "Change your password" +description: "Change your password" +sidebar_position: 50 +--- + +# Change your password + +You can change the password of your identity store account. After changing it, use the new password +to sign into Directory Manager and any other application that uses your domain account. + +To do this, provide the existing password and then a new password to replace it. The new password +must conform to the password policy the administrator has defined for the identity store. +Administrator can either enable +[Directory Manage Password Policy ](/docs/directorymanager/11.1/signin/securityrole/policy/password.md) or Netwrix +Password Policy Enforcer policies for the identity store. + +NOTE: MFA enabled Microsoft Entra ID users cannot change their passwords in Directory Manager. If +they try to do so, the following message is displayed: + +![Change Password error message for Entra ID user](/img/product_docs/directorymanager/11.1/portal/user/manage/changepasswordentraiduser.webp) + +If the user's account is a master account, password of its child accounts also cannot be changed in +Directory Manager. + +Follow these steps to change your password. + +Step 1 – In the portal, click your profile info in the top right corner and select **Change +password**. + +Step 2 – The Select your account section lists your account and its linked accounts, if any. Your +logged in account is selected. + +Notice the following in the blue bar: + +- Password Policy: Minimum Length – Displays the minimum number of characters the new password must + contain +- Password Complexity – Displays whether password complexity rules apply. Hover the mouse over + _Enabled_ to view the rules. + +Step 3 – In the Change Password section, do the following: + +- Type the password of your selected account in the **Current Password** box. +- Type your new password in the **New Password** box. The new password must conform to the rules of + the applied password policy for the identity store. +- Type the new password in the **Confirm New Password** box. + +Step 4 – Click **Change Password**. + +If you have reused an old password that does not meet the Enforce password history policy of the +provider, a message informs you that the password must be different from the old one. + +Step 5 – On successful change password, the message,"Password has been reset successfully." is +displayed. Click **OK**. diff --git a/docs/directorymanager/11.1/portal/user/manage/directreport.md b/docs/directorymanager/11.1/welcome/user/manage/directreport.md similarity index 88% rename from docs/directorymanager/11.1/portal/user/manage/directreport.md rename to docs/directorymanager/11.1/welcome/user/manage/directreport.md index 6ca27ac856..8785c74366 100644 --- a/docs/directorymanager/11.1/portal/user/manage/directreport.md +++ b/docs/directorymanager/11.1/welcome/user/manage/directreport.md @@ -1,3 +1,9 @@ +--- +title: "Update your Direct Reports" +description: "Update your Direct Reports" +sidebar_position: 10 +--- + # Update your Direct Reports To view the users and contacts that report directly to you, click **Users** on the left navigation @@ -22,7 +28,7 @@ Reports** check box on the User Settings panel. report's vCard and prompts you to save it on your machine. You can then use it to add the direct report's email address to your email contact list. - Select a direct report and click **Add to Group** on the toolbar to the direct report to the - membership of a group. The [Find Dialog Box](/docs/directorymanager/11.1/portal/search/find.md) is displayed, where you can + membership of a group. The [Find Dialog Box](/docs/directorymanager/11.1/welcome/generalfeatures/find.md) is displayed, where you can search and select the group(s) to add the direct report as a member. - Select a direct report and click **Send email** on the toolbar to send an email to the direct report. This launches the default Windows email application for sending an email to the direct @@ -41,4 +47,4 @@ to add or remove your direct reports. You can also transfer and terminate your direct reports while you validate your Profile. To view any changes made to your direct reports, see the -[My Direct Reports' History](/docs/directorymanager/11.1/portal/history/mydirectreport.md) topic for additional information. +[My Direct Reports' History](/docs/directorymanager/11.1/welcome/history/mydirectreport.md) topic for additional information. diff --git a/docs/directorymanager/11.1/portal/user/disableduser.md b/docs/directorymanager/11.1/welcome/user/manage/disableduser.md similarity index 91% rename from docs/directorymanager/11.1/portal/user/disableduser.md rename to docs/directorymanager/11.1/welcome/user/manage/disableduser.md index 8ef20b569a..e1f4da74d9 100644 --- a/docs/directorymanager/11.1/portal/user/disableduser.md +++ b/docs/directorymanager/11.1/welcome/user/manage/disableduser.md @@ -1,3 +1,9 @@ +--- +title: "Disabled Users" +description: "Disabled Users" +sidebar_position: 70 +--- + # Disabled Users In Directory Manager portal, you can view a list of disabled users. @@ -26,7 +32,7 @@ To view and modify the properties of a disabled or expired user, select it and c on the toolbar. Refer to the information for user properties to manage the properties of a disabled/expired user. -See the [User Properties](/docs/directorymanager/11.1/portal/user/properties/overview.md) topic for additional information. +See the [User Properties](/docs/directorymanager/11.1/welcome/user/properties/overview.md) topic for additional information. ## Reinstate a Disabled User diff --git a/docs/directorymanager/11.1/portal/user/manage/organizationalheirarchy.md b/docs/directorymanager/11.1/welcome/user/manage/organizationalheirarchy.md similarity index 81% rename from docs/directorymanager/11.1/portal/user/manage/organizationalheirarchy.md rename to docs/directorymanager/11.1/welcome/user/manage/organizationalheirarchy.md index a6d7966174..b921162ab6 100644 --- a/docs/directorymanager/11.1/portal/user/manage/organizationalheirarchy.md +++ b/docs/directorymanager/11.1/welcome/user/manage/organizationalheirarchy.md @@ -1,3 +1,9 @@ +--- +title: "Organizational Hierarchy" +description: "Organizational Hierarchy" +sidebar_position: 20 +--- + # Organizational Hierarchy You can view the organizational hierarchy for a user. it shows the direct reports of the reference @@ -11,7 +17,7 @@ user can view it for any user in the organization. ## View the direct reports of a user Step 1 – In the Directory Manager portal, go to **My Profile** or search for the user whose -organizational hierarchy you want to view on the [Directory Search](/docs/directorymanager/11.1/portal/search/search.md) dialog +organizational hierarchy you want to view on the [Directory Search](/docs/directorymanager/11.1/welcome/generalfeatures/search.md) dialog box. Step 2 – On the toolbar tab of the user profile's page, select **Organizational Hierarchy**. The @@ -20,7 +26,7 @@ the nth level. Step 3 – To view the chart for another user, click the ellipsis button next to **Select User**. -On the [Find Dialog Box](/docs/directorymanager/11.1/portal/search/find.md), search and select the required user and click +On the [Find Dialog Box](/docs/directorymanager/11.1/welcome/generalfeatures/find.md), search and select the required user and click **OK**. This displays the organizational hierarchy chart for the selected user. Step 4 – You can: diff --git a/docs/directorymanager/11.1/welcome/user/manage/overview.md b/docs/directorymanager/11.1/welcome/user/manage/overview.md new file mode 100644 index 0000000000..004b4b9e7d --- /dev/null +++ b/docs/directorymanager/11.1/welcome/user/manage/overview.md @@ -0,0 +1,15 @@ +--- +title: "Manage Users" +description: "Manage Users" +sidebar_position: 20 +--- + +# Manage Users + +Using Directory Manager portal, you can perform the following actions: + +- [Update your Direct Reports](/docs/directorymanager/11.1/welcome/user/manage/directreport.md) +- [Validate your profile](/docs/directorymanager/11.1/welcome/user/manage/validateprofile.md) +- [Reset your password](/docs/directorymanager/11.1/welcome/user/manage/resetpassword.md) +- [ Change your password](/docs/directorymanager/11.1/welcome/user/manage/changepassword.md) +- [Unlock your accounts](/docs/directorymanager/11.1/welcome/user/manage/unlockaccount.md) diff --git a/docs/directorymanager/11.1/welcome/user/manage/resetpassword.md b/docs/directorymanager/11.1/welcome/user/manage/resetpassword.md new file mode 100644 index 0000000000..e03b50d6c1 --- /dev/null +++ b/docs/directorymanager/11.1/welcome/user/manage/resetpassword.md @@ -0,0 +1,42 @@ +--- +title: "Reset your password" +description: "Reset your password" +sidebar_position: 30 +--- + +# Reset your password + +Directory Manager portal enables you to reset password for user accounts. You can reset your +identity store password, and even the account passwords of other users in the connected identity +store, provided you have the rights. The new password must conform to the password policy the +administrator has defined for the identity store. Administrator can either enable +[Directory Manage Password Policy ](/docs/directorymanager/11.1/signin/securityrole/policy/password.md) or Netwrix +Password Policy Enforcer policies for the identity store. + +Follow the steps to reset password. + +Step 1 – On the My Dashboard page of Directory Manager portal, search for the user whose password +you need to reset. See the [Directory Search](/docs/directorymanager/11.1/welcome/generalfeatures/search.md) topic for additional +information. + +Step 2 – Select the account from the list whose password you want to reset. + +Step 3 – Select the identity store where the account exists from the identity store drop down list. +Your logged in account is selected + +Step 4 – Type identity store account name in the user name box. + +Step 5 – Select **Reset Password** on the toolbar. + +Step 6 – Enter the information for the given fields: + +- Identity Store – Shows the name of the identity store the portal is connected to. +- User name – Shows your logged-on user name. + + If you have the rights to reset the passwords for other user accounts, then type the login name + of a user. + +- New password and Confirm New password – Type a new password for the specified user. The new + password must conform to the rules of the applied password policy for the identity store. + +Step 7 – Click **Save**. diff --git a/docs/directorymanager/11.1/welcome/user/manage/unlockaccount.md b/docs/directorymanager/11.1/welcome/user/manage/unlockaccount.md new file mode 100644 index 0000000000..bf630ee7f7 --- /dev/null +++ b/docs/directorymanager/11.1/welcome/user/manage/unlockaccount.md @@ -0,0 +1,209 @@ +--- +title: "Unlock your accounts" +description: "Unlock your accounts" +sidebar_position: 40 +--- + +# Unlock your accounts + +You can unlock your identity store account yourself, without having to contact the administrator or +wait. + +Your account can get locked due to: + +- **Wrong password attempts while logging on to a Directory Manager client** + - the consecutive number of times a user can provide the wrong password (Account lockout + threshold), after which the user's identity store account gets locked. + - the duration to lock the user account (_Account lockout duration_). +- **Invalid response to authentication type(s)** + + The Directory Manager administrator can specify Password Policy for the identity store, which + includes: + + - the consecutive number of times a role member can provide a wrong value for any authentication + type (Failed Authentication Attempts Threshold). + - the duration to lock the user account (_Account Lockout duration_). + +With authentication disabled, you cannot authenticate in Directory Manager; hence, you cannot unlock +your identity store accounts or reset your passwords. + +### Unlock identity store user accounts (after wrong password attempts) - enrolled users + +While logging on Directory Manager, you provide wrong password on the Directory Manager Authenticate +window for the specified number of times, the following message appears: + +![GroupID Authenticate](/img/product_docs/directorymanager/11.1/portal/user/manage/locked.webp) + +Now you cannot login to portal unless you unlock your identity store account. Follow the +instructions given below to unlock your account: + +Step 1 – On the Welcome to Directory Manager page of the portal, click **Account Locked?** card. + +Step 2 – Select the identity store where your account exists from the identity store drop down list. + +Step 3 – Type your identity store account name in the **Username** box. + +Step 4 – Enter captcha in the **Captcha** box. + +Step 5 – Click **Unlock Account**. You will be directed to a page where the authentication type(s) +you enrolled your account with are listed. + +To get authenticated through the required authentication type(s), click the relevant option below: + +- Security Questions + + 1. On the Multifactor Authentication window, select the **Security Questions** check box and + click **Continue**. + 2. The page lists the security questions you enrolled your account with. Provide answers to + these questions. + 3. Click **Verify and Continue**. + +- Mobile Verification + + 1. On the Multifactor Authentication window, select the **Mobile Verification** check box and + click **Continue**. + 2. Type the last four digits of your mobile number and click **Send Code**. + 3. In the displayed box, type the 5 digit access code sent on your mobile phone. + 4. Click **Verify and Continue**. + + If you have not received a code, click **Send Again** and then enter the received code in the + given box. + +- Email Verification + + 1. On the Multifactor Authentication window, select the **Email** check box and click + **Continue**. + 2. Complete your email address and click **Send Code**. + 3. In the displayed box, type the 5 digits access code sent to the provided email address. + 4. Click **Verify and Continue**. + + If you have not received a code, click **Send Again** and then enter the received code in the + given box. + +- Authenticator + + 1. On the Multifactor Authentication window, select the **Authenticator** check box and click + **Continue**. + 2. Launch the authenticator app on your smart phone. + 3. The app displays a 6-digit code. Enter that code in the **Security Code** box on the + Authenticator page. + + The app generates a new code every 30 seconds. + + 4. Click **Verify and Continue**. + +- Link Account + + 1. On the Multifactor Authentication window, select the **Link Account** check box and click + **Continue**. + 2. On the Link Account tab, select a link account you want to use for resetting the password of + your account. + + This tab lists the link account(s) that have the Allow Authentication option enabled. + + 3. Type the username and password of the selected linked account in the respective boxes. + 4. Click **Next**. + +- YubiKey + + Insert the YubiKey device in the USB slot of your computer. + + 1. On the Multifactor Authentication window, select the **YubiKey** check box and click + **Continue**. + 2. Click your YubiKey device name. The portal directs you to tap on the device. + + On tapping, you are authenticated. + +- **Windows Hello** + + 1. On the Multifactor Authentication window, click the **Windows Hello** check box and click + **Continue**. + 2. Click **Authenticate and Continue**. + + Authenticate with the provided biometric information or with the PIN given in Windows Hello + sign-in options. + +Step 6 – Click **Unlock Account**. A message that the account has been unlocked successfully is +displayed. + +You can now log in to Directory Manager portal with your account and perform the required function. + +### Unlock identity store user accounts (after wrong password attempts) - unenrolled users + +On entering the wrong password on the Directory Manager Authenticate window for the specified number +of times, your account gets locked. You cannot login to Password Center user portal unless you +unlock your identity store account. Follow the instructions given below to unlock your account: + +Step 1 – On the Welcome to Directory Manager page of the portal, click **Unlock my account** card. + +Step 2 – Select the identity store where your account exists from the identity store drop down list. + +Step 3 – Type your identity store account name in the user name box. + +Step 4 – Click **Unlock Account**. + +You will be directed to a page where the Second Way Authentication type options are listed as the +administrator has configured for your role. + +To get authenticated through the defined authentication type(s) for your role, click the relevant +option below: + +- Security Question + + 1. On the Second Way Authentication window, select the **Security Question** check box and click + **Continue**. + 2. Provide answer to the question the administrator has set for you. + 3. Click **Verify and Continue** + +- Mobile Verification + + 1. On the Second Way Authentication window, select the **Mobile Verification** check box and + click **Continue**. + 2. Type in the last four digit of your mobile number. + 3. Click **Send Code**. + 4. Type the 5 digits access code sent on your mobile phone. + 5. Click **Verify and Continue**. + + If you have not received a code, click **Send Again** and then enter the received code in + the given box. + +- Email Verification + + 1. On the Second Way Authentication window, select the **Email Verification** check box and + click **Continue**. + 2. Complete your email address and click **Send Code**. + 3. In the displayed box, type the 5 digits access code sent to the provided email address. + 4. Click **Verify and Continue**. + + If you have not received a code, click **Send Again** and then enter the received code in + the given box. + +Step 5 – You will be asked to enroll your account as per the multifactor authentication policy +defined for your role. + +On successful enrollment, you are redirected to the Unlock My Account page. Your account is listed +on this page with the check box selected for it. + +Step 6 – Click **Unlock Account**. + +A message that the account has been unlocked successfully is displayed. + +Step 7 – You can now log in to portal with your account and perform the required function. + +### Unlock identity store user accounts (after providing wrong response to authentication types) - enrolled and unenrolled users + +While authenticating on the portal, if enrolled or unenrolled users provide a wrong answer for the +specified number of times, their account gets locked and the following message is displayed: + +![accountlockout](/img/product_docs/directorymanager/11.1/portal/user/manage/accountlockout.webp) + +This type of account unlock can be resolved in one of the following two ways: + +- While logging on to the portal, you provide the correct password for your account. + + OR + +- You wait for the specified duration, after which the account will be unlocked automatically. + +NOTE: Helpdesk cannot unlock accounts that get locked out on providing a wrong response to the +authentication type(s). diff --git a/docs/directorymanager/11.1/portal/user/manage/validateprofile.md b/docs/directorymanager/11.1/welcome/user/manage/validateprofile.md similarity index 92% rename from docs/directorymanager/11.1/portal/user/manage/validateprofile.md rename to docs/directorymanager/11.1/welcome/user/manage/validateprofile.md index 0d77c4cb13..ab91e867aa 100644 --- a/docs/directorymanager/11.1/portal/user/manage/validateprofile.md +++ b/docs/directorymanager/11.1/welcome/user/manage/validateprofile.md @@ -1,3 +1,9 @@ +--- +title: "Validate your profile" +description: "Validate your profile" +sidebar_position: 80 +--- + # Validate your profile The profile validation process in Directory Manager is designed to ensure the accuracy of users’ @@ -24,7 +30,7 @@ an extension period. If they do not validate their profile information within th either, Directory Manager expires them again and their managers are informed by email. To reactivate these accounts, users’ managers must send a request to the administrator or Helpdesk. The administrator or Helpdesk user can extend the profile validation period on the -[Disabled Users](/docs/directorymanager/11.1/portal/user/disableduser.md) page of the portal. +[Disabled Users](/docs/directorymanager/11.1/welcome/user/manage/disableduser.md) page of the portal. NOTE: For notifications to be sent, an SMTP server must be configured for the identity store. @@ -81,7 +87,7 @@ window. The **Manager** field displays the name of your primary manager (if you have one); else it is blank. To add or change your primary manager, click the ellipsis button next to the field. This launches -the [Find Dialog Box](/docs/directorymanager/11.1/portal/search/find.md), where you can search and select your primary manager. +the [Find Dialog Box](/docs/directorymanager/11.1/welcome/generalfeatures/find.md), where you can search and select your primary manager. When you change your primary manager (Manager A), then Manager A is notified by email to accept or reject the request. If Manager A accepts, your manager is changed. If Manager A rejects the request, @@ -89,7 +95,7 @@ you remain with Manager A and a notification is sent to you and Manager A. NOTE: This is the default flow of the ‘Workflow to Change Manager’ workflow. If the administrator disables the workflow or changes the approver, the flow changes accordingly. See -[Requests](/docs/directorymanager/11.1/portal/request/overview.md). +[Requests](/docs/directorymanager/11.1/welcome/request/overview.md). ## Transfer your direct report @@ -100,7 +106,7 @@ back to the old manager, i.e., you. NOTE: This is the default flow of the ‘Workflow to Transfer a User’ workflow, with the direct report set as the workflow approver. If the administrator disables the workflow or changes the approver, -the flow changes accordingly. See [Requests](/docs/directorymanager/11.1/portal/request/overview.md). +the flow changes accordingly. See [Requests](/docs/directorymanager/11.1/welcome/request/overview.md). ## Terminate your direct report diff --git a/docs/directorymanager/11.1/portal/user/manage/viewprofile.md b/docs/directorymanager/11.1/welcome/user/manage/viewprofile.md similarity index 86% rename from docs/directorymanager/11.1/portal/user/manage/viewprofile.md rename to docs/directorymanager/11.1/welcome/user/manage/viewprofile.md index c345333c11..10f0ab2a00 100644 --- a/docs/directorymanager/11.1/portal/user/manage/viewprofile.md +++ b/docs/directorymanager/11.1/welcome/user/manage/viewprofile.md @@ -1,10 +1,16 @@ +--- +title: "Manage your profile" +description: "Manage your profile" +sidebar_position: 60 +--- + # Manage your profile To view and update your profile information in the directory, click your profile info in the top right corner and select **See full profile**. The profile page has the same tabs as the user properties page. Refer to the information for -[User Properties](/docs/directorymanager/11.1/portal/user/properties/overview.md) to manage your profile. +[User Properties](/docs/directorymanager/11.1/welcome/user/properties/overview.md) to manage your profile. ## User profile validation diff --git a/docs/directorymanager/11.1/welcome/user/overview.md b/docs/directorymanager/11.1/welcome/user/overview.md new file mode 100644 index 0000000000..5d54875841 --- /dev/null +++ b/docs/directorymanager/11.1/welcome/user/overview.md @@ -0,0 +1,45 @@ +--- +title: "User Management" +description: "User Management" +sidebar_position: 50 +--- + +# User Management + +With Directory Manager, you can: + +- Automate user provisioning and deprovisioning in bulk. See the + [Synchronize](/docs/directorymanager/11.1/welcome/synchronize/overview.md) section. +- Establish ownership by defining a clear managerial hierarchy with dotted line management. See the + [Dotted line management](/docs/directorymanager/11.1/welcome/user/properties/activedirectory/useroverview/organization.md#dotted-line-management) + section of the [Object properties - Organization tab](/docs/directorymanager/11.1/welcome/user/properties/activedirectory/useroverview/organization.md) + topic. +- Delegate user management to end users by enabling them to: + + - Create and manage users, contacts, and mailboxes in the directory. See the + [ Create User Objects](/docs/directorymanager/11.1/welcome/user/create/overview.md) topic. + - Manage their direct reports. See the [Update your Direct Reports](/docs/directorymanager/11.1/welcome/user/manage/directreport.md) + topic. + - Update their profiles in the directory. See the + [Validate your profile](/docs/directorymanager/11.1/welcome/user/manage/validateprofile.md) topic. + +- Link identical users in different directory services, such as Active Directory and Microsoft Entra + ID. See the [Linked Accounts](/docs/directorymanager/11.1/welcome/user/linkedaccounts.md) topic. + +The table below displays the major functions that users can perform in Directory Manager portal. + +| Functions | Description | +| ----------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Create Objects | Create mail-enabled and non-mail-enabled Users, Contact, or Mailbox. | +| Manage your Profile | On the top right corner, view your profile and verify the information. | +| Manage Your Direct Reports | View Users and Contacts that report directly to you. If required, you can modify the properties of your direct reports. | +| Manage Disabled Users | View the list of users that have been disabled or expired. You can modify the properties of the users, extend the time for the expired users and also reinstate any disabled user. | +| View Organizational Hierarchy | Displays the complete hierarchy in graphical form. It displays few attributes of users like email address and profile picture etc. | +| Link Accounts | With accounts in multiple identity stores, you can reset passwords or unlock accounts with Linked Accounts | +| Reset Password | Reset your forgotten or lost passwords. Unenrolled users can reset passwords if Second Way Authentication is enabled. | +| Unlock Account | Unlock your accounts yourself without contacting the Administrator. | +| Change Password | Change your password according to the Password Policy set by the administrator. | +| Validate Your Profile | Validate your profile after a particular time in order to ensure the user information in the directory. | +| User Account Settings | Modify your profile information. Administrators can manage the user information, enable/disable the user, or expire a user. | + +NOTE: The contact object type is not supported in a Microsoft Entra ID based identity store. diff --git a/docs/directorymanager/11.1/welcome/user/properties/_category_.json b/docs/directorymanager/11.1/welcome/user/properties/_category_.json new file mode 100644 index 0000000000..8238f01062 --- /dev/null +++ b/docs/directorymanager/11.1/welcome/user/properties/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "User Properties", + "position": 30, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/directorymanager/11.1/welcome/user/properties/activedirectory/_category_.json b/docs/directorymanager/11.1/welcome/user/properties/activedirectory/_category_.json new file mode 100644 index 0000000000..3241cbd4ab --- /dev/null +++ b/docs/directorymanager/11.1/welcome/user/properties/activedirectory/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Overview", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/directorymanager/11.1/welcome/user/properties/activedirectory/contact/_category_.json b/docs/directorymanager/11.1/welcome/user/properties/activedirectory/contact/_category_.json new file mode 100644 index 0000000000..3241cbd4ab --- /dev/null +++ b/docs/directorymanager/11.1/welcome/user/properties/activedirectory/contact/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Overview", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/directorymanager/11.1/welcome/user/properties/activedirectory/contact/advanced.md b/docs/directorymanager/11.1/welcome/user/properties/activedirectory/contact/advanced.md new file mode 100644 index 0000000000..b3dfc20e51 --- /dev/null +++ b/docs/directorymanager/11.1/welcome/user/properties/activedirectory/contact/advanced.md @@ -0,0 +1,27 @@ +--- +title: "Contact properties - Advanced tab" +description: "Contact properties - Advanced tab" +sidebar_position: 10 +--- + +# Contact properties - Advanced tab + +Use this tab to specify advanced settings for a contact. + +Home Page + +The URL of the contact's website. + +Use the **Add** and **Remove** buttons to add and remove the URL. + +Emp Type + +The job category of the contact. + +Emp # + +The employee ID of the contact. + +Admin Notes + +Notes by the administrator. diff --git a/docs/directorymanager/11.1/welcome/user/properties/activedirectory/contact/memberof.md b/docs/directorymanager/11.1/welcome/user/properties/activedirectory/contact/memberof.md new file mode 100644 index 0000000000..d0c899a4df --- /dev/null +++ b/docs/directorymanager/11.1/welcome/user/properties/activedirectory/contact/memberof.md @@ -0,0 +1,26 @@ +--- +title: "Contact properties - Member Of tab" +description: "Contact properties - Member Of tab" +sidebar_position: 20 +--- + +# Contact properties - Member Of tab + +Use this tab to view the groups that the contact is a member of. You can also add and remove this +contact from the membership of groups. + +Member Of + +Displays the groups this contact is a member of. + +Add + +Click it to add the contact to the memberships of one or more groups. + +Enter a search string to locate the required group, or click **Advance** to use the +[Find Dialog Box](/docs/directorymanager/11.1/welcome/generalfeatures/find.md) for performing a search. + +Remove + +Select a group in the Member Of list and click **Remove** to remove the contact from the membership +of that group. diff --git a/docs/directorymanager/11.1/welcome/user/properties/activedirectory/contact/overview.md b/docs/directorymanager/11.1/welcome/user/properties/activedirectory/contact/overview.md new file mode 100644 index 0000000000..f3401b5418 --- /dev/null +++ b/docs/directorymanager/11.1/welcome/user/properties/activedirectory/contact/overview.md @@ -0,0 +1,23 @@ +--- +title: "Overview" +description: "Overview" +sidebar_position: 10 +--- + +# Overview + +You can view and manipulate the properties of contacts in Active Directory. + +## Contact properties + +Following is the list of all the properties that Contacts have in Active Directory based identity +store. + +- [Object properties - General tab](/docs/directorymanager/11.1/welcome/user/properties/activedirectory/useroverview/general.md) +- [Object properties - Organization tab](/docs/directorymanager/11.1/welcome/user/properties/activedirectory/useroverview/organization.md) +- [Contact properties - Member Of tab](/docs/directorymanager/11.1/welcome/user/properties/activedirectory/contact/memberof.md) +- [Object properties - Phone / Notes tab](/docs/directorymanager/11.1/welcome/user/properties/activedirectory/useroverview/phonenote.md) +- [Object properties - Attributes tab](/docs/directorymanager/11.1/welcome/group/properties/attributes.md) +- [Object properties - Email tab](/docs/directorymanager/11.1/welcome/user/properties/activedirectory/useroverview/email.md) +- [Contact properties - Advanced tab](/docs/directorymanager/11.1/welcome/user/properties/activedirectory/contact/advanced.md) +- [Object properties - History tab](/docs/directorymanager/11.1/welcome/group/properties/history.md) diff --git a/docs/directorymanager/11.1/welcome/user/properties/activedirectory/mailbox/_category_.json b/docs/directorymanager/11.1/welcome/user/properties/activedirectory/mailbox/_category_.json new file mode 100644 index 0000000000..a9fbb952ed --- /dev/null +++ b/docs/directorymanager/11.1/welcome/user/properties/activedirectory/mailbox/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Overview", + "position": 20, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/directorymanager/11.1/welcome/user/properties/activedirectory/mailbox/advanced.md b/docs/directorymanager/11.1/welcome/user/properties/activedirectory/mailbox/advanced.md new file mode 100644 index 0000000000..c03be188d4 --- /dev/null +++ b/docs/directorymanager/11.1/welcome/user/properties/activedirectory/mailbox/advanced.md @@ -0,0 +1,54 @@ +--- +title: "Mailbox properties - Advanced tab" +description: "Mailbox properties - Advanced tab" +sidebar_position: 10 +--- + +# Mailbox properties - Advanced tab + +Use this tab to configure advanced settings for a user. + +The Server box helps differentiate between a user and a mailbox object. If it displays the name of a +messaging server, the object is a mailbox. If it is empty, the object is a user. + +Home Page + +The URL of the user's website. + +Emp # + +The employee ID of the user. + +Hide from address book + +Indicates whether to hide the user in the messaging provider's address book (such as the Outlook +address book). + +If selected, the user will not be visible in the address book. + +Recipient + +Specify an alternate recipient to receive the emails sent to this user. + +Click the ellipsis button to launch the [Find Dialog Box](/docs/directorymanager/11.1/welcome/generalfeatures/find.md), where you can +search and select the required recipient. + +To remove the alternate recipient, click the **Remove** button. + +Server + +The distinguished name (DN) of the messaging server, such as the Exchange server. + +This field is populated for a 'mailbox' object only. + +Emp Type + +The job category of this user. + +Admin Notes + +Notes by the administrator. + +Deliver messages to both forwarding address and mailbox + +Indicates whether to send every email for this user to the alternate recipient as well. diff --git a/docs/directorymanager/11.1/portal/user/properties/activedirectory/mailbox/autoreply.md b/docs/directorymanager/11.1/welcome/user/properties/activedirectory/mailbox/autoreply.md similarity index 93% rename from docs/directorymanager/11.1/portal/user/properties/activedirectory/mailbox/autoreply.md rename to docs/directorymanager/11.1/welcome/user/properties/activedirectory/mailbox/autoreply.md index d1dfde92ed..0c9f0f1eb9 100644 --- a/docs/directorymanager/11.1/portal/user/properties/activedirectory/mailbox/autoreply.md +++ b/docs/directorymanager/11.1/welcome/user/properties/activedirectory/mailbox/autoreply.md @@ -1,3 +1,9 @@ +--- +title: "Mailbox properties - Auto Reply tab" +description: "Mailbox properties - Auto Reply tab" +sidebar_position: 20 +--- + # Mailbox properties - Auto Reply tab Use this tab to configure automatic replies for the emails sent to a mailbox object. You can: diff --git a/docs/directorymanager/11.1/portal/user/properties/activedirectory/mailbox/limits.md b/docs/directorymanager/11.1/welcome/user/properties/activedirectory/mailbox/limits.md similarity index 86% rename from docs/directorymanager/11.1/portal/user/properties/activedirectory/mailbox/limits.md rename to docs/directorymanager/11.1/welcome/user/properties/activedirectory/mailbox/limits.md index c67e6345c0..4e3eeb92fb 100644 --- a/docs/directorymanager/11.1/portal/user/properties/activedirectory/mailbox/limits.md +++ b/docs/directorymanager/11.1/welcome/user/properties/activedirectory/mailbox/limits.md @@ -1,3 +1,9 @@ +--- +title: "Mailbox properties - Limits tab" +description: "Mailbox properties - Limits tab" +sidebar_position: 30 +--- + # Mailbox properties - Limits tab This tab applies to mailboxes only. It allows you to set the storage quota for the object's mailbox, diff --git a/docs/directorymanager/11.1/welcome/user/properties/activedirectory/mailbox/overview.md b/docs/directorymanager/11.1/welcome/user/properties/activedirectory/mailbox/overview.md new file mode 100644 index 0000000000..53e0fe2f15 --- /dev/null +++ b/docs/directorymanager/11.1/welcome/user/properties/activedirectory/mailbox/overview.md @@ -0,0 +1,27 @@ +--- +title: "Overview" +description: "Overview" +sidebar_position: 20 +--- + +# Overview + +You can view and manipulate the properties of mailboxes in Active Directory. + +## Mailbox properties + +Following is the list of all the properties that Users and Mailbox Users have in Active Directory +based identity store. + +- [Object properties - General tab](/docs/directorymanager/11.1/welcome/user/properties/activedirectory/useroverview/general.md) +- [Object properties - Organization tab](/docs/directorymanager/11.1/welcome/user/properties/activedirectory/useroverview/organization.md) +- [User properties - Member Of tab](/docs/directorymanager/11.1/welcome/user/properties/activedirectory/useroverview/memberof.md) +- [Object properties - Phone / Notes tab](/docs/directorymanager/11.1/welcome/user/properties/activedirectory/useroverview/phonenote.md) +- [Object properties - Attributes tab](/docs/directorymanager/11.1/welcome/group/properties/attributes.md) +- [Object properties - Email tab](/docs/directorymanager/11.1/welcome/user/properties/activedirectory/useroverview/email.md) +- [Mailbox properties - Limits tab](/docs/directorymanager/11.1/welcome/user/properties/activedirectory/mailbox/limits.md) +- [Mailbox properties - Advanced tab](/docs/directorymanager/11.1/welcome/user/properties/activedirectory/mailbox/advanced.md) +- [User properties - Account tab](/docs/directorymanager/11.1/welcome/user/properties/activedirectory/useroverview/account.md) +- [Mailbox properties - Auto Reply tab](/docs/directorymanager/11.1/welcome/user/properties/activedirectory/mailbox/autoreply.md) +- [Object Properties - Entitlements tab](/docs/directorymanager/11.1/welcome/user/properties/activedirectory/useroverview/entitlement.md) +- [Object properties - History tab](/docs/directorymanager/11.1/welcome/group/properties/history.md) diff --git a/docs/directorymanager/11.1/welcome/user/properties/activedirectory/overview.md b/docs/directorymanager/11.1/welcome/user/properties/activedirectory/overview.md new file mode 100644 index 0000000000..3b4d065119 --- /dev/null +++ b/docs/directorymanager/11.1/welcome/user/properties/activedirectory/overview.md @@ -0,0 +1,43 @@ +--- +title: "Overview" +description: "Overview" +sidebar_position: 10 +--- + +# Overview + +You can view and manipulate the properties of directory objects (users, mailboxes, and contacts) in +Active Directory, depending on the permissions the GroupID administrator has granted you. + +## User and Mailbox properties + +Following is the list of all the properties that Users and Mailbox Users have in Active Directory +based identity store. + +- [Object properties - General tab](/docs/directorymanager/11.1/welcome/user/properties/activedirectory/useroverview/general.md) +- [Object properties - Organization tab](/docs/directorymanager/11.1/welcome/user/properties/activedirectory/useroverview/organization.md) +- [User properties - Member Of tab](/docs/directorymanager/11.1/welcome/user/properties/activedirectory/useroverview/memberof.md) +- [Object properties - Phone / Notes tab](/docs/directorymanager/11.1/welcome/user/properties/activedirectory/useroverview/phonenote.md) +- [Object properties - Attributes tab](/docs/directorymanager/11.1/welcome/group/properties/attributes.md) +- [Object properties - Email tab](/docs/directorymanager/11.1/welcome/user/properties/activedirectory/useroverview/email.md) +- [Mailbox properties - Limits tab](/docs/directorymanager/11.1/welcome/user/properties/activedirectory/mailbox/limits.md) (for mailbox only) +- [Mailbox properties - Advanced tab](/docs/directorymanager/11.1/welcome/user/properties/activedirectory/mailbox/advanced.md) (for mailbox only) +- [Object properties - Advanced tab](/docs/directorymanager/11.1/welcome/user/properties/activedirectory/useroverview/advanced.md) +- [User properties - Account tab](/docs/directorymanager/11.1/welcome/user/properties/activedirectory/useroverview/account.md) +- [Mailbox properties - Auto Reply tab](/docs/directorymanager/11.1/welcome/user/properties/activedirectory/mailbox/autoreply.md) (for mailbox only) +- [Object Properties - Entitlements tab](/docs/directorymanager/11.1/welcome/user/properties/activedirectory/useroverview/entitlement.md) +- [Object properties - History tab](/docs/directorymanager/11.1/welcome/group/properties/history.md) + +## Contact properties + +Following is the list of all the properties that Contacts have in Active Directory based identity +store. + +- [Object properties - General tab](/docs/directorymanager/11.1/welcome/user/properties/activedirectory/useroverview/general.md) +- [Object properties - Organization tab](/docs/directorymanager/11.1/welcome/user/properties/activedirectory/useroverview/organization.md) +- [Contact properties - Member Of tab](/docs/directorymanager/11.1/welcome/user/properties/activedirectory/contact/memberof.md) +- [Object properties - Phone / Notes tab](/docs/directorymanager/11.1/welcome/user/properties/activedirectory/useroverview/phonenote.md) +- [Object properties - Attributes tab](/docs/directorymanager/11.1/welcome/group/properties/attributes.md) +- [Object properties - Email tab](/docs/directorymanager/11.1/welcome/user/properties/activedirectory/useroverview/email.md) +- [Contact properties - Advanced tab](/docs/directorymanager/11.1/welcome/user/properties/activedirectory/contact/advanced.md) +- [Object properties - History tab](/docs/directorymanager/11.1/welcome/group/properties/history.md) diff --git a/docs/directorymanager/11.1/welcome/user/properties/activedirectory/useroverview/_category_.json b/docs/directorymanager/11.1/welcome/user/properties/activedirectory/useroverview/_category_.json new file mode 100644 index 0000000000..169ebd21b7 --- /dev/null +++ b/docs/directorymanager/11.1/welcome/user/properties/activedirectory/useroverview/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Overview", + "position": 30, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "useroverview" + } +} \ No newline at end of file diff --git a/docs/directorymanager/11.1/welcome/user/properties/activedirectory/useroverview/account.md b/docs/directorymanager/11.1/welcome/user/properties/activedirectory/useroverview/account.md new file mode 100644 index 0000000000..1444aa8044 --- /dev/null +++ b/docs/directorymanager/11.1/welcome/user/properties/activedirectory/useroverview/account.md @@ -0,0 +1,26 @@ +--- +title: "User properties - Account tab" +description: "User properties - Account tab" +sidebar_position: 10 +--- + +# User properties - Account tab + +This tab enables administrators to manage the account status and expiry policy of a user. + +Account Expires + +Set the account expiry policy for the user. + +- Never – To set this user account to never expire. This is the default option for new users. +- End Of – To set this user account to expire on a specified date. Use the calendar selector to + enter the expiry date for the user account. + +Account is disabled + +Select this check box to disable the user account, so that the user cannot log-on with it. + +Account is locked out + +This check box will be selected when this user account is locked, for example, due to failed logon +attempts. Clear this check box to unlock the account. diff --git a/docs/directorymanager/11.1/welcome/user/properties/activedirectory/useroverview/advanced.md b/docs/directorymanager/11.1/welcome/user/properties/activedirectory/useroverview/advanced.md new file mode 100644 index 0000000000..16fd1d2c42 --- /dev/null +++ b/docs/directorymanager/11.1/welcome/user/properties/activedirectory/useroverview/advanced.md @@ -0,0 +1,58 @@ +--- +title: "Object properties - Advanced tab" +description: "Object properties - Advanced tab" +sidebar_position: 20 +--- + +# Object properties - Advanced tab + +Use this tab to specify advanced settings for a user/mailbox. + +Home Page + +The URL of the user/mailbox's website. + +Use the Add and Remove buttons to add and remove the URL. + +Emp Type + +The job category of the user/mailbox. + +Emp # + +The employee ID of the user/mailbox. + +Hide from address book + +Indicates whether to hide the user in the messaging provider's address book (such as the Outlook +address book). + +When selected, the user will not be visible in the address book. + +This option is available for user objects only. + +Admin Notes + +Notes by the administrator. + +## For mailbox objects only + +Server + +The server name of the messaging provider where the mailbox resides. + +Recipient + +An email address or mailbox object that should receive the emails sent to the particular mailbox. + +Enter a search string to locate the object to add as a recipient, or click the ellipsis button to +use the [Find Dialog Box](/docs/directorymanager/11.1/welcome/generalfeatures/find.md) for performing a search. + +Deliver messages to both forwarding address and mailbox + +Select the check box to ensure that any email sent to the mailbox is also forwarded to the +object/email specified in the Recipient box. + +- When no recipient is set and this check box is cleared, emails are only sent to the mailbox. +- However, when an email/object is specified in the Recipient box and this check box is cleared, + emails will not be sent to the mailbox but only to the recipient. diff --git a/docs/directorymanager/11.1/welcome/user/properties/activedirectory/useroverview/email.md b/docs/directorymanager/11.1/welcome/user/properties/activedirectory/useroverview/email.md new file mode 100644 index 0000000000..d0f601e89c --- /dev/null +++ b/docs/directorymanager/11.1/welcome/user/properties/activedirectory/useroverview/email.md @@ -0,0 +1,25 @@ +--- +title: "Object properties - Email tab" +description: "Object properties - Email tab" +sidebar_position: 30 +--- + +# Object properties - Email tab + +Use this tab to view the addresses assigned to this object. + +Addresses + +In case of a mail-enabled object, the messaging provider (such as Microsoft Exchange) assigns +different addresses to it for communication with different repositories (such as Address Book, SIP, +Outlook). These addresses are displayed in this box. + +Subscriptions + +Displays the subscriptions assigned to the mailbox. + +It also lists other subscriptions offered by Office 365 to a mailbox user. Select the check box for +a subscription to assign it to the mailbox. + +The subscription list is displayed for mailbox objects when Office 365 is configured as the +messaging provider for the identity store. diff --git a/docs/directorymanager/11.1/welcome/user/properties/activedirectory/useroverview/entitlement.md b/docs/directorymanager/11.1/welcome/user/properties/activedirectory/useroverview/entitlement.md new file mode 100644 index 0000000000..d00d12751c --- /dev/null +++ b/docs/directorymanager/11.1/welcome/user/properties/activedirectory/useroverview/entitlement.md @@ -0,0 +1,49 @@ +--- +title: "Object Properties - Entitlements tab" +description: "Object Properties - Entitlements tab" +sidebar_position: 40 +--- + +# Object Properties - Entitlements tab + +Entitlement computes the effective NTFS permissions granted to objects on shared resources residing +on a server in an Active Directory identity store. The Entitlement tab provides an interface for +users to view these permissions. Users can view the permissions granted to a user over files and +folder residing on a server. + +Explicit permissions are assigned to a user. To facilitate permission viewing, do the following: + +- Specify one or more servers in identity store configurations. + + This must be a server in an Active Directory based identity store. + +- Compute all permissions that directory objects have on the shared files and folders on those + server(s). +- View these permissions in the Directory Manager portal. + +## Entitlement job + +An Entitlement schedule is automatically created for an identity store when: + +- A server is added for permission analysis on the **Entitlement** page in an Active Directory + identity store. + + Or + +- A SharePoint site is added for permission analysis on the **Entitlement** page in a Microsoft + Entra ID identity store. + +By default, the schedule runs weekly to compute permissions on shared files and folders residing on +the specified servers (for Active Directory), and the document libraries present in the specified +sites (for SharePoint). It then replicates these permissions to Elasticsearch, enabling users to +view, manage and update these permissions in the Directory Managerportal. + +## Permissions on the Entitlement portal + +You can grant permissions to security roles on the Entitlement section in the Directory Manager +portal. Based on these permissions, role members can performs different actions in the Entitlement +section, such as navigate file servers and SharePoint sites, grant permissions to objects on shared +resources, revoke permissions, and more. + +Entitlement-related permissions for a security role in an identity store are discussed in the +[Entitlement](/docs/directorymanager/11.1/signin/securityrole/permissions.md#entitlement) section. diff --git a/docs/directorymanager/11.1/welcome/user/properties/activedirectory/useroverview/general.md b/docs/directorymanager/11.1/welcome/user/properties/activedirectory/useroverview/general.md new file mode 100644 index 0000000000..2c54af021c --- /dev/null +++ b/docs/directorymanager/11.1/welcome/user/properties/activedirectory/useroverview/general.md @@ -0,0 +1,96 @@ +--- +title: "Object properties - General tab" +description: "Object properties - General tab" +sidebar_position: 50 +--- + +# Object properties - General tab + +Use this tab to view or update the general information for a user, mailbox, or contact. + +First name + +The first name of the contact or user. + +Last name + +The last name of the contact or user. + +Initials + +The initials of the user or contact. + +Alias + +The email alias of the user or contact. + +Display name + +The name of the contact or user as it is displayed in the portal. + +Address + +The office address of the user or contact. + +Title + +The job title of the contact or user. + +Company + +The name of the organization where the user or contact works. + +City + +The city, state, zip code, and country where the organization of this user or contact is located. + +The **State** list is populated based on the selection made in the **Country** list. + +Department + +The department in the organization that the user or contact works in. + +State + +The State list is populated based on the selection made in the Country list. + +Office + +The office number of the user or contact. + +Zip + +The zip code of the location where the organization of this user or contact resides. + +Country + +The country where the organization of this user or contact is located. + +Business + +The type of business the contact or user's organization conducts. + +Home page + +The URL of the web page of the user. This field is not available for a contact. + +Exchange Assistant + +The name of the Exchange assistant for the mailbox/contact. Any email sent to the mailbox/contact is +also forwarded to this assistant. + +Enter a search string to locate the object to add as an Exchange assistant, or click **Browse** to +use the [Find Dialog Box](/docs/directorymanager/11.1/welcome/generalfeatures/find.md) for performing a search. + +This field is not available for a user. + +Email + +The email address of the user or contact. + +Photo + +The photo of the user or contact. + +Click the **Edit** icon to launch the Manage Photo dialog box for uploading a photo. The dialog box +also provides many image editing options, including rotate, crop, flip, and re-size. diff --git a/docs/directorymanager/11.1/welcome/user/properties/activedirectory/useroverview/memberof.md b/docs/directorymanager/11.1/welcome/user/properties/activedirectory/useroverview/memberof.md new file mode 100644 index 0000000000..a86aa877b3 --- /dev/null +++ b/docs/directorymanager/11.1/welcome/user/properties/activedirectory/useroverview/memberof.md @@ -0,0 +1,37 @@ +--- +title: "User properties - Member Of tab" +description: "User properties - Member Of tab" +sidebar_position: 60 +--- + +# User properties - Member Of tab + +Use this tab to view the groups that the user is a member of. You can also add and remove this user +from the membership of groups. + +The tab displays a list of all groups this user is a member of. + +| Column Name | Description | +| ------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Display Name | Displays the names of the groups this user is a member of. | +| Membership | Indicates whether the user is a temporary or permanent member of the group. - Perpetual – To make the object a permanent member of the group. - Temporary Member – To make the object a temporary member of the group for the period you specify in the Beginning and Ending boxes. At the end of the period, the object is removed from the group membership. - Addition Pending – Indicates that the object will be a temporary member of the group for a period in the future. Use the Beginning and Ending boxes to set a period. Before the beginning date, the object’s membership type is displayed as ‘Addition Pending’. On the beginning date, the membership type changes to ‘Temporary Member’. Example. You add Smith as a temporary member to Group A on May 15 for future dates, May 20-30. Smith will be displayed in Group A’s membership with ‘Addition Pending’ as its membership type from May 15 to 19. However, Smith would not be added to group membership in the provider. On May 20, Smith will become a temporary member of Group A and its membership type will change to ‘Temporary Member’ from May 20 to 30. Smith will also be added to group membership in the provider. After May 30, Smith will be removed from Group A as a member in Directory Manager and in the provider. - Removal Pending - Indicates that the object will be temporarily removed from group membership for a period in the future. Use the Beginning and Ending boxes to set a period. Before the beginning date, the object’s membership type is displayed as ‘Removal Pending’. On the beginning date, the membership type will change to ‘Temporary Removed’. Example. You remove Smith from Group A on May 15 for future dates, May 20-30. Smith will be displayed in Group A’s membership with ‘Removal Pending’ as membership type from May 15 to 19. On May 20, Smith’s membership type in Directory Manager will change to ‘Temporary Removed’; lasting till May 30. However, Smith will be removed from Group A’s membership in the provider. After May 30, Smith will be added back to Group A as a permanent member in Directory Manager and in the provider. - Temporary Removed – Indicates that the object is temporarily removed from group membership for the period specified in the Beginning and Ending boxes. At the end of the period, the object is added back to the group membership as a permanent member. When the user is a perpetual member, the **Membership** column is blank. You cannot change the membership type of the user for any group on the **Member Of** tab. Rather, go to the properties of the specific group and change the user's membership type on the [Group properties - Members tab](/docs/directorymanager/11.1/welcome/group/properties/members.md). | +| Beginning | Displays the beginning date of the temporary addition or removal. | +| Ending | Displays the ending date of the temporary addition or removal. | + +For each column in the grid, an item level filter is also available that lets you filter records +based on a criterion. For example; to show groups whose display names start with D, type D in the +box under the Display Name header and press Enter. + +Add + +Click it to add the user to the memberships of one or more groups. + +Enter a search string to locate the required group, or click **Advance** to use the +[Find Dialog Box](/docs/directorymanager/11.1/welcome/generalfeatures/find.md) for performing a search. + +The selected group(s) get listed in the Member Of grid. + +Remove + +Select a group in the Member Of list and click **Remove** to remove the user from the membership of +that group. diff --git a/docs/directorymanager/11.1/portal/user/properties/activedirectory/organization.md b/docs/directorymanager/11.1/welcome/user/properties/activedirectory/useroverview/organization.md similarity index 97% rename from docs/directorymanager/11.1/portal/user/properties/activedirectory/organization.md rename to docs/directorymanager/11.1/welcome/user/properties/activedirectory/useroverview/organization.md index 50c6d1300b..f1ac09b5a7 100644 --- a/docs/directorymanager/11.1/portal/user/properties/activedirectory/organization.md +++ b/docs/directorymanager/11.1/welcome/user/properties/activedirectory/useroverview/organization.md @@ -1,3 +1,9 @@ +--- +title: "Object properties - Organization tab" +description: "Object properties - Organization tab" +sidebar_position: 70 +--- + # Object properties - Organization tab Use this tab to add or change the primary manager for this user or contact. You can also remove the @@ -12,7 +18,7 @@ transfer or terminate a direct report. NOTE: A user can also manage his/her direct reports and change his/her primary manager while validating his/her profile in the portal. See the -[Validate your profile](/docs/directorymanager/11.1/portal/user/manage/validateprofile.md) topic. +[Validate your profile](/docs/directorymanager/11.1/welcome/user/manage/validateprofile.md) topic. ## Dotted line management @@ -26,14 +32,14 @@ changed. If the primary manager rejects the request, the user remains with the m NOTE: This is the default flow for the ‘Workflow to Change Manager’ workflow, with the primary manager set as the approver. If the administrator disables the workflow or changes the workflow -approver, the flow changes accordingly. See the [Requests](/docs/directorymanager/11.1/portal/request/overview.md) topic. +approver, the flow changes accordingly. See the [Requests](/docs/directorymanager/11.1/welcome/request/overview.md) topic. Manager Displays the contact/user's primary manager, if specified. The user/contact can change his or her primary manager. -Click the ellipsis button to launch the [Find Dialog Box](/docs/directorymanager/11.1/portal/search/find.md), where you can +Click the ellipsis button to launch the [Find Dialog Box](/docs/directorymanager/11.1/welcome/generalfeatures/find.md), where you can search and select a user to set as the manager. Reports @@ -42,7 +48,7 @@ Displays a list of objects that report directly to this user or contact. These m groups and contacts. - To add a direct report, click **Add**. Enter a search string to locate the object to add as a - direct report, or click **Advance** to use the [Find Dialog Box](/docs/directorymanager/11.1/portal/search/find.md) for + direct report, or click **Advance** to use the [Find Dialog Box](/docs/directorymanager/11.1/welcome/generalfeatures/find.md) for performing a search. - To transfer a direct report, select it and click **Transfer**. @@ -53,7 +59,7 @@ groups and contacts. NOTE: This is the default flow for the ‘Workflow to Transfer a User’ workflow, with the direct report set as the approver. If the administrator disables the workflow or changes the approver, - the flow changes accordingly. See the [Requests](/docs/directorymanager/11.1/portal/request/overview.md) topic. + the flow changes accordingly. See the [Requests](/docs/directorymanager/11.1/welcome/request/overview.md) topic. - To terminate a direct report, select it and click **Terminate**. @@ -65,7 +71,7 @@ groups and contacts. Additional Manager To add a manager, click **Add**. Enter a search string to locate the object to add as an additional -manager, or click **Advance** to use the [Find Dialog Box](/docs/directorymanager/11.1/portal/search/find.md) for performing a +manager, or click **Advance** to use the [Find Dialog Box](/docs/directorymanager/11.1/welcome/generalfeatures/find.md) for performing a search. To remove an additional manager, select it and click **Remove**. diff --git a/docs/directorymanager/11.1/portal/user/properties/activedirectory/phonenote.md b/docs/directorymanager/11.1/welcome/user/properties/activedirectory/useroverview/phonenote.md similarity index 84% rename from docs/directorymanager/11.1/portal/user/properties/activedirectory/phonenote.md rename to docs/directorymanager/11.1/welcome/user/properties/activedirectory/useroverview/phonenote.md index bcd0aa2e5d..68965c1f06 100644 --- a/docs/directorymanager/11.1/portal/user/properties/activedirectory/phonenote.md +++ b/docs/directorymanager/11.1/welcome/user/properties/activedirectory/useroverview/phonenote.md @@ -1,3 +1,9 @@ +--- +title: "Object properties - Phone / Notes tab" +description: "Object properties - Phone / Notes tab" +sidebar_position: 80 +--- + # Object properties - Phone / Notes tab Use this tab to view or update the contact information of the user or contact. diff --git a/docs/directorymanager/11.1/welcome/user/properties/activedirectory/useroverview/useroverview.md b/docs/directorymanager/11.1/welcome/user/properties/activedirectory/useroverview/useroverview.md new file mode 100644 index 0000000000..b691fe5d1e --- /dev/null +++ b/docs/directorymanager/11.1/welcome/user/properties/activedirectory/useroverview/useroverview.md @@ -0,0 +1,25 @@ +--- +title: "Overview" +description: "Overview" +sidebar_position: 30 +--- + +# Overview + +You can view and manipulate the properties of users in Active Directory. + +## User properties + +Following is the list of all the properties that Users and Mailbox Users have in Active Directory +based identity store. + +- [Object properties - General tab](/docs/directorymanager/11.1/welcome/user/properties/activedirectory/useroverview/general.md) +- [Object properties - Organization tab](/docs/directorymanager/11.1/welcome/user/properties/activedirectory/useroverview/organization.md) +- [User properties - Member Of tab](/docs/directorymanager/11.1/welcome/user/properties/activedirectory/useroverview/memberof.md) +- [Object properties - Phone / Notes tab](/docs/directorymanager/11.1/welcome/user/properties/activedirectory/useroverview/phonenote.md) +- [Object properties - Attributes tab](/docs/directorymanager/11.1/welcome/group/properties/attributes.md) +- [Object properties - Email tab](/docs/directorymanager/11.1/welcome/user/properties/activedirectory/useroverview/email.md) +- [Object properties - Advanced tab](/docs/directorymanager/11.1/welcome/user/properties/activedirectory/useroverview/advanced.md) +- [User properties - Account tab](/docs/directorymanager/11.1/welcome/user/properties/activedirectory/useroverview/account.md) +- [Object Properties - Entitlements tab](/docs/directorymanager/11.1/welcome/user/properties/activedirectory/useroverview/entitlement.md) +- [Object properties - History tab](/docs/directorymanager/11.1/welcome/group/properties/history.md) diff --git a/docs/directorymanager/11.1/welcome/user/properties/azure/_category_.json b/docs/directorymanager/11.1/welcome/user/properties/azure/_category_.json new file mode 100644 index 0000000000..a9fbb952ed --- /dev/null +++ b/docs/directorymanager/11.1/welcome/user/properties/azure/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Overview", + "position": 20, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/directorymanager/11.1/portal/user/properties/azure/contactinfo.md b/docs/directorymanager/11.1/welcome/user/properties/azure/contactinfo.md similarity index 76% rename from docs/directorymanager/11.1/portal/user/properties/azure/contactinfo.md rename to docs/directorymanager/11.1/welcome/user/properties/azure/contactinfo.md index c2b9d31603..3898f7d357 100644 --- a/docs/directorymanager/11.1/portal/user/properties/azure/contactinfo.md +++ b/docs/directorymanager/11.1/welcome/user/properties/azure/contactinfo.md @@ -1,3 +1,9 @@ +--- +title: "User properties - Contact Info tab" +description: "User properties - Contact Info tab" +sidebar_position: 10 +--- + # User properties - Contact Info tab Use this tab to view or update the contact information of the user/mailbox. diff --git a/docs/directorymanager/11.1/welcome/user/properties/azure/directoryrole.md b/docs/directorymanager/11.1/welcome/user/properties/azure/directoryrole.md new file mode 100644 index 0000000000..b0fb4a0049 --- /dev/null +++ b/docs/directorymanager/11.1/welcome/user/properties/azure/directoryrole.md @@ -0,0 +1,19 @@ +--- +title: "User properties - Directory Role tab" +description: "User properties - Directory Role tab" +sidebar_position: 20 +--- + +# User properties - Directory Role tab + +This tab displays the role assigned to the user/mailbox in Microsoft Entra ID. If required, you can +change the role or modify the permissions assigned to the current role. + +Roles are: Global Administrator, Limited Administrator, and User. + +Directory Roles + +Displays the role assigned to the user on the Microsoft Entra Admin Center. + +To change the user role, click the down arrow for the new role you want to assign, and then select +the check boxes for the role privileges for assignment. diff --git a/docs/directorymanager/11.1/portal/user/properties/azure/identity.md b/docs/directorymanager/11.1/welcome/user/properties/azure/identity.md similarity index 94% rename from docs/directorymanager/11.1/portal/user/properties/azure/identity.md rename to docs/directorymanager/11.1/welcome/user/properties/azure/identity.md index d6add89988..f1244ae5e4 100644 --- a/docs/directorymanager/11.1/portal/user/properties/azure/identity.md +++ b/docs/directorymanager/11.1/welcome/user/properties/azure/identity.md @@ -1,3 +1,9 @@ +--- +title: "User properties - Identity tab" +description: "User properties - Identity tab" +sidebar_position: 30 +--- + # User properties - Identity tab Use this tab to view or update the general information for a user and mailbox in a Microsoft Entra diff --git a/docs/directorymanager/11.1/welcome/user/properties/azure/jobinfo.md b/docs/directorymanager/11.1/welcome/user/properties/azure/jobinfo.md new file mode 100644 index 0000000000..5ec448bfe0 --- /dev/null +++ b/docs/directorymanager/11.1/welcome/user/properties/azure/jobinfo.md @@ -0,0 +1,19 @@ +--- +title: "User properties - Job Info tab" +description: "User properties - Job Info tab" +sidebar_position: 40 +--- + +# User properties - Job Info tab + +The Job Info tab is similar to the +[Object properties - Organization tab](/docs/directorymanager/11.1/welcome/user/properties/activedirectory/useroverview/organization.md) in user properties, with +the addition of two fields: Title and Department. + +Title + +The job title of the user/mailbox. + +Department + +The department in the organization that the user/mailbox works in. diff --git a/docs/directorymanager/11.1/welcome/user/properties/azure/overview.md b/docs/directorymanager/11.1/welcome/user/properties/azure/overview.md new file mode 100644 index 0000000000..3b44c13e5e --- /dev/null +++ b/docs/directorymanager/11.1/welcome/user/properties/azure/overview.md @@ -0,0 +1,23 @@ +--- +title: "Overview" +description: "Overview" +sidebar_position: 20 +--- + +# Overview + +You can view and manipulate the properties of directory objects (users and mailboxes) in Microsoft +Entra ID, depending on the permissions the Directory Manager administrator has granted you. + +## User and Mailbox properties + +Following is the list of all the properties that Users and Mailbox Users have in an Microsoft Entra +ID based identity store. + +- [User properties - Identity tab](/docs/directorymanager/11.1/welcome/user/properties/azure/identity.md) +- [User properties - Directory Role tab](/docs/directorymanager/11.1/welcome/user/properties/azure/directoryrole.md) +- [User properties - Job Info tab](/docs/directorymanager/11.1/welcome/user/properties/azure/jobinfo.md) +- [User properties - Member Of tab](/docs/directorymanager/11.1/welcome/user/properties/activedirectory/useroverview/memberof.md) +- [Object properties - Email tab](/docs/directorymanager/11.1/welcome/user/properties/activedirectory/useroverview/email.md) (for mailbox only) +- [Mailbox properties - Auto Reply tab](/docs/directorymanager/11.1/welcome/user/properties/activedirectory/mailbox/autoreply.md) (for mailbox only) +- [Object properties - History tab](/docs/directorymanager/11.1/welcome/group/properties/history.md) diff --git a/docs/directorymanager/11.1/welcome/user/properties/overview.md b/docs/directorymanager/11.1/welcome/user/properties/overview.md new file mode 100644 index 0000000000..bac8faafb0 --- /dev/null +++ b/docs/directorymanager/11.1/welcome/user/properties/overview.md @@ -0,0 +1,74 @@ +--- +title: "User Properties" +description: "User Properties" +sidebar_position: 30 +--- + +# User Properties + +You can view and manipulate the properties of directory objects (users, mailboxes, and contacts) in +the connected identity store, depending on the permissions the GroupID administrator has granted +you. + +**You can:** + +- Select the required object and click **Properties** on the toolbar. The object's properties page + is displayed. +- Click **Save** after making any changes in any properties' tab +- Click **Delete** to delete that user, contact, or mailbox. +- Click **Add to Contacts** on the toolbar. The portal creates the direct report's vCard and prompts + you to save it on your machine. You can then use it to add the direct report's email address to + your email contact list. +- Click **Send email** on the toolbar. This launches the default Windows email application for + sending an email to the direct report. +- Click Reset Password to reset the password for the object. +- Click **Organizational Hierarchy** to view the hierarchy of the object. + +## User and Mailbox properties in Active Directory + +Following is the list of all the properties that Users and Mailbox Users have in Active Directory +based identity store. + +- [Object properties - General tab](/docs/directorymanager/11.1/welcome/user/properties/activedirectory/useroverview/general.md) +- [Object properties - Organization tab](/docs/directorymanager/11.1/welcome/user/properties/activedirectory/useroverview/organization.md) +- [User properties - Member Of tab](/docs/directorymanager/11.1/welcome/user/properties/activedirectory/useroverview/memberof.md) +- [Object properties - Phone / Notes tab](/docs/directorymanager/11.1/welcome/user/properties/activedirectory/useroverview/phonenote.md) +- [Object properties - Attributes tab](/docs/directorymanager/11.1/welcome/group/properties/attributes.md) +- [Object properties - Email tab](/docs/directorymanager/11.1/welcome/user/properties/activedirectory/useroverview/email.md) +- [Mailbox properties - Limits tab](/docs/directorymanager/11.1/welcome/user/properties/activedirectory/mailbox/limits.md) (for mailbox only) +- [Mailbox properties - Advanced tab](/docs/directorymanager/11.1/welcome/user/properties/activedirectory/mailbox/advanced.md) (for mailbox only) +- [Object properties - Advanced tab](/docs/directorymanager/11.1/welcome/user/properties/activedirectory/useroverview/advanced.md) +- [User properties - Account tab](/docs/directorymanager/11.1/welcome/user/properties/activedirectory/useroverview/account.md) +- [Mailbox properties - Auto Reply tab](/docs/directorymanager/11.1/welcome/user/properties/activedirectory/mailbox/autoreply.md) (for mailbox only) +- [Object Properties - Entitlements tab](/docs/directorymanager/11.1/welcome/user/properties/activedirectory/useroverview/entitlement.md) +- [Object properties - History tab](/docs/directorymanager/11.1/welcome/group/properties/history.md) + +## User and Mailbox properties in Microsoft Entra ID + +Following is the list of all the properties that Users and Mailbox Users have in an Microsoft Entra +ID based identity store. + +- [User properties - Identity tab](/docs/directorymanager/11.1/welcome/user/properties/azure/identity.md) +- [User properties - Directory Role tab](/docs/directorymanager/11.1/welcome/user/properties/azure/directoryrole.md) +- [User properties - Job Info tab](/docs/directorymanager/11.1/welcome/user/properties/azure/jobinfo.md) +- [User properties - Contact Info tab](/docs/directorymanager/11.1/welcome/user/properties/azure/contactinfo.md) +- [User properties - Member Of tab](/docs/directorymanager/11.1/welcome/user/properties/activedirectory/useroverview/memberof.md) +- [Object properties - Email tab](/docs/directorymanager/11.1/welcome/user/properties/activedirectory/useroverview/email.md) (for mailbox only) +- [Mailbox properties - Auto Reply tab](/docs/directorymanager/11.1/welcome/user/properties/activedirectory/mailbox/autoreply.md) (for mailbox only) +- [Object properties - History tab](/docs/directorymanager/11.1/welcome/group/properties/history.md) + +## Contact properties + +Following is the list of all the properties that Contacts have in Active Directory based identity +store. + +NOTE: Contact object is not supported in Microsoft Entra ID. + +- [Object properties - General tab](/docs/directorymanager/11.1/welcome/user/properties/activedirectory/useroverview/general.md) +- [Object properties - Organization tab](/docs/directorymanager/11.1/welcome/user/properties/activedirectory/useroverview/organization.md) +- [Contact properties - Member Of tab](/docs/directorymanager/11.1/welcome/user/properties/activedirectory/contact/memberof.md) +- [Object properties - Phone / Notes tab](/docs/directorymanager/11.1/welcome/user/properties/activedirectory/useroverview/phonenote.md) +- [Object properties - Attributes tab](/docs/directorymanager/11.1/welcome/group/properties/attributes.md) +- [Object properties - Email tab](/docs/directorymanager/11.1/welcome/user/properties/activedirectory/useroverview/email.md) +- [Contact properties - Advanced tab](/docs/directorymanager/11.1/welcome/user/properties/activedirectory/contact/advanced.md) +- [Object properties - History tab](/docs/directorymanager/11.1/welcome/group/properties/history.md) diff --git a/docs/directorymanager/11.1/welcome/userapis/_category_.json b/docs/directorymanager/11.1/welcome/userapis/_category_.json new file mode 100644 index 0000000000..1563d74201 --- /dev/null +++ b/docs/directorymanager/11.1/welcome/userapis/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "User APIs", + "position": 70, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "userapis" + } +} \ No newline at end of file diff --git a/docs/directorymanager/11.1/api/user/createuser.md b/docs/directorymanager/11.1/welcome/userapis/createuser.md similarity index 96% rename from docs/directorymanager/11.1/api/user/createuser.md rename to docs/directorymanager/11.1/welcome/userapis/createuser.md index f1bc03d6bc..65b1c9d351 100644 --- a/docs/directorymanager/11.1/api/user/createuser.md +++ b/docs/directorymanager/11.1/welcome/userapis/createuser.md @@ -1,3 +1,9 @@ +--- +title: "Create a User" +description: "Create a User" +sidebar_position: 10 +--- + # Create a User This API creates a user in the identity store specified in the endpoint URL. Provide mandatory diff --git a/docs/directorymanager/11.1/api/user/createuserentraid.md b/docs/directorymanager/11.1/welcome/userapis/createuserentraid.md similarity index 99% rename from docs/directorymanager/11.1/api/user/createuserentraid.md rename to docs/directorymanager/11.1/welcome/userapis/createuserentraid.md index 3200f25046..5192a718a7 100644 --- a/docs/directorymanager/11.1/api/user/createuserentraid.md +++ b/docs/directorymanager/11.1/welcome/userapis/createuserentraid.md @@ -1,3 +1,9 @@ +--- +title: "Create an Entra ID User" +description: "Create an Entra ID User" +sidebar_position: 20 +--- + # Create an Entra ID User Use this API to create a user in a Microsoft Entra ID based identity store. diff --git a/docs/directorymanager/11.1/api/user/deleteuser.md b/docs/directorymanager/11.1/welcome/userapis/deleteuser.md similarity index 86% rename from docs/directorymanager/11.1/api/user/deleteuser.md rename to docs/directorymanager/11.1/welcome/userapis/deleteuser.md index a1d54b6603..ec62d92af7 100644 --- a/docs/directorymanager/11.1/api/user/deleteuser.md +++ b/docs/directorymanager/11.1/welcome/userapis/deleteuser.md @@ -1,3 +1,9 @@ +--- +title: "Delete a User" +description: "Delete a User" +sidebar_position: 30 +--- + # Delete a User Using this API, you can delete a single user. diff --git a/docs/directorymanager/11.1/api/user/deleteusers.md b/docs/directorymanager/11.1/welcome/userapis/deleteusers.md similarity index 95% rename from docs/directorymanager/11.1/api/user/deleteusers.md rename to docs/directorymanager/11.1/welcome/userapis/deleteusers.md index 9a244a0f2c..77726b0a5a 100644 --- a/docs/directorymanager/11.1/api/user/deleteusers.md +++ b/docs/directorymanager/11.1/welcome/userapis/deleteusers.md @@ -1,3 +1,9 @@ +--- +title: "Delete Users" +description: "Delete Users" +sidebar_position: 40 +--- + # Delete Users This API deletes multiple users from the identity store given in the endpoint URL. diff --git a/docs/directorymanager/11.1/api/user/getallgroups.md b/docs/directorymanager/11.1/welcome/userapis/getallgroups.md similarity index 98% rename from docs/directorymanager/11.1/api/user/getallgroups.md rename to docs/directorymanager/11.1/welcome/userapis/getallgroups.md index 3d31c46e0e..ccfae316b1 100644 --- a/docs/directorymanager/11.1/api/user/getallgroups.md +++ b/docs/directorymanager/11.1/welcome/userapis/getallgroups.md @@ -1,3 +1,9 @@ +--- +title: "Get All Groups" +description: "Get All Groups" +sidebar_position: 50 +--- + # Get All Groups Use this API to retrieve all groups in the directory for the specified user in the endpoint. diff --git a/docs/directorymanager/11.1/api/user/getmydynasties.md b/docs/directorymanager/11.1/welcome/userapis/getmydynasties.md similarity index 97% rename from docs/directorymanager/11.1/api/user/getmydynasties.md rename to docs/directorymanager/11.1/welcome/userapis/getmydynasties.md index 1a4d978b99..b210ae9a90 100644 --- a/docs/directorymanager/11.1/api/user/getmydynasties.md +++ b/docs/directorymanager/11.1/welcome/userapis/getmydynasties.md @@ -1,3 +1,9 @@ +--- +title: "Get My Dynasties" +description: "Get My Dynasties" +sidebar_position: 60 +--- + # Get My Dynasties Use this API to retrieve the dynasties of the authenticated user. diff --git a/docs/directorymanager/11.1/api/user/getmyexpiredgroups.md b/docs/directorymanager/11.1/welcome/userapis/getmyexpiredgroups.md similarity index 96% rename from docs/directorymanager/11.1/api/user/getmyexpiredgroups.md rename to docs/directorymanager/11.1/welcome/userapis/getmyexpiredgroups.md index 83c6ebd8b1..70e63c4163 100644 --- a/docs/directorymanager/11.1/api/user/getmyexpiredgroups.md +++ b/docs/directorymanager/11.1/welcome/userapis/getmyexpiredgroups.md @@ -1,3 +1,9 @@ +--- +title: "Get My Expired Groups" +description: "Get My Expired Groups" +sidebar_position: 70 +--- + # Get My Expired Groups This API retrieves the expired groups of the authenticated user. diff --git a/docs/directorymanager/11.1/api/user/getmyexpiringgroups.md b/docs/directorymanager/11.1/welcome/userapis/getmyexpiringgroups.md similarity index 96% rename from docs/directorymanager/11.1/api/user/getmyexpiringgroups.md rename to docs/directorymanager/11.1/welcome/userapis/getmyexpiringgroups.md index 981bcffab3..acc5736e1b 100644 --- a/docs/directorymanager/11.1/api/user/getmyexpiringgroups.md +++ b/docs/directorymanager/11.1/welcome/userapis/getmyexpiringgroups.md @@ -1,3 +1,9 @@ +--- +title: "Get My Expiring Groups" +description: "Get My Expiring Groups" +sidebar_position: 80 +--- + # Get My Expiring Groups Use this API to retrieve the expiring groups of the authenticated user. diff --git a/docs/directorymanager/11.1/api/user/getmyexpiringgroupscount.md b/docs/directorymanager/11.1/welcome/userapis/getmyexpiringgroupscount.md similarity index 82% rename from docs/directorymanager/11.1/api/user/getmyexpiringgroupscount.md rename to docs/directorymanager/11.1/welcome/userapis/getmyexpiringgroupscount.md index 66c8ad10a3..e3086d5d9e 100644 --- a/docs/directorymanager/11.1/api/user/getmyexpiringgroupscount.md +++ b/docs/directorymanager/11.1/welcome/userapis/getmyexpiringgroupscount.md @@ -1,3 +1,9 @@ +--- +title: "Get My Expiring Groups Count" +description: "Get My Expiring Groups Count" +sidebar_position: 90 +--- + # Get My Expiring Groups Count This API retrieves the number of expiring groups of the authenticate user. diff --git a/docs/directorymanager/11.1/api/user/getmygroups.md b/docs/directorymanager/11.1/welcome/userapis/getmygroups.md similarity index 98% rename from docs/directorymanager/11.1/api/user/getmygroups.md rename to docs/directorymanager/11.1/welcome/userapis/getmygroups.md index a2760a78f5..65b9382edc 100644 --- a/docs/directorymanager/11.1/api/user/getmygroups.md +++ b/docs/directorymanager/11.1/welcome/userapis/getmygroups.md @@ -1,3 +1,9 @@ +--- +title: "Get My Groups" +description: "Get My Groups" +sidebar_position: 100 +--- + # Get My Groups The Get My Groups API retrieves groups of the authenticated user. diff --git a/docs/directorymanager/11.1/api/user/getmygroupscount.md b/docs/directorymanager/11.1/welcome/userapis/getmygroupscount.md similarity index 85% rename from docs/directorymanager/11.1/api/user/getmygroupscount.md rename to docs/directorymanager/11.1/welcome/userapis/getmygroupscount.md index 57fb002efe..4c442925f6 100644 --- a/docs/directorymanager/11.1/api/user/getmygroupscount.md +++ b/docs/directorymanager/11.1/welcome/userapis/getmygroupscount.md @@ -1,3 +1,9 @@ +--- +title: "Get My Groups Count" +description: "Get My Groups Count" +sidebar_position: 110 +--- + # Get My Groups Count This API retrieves the number of groups of the authenticated user. diff --git a/docs/directorymanager/11.1/api/user/getmymemberships.md b/docs/directorymanager/11.1/welcome/userapis/getmymemberships.md similarity index 98% rename from docs/directorymanager/11.1/api/user/getmymemberships.md rename to docs/directorymanager/11.1/welcome/userapis/getmymemberships.md index 35ba73d1c1..3df5482be1 100644 --- a/docs/directorymanager/11.1/api/user/getmymemberships.md +++ b/docs/directorymanager/11.1/welcome/userapis/getmymemberships.md @@ -1,3 +1,9 @@ +--- +title: "Get My Membership" +description: "Get My Membership" +sidebar_position: 120 +--- + # Get My Membership Use this API to retrieve membership information of the authenticated user. diff --git a/docs/directorymanager/11.1/api/user/getmymemebershipcount.md b/docs/directorymanager/11.1/welcome/userapis/getmymemebershipcount.md similarity index 84% rename from docs/directorymanager/11.1/api/user/getmymemebershipcount.md rename to docs/directorymanager/11.1/welcome/userapis/getmymemebershipcount.md index af3d9a500f..2fe700e90a 100644 --- a/docs/directorymanager/11.1/api/user/getmymemebershipcount.md +++ b/docs/directorymanager/11.1/welcome/userapis/getmymemebershipcount.md @@ -1,3 +1,9 @@ +--- +title: "Get My Membership Count" +description: "Get My Membership Count" +sidebar_position: 130 +--- + # Get My Membership Count Using this API, the authenticated user can get the number of groups the user is a member of. diff --git a/docs/directorymanager/11.1/api/user/getmysmartgroups.md b/docs/directorymanager/11.1/welcome/userapis/getmysmartgroups.md similarity index 98% rename from docs/directorymanager/11.1/api/user/getmysmartgroups.md rename to docs/directorymanager/11.1/welcome/userapis/getmysmartgroups.md index 6469f73e39..9698e2caac 100644 --- a/docs/directorymanager/11.1/api/user/getmysmartgroups.md +++ b/docs/directorymanager/11.1/welcome/userapis/getmysmartgroups.md @@ -1,3 +1,9 @@ +--- +title: "Get My Smart Groups" +description: "Get My Smart Groups" +sidebar_position: 140 +--- + # Get My Smart Groups Using this API, information about the authentiacated user's Smart Groups can be retrieved. diff --git a/docs/directorymanager/11.1/api/user/getuser.md b/docs/directorymanager/11.1/welcome/userapis/getuser.md similarity index 98% rename from docs/directorymanager/11.1/api/user/getuser.md rename to docs/directorymanager/11.1/welcome/userapis/getuser.md index 536fd7abe0..607b385598 100644 --- a/docs/directorymanager/11.1/api/user/getuser.md +++ b/docs/directorymanager/11.1/welcome/userapis/getuser.md @@ -1,3 +1,9 @@ +--- +title: "Get a User" +description: "Get a User" +sidebar_position: 150 +--- + # Get a User Use this API to get information of a single user. diff --git a/docs/directorymanager/11.1/api/user/getusers.md b/docs/directorymanager/11.1/welcome/userapis/getusers.md similarity index 99% rename from docs/directorymanager/11.1/api/user/getusers.md rename to docs/directorymanager/11.1/welcome/userapis/getusers.md index 32534a4933..2954676987 100644 --- a/docs/directorymanager/11.1/api/user/getusers.md +++ b/docs/directorymanager/11.1/welcome/userapis/getusers.md @@ -1,3 +1,9 @@ +--- +title: "Get Users" +description: "Get Users" +sidebar_position: 160 +--- + # Get Users Use this API to retrieve information of multiple users from the specified identity store. diff --git a/docs/directorymanager/11.1/api/user/updateuser.md b/docs/directorymanager/11.1/welcome/userapis/updateuser.md similarity index 94% rename from docs/directorymanager/11.1/api/user/updateuser.md rename to docs/directorymanager/11.1/welcome/userapis/updateuser.md index f368ae64d9..109c40b4a0 100644 --- a/docs/directorymanager/11.1/api/user/updateuser.md +++ b/docs/directorymanager/11.1/welcome/userapis/updateuser.md @@ -1,3 +1,9 @@ +--- +title: "Update a User" +description: "Update a User" +sidebar_position: 170 +--- + # Update a User This API updates a user's information in the specified identity store. diff --git a/docs/directorymanager/11.1/welcome/userapis/userapis.md b/docs/directorymanager/11.1/welcome/userapis/userapis.md new file mode 100644 index 0000000000..a52f0eb55e --- /dev/null +++ b/docs/directorymanager/11.1/welcome/userapis/userapis.md @@ -0,0 +1,26 @@ +--- +title: "User APIs" +description: "User APIs" +sidebar_position: 70 +--- + +# User APIs + +Directory Manager provides the following APIs to perform user-specific functions: + +- [Create a User](/docs/directorymanager/11.1/welcome/userapis/createuser.md) +- [Create an Entra ID User](/docs/directorymanager/11.1/welcome/userapis/createuserentraid.md) +- [Delete a User](/docs/directorymanager/11.1/welcome/userapis/deleteuser.md) +- [Delete Users](/docs/directorymanager/11.1/welcome/userapis/deleteusers.md) +- [Get All Groups](/docs/directorymanager/11.1/welcome/userapis/getallgroups.md) +- [Get My Dynasties](/docs/directorymanager/11.1/welcome/userapis/getmydynasties.md) +- [Get My Expired Groups](/docs/directorymanager/11.1/welcome/userapis/getmyexpiredgroups.md) +- [Get My Expiring Groups](/docs/directorymanager/11.1/welcome/userapis/getmyexpiringgroups.md) +- [Get My Expiring Groups Count](/docs/directorymanager/11.1/welcome/userapis/getmyexpiringgroupscount.md) +- [Get My Groups](/docs/directorymanager/11.1/welcome/userapis/getmygroups.md) +- [Get My Groups Count](/docs/directorymanager/11.1/welcome/userapis/getmygroupscount.md) +- [Get My Membership](/docs/directorymanager/11.1/welcome/userapis/getmymemberships.md) +- [Get My Membership Count](/docs/directorymanager/11.1/welcome/userapis/getmymemebershipcount.md) +- [Get My Smart Groups](/docs/directorymanager/11.1/welcome/userapis/getmysmartgroups.md) +- [Get a User](/docs/directorymanager/11.1/welcome/userapis/getuser.md) +- [Get Users](/docs/directorymanager/11.1/welcome/userapis/getusers.md) diff --git a/docs/directorymanager/11.1/welcome/welcome.md b/docs/directorymanager/11.1/welcome/welcome.md new file mode 100644 index 0000000000..fc937d531c --- /dev/null +++ b/docs/directorymanager/11.1/welcome/welcome.md @@ -0,0 +1,40 @@ +--- +title: "Welcome to the Portal" +description: "Welcome to the Portal" +sidebar_position: 50 +--- + +# Welcome to the Portal + +A Directory Manager portal represents a virtual link with the directory. Using it, users can do the +following in an identity store: + +- Search the directory. +- Perform group management tasks, such as create and update their groups, join/leave a group, attest + an expiring group, group expiry and renew an expired group , and more. +- Carry out user management tasks, such as create, update, and delete users in the directory. Users + can maintain and update their profiles, change password, manage their profile, direct reports, and + more. +- Synchronize data between a source and a destination, such as directories, files, and databases. +- Manage user and group entitlements to shared resources on file servers and SharePoint sites. +- Approve and deny workflow requests. +- Generate hundreds of insightful reports on Active Directory, Microsoft Entra ID, Exchange, and + Office 365 objects (groups, users, mailboxes, contacts, computers, and servers). +- View history data for directory objects that are created, updated, or deleted in the directory + using Directory Manager. + +Delegating group and user management tasks to end-users reduces the workload on IT administrators +and helpdesk, as users are empowered to manage their groups and direct reports without assistance +from an administrator. Moreover, when users maintain and update their profile information, data is +more accurate and reliable. + +Administrators can maintain complete control over data integrity, as they can implement fine-grained +controls and policies that determine what users can view and change using the GroupID portal. They +can also define workflows for an identity store, that serve as a built-in auditing system to ensure +that users enter correct data before changes are committed to the directory. + +A Directory Manager portal can be linked with multiple identity stores, thus eliminating the need to +create a separate portal for each identity store. Users can select an identity store to log in. + +NOTE: Since the administrator can customize the portal for different identity stores and for +different user roles within an identity stores, you may not have access to all portal features. diff --git a/docs/directorymanager/11.1/welcome/welcome_1.md b/docs/directorymanager/11.1/welcome/welcome_1.md new file mode 100644 index 0000000000..e32d7ae7f1 --- /dev/null +++ b/docs/directorymanager/11.1/welcome/welcome_1.md @@ -0,0 +1,25 @@ +--- +title: "Directory Manager (formerly GroupID) APIs" +description: "Directory Manager (formerly GroupID) APIs" +sidebar_position: 100 +--- + +# Directory Manager (formerly GroupID) APIs + +Directory Manager APIs enable developers to quickly intergrate their applications with Directory +Manager to "perform actions" such as group creation and lifecycle operations using a relevant +Directory Manager API. + +Various Directory Manager functions can be performed using these APIs. The response can be returned +in JSON format. + +These URLs represent various resources — any information or content accessed at that location, which +can be returned in JSON format. Often resources have one or more methods that can be performed on +them over HTTP, like `GET`, `POST`, `PUT`, `PATCH`, and `DELETE`. The action represented by the +first and last of these is clear, but `POST` and `PATCH` have specific meanings. How they are +defined is confusing, but the general rule is: use `POST` to create resources, `PUT` and `PATCH` to +update resources. + +NOTE: All the APIs documented in the API section are for an Active Directory based identity store. +In each API, the **Sample Request Syntax** and the **Sample Response Syntax** sections have +attributes that are supported in an Active Directory based identity store. diff --git a/docs/directorymanager/11.1/welcome/workflowapis/_category_.json b/docs/directorymanager/11.1/welcome/workflowapis/_category_.json new file mode 100644 index 0000000000..d1da302f2f --- /dev/null +++ b/docs/directorymanager/11.1/welcome/workflowapis/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Workflow APIs", + "position": 80, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "workflowapis" + } +} \ No newline at end of file diff --git a/docs/directorymanager/11.1/api/workflow/allwfroutes.md b/docs/directorymanager/11.1/welcome/workflowapis/allwfroutes.md similarity index 99% rename from docs/directorymanager/11.1/api/workflow/allwfroutes.md rename to docs/directorymanager/11.1/welcome/workflowapis/allwfroutes.md index cbfb91d1c9..bc39baaa52 100644 --- a/docs/directorymanager/11.1/api/workflow/allwfroutes.md +++ b/docs/directorymanager/11.1/welcome/workflowapis/allwfroutes.md @@ -1,3 +1,9 @@ +--- +title: "All Workflow Routes" +description: "All Workflow Routes" +sidebar_position: 10 +--- + # All Workflow Routes Use this API to get information about all workflow routes, system defined and user defined, in a diff --git a/docs/directorymanager/11.1/api/workflow/approvereq.md b/docs/directorymanager/11.1/welcome/workflowapis/approvereq.md similarity index 92% rename from docs/directorymanager/11.1/api/workflow/approvereq.md rename to docs/directorymanager/11.1/welcome/workflowapis/approvereq.md index a4cd40974f..8864d75889 100644 --- a/docs/directorymanager/11.1/api/workflow/approvereq.md +++ b/docs/directorymanager/11.1/welcome/workflowapis/approvereq.md @@ -1,3 +1,9 @@ +--- +title: "Approve a Request" +description: "Approve a Request" +sidebar_position: 20 +--- + # Approve a Request Using this API you can approve a specified workflow request. diff --git a/docs/directorymanager/11.1/api/workflow/configurepowerautomate.md b/docs/directorymanager/11.1/welcome/workflowapis/configurepowerautomate.md similarity index 91% rename from docs/directorymanager/11.1/api/workflow/configurepowerautomate.md rename to docs/directorymanager/11.1/welcome/workflowapis/configurepowerautomate.md index 73a6e8d4ad..ce73329c28 100644 --- a/docs/directorymanager/11.1/api/workflow/configurepowerautomate.md +++ b/docs/directorymanager/11.1/welcome/workflowapis/configurepowerautomate.md @@ -1,3 +1,9 @@ +--- +title: "Configure Power Automate" +description: "Configure Power Automate" +sidebar_position: 30 +--- + # Configure Power Automate You can link an identity store in Directory Manager to Power Automate to trigger a flow from diff --git a/docs/directorymanager/11.1/api/workflow/createroute.md b/docs/directorymanager/11.1/welcome/workflowapis/createroute.md similarity index 95% rename from docs/directorymanager/11.1/api/workflow/createroute.md rename to docs/directorymanager/11.1/welcome/workflowapis/createroute.md index 9ef918efbe..417af15ba3 100644 --- a/docs/directorymanager/11.1/api/workflow/createroute.md +++ b/docs/directorymanager/11.1/welcome/workflowapis/createroute.md @@ -1,3 +1,9 @@ +--- +title: "Create a Route" +description: "Create a Route" +sidebar_position: 40 +--- + # Create a Route Use this API to create a new workflow route. To create a workflow, you have to specify the @@ -14,8 +20,8 @@ following: field criterion is met. - Approver – The object to send the workflow request for approval. -See the [Create a New Workflow](/docs/directorymanager/11.1/admincenter/workflow/implement.md#create-a-new-workflow) -section of the [Implement Workflows](/docs/directorymanager/11.1/admincenter/workflow/implement.md) topic for additional +See the [Create a New Workflow](/docs/directorymanager/11.1/signin/workflow/implement.md#create-a-new-workflow) +section of the [Implement Workflows](/docs/directorymanager/11.1/signin/workflow/implement.md) topic for additional information. ## Endpoint diff --git a/docs/directorymanager/11.1/api/workflow/deletereqstatus.md b/docs/directorymanager/11.1/welcome/workflowapis/deletereqstatus.md similarity index 88% rename from docs/directorymanager/11.1/api/workflow/deletereqstatus.md rename to docs/directorymanager/11.1/welcome/workflowapis/deletereqstatus.md index a7da5a6b02..3881ac62ba 100644 --- a/docs/directorymanager/11.1/api/workflow/deletereqstatus.md +++ b/docs/directorymanager/11.1/welcome/workflowapis/deletereqstatus.md @@ -1,3 +1,9 @@ +--- +title: "Delete Request Status" +description: "Delete Request Status" +sidebar_position: 70 +--- + # Delete Request Status Use this API to delete a request which has the specified status for more than specified days. For diff --git a/docs/directorymanager/11.1/api/workflow/deleteroute.md b/docs/directorymanager/11.1/welcome/workflowapis/deleteroute.md similarity index 93% rename from docs/directorymanager/11.1/api/workflow/deleteroute.md rename to docs/directorymanager/11.1/welcome/workflowapis/deleteroute.md index 16796c13a4..0522497bd9 100644 --- a/docs/directorymanager/11.1/api/workflow/deleteroute.md +++ b/docs/directorymanager/11.1/welcome/workflowapis/deleteroute.md @@ -1,3 +1,9 @@ +--- +title: "Delete a Route" +description: "Delete a Route" +sidebar_position: 50 +--- + # Delete a Route You can use this API to delete a user-defined workflow route. diff --git a/docs/directorymanager/11.1/api/workflow/deletewfreq.md b/docs/directorymanager/11.1/welcome/workflowapis/deletewfreq.md similarity index 75% rename from docs/directorymanager/11.1/api/workflow/deletewfreq.md rename to docs/directorymanager/11.1/welcome/workflowapis/deletewfreq.md index e3878898c8..b98e8c0e33 100644 --- a/docs/directorymanager/11.1/api/workflow/deletewfreq.md +++ b/docs/directorymanager/11.1/welcome/workflowapis/deletewfreq.md @@ -1,3 +1,9 @@ +--- +title: "Delete a Workflow Request" +description: "Delete a Workflow Request" +sidebar_position: 60 +--- + # Delete a Workflow Request Delete a workflow request from a specified identity store ID of which is specified in the endpoint diff --git a/docs/directorymanager/11.1/api/workflow/denyreq.md b/docs/directorymanager/11.1/welcome/workflowapis/denyreq.md similarity index 89% rename from docs/directorymanager/11.1/api/workflow/denyreq.md rename to docs/directorymanager/11.1/welcome/workflowapis/denyreq.md index 273c83b596..c6f657ac2d 100644 --- a/docs/directorymanager/11.1/api/workflow/denyreq.md +++ b/docs/directorymanager/11.1/welcome/workflowapis/denyreq.md @@ -1,3 +1,9 @@ +--- +title: "Deny a Request" +description: "Deny a Request" +sidebar_position: 80 +--- + # Deny a Request If you want to deny a workflow request in a specified identity store, you can use this API. diff --git a/docs/directorymanager/11.1/api/workflow/getapprovers.md b/docs/directorymanager/11.1/welcome/workflowapis/getapprovers.md similarity index 95% rename from docs/directorymanager/11.1/api/workflow/getapprovers.md rename to docs/directorymanager/11.1/welcome/workflowapis/getapprovers.md index 1d1734ab2a..86dd006702 100644 --- a/docs/directorymanager/11.1/api/workflow/getapprovers.md +++ b/docs/directorymanager/11.1/welcome/workflowapis/getapprovers.md @@ -1,3 +1,9 @@ +--- +title: "Get Approvers" +description: "Get Approvers" +sidebar_position: 100 +--- + # Get Approvers This API provides information about the approver(s) of a workflow request. diff --git a/docs/directorymanager/11.1/api/workflow/getdefroute.md b/docs/directorymanager/11.1/welcome/workflowapis/getdefroute.md similarity index 97% rename from docs/directorymanager/11.1/api/workflow/getdefroute.md rename to docs/directorymanager/11.1/welcome/workflowapis/getdefroute.md index 688e373d7c..89274d9748 100644 --- a/docs/directorymanager/11.1/api/workflow/getdefroute.md +++ b/docs/directorymanager/11.1/welcome/workflowapis/getdefroute.md @@ -1,10 +1,16 @@ +--- +title: "Get Default Routes" +description: "Get Default Routes" +sidebar_position: 110 +--- + # Get Default Routes Use this API to retrieve information about Directory Manager default workflows. These workflows are predefine in Directory Manager that trigger when their associated events occur. -See the [System Workflows](/docs/directorymanager/11.1/admincenter/workflow/overview.md#system-workflows) section of the -[Workflows](/docs/directorymanager/11.1/admincenter/workflow/overview.md) topic for additional information. +See the [System Workflows](/docs/directorymanager/11.1/signin/workflow/overview.md#system-workflows) section of the +[Workflows](/docs/directorymanager/11.1/signin/workflow/overview.md) topic for additional information. ## Endpoint diff --git a/docs/directorymanager/11.1/api/workflow/getmyreq.md b/docs/directorymanager/11.1/welcome/workflowapis/getmyreq.md similarity index 98% rename from docs/directorymanager/11.1/api/workflow/getmyreq.md rename to docs/directorymanager/11.1/welcome/workflowapis/getmyreq.md index 5e20fa9acf..fa3b8226fc 100644 --- a/docs/directorymanager/11.1/api/workflow/getmyreq.md +++ b/docs/directorymanager/11.1/welcome/workflowapis/getmyreq.md @@ -1,3 +1,9 @@ +--- +title: "Get My Requests" +description: "Get My Requests" +sidebar_position: 120 +--- + # Get My Requests Using this API the logged in user can get information about his/her workflow request(s). diff --git a/docs/directorymanager/11.1/api/workflow/getpendingreq.md b/docs/directorymanager/11.1/welcome/workflowapis/getpendingreq.md similarity index 97% rename from docs/directorymanager/11.1/api/workflow/getpendingreq.md rename to docs/directorymanager/11.1/welcome/workflowapis/getpendingreq.md index 2990a50a6a..d6010e4323 100644 --- a/docs/directorymanager/11.1/api/workflow/getpendingreq.md +++ b/docs/directorymanager/11.1/welcome/workflowapis/getpendingreq.md @@ -1,9 +1,15 @@ +--- +title: "Get Pending Requests" +description: "Get Pending Requests" +sidebar_position: 130 +--- + # Get Pending Requests Use this API to retrieve information about all those requests with pending status provided you have the required permissions to manage all requests. See the -[Miscellaneous](/docs/directorymanager/11.1/admincenter/securityrole/permissions.md#miscellaneous) section of the -[Security Role – Permissions](/docs/directorymanager/11.1/admincenter/securityrole/permissions.md) topic. +[Miscellaneous](/docs/directorymanager/11.1/signin/securityrole/permissions.md#miscellaneous) section of the +[Security Role – Permissions](/docs/directorymanager/11.1/signin/securityrole/permissions.md) topic. ## Endpoint diff --git a/docs/directorymanager/11.1/api/workflow/getpowerautomatesettings.md b/docs/directorymanager/11.1/welcome/workflowapis/getpowerautomatesettings.md similarity index 86% rename from docs/directorymanager/11.1/api/workflow/getpowerautomatesettings.md rename to docs/directorymanager/11.1/welcome/workflowapis/getpowerautomatesettings.md index e5e1de732a..62924e529b 100644 --- a/docs/directorymanager/11.1/api/workflow/getpowerautomatesettings.md +++ b/docs/directorymanager/11.1/welcome/workflowapis/getpowerautomatesettings.md @@ -1,3 +1,9 @@ +--- +title: "Get Power Automate Settings" +description: "Get Power Automate Settings" +sidebar_position: 140 +--- + # Get Power Automate Settings If in Directory Manager you have linked an identity store to Power Automate, you can retrieve the diff --git a/docs/directorymanager/11.1/api/workflow/getwfreq.md b/docs/directorymanager/11.1/welcome/workflowapis/getwfreq.md similarity index 97% rename from docs/directorymanager/11.1/api/workflow/getwfreq.md rename to docs/directorymanager/11.1/welcome/workflowapis/getwfreq.md index 3085bacc70..c30feb29aa 100644 --- a/docs/directorymanager/11.1/api/workflow/getwfreq.md +++ b/docs/directorymanager/11.1/welcome/workflowapis/getwfreq.md @@ -1,3 +1,9 @@ +--- +title: "Get Workflow Requests" +description: "Get Workflow Requests" +sidebar_position: 150 +--- + # Get Workflow Requests Using this API you can retrieve information about a workflow request ID(s) of which are specified in diff --git a/docs/directorymanager/11.1/api/workflow/getwfroute.md b/docs/directorymanager/11.1/welcome/workflowapis/getwfroute.md similarity index 95% rename from docs/directorymanager/11.1/api/workflow/getwfroute.md rename to docs/directorymanager/11.1/welcome/workflowapis/getwfroute.md index 649de16dc9..a859e7e4a9 100644 --- a/docs/directorymanager/11.1/api/workflow/getwfroute.md +++ b/docs/directorymanager/11.1/welcome/workflowapis/getwfroute.md @@ -1,3 +1,9 @@ +--- +title: "Get a Workflow Route" +description: "Get a Workflow Route" +sidebar_position: 90 +--- + # Get a Workflow Route Use this API to get workflow route id of which is specified in the end point URL. diff --git a/docs/directorymanager/11.1/api/workflow/updatepowerautomatesettings.md b/docs/directorymanager/11.1/welcome/workflowapis/updatepowerautomatesettings.md similarity index 86% rename from docs/directorymanager/11.1/api/workflow/updatepowerautomatesettings.md rename to docs/directorymanager/11.1/welcome/workflowapis/updatepowerautomatesettings.md index 5faa9f7119..4761d7bdd8 100644 --- a/docs/directorymanager/11.1/api/workflow/updatepowerautomatesettings.md +++ b/docs/directorymanager/11.1/welcome/workflowapis/updatepowerautomatesettings.md @@ -1,3 +1,9 @@ +--- +title: "Update Power Automate Settings" +description: "Update Power Automate Settings" +sidebar_position: 170 +--- + # Update Power Automate Settings If you have defined Power-Automate settings for an identity store, you can use this API to update diff --git a/docs/directorymanager/11.1/api/workflow/updateroute.md b/docs/directorymanager/11.1/welcome/workflowapis/updateroute.md similarity index 97% rename from docs/directorymanager/11.1/api/workflow/updateroute.md rename to docs/directorymanager/11.1/welcome/workflowapis/updateroute.md index a9a8f0bf7e..687127c779 100644 --- a/docs/directorymanager/11.1/api/workflow/updateroute.md +++ b/docs/directorymanager/11.1/welcome/workflowapis/updateroute.md @@ -1,3 +1,9 @@ +--- +title: "Update a Route" +description: "Update a Route" +sidebar_position: 160 +--- + # Update a Route You can use this API to update a workflow route in a specified identity store. diff --git a/docs/directorymanager/11.1/welcome/workflowapis/workflowapis.md b/docs/directorymanager/11.1/welcome/workflowapis/workflowapis.md new file mode 100644 index 0000000000..cbbc259e66 --- /dev/null +++ b/docs/directorymanager/11.1/welcome/workflowapis/workflowapis.md @@ -0,0 +1,28 @@ +--- +title: "Workflow APIs" +description: "Workflow APIs" +sidebar_position: 80 +--- + +# Workflow APIs + +Directory Manager provides the following APIs to perform functions related to Directory Manager +workflows: + +- [All Workflow Routes](/docs/directorymanager/11.1/welcome/workflowapis/allwfroutes.md) +- [Approve a Request](/docs/directorymanager/11.1/welcome/workflowapis/approvereq.md) +- [Configure Power Automate](/docs/directorymanager/11.1/welcome/workflowapis/configurepowerautomate.md) +- [Create a Route](/docs/directorymanager/11.1/welcome/workflowapis/createroute.md) +- [Delete a Route](/docs/directorymanager/11.1/welcome/workflowapis/deleteroute.md) +- [Delete a Workflow Request](/docs/directorymanager/11.1/welcome/workflowapis/deletewfreq.md) +- [Delete Request Status](/docs/directorymanager/11.1/welcome/workflowapis/deletereqstatus.md) +- [Deny a Request](/docs/directorymanager/11.1/welcome/workflowapis/denyreq.md) +- [Get a Workflow Route](/docs/directorymanager/11.1/welcome/workflowapis/getwfroute.md) +- [Get Approvers](/docs/directorymanager/11.1/welcome/workflowapis/getapprovers.md) +- [Get Default Routes](/docs/directorymanager/11.1/welcome/workflowapis/getdefroute.md) +- [Get My Requests](/docs/directorymanager/11.1/welcome/workflowapis/getmyreq.md) +- [Get Pending Requests](/docs/directorymanager/11.1/welcome/workflowapis/getpendingreq.md) +- [Get Power Automate Settings](/docs/directorymanager/11.1/welcome/workflowapis/getpowerautomatesettings.md) +- [Get Workflow Requests](/docs/directorymanager/11.1/welcome/workflowapis/getwfreq.md) +- [Update a Route](/docs/directorymanager/11.1/welcome/workflowapis/updateroute.md) +- [Update Power Automate Settings](/docs/directorymanager/11.1/welcome/workflowapis/updatepowerautomatesettings.md) diff --git a/docs/directorymanager/11.1/whatsnew.md b/docs/directorymanager/11.1/whatsnew.md deleted file mode 100644 index 18fa597925..0000000000 --- a/docs/directorymanager/11.1/whatsnew.md +++ /dev/null @@ -1,7 +0,0 @@ -# What's New - -## New Netwrix Community! - -All Netwrix product announcements have moved to the new Netwrix Community. See announcements for -Netwrix Directory Manager (formerly GroupID) in the -[Directory Manager](https://community.netwrix.com/c/110) area of our new community. diff --git a/docs/endpointprotector/5.9.4.2/admin/_category_.json b/docs/endpointprotector/5.9.4.2/admin/_category_.json new file mode 100644 index 0000000000..51435b6e32 --- /dev/null +++ b/docs/endpointprotector/5.9.4.2/admin/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Administration", + "position": 40, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/endpointprotector/5.9.4.2/admin/alerts/overview.md b/docs/endpointprotector/5.9.4.2/admin/alerts/overview.md deleted file mode 100644 index 32677f9ae0..0000000000 --- a/docs/endpointprotector/5.9.4.2/admin/alerts/overview.md +++ /dev/null @@ -1,184 +0,0 @@ -# Alerts - -From this section, you can define E-mail Alerts for the main events detected by Endpoint Protector: -System Alerts, Device Control Alerts, Content Aware Alerts, and Enforced Encryption Alerts. - -**NOTE:** Before creating alerts, make sure the Endpoint Protector E-mail Server Settings have been -configured from the System Configuration, System Settings section. You also have the option to verify -these settings by sending a test E-mail. - -For each Administrator to appear in the list of recipients for the Alerts, this has to be provided -under the Administrator details from the System Configuration, System Administrators section. - -![ Endpoint Protector E-mail Server Settings](/img/product_docs/endpointprotector/5.9.4.2/admin/alerts/emailserversettings.webp) - -## System Alerts - -From this section, you can create system alerts, including APNS certificate expiry, updates and -support expiry, endpoint licenses used, etc. - -![System Alerts Settings](/img/product_docs/endpointprotector/5.9.4.2/admin/alerts/systemalerts.webp) - -### Creating a System Alert - -Follow the steps to add a new Alert. - -**Step 1 –** Click **Create**, provide the required information and then click **Save**. - -- Event – select the type of event that generates the alert -- Updates and Support – set an alert regarding each module’s maintenance status (Device Control, - Content Aware Protection, and eDiscovery) - - **NOTE:** You can disable the Update and Support system alert from General Dashboard, System - Status. - -- Endpoint Licenses – set an alert to be notified of the percentage of used Endpoint Licenses and - eliminate the risks of having unprotected endpoints as each network is constantly growing. Define - alerts when the percentage of used Endpoint Licenses reaches 70%, 80%, or 90%. -- Client Uninstall – set an alert each time an Endpoint Protector Client is uninstalled for better - management of an extensive network. This is particularly helpful when there are several assigned - Administrators. -- Server Disk Space – set an alert to be notified of the Server Disk Space status and ensure Server - Disk Space remains available for logs to be stored and policies are correctly applied. -- Define alerts when disk space reaches 70%, 80%, or 90% and then select the monitored partitions - from the available root, epp and boot. -- Device Control – Logs Amount – set an alert each time the Number of Device Control Logs Stored - reaches a specific amount. Select from the available intervals or define a custom value. -- Content Aware – Logs Amount –set an alert each time the Number of Content Aware Logs Stored - reaches a specific amount. Select from the available intervals or define a custom value. -- Password Expiration – set an alert to be notified when a password is about to expire. Define the - alert using the 10, 5, or 1 day options. -- Not Seen Online – set an alert each time a protected endpoint has not been seen online in the - specific timeframe. Select an option from the available intervals or define a custom interval. This - alert can also identify computers where the Endpoint Protector Client might have been uninstalled. -- Unplanned Client Termination – set an alert to identify when a user tries to terminate the - Endpoint Protector process. - -**Step 2 –** Alert Name – Add a name for the alert. - -**Step 3 –** Options –Based on the type of alert you selected, define the alert using the additional -options. - -**Step 4 –** Administrators - Select the Administrators that will receive the alerts. - -![Creating a System Alert](/img/product_docs/endpointprotector/5.9.4.2/admin/alerts/creatsystemalert.webp) - -### System Alerts History - -From this section, you can view a history of the System Alerts. Alerts that are no longer needed for -auditing purposes can later be deleted. - -![System Alerts History](/img/product_docs/endpointprotector/5.9.4.2/admin/alerts/systemalertshistory.webp) - -## Device Control Alerts - -From this section, you can create Device Control alerts, for events such as Connected, File Read, -File Write, Enforced Encryption – successfully deployed, etc. - -![Device Control Alerts](/img/product_docs/endpointprotector/5.9.4.2/admin/alerts/dcalerts.webp) - -### Creating a Device Control Alert - -To add a new device control alert, click **Create**, provide the required information, and then -click **Save**. - -- Event – select the event type that generates the alert; -- Alerts Name – add a name for the alert; -- Device Type – select the device type from the drop-down list of available devices; -- Devices – select the specific device already available in the system; -- Monitored Entities – select the Groups, Computers, or Users that generate the event; -- Administrators – select the Administrators that will receive the alerts. - -![Creating a Device Control Alert](/img/product_docs/endpointprotector/5.9.4.2/admin/alerts/creatingdcalert.webp) - -### Device Control Alerts History - -From this section, you can view a history of the Device Control Alerts. Alerts that are no longer -needed for auditing purposes can later be deleted. - -![Device Control Alerts History](/img/product_docs/endpointprotector/5.9.4.2/admin/alerts/dcalertshistory.webp) - -## Content Aware Alerts - -From this section, you can create Content Aware alerts, for events such as Content Threat Detected -or Content Threat Blocked. - -![Content Aware Alerts](/img/product_docs/endpointprotector/5.9.4.2/admin/alerts/contentawarealerts.webp) - -### Creating a Content Aware Alert - -Follow the steps to create a content aware alert. - -**Step 1 –** To add a new Alert, click **Create** and provide the information required. - -- Event - the event type that generates the alert (Content Threat Detected or Content Threat - Blocked) - - - Content Threat DetectedDPI bypasswhitelist - - Content Threat Blocked - - Content Remediation Session Active - - Content Remediation Request Canceled by User - - DPI Bypassed Traffic - -- Alerts Name – Add a name for the alert. -- Content Policy – Select a policy to apply the alert (this field is not available if you select DPI - Bypass Traffic event). -- Administrators – Select the Administrators that will receive the alerts. -- Monitored Entities – Select the Groups, Computers, or Users that generate the event . - -**Step 2 –** Click **Save**. - -The alert sent on the email will also include a CSV file with a report of the threats found. - -**NOTE:** Before creating the alert, ensure the selected Content Aware Policy is enabled on the -chosen Computer, User, Group, or Department. - -![Creating a Content Aware Alert](/img/product_docs/endpointprotector/5.9.4.2/admin/alerts/creatingcontentawarealertinfo.webp) - -![Creating a Content Aware Alert](/img/product_docs/endpointprotector/5.9.4.2/admin/alerts/creatingcontentawarealert.webp) - -### Content Aware Alerts History - -From this section, you can view a history of the Content Aware Alerts. Alerts that are no longer -needed for auditing purposes can later be deleted. - -![Content Aware Alerts History](/img/product_docs/endpointprotector/5.9.4.2/admin/alerts/contentawarealertshistory.webp) - -## Enforced Encryption Alert - -From this section, you can create Enforced Encryption alerts, for events such as password changes, -messages sent, etc. - -![Enforced Encryption Alert](/img/product_docs/endpointprotector/5.9.4.2/admin/alerts/enforcedencryptionalert.webp) - -### Creating an Enforced Encryption Alert - -Follow the steps to create an enforced encryption alert. - -**Step 1 –** Click **Create** and provide the required information. - -- Event – Select the type of event that generates the alert - - - Send Message - - Change Master Password - - Change User’s Password - - Reset Device - - Change Settings – Installation and Execution - - Re-deploy Client - - Master Password Login Success - - Password Login Failure - - Password Login Exceeded - -- Alerts Name – Add a name for the alert. -- Administrators - Select the Administrators that will receive the alerts. - -**Step 2 –** Click **Save**. - -![Creating an Enforced Encryption Alert ](/img/product_docs/endpointprotector/5.9.4.2/admin/alerts/createeealert.webp) - -### Enforced Encryption Alert History - -From this section, you can view the history of the Enforced Encryption Alerts. Alerts that are no -longer needed for auditing purposes can later be deleted. - -![Enforced Encryption Alert History ](/img/product_docs/endpointprotector/5.9.4.2/admin/alerts/eealerthistory.webp) diff --git a/docs/endpointprotector/5.9.4.2/admin/appliance/overview.md b/docs/endpointprotector/5.9.4.2/admin/appliance/overview.md deleted file mode 100644 index 885588603f..0000000000 --- a/docs/endpointprotector/5.9.4.2/admin/appliance/overview.md +++ /dev/null @@ -1,444 +0,0 @@ -# Appliance - -## Server Information - -From this section you can view general information about the Server, the System Fail/Over status, -information on Disk Space usage and Database, and the Server Uptime. - -![View general information about the Server](/img/product_docs/endpointprotector/5.9.4.2/admin/appliance/serverinformation.webp) - -## Server Maintenance - -In this section, you can set up a preferential time zone and NTP synchronization server, configure -the IP and DNS, register the client certificate, set up a self-signing certificate, perform routine -operations and manage the SSH access. - -![ Set up a preferential time zone and NTP synchronization server](/img/product_docs/endpointprotector/5.9.4.2/admin/appliance/servermaintenance.webp) - -### Time Zone - -In this section you can set a preferential time zone and/or sync the appliance to an NTP source. - -- Time zone – select from the drop-down lists the zone and location -- NTP Server – type the server or go with the default entry -- How often to synchronize – select from the drop-down a time interval when to synchronize of go - with the default selection - -**NOTE:** The appliances are prefigured to sync once a week with pool.ntp.org. - -- Current server time – the field displays the current server time -- Automatic NTP Synchronization – opt in or out to trigger the NTP synchronization automatically -- Click Save to keep all modifications without triggering the synchronization process -- Click Synchronize Time to trigger the synchronization, which will occur in the next 5 minutes. The - Alerts and Logs will be reported after the 5 minutes in a format of your choice -- Click Refresh Current Time to update the Current server time field - -![Set a preferential time zone and/or sync the appliance to an NTP source](/img/product_docs/endpointprotector/5.9.4.2/admin/appliance/timezone.webp) - -### IP Configuration - -In this section you can change the network settings for the appliance to communicate correctly in -your network. - -**NOTE:** Once you change the IP address, close and open again the Internet browser and then access -the Endpoint Protector Administration and Reporting Tool with the new IP address. - -![ Change the network settings for the appliance to communicate correctly in your network](/img/product_docs/endpointprotector/5.9.4.2/admin/appliance/ipconfg.webp) - -### DNS Configuration - -In this section you can modify or add a DNS server address and then Save your changes. - -![Modify or add a DNS server address and then Save your changes](/img/product_docs/endpointprotector/5.9.4.2/admin/appliance/dnsconfg.webp) - -### Client Registration Certificate - -From this section, you can register and then verify the Endpoint Protector Client certificate -signature. The client registration certificate is an additional security measure enabling -certificate-based authentication. - -**CAUTION:** The Client Registration Certificate feature is not available for Linux! - -**Step 1 –** Enable the custom certificate setting and then upload the certificate chain, Root CA and -Intermediate; - -When the custom certificate is **enabled** then: - -- Endpoint Protector Server will validate the client certificate at the registration phase -- Endpoint Protector Client will not validate the server certificate - -When the custom certificate is **disabled** then: - -- Endpoint Protector Server will not validate the client certificate at the registration phase -- Endpoint Protector Client will not validate the server certificate - -**Step 2 –** Enable the test certificate setting and then upload a **certificate signed by root CA** -just for testing the signature (for example the Endpoint Protector Client certificate) - -**Step 3 –** Click **Save** and allow 2 minutes for the information to be validated. You will view a -successful message confirming the custom certificate was added and the test certificate is valid. - -**NOTE:** The client registration authentication certificate and the Endpoint Protector server -certificate must be issued by the same CA. - -For this feature to work, there must be cryptographic identities signed by the root CA deployed on -the endpoints. - -- On macOS these identities should be added to System Keychain in the "My Certificates" section -- On Windows they should be placed in the Certificate Manager's Local Computer\Certificates\Personal - section - -![Register and then verify the Endpoint Protector Client certificate signature](/img/product_docs/endpointprotector/5.9.4.2/admin/appliance/clientregcert.webp) - -### Server Certificate Validation - -From this section, you can configure Server Certificate Validation, which ensures that certificates -used for all communication requests on Endpoint Protector clients are validated. This feature is -crucial for maintaining secure communication between various Endpoint Protector products. - -**NOTE:** All certificate validation statuses will be reported to the Endpoint Protector Server and -stored for debugging purposes in Endpoint Protector Client logs. - -**CAUTION:** Please use this feature responsibly, as improper certificate usage with certification -validation might disrupt Endpoint Protector Client to Endpoint Protector Server communication. For a -successful connection, both server and client certificate validation must be enabled. - -**NOTE:** Starting from the 5.9.0 or later, enabling this option activates Endpoint Protector Server -Certificate Validation for all Endpoint Protector Client communication. This strengthens security by -ensuring trusted and valid certificates are used. - -### Appliance Operations - -In this section you can perform appliance operations such as Reboot or Shutdown. - -![Perform appliance operations such as Reboot or Shutdown](/img/product_docs/endpointprotector/5.9.4.2/admin/appliance/applianceoperations.webp) - -### SSH Server - -In this section you can manage user access to the Appliance through the SSH protocol. - -**_RECOMMENDED:_** Set this option to **Enable** before requesting Support access. - -![Manage user access to the Appliance through the SSH protocol](/img/product_docs/endpointprotector/5.9.4.2/admin/appliance/sshserver.webp) - -## SIEM Integration - -SIEM are a third-party security information and event management tools that allow logging and -analyzing logs generated by network devices and software. The integration with SIEM technology -enables Endpoint Protector to transfer activity events to a SIEM server for analysis and reporting. - -In this section, you can add, edit or delete an existing SIEM Server integration. To edit or delete -a SIEM Server you need to select an available SIEM server integration. - -**CAUTION:** You can configure a maximum number of 4 SIEM Server integrations. - -![Add, edit or delete an existing SIEM Server integration](/img/product_docs/endpointprotector/5.9.4.2/admin/appliance/siemserverintegration.webp) - -To create a SIEM Server, click **Add New** and provide the following information: - -- SIEM Status – toggle switch to enable/disable the SIEM server -- Disable Logging – toggle switch to enable/disable logging - - **NOTE:** If you disable logging, logs will be stored on the Endpoint Protector server or on the - SIEM server when SIEM is installed. - -- Server Name – add a server name -- Server Description – add a description -- Server IP or DNS – add the IP or DNS -- Server Protocol – select the UDP or TCP server protocol - - **NOTE:** Based on the protocol you select you can enable [SIEM Encryption](#siem-encryption). - -- Server Port – add a port -- Exclude Headers - toggle switch to enable/disable log headers - - **NOTE:** If you disable log headers, you will only export data to SIEM. - -- Log Types – select from the available options the logs to send to the SIEM Server - -![SIEM Intergration - Adding a New Server](/img/product_docs/endpointprotector/5.9.4.2/admin/appliance/siemintegrationnewserver.webp) - -**CAUTION:** Please be aware that the SIEM integration feature in Endpoint Protector comes with -certain limitations. To make use of the latest features of this SIEM integration, your environment -must meet specific criteria. It should have been installed from image version 5.6.0.0 or a more -recent version, and maintain an active HTTPS connection. Please note that SIEM integration is only -accessible in environments that meet these stringent prerequisites. - -### SIEM Encryption - -When using the TCP protocol, you have the option to encrypt communication to each SIEM server. In -order to do so, enable the Encryption setting and then Upload the root CA that was used to sign the -server certificate for the SIEM server in .pem format. - -**CAUTION:** The certificate used on the SIEM server must be signed by the same CA as the one -uploaded to the Endpoint Protector Server. - -Endpoint Protector will check the following: - -- The SIEM certificate is signed by the CA, and the CN or SAN matches the name for the SIEM machine -- The Root CA has the Basic Constraint CA set to true - -When validating a certificate, the entire certificate chain must be valid, including the CA -certificate; if any certificate of the chain is invalid, the connection will be rejected. - -Make sure you update the certificate files when they expire. - -**NOTE:** If you applied the latest patch using the option, and cannot view the SIEM encryption -setting, please contact Customer Support. - -### SIEM Export log formats - -Each log entry follows this -format: `log_type: [field_name] field_value | [field_name] field_value | [field_name] field_value ..` - -#### Log structure - -The `log_type` is a combination of "Device Control" and the event name. - -Example terms for log types include: - -- Device Control – Blocked - -- Device Control – Connected - -- Device Control – Device not TD - -To see the supported events on the Endpoint Protector Server, navigate to Appliances > SIEM -Integration > SIEM Policy. - -#### Column header - -The column header is `[field_name]`. - -Example column headers include: - -- [Event Name] -- [Client Computer] -- [IP Address] - -You can find the complete list of `[field_name]` in the -[SIEM Export Log Fields](#siem-export-log-fields) section. - -#### Contents of the column - -The `field_value` represents the actual contents within the column. - -Example field values include: - -- Offline Temporary Password used -- User’s computer -- 192.168.0 - -### SIEM Export Log Fields - -This section presents the field names for the Endpoint Protector Server's "Standard format," which -has been available since the Endpoint Protector 5.9.4 release. Endpoint Protector Server exports -logs to SIEM solutions with a maximum of 2,100 characters. Since the Endpoint Protector 5.9.1 -release, we have increased the message limit to 10000 characters. - -#### Device Control - -The standard format for the Device Control fields is as follows: - -- [Log ID] -- [Event Name] -- [Client Computer] -- [IP Address] -- [MAC Address] -- [Serial Number] -- [OS] -- [Client User] -- [Device Type] -- [Device] -- [Device VID] -- [Device PID] -- [Device Serial] -- [EPP Client Version] -- [File Name] -- [File Hash] -- [File Type] -- [File Size] -- [Justification] -- [Time Interval] -- [Date/Time(Server)] -- [Date/Time(Client)] -- [Date/Time(Server UTC)] -- [Date/Time(Client UTC)] - -#### Content Aware Protection - -When Reporting V1 is utilized, fields associated with Reporting V2 content, such as [Destination -Details], [Email Sender], and [Email Subject], will remain blank. - -The standard format for the Content Aware Protection fields is as follows: - -- [Log ID] -- [Client Computer] -- [IP Address] -- [MAC Address] -- [Serial Number] -- [OS] -- [Client User] -- [Content Policy] -- [Content Policy Type] -- [Destination Type] -- [Destination] -- [Destination Details] -- [Email Sender] -- [Email Subject] -- [Justification] -- [Device VID] -- [Device PID] -- [Device Serial] -- [File Name] -- [File Hash] -- [File Size] -- [Matched Item] -- [Item Details] -- [Date/Time(Server)] -- [Date/Time(Client)] -- [Date/Time(Server UTC)] -- [Date/Time(Client UTC)] - -#### E-Discovery - -The standard format for the E-Discovery fields is as follows: - -- [Log ID] -- [Computer] -- [IP Address] -- [MAC Address] -- [Serial Number] -- [OS] -- [Policy] -- [Matched type] -- [Matched Item] -- [Path] -- [Discovered at] -- [Discovered at (UTC)] - -#### Other SIEM Logs - -User Login/User Logout - -The standard format for the Other SIEM Logs fields is as follows: - -- [Log ID] -- [Client Computer] -- [IP Address] -- [MAC Address] -- [Serial Number] -- [OS] -- [EPP Client Version] -- [Client User] -- [File Name] -- [File Type] -- [Date/Time(Server)] -- [Date/Time(Client)] -- [Date/Time(Server UTC)] -- [Date/Time(Client UTC)] - -#### Client Integrity OK/Client Integrity Fail - -The standard format for the Client Integrity OK/Client Integrity Fail fields is as follows: - -- [Log ID] -- [Client Computer] -- [IP Address] -- [MAC Address] -- [Serial Number] -- [OS] -- [EPP Client Version] -- [Client User] -- [File Name] -- [File Type] -- [Date/Time(Server)] -- [Date/Time(Client)] -- [Date/Time(Server UTC)] -- [Date/Time(Client UTC)] - -#### Admin Action - -The standard format for the Admin Action fields is as follows: - -- [Log ID] -- [Administrator] -- [Section] -- [Action Type] -- [Before] -- [After] -- [Date/Time(UTC)] - -#### User Information Updated - -The standard format for the User Information Updated fields is as follows: - -- [Log ID] -- [Client Computer] -- [IP Address] -- [MAC Address] -- [Serial Number] -- [OS] -- [EPP Client Version] -- [Client User] -- [Date/Time(Server)] -- [Date/Time(Client)] -- [Date/Time(Server UTC)] -- [Date/Time(Client UTC)] - -#### Policies Received - -The standard format for the Policies Received fields is as follows: - -- [Log ID] -- [Event Name] -- [Client Computer] -- [IP Address] -- [Client User] -- [OS] -- [Date/Time(Server)] -- [Date/Time(Client)] -- [Date/Time(Server UTC)] -- [Date/Time(Client UTC)] - -#### Uninstall Attempt / Forced Uninstall Attempt - -The standard format for the Uninstall Attempt/Forced Uninstall Attempt fields is as follows: - -- [Log ID] -- [Event Name] -- [Client Computer] -- [IP Address] -- [MAC Address] -- [Serial Number] -- [OS] -- [Client User] -- [Device Type] -- [Device] -- [Device VID] -- [Device PID] -- [Device Serial] -- [EPP Client Version] -- [File Name] -- [File Hash] -- [File Type] -- [File Size] -- [Justification] -- [Time Interval] -- [Date/Time(Server)] -- [Date/Time(Client)] -- [Date/Time(Server UTC)] -- [Date/Time(Client UTC)] - -#### Client Uninstall - -The standard format for the Client Uninstall fields is as follows: - -- [Log ID] -- [Client Computer] -- [IP Address] -- [MAC Address] -- [Serial Number] -- [Department] -- [EPP Client Version] -- [Last Time Online] diff --git a/docs/endpointprotector/5.9.4.2/admin/contentawareprotection/module.md b/docs/endpointprotector/5.9.4.2/admin/contentawareprotection/module.md deleted file mode 100644 index 69f8be1edf..0000000000 --- a/docs/endpointprotector/5.9.4.2/admin/contentawareprotection/module.md +++ /dev/null @@ -1,49 +0,0 @@ -# Content Aware Protection - -This module allows the Administrator to set up and enforce strong content filtering policies for -selected users, computers, groups, or departments and take control over the risks posed by -accidental or intentional file transfers of sensitive company data, such as: - -- Personal Identifiable Information (PII): social security numbers (SSN), driving license numbers, - email addresses, passport numbers, phone numbers, addresses, dates, etc. -- Financial and credit card information: credit card numbers for Visa, MasterCard, American Express, - JCB, Discover Card, Diners Club, bank account numbers, etc. -- Confidential files: sales and marketing reports, technical documents, accounting documents, customer - databases, etc. - -**CAUTION:** Endpoint Protector cannot scan encrypted files or applications that use encryption to -secure communication. - -To prevent sensitive data leakage, Endpoint Protector closely monitors all activity at various exit -points: - -- Transfers on portable storage and other media devices (USB Drives, external HDDs, CDs, DVDs, SD - cards, etc.), either directly or through encryption software (e.g., Enforced Encryption) -- Transfers on local networks (Network Share) -- Transfers via the Internet (email Clients, File Sharing Application, Web Browsers, Instant - Messaging, Social Media, etc.) -- Transfers to the cloud (iCloud, Google Drive, Dropbox, Microsoft SkyDrive, etc.) -- Transfers through Copy & Paste / Cut & Paste -- Print screens -- Printers and others - -## Content Aware Protection Activation - -Content Aware Protection comes as the second level of data protection available in Endpoint -Protector. The module is displayed but requires a simple activation by pressing the Enable button. -If not previously provided, the contact details of the Main Administrator will be required. - -**NOTE:** Any details provided will only be used to ensure the Live Update Server is configured -correctly and that the Content Aware Protection module was enabled successfully. - -![The module is displayed but requires a simple activation by pressing the Enable button](/img/product_docs/endpointprotector/5.9.4.2/admin/contentawareprotection/activation.webp) - -**NOTE:** The Content Aware Protection module is separate from Device Control or eDiscovery modules, -and requires separate licensing. - -## Dashboard - -This section offers a quick overview in the form of graphics and charts related to the Content Aware -Protection module. - -![A quick overview in the form of graphics and charts related to the Content Aware Protection module](/img/product_docs/endpointprotector/5.9.4.2/admin/contentawareprotection/dashboard.webp) diff --git a/docs/endpointprotector/5.9.4.2/admin/denylistsallowlists/_category_.json b/docs/endpointprotector/5.9.4.2/admin/denylistsallowlists/_category_.json new file mode 100644 index 0000000000..e6e110b6be --- /dev/null +++ b/docs/endpointprotector/5.9.4.2/admin/denylistsallowlists/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Denylists and Allowlists", + "position": 60, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/endpointprotector/5.9.4.2/admin/denylistsallowlists/allowlists.md b/docs/endpointprotector/5.9.4.2/admin/denylistsallowlists/allowlists.md index 1499ee272a..f0269cbfbb 100644 --- a/docs/endpointprotector/5.9.4.2/admin/denylistsallowlists/allowlists.md +++ b/docs/endpointprotector/5.9.4.2/admin/denylistsallowlists/allowlists.md @@ -1,3 +1,9 @@ +--- +title: "Allowlists" +description: "Allowlists" +sidebar_position: 20 +--- + # Allowlists ## MIME Type diff --git a/docs/endpointprotector/5.9.4.2/admin/denylistsallowlists/denylists.md b/docs/endpointprotector/5.9.4.2/admin/denylistsallowlists/denylists.md index 63d193c903..455771d9e5 100644 --- a/docs/endpointprotector/5.9.4.2/admin/denylistsallowlists/denylists.md +++ b/docs/endpointprotector/5.9.4.2/admin/denylistsallowlists/denylists.md @@ -1,3 +1,9 @@ +--- +title: "Denylists" +description: "Denylists" +sidebar_position: 10 +--- + # Denylists ## Custom Content diff --git a/docs/endpointprotector/5.9.4.2/admin/denylistsallowlists/overview.md b/docs/endpointprotector/5.9.4.2/admin/denylistsallowlists/overview.md index 49763690c0..c797b832e1 100644 --- a/docs/endpointprotector/5.9.4.2/admin/denylistsallowlists/overview.md +++ b/docs/endpointprotector/5.9.4.2/admin/denylistsallowlists/overview.md @@ -1,3 +1,9 @@ +--- +title: "Denylists and Allowlists" +description: "Denylists and Allowlists" +sidebar_position: 60 +--- + # Denylists and Allowlists From this section, you can create Denylists and Allowlists that can be used in both the Content diff --git a/docs/endpointprotector/5.9.4.2/admin/denylistsallowlists/urlcategories.md b/docs/endpointprotector/5.9.4.2/admin/denylistsallowlists/urlcategories.md index 12fb13539c..0cfd085d4c 100644 --- a/docs/endpointprotector/5.9.4.2/admin/denylistsallowlists/urlcategories.md +++ b/docs/endpointprotector/5.9.4.2/admin/denylistsallowlists/urlcategories.md @@ -1,3 +1,9 @@ +--- +title: "URL Categories" +description: "URL Categories" +sidebar_position: 30 +--- + # URL Categories URL Categories are custom-defined lists of web domains that can be set on Content Aware Policies to diff --git a/docs/endpointprotector/5.9.4.2/admin/devicecontrol/module.md b/docs/endpointprotector/5.9.4.2/admin/devicecontrol/module.md deleted file mode 100644 index e4f4372c79..0000000000 --- a/docs/endpointprotector/5.9.4.2/admin/devicecontrol/module.md +++ /dev/null @@ -1,18 +0,0 @@ -# Device Control - -From this section, you can manage all entities in the system, their subsequent rights, and settings. -You can also manage other types of settings from the Device Control section such as Endpoint -Protector Client and Deep Packet Inspection settings. As the first layer of security within Endpoint -Protector, it is activated by default in every configuration provided. - -For a detailed overview of the devices that are discovered and covered under the Device Control -settings, please refer to the -[Device Types (Standard)](globalrights.md#device-types-standard) subtopic. - -## Dashboard - -This section offers an overview in the form of graphics and charts related to the Endpoint Protector -Entities. You can select the start and end date for the data used in these visual representations -from the top-right calendars and view the data in real time. - -![Overview in the form of graphics and charts ](/img/product_docs/endpointprotector/5.9.4.2/admin/devicecontrol/dcdashboard.webp) diff --git a/docs/endpointprotector/5.9.4.2/admin/directoryservices/overview.md b/docs/endpointprotector/5.9.4.2/admin/directoryservices/overview.md deleted file mode 100644 index eb71b3ed48..0000000000 --- a/docs/endpointprotector/5.9.4.2/admin/directoryservices/overview.md +++ /dev/null @@ -1,260 +0,0 @@ -# Directory Services - -From this section, you can import and synchronize the entities (Users, Computers, and Groups) from -the company’s Active Directories. - -![Import and synchronize the entities (Users, Computers, and Groups) from the company’s Active Directories](/img/product_docs/endpointprotector/5.9.4.2/admin/directoryservices/directoryservices.webp) - -## Microsoft Active Directory - -You can create and manage connections from the Directory Services, Microsoft Active Directory -section. The required information includes the Connection Type, Server, Port, Username, and -Password. - -![Manage connections from the Directory Services](/img/product_docs/endpointprotector/5.9.4.2/admin/directoryservices/newconnection.webp) - -**NOTE:** When having to import a very large number of entities, we recommend using the Base Search -Path to get only the relevant information displayed. Due to browser limitations, importing the whole -AD structure may impede the display of the import tree if it contains a very large number of -entities. - -To ensure the information is correct, click Test to test the new connection. - -Once a new connection has been created, it is available in the synchronization list and can be -further edited, to include the required entities. - -For the defined connections, several synchronization options are available. From this section, the -connection credentials and synchronization interval can also be changed. - -![Change connection credentials and synchronization interval](/img/product_docs/endpointprotector/5.9.4.2/admin/directoryservices/testsync.webp) - -The Advanced Groups Filter can be used to import and synchronize only specific groups, ignoring all -other entities. - -From the Directory Browser section, you can select the entities that need to be synced. - -**NOTE:** You can view only Organizational units (OU) and Groups in the Directory Browser. - -![From the Directory Browser section, you can select the entities that need to be synced.](/img/product_docs/endpointprotector/5.9.4.2/admin/directoryservices/directorybrowser.webp) - -Once the entities have been selected, they can be saved to sync. - -![Synchronization Filters](/img/product_docs/endpointprotector/5.9.4.2/admin/directoryservices/synchfilters.webp) - -## Microsoft Entra ID - -You can create and manage connections from the Directory Services, Microsoft Entra ID. From this -section, Groups from the Microsoft Entra ID will have their users synchronized with the Endpoint -Protector Server. Group membership will be retrieved recursively by the API platform itself. - -Example - -- Group 1 - User 1, User 2, User 3 -- Group 2 - Group 1, User 4 -- Group 3 - Group 2, User 5 - -If Group 3 is selected for the synchronization operation, only Group 3 will be imported and created -in the Endpoint Protector Server. User 5 will also be imported and will be added as a member of -Group 3. Group 2 and all subsequent groups will be parsed and only the Users will be retrieved and -the actual groups will not be added to the server. - -After the synchronization is done, it will look like that on the Endpoint Protector server: - -- Group 3 - User 5, User 4, User 3, User 2, User 1 - -### Configure Microsoft Entra ID - -#### Create the Application on Microsoft Entra ID - -Follow the steps to create the application on Microsoft Entra ID. - -**Step 1 –** Log in to Azure Portal. - -**Step 2 –** Go to Microsoft Entra ID. - -**Step 3 –** Click App Registrations from the Manage section on the Active Directory menu on the -left side, then on New Registration. - -![Create the application on Microsoft Entra ID](/img/product_docs/endpointprotector/5.9.4.2/admin/directoryservices/appregmsentraid.webp) - -**Step 4 –** On the Registration page enter your **Name**. - -**Step 5 –** On the Supported account type select **Default Directory**. - -**CAUTION:** Do not fill in the Redirect URI field! - -**Step 6 –** Click **Register**. - -![Create the application on Microsoft Entra ID](/img/product_docs/endpointprotector/5.9.4.2/admin/directoryservices/appregmsentraidtwo.webp) - -**Step 7 –** On the Essentials section save the following information: - -- Application (client) ID will be needed for adding it in the Application (client) ID field on the - Endpoint Protector Server -- Directory (tenant) ID will be needed for adding it in the Tenant ID field on the Endpoint - ProtectorEndpoint Protector Server - -![Create the Application on Azure Active Directory](/img/product_docs/endpointprotector/5.9.4.2/admin/directoryservices/testapplication.webp) - -#### Create a Secret ID for the Application - -The secret ID will be used as an authentication method to gain access to the application via Graph -API. - -**Step 1 –** Click **Certificates & Secrets** on the side menu from the Manage section. - -![Create a Secret ID for the Application](/img/product_docs/endpointprotector/5.9.4.2/admin/directoryservices/certsecrets.webp) - -**Step 2 –** Click **New client secret** on the Certificates & secrets page. - -![Create a Secret ID for the Application](/img/product_docs/endpointprotector/5.9.4.2/admin/directoryservices/certsecretestwo.webp) - -**Step 3 –** Enter a **Description** for the secret ID. - -![Create a Secret ID for the Application](/img/product_docs/endpointprotector/5.9.4.2/admin/directoryservices/certsecretsthree.webp) - -**Step 4 –** Click **Add** and **Add a client** secret section. - -![Create a Secret ID for the Application](/img/product_docs/endpointprotector/5.9.4.2/admin/directoryservices/certsecretsfour.webp) - -**Step 5 –** Take note of the Secret ID value and make sure to copy it to the clipboard and also to -store it safely because it will be needed further on. - -**NOTE:** Notice that when navigating back, the secret ID will be hidden. - -![Create a Secret ID for the Application](/img/product_docs/endpointprotector/5.9.4.2/admin/directoryservices/certsecretsfive.webp) - -#### Create Users/Groups Using Graph API - -Follow the steps to create users/groups using Graph API. - -**Step 1 –** Click **Home** and then Microsoft Entra ID. - -![Create Users/Groups Using Graph API](/img/product_docs/endpointprotector/5.9.4.2/admin/directoryservices/certsecretsfivesix.webp) - -![Azure Home Page](/img/product_docs/endpointprotector/5.9.4.2/admin/directoryservices/azurehome.webp) - -**Step 2 –** Click **Add** from the Default Directory| Overview page - -![Default Directory| Overview page](/img/product_docs/endpointprotector/5.9.4.2/admin/directoryservices/azureadoverview.webp) - -**Step 3 –** Click **Add User**. - -![Overview Add User ](/img/product_docs/endpointprotector/5.9.4.2/admin/directoryservices/overviewadduser.webp) - -- Select **Create User**. -- Enter the **Username** and select the **Domain**. -- Enter the **Name**. -- Either click **Auto-generate password** or create one on your own. -- Add the **Department**. -- Click **Create**. - -![Azure Active Director Create User](/img/product_docs/endpointprotector/5.9.4.2/admin/directoryservices/azureadnewuser.webp) - -**Step 4 –** Repeat Steps 1 and 2, then click **Group**. - -- Select group type **security**. -- Enter a **name** for the group. -- Click **No members selected** to add membership. -- Search for the newly created user and click **Select**. - -![ Default Directory| New Group](/img/product_docs/endpointprotector/5.9.4.2/admin/directoryservices/azureadnewgroup.webp) - -#### Add Permissions to the Application - -Permission to be added to our application: - -- Directory.Read.All -- Group.Read.All -- User.Read.All - -Make sure the created application is open then: - -**Step 1 –** Click **API Permissions**. - -![Add Permissions to the Application](/img/product_docs/endpointprotector/5.9.4.2/admin/directoryservices/azureadapipermissionone.webp) - -**Step 2 –** Click **Add a Permission**. - -![Add Permissions to the Application](/img/product_docs/endpointprotector/5.9.4.2/admin/directoryservices/azureadapipermissiontwo.webp) - -**Step 3 –** Click **Microsoft Graph**. - -![Add Permissions to the Application](/img/product_docs/endpointprotector/5.9.4.2/admin/directoryservices/azureadapipermissionthree.webp) - -**Step 4 –** Click **Application Permissions**. - -![Add Permissions to the Application](/img/product_docs/endpointprotector/5.9.4.2/admin/directoryservices/azureadapipermissionfour.webp) - -**Step 5 –** Search for the permissions mentioned above and check each of the permissions. -(Directory.Read.All, Group.Read.All, User.Read.All) - -![Add Permissions to the Application](/img/product_docs/endpointprotector/5.9.4.2/admin/directoryservices/azureadapipermissionfive.webp) - -**Step 6 –** Click **Add Permissions**. - -![Add Permissions to the Application](/img/product_docs/endpointprotector/5.9.4.2/admin/directoryservices/azureadapipermissionsix.webp) - -**Step 7 –** Click **Grant admin consent for Default Directory** from the API Permission page. - -![Add Permissions to the Application](/img/product_docs/endpointprotector/5.9.4.2/admin/directoryservices/azureadapipermissionseven.webp) - -#### Add Graph Application to Server - -Follow the steps to add a graph application to the Endpoint Protector server. - -**Step 1 –** Open the Endpoint ProtectorServer and navigate to **Directory Services** > **Microsoft -Entra ID**. - -**Step 2 –** Click **Add** to add an API Consumer – One API Consumer can be used for multiple -synchronization jobs. - -![Add Graph Application to Endpoint Protector Server](/img/product_docs/endpointprotector/5.9.4.2/admin/directoryservices/azuread.webp) - -**Step 3 –** Provide the following details: - -- Name -- Description -- Directory (tenant) ID saved earlier on the Tenant ID field -- Application (client) ID saved earlier on the Application (Client) ID field -- Secret ID saved earlier in the Client Secret Value field - -![Add Graph Application to Endpoint Protector Server](/img/product_docs/endpointprotector/5.9.4.2/admin/directoryservices/azureadtwo.webp) - -**Step 4 –** Click **Test** and then **Save**. - -![Add Graph Application to Endpoint Protector Server](/img/product_docs/endpointprotector/5.9.4.2/admin/directoryservices/azureadthree.webp) - -#### Create a Synchronization Job on the Server - -Follow the steps to create a synchronization job on the Endpoint Protector server. - -**Step 1 –** Click **Create Sync Job**. - -![Create a Synchronization Job on the Endpoint Protector Server](/img/product_docs/endpointprotector/5.9.4.2/admin/directoryservices/createsynchjob.webp) - -**Step 2 –** Provide Synchronization information: - -- Name -- Description -- Select the created API Consumer -- Select Sync Interval - -**Step 3 –** Click **Save**. - -![Create a Synchronization Job on the Endpoint Protector Server](/img/product_docs/endpointprotector/5.9.4.2/admin/directoryservices/mapon-premisesusers.webp) - -The **Map on-premises users** switch in the Microsoft Entra ID connector controls how Endpoint -Protector retrieves user names in hybrid environments with both a local Active Directory and -Microsoft Entra ID. This switch has two states: - -- Unmarked (feature disabled) – Endpoint Protector uses the "userPrincipalName" Azure AD attribute - to retrieve user names. This attribute is the primary source for user identification and account - mapping. -- Marked (feature enabled) – Endpoint Protector uses the "onPremisesSamAccountName" Azure AD - attribute to retrieve user names, ensuring accurate synchronization between the local Active - Directory and Azure AD. - -By utilizing this feature, Endpoint Protector ensures seamless synchronization of user names, -preventing duplicate usernames. Enable or disable the "Map on-premises users" feature based on your -specific hybrid environment setup and requirements. diff --git a/docs/endpointprotector/5.9.4.2/admin/ediscovery/module.md b/docs/endpointprotector/5.9.4.2/admin/ediscovery/module.md deleted file mode 100644 index a6809e2925..0000000000 --- a/docs/endpointprotector/5.9.4.2/admin/ediscovery/module.md +++ /dev/null @@ -1,135 +0,0 @@ -# eDiscovery - -This module allows you to create policies that inspect data residing on protected Windows, Macs, and -Linux computers. The company’s data protection strategy can be enforced and risks posed by -accidental or intentional data leaks can be managed. You can mitigate problems posed by data at rest -by discovering sensitive data, such as: - -- Personal Identifiable Information (PII) – social security numbers (SSN), driving license numbers, - E-mail addresses, passport numbers, phone numbers, addresses, dates, etc. -- Financial and credit card information – credit card numbers for Visa, MasterCard, American - Express, JCB, Discover Card, Diners Club, bank account numbers, etc. -- Confidential files – sales and marketing reports, technical documents, accounting documents, - customer databases, etc. - -## eDiscovery Activation - -eDiscovery comes as the third level of data protection available in Endpoint Protector. The module -is displayed but requires a simple activation by pressing the Enable button. If not previously -provided, the contact details of the Main Administrator will be required. - -**NOTE:** Any details provided will only be used to ensure the Live Update Server is configured -correctly and that the eDiscovery module was enabled successfully. - -**CAUTION:** The eDiscovery module is separate from Device Control or Content Aware Protection -modules, and requires separate licensing. - -![eDiscovery Activation](/img/product_docs/endpointprotector/5.9.4.2/admin/ediscovery/activation.webp) - -## Dashboard - -This section offers a quick overview in the form of graphics and charts related to the eDiscovery -module. - -![A quick overview in the form of graphics and charts related to the eDiscovery module](/img/product_docs/endpointprotector/5.9.4.2/admin/ediscovery/dashboard.webp) - -## eDiscovery Policies and Scans - -eDiscovery Policies are sets of rules for sensitive content detection for data stored on protected -computers. - -An eDiscovery Policy is made up of five main elements: - -- OS Type – the OS it applies to (Windows, Mac, or Linux) -- Thresholds – the number of acceptable violations -- Policy Denylists – the content to be detected -- Policy Allowlists – the content that can be ignored -- Entities – the departments, groups, or computers it applies to - -**NOTE:** Once the eDiscovery Policies are created, select the type of eDiscovery Scan. - -eDiscovery Scans are sets of rules for Policies, defining when to start the data discovery. There are -several types of scans: - -- Clean scan – stars a new discovery (from scratch) -- Incremental scan – continues the discovery (skipping the previously scanned files) - -eDiscovery Automatic Scanning is also available, allowing you to set an Incremental Scan - -- One time – a scan will run once, at the specific date and time -- Weekly – a scan will run every 7 days, from the set date and time -- Monthly – a scan will run every 30 days, from the set date and time - -![eDiscovery Automatic Scanning](/img/product_docs/endpointprotector/5.9.4.2/admin/ediscovery/automaticscanning.webp) - -An eDiscovery Scan can be stopped at any time as results can also be automatically cleared. This can -be done by using: - -- Stop scan: stops the scan (but does not affect the logs) -- Stop scan and clear scan: stops the scan and clears the logs - -**NOTE:** Use Global Stop and Clear in situations where all the eDiscovery Scans need to be stopped -and all the Logs cleared. - -### Creating an eDiscovery Policy and Scan - -You can easily create and manage eDiscovery Policies and Scans from the eDiscovery, Policies and -Scans section. - -![Creating an eDiscovery Policy and Scan](/img/product_docs/endpointprotector/5.9.4.2/admin/ediscovery/policiesscans.webp) - -To create a new policy click **Create Custom Policy** and to edit an available policy, double-click -it. You need to select a policy to edit, duplicate or delete a policy. - -![Creating a new Policy](/img/product_docs/endpointprotector/5.9.4.2/admin/ediscovery/newpolicy.webp) - -When creating a new policy, select the following: - -- Policy Information (OS Type, Policy name, description, action, and type) -- Policy Exit points -- Policy Denylists, Policy Allowlists -- Policy Entities (Departments, Groups, and Computers) - -You can use the following thresholds: - -- Limit Reporting eD -- Threat Threshold value -- File Size Threshold - -You can find more details about Thresholds directly in the Endpoint Protector User Interface. - -For detailed information on Denylists and Allowlist, refer to the -[Denylists and Allowlists](/docs/endpointprotector/5.9.4.2/admin/denylistsallowlists/overview.md) chapter. - -After the eDiscovery Policy has been created, Scanning Actions can be assigned. These include Start -clean scan, Start incremental scan, Stop scan, and Clear logs. - -**NOTE:** Exactly like Content Aware Protection Policies, the eDiscovery Policies and Scans continue -to detect sensitive data stored on protected computers even after they are disconnected from the -company network. Logs will be saved within the Endpoint Protector Client and will be sent to the -Server once the connection has been reestablished. - -## eDiscovery Scan Result and Actions - -After an eDiscovery Scan starts, you can inspect the items found and apply actions to remediate -(e.g., delete on target, encrypt on target, decrypt on target, etc.). All results are displayed in -the eDiscovery, Scan Results, and Actions section. - -![eDiscovery Scan Result and Actions](/img/product_docs/endpointprotector/5.9.4.2/admin/ediscovery/scanresults.webp) - -You can also access the Scan Results and Actions section directly from eDiscovery > Policies and -Scans by selecting a computer from the eDiscovery Scans list and choosing the Inspect found items -action. This will automatically filter the Scan Results list and display the items only for that -specific computer. - -![eDiscovery Scan Result and Actions](/img/product_docs/endpointprotector/5.9.4.2/admin/ediscovery/ediscoveryscans.webp) - -### Viewing Scan Results and Taking Actions - -From this section, you can manage the scan results. A list of all the computers that were scanned -can be viewed and actions such as deleting, encrypting or decrypting files can be taken. - -![Viewing Scan Results and Taking Actions](/img/product_docs/endpointprotector/5.9.4.2/admin/ediscovery/ediscoveryactions.webp) - -You can apply an action to each item individually or, can select multiple items and apply the action -simultaneously by using the Choose action button. diff --git a/docs/endpointprotector/5.9.4.2/admin/enforcedencryption/module.md b/docs/endpointprotector/5.9.4.2/admin/enforcedencryption/module.md deleted file mode 100644 index 2cce0570e3..0000000000 --- a/docs/endpointprotector/5.9.4.2/admin/enforcedencryption/module.md +++ /dev/null @@ -1,174 +0,0 @@ -# Enforced Encryption - -Enforced Encryption, Formerly known as EasyLock, is a cross-platform solution that protects data -with government-approved 256 bit AES CBC-mode encryption. For USB devices, it needs to be deployed -on the root of the device. With the intuitive Drag & Drop interface, files can be quickly copied to -and from the device. - -![Enforced Encryption, Formerly known as EasyLock](/img/product_docs/endpointprotector/5.9.4.2/admin/enforcedencryption/enforcedencryption.webp) - -Used in combination with Endpoint Protector, Enforced Encryption allows USB storage devices to be -identified as Trusted Device™ Level 1. This can ensure that USB Enforced Encryption is used on -protected computers. Accessing data stored on the device can be done via the password the user -configured or via a Master Password set by the Endpoint Protector administrator. The encrypted data -can be opened by any user only after it is decrypted, therefore requiring the user to copy the -information out of Enforced Encryption. - -**CAUTION:** Enforced Encryption is not compatible with devices that have a write-protection -mechanism in place, preventing the modification or deletion of data. The write-protection mechanism -can be enforced using a hardware component (for example a switch on the USB device) or a software -component. - -**NOTE:** While Endpoint Protector can detect any Enforced Encryption USB encrypted device as a -Trusted Device™ Level 1, to use the Enforced Encryption feature, a specific Enforced Encryption -version must be used. This is available for the Endpoint Protector User Interface. - -Enforced Encryption works on read-only mode if the device was formatted on Windows, the Enforced -Encryption configured on Windows or some files were encrypted on Windows. On macOS, these files can be -decrypted, except for NTFS due to incompatibility with Enforced Encryption. - -## Enforced Encryption Deployment - -Enforced Encryption is supported for both Mac and Windows computers. - -![Enforced Encryption is supported for both Mac and Windows computers](/img/product_docs/endpointprotector/5.9.4.2/admin/enforcedencryption/deployment.webp) - -Deployment can be done automatically if **Allow Access if Trusted Device™ Level 1+** is selected -for the USB Storage Devices. This can be done by going to Device Control, Global Rights section, or -using the quick links provided, as per the image above. - -Manual deployment is also available. Download links for both Windows and Mac are available in this -section. The downloaded Enforced Encryption file must be copied onto the USB storage device and -executed from the root of the device. Due to extended security features for manual deployment, -Enforced Encryption will have to be redownloaded from the Endpoint Protector interface each time it -will be used to encrypt a new USB storage device. - -**NOTE:** Starting with Endpoint Protector 5.2.0.0, manual deployment can also be made by the user -if the device is set on Allow Access, by pressing the small USB icon- Encrypt Device with Enforced -Encryption. - -Both Enforced Encryption deployments are straightforward and require the user only to configure a -password. - -**NOTE:** On Macs, USB storage devices with multiple partitions are not supported by Enforced -Encryption and Trusted Device™ Level 1. - -## Enforced Encryption Settings - -This section allows you to remotely manage Enforced Encryption encrypted devices. Before being able -to take advantage of these features, you must configure a Master Password. - -![Enforced Encryption Settings](/img/product_docs/endpointprotector/5.9.4.2/admin/enforcedencryption/settings.webp) - -In the Settings section, the Master Password can be configured, the Enforced Encryption File Tracing -enabled, as well as defining the installation and execution of Enforced Encryption only on computers -where the Endpoint Protector Client is present. - -For both the Master Password and the User Password, complex rules can be enforced. If these are -enabled, the password lengths, minimum characters, validity, history, and other settings can be set. - -![ Master Password Settings](/img/product_docs/endpointprotector/5.9.4.2/admin/enforcedencryption/masterpasswordsettings.webp) - -Endpoint Protector allows tracing of files copied and encrypted on portable devices using Enforced -Encryption. This option can be activated from inside the Settings windows located under the Enforced -Encryption tab. - -![File Tracing Settings](/img/product_docs/endpointprotector/5.9.4.2/admin/enforcedencryption/filetracing.webp) - -By checking the File Tracing option, all data transferred to and from devices using Enforced -Encryption is recorded and logged for later auditing. The logged information is automatically sent -to the Endpoint Protector Server if the Endpoint Protector Client is present on that computer. This -action takes place regardless of the File Tracing option being enabled or not for that specific -computer through the Device Control module. - -In case the Endpoint Protector Client is not present, the information is stored locally in an -encrypted format on the device and it will be sent at a later time from any other computer with the -Endpoint Protector Client installed. - -The additional Offline File Tracing option is an extension to the first option, offering the -possibility to store information directly on the device, before being sent to the Endpoint Protector -Server. The list of copied files is sent only the next time the device is plugged in and only if the -Endpoint Protector Client is present and communicates with the Endpoint Protector Server. - -Additionally, Easy Lock performs File Shadowing for the files that are transferred if the Endpoint -Protector Client is present and the File Shadowing option is enabled on the computer on which the -events occur – through the Device Control module. This is a real-time event and no shadowing -information is stored on the device at any given time. - -**NOTE:** Enabling global File Tracing will not automatically activate the File Tracing option on -Enforced Encryption Trusted Device™ and vice versa. - -### Enforced Encryption Clients - -In the Clients list section, all Enforced Encryption enforced devices are listed. By selecting the -Manage Client Action a list of Actions History is displayed, as well as the option to manage them by -sending a message, changing the user’s password, resetting the device, resending the master -password, and more. - -![Enforced Encryption Clients](/img/product_docs/endpointprotector/5.9.4.2/admin/enforcedencryption/clientslist.webp) - -### Trusted Device™ - -Protecting Data in Transit is essential to ensure no third party has access to data in case a device -is lost or stolen. The Enforced Encryption solution gives administrators the possibility to protect -confidential data on portable devices in case of loss or theft. Ensuring only encrypted devices can -be used on computers where Endpoint Protector is present can be done by utilizing Trusted Device™. -Trusted Device™ must receive authorization from the Endpoint Protector Server, otherwise, they will -be unusable. There are four levels of security for Trusted Device™: - -- Level 1 – Minimum security for office and personal use with a focus on software-based encryption for - data security. Any USB Flash Drive and most other portable storage devices can be turned into a - Trusted Device™ Level 1. It does not require any specific hardware but it does need an encryption - solution such as Enforced Encryption -- Level 2 – Medium security level with biometric data protection or advanced software-based data - encryption. It requires special hardware that includes security software and has been tested for - Trusted Device™ Level 2. -- Level 3 – High-security level with strong hardware-based encryption that is mandatory for - regulatory compliance such as SOX, HIPAA, GBLA, PIPED, Basel II, DPA, or PCI 95/46/EC. It requires - special hardware that includes advanced security software and hardware-based encryption that has - been tested for Trusted Device™ Level 3. -- Level 4 – Maximum security for military and government use. Level 4 Trusted Device™ include - strong hardware-based encryption for data protection and are independently certified (e.g., FIPS - 140). These devices have successfully undergone rigorous testing for software and hardware. It - requires special hardware that is available primarily through security-focused resellers. -- Level 1+ – Derived from Level 1, it will ensure that Enforced Encryption 2 with Master Password - will be automatically deployed on USB storage devices plugged into computers where the Endpoint - ProtectorEndpoint Protector Client is present. - -**NOTE:** If a Trusted Device™ Level 1 right is enabled and a Trusted Device™ level 2, 3 or 4 is -connected, the right will apply accordingly. - -The table below provides a list of Trusted Device™: - -| Device Names | Trusted Device™ Level | -| ------------------------------------- | ---------------------- | -| Enforced Encryption Encrypted devices | 1 | -| AT1177 | 2 | -| UT169 | 2 | -| UT176 | 2 | -| Trek ThumbDrive | 2 | -| BitLocker Encrypted devices | 3 | -| FileVault Encrypted devices | 3 | -| Buffalo Secure Lock | 3 | -| CTWO SafeXs | 3 | -| Integral Crypto | 3 | -| Integral Crypto Dual | 3 | -| Integral Courier Dual | 3 | -| IronKey Secure Drive | 3 | -| iStorage datAshur | 3 | -| Kanguru Bio Drive | 3 | -| Kanguru Defender | 3 | -| Kanguru Elite (30, 200 & 300) | 3 | -| Kanguru Defender Elite | 3 | -| Kingston DataTraveler Locker+ | 3 | -| Lexar 1 (Locked I Device) | 3 | -| Lexar Gemalto | 3 | -| SaferZone Token | 3 | -| ScanDisk Enterprise | 3 | -| Verbatim Professional | 3 | -| Verbatim Secure Data | 3 | -| Verbatim V-Secure | 3 | -| iStorage datAshur Pro | 4 | -| Kanguru Defender (2000 & 3000) | 4 | -| SafeStick BE | 4 | -| Stealth MXP Bio | 4 | diff --git a/docs/endpointprotector/5.9.4.2/admin/module.md b/docs/endpointprotector/5.9.4.2/admin/module.md new file mode 100644 index 0000000000..3df053111a --- /dev/null +++ b/docs/endpointprotector/5.9.4.2/admin/module.md @@ -0,0 +1,141 @@ +--- +title: "eDiscovery" +description: "eDiscovery" +sidebar_position: 50 +--- + +# eDiscovery + +This module allows you to create policies that inspect data residing on protected Windows, Macs, and +Linux computers. The company’s data protection strategy can be enforced and risks posed by +accidental or intentional data leaks can be managed. You can mitigate problems posed by data at rest +by discovering sensitive data, such as: + +- Personal Identifiable Information (PII) – social security numbers (SSN), driving license numbers, + E-mail addresses, passport numbers, phone numbers, addresses, dates, etc. +- Financial and credit card information – credit card numbers for Visa, MasterCard, American + Express, JCB, Discover Card, Diners Club, bank account numbers, etc. +- Confidential files – sales and marketing reports, technical documents, accounting documents, + customer databases, etc. + +## eDiscovery Activation + +eDiscovery comes as the third level of data protection available in Endpoint Protector. The module +is displayed but requires a simple activation by pressing the Enable button. If not previously +provided, the contact details of the Main Administrator will be required. + +**NOTE:** Any details provided will only be used to ensure the Live Update Server is configured +correctly and that the eDiscovery module was enabled successfully. + +**CAUTION:** The eDiscovery module is separate from Device Control or Content Aware Protection +modules, and requires separate licensing. + +![eDiscovery Activation](/img/product_docs/endpointprotector/5.9.4.2/admin/ediscovery/activation.webp) + +## Dashboard + +This section offers a quick overview in the form of graphics and charts related to the eDiscovery +module. + +![A quick overview in the form of graphics and charts related to the eDiscovery module](/img/product_docs/endpointprotector/5.9.4.2/admin/ediscovery/dashboard.webp) + +## eDiscovery Policies and Scans + +eDiscovery Policies are sets of rules for sensitive content detection for data stored on protected +computers. + +An eDiscovery Policy is made up of five main elements: + +- OS Type – the OS it applies to (Windows, Mac, or Linux) +- Thresholds – the number of acceptable violations +- Policy Denylists – the content to be detected +- Policy Allowlists – the content that can be ignored +- Entities – the departments, groups, or computers it applies to + +**NOTE:** Once the eDiscovery Policies are created, select the type of eDiscovery Scan. + +eDiscovery Scans are sets of rules for Policies, defining when to start the data discovery. There are +several types of scans: + +- Clean scan – stars a new discovery (from scratch) +- Incremental scan – continues the discovery (skipping the previously scanned files) + +eDiscovery Automatic Scanning is also available, allowing you to set an Incremental Scan + +- One time – a scan will run once, at the specific date and time +- Weekly – a scan will run every 7 days, from the set date and time +- Monthly – a scan will run every 30 days, from the set date and time + +![eDiscovery Automatic Scanning](/img/product_docs/endpointprotector/5.9.4.2/admin/ediscovery/automaticscanning.webp) + +An eDiscovery Scan can be stopped at any time as results can also be automatically cleared. This can +be done by using: + +- Stop scan: stops the scan (but does not affect the logs) +- Stop scan and clear scan: stops the scan and clears the logs + +**NOTE:** Use Global Stop and Clear in situations where all the eDiscovery Scans need to be stopped +and all the Logs cleared. + +### Creating an eDiscovery Policy and Scan + +You can easily create and manage eDiscovery Policies and Scans from the eDiscovery, Policies and +Scans section. + +![Creating an eDiscovery Policy and Scan](/img/product_docs/endpointprotector/5.9.4.2/admin/ediscovery/policiesscans.webp) + +To create a new policy click **Create Custom Policy** and to edit an available policy, double-click +it. You need to select a policy to edit, duplicate or delete a policy. + +![Creating a new Policy](/img/product_docs/endpointprotector/5.9.4.2/admin/ediscovery/newpolicy.webp) + +When creating a new policy, select the following: + +- Policy Information (OS Type, Policy name, description, action, and type) +- Policy Exit points +- Policy Denylists, Policy Allowlists +- Policy Entities (Departments, Groups, and Computers) + +You can use the following thresholds: + +- Limit Reporting eD +- Threat Threshold value +- File Size Threshold + +You can find more details about Thresholds directly in the Endpoint Protector User Interface. + +For detailed information on Denylists and Allowlist, refer to the +[Denylists and Allowlists](/docs/endpointprotector/5.9.4.2/admin/denylistsallowlists/overview.md) chapter. + +After the eDiscovery Policy has been created, Scanning Actions can be assigned. These include Start +clean scan, Start incremental scan, Stop scan, and Clear logs. + +**NOTE:** Exactly like Content Aware Protection Policies, the eDiscovery Policies and Scans continue +to detect sensitive data stored on protected computers even after they are disconnected from the +company network. Logs will be saved within the Endpoint Protector Client and will be sent to the +Server once the connection has been reestablished. + +## eDiscovery Scan Result and Actions + +After an eDiscovery Scan starts, you can inspect the items found and apply actions to remediate +(e.g., delete on target, encrypt on target, decrypt on target, etc.). All results are displayed in +the eDiscovery, Scan Results, and Actions section. + +![eDiscovery Scan Result and Actions](/img/product_docs/endpointprotector/5.9.4.2/admin/ediscovery/scanresults.webp) + +You can also access the Scan Results and Actions section directly from eDiscovery > Policies and +Scans by selecting a computer from the eDiscovery Scans list and choosing the Inspect found items +action. This will automatically filter the Scan Results list and display the items only for that +specific computer. + +![eDiscovery Scan Result and Actions](/img/product_docs/endpointprotector/5.9.4.2/admin/ediscovery/ediscoveryscans.webp) + +### Viewing Scan Results and Taking Actions + +From this section, you can manage the scan results. A list of all the computers that were scanned +can be viewed and actions such as deleting, encrypting or decrypting files can be taken. + +![Viewing Scan Results and Taking Actions](/img/product_docs/endpointprotector/5.9.4.2/admin/ediscovery/ediscoveryactions.webp) + +You can apply an action to each item individually or, can select multiple items and apply the action +simultaneously by using the Choose action button. diff --git a/docs/endpointprotector/5.9.4.2/admin/module/_category_.json b/docs/endpointprotector/5.9.4.2/admin/module/_category_.json new file mode 100644 index 0000000000..221c6a66b5 --- /dev/null +++ b/docs/endpointprotector/5.9.4.2/admin/module/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Device Control", + "position": 30, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "module" + } +} \ No newline at end of file diff --git a/docs/endpointprotector/5.9.4.2/admin/contentawareprotection/cappolicies.md b/docs/endpointprotector/5.9.4.2/admin/module/cappolicies.md similarity index 98% rename from docs/endpointprotector/5.9.4.2/admin/contentawareprotection/cappolicies.md rename to docs/endpointprotector/5.9.4.2/admin/module/cappolicies.md index 3980eff89e..a904dacae6 100644 --- a/docs/endpointprotector/5.9.4.2/admin/contentawareprotection/cappolicies.md +++ b/docs/endpointprotector/5.9.4.2/admin/module/cappolicies.md @@ -1,3 +1,9 @@ +--- +title: "Policy Configuration and Application" +description: "Policy Configuration and Application" +sidebar_position: 10 +--- + # Policy Configuration and Application Content Aware Policies are sets of rules for sensitive content detection that enforce file transfers @@ -75,7 +81,7 @@ enable the setting on the specific device from Device Control, Global settings, - Policy Template – select a custom notification from the drop-down list or create one from System Parameters, Device Types and Notification, - [Custom Content Aware Protection Notifications](/docs/endpointprotector/5.9.4.2/admin/systemparameters/overview.md#custom-content-aware-protection-notifications) + [Custom Content Aware Protection Notifications](/docs/endpointprotector/5.9.4.2/admin/overview_6.md#custom-content-aware-protection-notifications) section - Policy Status – enable to set policy status to active - Client Notifications – enable this setting to send notifications to clients diff --git a/docs/endpointprotector/5.9.4.2/admin/contentawareprotection/contentdetection.md b/docs/endpointprotector/5.9.4.2/admin/module/contentdetection.md similarity index 98% rename from docs/endpointprotector/5.9.4.2/admin/contentawareprotection/contentdetection.md rename to docs/endpointprotector/5.9.4.2/admin/module/contentdetection.md index 481f045121..38dfd69401 100644 --- a/docs/endpointprotector/5.9.4.2/admin/contentawareprotection/contentdetection.md +++ b/docs/endpointprotector/5.9.4.2/admin/module/contentdetection.md @@ -1,3 +1,9 @@ +--- +title: "Content Detection, Remediation and Compliance" +description: "Content Detection, Remediation and Compliance" +sidebar_position: 20 +--- + # Content Detection, Remediation and Compliance Content detection identifies sensitive data across various file types and applications. Remediation @@ -236,7 +242,7 @@ To remediate the threat, the user has to follow these steps: - click **Authorize** **NOTE:** You can manage more settings for the Self Remediate feature from System Preferences and -[User Remediation](/docs/endpointprotector/5.9.4.2/admin/systemparameters/overview.md#user-remediation) sections. +[User Remediation](/docs/endpointprotector/5.9.4.2/admin/overview_6.md#user-remediation) sections. User Remediation for Content Aware Protection can remediate file transfers via web domains. diff --git a/docs/endpointprotector/5.9.4.2/admin/devicecontrol/customclasses.md b/docs/endpointprotector/5.9.4.2/admin/module/customclasses.md similarity index 98% rename from docs/endpointprotector/5.9.4.2/admin/devicecontrol/customclasses.md rename to docs/endpointprotector/5.9.4.2/admin/module/customclasses.md index 82f8792112..f32a654591 100644 --- a/docs/endpointprotector/5.9.4.2/admin/devicecontrol/customclasses.md +++ b/docs/endpointprotector/5.9.4.2/admin/module/customclasses.md @@ -1,3 +1,9 @@ +--- +title: "Custom Classes" +description: "Custom Classes" +sidebar_position: 50 +--- + # Custom Classes This section provides you with the option to create new classes of devices for easier management. It diff --git a/docs/endpointprotector/5.9.4.2/admin/contentawareprotection/deeppacket.md b/docs/endpointprotector/5.9.4.2/admin/module/deeppacket.md similarity index 98% rename from docs/endpointprotector/5.9.4.2/admin/contentawareprotection/deeppacket.md rename to docs/endpointprotector/5.9.4.2/admin/module/deeppacket.md index 8bca6d4f7a..2c59998775 100644 --- a/docs/endpointprotector/5.9.4.2/admin/contentawareprotection/deeppacket.md +++ b/docs/endpointprotector/5.9.4.2/admin/module/deeppacket.md @@ -1,3 +1,9 @@ +--- +title: "Deep Packet Inspection" +description: "Deep Packet Inspection" +sidebar_position: 40 +--- + # Deep Packet Inspection The Deep Packet Inspection functionality provides a certain degree of granularity, allowing you to @@ -276,7 +282,7 @@ application that is subject to this functionality. **NOTE:** The Deep Packet Inspection functionality needs to be first enabled from **Device Control** > **Settings** (Global, Groups, Computers, etc.). For detailed information on, refer to -the [Device Control](/docs/endpointprotector/5.9.4.2/admin/devicecontrol/module.md) topic. +the [Device Control](/docs/endpointprotector/5.9.4.2/admin/module/module.md) topic. ## Certificate status matrix diff --git a/docs/endpointprotector/5.9.4.2/admin/devicecontrol/devicesandcomputers.md b/docs/endpointprotector/5.9.4.2/admin/module/devicesandcomputers.md similarity index 96% rename from docs/endpointprotector/5.9.4.2/admin/devicecontrol/devicesandcomputers.md rename to docs/endpointprotector/5.9.4.2/admin/module/devicesandcomputers.md index ff4e188077..83b313f6d1 100644 --- a/docs/endpointprotector/5.9.4.2/admin/devicecontrol/devicesandcomputers.md +++ b/docs/endpointprotector/5.9.4.2/admin/module/devicesandcomputers.md @@ -1,3 +1,9 @@ +--- +title: "Devices and Computers" +description: "Devices and Computers" +sidebar_position: 10 +--- + # Devices and Computers ## Devices @@ -35,7 +41,7 @@ Endpoint Protector Server to another and aims to correlate the device rights and You can also import the devices directly from Active Directory. **NOTE:** For detailed information on Active Directory, refer to the -[Directory Services](/docs/endpointprotector/5.9.4.2/admin/directoryservices/overview.md) topic. +[Directory Services](/docs/endpointprotector/5.9.4.2/admin/overview_4.md) topic. ### Priority order @@ -44,7 +50,7 @@ set per Device Types (USB Storage Device, Digital Camera, iPod, Thunderbolt, Chi etc.). **NOTE:** For detailed information, refer to the -[Directory Services](/docs/endpointprotector/5.9.4.2/admin/directoryservices/overview.md) topic. +[Directory Services](/docs/endpointprotector/5.9.4.2/admin/overview_4.md) topic. If you configure device rights granularly for all entities, the priority order will be the following, starting with the highest: @@ -122,7 +128,7 @@ You can manually create a new computer at any time by providing the computer par information mentioned above or import computers from Active Directory. For more details about Active Directory, go to the -[Directory Services](/docs/endpointprotector/5.9.4.2/admin/directoryservices/overview.md) topic. You can also assign the computers to +[Directory Services](/docs/endpointprotector/5.9.4.2/admin/overview_4.md) topic. You can also assign the computers to the following for a better organization: - Devices and Computers e.g., several computers within the same office diff --git a/docs/endpointprotector/5.9.4.2/admin/devicecontrol/globalrights.md b/docs/endpointprotector/5.9.4.2/admin/module/globalrights.md similarity index 97% rename from docs/endpointprotector/5.9.4.2/admin/devicecontrol/globalrights.md rename to docs/endpointprotector/5.9.4.2/admin/module/globalrights.md index d3b9e20be4..cd289ac209 100644 --- a/docs/endpointprotector/5.9.4.2/admin/devicecontrol/globalrights.md +++ b/docs/endpointprotector/5.9.4.2/admin/module/globalrights.md @@ -1,3 +1,9 @@ +--- +title: "Global Rights" +description: "Global Rights" +sidebar_position: 30 +--- + # Global Rights From this section, you can manage the entire system and specify what rights and settings apply @@ -56,7 +62,7 @@ levels, depending on the degree of protection offered by a device (trusted devic Encryption are TD level 1). For detailed information on Trusted Device™ and Enforced Encryption, refer to the -[Trusted Device™](/docs/endpointprotector/5.9.4.2/admin/enforcedencryption/module.md#trusted-device) topic. +[Trusted Device™](/docs/endpointprotector/5.9.4.2/admin/module_1.md#trusted-device) topic. **NOTE:** With the WiFi – Block if wired network is present option you can disable the WiFi connection, while a wired network connection is present. The WiFi connection will be available when diff --git a/docs/endpointprotector/5.9.4.2/admin/devicecontrol/globalsettings.md b/docs/endpointprotector/5.9.4.2/admin/module/globalsettings.md similarity index 99% rename from docs/endpointprotector/5.9.4.2/admin/devicecontrol/globalsettings.md rename to docs/endpointprotector/5.9.4.2/admin/module/globalsettings.md index b774ab1e0d..0a1db610a3 100644 --- a/docs/endpointprotector/5.9.4.2/admin/devicecontrol/globalsettings.md +++ b/docs/endpointprotector/5.9.4.2/admin/module/globalsettings.md @@ -1,3 +1,9 @@ +--- +title: "Global Settings" +description: "Global Settings" +sidebar_position: 40 +--- + # Global Settings From this section, you can apply settings globally to all Endpoint Protector entities. @@ -118,7 +124,7 @@ the Client’s behavior for each specific entity (Global, Groups, and Computers **NOTE:** For this setting to work successfully, enable the Minifilter Driver setting. - User Remediation Pop-up – this setting is available when the - [User Remediation](/docs/endpointprotector/5.9.4.2/admin/systemparameters/overview.md#user-remediation) feature is active and enables + [User Remediation](/docs/endpointprotector/5.9.4.2/admin/overview_6.md#user-remediation) feature is active and enables User Remediation pop-up notifications for end-users. - Enforce User Remediation Pop-up - this setting is available only if the User Remediation Pop-up setting is enabled. When this setting is enabled, end-users cannot disable User Remediation Pop-up @@ -698,7 +704,7 @@ Users, or Computers. **CAUTION:** When triggered, fallback policies supersede the standard device rights. Regarding fallback policies, the Outside Network Policies supersede the Outside Hours Policies. -**NOTE:** For [Content Aware Protection](/docs/endpointprotector/5.9.4.2/admin/contentawareprotection/module.md), the Outside Network +**NOTE:** For [Content Aware Protection](/docs/endpointprotector/5.9.4.2/admin/module/module_1.md), the Outside Network and Outside Hours Policy Type also needs to be selected. ![Manage Outside Network and Outside Hours Policies, for both Device Control and Content Aware modules](/img/product_docs/endpointprotector/5.9.4.2/admin/devicecontrol/outsidehoursnetwork.webp) diff --git a/docs/endpointprotector/5.9.4.2/admin/module/module.md b/docs/endpointprotector/5.9.4.2/admin/module/module.md new file mode 100644 index 0000000000..5492eef431 --- /dev/null +++ b/docs/endpointprotector/5.9.4.2/admin/module/module.md @@ -0,0 +1,24 @@ +--- +title: "Device Control" +description: "Device Control" +sidebar_position: 30 +--- + +# Device Control + +From this section, you can manage all entities in the system, their subsequent rights, and settings. +You can also manage other types of settings from the Device Control section such as Endpoint +Protector Client and Deep Packet Inspection settings. As the first layer of security within Endpoint +Protector, it is activated by default in every configuration provided. + +For a detailed overview of the devices that are discovered and covered under the Device Control +settings, please refer to the +[Device Types (Standard)](globalrights.md#device-types-standard) subtopic. + +## Dashboard + +This section offers an overview in the form of graphics and charts related to the Endpoint Protector +Entities. You can select the start and end date for the data used in these visual representations +from the top-right calendars and view the data in real time. + +![Overview in the form of graphics and charts ](/img/product_docs/endpointprotector/5.9.4.2/admin/devicecontrol/dcdashboard.webp) diff --git a/docs/endpointprotector/5.9.4.2/admin/module/module_1.md b/docs/endpointprotector/5.9.4.2/admin/module/module_1.md new file mode 100644 index 0000000000..41dd906921 --- /dev/null +++ b/docs/endpointprotector/5.9.4.2/admin/module/module_1.md @@ -0,0 +1,55 @@ +--- +title: "Content Aware Protection" +description: "Content Aware Protection" +sidebar_position: 40 +--- + +# Content Aware Protection + +This module allows the Administrator to set up and enforce strong content filtering policies for +selected users, computers, groups, or departments and take control over the risks posed by +accidental or intentional file transfers of sensitive company data, such as: + +- Personal Identifiable Information (PII): social security numbers (SSN), driving license numbers, + email addresses, passport numbers, phone numbers, addresses, dates, etc. +- Financial and credit card information: credit card numbers for Visa, MasterCard, American Express, + JCB, Discover Card, Diners Club, bank account numbers, etc. +- Confidential files: sales and marketing reports, technical documents, accounting documents, customer + databases, etc. + +**CAUTION:** Endpoint Protector cannot scan encrypted files or applications that use encryption to +secure communication. + +To prevent sensitive data leakage, Endpoint Protector closely monitors all activity at various exit +points: + +- Transfers on portable storage and other media devices (USB Drives, external HDDs, CDs, DVDs, SD + cards, etc.), either directly or through encryption software (e.g., Enforced Encryption) +- Transfers on local networks (Network Share) +- Transfers via the Internet (email Clients, File Sharing Application, Web Browsers, Instant + Messaging, Social Media, etc.) +- Transfers to the cloud (iCloud, Google Drive, Dropbox, Microsoft SkyDrive, etc.) +- Transfers through Copy & Paste / Cut & Paste +- Print screens +- Printers and others + +## Content Aware Protection Activation + +Content Aware Protection comes as the second level of data protection available in Endpoint +Protector. The module is displayed but requires a simple activation by pressing the Enable button. +If not previously provided, the contact details of the Main Administrator will be required. + +**NOTE:** Any details provided will only be used to ensure the Live Update Server is configured +correctly and that the Content Aware Protection module was enabled successfully. + +![The module is displayed but requires a simple activation by pressing the Enable button](/img/product_docs/endpointprotector/5.9.4.2/admin/contentawareprotection/activation.webp) + +**NOTE:** The Content Aware Protection module is separate from Device Control or eDiscovery modules, +and requires separate licensing. + +## Dashboard + +This section offers a quick overview in the form of graphics and charts related to the Content Aware +Protection module. + +![A quick overview in the form of graphics and charts related to the Content Aware Protection module](/img/product_docs/endpointprotector/5.9.4.2/admin/contentawareprotection/dashboard.webp) diff --git a/docs/endpointprotector/5.9.4.2/admin/contentawareprotection/usecases.md b/docs/endpointprotector/5.9.4.2/admin/module/usecases.md similarity index 95% rename from docs/endpointprotector/5.9.4.2/admin/contentawareprotection/usecases.md rename to docs/endpointprotector/5.9.4.2/admin/module/usecases.md index 2cc4773ecc..b113630f24 100644 --- a/docs/endpointprotector/5.9.4.2/admin/contentawareprotection/usecases.md +++ b/docs/endpointprotector/5.9.4.2/admin/module/usecases.md @@ -1,3 +1,9 @@ +--- +title: "Content Aware Protection Use Cases" +description: "Content Aware Protection Use Cases" +sidebar_position: 30 +--- + # Content Aware Protection Use Cases Content Aware Protection enables organizations to define policies for monitoring and controlling the diff --git a/docs/endpointprotector/5.9.4.2/admin/devicecontrol/usersandgroups.md b/docs/endpointprotector/5.9.4.2/admin/module/usersandgroups.md similarity index 98% rename from docs/endpointprotector/5.9.4.2/admin/devicecontrol/usersandgroups.md rename to docs/endpointprotector/5.9.4.2/admin/module/usersandgroups.md index 1952aa2433..8bb32c6f11 100644 --- a/docs/endpointprotector/5.9.4.2/admin/devicecontrol/usersandgroups.md +++ b/docs/endpointprotector/5.9.4.2/admin/module/usersandgroups.md @@ -1,3 +1,9 @@ +--- +title: "Users and Groups" +description: "Users and Groups" +sidebar_position: 20 +--- + # Users and Groups ## Users @@ -16,7 +22,7 @@ information mentioned above. Users can also be imported into Endpoint Protector Directory. For detailed information on Active Directory, refer to the -[Directory Services](/docs/endpointprotector/5.9.4.2/admin/directoryservices/overview.md) chapter. +[Directory Services](/docs/endpointprotector/5.9.4.2/admin/overview_4.md) chapter. There are two users created by default during the installation process of Endpoint Protector: @@ -90,7 +96,7 @@ You can manually create a new group at any time by providing the group informati Groups can also be imported into Endpoint Protector from Active Directory. **NOTE:** For detailed information on Active Directory, refer to the -[Directory Services](/docs/endpointprotector/5.9.4.2/admin/directoryservices/overview.md) topic. +[Directory Services](/docs/endpointprotector/5.9.4.2/admin/overview_4.md) topic. The Actions column offers multiple options related to the group’s management like Edit, Manage Rights, Manage Settings, History, and Delete. diff --git a/docs/endpointprotector/5.9.4.2/admin/module_1.md b/docs/endpointprotector/5.9.4.2/admin/module_1.md new file mode 100644 index 0000000000..b6fd57ba8f --- /dev/null +++ b/docs/endpointprotector/5.9.4.2/admin/module_1.md @@ -0,0 +1,180 @@ +--- +title: "Enforced Encryption" +description: "Enforced Encryption" +sidebar_position: 70 +--- + +# Enforced Encryption + +Enforced Encryption, Formerly known as EasyLock, is a cross-platform solution that protects data +with government-approved 256 bit AES CBC-mode encryption. For USB devices, it needs to be deployed +on the root of the device. With the intuitive Drag & Drop interface, files can be quickly copied to +and from the device. + +![Enforced Encryption, Formerly known as EasyLock](/img/product_docs/endpointprotector/5.9.4.2/admin/enforcedencryption/enforcedencryption.webp) + +Used in combination with Endpoint Protector, Enforced Encryption allows USB storage devices to be +identified as Trusted Device™ Level 1. This can ensure that USB Enforced Encryption is used on +protected computers. Accessing data stored on the device can be done via the password the user +configured or via a Master Password set by the Endpoint Protector administrator. The encrypted data +can be opened by any user only after it is decrypted, therefore requiring the user to copy the +information out of Enforced Encryption. + +**CAUTION:** Enforced Encryption is not compatible with devices that have a write-protection +mechanism in place, preventing the modification or deletion of data. The write-protection mechanism +can be enforced using a hardware component (for example a switch on the USB device) or a software +component. + +**NOTE:** While Endpoint Protector can detect any Enforced Encryption USB encrypted device as a +Trusted Device™ Level 1, to use the Enforced Encryption feature, a specific Enforced Encryption +version must be used. This is available for the Endpoint Protector User Interface. + +Enforced Encryption works on read-only mode if the device was formatted on Windows, the Enforced +Encryption configured on Windows or some files were encrypted on Windows. On macOS, these files can be +decrypted, except for NTFS due to incompatibility with Enforced Encryption. + +## Enforced Encryption Deployment + +Enforced Encryption is supported for both Mac and Windows computers. + +![Enforced Encryption is supported for both Mac and Windows computers](/img/product_docs/endpointprotector/5.9.4.2/admin/enforcedencryption/deployment.webp) + +Deployment can be done automatically if **Allow Access if Trusted Device™ Level 1+** is selected +for the USB Storage Devices. This can be done by going to Device Control, Global Rights section, or +using the quick links provided, as per the image above. + +Manual deployment is also available. Download links for both Windows and Mac are available in this +section. The downloaded Enforced Encryption file must be copied onto the USB storage device and +executed from the root of the device. Due to extended security features for manual deployment, +Enforced Encryption will have to be redownloaded from the Endpoint Protector interface each time it +will be used to encrypt a new USB storage device. + +**NOTE:** Starting with Endpoint Protector 5.2.0.0, manual deployment can also be made by the user +if the device is set on Allow Access, by pressing the small USB icon- Encrypt Device with Enforced +Encryption. + +Both Enforced Encryption deployments are straightforward and require the user only to configure a +password. + +**NOTE:** On Macs, USB storage devices with multiple partitions are not supported by Enforced +Encryption and Trusted Device™ Level 1. + +## Enforced Encryption Settings + +This section allows you to remotely manage Enforced Encryption encrypted devices. Before being able +to take advantage of these features, you must configure a Master Password. + +![Enforced Encryption Settings](/img/product_docs/endpointprotector/5.9.4.2/admin/enforcedencryption/settings.webp) + +In the Settings section, the Master Password can be configured, the Enforced Encryption File Tracing +enabled, as well as defining the installation and execution of Enforced Encryption only on computers +where the Endpoint Protector Client is present. + +For both the Master Password and the User Password, complex rules can be enforced. If these are +enabled, the password lengths, minimum characters, validity, history, and other settings can be set. + +![ Master Password Settings](/img/product_docs/endpointprotector/5.9.4.2/admin/enforcedencryption/masterpasswordsettings.webp) + +Endpoint Protector allows tracing of files copied and encrypted on portable devices using Enforced +Encryption. This option can be activated from inside the Settings windows located under the Enforced +Encryption tab. + +![File Tracing Settings](/img/product_docs/endpointprotector/5.9.4.2/admin/enforcedencryption/filetracing.webp) + +By checking the File Tracing option, all data transferred to and from devices using Enforced +Encryption is recorded and logged for later auditing. The logged information is automatically sent +to the Endpoint Protector Server if the Endpoint Protector Client is present on that computer. This +action takes place regardless of the File Tracing option being enabled or not for that specific +computer through the Device Control module. + +In case the Endpoint Protector Client is not present, the information is stored locally in an +encrypted format on the device and it will be sent at a later time from any other computer with the +Endpoint Protector Client installed. + +The additional Offline File Tracing option is an extension to the first option, offering the +possibility to store information directly on the device, before being sent to the Endpoint Protector +Server. The list of copied files is sent only the next time the device is plugged in and only if the +Endpoint Protector Client is present and communicates with the Endpoint Protector Server. + +Additionally, Easy Lock performs File Shadowing for the files that are transferred if the Endpoint +Protector Client is present and the File Shadowing option is enabled on the computer on which the +events occur – through the Device Control module. This is a real-time event and no shadowing +information is stored on the device at any given time. + +**NOTE:** Enabling global File Tracing will not automatically activate the File Tracing option on +Enforced Encryption Trusted Device™ and vice versa. + +### Enforced Encryption Clients + +In the Clients list section, all Enforced Encryption enforced devices are listed. By selecting the +Manage Client Action a list of Actions History is displayed, as well as the option to manage them by +sending a message, changing the user’s password, resetting the device, resending the master +password, and more. + +![Enforced Encryption Clients](/img/product_docs/endpointprotector/5.9.4.2/admin/enforcedencryption/clientslist.webp) + +### Trusted Device™ + +Protecting Data in Transit is essential to ensure no third party has access to data in case a device +is lost or stolen. The Enforced Encryption solution gives administrators the possibility to protect +confidential data on portable devices in case of loss or theft. Ensuring only encrypted devices can +be used on computers where Endpoint Protector is present can be done by utilizing Trusted Device™. +Trusted Device™ must receive authorization from the Endpoint Protector Server, otherwise, they will +be unusable. There are four levels of security for Trusted Device™: + +- Level 1 – Minimum security for office and personal use with a focus on software-based encryption for + data security. Any USB Flash Drive and most other portable storage devices can be turned into a + Trusted Device™ Level 1. It does not require any specific hardware but it does need an encryption + solution such as Enforced Encryption +- Level 2 – Medium security level with biometric data protection or advanced software-based data + encryption. It requires special hardware that includes security software and has been tested for + Trusted Device™ Level 2. +- Level 3 – High-security level with strong hardware-based encryption that is mandatory for + regulatory compliance such as SOX, HIPAA, GBLA, PIPED, Basel II, DPA, or PCI 95/46/EC. It requires + special hardware that includes advanced security software and hardware-based encryption that has + been tested for Trusted Device™ Level 3. +- Level 4 – Maximum security for military and government use. Level 4 Trusted Device™ include + strong hardware-based encryption for data protection and are independently certified (e.g., FIPS + 140). These devices have successfully undergone rigorous testing for software and hardware. It + requires special hardware that is available primarily through security-focused resellers. +- Level 1+ – Derived from Level 1, it will ensure that Enforced Encryption 2 with Master Password + will be automatically deployed on USB storage devices plugged into computers where the Endpoint + ProtectorEndpoint Protector Client is present. + +**NOTE:** If a Trusted Device™ Level 1 right is enabled and a Trusted Device™ level 2, 3 or 4 is +connected, the right will apply accordingly. + +The table below provides a list of Trusted Device™: + +| Device Names | Trusted Device™ Level | +| ------------------------------------- | ---------------------- | +| Enforced Encryption Encrypted devices | 1 | +| AT1177 | 2 | +| UT169 | 2 | +| UT176 | 2 | +| Trek ThumbDrive | 2 | +| BitLocker Encrypted devices | 3 | +| FileVault Encrypted devices | 3 | +| Buffalo Secure Lock | 3 | +| CTWO SafeXs | 3 | +| Integral Crypto | 3 | +| Integral Crypto Dual | 3 | +| Integral Courier Dual | 3 | +| IronKey Secure Drive | 3 | +| iStorage datAshur | 3 | +| Kanguru Bio Drive | 3 | +| Kanguru Defender | 3 | +| Kanguru Elite (30, 200 & 300) | 3 | +| Kanguru Defender Elite | 3 | +| Kingston DataTraveler Locker+ | 3 | +| Lexar 1 (Locked I Device) | 3 | +| Lexar Gemalto | 3 | +| SaferZone Token | 3 | +| ScanDisk Enterprise | 3 | +| Verbatim Professional | 3 | +| Verbatim Secure Data | 3 | +| Verbatim V-Secure | 3 | +| iStorage datAshur Pro | 4 | +| Kanguru Defender (2000 & 3000) | 4 | +| SafeStick BE | 4 | +| Stealth MXP Bio | 4 | diff --git a/docs/endpointprotector/5.9.4.2/admin/offlinetemporarypassword/overview.md b/docs/endpointprotector/5.9.4.2/admin/offlinetemporarypassword/overview.md deleted file mode 100644 index 1664de372c..0000000000 --- a/docs/endpointprotector/5.9.4.2/admin/offlinetemporarypassword/overview.md +++ /dev/null @@ -1,89 +0,0 @@ -# Offline Temporary Password - -In this section, you can generate Offline Temporary Passwords (or OTPs) and grant temporary access -rights. In addition to situations when only temporary access is needed, it can also be used when -there is no network connection between the protected computers and the Endpoint Protector Server. - -The Offline Temporary Password can be generated for the below entities: - -- Device (a specific device) -- Computer and User (all devices) -- Computer and User (all file transfers) - -A password is linked to a time period and is unique for a certain device and computer. This means -the same password cannot be used for a different device or computer. It also cannot be used twice -(except for Universal Offline Temporary Password). - -The time intervals available are 15 minutes, 30 minutes, 1 hour, 2 hours, 4 hours, 8 hours, 1 day, 2 -days, 5 days, 14 days, and 30 days or Custom. - -The Offline Temporary Password Duration offers a customized option, allowing the generation of -time-based Offline Temporary Password Codes, with a Start Date/Time and an End Date/Time. - -For large companies or multinationals that have the Endpoint Protector Server and the protected -endpoints in different time zones, taking into consideration how the Server Time and Client Time -work is essential. - -Example: The Endpoint Protector Server is located in Germany, making the Server Time UTC+01:00. - -The protected endpoints are located in Romania, making the Client Time UTC+02:00. - -When generating an Offline Temporary Password Code that should take effect tomorrow, from 16:00 on -the endpoint time, it should actually be generated for tomorrow, from 15:00 (to adjust for the 1h -difference in the time zone). - -For the predefined duration, the above adjustment is not necessary. The Offline Temporary Password -Code will be valid for that specific amount of time, starting with the moment it was redeemed. The -only thing to consider is that the Offline Temporary Password Code needs to be redeemed the same day -it was generated. - -**NOTE:** The Universal Offline Temporary Password feature can also be turned on. If enabled, it can -be used by any user, on any computer, for any device or file transfers – it eliminates security -restrictions for one hour. It can be used multiple times, by any user that knows it. - -The Universal Offline Temporary Password can be made visible only for Super Administrators. If this -setting is enabled, Normal and Offline Temporary Password Administrators will not be able to see and -use it. Enable this setting from System Configuration, System Settings, and Custom settings. - -You have the option to add a justification, mentioning the reason why the password was created. This -can later be used for a better overview or various audit purposes. - -Once an Offline Temporary Password has been authorized, any other rights and settings saved afterwards -on the Endpoint Protector Server will not take immediate effect. The Offline Temporary Password has to -expire and the connection with the Server re-established. - -**NOTE:** The Transfer Limit Reset Offline Temporary Password is only available if the feature is -enabled. The main purpose of this type of Offline Temporary Password is to re-establish the -Server-Client communication before the Transfer Limit Reset Time Interval has expired. - -## Generating the Offline Temporary Password - -Depending on the options selected from the drop-down menus, the Offline Temporary Password (or OTP) -can be generated for an exact device, all devices, or all file transfers. - -![Generating the Offline Temporary Password](/img/product_docs/endpointprotector/5.9.4.2/admin/offlinetemporarypassword/offlinetemporarypassword.webp) - -When generating an Offline Temporary Password for a Device, you can either introduce the Device Code -communicated by the user or search the Endpoint Protector database for an existing device. -Alternatively, you can generate an Offline Temporary Password directly from the Device Control, -Computers section, by selecting the Offline Temporary Password option from the Actions column. - -When generating an OTP Code for a device, either the Device Code or the Device Name has to be -entered (one of them will automatically fill in the other field). - -The Computer Name and the Username fields do not need to be both filled in. The OTP Code is perfectly -valid if only one of them is provided. However, if the OTP Code needs to be valid for an exact -device, on an exact computer, for an exact user, all of the relevant fields need to be filled in. - -Once the OTP Code has been generated, it will be displayed on the right side of the image above. - -As it needs to be provided to the person that made the request, Endpoint Protector offers two quick -ways of doing this, either by sending a direct e-mail or by printing it out. - -**NOTE:** You can edit the Administrator contact information that is displayed to a user from System -Configuration, System Settings, as the Main Administrator Contact Details. - -Similar to generating an Offline Temporary Password for a specific device, when generating one for all -devices or all file transfers, the Computer Name and the Username fields are not both mandatory. The -OTP Code is perfectly valid if only one of them is provided. However, if the OTP Code needs to be -valid for an exact computer and an exact user, all of the relevant fields need to be filled in. diff --git a/docs/endpointprotector/5.9.4.2/admin/overview.md b/docs/endpointprotector/5.9.4.2/admin/overview.md index 7467375bbc..0107701f5b 100644 --- a/docs/endpointprotector/5.9.4.2/admin/overview.md +++ b/docs/endpointprotector/5.9.4.2/admin/overview.md @@ -1,3 +1,9 @@ +--- +title: "Administration" +description: "Administration" +sidebar_position: 40 +--- + # Administration This document provides a comprehensive resource for system administrators tasked with managing diff --git a/docs/endpointprotector/5.9.4.2/admin/overview_1.md b/docs/endpointprotector/5.9.4.2/admin/overview_1.md new file mode 100644 index 0000000000..22b9f03883 --- /dev/null +++ b/docs/endpointprotector/5.9.4.2/admin/overview_1.md @@ -0,0 +1,95 @@ +--- +title: "Offline Temporary Password" +description: "Offline Temporary Password" +sidebar_position: 80 +--- + +# Offline Temporary Password + +In this section, you can generate Offline Temporary Passwords (or OTPs) and grant temporary access +rights. In addition to situations when only temporary access is needed, it can also be used when +there is no network connection between the protected computers and the Endpoint Protector Server. + +The Offline Temporary Password can be generated for the below entities: + +- Device (a specific device) +- Computer and User (all devices) +- Computer and User (all file transfers) + +A password is linked to a time period and is unique for a certain device and computer. This means +the same password cannot be used for a different device or computer. It also cannot be used twice +(except for Universal Offline Temporary Password). + +The time intervals available are 15 minutes, 30 minutes, 1 hour, 2 hours, 4 hours, 8 hours, 1 day, 2 +days, 5 days, 14 days, and 30 days or Custom. + +The Offline Temporary Password Duration offers a customized option, allowing the generation of +time-based Offline Temporary Password Codes, with a Start Date/Time and an End Date/Time. + +For large companies or multinationals that have the Endpoint Protector Server and the protected +endpoints in different time zones, taking into consideration how the Server Time and Client Time +work is essential. + +Example: The Endpoint Protector Server is located in Germany, making the Server Time UTC+01:00. + +The protected endpoints are located in Romania, making the Client Time UTC+02:00. + +When generating an Offline Temporary Password Code that should take effect tomorrow, from 16:00 on +the endpoint time, it should actually be generated for tomorrow, from 15:00 (to adjust for the 1h +difference in the time zone). + +For the predefined duration, the above adjustment is not necessary. The Offline Temporary Password +Code will be valid for that specific amount of time, starting with the moment it was redeemed. The +only thing to consider is that the Offline Temporary Password Code needs to be redeemed the same day +it was generated. + +**NOTE:** The Universal Offline Temporary Password feature can also be turned on. If enabled, it can +be used by any user, on any computer, for any device or file transfers – it eliminates security +restrictions for one hour. It can be used multiple times, by any user that knows it. + +The Universal Offline Temporary Password can be made visible only for Super Administrators. If this +setting is enabled, Normal and Offline Temporary Password Administrators will not be able to see and +use it. Enable this setting from System Configuration, System Settings, and Custom settings. + +You have the option to add a justification, mentioning the reason why the password was created. This +can later be used for a better overview or various audit purposes. + +Once an Offline Temporary Password has been authorized, any other rights and settings saved afterwards +on the Endpoint Protector Server will not take immediate effect. The Offline Temporary Password has to +expire and the connection with the Server re-established. + +**NOTE:** The Transfer Limit Reset Offline Temporary Password is only available if the feature is +enabled. The main purpose of this type of Offline Temporary Password is to re-establish the +Server-Client communication before the Transfer Limit Reset Time Interval has expired. + +## Generating the Offline Temporary Password + +Depending on the options selected from the drop-down menus, the Offline Temporary Password (or OTP) +can be generated for an exact device, all devices, or all file transfers. + +![Generating the Offline Temporary Password](/img/product_docs/endpointprotector/5.9.4.2/admin/offlinetemporarypassword/offlinetemporarypassword.webp) + +When generating an Offline Temporary Password for a Device, you can either introduce the Device Code +communicated by the user or search the Endpoint Protector database for an existing device. +Alternatively, you can generate an Offline Temporary Password directly from the Device Control, +Computers section, by selecting the Offline Temporary Password option from the Actions column. + +When generating an OTP Code for a device, either the Device Code or the Device Name has to be +entered (one of them will automatically fill in the other field). + +The Computer Name and the Username fields do not need to be both filled in. The OTP Code is perfectly +valid if only one of them is provided. However, if the OTP Code needs to be valid for an exact +device, on an exact computer, for an exact user, all of the relevant fields need to be filled in. + +Once the OTP Code has been generated, it will be displayed on the right side of the image above. + +As it needs to be provided to the person that made the request, Endpoint Protector offers two quick +ways of doing this, either by sending a direct e-mail or by printing it out. + +**NOTE:** You can edit the Administrator contact information that is displayed to a user from System +Configuration, System Settings, as the Main Administrator Contact Details. + +Similar to generating an Offline Temporary Password for a specific device, when generating one for all +devices or all file transfers, the Computer Name and the Username fields are not both mandatory. The +OTP Code is perfectly valid if only one of them is provided. However, if the OTP Code needs to be +valid for an exact computer and an exact user, all of the relevant fields need to be filled in. diff --git a/docs/endpointprotector/5.9.4.2/admin/overview_2.md b/docs/endpointprotector/5.9.4.2/admin/overview_2.md new file mode 100644 index 0000000000..94145ee104 --- /dev/null +++ b/docs/endpointprotector/5.9.4.2/admin/overview_2.md @@ -0,0 +1,181 @@ +--- +title: "Reports and Analysis" +description: "Reports and Analysis" +sidebar_position: 90 +--- + +# Reports and Analysis + +This section offers an overview of the System Logs, Device Control Logs and Shadows, Content Aware +Logs and Shadows, Admin Actions, Statistics, and other helpful information. + +Details regarding eDiscovery Scans and Enforced Encryption can be viewed in their specific sections +and not in the Reports and Analysis section. + +As an additional security measure, this section may be protected by an additional password set by +the Super Administrator, from **System Configuration** > **System Security**. + +## Logs Report + +From this section, you can view, sort, and export the main logs in the system. There are several +event types such as User Login, User Logout, AD Import, AD Synchronization, Uninstall Attempt, etc., +included in this section. Additionally, the main Device Control logs can be viewed in this section. + +![Logs Report Settings](/img/product_docs/endpointprotector/5.9.4.2/admin/devicecontrol/logsreport.webp) + +**NOTE:** Use the Filters option to view and sort different log types and then export the result +list. + +## File Tracing + +This section offers an overview of trace files that have been transferred from a protected computer +to a portable device or another computer on the network, and vice versa. + +A special mention is given here to the “File Hash” column. Endpoint Protector computes an MD5 hash +for most of the files to which the File Tracing feature applies to. This way, mitigating threats +coming from changing the file content is ensured. + +You can export the search results (as an Excel, PDF, or CSV) or Create and Export containing the +entire log report as a .CSV file. + +![File Tracing Reports](/img/product_docs/endpointprotector/5.9.4.2/admin/reportsanalysis/filetracingreports.webp) + +### File Tracing Events by Direction + +The "File Tracing Events Matrix by Direction" table is a valuable reference for understanding how +Endpoint Protector categorizes file tracing events based on data transfer directions. It offers +insight into event handling and helps users customize data protection policies effectively. Whether +tracking local transfers or interactions with removable devices and network shares, this table +provides a clear overview. It's an essential resource for configuring data protection policies in the +Endpoint Protector environment, ensuring strong security and compliance. + +**NOTE:** This matrix refers to clients from the 5.9.0.0 release and higher. + +Please see the table below for a detailed view of the events. + +File Tracing Events Matrix by Direction + +| Direction | Windows | macOS | Linux | +| ------------------------------------ | ---------- | ---------- | ---------- | +| Local -> Local (Partition 0) | N/A | N/A | N/A | +| Local -> Removable | Src & Dest | Src & Dest | Src & Dest | +| Local -> Network share | Src & Dest | Src & Dest | N/A | +| Local -> Partition 1 | Src & Dest | N/A | N/A | +| Removable -> Local (Partition 0) | Src & Dest | Src & Dest | Src & Dest | +| Removable -> Removable | Src & Dest | Dest | Src & Dest | +| Removable -> Network share | Src & Dest | Dest | N/A | +| Removable -> Partition 1 | Src & Dest | Src & Dest | Src & Dest | +| Network share -> Local (Partition 0) | Src & Dest | Src & Dest | N/A | +| Network share -> Removable | Src & Dest | Dest | N/A | +| Network share -> Network share | Src & Dest | Dest | N/A | +| Network share -> Partition 1 | Src & Dest | Src & Dest | N/A | +| Partition 1 -> Local (Partition 0) | N/A | N/A | N/A | +| Partition 1 -> Removable | Src & Dest | Src & Dest | Src & Dest | +| Partition 1 -> Network share | Src & Dest | Src & Dest | N/A | +| Partition 1 -> Partition 0 | N/A | N/A | N/A | + +Legend: + +- Partition 0 -> Boot Partition (OS) +- Partition 1 -> 2nd Partition (e.g., 2nd OS or Data Partition) + +## Content Aware Report + +From this section, you can view Content Aware Logs in the system and detect data incidents +corresponding to the Content Aware Policies applied. + +![Content Aware Reports](/img/product_docs/endpointprotector/5.9.4.2/admin/reportsanalysis/capreports.webp) + +When using the latestEndpoint Protector client, you can view log details structured per file scanned. + +Expand each entry from the log report list to view the Log Details expanded section, providing the +following information: + +- Policy – select an active policy from the drop-down list +- Policy name – the name of the selected policy +- Policy type – the type of the selected policy +- Items type – the Policy Denylist category selected +- Matched type – the Policy Denylist type selected +- Matched items – click the link to view a pop-up window with the list of matched items + +![A pop-up window with the list of matched items](/img/product_docs/endpointprotector/5.9.4.2/admin/reportsanalysis/capmatcheditems.webp) + +- Count – the number of matched items + +![Count – the number of matched items](/img/product_docs/endpointprotector/5.9.4.2/admin/reportsanalysis/matcheditemscount.webp) + +From the Filters section, check the **Include old logs prior to 5.7** upgrade option from the filter +section to include all logs in your searches. If the option is not selected, the filters will apply +only to the new structure of logs. + +![Content Aware Protection Filters](/img/product_docs/endpointprotector/5.9.4.2/admin/reportsanalysis/capfilters.webp) + +For Mac users, when the Deep Packet Inspection feature is enabled on the Endpoint Protector agent +for Mac, there might be certain scenarios where the agent does not provide full destination details +for files being transferred from a network share through monitored applications, such as browsers. In +such cases, the destination information may not be fully captured in the monitoring process + +For Linux users, it's important to note that the Endpoint Protector agent does not currently support +network share visibility, except in situations where files are being transferred from a network share +through Deep Packet Inspection monitored applications, like browsers. In other scenarios, network +share visibility might not be available. + +### Export Content Aware Reports + +You can export Content Aware Logs as an Excel, PDF, or CSV or create and export the entire log +report as a CSV or XLSX file. + +Excel/PDF/CSV – situated above the Content Aware Reports list, this will export only the default +columns + +![Export Content Aware Reports](/img/product_docs/endpointprotector/5.9.4.2/admin/reportsanalysis/exportreports.webp) + +Create Export – situated below the Content Aware Reports list, this will create an export containing +all data, including the expanded Logs Details section with columns Policy Type, Policy Name, Item +type, Matched type, Matched items and Count. + +![Creating Export ](/img/product_docs/endpointprotector/5.9.4.2/admin/reportsanalysis/createexport.webp) + +After the message that is displayed that A new export has been made and is available on Export List, +click View Export List to open the list of Reports, where you can download or delete a report. + +![Viewing Export List ](/img/product_docs/endpointprotector/5.9.4.2/admin/reportsanalysis/viewexportlist.webp) + +![Export List Results ](/img/product_docs/endpointprotector/5.9.4.2/admin/reportsanalysis/exportlistresults.webp) + +## Admin Actions + +This section offers an overview of every important action performed in the interface. From the +Action column, you can view additional information. + +![ An overview of every important action performed in the interface](/img/product_docs/endpointprotector/5.9.4.2/admin/reportsanalysis/adminactions.webp) + +## Online Computers + +This section offers an overview of computers registered on the system which have an established +connection with the server. If the Refresh Interval for computer X is 1 minute, then computer X was +communicating with the server in the last 1 minute. + +![Overview of computers registered on the system](/img/product_docs/endpointprotector/5.9.4.2/admin/reportsanalysis/onlinecomputers.webp) + +## Online Users + +This section offers an overview of users registered on the system which have an established +connection with the server. + +![An overview of users registered on the system](/img/product_docs/endpointprotector/5.9.4.2/admin/reportsanalysis/onlineusers.webp) + +## Online Devices + +This section provides an overview of devices registered on the system which have an established +connection with the server. + +![An overview of devices registered on the system](/img/product_docs/endpointprotector/5.9.4.2/admin/reportsanalysis/onlinedevices.webp) + +## Statistics + +The Statistics module lets you view system activity related to data traffic and device connections. +The integrated filter makes generating reports quick and easy; simply select the field of interest +and click **Apply Filter**. + +![View system activity regarding data traffic and device connections](/img/product_docs/endpointprotector/5.9.4.2/admin/reportsanalysis/statistics.webp) diff --git a/docs/endpointprotector/5.9.4.2/admin/overview_3.md b/docs/endpointprotector/5.9.4.2/admin/overview_3.md new file mode 100644 index 0000000000..e8c821ea60 --- /dev/null +++ b/docs/endpointprotector/5.9.4.2/admin/overview_3.md @@ -0,0 +1,190 @@ +--- +title: "Alerts" +description: "Alerts" +sidebar_position: 100 +--- + +# Alerts + +From this section, you can define E-mail Alerts for the main events detected by Endpoint Protector: +System Alerts, Device Control Alerts, Content Aware Alerts, and Enforced Encryption Alerts. + +**NOTE:** Before creating alerts, make sure the Endpoint Protector E-mail Server Settings have been +configured from the System Configuration, System Settings section. You also have the option to verify +these settings by sending a test E-mail. + +For each Administrator to appear in the list of recipients for the Alerts, this has to be provided +under the Administrator details from the System Configuration, System Administrators section. + +![ Endpoint Protector E-mail Server Settings](/img/product_docs/endpointprotector/5.9.4.2/admin/alerts/emailserversettings.webp) + +## System Alerts + +From this section, you can create system alerts, including APNS certificate expiry, updates and +support expiry, endpoint licenses used, etc. + +![System Alerts Settings](/img/product_docs/endpointprotector/5.9.4.2/admin/alerts/systemalerts.webp) + +### Creating a System Alert + +Follow the steps to add a new Alert. + +**Step 1 –** Click **Create**, provide the required information and then click **Save**. + +- Event – select the type of event that generates the alert +- Updates and Support – set an alert regarding each module’s maintenance status (Device Control, + Content Aware Protection, and eDiscovery) + + **NOTE:** You can disable the Update and Support system alert from General Dashboard, System + Status. + +- Endpoint Licenses – set an alert to be notified of the percentage of used Endpoint Licenses and + eliminate the risks of having unprotected endpoints as each network is constantly growing. Define + alerts when the percentage of used Endpoint Licenses reaches 70%, 80%, or 90%. +- Client Uninstall – set an alert each time an Endpoint Protector Client is uninstalled for better + management of an extensive network. This is particularly helpful when there are several assigned + Administrators. +- Server Disk Space – set an alert to be notified of the Server Disk Space status and ensure Server + Disk Space remains available for logs to be stored and policies are correctly applied. +- Define alerts when disk space reaches 70%, 80%, or 90% and then select the monitored partitions + from the available root, epp and boot. +- Device Control – Logs Amount – set an alert each time the Number of Device Control Logs Stored + reaches a specific amount. Select from the available intervals or define a custom value. +- Content Aware – Logs Amount –set an alert each time the Number of Content Aware Logs Stored + reaches a specific amount. Select from the available intervals or define a custom value. +- Password Expiration – set an alert to be notified when a password is about to expire. Define the + alert using the 10, 5, or 1 day options. +- Not Seen Online – set an alert each time a protected endpoint has not been seen online in the + specific timeframe. Select an option from the available intervals or define a custom interval. This + alert can also identify computers where the Endpoint Protector Client might have been uninstalled. +- Unplanned Client Termination – set an alert to identify when a user tries to terminate the + Endpoint Protector process. + +**Step 2 –** Alert Name – Add a name for the alert. + +**Step 3 –** Options –Based on the type of alert you selected, define the alert using the additional +options. + +**Step 4 –** Administrators - Select the Administrators that will receive the alerts. + +![Creating a System Alert](/img/product_docs/endpointprotector/5.9.4.2/admin/alerts/creatsystemalert.webp) + +### System Alerts History + +From this section, you can view a history of the System Alerts. Alerts that are no longer needed for +auditing purposes can later be deleted. + +![System Alerts History](/img/product_docs/endpointprotector/5.9.4.2/admin/alerts/systemalertshistory.webp) + +## Device Control Alerts + +From this section, you can create Device Control alerts, for events such as Connected, File Read, +File Write, Enforced Encryption – successfully deployed, etc. + +![Device Control Alerts](/img/product_docs/endpointprotector/5.9.4.2/admin/alerts/dcalerts.webp) + +### Creating a Device Control Alert + +To add a new device control alert, click **Create**, provide the required information, and then +click **Save**. + +- Event – select the event type that generates the alert; +- Alerts Name – add a name for the alert; +- Device Type – select the device type from the drop-down list of available devices; +- Devices – select the specific device already available in the system; +- Monitored Entities – select the Groups, Computers, or Users that generate the event; +- Administrators – select the Administrators that will receive the alerts. + +![Creating a Device Control Alert](/img/product_docs/endpointprotector/5.9.4.2/admin/alerts/creatingdcalert.webp) + +### Device Control Alerts History + +From this section, you can view a history of the Device Control Alerts. Alerts that are no longer +needed for auditing purposes can later be deleted. + +![Device Control Alerts History](/img/product_docs/endpointprotector/5.9.4.2/admin/alerts/dcalertshistory.webp) + +## Content Aware Alerts + +From this section, you can create Content Aware alerts, for events such as Content Threat Detected +or Content Threat Blocked. + +![Content Aware Alerts](/img/product_docs/endpointprotector/5.9.4.2/admin/alerts/contentawarealerts.webp) + +### Creating a Content Aware Alert + +Follow the steps to create a content aware alert. + +**Step 1 –** To add a new Alert, click **Create** and provide the information required. + +- Event - the event type that generates the alert (Content Threat Detected or Content Threat + Blocked) + + - Content Threat DetectedDPI bypasswhitelist + - Content Threat Blocked + - Content Remediation Session Active + - Content Remediation Request Canceled by User + - DPI Bypassed Traffic + +- Alerts Name – Add a name for the alert. +- Content Policy – Select a policy to apply the alert (this field is not available if you select DPI + Bypass Traffic event). +- Administrators – Select the Administrators that will receive the alerts. +- Monitored Entities – Select the Groups, Computers, or Users that generate the event . + +**Step 2 –** Click **Save**. + +The alert sent on the email will also include a CSV file with a report of the threats found. + +**NOTE:** Before creating the alert, ensure the selected Content Aware Policy is enabled on the +chosen Computer, User, Group, or Department. + +![Creating a Content Aware Alert](/img/product_docs/endpointprotector/5.9.4.2/admin/alerts/creatingcontentawarealertinfo.webp) + +![Creating a Content Aware Alert](/img/product_docs/endpointprotector/5.9.4.2/admin/alerts/creatingcontentawarealert.webp) + +### Content Aware Alerts History + +From this section, you can view a history of the Content Aware Alerts. Alerts that are no longer +needed for auditing purposes can later be deleted. + +![Content Aware Alerts History](/img/product_docs/endpointprotector/5.9.4.2/admin/alerts/contentawarealertshistory.webp) + +## Enforced Encryption Alert + +From this section, you can create Enforced Encryption alerts, for events such as password changes, +messages sent, etc. + +![Enforced Encryption Alert](/img/product_docs/endpointprotector/5.9.4.2/admin/alerts/enforcedencryptionalert.webp) + +### Creating an Enforced Encryption Alert + +Follow the steps to create an enforced encryption alert. + +**Step 1 –** Click **Create** and provide the required information. + +- Event – Select the type of event that generates the alert + + - Send Message + - Change Master Password + - Change User’s Password + - Reset Device + - Change Settings – Installation and Execution + - Re-deploy Client + - Master Password Login Success + - Password Login Failure + - Password Login Exceeded + +- Alerts Name – Add a name for the alert. +- Administrators - Select the Administrators that will receive the alerts. + +**Step 2 –** Click **Save**. + +![Creating an Enforced Encryption Alert ](/img/product_docs/endpointprotector/5.9.4.2/admin/alerts/createeealert.webp) + +### Enforced Encryption Alert History + +From this section, you can view the history of the Enforced Encryption Alerts. Alerts that are no +longer needed for auditing purposes can later be deleted. + +![Enforced Encryption Alert History ](/img/product_docs/endpointprotector/5.9.4.2/admin/alerts/eealerthistory.webp) diff --git a/docs/endpointprotector/5.9.4.2/admin/overview_4.md b/docs/endpointprotector/5.9.4.2/admin/overview_4.md new file mode 100644 index 0000000000..e43e6aee2d --- /dev/null +++ b/docs/endpointprotector/5.9.4.2/admin/overview_4.md @@ -0,0 +1,266 @@ +--- +title: "Directory Services" +description: "Directory Services" +sidebar_position: 110 +--- + +# Directory Services + +From this section, you can import and synchronize the entities (Users, Computers, and Groups) from +the company’s Active Directories. + +![Import and synchronize the entities (Users, Computers, and Groups) from the company’s Active Directories](/img/product_docs/endpointprotector/5.9.4.2/admin/directoryservices/directoryservices.webp) + +## Microsoft Active Directory + +You can create and manage connections from the Directory Services, Microsoft Active Directory +section. The required information includes the Connection Type, Server, Port, Username, and +Password. + +![Manage connections from the Directory Services](/img/product_docs/endpointprotector/5.9.4.2/admin/directoryservices/newconnection.webp) + +**NOTE:** When having to import a very large number of entities, we recommend using the Base Search +Path to get only the relevant information displayed. Due to browser limitations, importing the whole +AD structure may impede the display of the import tree if it contains a very large number of +entities. + +To ensure the information is correct, click Test to test the new connection. + +Once a new connection has been created, it is available in the synchronization list and can be +further edited, to include the required entities. + +For the defined connections, several synchronization options are available. From this section, the +connection credentials and synchronization interval can also be changed. + +![Change connection credentials and synchronization interval](/img/product_docs/endpointprotector/5.9.4.2/admin/directoryservices/testsync.webp) + +The Advanced Groups Filter can be used to import and synchronize only specific groups, ignoring all +other entities. + +From the Directory Browser section, you can select the entities that need to be synced. + +**NOTE:** You can view only Organizational units (OU) and Groups in the Directory Browser. + +![From the Directory Browser section, you can select the entities that need to be synced.](/img/product_docs/endpointprotector/5.9.4.2/admin/directoryservices/directorybrowser.webp) + +Once the entities have been selected, they can be saved to sync. + +![Synchronization Filters](/img/product_docs/endpointprotector/5.9.4.2/admin/directoryservices/synchfilters.webp) + +## Microsoft Entra ID + +You can create and manage connections from the Directory Services, Microsoft Entra ID. From this +section, Groups from the Microsoft Entra ID will have their users synchronized with the Endpoint +Protector Server. Group membership will be retrieved recursively by the API platform itself. + +Example + +- Group 1 - User 1, User 2, User 3 +- Group 2 - Group 1, User 4 +- Group 3 - Group 2, User 5 + +If Group 3 is selected for the synchronization operation, only Group 3 will be imported and created +in the Endpoint Protector Server. User 5 will also be imported and will be added as a member of +Group 3. Group 2 and all subsequent groups will be parsed and only the Users will be retrieved and +the actual groups will not be added to the server. + +After the synchronization is done, it will look like that on the Endpoint Protector server: + +- Group 3 - User 5, User 4, User 3, User 2, User 1 + +### Configure Microsoft Entra ID + +#### Create the Application on Microsoft Entra ID + +Follow the steps to create the application on Microsoft Entra ID. + +**Step 1 –** Log in to Azure Portal. + +**Step 2 –** Go to Microsoft Entra ID. + +**Step 3 –** Click App Registrations from the Manage section on the Active Directory menu on the +left side, then on New Registration. + +![Create the application on Microsoft Entra ID](/img/product_docs/endpointprotector/5.9.4.2/admin/directoryservices/appregmsentraid.webp) + +**Step 4 –** On the Registration page enter your **Name**. + +**Step 5 –** On the Supported account type select **Default Directory**. + +**CAUTION:** Do not fill in the Redirect URI field! + +**Step 6 –** Click **Register**. + +![Create the application on Microsoft Entra ID](/img/product_docs/endpointprotector/5.9.4.2/admin/directoryservices/appregmsentraidtwo.webp) + +**Step 7 –** On the Essentials section save the following information: + +- Application (client) ID will be needed for adding it in the Application (client) ID field on the + Endpoint Protector Server +- Directory (tenant) ID will be needed for adding it in the Tenant ID field on the Endpoint + ProtectorEndpoint Protector Server + +![Create the Application on Azure Active Directory](/img/product_docs/endpointprotector/5.9.4.2/admin/directoryservices/testapplication.webp) + +#### Create a Secret ID for the Application + +The secret ID will be used as an authentication method to gain access to the application via Graph +API. + +**Step 1 –** Click **Certificates & Secrets** on the side menu from the Manage section. + +![Create a Secret ID for the Application](/img/product_docs/endpointprotector/5.9.4.2/admin/directoryservices/certsecrets.webp) + +**Step 2 –** Click **New client secret** on the Certificates & secrets page. + +![Create a Secret ID for the Application](/img/product_docs/endpointprotector/5.9.4.2/admin/directoryservices/certsecretestwo.webp) + +**Step 3 –** Enter a **Description** for the secret ID. + +![Create a Secret ID for the Application](/img/product_docs/endpointprotector/5.9.4.2/admin/directoryservices/certsecretsthree.webp) + +**Step 4 –** Click **Add** and **Add a client** secret section. + +![Create a Secret ID for the Application](/img/product_docs/endpointprotector/5.9.4.2/admin/directoryservices/certsecretsfour.webp) + +**Step 5 –** Take note of the Secret ID value and make sure to copy it to the clipboard and also to +store it safely because it will be needed further on. + +**NOTE:** Notice that when navigating back, the secret ID will be hidden. + +![Create a Secret ID for the Application](/img/product_docs/endpointprotector/5.9.4.2/admin/directoryservices/certsecretsfive.webp) + +#### Create Users/Groups Using Graph API + +Follow the steps to create users/groups using Graph API. + +**Step 1 –** Click **Home** and then Microsoft Entra ID. + +![Create Users/Groups Using Graph API](/img/product_docs/endpointprotector/5.9.4.2/admin/directoryservices/certsecretsfivesix.webp) + +![Azure Home Page](/img/product_docs/endpointprotector/5.9.4.2/admin/directoryservices/azurehome.webp) + +**Step 2 –** Click **Add** from the Default Directory| Overview page + +![Default Directory| Overview page](/img/product_docs/endpointprotector/5.9.4.2/admin/directoryservices/azureadoverview.webp) + +**Step 3 –** Click **Add User**. + +![Overview Add User ](/img/product_docs/endpointprotector/5.9.4.2/admin/directoryservices/overviewadduser.webp) + +- Select **Create User**. +- Enter the **Username** and select the **Domain**. +- Enter the **Name**. +- Either click **Auto-generate password** or create one on your own. +- Add the **Department**. +- Click **Create**. + +![Azure Active Director Create User](/img/product_docs/endpointprotector/5.9.4.2/admin/directoryservices/azureadnewuser.webp) + +**Step 4 –** Repeat Steps 1 and 2, then click **Group**. + +- Select group type **security**. +- Enter a **name** for the group. +- Click **No members selected** to add membership. +- Search for the newly created user and click **Select**. + +![ Default Directory| New Group](/img/product_docs/endpointprotector/5.9.4.2/admin/directoryservices/azureadnewgroup.webp) + +#### Add Permissions to the Application + +Permission to be added to our application: + +- Directory.Read.All +- Group.Read.All +- User.Read.All + +Make sure the created application is open then: + +**Step 1 –** Click **API Permissions**. + +![Add Permissions to the Application](/img/product_docs/endpointprotector/5.9.4.2/admin/directoryservices/azureadapipermissionone.webp) + +**Step 2 –** Click **Add a Permission**. + +![Add Permissions to the Application](/img/product_docs/endpointprotector/5.9.4.2/admin/directoryservices/azureadapipermissiontwo.webp) + +**Step 3 –** Click **Microsoft Graph**. + +![Add Permissions to the Application](/img/product_docs/endpointprotector/5.9.4.2/admin/directoryservices/azureadapipermissionthree.webp) + +**Step 4 –** Click **Application Permissions**. + +![Add Permissions to the Application](/img/product_docs/endpointprotector/5.9.4.2/admin/directoryservices/azureadapipermissionfour.webp) + +**Step 5 –** Search for the permissions mentioned above and check each of the permissions. +(Directory.Read.All, Group.Read.All, User.Read.All) + +![Add Permissions to the Application](/img/product_docs/endpointprotector/5.9.4.2/admin/directoryservices/azureadapipermissionfive.webp) + +**Step 6 –** Click **Add Permissions**. + +![Add Permissions to the Application](/img/product_docs/endpointprotector/5.9.4.2/admin/directoryservices/azureadapipermissionsix.webp) + +**Step 7 –** Click **Grant admin consent for Default Directory** from the API Permission page. + +![Add Permissions to the Application](/img/product_docs/endpointprotector/5.9.4.2/admin/directoryservices/azureadapipermissionseven.webp) + +#### Add Graph Application to Server + +Follow the steps to add a graph application to the Endpoint Protector server. + +**Step 1 –** Open the Endpoint ProtectorServer and navigate to **Directory Services** > **Microsoft +Entra ID**. + +**Step 2 –** Click **Add** to add an API Consumer – One API Consumer can be used for multiple +synchronization jobs. + +![Add Graph Application to Endpoint Protector Server](/img/product_docs/endpointprotector/5.9.4.2/admin/directoryservices/azuread.webp) + +**Step 3 –** Provide the following details: + +- Name +- Description +- Directory (tenant) ID saved earlier on the Tenant ID field +- Application (client) ID saved earlier on the Application (Client) ID field +- Secret ID saved earlier in the Client Secret Value field + +![Add Graph Application to Endpoint Protector Server](/img/product_docs/endpointprotector/5.9.4.2/admin/directoryservices/azureadtwo.webp) + +**Step 4 –** Click **Test** and then **Save**. + +![Add Graph Application to Endpoint Protector Server](/img/product_docs/endpointprotector/5.9.4.2/admin/directoryservices/azureadthree.webp) + +#### Create a Synchronization Job on the Server + +Follow the steps to create a synchronization job on the Endpoint Protector server. + +**Step 1 –** Click **Create Sync Job**. + +![Create a Synchronization Job on the Endpoint Protector Server](/img/product_docs/endpointprotector/5.9.4.2/admin/directoryservices/createsynchjob.webp) + +**Step 2 –** Provide Synchronization information: + +- Name +- Description +- Select the created API Consumer +- Select Sync Interval + +**Step 3 –** Click **Save**. + +![Create a Synchronization Job on the Endpoint Protector Server](/img/product_docs/endpointprotector/5.9.4.2/admin/directoryservices/mapon-premisesusers.webp) + +The **Map on-premises users** switch in the Microsoft Entra ID connector controls how Endpoint +Protector retrieves user names in hybrid environments with both a local Active Directory and +Microsoft Entra ID. This switch has two states: + +- Unmarked (feature disabled) – Endpoint Protector uses the "userPrincipalName" Azure AD attribute + to retrieve user names. This attribute is the primary source for user identification and account + mapping. +- Marked (feature enabled) – Endpoint Protector uses the "onPremisesSamAccountName" Azure AD + attribute to retrieve user names, ensuring accurate synchronization between the local Active + Directory and Azure AD. + +By utilizing this feature, Endpoint Protector ensures seamless synchronization of user names, +preventing duplicate usernames. Enable or disable the "Map on-premises users" feature based on your +specific hybrid environment setup and requirements. diff --git a/docs/endpointprotector/5.9.4.2/admin/overview_5.md b/docs/endpointprotector/5.9.4.2/admin/overview_5.md new file mode 100644 index 0000000000..e9d280c900 --- /dev/null +++ b/docs/endpointprotector/5.9.4.2/admin/overview_5.md @@ -0,0 +1,450 @@ +--- +title: "Appliance" +description: "Appliance" +sidebar_position: 120 +--- + +# Appliance + +## Server Information + +From this section you can view general information about the Server, the System Fail/Over status, +information on Disk Space usage and Database, and the Server Uptime. + +![View general information about the Server](/img/product_docs/endpointprotector/5.9.4.2/admin/appliance/serverinformation.webp) + +## Server Maintenance + +In this section, you can set up a preferential time zone and NTP synchronization server, configure +the IP and DNS, register the client certificate, set up a self-signing certificate, perform routine +operations and manage the SSH access. + +![ Set up a preferential time zone and NTP synchronization server](/img/product_docs/endpointprotector/5.9.4.2/admin/appliance/servermaintenance.webp) + +### Time Zone + +In this section you can set a preferential time zone and/or sync the appliance to an NTP source. + +- Time zone – select from the drop-down lists the zone and location +- NTP Server – type the server or go with the default entry +- How often to synchronize – select from the drop-down a time interval when to synchronize of go + with the default selection + +**NOTE:** The appliances are prefigured to sync once a week with pool.ntp.org. + +- Current server time – the field displays the current server time +- Automatic NTP Synchronization – opt in or out to trigger the NTP synchronization automatically +- Click Save to keep all modifications without triggering the synchronization process +- Click Synchronize Time to trigger the synchronization, which will occur in the next 5 minutes. The + Alerts and Logs will be reported after the 5 minutes in a format of your choice +- Click Refresh Current Time to update the Current server time field + +![Set a preferential time zone and/or sync the appliance to an NTP source](/img/product_docs/endpointprotector/5.9.4.2/admin/appliance/timezone.webp) + +### IP Configuration + +In this section you can change the network settings for the appliance to communicate correctly in +your network. + +**NOTE:** Once you change the IP address, close and open again the Internet browser and then access +the Endpoint Protector Administration and Reporting Tool with the new IP address. + +![ Change the network settings for the appliance to communicate correctly in your network](/img/product_docs/endpointprotector/5.9.4.2/admin/appliance/ipconfg.webp) + +### DNS Configuration + +In this section you can modify or add a DNS server address and then Save your changes. + +![Modify or add a DNS server address and then Save your changes](/img/product_docs/endpointprotector/5.9.4.2/admin/appliance/dnsconfg.webp) + +### Client Registration Certificate + +From this section, you can register and then verify the Endpoint Protector Client certificate +signature. The client registration certificate is an additional security measure enabling +certificate-based authentication. + +**CAUTION:** The Client Registration Certificate feature is not available for Linux! + +**Step 1 –** Enable the custom certificate setting and then upload the certificate chain, Root CA and +Intermediate; + +When the custom certificate is **enabled** then: + +- Endpoint Protector Server will validate the client certificate at the registration phase +- Endpoint Protector Client will not validate the server certificate + +When the custom certificate is **disabled** then: + +- Endpoint Protector Server will not validate the client certificate at the registration phase +- Endpoint Protector Client will not validate the server certificate + +**Step 2 –** Enable the test certificate setting and then upload a **certificate signed by root CA** +just for testing the signature (for example the Endpoint Protector Client certificate) + +**Step 3 –** Click **Save** and allow 2 minutes for the information to be validated. You will view a +successful message confirming the custom certificate was added and the test certificate is valid. + +**NOTE:** The client registration authentication certificate and the Endpoint Protector server +certificate must be issued by the same CA. + +For this feature to work, there must be cryptographic identities signed by the root CA deployed on +the endpoints. + +- On macOS these identities should be added to System Keychain in the "My Certificates" section +- On Windows they should be placed in the Certificate Manager's Local Computer\Certificates\Personal + section + +![Register and then verify the Endpoint Protector Client certificate signature](/img/product_docs/endpointprotector/5.9.4.2/admin/appliance/clientregcert.webp) + +### Server Certificate Validation + +From this section, you can configure Server Certificate Validation, which ensures that certificates +used for all communication requests on Endpoint Protector clients are validated. This feature is +crucial for maintaining secure communication between various Endpoint Protector products. + +**NOTE:** All certificate validation statuses will be reported to the Endpoint Protector Server and +stored for debugging purposes in Endpoint Protector Client logs. + +**CAUTION:** Please use this feature responsibly, as improper certificate usage with certification +validation might disrupt Endpoint Protector Client to Endpoint Protector Server communication. For a +successful connection, both server and client certificate validation must be enabled. + +**NOTE:** Starting from the 5.9.0 or later, enabling this option activates Endpoint Protector Server +Certificate Validation for all Endpoint Protector Client communication. This strengthens security by +ensuring trusted and valid certificates are used. + +### Appliance Operations + +In this section you can perform appliance operations such as Reboot or Shutdown. + +![Perform appliance operations such as Reboot or Shutdown](/img/product_docs/endpointprotector/5.9.4.2/admin/appliance/applianceoperations.webp) + +### SSH Server + +In this section you can manage user access to the Appliance through the SSH protocol. + +**_RECOMMENDED:_** Set this option to **Enable** before requesting Support access. + +![Manage user access to the Appliance through the SSH protocol](/img/product_docs/endpointprotector/5.9.4.2/admin/appliance/sshserver.webp) + +## SIEM Integration + +SIEM are a third-party security information and event management tools that allow logging and +analyzing logs generated by network devices and software. The integration with SIEM technology +enables Endpoint Protector to transfer activity events to a SIEM server for analysis and reporting. + +In this section, you can add, edit or delete an existing SIEM Server integration. To edit or delete +a SIEM Server you need to select an available SIEM server integration. + +**CAUTION:** You can configure a maximum number of 4 SIEM Server integrations. + +![Add, edit or delete an existing SIEM Server integration](/img/product_docs/endpointprotector/5.9.4.2/admin/appliance/siemserverintegration.webp) + +To create a SIEM Server, click **Add New** and provide the following information: + +- SIEM Status – toggle switch to enable/disable the SIEM server +- Disable Logging – toggle switch to enable/disable logging + + **NOTE:** If you disable logging, logs will be stored on the Endpoint Protector server or on the + SIEM server when SIEM is installed. + +- Server Name – add a server name +- Server Description – add a description +- Server IP or DNS – add the IP or DNS +- Server Protocol – select the UDP or TCP server protocol + + **NOTE:** Based on the protocol you select you can enable [SIEM Encryption](#siem-encryption). + +- Server Port – add a port +- Exclude Headers - toggle switch to enable/disable log headers + + **NOTE:** If you disable log headers, you will only export data to SIEM. + +- Log Types – select from the available options the logs to send to the SIEM Server + +![SIEM Intergration - Adding a New Server](/img/product_docs/endpointprotector/5.9.4.2/admin/appliance/siemintegrationnewserver.webp) + +**CAUTION:** Please be aware that the SIEM integration feature in Endpoint Protector comes with +certain limitations. To make use of the latest features of this SIEM integration, your environment +must meet specific criteria. It should have been installed from image version 5.6.0.0 or a more +recent version, and maintain an active HTTPS connection. Please note that SIEM integration is only +accessible in environments that meet these stringent prerequisites. + +### SIEM Encryption + +When using the TCP protocol, you have the option to encrypt communication to each SIEM server. In +order to do so, enable the Encryption setting and then Upload the root CA that was used to sign the +server certificate for the SIEM server in .pem format. + +**CAUTION:** The certificate used on the SIEM server must be signed by the same CA as the one +uploaded to the Endpoint Protector Server. + +Endpoint Protector will check the following: + +- The SIEM certificate is signed by the CA, and the CN or SAN matches the name for the SIEM machine +- The Root CA has the Basic Constraint CA set to true + +When validating a certificate, the entire certificate chain must be valid, including the CA +certificate; if any certificate of the chain is invalid, the connection will be rejected. + +Make sure you update the certificate files when they expire. + +**NOTE:** If you applied the latest patch using the option, and cannot view the SIEM encryption +setting, please contact Customer Support. + +### SIEM Export log formats + +Each log entry follows this +format: `log_type: [field_name] field_value | [field_name] field_value | [field_name] field_value ..` + +#### Log structure + +The `log_type` is a combination of "Device Control" and the event name. + +Example terms for log types include: + +- Device Control – Blocked + +- Device Control – Connected + +- Device Control – Device not TD + +To see the supported events on the Endpoint Protector Server, navigate to Appliances > SIEM +Integration > SIEM Policy. + +#### Column header + +The column header is `[field_name]`. + +Example column headers include: + +- [Event Name] +- [Client Computer] +- [IP Address] + +You can find the complete list of `[field_name]` in the +[SIEM Export Log Fields](#siem-export-log-fields) section. + +#### Contents of the column + +The `field_value` represents the actual contents within the column. + +Example field values include: + +- Offline Temporary Password used +- User’s computer +- 192.168.0 + +### SIEM Export Log Fields + +This section presents the field names for the Endpoint Protector Server's "Standard format," which +has been available since the Endpoint Protector 5.9.4 release. Endpoint Protector Server exports +logs to SIEM solutions with a maximum of 2,100 characters. Since the Endpoint Protector 5.9.1 +release, we have increased the message limit to 10000 characters. + +#### Device Control + +The standard format for the Device Control fields is as follows: + +- [Log ID] +- [Event Name] +- [Client Computer] +- [IP Address] +- [MAC Address] +- [Serial Number] +- [OS] +- [Client User] +- [Device Type] +- [Device] +- [Device VID] +- [Device PID] +- [Device Serial] +- [EPP Client Version] +- [File Name] +- [File Hash] +- [File Type] +- [File Size] +- [Justification] +- [Time Interval] +- [Date/Time(Server)] +- [Date/Time(Client)] +- [Date/Time(Server UTC)] +- [Date/Time(Client UTC)] + +#### Content Aware Protection + +When Reporting V1 is utilized, fields associated with Reporting V2 content, such as [Destination +Details], [Email Sender], and [Email Subject], will remain blank. + +The standard format for the Content Aware Protection fields is as follows: + +- [Log ID] +- [Client Computer] +- [IP Address] +- [MAC Address] +- [Serial Number] +- [OS] +- [Client User] +- [Content Policy] +- [Content Policy Type] +- [Destination Type] +- [Destination] +- [Destination Details] +- [Email Sender] +- [Email Subject] +- [Justification] +- [Device VID] +- [Device PID] +- [Device Serial] +- [File Name] +- [File Hash] +- [File Size] +- [Matched Item] +- [Item Details] +- [Date/Time(Server)] +- [Date/Time(Client)] +- [Date/Time(Server UTC)] +- [Date/Time(Client UTC)] + +#### E-Discovery + +The standard format for the E-Discovery fields is as follows: + +- [Log ID] +- [Computer] +- [IP Address] +- [MAC Address] +- [Serial Number] +- [OS] +- [Policy] +- [Matched type] +- [Matched Item] +- [Path] +- [Discovered at] +- [Discovered at (UTC)] + +#### Other SIEM Logs + +User Login/User Logout + +The standard format for the Other SIEM Logs fields is as follows: + +- [Log ID] +- [Client Computer] +- [IP Address] +- [MAC Address] +- [Serial Number] +- [OS] +- [EPP Client Version] +- [Client User] +- [File Name] +- [File Type] +- [Date/Time(Server)] +- [Date/Time(Client)] +- [Date/Time(Server UTC)] +- [Date/Time(Client UTC)] + +#### Client Integrity OK/Client Integrity Fail + +The standard format for the Client Integrity OK/Client Integrity Fail fields is as follows: + +- [Log ID] +- [Client Computer] +- [IP Address] +- [MAC Address] +- [Serial Number] +- [OS] +- [EPP Client Version] +- [Client User] +- [File Name] +- [File Type] +- [Date/Time(Server)] +- [Date/Time(Client)] +- [Date/Time(Server UTC)] +- [Date/Time(Client UTC)] + +#### Admin Action + +The standard format for the Admin Action fields is as follows: + +- [Log ID] +- [Administrator] +- [Section] +- [Action Type] +- [Before] +- [After] +- [Date/Time(UTC)] + +#### User Information Updated + +The standard format for the User Information Updated fields is as follows: + +- [Log ID] +- [Client Computer] +- [IP Address] +- [MAC Address] +- [Serial Number] +- [OS] +- [EPP Client Version] +- [Client User] +- [Date/Time(Server)] +- [Date/Time(Client)] +- [Date/Time(Server UTC)] +- [Date/Time(Client UTC)] + +#### Policies Received + +The standard format for the Policies Received fields is as follows: + +- [Log ID] +- [Event Name] +- [Client Computer] +- [IP Address] +- [Client User] +- [OS] +- [Date/Time(Server)] +- [Date/Time(Client)] +- [Date/Time(Server UTC)] +- [Date/Time(Client UTC)] + +#### Uninstall Attempt / Forced Uninstall Attempt + +The standard format for the Uninstall Attempt/Forced Uninstall Attempt fields is as follows: + +- [Log ID] +- [Event Name] +- [Client Computer] +- [IP Address] +- [MAC Address] +- [Serial Number] +- [OS] +- [Client User] +- [Device Type] +- [Device] +- [Device VID] +- [Device PID] +- [Device Serial] +- [EPP Client Version] +- [File Name] +- [File Hash] +- [File Type] +- [File Size] +- [Justification] +- [Time Interval] +- [Date/Time(Server)] +- [Date/Time(Client)] +- [Date/Time(Server UTC)] +- [Date/Time(Client UTC)] + +#### Client Uninstall + +The standard format for the Client Uninstall fields is as follows: + +- [Log ID] +- [Client Computer] +- [IP Address] +- [MAC Address] +- [Serial Number] +- [Department] +- [EPP Client Version] +- [Last Time Online] diff --git a/docs/endpointprotector/5.9.4.2/admin/overview_6.md b/docs/endpointprotector/5.9.4.2/admin/overview_6.md new file mode 100644 index 0000000000..c9ca3d203b --- /dev/null +++ b/docs/endpointprotector/5.9.4.2/admin/overview_6.md @@ -0,0 +1,502 @@ +--- +title: "System Parameters" +description: "System Parameters" +sidebar_position: 150 +--- + +# System Parameters + +## Device Types and Notifications + +From this section you can view and manage device types and notifications, view and enable default +notifications and their translations and define custom notifications for Content Aware Protection +policies and Device Control User Remediation. + +![Manage device types and notifications](/img/product_docs/endpointprotector/5.9.4.2/admin/systemparameters/devicetypesnotif.webp) + +### List of Device Types and Notifications + +On the List of Device Types and Notifications, you can view the Device Types available in the system +along with their availability for each operating system and if those devices can be inspected by the +Content Aware Protection module. + +You can enable and edit the notification messages that appear on the Endpoint Protector Client from +the Actions column. + +![List of Device Types and Notifications](/img/product_docs/endpointprotector/5.9.4.2/admin/systemparameters/devicetypesnotiftwo.webp) + +You can enable or disable messages from the Default Notifications list and edit custom notification +translations. + +**NOTE:** You can enable Custom Client Notifications globally from Device Control, Global Settings or +individually for computers or groups, from their specific Settings sections. + +![Enable/disable a message from the list of Default Notifications or edit the custom notifications translations](/img/product_docs/endpointprotector/5.9.4.2/admin/systemparameters/listdefaultnotif.webp) + +### Custom Content Aware Protection Notifications + +Endpoint Protector allows you to create informative notifications that users see when a Content +Aware Policy blocks or reports a file. These notifications provide context about the triggered +policy and the affected file. + +Traditionally, Content Aware Protection Notifications were delivered in plain text. Starting from +Agent version 6.2.3.1 (Windows), 3.0.3.1 (Mac), and 2.4.3.1 (Linux), users can use HTML code to +format notifications. By utilizing HTML, administrators can highlight key information such as threat +names or affected files with bold, italics, or underlining, making it easier for users to +understand. In addition, you can employ colors to differentiate sections or emphasize critical +details within the notification. This results in visually engaging notifications that capture user +attention and ensure important information is not missed. + +Follow the steps to create notifications. + +**Step 1 –** Click the **Create** button. + +**Step 2 –** Assign a descriptive **Template Name** for easy identification later. + +**Step 3 –** Craft a clear and informative **Title** for the notification. + +**Step 4 –** Within the **Body** text editor, compose your message using the provided placeholders: + +- \{fileName\}: Replaced with the actual blocked/reported file name. +- \{type\}: Replaced with "blocked" or "reported" based on the policy type. +- \{threatName\}: Replaced with the identified threat name (if applicable). +- \{threatMatch\}: Replaced with the specific text that triggered the policy (if applicable). + +**Step 5 –** Click **Save** to finalize your custom notification. + +![Custom Content Aware Protection Notifications](/img/product_docs/endpointprotector/5.9.4.2/admin/systemparameters/capnotifications.webp) + +For example, the file named 'financial_report.xlsx' (`\{fileName\}`) was classified as +'Confidential' (`\{type\}`) because it contains confidential data. + +Once created, you can associate the custom notification with a specific Content Aware Policy using +the Notification Template drop-down menu. + +To ensure notifications display correctly and securely, Endpoint Protector supports a limited set of +HTML elements. The following list shows the supported elements you can use in your notifications. + +- Basic Formatting: + + - `` (bold) + - `` (italic) + - `` (underline) + - `
` (line break) + +- Text Styling: + + - `Text` (color) - Replace `#rrggbb` with a hexadecimal + color code (e.g., `style="color: red;"` for red text) + - `Text` (font size) - Replace `xxpx` with the desired font + size in pixels (e.g., `style="font-size: 16px;"` for 16px font) + +- Links: + + - `Text` - Replace `URL` with the actual website address and `Text` with the + clickable link text (e.g., `Netwrix Website`) + +Follow the steps to create notifications using HTML code. + +**Step 1 –** As described in the previous steps, create a new notification by clicking **Create** +and entering a name, title, and body text. + +**Step 2 –** Within the body text editor, directly enter the desired HTML code to format your +message. + +### Custom Device Control User Remediation Notifications + +This section is available only if the Device Control User Remediation setting is enabled from the +[User Remediation](#user-remediation) section. In this section you can add, edit and delete custom +notifications for Device Control User Remediation. + +You can add a maximum of 100 custom notifications but you cannot delete the default entry. + +Follow the steps to add a new custom notification. + +**Step 1 –** Click **Create**. + +**Step 2 –** Use these parameters to create your custom message: + +- \{deviceName\} +- \{action\} + +**Step 3 –** Click **Save**. + +Example: USB Driver(deviceName) is blocked(action) + +Once the notification was created, you can select the custom notification from the User Remediation +Notification Template drop-down located in the Device Control section, Global Setting, Users, +Computers and Groups. + +![Custom Device Control User Remediation Notifications](/img/product_docs/endpointprotector/5.9.4.2/admin/systemparameters/userremediationnotif.webp) + +## Contextual Detection + +From this section, you can manage the contextual detection for the entire system. If enabled, the +confidential information detected by Endpoint Protector will be inspected for both content and +context. + +In addition to the function that detects sensitive information (e.g.: Credit Cards, IDs, Passports, +Driving Licenses, etc.), the context will also be taken into consideration (e.g.: proximity to other +relevant keywords, other related functions, regular expressions, etc.). + +In addition to providing context to the detected sensitive information, this functionality also +helps decrease false positives. + +**NOTE:** This feature applies at a global level, for both Content Aware Protection and eDiscovery +Policies. If enabled, the context detection will supersede the content only detection through the +system. Please ensure the accuracy of the rules and the relevance for your scenarios before enabling +this functionality. + +Once the Contextual Detection feature is enabled, it will apply at a global level, based on the +rules defined in the Contextual XML (but also linked to the configured Content Aware Protection and +eDiscovery policies). + +There are two options to create the Contextual rules: + +- creating it directly from the Endpoint Protector Server +- manually editing the Contextual XML and then uploading it to the Endpoint Protector Server + +**NOTE:** To address conflicts between Global and per-policy Contextual Rules, Endpoint Protector +Clients no longer receive Global Contextual Rules if at least one policy has its individual +Contextual Rule set. This marks the deprecation of Global Contextual Rules, emphasizing the +prioritization of individual policy configurations. + +### Creating the XML + +This method is recommended for general use as it is the easiest method and it can cover most use +cases. + +![Creating the XML](/img/product_docs/endpointprotector/5.9.4.2/admin/systemparameters/contextualdetectionone.webp) + +![Creating the XML](/img/product_docs/endpointprotector/5.9.4.2/admin/systemparameters/contextualdetectiontwo.webp) + +For each category of Predefined Content (e.g.: Credit Cards, IDs, Passports, Driving Licenses, etc.), +contextual detection can be configured by clicking on the **Add** button and selecting options such +as: + +- Category and Type – the content aware detection function. +- Surrounding text – the number of characters of the search interval to determine the context. +- Related Dictionary – a set of keywords related to the PII. +- Related Regular Expression – an additional way of adding a related rule that is not among the + content aware detection functions. +- Related File Type – the related file type. +- Related File Size (MB) – the related file size, in megabytes. +- Minimum Matches – the minimum number of items to match to validate the detection rule. +- Unrelated Dictionary – a set of keywords not related to the PII. +- Unrelated Regular Expression – an additional way of adding a non-related rule that is not among + the content aware detection functions. +- Unrelated File Type – the unrelated file type. +- Unrelated File Size (MB) – the unrelated file size, in megabytes. +- Maximum Matches – the value above which the rule will not be validated (recommended value is 0). + +**CAUTION:** Do not forget to Generate the Contextual XML after creating or making changes to +contextual rules! + +### Uploading the XML + +This method is recommended for advanced Administrators as it offers extended functionalities but it +also requires a deeper understanding of the XML syntax. + +Advanced contextual functionalities are also available. For this method, the Contextual XML file has +to be edited manually by the Administrator and then uploaded to the Endpoint Protector Server. + +Proximity, Dictionaries, Regex, etc. have to be defined within the XML document. In addition to the +functionalities described in the previous chapter, there are more complex options available like: +Confidence Level, additional Functions to consider when determining the Main Function, etc. + +Study the examples provided within Endpoint Protector Server to understand the syntax needed in the +Contextual XML. + +Example + +``` + +   +    +    +      +    +      +    +       +    +      +   + +   +   +``` + +Example + +``` + +   +    sin +    social insurance +    numero d'assurance sociale +    sins +    ssn +    ssns +    social security +    numero d'assurance sociale +    national identification number +    national id +    sin# + + +   +    driver's license +    drivers license +    driver's license +    drivers license +    DOB +    Birthdate + + +   +     random word + +[-0-9a-zA-Z.+_]+@[-0-9a-zA-Z.+_]+\.[a-zA-Z]{2,4} + + +``` + +## Advanced Scanning Detection + +The Windows environment is subject to constant OS and security updates and the installed +applications are in a constant loop of continuous development. To avoid eventual changes that +interfere with the Endpoint Protector Client, the ability to allow applications and processes is +available. + +The Advanced Scanning Exceptions feature allows applications to be excluded from scanning for +endpoints with the Advanced Printing and MTP Scanning feature enabled. + +This feature maintains a list of applications into which Endpoint Protector will not inject its DLL +when the “Advanced Printer and MTP Scanning” is enabled. For instance, many applications that cannot +print or copy files to MTP devices do not require the injection of the Endpoint Protector DLL. +Adding such applications to the exceptions list improves performance and avoids unexpected +interactions with Endpoint Protector. + +**NOTE:** This feature applies at a global level for all Windows endpoints with the Advanced +Printing and MTP Scanning features enabled. + +![Advanced Scanning Detection](/img/product_docs/endpointprotector/5.9.4.2/admin/systemparameters/advancedscanningexceptions.webp) + +## Rights + +This subsection displays a list with all access rights that can be assigned to devices. + +![Displays a list with all access rights that can be assigned to devices](/img/product_docs/endpointprotector/5.9.4.2/admin/systemparameters/rights.webp) + +## Events + +In this section you can view, manage and export the events list logged by Endpoint Protector. You +can also edit event names and descriptions or enable/disable logging for specific events from the +Actions column. + +![View, manage and export the events list logged by Netwrix Endpoint Protector](/img/product_docs/endpointprotector/5.9.4.2/admin/systemparameters/listofevents.webp) + +### Events Types and Descriptions + +This subsection displays a comprehensive list of events, and ensures that administrators can +effectively manage and monitor their data protection policies. Additionally, there are more specific +events, such as those related to EasyLock deployment, printer activity, user information updates, +transfer limits, external repository uploads, content remediation, forced uninstall attempts, device +remediation sessions, certificate management, unplanned client terminations, artifact receipts, and +DPI bypassed traffic. These events provide granular insight into various system activities, ensuring +that organizations can maintain robust security and compliance measures. + +For a detailed view of all events and their descriptions, please see the table below. + +| Event Name | Description | +| -------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------- | +| Connected | Device Connected | +| Disconnected | Device Disconnected | +| File Read | File read from device | +| File Write | File written to device | +| File Read-Write | File read and write from device | +| File Rename | File from device renamed | +| File Delete | File deleted from device | +| Device TD | Trusted Device™ connected | +| Deleted | File deleted from device | +| Enable Read-Only | Device Read-Only Enabled | +| Enable if TD Level 1 | Allows access when a Trusted Device™ is connected (e.g., a USB stick with EasyLock installed, which is automatically launched) | +| Enable if TD Level 2 | Allows access when Trust Level 2 device is connected | +| Enable if TD Level 3 | Allows access when Trust Level 3 device is connected | +| Enable if TD Level 4 | Allows access when Trust Level 4 device is connected | +| AD Synchronization | AD Synchronization | +| Blocked | Device or port blocked | +| Unblocked | Device or port unblocked | +| Offline Temporary Password Used | Offline Temporary Password Used | +| User Login | User Login | +| File Encrypt | File encrypted using EasyLock | +| File Decrypt | File decrypted using EasyLock | +| File Encrypt (offline) | File encrypted using EasyLock when not communicating with the Endpoint Protector Server | +| File Decrypt (offline) | File decrypted using EasyLock when not communicating with the Endpoint Protector Server | +| Content Threat Detected | Content Aware Protection - Threat Detected | +| Content Threat Blocked | Content Aware Protection - Threat Blocked | +| File Copy | A file was copied to or from a removable device | +| Content Threat Discovered | eDiscovery - Threat Discovered | +| eDiscovery Client Action | eDiscovery - Action received successfully | +| User Logout | User Logout | +| Client Integrity OK | Endpoint Protector Client Integrity ok | +| Client Integrity Fail | Endpoint Protector Client Integrity failed | +| Policies Received | Endpoint Protector Client received policy successfully | +| Uninstall Attempt | Endpoint Protector Client uninstall attempt | +| EasyLock – successfully deployed | EasyLock - successfully deployed | +| EasyLock - deployment failed | EasyLock - deployment failed | +| File Printed | File sent to printer successfully | +| User Information Updated | User information updated successfully | +| Transfer Limit Reached | Transfer Limit Reached | +| External Repository Upload | File Shadow uploaded to Repository successfully | +| External Repository Upload Fail | File Shadow uploaded to Repository failed | +| Content Remediation Session Active | Content Aware Protection - Threat Remediated | +| Content Remediation Request Canceled by User | Content Aware Protection - User Remediation dialog was closed by the user | +| Forced Uninstall Attempt | Endpoint Protector Client forced uninstall attempt | +| Device Remediation Request Canceled by User | Device Control - User Remediation dialog was closed by the user | +| Device Remediation Session Canceled | Device Temporarily Unlock with User Remediation canceled | +| Device Remediation Session Active | Device Temporarily Unlocked with User Remediation | +| Device Remediation Session Ended | Device Temporarily Unlock with User Remediation ended | +| Certificate added to Keychain/store | Certificate added to Keychain/store successfully | +| Unplanned Client Termination | Unplanned Client Termination | +| Artifact Received | Artifact Received | +| DPI Bypassed Traffic | DPI Bypassed Traffic | + +## User Remediation + +User remediation is a feature that allows the end-users to apply a justification and self-remediate a +policy violation or a restricted-access device. + +![Allows the end-users to apply a justification and self-remediate a policy violation or a restricted-access device](/img/product_docs/endpointprotector/5.9.4.2/admin/systemparameters/userremediation.webp) + +### User Remediation Settings + +In this section, you can customize the User Remediation notification, manage settings and enable User +Remediation for Device Control. + +- Display Custom Logo – select a 200x200 pixels image to be displayed on the pop-up notification +- Display Custom URL – add a URL to direct the end-user to a specific web page, and then add a label + for the URL + + **NOTE:** The following URL formats are accepted: + + - http://endpointprotector.com + - https://endpointprotector.com + - http://www.endpointprotector.com + - https://www.endpointprotector.com + +- Require Credentials – request the end-user to use their local account or Active Directory + credentials + + **NOTE:** The following credential formats are accepted for login: + + - Local user - computer_name\username (John-PC\John) + - LDAP/AD user + - domain_name\username (epp.com\John) + - ip\username (192.168.14.140\John) + +- Time Interval – enter the time interval in which the end-user can remediate a Block and Remediated + threat or a restricted-access device +- Maximum Time Interval – enter the maximum time interval in which the end-user can remediate a + Block and Remediated threat or restricted-access device + + **NOTE:** The maximum time interval you can enter is 1440 minutes (24 hours). + +- Enable User Remediation for Device Control – enable the setting to use the user remediation + feature for the Device Control module. + + **NOTE:** The Enable User Remediation for Device Control setting is disabled by default. By + enabling this feature, all the settings regarding User Remediation will be applied to both + Content Aware Protection and Device Control modules. + +![User Remediation Settings](/img/product_docs/endpointprotector/5.9.4.2/admin/systemparameters/userremediationsettings.webp) + +### Justifications List + +In this section, you can view, add, edit, export, and remove justifications. The justification +represents the reason selected by the end-user to justify the threat or device remediation. + +To add a new justification, click **Add**, fill in the mandatory fields and then click **Save**. You +can add up to a maximum of 10 justifications. By default, several justifications are already added, +but make sure that at least one justification is enabled all the time. + +To enable and enforce the end-user to view User Remediation pop-up notifications, manage the option +from Device Control, Global Settings, [Device Control](/docs/endpointprotector/5.9.4.2/admin/module/module.md). + +![Justifications List](/img/product_docs/endpointprotector/5.9.4.2/admin/systemparameters/justflist.webp) + +### Enabling User Remediation + +Follow the steps to use User Remediation for Device Control. + +**Step 1 –** Enable the User Remediation for Device Control feature from +[User Remediation Settings](#user-remediation-settings) + +![Enabling User Remediation](/img/product_docs/endpointprotector/5.9.4.2/admin/systemparameters/dcuserremediation.webp) + +**Step 2 –** Customize the User Remediation notifications for Device Control. + +To do so, go to the Devices Types and Notifications, +[Custom Device Control User Remediation Notifications](#custom-device-control-user-remediation-notifications) +section, click **Create**, fill in the mandatory fields and **Save**. + +![Custom Device Control User Remediation Notifications](/img/product_docs/endpointprotector/5.9.4.2/admin/systemparameters/customdcuserremediationnotif.webp) + +**Step 3 –** Enable the **User Remediation Pop-up** setting from the +[Device Control](/docs/endpointprotector/5.9.4.2/admin/module/module.md) topic and then select the **customized notification** +from the User Remediation Notification Template drop-down list; + +![User Remediation Pop-up](/img/product_docs/endpointprotector/5.9.4.2/admin/systemparameters/userremediationpopup.webp) + +**Step 4 –** Navigate to [Device Control](/docs/endpointprotector/5.9.4.2/admin/module/module.md), Device Types section and +enable **User Remediation** for devices with limited access – devices that have full access +permission cannot benefit from the User Remediation feature. + +**NOTE:** For built-in devices, such as Webcam and Network share, the User Remediation feature is +not available. + +![These are device types that apply in General](/img/product_docs/endpointprotector/5.9.4.2/admin/systemparameters/devicetypes.webp) + +### User Remediation Usage + +Follow these steps to remediate the device. + +**Step 1 –** Open the Endpoint Protector notifier and go to the Device Control tab. + +**Step 2 –** Select the device for remediation and click Self Remediate. + +![User Remediation Usage](/img/product_docs/endpointprotector/5.9.4.2/admin/systemparameters/dcselfremediate.webp) + +**Step 3 –** On the Self Remediate section: + +1. Select a **justification** from the drop-down list. +2. Add a **reason** for the justification (if required). +3. Navigate to the **custom URL** situated under the logo. +4. Add your credentials if the **Require Credentials** setting was enabled (click the username icon + to refresh your current username). + + 1. When reopening the dialog, if a different username was used for authentication, EPP Notifier + will automatically switch back to the username of the currently logged-in user. + 2. Usernames are not case sensitive. + +5. Add the **number of minutes** needed to remediate the device (you can hover over the default + number to view the maximum time interval) +6. Click **Authorize**. + +**NOTE:** You can manage more settings for the Self Remediate feature from System Preferences and +User Remediation sections. + +![Self Remediate section](/img/product_docs/endpointprotector/5.9.4.2/admin/systemparameters/selfremediatesection.webp) + +To stop the device remediation session at any time during the time interval, select the device from +the Device Control tab in the Endpoint Protector notifier and then click **Revoke Remediation**. + +![ Stopping the device remediation session](/img/product_docs/endpointprotector/5.9.4.2/admin/systemparameters/revokeremediation.webp) diff --git a/docs/endpointprotector/5.9.4.2/admin/overview_7.md b/docs/endpointprotector/5.9.4.2/admin/overview_7.md new file mode 100644 index 0000000000..9507df774e --- /dev/null +++ b/docs/endpointprotector/5.9.4.2/admin/overview_7.md @@ -0,0 +1,214 @@ +--- +title: "Agent" +description: "Agent" +sidebar_position: 160 +--- + +# Agent + +The Endpoint Protector Agent enforces the Rights and Settings received from the Endpoint Protector +Server on the protected endpoints (Windows, Mac, and Linux). + +You can download the Endpoint Protector Agent directly from the Endpoint Protector UI. For detailed +information about downloading the Endpoint Protector Agent, refer to the +[Client Software](/docs/endpointprotector/5.9.4.2/admin/systemconfiguration/overview.md#client-software) topic. + +**NOTE:** You can use tools like Active Directory or JAMF to deploy the Endpoint Protector Agent in +large networks. + +**NOTE:** Starting with Endpoint Protector Server version 5.8.0.0, an additional security feature is +available to protect the integrity of the Agent. This feature, accessible via Device Control on the +Global Settings page, is known as the Tamper Mode setting. It is designed to prevent unauthorized +termination or modification of the Endpoint Protector Agent. + +## Agent Installation + +For Windows and Mac, your input in installing the Endpoint Protector Agent is minimal. The +Installation folder and Server information are already pre-configured, and downloadable from the +Endpoint Protector Server. + +**NOTE:** For Linux installation instructions, read the readmeLinux.txt file available under the Read +this before installing link. + +**NOTE:** You can also install the Agent from a repository for Endpoint Protector Linux Agents +starting with version 1.4.0.4., as described in the topic below. + +The following are several examples of supported distributions: + +- Ubuntu 14.04+ +- Mint 18.X +- CentOS 7.x +- Fedora 29 +- OpenSUSE 42.2 and 42.3 + +![The Agent enforces the Rights and Settings received from the Endpoint Protector Server on the protected endpoints (Windows, Mac, and Linux)](/img/product_docs/endpointprotector/5.9.4.2/install/agent/setupagent.webp) + +![The Agent enforces the Rights and Settings received from the Endpoint Protector Server on the protected endpoints (Windows, Mac, and Linux)](/img/product_docs/endpointprotector/5.9.4.2/install/agent/setupagenttwo.webp) + +### Installation on macOS with Deep Packet Inspection and VPN Traffic Intercept Active + +Follow the steps to install on macOS with Deep Packet Inspection and VPN Traffic Intercept active. + +**Step 1 –** Open the Endpoint Protector Server. + +**Step 2 –** Go to the **System configuration** section, select **Client Software** and then download +the macOS Endpoint Protector Agent. + +**Step 3 –** Decompress the downloaded file. + +![Installation on macOS with Deep Packet Inspection and VPN Traffic Intercept Active](/img/product_docs/endpointprotector/5.9.4.2/install/agent/clientinstallationios.webp) + +**Step 4 –** Open the **.pkg** file and follow the installation steps and give the requested +permissions. + +**Step 5 –** After the installation is complete, go to **System Preferences** > **Security & +Privacy** > **Privacy tab** > **Full Disk Access**. Search for Endpoint Protector Client, select the +checkbox, and then **save** the changes. + +![Grant permission to the Endpoint Protector Client](/img/product_docs/endpointprotector/5.9.4.2/install/agent/eppagentpermisions.webp) + +**Step 6 –** Open the Endpoint Protector Server and activate Deep Packet Inspection by navigating to +**Device Control** > **Users/Computer/Group/Global Settings** > **Manage Settings** > **Endpoint +Protector Client** > **Deep Packet Inspection**. + +![Activating Deep Packet Inspection](/img/product_docs/endpointprotector/5.9.4.2/install/agent/dpion.webp) + +**Step 7 –** Go to the **System Configuration** section, then **System Settings** > **Deep Packet +Inspection Certificate**, and download the **CA Certificate**. + +![Download the Client CA Certificates](/img/product_docs/endpointprotector/5.9.4.2/install/agent/dpicertificate.webp) + +**Step 8 –** Open the **Keychain Access** application from your macOS and select **System**. + +![Open the Keychain Access application from your macOS and select System](/img/product_docs/endpointprotector/5.9.4.2/install/agent/keychainaccess.webp) + +**Step 9 –** Decompress the downloaded **ClientCerts** file. + +**Step 10 –** Select **cacert.pem** file and drag and drop it on **System > Keychain Access**. + +![Select cacert.pem file and drag and drop it on Keychain Access, System](/img/product_docs/endpointprotector/5.9.4.2/install/agent/clientcerts.webp) + +**Step 11 –** Double-click the **X** on the newly added certificate and on the Trust section, select +**Always Trust**. + +![On the newly added certificate and on the Trust section, select Always Trust.](/img/product_docs/endpointprotector/5.9.4.2/install/agent/keychainaccesstwo.webp) + +**Step 12 –** **Save** the changes. + +**Step 13 –** Activate **Intercept VPN Traffic**. + +**Step 14 –** Select one option for **EPP behavior when network extension is disabled**. + +- Temporarily Disable Deep Packet Inspection – this option will temporary disable Deep Packet + Inspection +- Block Internet Access – this option will end the Internet connection until the end-user approves + the Endpoint Protector Proxy Configuration once the computer is rebooted. + +![Activate Intercept VPN Traffic](/img/product_docs/endpointprotector/5.9.4.2/install/agent/interceptvpntraffic.webp) + +**Step 15 –** **Save** the changes. + +**Step 16 –** The following pop-up will be displayed informing the end-user that a System Extension +is blocked and needs to be allowed. + +![System Extension is blocked and needs to be allowed](/img/product_docs/endpointprotector/5.9.4.2/install/agent/systemextensionblocked.webp) + +**Step 17 –** Go to **System Preferences** > **Security and Privacy** > select the **General tab** +and **allow** the Endpoint Protector Client Extension. + +![select the General tab and allow the Endpoint Protector Client Extension](/img/product_docs/endpointprotector/5.9.4.2/install/agent/generaltabios.webp) + +**Step 18 –** **Allow** the Endpoint Protector Proxy Configuration from the pop-up window. + +![proxypop-up](/img/product_docs/endpointprotector/5.9.4.2/install/agent/proxypop-up.webp) + +At this point, the macOS Endpoint Protector Client installation is completed. + +**NOTE:** If EPPNotifier is not visible or notifications do not display after the installation or +upgrade of the Endpoint Protector Client on macOS, please resolve this issue by restarting your +machine. In situations where the Endpoint Protector Client is installed and then uninstalled on +macOS, you may still see EPPNotifier in the Notification settings. To remove it from the list, simply +right-click and select "Reset notifications." + +### Debian Based Distributions + +While the installation process is similar, each distribution and version have their own +particularities. + +The following are several examples of supported distributions: + +- Ubuntu 14.04 +- Ubuntu 15.04 +- Ubuntu 16.04 +- Ubuntu 17.04 +- Ubuntu 18.04 +- Ubuntu 19.04 +- Ubuntu 20.04 +- Ubuntu 21.04 +- Ubuntu 21.10 +- Ubuntu 22.04 +- LinuxMint +- Debian + +![Debian Based Distributions](/img/product_docs/endpointprotector/5.9.4.2/install/agent/debianbaseddistributions.webp) + +### RedHat based distributions + +While the installation process is similar, each distribution and version have their own +particularities. + +The following are several examples of supported distributions: + +- CentOS 7.x +- RedHat 8.x +- Fedora 32, 33, 34, 35 +- AWS Linux 2 + +![RedHat based distributions](/img/product_docs/endpointprotector/5.9.4.2/install/agent/redhatbaseddistributions.webp) + +- OpenSuse 15.2 +- SUSE 15+ +- SLED Linux Enterprise Server 15 SP1 +- SLED Linux Enterprise Server 15 SP2 +- SLED Linux Enterprise Server 15 SP3 + +![RedHat based distributions](/img/product_docs/endpointprotector/5.9.4.2/install/agent/redhatbaseddistributionstwo.webp) + +### Setting the Server IP + +For all RedHat-based distributions, you need to follow an additional step after executing the above +commands in order to set the Endpoint Protector Server IP. + +Based on each distribution, follow the corresponding method: + +![Setting the Endpoint Protector Server IP](/img/product_docs/endpointprotector/5.9.4.2/install/agent/setserverip.webp) + +![Setting the Endpoint Protector Server IP](/img/product_docs/endpointprotector/5.9.4.2/install/agent/setserveriptwo.webp) + +### The Windows Subsystem for Linux + +The Windows Subsystem for Linux (WSL) allows you to run native Linux distributions directly within +your Windows environment. However, due to its nature, the Endpoint Protector Client cannot be +directly installed as an application within WSL. + +While direct installation is not possible, you can still manage and control the usage of WSL +applications through the Application Denylist feature in Endpoint Protector. This allows you to +define specific applications or processes associated with WSL that you want to restrict and monitor. + +Follow the steps to use use Denylists to control WSL applications. + +**Step 1 –** Navigate to the [Denylists and Allowlists](/docs/endpointprotector/5.9.4.2/admin/denylistsallowlists/overview.md) +section within the Endpoint Protector Console. + +**Step 2 –** Create a new **Denylist entry**. + +**Step 3 –** In the **Application Name field**, specify the WSL application you want to control. +This could be: + +- `wsl *` – This wildcard entry will match all WSL applications. +- `wsl.exe` – This entry will specifically target the `wsl.exe` executable. +- `wsl.exe --help` – This entry will target the specific command `wsl.exe --help`. +- `wsl --list`– This entry will target the `wsl --list` command. + +**NOTE:** Endpoint Protector Client cannot directly control the usage of WSL Bash command-line tools +on Windows. diff --git a/docs/endpointprotector/5.9.4.2/admin/overview_8.md b/docs/endpointprotector/5.9.4.2/admin/overview_8.md new file mode 100644 index 0000000000..74f1d6925c --- /dev/null +++ b/docs/endpointprotector/5.9.4.2/admin/overview_8.md @@ -0,0 +1,17 @@ +--- +title: "Support" +description: "Support" +sidebar_position: 180 +--- + +# Support + +For additional support resources, please visit our [website](https://www.netwrix.com/support.html) +where you can read manuals, view FAQs, watch videos and tutorials, access direct e-mail support, and +much more. + +You can contact our technical support team by submitting a ticket through the +[Netwrix Customer Portal](https://www.netwrix.com/sign_in.html?rf=my_products.html). A team member +will respond to your inquiry as soon as possible. + +![Support Details](/img/product_docs/endpointprotector/5.9.4.2/admin/support/support.webp) diff --git a/docs/endpointprotector/5.9.4.2/admin/reportsanalysis/overview.md b/docs/endpointprotector/5.9.4.2/admin/reportsanalysis/overview.md deleted file mode 100644 index a2e213c4b9..0000000000 --- a/docs/endpointprotector/5.9.4.2/admin/reportsanalysis/overview.md +++ /dev/null @@ -1,175 +0,0 @@ -# Reports and Analysis - -This section offers an overview of the System Logs, Device Control Logs and Shadows, Content Aware -Logs and Shadows, Admin Actions, Statistics, and other helpful information. - -Details regarding eDiscovery Scans and Enforced Encryption can be viewed in their specific sections -and not in the Reports and Analysis section. - -As an additional security measure, this section may be protected by an additional password set by -the Super Administrator, from **System Configuration** > **System Security**. - -## Logs Report - -From this section, you can view, sort, and export the main logs in the system. There are several -event types such as User Login, User Logout, AD Import, AD Synchronization, Uninstall Attempt, etc., -included in this section. Additionally, the main Device Control logs can be viewed in this section. - -![Logs Report Settings](/img/product_docs/endpointprotector/5.9.4.2/admin/devicecontrol/logsreport.webp) - -**NOTE:** Use the Filters option to view and sort different log types and then export the result -list. - -## File Tracing - -This section offers an overview of trace files that have been transferred from a protected computer -to a portable device or another computer on the network, and vice versa. - -A special mention is given here to the “File Hash” column. Endpoint Protector computes an MD5 hash -for most of the files to which the File Tracing feature applies to. This way, mitigating threats -coming from changing the file content is ensured. - -You can export the search results (as an Excel, PDF, or CSV) or Create and Export containing the -entire log report as a .CSV file. - -![File Tracing Reports](/img/product_docs/endpointprotector/5.9.4.2/admin/reportsanalysis/filetracingreports.webp) - -### File Tracing Events by Direction - -The "File Tracing Events Matrix by Direction" table is a valuable reference for understanding how -Endpoint Protector categorizes file tracing events based on data transfer directions. It offers -insight into event handling and helps users customize data protection policies effectively. Whether -tracking local transfers or interactions with removable devices and network shares, this table -provides a clear overview. It's an essential resource for configuring data protection policies in the -Endpoint Protector environment, ensuring strong security and compliance. - -**NOTE:** This matrix refers to clients from the 5.9.0.0 release and higher. - -Please see the table below for a detailed view of the events. - -File Tracing Events Matrix by Direction - -| Direction | Windows | macOS | Linux | -| ------------------------------------ | ---------- | ---------- | ---------- | -| Local -> Local (Partition 0) | N/A | N/A | N/A | -| Local -> Removable | Src & Dest | Src & Dest | Src & Dest | -| Local -> Network share | Src & Dest | Src & Dest | N/A | -| Local -> Partition 1 | Src & Dest | N/A | N/A | -| Removable -> Local (Partition 0) | Src & Dest | Src & Dest | Src & Dest | -| Removable -> Removable | Src & Dest | Dest | Src & Dest | -| Removable -> Network share | Src & Dest | Dest | N/A | -| Removable -> Partition 1 | Src & Dest | Src & Dest | Src & Dest | -| Network share -> Local (Partition 0) | Src & Dest | Src & Dest | N/A | -| Network share -> Removable | Src & Dest | Dest | N/A | -| Network share -> Network share | Src & Dest | Dest | N/A | -| Network share -> Partition 1 | Src & Dest | Src & Dest | N/A | -| Partition 1 -> Local (Partition 0) | N/A | N/A | N/A | -| Partition 1 -> Removable | Src & Dest | Src & Dest | Src & Dest | -| Partition 1 -> Network share | Src & Dest | Src & Dest | N/A | -| Partition 1 -> Partition 0 | N/A | N/A | N/A | - -Legend: - -- Partition 0 -> Boot Partition (OS) -- Partition 1 -> 2nd Partition (e.g., 2nd OS or Data Partition) - -## Content Aware Report - -From this section, you can view Content Aware Logs in the system and detect data incidents -corresponding to the Content Aware Policies applied. - -![Content Aware Reports](/img/product_docs/endpointprotector/5.9.4.2/admin/reportsanalysis/capreports.webp) - -When using the latestEndpoint Protector client, you can view log details structured per file scanned. - -Expand each entry from the log report list to view the Log Details expanded section, providing the -following information: - -- Policy – select an active policy from the drop-down list -- Policy name – the name of the selected policy -- Policy type – the type of the selected policy -- Items type – the Policy Denylist category selected -- Matched type – the Policy Denylist type selected -- Matched items – click the link to view a pop-up window with the list of matched items - -![A pop-up window with the list of matched items](/img/product_docs/endpointprotector/5.9.4.2/admin/reportsanalysis/capmatcheditems.webp) - -- Count – the number of matched items - -![Count – the number of matched items](/img/product_docs/endpointprotector/5.9.4.2/admin/reportsanalysis/matcheditemscount.webp) - -From the Filters section, check the **Include old logs prior to 5.7** upgrade option from the filter -section to include all logs in your searches. If the option is not selected, the filters will apply -only to the new structure of logs. - -![Content Aware Protection Filters](/img/product_docs/endpointprotector/5.9.4.2/admin/reportsanalysis/capfilters.webp) - -For Mac users, when the Deep Packet Inspection feature is enabled on the Endpoint Protector agent -for Mac, there might be certain scenarios where the agent does not provide full destination details -for files being transferred from a network share through monitored applications, such as browsers. In -such cases, the destination information may not be fully captured in the monitoring process - -For Linux users, it's important to note that the Endpoint Protector agent does not currently support -network share visibility, except in situations where files are being transferred from a network share -through Deep Packet Inspection monitored applications, like browsers. In other scenarios, network -share visibility might not be available. - -### Export Content Aware Reports - -You can export Content Aware Logs as an Excel, PDF, or CSV or create and export the entire log -report as a CSV or XLSX file. - -Excel/PDF/CSV – situated above the Content Aware Reports list, this will export only the default -columns - -![Export Content Aware Reports](/img/product_docs/endpointprotector/5.9.4.2/admin/reportsanalysis/exportreports.webp) - -Create Export – situated below the Content Aware Reports list, this will create an export containing -all data, including the expanded Logs Details section with columns Policy Type, Policy Name, Item -type, Matched type, Matched items and Count. - -![Creating Export ](/img/product_docs/endpointprotector/5.9.4.2/admin/reportsanalysis/createexport.webp) - -After the message that is displayed that A new export has been made and is available on Export List, -click View Export List to open the list of Reports, where you can download or delete a report. - -![Viewing Export List ](/img/product_docs/endpointprotector/5.9.4.2/admin/reportsanalysis/viewexportlist.webp) - -![Export List Results ](/img/product_docs/endpointprotector/5.9.4.2/admin/reportsanalysis/exportlistresults.webp) - -## Admin Actions - -This section offers an overview of every important action performed in the interface. From the -Action column, you can view additional information. - -![ An overview of every important action performed in the interface](/img/product_docs/endpointprotector/5.9.4.2/admin/reportsanalysis/adminactions.webp) - -## Online Computers - -This section offers an overview of computers registered on the system which have an established -connection with the server. If the Refresh Interval for computer X is 1 minute, then computer X was -communicating with the server in the last 1 minute. - -![Overview of computers registered on the system](/img/product_docs/endpointprotector/5.9.4.2/admin/reportsanalysis/onlinecomputers.webp) - -## Online Users - -This section offers an overview of users registered on the system which have an established -connection with the server. - -![An overview of users registered on the system](/img/product_docs/endpointprotector/5.9.4.2/admin/reportsanalysis/onlineusers.webp) - -## Online Devices - -This section provides an overview of devices registered on the system which have an established -connection with the server. - -![An overview of devices registered on the system](/img/product_docs/endpointprotector/5.9.4.2/admin/reportsanalysis/onlinedevices.webp) - -## Statistics - -The Statistics module lets you view system activity related to data traffic and device connections. -The integrated filter makes generating reports quick and easy; simply select the field of interest -and click **Apply Filter**. - -![View system activity regarding data traffic and device connections](/img/product_docs/endpointprotector/5.9.4.2/admin/reportsanalysis/statistics.webp) diff --git a/docs/endpointprotector/5.9.4.2/serverclientcommunication.md b/docs/endpointprotector/5.9.4.2/admin/serverclientcommunication.md similarity index 94% rename from docs/endpointprotector/5.9.4.2/serverclientcommunication.md rename to docs/endpointprotector/5.9.4.2/admin/serverclientcommunication.md index 5e9c026130..dddeff9658 100644 --- a/docs/endpointprotector/5.9.4.2/serverclientcommunication.md +++ b/docs/endpointprotector/5.9.4.2/admin/serverclientcommunication.md @@ -1,3 +1,9 @@ +--- +title: "Server – Client Communication" +description: "Server – Client Communication" +sidebar_position: 170 +--- + # Server – Client Communication This section details the communication between the Endpoint Protector Server and Client encrypted by diff --git a/docs/endpointprotector/5.9.4.2/admin/serverlogin.md b/docs/endpointprotector/5.9.4.2/admin/serverlogin.md index ca3d406d3e..9f6faeddce 100644 --- a/docs/endpointprotector/5.9.4.2/admin/serverlogin.md +++ b/docs/endpointprotector/5.9.4.2/admin/serverlogin.md @@ -1,3 +1,9 @@ +--- +title: "Logging in to the Server" +description: "Logging in to the Server" +sidebar_position: 10 +--- + # Logging in to the Server After provisioning the Endpoint Protector Server, you can configure the feature modules. To manage diff --git a/docs/endpointprotector/5.9.4.2/admin/support/overview.md b/docs/endpointprotector/5.9.4.2/admin/support/overview.md deleted file mode 100644 index 80b078cdc2..0000000000 --- a/docs/endpointprotector/5.9.4.2/admin/support/overview.md +++ /dev/null @@ -1,11 +0,0 @@ -# Support - -For additional support resources, please visit our [website](https://www.netwrix.com/support.html) -where you can read manuals, view FAQs, watch videos and tutorials, access direct e-mail support, and -much more. - -You can contact our technical support team by submitting a ticket through the -[Netwrix Customer Portal](https://www.netwrix.com/sign_in.html?rf=my_products.html). A team member -will respond to your inquiry as soon as possible. - -![Support Details](/img/product_docs/endpointprotector/5.9.4.2/admin/support/support.webp) diff --git a/docs/endpointprotector/5.9.4.2/admin/systemconfiguration/_category_.json b/docs/endpointprotector/5.9.4.2/admin/systemconfiguration/_category_.json new file mode 100644 index 0000000000..df4d8e7e05 --- /dev/null +++ b/docs/endpointprotector/5.9.4.2/admin/systemconfiguration/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "System Configuration", + "position": 140, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/endpointprotector/5.9.4.2/admin/systemconfiguration/adminandaccess.md b/docs/endpointprotector/5.9.4.2/admin/systemconfiguration/adminandaccess.md index fc3cbf1b14..c5e0e38094 100644 --- a/docs/endpointprotector/5.9.4.2/admin/systemconfiguration/adminandaccess.md +++ b/docs/endpointprotector/5.9.4.2/admin/systemconfiguration/adminandaccess.md @@ -1,3 +1,9 @@ +--- +title: "Administration and Access Control" +description: "Administration and Access Control" +sidebar_position: 10 +--- + # Administration and Access Control This section allows you to manage system administrators, their roles, and access permissions. It diff --git a/docs/endpointprotector/5.9.4.2/admin/systemconfiguration/overview.md b/docs/endpointprotector/5.9.4.2/admin/systemconfiguration/overview.md index ce55291cfd..2b03c318ce 100644 --- a/docs/endpointprotector/5.9.4.2/admin/systemconfiguration/overview.md +++ b/docs/endpointprotector/5.9.4.2/admin/systemconfiguration/overview.md @@ -1,3 +1,9 @@ +--- +title: "System Configuration" +description: "System Configuration" +sidebar_position: 140 +--- + # System Configuration This section includes essential elements such as Endpoint Protector Clients, System Licensing, and diff --git a/docs/endpointprotector/5.9.4.2/admin/systemconfiguration/singlesignon/_category_.json b/docs/endpointprotector/5.9.4.2/admin/systemconfiguration/singlesignon/_category_.json new file mode 100644 index 0000000000..7caea42773 --- /dev/null +++ b/docs/endpointprotector/5.9.4.2/admin/systemconfiguration/singlesignon/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Single Sign On", + "position": 50, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "singlesignon" + } +} \ No newline at end of file diff --git a/docs/endpointprotector/5.9.4.2/admin/systemconfiguration/singlesignon/singlesignon.md b/docs/endpointprotector/5.9.4.2/admin/systemconfiguration/singlesignon/singlesignon.md index 96580931e5..77d79fd0e8 100644 --- a/docs/endpointprotector/5.9.4.2/admin/systemconfiguration/singlesignon/singlesignon.md +++ b/docs/endpointprotector/5.9.4.2/admin/systemconfiguration/singlesignon/singlesignon.md @@ -1,3 +1,9 @@ +--- +title: "Single Sign On" +description: "Single Sign On" +sidebar_position: 50 +--- + # Single Sign On Single Sign On (SSO) allows you to log in the Endpoint Protector Server with Azure AD and OKTA. This diff --git a/docs/endpointprotector/5.9.4.2/admin/systemconfiguration/singlesignon/ssoazuread.md b/docs/endpointprotector/5.9.4.2/admin/systemconfiguration/singlesignon/ssoazuread.md index 4b443b2cd9..9d12001b39 100644 --- a/docs/endpointprotector/5.9.4.2/admin/systemconfiguration/singlesignon/ssoazuread.md +++ b/docs/endpointprotector/5.9.4.2/admin/systemconfiguration/singlesignon/ssoazuread.md @@ -1,3 +1,9 @@ +--- +title: "Single Sign On (SSO) Configuration with Azure AD" +description: "Single Sign On (SSO) Configuration with Azure AD" +sidebar_position: 10 +--- + # Single Sign On (SSO) Configuration with Azure AD Single Sign On (SSO) streamlines user authentication by enabling access to multiple applications diff --git a/docs/endpointprotector/5.9.4.2/admin/systemconfiguration/singlesignon/ssookta.md b/docs/endpointprotector/5.9.4.2/admin/systemconfiguration/singlesignon/ssookta.md index e32dafed4c..ed45176633 100644 --- a/docs/endpointprotector/5.9.4.2/admin/systemconfiguration/singlesignon/ssookta.md +++ b/docs/endpointprotector/5.9.4.2/admin/systemconfiguration/singlesignon/ssookta.md @@ -1,3 +1,9 @@ +--- +title: "Single Sign On (SSO) Configuration with Okta" +description: "Single Sign On (SSO) Configuration with Okta" +sidebar_position: 20 +--- + # Single Sign On (SSO) Configuration with Okta Single Sign On (SSO) is a powerful authentication process that enhances security and improves user diff --git a/docs/endpointprotector/5.9.4.2/admin/systemconfiguration/systemlicensing.md b/docs/endpointprotector/5.9.4.2/admin/systemconfiguration/systemlicensing.md index d159170d11..c87c77eaf3 100644 --- a/docs/endpointprotector/5.9.4.2/admin/systemconfiguration/systemlicensing.md +++ b/docs/endpointprotector/5.9.4.2/admin/systemconfiguration/systemlicensing.md @@ -1,3 +1,9 @@ +--- +title: "System Licensing" +description: "System Licensing" +sidebar_position: 40 +--- + # System Licensing This section provides a complete overview of your licensing status and allows you to manage licenses diff --git a/docs/endpointprotector/5.9.4.2/admin/systemconfiguration/systemsecurity.md b/docs/endpointprotector/5.9.4.2/admin/systemconfiguration/systemsecurity.md index 0cef7f91c5..78d0217018 100644 --- a/docs/endpointprotector/5.9.4.2/admin/systemconfiguration/systemsecurity.md +++ b/docs/endpointprotector/5.9.4.2/admin/systemconfiguration/systemsecurity.md @@ -1,3 +1,9 @@ +--- +title: "System Security" +description: "System Security" +sidebar_position: 20 +--- + # System Security This section enables you to configure various security settings, including client uninstall diff --git a/docs/endpointprotector/5.9.4.2/admin/systemconfiguration/systemsettings.md b/docs/endpointprotector/5.9.4.2/admin/systemconfiguration/systemsettings.md index 8bb3f0923d..5bb4c6ebf7 100644 --- a/docs/endpointprotector/5.9.4.2/admin/systemconfiguration/systemsettings.md +++ b/docs/endpointprotector/5.9.4.2/admin/systemconfiguration/systemsettings.md @@ -1,3 +1,9 @@ +--- +title: "System Settings" +description: "System Settings" +sidebar_position: 30 +--- + # System Settings From this section, you can manage general settings that apply to the entire Endpoint Protector diff --git a/docs/endpointprotector/5.9.4.2/admin/dashboard/systemdashboard.md b/docs/endpointprotector/5.9.4.2/admin/systemdashboard.md similarity index 98% rename from docs/endpointprotector/5.9.4.2/admin/dashboard/systemdashboard.md rename to docs/endpointprotector/5.9.4.2/admin/systemdashboard.md index 37d9d306ea..f1b36ee859 100644 --- a/docs/endpointprotector/5.9.4.2/admin/dashboard/systemdashboard.md +++ b/docs/endpointprotector/5.9.4.2/admin/systemdashboard.md @@ -1,3 +1,9 @@ +--- +title: "Server Functionality" +description: "Server Functionality" +sidebar_position: 20 +--- + # Server Functionality Once the Endpoint Protector Hardware or Virtual Appliance setup is complete, access the User diff --git a/docs/endpointprotector/5.9.4.2/admin/systemmaintenance/_category_.json b/docs/endpointprotector/5.9.4.2/admin/systemmaintenance/_category_.json new file mode 100644 index 0000000000..e8097193f2 --- /dev/null +++ b/docs/endpointprotector/5.9.4.2/admin/systemmaintenance/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "System Maintenance", + "position": 130, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/endpointprotector/5.9.4.2/admin/systemmaintenance/backup.md b/docs/endpointprotector/5.9.4.2/admin/systemmaintenance/backup.md index b4cd9431c3..885f89820d 100644 --- a/docs/endpointprotector/5.9.4.2/admin/systemmaintenance/backup.md +++ b/docs/endpointprotector/5.9.4.2/admin/systemmaintenance/backup.md @@ -1,3 +1,9 @@ +--- +title: "Backup and Recovery Solutions" +description: "Backup and Recovery Solutions" +sidebar_position: 10 +--- + # Backup and Recovery Solutions Implementing effective backup and recovery solutions is essential for safeguarding your system data diff --git a/docs/endpointprotector/5.9.4.2/admin/systemmaintenance/overview.md b/docs/endpointprotector/5.9.4.2/admin/systemmaintenance/overview.md index 071df05f0b..0aa33d76f3 100644 --- a/docs/endpointprotector/5.9.4.2/admin/systemmaintenance/overview.md +++ b/docs/endpointprotector/5.9.4.2/admin/systemmaintenance/overview.md @@ -1,3 +1,9 @@ +--- +title: "System Maintenance" +description: "System Maintenance" +sidebar_position: 130 +--- + # System Maintenance System Maintenance is crucial for ensuring the optimal performance and reliability of your server. diff --git a/docs/endpointprotector/5.9.4.2/admin/systemmaintenance/shadowrepository.md b/docs/endpointprotector/5.9.4.2/admin/systemmaintenance/shadowrepository.md index 349d4025ae..93b2e48cf1 100644 --- a/docs/endpointprotector/5.9.4.2/admin/systemmaintenance/shadowrepository.md +++ b/docs/endpointprotector/5.9.4.2/admin/systemmaintenance/shadowrepository.md @@ -1,3 +1,9 @@ +--- +title: "File Shadow Repository" +description: "File Shadow Repository" +sidebar_position: 20 +--- + # File Shadow Repository From this section, you can enable the Endpoint Protector Client to send File Shadows directly and at diff --git a/docs/endpointprotector/5.9.4.2/admin/systemparameters/overview.md b/docs/endpointprotector/5.9.4.2/admin/systemparameters/overview.md deleted file mode 100644 index 95e98ade70..0000000000 --- a/docs/endpointprotector/5.9.4.2/admin/systemparameters/overview.md +++ /dev/null @@ -1,496 +0,0 @@ -# System Parameters - -## Device Types and Notifications - -From this section you can view and manage device types and notifications, view and enable default -notifications and their translations and define custom notifications for Content Aware Protection -policies and Device Control User Remediation. - -![Manage device types and notifications](/img/product_docs/endpointprotector/5.9.4.2/admin/systemparameters/devicetypesnotif.webp) - -### List of Device Types and Notifications - -On the List of Device Types and Notifications, you can view the Device Types available in the system -along with their availability for each operating system and if those devices can be inspected by the -Content Aware Protection module. - -You can enable and edit the notification messages that appear on the Endpoint Protector Client from -the Actions column. - -![List of Device Types and Notifications](/img/product_docs/endpointprotector/5.9.4.2/admin/systemparameters/devicetypesnotiftwo.webp) - -You can enable or disable messages from the Default Notifications list and edit custom notification -translations. - -**NOTE:** You can enable Custom Client Notifications globally from Device Control, Global Settings or -individually for computers or groups, from their specific Settings sections. - -![Enable/disable a message from the list of Default Notifications or edit the custom notifications translations](/img/product_docs/endpointprotector/5.9.4.2/admin/systemparameters/listdefaultnotif.webp) - -### Custom Content Aware Protection Notifications - -Endpoint Protector allows you to create informative notifications that users see when a Content -Aware Policy blocks or reports a file. These notifications provide context about the triggered -policy and the affected file. - -Traditionally, Content Aware Protection Notifications were delivered in plain text. Starting from -Agent version 6.2.3.1 (Windows), 3.0.3.1 (Mac), and 2.4.3.1 (Linux), users can use HTML code to -format notifications. By utilizing HTML, administrators can highlight key information such as threat -names or affected files with bold, italics, or underlining, making it easier for users to -understand. In addition, you can employ colors to differentiate sections or emphasize critical -details within the notification. This results in visually engaging notifications that capture user -attention and ensure important information is not missed. - -Follow the steps to create notifications. - -**Step 1 –** Click the **Create** button. - -**Step 2 –** Assign a descriptive **Template Name** for easy identification later. - -**Step 3 –** Craft a clear and informative **Title** for the notification. - -**Step 4 –** Within the **Body** text editor, compose your message using the provided placeholders: - -- \{fileName\}: Replaced with the actual blocked/reported file name. -- \{type\}: Replaced with "blocked" or "reported" based on the policy type. -- \{threatName\}: Replaced with the identified threat name (if applicable). -- \{threatMatch\}: Replaced with the specific text that triggered the policy (if applicable). - -**Step 5 –** Click **Save** to finalize your custom notification. - -![Custom Content Aware Protection Notifications](/img/product_docs/endpointprotector/5.9.4.2/admin/systemparameters/capnotifications.webp) - -For example, the file named 'financial_report.xlsx' (`\{fileName\}`) was classified as -'Confidential' (`\{type\}`) because it contains confidential data. - -Once created, you can associate the custom notification with a specific Content Aware Policy using -the Notification Template drop-down menu. - -To ensure notifications display correctly and securely, Endpoint Protector supports a limited set of -HTML elements. The following list shows the supported elements you can use in your notifications. - -- Basic Formatting: - - - `` (bold) - - `` (italic) - - `` (underline) - - `
` (line break) - -- Text Styling: - - - `Text` (color) - Replace `#rrggbb` with a hexadecimal - color code (e.g., `style="color: red;"` for red text) - - `Text` (font size) - Replace `xxpx` with the desired font - size in pixels (e.g., `style="font-size: 16px;"` for 16px font) - -- Links: - - - `Text` - Replace `URL` with the actual website address and `Text` with the - clickable link text (e.g., `Netwrix Website`) - -Follow the steps to create notifications using HTML code. - -**Step 1 –** As described in the previous steps, create a new notification by clicking **Create** -and entering a name, title, and body text. - -**Step 2 –** Within the body text editor, directly enter the desired HTML code to format your -message. - -### Custom Device Control User Remediation Notifications - -This section is available only if the Device Control User Remediation setting is enabled from the -[User Remediation](#user-remediation) section. In this section you can add, edit and delete custom -notifications for Device Control User Remediation. - -You can add a maximum of 100 custom notifications but you cannot delete the default entry. - -Follow the steps to add a new custom notification. - -**Step 1 –** Click **Create**. - -**Step 2 –** Use these parameters to create your custom message: - -- \{deviceName\} -- \{action\} - -**Step 3 –** Click **Save**. - -Example: USB Driver(deviceName) is blocked(action) - -Once the notification was created, you can select the custom notification from the User Remediation -Notification Template drop-down located in the Device Control section, Global Setting, Users, -Computers and Groups. - -![Custom Device Control User Remediation Notifications](/img/product_docs/endpointprotector/5.9.4.2/admin/systemparameters/userremediationnotif.webp) - -## Contextual Detection - -From this section, you can manage the contextual detection for the entire system. If enabled, the -confidential information detected by Endpoint Protector will be inspected for both content and -context. - -In addition to the function that detects sensitive information (e.g.: Credit Cards, IDs, Passports, -Driving Licenses, etc.), the context will also be taken into consideration (e.g.: proximity to other -relevant keywords, other related functions, regular expressions, etc.). - -In addition to providing context to the detected sensitive information, this functionality also -helps decrease false positives. - -**NOTE:** This feature applies at a global level, for both Content Aware Protection and eDiscovery -Policies. If enabled, the context detection will supersede the content only detection through the -system. Please ensure the accuracy of the rules and the relevance for your scenarios before enabling -this functionality. - -Once the Contextual Detection feature is enabled, it will apply at a global level, based on the -rules defined in the Contextual XML (but also linked to the configured Content Aware Protection and -eDiscovery policies). - -There are two options to create the Contextual rules: - -- creating it directly from the Endpoint Protector Server -- manually editing the Contextual XML and then uploading it to the Endpoint Protector Server - -**NOTE:** To address conflicts between Global and per-policy Contextual Rules, Endpoint Protector -Clients no longer receive Global Contextual Rules if at least one policy has its individual -Contextual Rule set. This marks the deprecation of Global Contextual Rules, emphasizing the -prioritization of individual policy configurations. - -### Creating the XML - -This method is recommended for general use as it is the easiest method and it can cover most use -cases. - -![Creating the XML](/img/product_docs/endpointprotector/5.9.4.2/admin/systemparameters/contextualdetectionone.webp) - -![Creating the XML](/img/product_docs/endpointprotector/5.9.4.2/admin/systemparameters/contextualdetectiontwo.webp) - -For each category of Predefined Content (e.g.: Credit Cards, IDs, Passports, Driving Licenses, etc.), -contextual detection can be configured by clicking on the **Add** button and selecting options such -as: - -- Category and Type – the content aware detection function. -- Surrounding text – the number of characters of the search interval to determine the context. -- Related Dictionary – a set of keywords related to the PII. -- Related Regular Expression – an additional way of adding a related rule that is not among the - content aware detection functions. -- Related File Type – the related file type. -- Related File Size (MB) – the related file size, in megabytes. -- Minimum Matches – the minimum number of items to match to validate the detection rule. -- Unrelated Dictionary – a set of keywords not related to the PII. -- Unrelated Regular Expression – an additional way of adding a non-related rule that is not among - the content aware detection functions. -- Unrelated File Type – the unrelated file type. -- Unrelated File Size (MB) – the unrelated file size, in megabytes. -- Maximum Matches – the value above which the rule will not be validated (recommended value is 0). - -**CAUTION:** Do not forget to Generate the Contextual XML after creating or making changes to -contextual rules! - -### Uploading the XML - -This method is recommended for advanced Administrators as it offers extended functionalities but it -also requires a deeper understanding of the XML syntax. - -Advanced contextual functionalities are also available. For this method, the Contextual XML file has -to be edited manually by the Administrator and then uploaded to the Endpoint Protector Server. - -Proximity, Dictionaries, Regex, etc. have to be defined within the XML document. In addition to the -functionalities described in the previous chapter, there are more complex options available like: -Confidence Level, additional Functions to consider when determining the Main Function, etc. - -Study the examples provided within Endpoint Protector Server to understand the syntax needed in the -Contextual XML. - -Example - -``` - -   -    -    -      -    -      -    -       -    -      -   - -   -   -``` - -Example - -``` - -   -    sin -    social insurance -    numero d'assurance sociale -    sins -    ssn -    ssns -    social security -    numero d'assurance sociale -    national identification number -    national id -    sin# - - -   -    driver's license -    drivers license -    driver's license -    drivers license -    DOB -    Birthdate - - -   -     random word - -[-0-9a-zA-Z.+_]+@[-0-9a-zA-Z.+_]+\.[a-zA-Z]{2,4} - - -``` - -## Advanced Scanning Detection - -The Windows environment is subject to constant OS and security updates and the installed -applications are in a constant loop of continuous development. To avoid eventual changes that -interfere with the Endpoint Protector Client, the ability to allow applications and processes is -available. - -The Advanced Scanning Exceptions feature allows applications to be excluded from scanning for -endpoints with the Advanced Printing and MTP Scanning feature enabled. - -This feature maintains a list of applications into which Endpoint Protector will not inject its DLL -when the “Advanced Printer and MTP Scanning” is enabled. For instance, many applications that cannot -print or copy files to MTP devices do not require the injection of the Endpoint Protector DLL. -Adding such applications to the exceptions list improves performance and avoids unexpected -interactions with Endpoint Protector. - -**NOTE:** This feature applies at a global level for all Windows endpoints with the Advanced -Printing and MTP Scanning features enabled. - -![Advanced Scanning Detection](/img/product_docs/endpointprotector/5.9.4.2/admin/systemparameters/advancedscanningexceptions.webp) - -## Rights - -This subsection displays a list with all access rights that can be assigned to devices. - -![Displays a list with all access rights that can be assigned to devices](/img/product_docs/endpointprotector/5.9.4.2/admin/systemparameters/rights.webp) - -## Events - -In this section you can view, manage and export the events list logged by Endpoint Protector. You -can also edit event names and descriptions or enable/disable logging for specific events from the -Actions column. - -![View, manage and export the events list logged by Netwrix Endpoint Protector](/img/product_docs/endpointprotector/5.9.4.2/admin/systemparameters/listofevents.webp) - -### Events Types and Descriptions - -This subsection displays a comprehensive list of events, and ensures that administrators can -effectively manage and monitor their data protection policies. Additionally, there are more specific -events, such as those related to EasyLock deployment, printer activity, user information updates, -transfer limits, external repository uploads, content remediation, forced uninstall attempts, device -remediation sessions, certificate management, unplanned client terminations, artifact receipts, and -DPI bypassed traffic. These events provide granular insight into various system activities, ensuring -that organizations can maintain robust security and compliance measures. - -For a detailed view of all events and their descriptions, please see the table below. - -| Event Name | Description | -| -------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------- | -| Connected | Device Connected | -| Disconnected | Device Disconnected | -| File Read | File read from device | -| File Write | File written to device | -| File Read-Write | File read and write from device | -| File Rename | File from device renamed | -| File Delete | File deleted from device | -| Device TD | Trusted Device™ connected | -| Deleted | File deleted from device | -| Enable Read-Only | Device Read-Only Enabled | -| Enable if TD Level 1 | Allows access when a Trusted Device™ is connected (e.g., a USB stick with EasyLock installed, which is automatically launched) | -| Enable if TD Level 2 | Allows access when Trust Level 2 device is connected | -| Enable if TD Level 3 | Allows access when Trust Level 3 device is connected | -| Enable if TD Level 4 | Allows access when Trust Level 4 device is connected | -| AD Synchronization | AD Synchronization | -| Blocked | Device or port blocked | -| Unblocked | Device or port unblocked | -| Offline Temporary Password Used | Offline Temporary Password Used | -| User Login | User Login | -| File Encrypt | File encrypted using EasyLock | -| File Decrypt | File decrypted using EasyLock | -| File Encrypt (offline) | File encrypted using EasyLock when not communicating with the Endpoint Protector Server | -| File Decrypt (offline) | File decrypted using EasyLock when not communicating with the Endpoint Protector Server | -| Content Threat Detected | Content Aware Protection - Threat Detected | -| Content Threat Blocked | Content Aware Protection - Threat Blocked | -| File Copy | A file was copied to or from a removable device | -| Content Threat Discovered | eDiscovery - Threat Discovered | -| eDiscovery Client Action | eDiscovery - Action received successfully | -| User Logout | User Logout | -| Client Integrity OK | Endpoint Protector Client Integrity ok | -| Client Integrity Fail | Endpoint Protector Client Integrity failed | -| Policies Received | Endpoint Protector Client received policy successfully | -| Uninstall Attempt | Endpoint Protector Client uninstall attempt | -| EasyLock – successfully deployed | EasyLock - successfully deployed | -| EasyLock - deployment failed | EasyLock - deployment failed | -| File Printed | File sent to printer successfully | -| User Information Updated | User information updated successfully | -| Transfer Limit Reached | Transfer Limit Reached | -| External Repository Upload | File Shadow uploaded to Repository successfully | -| External Repository Upload Fail | File Shadow uploaded to Repository failed | -| Content Remediation Session Active | Content Aware Protection - Threat Remediated | -| Content Remediation Request Canceled by User | Content Aware Protection - User Remediation dialog was closed by the user | -| Forced Uninstall Attempt | Endpoint Protector Client forced uninstall attempt | -| Device Remediation Request Canceled by User | Device Control - User Remediation dialog was closed by the user | -| Device Remediation Session Canceled | Device Temporarily Unlock with User Remediation canceled | -| Device Remediation Session Active | Device Temporarily Unlocked with User Remediation | -| Device Remediation Session Ended | Device Temporarily Unlock with User Remediation ended | -| Certificate added to Keychain/store | Certificate added to Keychain/store successfully | -| Unplanned Client Termination | Unplanned Client Termination | -| Artifact Received | Artifact Received | -| DPI Bypassed Traffic | DPI Bypassed Traffic | - -## User Remediation - -User remediation is a feature that allows the end-users to apply a justification and self-remediate a -policy violation or a restricted-access device. - -![Allows the end-users to apply a justification and self-remediate a policy violation or a restricted-access device](/img/product_docs/endpointprotector/5.9.4.2/admin/systemparameters/userremediation.webp) - -### User Remediation Settings - -In this section, you can customize the User Remediation notification, manage settings and enable User -Remediation for Device Control. - -- Display Custom Logo – select a 200x200 pixels image to be displayed on the pop-up notification -- Display Custom URL – add a URL to direct the end-user to a specific web page, and then add a label - for the URL - - **NOTE:** The following URL formats are accepted: - - - http://endpointprotector.com - - https://endpointprotector.com - - http://www.endpointprotector.com - - https://www.endpointprotector.com - -- Require Credentials – request the end-user to use their local account or Active Directory - credentials - - **NOTE:** The following credential formats are accepted for login: - - - Local user - computer_name\username (John-PC\John) - - LDAP/AD user - - domain_name\username (epp.com\John) - - ip\username (192.168.14.140\John) - -- Time Interval – enter the time interval in which the end-user can remediate a Block and Remediated - threat or a restricted-access device -- Maximum Time Interval – enter the maximum time interval in which the end-user can remediate a - Block and Remediated threat or restricted-access device - - **NOTE:** The maximum time interval you can enter is 1440 minutes (24 hours). - -- Enable User Remediation for Device Control – enable the setting to use the user remediation - feature for the Device Control module. - - **NOTE:** The Enable User Remediation for Device Control setting is disabled by default. By - enabling this feature, all the settings regarding User Remediation will be applied to both - Content Aware Protection and Device Control modules. - -![User Remediation Settings](/img/product_docs/endpointprotector/5.9.4.2/admin/systemparameters/userremediationsettings.webp) - -### Justifications List - -In this section, you can view, add, edit, export, and remove justifications. The justification -represents the reason selected by the end-user to justify the threat or device remediation. - -To add a new justification, click **Add**, fill in the mandatory fields and then click **Save**. You -can add up to a maximum of 10 justifications. By default, several justifications are already added, -but make sure that at least one justification is enabled all the time. - -To enable and enforce the end-user to view User Remediation pop-up notifications, manage the option -from Device Control, Global Settings, [Device Control](/docs/endpointprotector/5.9.4.2/admin/devicecontrol/module.md). - -![Justifications List](/img/product_docs/endpointprotector/5.9.4.2/admin/systemparameters/justflist.webp) - -### Enabling User Remediation - -Follow the steps to use User Remediation for Device Control. - -**Step 1 –** Enable the User Remediation for Device Control feature from -[User Remediation Settings](#user-remediation-settings) - -![Enabling User Remediation](/img/product_docs/endpointprotector/5.9.4.2/admin/systemparameters/dcuserremediation.webp) - -**Step 2 –** Customize the User Remediation notifications for Device Control. - -To do so, go to the Devices Types and Notifications, -[Custom Device Control User Remediation Notifications](#custom-device-control-user-remediation-notifications) -section, click **Create**, fill in the mandatory fields and **Save**. - -![Custom Device Control User Remediation Notifications](/img/product_docs/endpointprotector/5.9.4.2/admin/systemparameters/customdcuserremediationnotif.webp) - -**Step 3 –** Enable the **User Remediation Pop-up** setting from the -[Device Control](/docs/endpointprotector/5.9.4.2/admin/devicecontrol/module.md) topic and then select the **customized notification** -from the User Remediation Notification Template drop-down list; - -![User Remediation Pop-up](/img/product_docs/endpointprotector/5.9.4.2/admin/systemparameters/userremediationpopup.webp) - -**Step 4 –** Navigate to [Device Control](/docs/endpointprotector/5.9.4.2/admin/devicecontrol/module.md), Device Types section and -enable **User Remediation** for devices with limited access – devices that have full access -permission cannot benefit from the User Remediation feature. - -**NOTE:** For built-in devices, such as Webcam and Network share, the User Remediation feature is -not available. - -![These are device types that apply in General](/img/product_docs/endpointprotector/5.9.4.2/admin/systemparameters/devicetypes.webp) - -### User Remediation Usage - -Follow these steps to remediate the device. - -**Step 1 –** Open the Endpoint Protector notifier and go to the Device Control tab. - -**Step 2 –** Select the device for remediation and click Self Remediate. - -![User Remediation Usage](/img/product_docs/endpointprotector/5.9.4.2/admin/systemparameters/dcselfremediate.webp) - -**Step 3 –** On the Self Remediate section: - -1. Select a **justification** from the drop-down list. -2. Add a **reason** for the justification (if required). -3. Navigate to the **custom URL** situated under the logo. -4. Add your credentials if the **Require Credentials** setting was enabled (click the username icon - to refresh your current username). - - 1. When reopening the dialog, if a different username was used for authentication, EPP Notifier - will automatically switch back to the username of the currently logged-in user. - 2. Usernames are not case sensitive. - -5. Add the **number of minutes** needed to remediate the device (you can hover over the default - number to view the maximum time interval) -6. Click **Authorize**. - -**NOTE:** You can manage more settings for the Self Remediate feature from System Preferences and -User Remediation sections. - -![Self Remediate section](/img/product_docs/endpointprotector/5.9.4.2/admin/systemparameters/selfremediatesection.webp) - -To stop the device remediation session at any time during the time interval, select the device from -the Device Control tab in the Endpoint Protector notifier and then click **Revoke Remediation**. - -![ Stopping the device remediation session](/img/product_docs/endpointprotector/5.9.4.2/admin/systemparameters/revokeremediation.webp) diff --git a/docs/endpointprotector/5.9.4.2/configuration/activedirectory/overview.md b/docs/endpointprotector/5.9.4.2/configuration/activedirectory/overview.md deleted file mode 100644 index 18d9dc31f0..0000000000 --- a/docs/endpointprotector/5.9.4.2/configuration/activedirectory/overview.md +++ /dev/null @@ -1,20 +0,0 @@ -# Active Directory - -Netwrix Endpoint Protector Client software is delivered as a Microsoft Installer file ‘msi’, to be -easily deployed using Active Directory, but also using third-party software. Endpoint Protector -comes in two versions: 32-bit and 64-bit targeted installers, as the driver contained within the -application can only be built and installed separately for each of the two operating system types. - -Endpoint Protector Client installer has two versions resulting to two different Group Policy objects -being created in the Active Directory; each having set parameters to install each of the two -clients. The two Group Policy objects will then be filtered using Windows Management Instrumentation -filters to be applied only on the computers for which they are created. - -The Group Policy objects will be later linked to each Organization Unit on which you want to perform -the deployment. This document presents a basic and functional overview of the deployment strategy of -Endpoint Protector Client software. You can modify and adjust these techniques to his environment. - -**NOTE:** This document is provided as an optional reference for Active Directory deployment method -configuration. It is not regularly updated and may not reflect the current state of the product or -its interface. For the most current information, please refer to the official resources provided by -the product vendor. diff --git a/docs/endpointprotector/5.9.4.2/configuration/overview.md b/docs/endpointprotector/5.9.4.2/configuration/overview.md deleted file mode 100644 index 2c1dcd7cf8..0000000000 --- a/docs/endpointprotector/5.9.4.2/configuration/overview.md +++ /dev/null @@ -1,21 +0,0 @@ -# Cloud Services - -This User Guide offers brief guidance on utilizing the Netwrix Endpoint Protector Server in Amazon -Web Services (AWS), Google Cloud Platform (GCP), and Azure. It does not provide a step-by-step guide -for creating AWS or GCP accounts. It is assumed that the reader already has these accounts set up -and understands the basics of these third-party services, with responsibilities falling to each -respective administrator. - -- Amazon Web Services - the Endpoint Protector AMI is provided as an Amazon EC2 instance -- Google Cloud Platform - the Endpoint Protector image is provided as a \*.tar.gz. -- Azure - the Endpoint Protector image will be uploaded into your account. - -## Licensing - -Endpoint Protector is a Bring Your License (BYOL) Instance. This means that you are paying Amazon -(AWS) / Google (GCP) / Microsoft (Azure) for running the instance and then importing the license -previously purchased from Netwrix or any Endpoint Protector Partner. - -The price of the Endpoint Protector Licenses with AWS, GCP, or Azure is the same as licensing the -Endpoint Protector Virtual Appliance. To purchase a license please contact your Endpoint Protector -Representative or [sales@netwrix.com](mailto:sales@cososys.com). diff --git a/docs/endpointprotector/5.9.4.2/gettingstarted.md b/docs/endpointprotector/5.9.4.2/gettingstarted.md deleted file mode 100644 index 24839732b1..0000000000 --- a/docs/endpointprotector/5.9.4.2/gettingstarted.md +++ /dev/null @@ -1,154 +0,0 @@ -# Getting Started - -Welcome to Netwrix Endpoint Protector, your solution for securing endpoint data. With features like -Device Control, Content Aware Protection, eDiscovery, and Enforced Encryption, Endpoint Protector -safeguards against data breaches from a wide range of endpoints, including portable storage devices -such as USB flash drives, external HDDs, digital cameras, MP3 players, and iPods. These devices are -seamlessly connected to Windows, Mac, or Linux computers, increasing the risk of data theft or -accidental loss. Ensure compliance and protect sensitive information with our user-friendly -platform. - -## System Requirements - -Before starting, ensure that your environment meets the following requirements: - -- Operating Systems: Windows, macOS, Linux -- Disk Space: Sufficient for agent installation -- Network: Access to Endpoint Protector Server - -See the [Requirements](/docs/endpointprotector/5.9.4.2/requirements/overview.md) topic for additional information. - -## Staging the Server - -- Access the Endpoint Protector Management Console: - - - Access the appliance using the IP address configured during the deployment process, which is - also visible on the backend console. - - Log in using your administrator credentials. - -See the [Server Functionality](/docs/endpointprotector/5.9.4.2/admin/dashboard/systemdashboard.md) topic for additional information. - -## Managing Administrators - -- Administrator Accounts: - - - Create and manage administrator accounts with appropriate permissions under System - Configuration > System Administrators. - -See the [System Configuration](/docs/endpointprotector/5.9.4.2/admin/systemconfiguration/overview.md) topic for additional -Information. - -## Configuring Device Control - -- Create Device Control Policies: - - - Navigate to Device Control. - - Create Custom Policies to configure device access rules. - - Customize policies based on device types and access requirements. - -See the [Device Control](/docs/endpointprotector/5.9.4.2/admin/devicecontrol/module.md) topic for additional information. - -## Configuring Content Aware Protection - -- Create Content Aware Policies: - - - Navigate to Content Aware Protection > Content Aware Policies. - - Create Custom Policies to define file monitoring and protection rules. - - Specify Denylists, Predefined Content, or Custom Content to identify sensitive data. - -See the [Content Aware Protection](/docs/endpointprotector/5.9.4.2/admin/contentawareprotection/module.md) topic for more -information. - -## Configuring an eDiscovery Scan - -- Setup eDiscovery Scans: - - - Navigate to eDiscovery > Policies and Scans. - - Create custom scan policies to identify sensitive data at rest on endpoint systems. - - Configure scan options and remediation actions (Encrypt, Decrypt, Delete). - -See the [eDiscovery](/docs/endpointprotector/5.9.4.2/admin/ediscovery/module.md) topic for additional more information. - -## Configuring the User Experience - -- Customize Netwrix Endpoint Protector Client Settings: - - - Navigate to Device Control > Client Settings. - - Configure Client Modes (Normal, Transparent, Stealth, etc.) and Notification Preferences. - -See the [Device Control](/docs/endpointprotector/5.9.4.2/admin/devicecontrol/module.md) topic for more information. - -### Configuring User Remediation Settings - -- Setup User Remediation: - - - Navigate to System Parameters > User Remediation. - - Configure settings such as Time Interval for user actions and User Remediation Pop-up - notifications. - -See the [System Parameters](/docs/endpointprotector/5.9.4.2/admin/systemparameters/overview.md) topic for more information. - -### Setting Up Offline Temporary Password - -- Generate Offline Temporary Passwords: - - - Navigate to Offline Temporary Passwords. - - Generate passwords to provide temporary access rights when User Remediation is unavailable. - -See the [Offline Temporary Password](/docs/endpointprotector/5.9.4.2/admin/offlinetemporarypassword/overview.md) topic for more -information. - -## Deploying Agents - -- Deploy Netwrix Endpoint Protector Agents: - - - Access System Configuration > Client Software. - - Download and deploy Endpoint Protector Client packages for Windows, macOS, and Linux systems. - - Utilize MDM software or other deployment tools for efficient agent deployment. - -See the [System Configuration](/docs/endpointprotector/5.9.4.2/admin/systemconfiguration/overview.md) topic for more information. - -## Blocking Content Aware Protection Policies - -- Transition to Blocking Policies: - - - Duplicate "Report Only" CAP policies and modify them to enforce restrictions. - - Activate blocking policies to prevent unauthorized data movements. - -See the [Content Aware Protection](/docs/endpointprotector/5.9.4.2/admin/contentawareprotection/module.md) topic for more -information. - -## Performing Remediation within eDiscovery - -- Implement Remediation Actions: - - - Review eDiscovery scan results under eDiscovery > Scan Results and Actions. - - Perform actions such as Encrypt, Decrypt, or Delete on identified sensitive data to mitigate - risks. - -See the -[eDiscovery Scan Result and Actions](admin/ediscovery/module.md#ediscovery-scan-result-and-actions) -topic for more information. - -## Deploying Enforced Encryption - -- Automatic Deployment: - - - Go to Device Control > Global Rights. - - Enable Allow Access if Trusted Device™ Level 1+. - - Ensures automatic deployment of Enforced Encryption 2 on USB devices recognized as Trusted - Device™ Level 1. - -- Manual Deployment: - - - Download Enforced Encryption installer for Windows/macOS. - - Copy installer to USB root. - - Execute installer from USB to setup Enforced Encryption. - -- Configuration: - - - Set Master Password and user policies in Settings > Enforced Encryption. - - Monitoring Devices: - - Manage Enforced Encryption devices in Clients list section. - -See the [Enforced Encryption](/docs/endpointprotector/5.9.4.2/admin/enforcedencryption/module.md) topic for more information. diff --git a/docs/endpointprotector/5.9.4.2/install/_category_.json b/docs/endpointprotector/5.9.4.2/install/_category_.json new file mode 100644 index 0000000000..5e278cbbc7 --- /dev/null +++ b/docs/endpointprotector/5.9.4.2/install/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Deployments", + "position": 30, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/endpointprotector/5.9.4.2/install/activedirectory/_category_.json b/docs/endpointprotector/5.9.4.2/install/activedirectory/_category_.json new file mode 100644 index 0000000000..f4e6cc55a8 --- /dev/null +++ b/docs/endpointprotector/5.9.4.2/install/activedirectory/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Active Directory", + "position": 30, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/endpointprotector/5.9.4.2/configuration/activedirectory/creatingfilters.md b/docs/endpointprotector/5.9.4.2/install/activedirectory/creatingfilters.md similarity index 97% rename from docs/endpointprotector/5.9.4.2/configuration/activedirectory/creatingfilters.md rename to docs/endpointprotector/5.9.4.2/install/activedirectory/creatingfilters.md index f496dda2bb..38f13a86fa 100644 --- a/docs/endpointprotector/5.9.4.2/configuration/activedirectory/creatingfilters.md +++ b/docs/endpointprotector/5.9.4.2/install/activedirectory/creatingfilters.md @@ -1,3 +1,9 @@ +--- +title: "Creating WMI Filters" +description: "Creating WMI Filters" +sidebar_position: 10 +--- + # Creating WMI Filters To create the Windows Management Instrumentation (WMI) filters, follow these steps: diff --git a/docs/endpointprotector/5.9.4.2/configuration/activedirectory/deployment.md b/docs/endpointprotector/5.9.4.2/install/activedirectory/deployment.md similarity index 90% rename from docs/endpointprotector/5.9.4.2/configuration/activedirectory/deployment.md rename to docs/endpointprotector/5.9.4.2/install/activedirectory/deployment.md index 63ebb432a7..62cd1bea0e 100644 --- a/docs/endpointprotector/5.9.4.2/configuration/activedirectory/deployment.md +++ b/docs/endpointprotector/5.9.4.2/install/activedirectory/deployment.md @@ -1,3 +1,9 @@ +--- +title: "Creating the Deployment GPO" +description: "Creating the Deployment GPO" +sidebar_position: 20 +--- + # Creating the Deployment GPO To create the deployment Group Policy Objects (GPO), follow these steps: diff --git a/docs/endpointprotector/5.9.4.2/configuration/activedirectory/linkinggpotoou.md b/docs/endpointprotector/5.9.4.2/install/activedirectory/linkinggpotoou.md similarity index 86% rename from docs/endpointprotector/5.9.4.2/configuration/activedirectory/linkinggpotoou.md rename to docs/endpointprotector/5.9.4.2/install/activedirectory/linkinggpotoou.md index a6dbbd11ac..81fd402bee 100644 --- a/docs/endpointprotector/5.9.4.2/configuration/activedirectory/linkinggpotoou.md +++ b/docs/endpointprotector/5.9.4.2/install/activedirectory/linkinggpotoou.md @@ -1,3 +1,9 @@ +--- +title: "Linking the GPO to OU" +description: "Linking the GPO to OU" +sidebar_position: 40 +--- + # Linking the GPO to OU Once you have created the GPOs, link them to any of your Organization Units (OU). To do so, follow diff --git a/docs/endpointprotector/5.9.4.2/configuration/activedirectory/linkingwmitogpo.md b/docs/endpointprotector/5.9.4.2/install/activedirectory/linkingwmitogpo.md similarity index 83% rename from docs/endpointprotector/5.9.4.2/configuration/activedirectory/linkingwmitogpo.md rename to docs/endpointprotector/5.9.4.2/install/activedirectory/linkingwmitogpo.md index 6fc8fd2c29..292d063dbd 100644 --- a/docs/endpointprotector/5.9.4.2/configuration/activedirectory/linkingwmitogpo.md +++ b/docs/endpointprotector/5.9.4.2/install/activedirectory/linkingwmitogpo.md @@ -1,3 +1,9 @@ +--- +title: "Linking the WMI to GPO" +description: "Linking the WMI to GPO" +sidebar_position: 30 +--- + # Linking the WMI to GPO To link the WMI filters to each GPO, follow these steps: diff --git a/docs/endpointprotector/5.9.4.2/install/activedirectory/overview.md b/docs/endpointprotector/5.9.4.2/install/activedirectory/overview.md new file mode 100644 index 0000000000..c14e75ce88 --- /dev/null +++ b/docs/endpointprotector/5.9.4.2/install/activedirectory/overview.md @@ -0,0 +1,26 @@ +--- +title: "Active Directory" +description: "Active Directory" +sidebar_position: 30 +--- + +# Active Directory + +Netwrix Endpoint Protector Client software is delivered as a Microsoft Installer file ‘msi’, to be +easily deployed using Active Directory, but also using third-party software. Endpoint Protector +comes in two versions: 32-bit and 64-bit targeted installers, as the driver contained within the +application can only be built and installed separately for each of the two operating system types. + +Endpoint Protector Client installer has two versions resulting to two different Group Policy objects +being created in the Active Directory; each having set parameters to install each of the two +clients. The two Group Policy objects will then be filtered using Windows Management Instrumentation +filters to be applied only on the computers for which they are created. + +The Group Policy objects will be later linked to each Organization Unit on which you want to perform +the deployment. This document presents a basic and functional overview of the deployment strategy of +Endpoint Protector Client software. You can modify and adjust these techniques to his environment. + +**NOTE:** This document is provided as an optional reference for Active Directory deployment method +configuration. It is not regularly updated and may not reflect the current state of the product or +its interface. For the most current information, please refer to the official resources provided by +the product vendor. diff --git a/docs/endpointprotector/5.9.4.2/install/agent/intune/overview.md b/docs/endpointprotector/5.9.4.2/install/agent/intune/overview.md deleted file mode 100644 index 8cf7450aaf..0000000000 --- a/docs/endpointprotector/5.9.4.2/install/agent/intune/overview.md +++ /dev/null @@ -1,9 +0,0 @@ -# Microsoft Intune - -This guide describes the steps needed to deploy Netwrix Endpoint Protector to multiple endpoints -using the MSI application in Microsoft Intune. Microsoft Intune is a cloud-based service focusing on -mobile device management (MDM) and mobile application management (MAM). - -**NOTE:** This document serves as an optional reference for Microsoft Intune (currently known as -Microsoft Endpoint Manager). It is not regularly updated and may not align with the current version -of the product. Please refer to the official resources for the most up-to-date information. diff --git a/docs/endpointprotector/5.9.4.2/install/agent/jamf/configuration.md b/docs/endpointprotector/5.9.4.2/install/agent/jamf/configuration.md deleted file mode 100644 index 1757420ad1..0000000000 --- a/docs/endpointprotector/5.9.4.2/install/agent/jamf/configuration.md +++ /dev/null @@ -1,224 +0,0 @@ -# Creating the Configuration Profile - -In order to use Jamf, first, you need to create a new configuration profile. To do so, follow these -steps: - -**Step 1 –** Open the Jamf Pro account and log in using your credentials. - -**Step 2 –** In your Jamf account, from the main navigation bar click **Computer**, and then from -the left sidebar menu, select **Configuration Profiles**. - -**Step 3 –** To create a new configuration profile, in the upper right, above the table with -available configuration profiles, click **+New**. - -![Creating a New configuration Profile](/img/product_docs/endpointprotector/5.9.4.2/install/agent/jamf/configurationprofile.webp) - -On the New macOS Configuration Profile section, you can manage profile settings and select the -devices and users to which you want to deploy the profile. - -**NOTE:** Click **Save** only once you have managed all settings and the profile scope. - -## General Settings - -On the default General section, enter the following information: - -- Name – enter a name to use for this configuration profile. -- Description (optional) – add a description that details the purpose of the configuration profile. - -You can continue with the default settings for the category, level, and distribution method fields. - -![Completing information on the general section](/img/product_docs/endpointprotector/5.9.4.2/install/agent/jamf/generalsettings.webp) - -## Certificate Settings - -You will add the Client CA Certificate in .cer format on the Certificate settings section. - -**NOTE:** This step is not required if you are not using Deep Package Inspection. To continue the -process, go to the Privacy Preferences Policy Control section. - -**Step 1 –** Log in to Endpoint Protector Server, go to the System Configuration section, and then -select **System Settings**. - -**Step 2 –** On the Default System Settings section, enable Deep Packet Inspection Certificate and -then download Client CA Certificate – the downloaded .zip file contains the .cer and .crt client -certifications. - -![Enabling Deep Packet Inspection Certificate and then downloading Client CA Certificate](/img/product_docs/endpointprotector/5.9.4.2/install/agent/jamf/dpicertificate.webp) - -**Step 3 –** Go to Jamf, the Certificate section, and click **Configure**. - -**Step 4 –** Enter a Certificate name and then select and upload the downloaded Client CA -Certificate in .cer format. - -![Entering the required information on New macOS Configuration Profile](/img/product_docs/endpointprotector/5.9.4.2/install/agent/jamf/macosconfiguration.webp) - -## Privacy Preferences Policy Control Settings - -On the Privacy Preferences Policy Control section, click **Configure** and then enter the following -information: - -- Identifier - `com.cososys.eppclient`. -- Identifier Type – go with the default Bundle ID type. -- Code Requirement - -`anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = TV3T7A76P4`. - -**NOTE:** Use the Terminal Editor to verify there are no formatting alterations before executing -this command line. - -- Select the **Validate the Static Code Requirement** check-box. -- Click **Add** and **Save** to allow access to SystemPolicyAllFiles and Accessibility services. - -![Configuring Privacy Peferences Policy Control](/img/product_docs/endpointprotector/5.9.4.2/install/agent/jamf/privacypreferences.webp) - -## Allow EppNotifier Settings - -On the Privacy Preferences Policy Control section, click the **+ icon** to add a new policy and then -enter the following information: - -Identifier - `com.cososys.eppclient.notifier` - -Identifier Type – go with the default Bundle ID type. - -Code Requirement - -`anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = TV3T7A76P4`. - -**NOTE:** Use the Terminal Editor to verify there are no formatting alterations before executing -this command line. - -- Select the **Validate the Static Code Requirement** check-box. -- Click **Add** and then **Save** to allow access to Accessibility services. - -![Configuring EPPNotifier Settings](/img/product_docs/endpointprotector/5.9.4.2/install/agent/jamf/eppnotifer.webp) - -## Enforced Encryption Settings - -On the Privacy Preferences Policy Control section, click the **+ icon** to add a new policy and then -enter the following information: - -Identifier – `com.cososys.easylock`. - -Identifier Type – go with the default Bundle ID type. - -Code Requirement - -`anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = TV3T7A76P4`. - -**NOTE:** Use the Terminal Editor to verify there are no formatting alterations before executing -this command line. - -- Select the **Validate the Static Code Requirement** check-box. -- Click **Add** and then **Save** to allow access to SystemPolicyAllFiles and Accessibility - services. - -![Configuring Enforced Encryption settings](/img/product_docs/endpointprotector/5.9.4.2/install/agent/jamf/enforcedencryption.webp) - -## System Extension Settings - -### Allow System Extensions - -On the System Extension section, click **Configure** and then enter the following information: - -- Display Name (optional) - enter a name to use for this configuration. -- System Extension Type - select **Allow System Extension type**. -- Team Identifier - `TV3T7A76P4`. -- Allowed System Extensions – click **Add**, enter `com.cososys.eppclient`, and then **Save** the - changes. - -![Allowing System Extensions ](/img/product_docs/endpointprotector/5.9.4.2/install/agent/jamf/systemextensions.webp) - -**NOTE:** For operating systems lower than macOS 11 (Big Sur), manage settings from the Approved -Kernel Extensions section instead of System Extensions. Define the Team ID (enter TV3T7A76P4) and -proceed to the next step. - -### Removable System Extensions - -On the System Extension section, click the **+ icon** to add a new policy that will allow removing -system extensions without a pop-up, and then enter the following information: - -- Display Name (optional) - enter a name to use for this configuration. -- System Extension Type - select **Removable System Extensions** type. -- Team Identifier - `TV3T7A76P4`. -- Allowed System Extensions – click **Add**, enter `com.cososys.eppclient`, and then **Save** the - changes. - -**NOTE:** This setting will be applied starting with MacOS 12 version (Monterey). - -![Adding a new policy that will allow the removing of system extensions](/img/product_docs/endpointprotector/5.9.4.2/install/agent/jamf/removeableextensions.webp) - -### Managed Login Items - -Administrators can quickly disable Endpoint Protector Items in Jamf Configuration Profiles with -Ventura's (macOS 13) new capability. This can be accomplished by taking the following steps: - -**Step 5 –** Log in to your Jamf account. - -**Step 6 –** Click **Computer** from the main navigation bar. - -**Step 7 –** Select **Configuration Profiles** from the sidebar menu on the left. - -**Step 8 –** Click **New** in the upper right-hand corner. - -**Step 9 –** On the left, under the Options box, select **Managed Logged In Items**. - -Endpoint Protector Items can be simply disabled in your Jamf Configuration Profiles from here. -Simply uncheck the box next to the Endpoint ProtectorItem(s) you want to disable, and then click -**Save** to save your changes. - -**NOTE:** Disabling Endpoint Protector Items may have an impact on the security of your system. Only -disable these items if you are positive it is essential and you have taken every precaution -necessary to keep your system secure. - -## VPN Settings - -**NOTE:** This step is not required if you are not using VPN services. To continue the process, go -to the Scope section. - -On the VPN section, click **Configure** and then enter the following information: - -- Connection Name – enter a connection name that will be displayed on the device. -- VPN Type – select **Per-App VPN** type. -- Per-App VPN Connection Type – select **Custom SSL connection** type. -- Identifier – com.cososys.eppclient.daemon. -- Server – localhost. -- Provider Bundle Identifier – com.cososys.eppclient.daemon. -- Provider Type – select **App-proxy** type. -- Select the **Include All Networks** check-box. -- Provider Designated Requirement - -`anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = TV3T7A76P4` - -**NOTE:** Use the Terminal Editor to verify there are no formatting alterations before executing -this command line. - -- Select the **Prohibit users from disabling on-demand VPN settings** check-box. - -![First section to configuring VPN settings](/img/product_docs/endpointprotector/5.9.4.2/install/agent/jamf/vpnsettings.webp) - -![Second section to configuring VPN settings](/img/product_docs/endpointprotector/5.9.4.2/install/agent/jamf/vpnconfiguration.webp) - -## Notifications Settings - -**NOTE:** This step is optional. To continue the process, go to the Scope section. - -On the Notifications section, click **Configure** and then enter the following information: - -- App Name - `EppNotifier`. -- Bundle ID - `com.cososys.eppclient.notifier`. -- Toggle the switch to include the settings type and then disable/enable to manage each notification - option. - -![Optional Notifiaction Settings](/img/product_docs/endpointprotector/5.9.4.2/install/agent/jamf/notificationsettings.webp) - -## Scope - -Once you manage all settings, go to the Scope tab and select the devices and users to deploy the new -profile. - -Click **Save** to apply all settings to the new configuration profile. - -**NOTE:** To confirm that the new configuration profile is saved successfully, reboot your computer -at this point. - -![Selecting Devices and Users to deploy to the new profile.](/img/product_docs/endpointprotector/5.9.4.2/install/agent/jamf/scope.webp) diff --git a/docs/endpointprotector/5.9.4.2/install/agent/jamf/overview.md b/docs/endpointprotector/5.9.4.2/install/agent/jamf/overview.md deleted file mode 100644 index c2a8ccf29e..0000000000 --- a/docs/endpointprotector/5.9.4.2/install/agent/jamf/overview.md +++ /dev/null @@ -1,15 +0,0 @@ -# Jamf - -Since the release of macOS 11.0 (Big Sur), significant changes have been made regarding system -extensions that now allow deploying endpoint security solutions without kernel-level access. - -This affects the deployment of the Netwrix Endpoint Protector Client on all Macs that are using 11.0 -operating systems or later. Companies can use third-party deployment tools such as Jamf as well as -other alternatives. - -This user guide aims to explain how to use Jamf in order to deploy Endpoint Protector on multiple -endpoints. - -**NOTE:** This is an optional document for Jamf. It is not kept up-to-date with product changes and -may not accurately represent the current interface or features. For the latest information, consult -the official resources from the product vendor. diff --git a/docs/endpointprotector/5.9.4.2/install/agent/overview.md b/docs/endpointprotector/5.9.4.2/install/agent/overview.md deleted file mode 100644 index 5fcae8a9dc..0000000000 --- a/docs/endpointprotector/5.9.4.2/install/agent/overview.md +++ /dev/null @@ -1,208 +0,0 @@ -# Agent - -The Endpoint Protector Agent enforces the Rights and Settings received from the Endpoint Protector -Server on the protected endpoints (Windows, Mac, and Linux). - -You can download the Endpoint Protector Agent directly from the Endpoint Protector UI. For detailed -information about downloading the Endpoint Protector Agent, refer to the -[Client Software](/docs/endpointprotector/5.9.4.2/admin/systemconfiguration/overview.md#client-software) topic. - -**NOTE:** You can use tools like Active Directory or JAMF to deploy the Endpoint Protector Agent in -large networks. - -**NOTE:** Starting with Endpoint Protector Server version 5.8.0.0, an additional security feature is -available to protect the integrity of the Agent. This feature, accessible via Device Control on the -Global Settings page, is known as the Tamper Mode setting. It is designed to prevent unauthorized -termination or modification of the Endpoint Protector Agent. - -## Agent Installation - -For Windows and Mac, your input in installing the Endpoint Protector Agent is minimal. The -Installation folder and Server information are already pre-configured, and downloadable from the -Endpoint Protector Server. - -**NOTE:** For Linux installation instructions, read the readmeLinux.txt file available under the Read -this before installing link. - -**NOTE:** You can also install the Agent from a repository for Endpoint Protector Linux Agents -starting with version 1.4.0.4., as described in the topic below. - -The following are several examples of supported distributions: - -- Ubuntu 14.04+ -- Mint 18.X -- CentOS 7.x -- Fedora 29 -- OpenSUSE 42.2 and 42.3 - -![The Agent enforces the Rights and Settings received from the Endpoint Protector Server on the protected endpoints (Windows, Mac, and Linux)](/img/product_docs/endpointprotector/5.9.4.2/install/agent/setupagent.webp) - -![The Agent enforces the Rights and Settings received from the Endpoint Protector Server on the protected endpoints (Windows, Mac, and Linux)](/img/product_docs/endpointprotector/5.9.4.2/install/agent/setupagenttwo.webp) - -### Installation on macOS with Deep Packet Inspection and VPN Traffic Intercept Active - -Follow the steps to install on macOS with Deep Packet Inspection and VPN Traffic Intercept active. - -**Step 1 –** Open the Endpoint Protector Server. - -**Step 2 –** Go to the **System configuration** section, select **Client Software** and then download -the macOS Endpoint Protector Agent. - -**Step 3 –** Decompress the downloaded file. - -![Installation on macOS with Deep Packet Inspection and VPN Traffic Intercept Active](/img/product_docs/endpointprotector/5.9.4.2/install/agent/clientinstallationios.webp) - -**Step 4 –** Open the **.pkg** file and follow the installation steps and give the requested -permissions. - -**Step 5 –** After the installation is complete, go to **System Preferences** > **Security & -Privacy** > **Privacy tab** > **Full Disk Access**. Search for Endpoint Protector Client, select the -checkbox, and then **save** the changes. - -![Grant permission to the Endpoint Protector Client](/img/product_docs/endpointprotector/5.9.4.2/install/agent/eppagentpermisions.webp) - -**Step 6 –** Open the Endpoint Protector Server and activate Deep Packet Inspection by navigating to -**Device Control** > **Users/Computer/Group/Global Settings** > **Manage Settings** > **Endpoint -Protector Client** > **Deep Packet Inspection**. - -![Activating Deep Packet Inspection](/img/product_docs/endpointprotector/5.9.4.2/install/agent/dpion.webp) - -**Step 7 –** Go to the **System Configuration** section, then **System Settings** > **Deep Packet -Inspection Certificate**, and download the **CA Certificate**. - -![Download the Client CA Certificates](/img/product_docs/endpointprotector/5.9.4.2/install/agent/dpicertificate.webp) - -**Step 8 –** Open the **Keychain Access** application from your macOS and select **System**. - -![Open the Keychain Access application from your macOS and select System](/img/product_docs/endpointprotector/5.9.4.2/install/agent/keychainaccess.webp) - -**Step 9 –** Decompress the downloaded **ClientCerts** file. - -**Step 10 –** Select **cacert.pem** file and drag and drop it on **System > Keychain Access**. - -![Select cacert.pem file and drag and drop it on Keychain Access, System](/img/product_docs/endpointprotector/5.9.4.2/install/agent/clientcerts.webp) - -**Step 11 –** Double-click the **X** on the newly added certificate and on the Trust section, select -**Always Trust**. - -![On the newly added certificate and on the Trust section, select Always Trust.](/img/product_docs/endpointprotector/5.9.4.2/install/agent/keychainaccesstwo.webp) - -**Step 12 –** **Save** the changes. - -**Step 13 –** Activate **Intercept VPN Traffic**. - -**Step 14 –** Select one option for **EPP behavior when network extension is disabled**. - -- Temporarily Disable Deep Packet Inspection – this option will temporary disable Deep Packet - Inspection -- Block Internet Access – this option will end the Internet connection until the end-user approves - the Endpoint Protector Proxy Configuration once the computer is rebooted. - -![Activate Intercept VPN Traffic](/img/product_docs/endpointprotector/5.9.4.2/install/agent/interceptvpntraffic.webp) - -**Step 15 –** **Save** the changes. - -**Step 16 –** The following pop-up will be displayed informing the end-user that a System Extension -is blocked and needs to be allowed. - -![System Extension is blocked and needs to be allowed](/img/product_docs/endpointprotector/5.9.4.2/install/agent/systemextensionblocked.webp) - -**Step 17 –** Go to **System Preferences** > **Security and Privacy** > select the **General tab** -and **allow** the Endpoint Protector Client Extension. - -![select the General tab and allow the Endpoint Protector Client Extension](/img/product_docs/endpointprotector/5.9.4.2/install/agent/generaltabios.webp) - -**Step 18 –** **Allow** the Endpoint Protector Proxy Configuration from the pop-up window. - -![proxypop-up](/img/product_docs/endpointprotector/5.9.4.2/install/agent/proxypop-up.webp) - -At this point, the macOS Endpoint Protector Client installation is completed. - -**NOTE:** If EPPNotifier is not visible or notifications do not display after the installation or -upgrade of the Endpoint Protector Client on macOS, please resolve this issue by restarting your -machine. In situations where the Endpoint Protector Client is installed and then uninstalled on -macOS, you may still see EPPNotifier in the Notification settings. To remove it from the list, simply -right-click and select "Reset notifications." - -### Debian Based Distributions - -While the installation process is similar, each distribution and version have their own -particularities. - -The following are several examples of supported distributions: - -- Ubuntu 14.04 -- Ubuntu 15.04 -- Ubuntu 16.04 -- Ubuntu 17.04 -- Ubuntu 18.04 -- Ubuntu 19.04 -- Ubuntu 20.04 -- Ubuntu 21.04 -- Ubuntu 21.10 -- Ubuntu 22.04 -- LinuxMint -- Debian - -![Debian Based Distributions](/img/product_docs/endpointprotector/5.9.4.2/install/agent/debianbaseddistributions.webp) - -### RedHat based distributions - -While the installation process is similar, each distribution and version have their own -particularities. - -The following are several examples of supported distributions: - -- CentOS 7.x -- RedHat 8.x -- Fedora 32, 33, 34, 35 -- AWS Linux 2 - -![RedHat based distributions](/img/product_docs/endpointprotector/5.9.4.2/install/agent/redhatbaseddistributions.webp) - -- OpenSuse 15.2 -- SUSE 15+ -- SLED Linux Enterprise Server 15 SP1 -- SLED Linux Enterprise Server 15 SP2 -- SLED Linux Enterprise Server 15 SP3 - -![RedHat based distributions](/img/product_docs/endpointprotector/5.9.4.2/install/agent/redhatbaseddistributionstwo.webp) - -### Setting the Server IP - -For all RedHat-based distributions, you need to follow an additional step after executing the above -commands in order to set the Endpoint Protector Server IP. - -Based on each distribution, follow the corresponding method: - -![Setting the Endpoint Protector Server IP](/img/product_docs/endpointprotector/5.9.4.2/install/agent/setserverip.webp) - -![Setting the Endpoint Protector Server IP](/img/product_docs/endpointprotector/5.9.4.2/install/agent/setserveriptwo.webp) - -### The Windows Subsystem for Linux - -The Windows Subsystem for Linux (WSL) allows you to run native Linux distributions directly within -your Windows environment. However, due to its nature, the Endpoint Protector Client cannot be -directly installed as an application within WSL. - -While direct installation is not possible, you can still manage and control the usage of WSL -applications through the Application Denylist feature in Endpoint Protector. This allows you to -define specific applications or processes associated with WSL that you want to restrict and monitor. - -Follow the steps to use use Denylists to control WSL applications. - -**Step 1 –** Navigate to the [Denylists and Allowlists](/docs/endpointprotector/5.9.4.2/admin/denylistsallowlists/overview.md) -section within the Endpoint Protector Console. - -**Step 2 –** Create a new **Denylist entry**. - -**Step 3 –** In the **Application Name field**, specify the WSL application you want to control. -This could be: - -- `wsl *` – This wildcard entry will match all WSL applications. -- `wsl.exe` – This entry will specifically target the `wsl.exe` executable. -- `wsl.exe --help` – This entry will target the specific command `wsl.exe --help`. -- `wsl --list`– This entry will target the `wsl --list` command. - -**NOTE:** Endpoint Protector Client cannot directly control the usage of WSL Bash command-line tools -on Windows. diff --git a/docs/endpointprotector/5.9.4.2/install/configuration/_category_.json b/docs/endpointprotector/5.9.4.2/install/configuration/_category_.json new file mode 100644 index 0000000000..c7d653c9d5 --- /dev/null +++ b/docs/endpointprotector/5.9.4.2/install/configuration/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Cloud Services", + "position": 20, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/endpointprotector/5.9.4.2/install/configuration/amazon/_category_.json b/docs/endpointprotector/5.9.4.2/install/configuration/amazon/_category_.json new file mode 100644 index 0000000000..dd3a82a4e2 --- /dev/null +++ b/docs/endpointprotector/5.9.4.2/install/configuration/amazon/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Amazon Web Services", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "amazon" + } +} \ No newline at end of file diff --git a/docs/endpointprotector/5.9.4.2/configuration/amazonwebservices/amazon.md b/docs/endpointprotector/5.9.4.2/install/configuration/amazon/amazon.md similarity index 92% rename from docs/endpointprotector/5.9.4.2/configuration/amazonwebservices/amazon.md rename to docs/endpointprotector/5.9.4.2/install/configuration/amazon/amazon.md index f2fd8f1200..7e32a40760 100644 --- a/docs/endpointprotector/5.9.4.2/configuration/amazonwebservices/amazon.md +++ b/docs/endpointprotector/5.9.4.2/install/configuration/amazon/amazon.md @@ -1,3 +1,9 @@ +--- +title: "Amazon Web Services" +description: "Amazon Web Services" +sidebar_position: 10 +--- + # Amazon Web Services In this section of our user guide, you will find comprehensive instructions for leveraging Endpoint diff --git a/docs/endpointprotector/5.9.4.2/configuration/amazonwebservices/awsdeployment.md b/docs/endpointprotector/5.9.4.2/install/configuration/amazon/awsdeployment.md similarity index 96% rename from docs/endpointprotector/5.9.4.2/configuration/amazonwebservices/awsdeployment.md rename to docs/endpointprotector/5.9.4.2/install/configuration/amazon/awsdeployment.md index 80a38ebdd2..d602d7a876 100644 --- a/docs/endpointprotector/5.9.4.2/configuration/amazonwebservices/awsdeployment.md +++ b/docs/endpointprotector/5.9.4.2/install/configuration/amazon/awsdeployment.md @@ -1,3 +1,9 @@ +--- +title: "Launching the EC2 Image" +description: "Launching the EC2 Image" +sidebar_position: 10 +--- + # Launching the EC2 Image As the Endpoint Protector image has already been shared with you, this process is similar to any diff --git a/docs/endpointprotector/5.9.4.2/configuration/amazonwebservices/awselasticip.md b/docs/endpointprotector/5.9.4.2/install/configuration/amazon/awselasticip.md similarity index 93% rename from docs/endpointprotector/5.9.4.2/configuration/amazonwebservices/awselasticip.md rename to docs/endpointprotector/5.9.4.2/install/configuration/amazon/awselasticip.md index 4dc6ee255d..18387099b4 100644 --- a/docs/endpointprotector/5.9.4.2/configuration/amazonwebservices/awselasticip.md +++ b/docs/endpointprotector/5.9.4.2/install/configuration/amazon/awselasticip.md @@ -1,3 +1,9 @@ +--- +title: "Requesting an Elastic IP" +description: "Requesting an Elastic IP" +sidebar_position: 20 +--- + # Requesting an Elastic IP This step is required so the Endpoint Protector Clients can communicate with the same IP Address in diff --git a/docs/endpointprotector/5.9.4.2/install/configuration/googlecloudplatform/_category_.json b/docs/endpointprotector/5.9.4.2/install/configuration/googlecloudplatform/_category_.json new file mode 100644 index 0000000000..b207d72838 --- /dev/null +++ b/docs/endpointprotector/5.9.4.2/install/configuration/googlecloudplatform/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Google Cloud Platform", + "position": 20, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "googlecloudplatform" + } +} \ No newline at end of file diff --git a/docs/endpointprotector/5.9.4.2/configuration/googlecloudplatform/gcpdeployment.md b/docs/endpointprotector/5.9.4.2/install/configuration/googlecloudplatform/gcpdeployment.md similarity index 94% rename from docs/endpointprotector/5.9.4.2/configuration/googlecloudplatform/gcpdeployment.md rename to docs/endpointprotector/5.9.4.2/install/configuration/googlecloudplatform/gcpdeployment.md index 569092e5f4..fe9d6cee9a 100644 --- a/docs/endpointprotector/5.9.4.2/configuration/googlecloudplatform/gcpdeployment.md +++ b/docs/endpointprotector/5.9.4.2/install/configuration/googlecloudplatform/gcpdeployment.md @@ -1,3 +1,9 @@ +--- +title: "Launching on Google Cloud Platform" +description: "Launching on Google Cloud Platform" +sidebar_position: 10 +--- + # Launching on Google Cloud Platform Once the Endpoint Protector Image becomes accessible in the Google Cloud Platform images list, diff --git a/docs/endpointprotector/5.9.4.2/configuration/googlecloudplatform/googlecloudplatform.md b/docs/endpointprotector/5.9.4.2/install/configuration/googlecloudplatform/googlecloudplatform.md similarity index 97% rename from docs/endpointprotector/5.9.4.2/configuration/googlecloudplatform/googlecloudplatform.md rename to docs/endpointprotector/5.9.4.2/install/configuration/googlecloudplatform/googlecloudplatform.md index 62391feec9..aa976858aa 100644 --- a/docs/endpointprotector/5.9.4.2/configuration/googlecloudplatform/googlecloudplatform.md +++ b/docs/endpointprotector/5.9.4.2/install/configuration/googlecloudplatform/googlecloudplatform.md @@ -1,3 +1,9 @@ +--- +title: "Google Cloud Platform" +description: "Google Cloud Platform" +sidebar_position: 20 +--- + # Google Cloud Platform In this section, we outline the integration of Endpoint Protector into your Google Cloud Platform diff --git a/docs/endpointprotector/5.9.4.2/install/configuration/microsoftazure/_category_.json b/docs/endpointprotector/5.9.4.2/install/configuration/microsoftazure/_category_.json new file mode 100644 index 0000000000..fe0a38561c --- /dev/null +++ b/docs/endpointprotector/5.9.4.2/install/configuration/microsoftazure/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Microsoft Azure", + "position": 30, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "microsoftazure" + } +} \ No newline at end of file diff --git a/docs/endpointprotector/5.9.4.2/configuration/azure/azuredeployment.md b/docs/endpointprotector/5.9.4.2/install/configuration/microsoftazure/azuredeployment.md similarity index 95% rename from docs/endpointprotector/5.9.4.2/configuration/azure/azuredeployment.md rename to docs/endpointprotector/5.9.4.2/install/configuration/microsoftazure/azuredeployment.md index 1651ef3c40..0d5181fc75 100644 --- a/docs/endpointprotector/5.9.4.2/configuration/azure/azuredeployment.md +++ b/docs/endpointprotector/5.9.4.2/install/configuration/microsoftazure/azuredeployment.md @@ -1,3 +1,9 @@ +--- +title: "Launching VM for Azure Deployment" +description: "Launching VM for Azure Deployment" +sidebar_position: 10 +--- + # Launching VM for Azure Deployment To have access to the Virtual Machine, contact your Endpoint Protector Representative and provide diff --git a/docs/endpointprotector/5.9.4.2/configuration/azure/creatingdisk.md b/docs/endpointprotector/5.9.4.2/install/configuration/microsoftazure/creatingdisk.md similarity index 97% rename from docs/endpointprotector/5.9.4.2/configuration/azure/creatingdisk.md rename to docs/endpointprotector/5.9.4.2/install/configuration/microsoftazure/creatingdisk.md index 62610052bf..d352134adf 100644 --- a/docs/endpointprotector/5.9.4.2/configuration/azure/creatingdisk.md +++ b/docs/endpointprotector/5.9.4.2/install/configuration/microsoftazure/creatingdisk.md @@ -1,3 +1,9 @@ +--- +title: "Creating the Disk" +description: "Creating the Disk" +sidebar_position: 20 +--- + # Creating the Disk Before starting the Endpoint Protector Virtual Machine, you have to prepare a disk and a Virtual diff --git a/docs/endpointprotector/5.9.4.2/configuration/azure/microsoftazure.md b/docs/endpointprotector/5.9.4.2/install/configuration/microsoftazure/microsoftazure.md similarity index 83% rename from docs/endpointprotector/5.9.4.2/configuration/azure/microsoftazure.md rename to docs/endpointprotector/5.9.4.2/install/configuration/microsoftazure/microsoftazure.md index 2b5c487f11..67bba6e862 100644 --- a/docs/endpointprotector/5.9.4.2/configuration/azure/microsoftazure.md +++ b/docs/endpointprotector/5.9.4.2/install/configuration/microsoftazure/microsoftazure.md @@ -1,3 +1,9 @@ +--- +title: "Microsoft Azure" +description: "Microsoft Azure" +sidebar_position: 30 +--- + # Microsoft Azure This section explores the integration of Endpoint Protector into your Azure environment. Although diff --git a/docs/endpointprotector/5.9.4.2/configuration/azure/virtualmachine.md b/docs/endpointprotector/5.9.4.2/install/configuration/microsoftazure/virtualmachine.md similarity index 94% rename from docs/endpointprotector/5.9.4.2/configuration/azure/virtualmachine.md rename to docs/endpointprotector/5.9.4.2/install/configuration/microsoftazure/virtualmachine.md index 48573be075..a3db866152 100644 --- a/docs/endpointprotector/5.9.4.2/configuration/azure/virtualmachine.md +++ b/docs/endpointprotector/5.9.4.2/install/configuration/microsoftazure/virtualmachine.md @@ -1,3 +1,9 @@ +--- +title: "Creating the Virtual Machine" +description: "Creating the Virtual Machine" +sidebar_position: 30 +--- + # Creating the Virtual Machine To start the Endpoint Protector Virtual Machine in Azure, follow these steps: diff --git a/docs/endpointprotector/5.9.4.2/install/configuration/overview.md b/docs/endpointprotector/5.9.4.2/install/configuration/overview.md new file mode 100644 index 0000000000..56f0bbd54a --- /dev/null +++ b/docs/endpointprotector/5.9.4.2/install/configuration/overview.md @@ -0,0 +1,27 @@ +--- +title: "Cloud Services" +description: "Cloud Services" +sidebar_position: 20 +--- + +# Cloud Services + +This User Guide offers brief guidance on utilizing the Netwrix Endpoint Protector Server in Amazon +Web Services (AWS), Google Cloud Platform (GCP), and Azure. It does not provide a step-by-step guide +for creating AWS or GCP accounts. It is assumed that the reader already has these accounts set up +and understands the basics of these third-party services, with responsibilities falling to each +respective administrator. + +- Amazon Web Services - the Endpoint Protector AMI is provided as an Amazon EC2 instance +- Google Cloud Platform - the Endpoint Protector image is provided as a \*.tar.gz. +- Azure - the Endpoint Protector image will be uploaded into your account. + +## Licensing + +Endpoint Protector is a Bring Your License (BYOL) Instance. This means that you are paying Amazon +(AWS) / Google (GCP) / Microsoft (Azure) for running the instance and then importing the license +previously purchased from Netwrix or any Endpoint Protector Partner. + +The price of the Endpoint Protector Licenses with AWS, GCP, or Azure is the same as licensing the +Endpoint Protector Virtual Appliance. To purchase a license please contact your Endpoint Protector +Representative or [sales@netwrix.com](mailto:sales@cososys.com). diff --git a/docs/endpointprotector/5.9.4.2/install/intune/_category_.json b/docs/endpointprotector/5.9.4.2/install/intune/_category_.json new file mode 100644 index 0000000000..b02dbbcc66 --- /dev/null +++ b/docs/endpointprotector/5.9.4.2/install/intune/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Microsoft Intune", + "position": 50, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/endpointprotector/5.9.4.2/install/agent/intune/macosdeployment.md b/docs/endpointprotector/5.9.4.2/install/intune/macosdeployment.md similarity index 97% rename from docs/endpointprotector/5.9.4.2/install/agent/intune/macosdeployment.md rename to docs/endpointprotector/5.9.4.2/install/intune/macosdeployment.md index b9d39c7cd1..0cdea90cce 100644 --- a/docs/endpointprotector/5.9.4.2/install/agent/intune/macosdeployment.md +++ b/docs/endpointprotector/5.9.4.2/install/intune/macosdeployment.md @@ -1,3 +1,9 @@ +--- +title: "macOS Deployment" +description: "macOS Deployment" +sidebar_position: 20 +--- + # macOS Deployment To deploy the Endpoint Protector package for macOS using Intune, follow these steps: diff --git a/docs/endpointprotector/5.9.4.2/install/intune/overview.md b/docs/endpointprotector/5.9.4.2/install/intune/overview.md new file mode 100644 index 0000000000..ee631c2fcd --- /dev/null +++ b/docs/endpointprotector/5.9.4.2/install/intune/overview.md @@ -0,0 +1,15 @@ +--- +title: "Microsoft Intune" +description: "Microsoft Intune" +sidebar_position: 50 +--- + +# Microsoft Intune + +This guide describes the steps needed to deploy Netwrix Endpoint Protector to multiple endpoints +using the MSI application in Microsoft Intune. Microsoft Intune is a cloud-based service focusing on +mobile device management (MDM) and mobile application management (MAM). + +**NOTE:** This document serves as an optional reference for Microsoft Intune (currently known as +Microsoft Endpoint Manager). It is not regularly updated and may not align with the current version +of the product. Please refer to the official resources for the most up-to-date information. diff --git a/docs/endpointprotector/5.9.4.2/install/agent/intune/windowsdeployment.md b/docs/endpointprotector/5.9.4.2/install/intune/windowsdeployment.md similarity index 96% rename from docs/endpointprotector/5.9.4.2/install/agent/intune/windowsdeployment.md rename to docs/endpointprotector/5.9.4.2/install/intune/windowsdeployment.md index 99aab126b5..2ccb7aacd5 100644 --- a/docs/endpointprotector/5.9.4.2/install/agent/intune/windowsdeployment.md +++ b/docs/endpointprotector/5.9.4.2/install/intune/windowsdeployment.md @@ -1,3 +1,9 @@ +--- +title: "Windows Deployment" +description: "Windows Deployment" +sidebar_position: 10 +--- + # Windows Deployment To deploy the Endpoint Protector MSI package for Windows using Intune, follow these steps: diff --git a/docs/endpointprotector/5.9.4.2/install/jamf/_category_.json b/docs/endpointprotector/5.9.4.2/install/jamf/_category_.json new file mode 100644 index 0000000000..b53320eb05 --- /dev/null +++ b/docs/endpointprotector/5.9.4.2/install/jamf/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Jamf", + "position": 40, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/endpointprotector/5.9.4.2/install/jamf/configuration.md b/docs/endpointprotector/5.9.4.2/install/jamf/configuration.md new file mode 100644 index 0000000000..7582e930a7 --- /dev/null +++ b/docs/endpointprotector/5.9.4.2/install/jamf/configuration.md @@ -0,0 +1,230 @@ +--- +title: "Creating the Configuration Profile" +description: "Creating the Configuration Profile" +sidebar_position: 10 +--- + +# Creating the Configuration Profile + +In order to use Jamf, first, you need to create a new configuration profile. To do so, follow these +steps: + +**Step 1 –** Open the Jamf Pro account and log in using your credentials. + +**Step 2 –** In your Jamf account, from the main navigation bar click **Computer**, and then from +the left sidebar menu, select **Configuration Profiles**. + +**Step 3 –** To create a new configuration profile, in the upper right, above the table with +available configuration profiles, click **+New**. + +![Creating a New configuration Profile](/img/product_docs/endpointprotector/5.9.4.2/install/agent/jamf/configurationprofile.webp) + +On the New macOS Configuration Profile section, you can manage profile settings and select the +devices and users to which you want to deploy the profile. + +**NOTE:** Click **Save** only once you have managed all settings and the profile scope. + +## General Settings + +On the default General section, enter the following information: + +- Name – enter a name to use for this configuration profile. +- Description (optional) – add a description that details the purpose of the configuration profile. + +You can continue with the default settings for the category, level, and distribution method fields. + +![Completing information on the general section](/img/product_docs/endpointprotector/5.9.4.2/install/agent/jamf/generalsettings.webp) + +## Certificate Settings + +You will add the Client CA Certificate in .cer format on the Certificate settings section. + +**NOTE:** This step is not required if you are not using Deep Package Inspection. To continue the +process, go to the Privacy Preferences Policy Control section. + +**Step 1 –** Log in to Endpoint Protector Server, go to the System Configuration section, and then +select **System Settings**. + +**Step 2 –** On the Default System Settings section, enable Deep Packet Inspection Certificate and +then download Client CA Certificate – the downloaded .zip file contains the .cer and .crt client +certifications. + +![Enabling Deep Packet Inspection Certificate and then downloading Client CA Certificate](/img/product_docs/endpointprotector/5.9.4.2/install/agent/jamf/dpicertificate.webp) + +**Step 3 –** Go to Jamf, the Certificate section, and click **Configure**. + +**Step 4 –** Enter a Certificate name and then select and upload the downloaded Client CA +Certificate in .cer format. + +![Entering the required information on New macOS Configuration Profile](/img/product_docs/endpointprotector/5.9.4.2/install/agent/jamf/macosconfiguration.webp) + +## Privacy Preferences Policy Control Settings + +On the Privacy Preferences Policy Control section, click **Configure** and then enter the following +information: + +- Identifier - `com.cososys.eppclient`. +- Identifier Type – go with the default Bundle ID type. +- Code Requirement + +`anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = TV3T7A76P4`. + +**NOTE:** Use the Terminal Editor to verify there are no formatting alterations before executing +this command line. + +- Select the **Validate the Static Code Requirement** check-box. +- Click **Add** and **Save** to allow access to SystemPolicyAllFiles and Accessibility services. + +![Configuring Privacy Peferences Policy Control](/img/product_docs/endpointprotector/5.9.4.2/install/agent/jamf/privacypreferences.webp) + +## Allow EppNotifier Settings + +On the Privacy Preferences Policy Control section, click the **+ icon** to add a new policy and then +enter the following information: + +Identifier - `com.cososys.eppclient.notifier` + +Identifier Type – go with the default Bundle ID type. + +Code Requirement + +`anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = TV3T7A76P4`. + +**NOTE:** Use the Terminal Editor to verify there are no formatting alterations before executing +this command line. + +- Select the **Validate the Static Code Requirement** check-box. +- Click **Add** and then **Save** to allow access to Accessibility services. + +![Configuring EPPNotifier Settings](/img/product_docs/endpointprotector/5.9.4.2/install/agent/jamf/eppnotifer.webp) + +## Enforced Encryption Settings + +On the Privacy Preferences Policy Control section, click the **+ icon** to add a new policy and then +enter the following information: + +Identifier – `com.cososys.easylock`. + +Identifier Type – go with the default Bundle ID type. + +Code Requirement + +`anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = TV3T7A76P4`. + +**NOTE:** Use the Terminal Editor to verify there are no formatting alterations before executing +this command line. + +- Select the **Validate the Static Code Requirement** check-box. +- Click **Add** and then **Save** to allow access to SystemPolicyAllFiles and Accessibility + services. + +![Configuring Enforced Encryption settings](/img/product_docs/endpointprotector/5.9.4.2/install/agent/jamf/enforcedencryption.webp) + +## System Extension Settings + +### Allow System Extensions + +On the System Extension section, click **Configure** and then enter the following information: + +- Display Name (optional) - enter a name to use for this configuration. +- System Extension Type - select **Allow System Extension type**. +- Team Identifier - `TV3T7A76P4`. +- Allowed System Extensions – click **Add**, enter `com.cososys.eppclient`, and then **Save** the + changes. + +![Allowing System Extensions ](/img/product_docs/endpointprotector/5.9.4.2/install/agent/jamf/systemextensions.webp) + +**NOTE:** For operating systems lower than macOS 11 (Big Sur), manage settings from the Approved +Kernel Extensions section instead of System Extensions. Define the Team ID (enter TV3T7A76P4) and +proceed to the next step. + +### Removable System Extensions + +On the System Extension section, click the **+ icon** to add a new policy that will allow removing +system extensions without a pop-up, and then enter the following information: + +- Display Name (optional) - enter a name to use for this configuration. +- System Extension Type - select **Removable System Extensions** type. +- Team Identifier - `TV3T7A76P4`. +- Allowed System Extensions – click **Add**, enter `com.cososys.eppclient`, and then **Save** the + changes. + +**NOTE:** This setting will be applied starting with MacOS 12 version (Monterey). + +![Adding a new policy that will allow the removing of system extensions](/img/product_docs/endpointprotector/5.9.4.2/install/agent/jamf/removeableextensions.webp) + +### Managed Login Items + +Administrators can quickly disable Endpoint Protector Items in Jamf Configuration Profiles with +Ventura's (macOS 13) new capability. This can be accomplished by taking the following steps: + +**Step 5 –** Log in to your Jamf account. + +**Step 6 –** Click **Computer** from the main navigation bar. + +**Step 7 –** Select **Configuration Profiles** from the sidebar menu on the left. + +**Step 8 –** Click **New** in the upper right-hand corner. + +**Step 9 –** On the left, under the Options box, select **Managed Logged In Items**. + +Endpoint Protector Items can be simply disabled in your Jamf Configuration Profiles from here. +Simply uncheck the box next to the Endpoint ProtectorItem(s) you want to disable, and then click +**Save** to save your changes. + +**NOTE:** Disabling Endpoint Protector Items may have an impact on the security of your system. Only +disable these items if you are positive it is essential and you have taken every precaution +necessary to keep your system secure. + +## VPN Settings + +**NOTE:** This step is not required if you are not using VPN services. To continue the process, go +to the Scope section. + +On the VPN section, click **Configure** and then enter the following information: + +- Connection Name – enter a connection name that will be displayed on the device. +- VPN Type – select **Per-App VPN** type. +- Per-App VPN Connection Type – select **Custom SSL connection** type. +- Identifier – com.cososys.eppclient.daemon. +- Server – localhost. +- Provider Bundle Identifier – com.cososys.eppclient.daemon. +- Provider Type – select **App-proxy** type. +- Select the **Include All Networks** check-box. +- Provider Designated Requirement + +`anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = TV3T7A76P4` + +**NOTE:** Use the Terminal Editor to verify there are no formatting alterations before executing +this command line. + +- Select the **Prohibit users from disabling on-demand VPN settings** check-box. + +![First section to configuring VPN settings](/img/product_docs/endpointprotector/5.9.4.2/install/agent/jamf/vpnsettings.webp) + +![Second section to configuring VPN settings](/img/product_docs/endpointprotector/5.9.4.2/install/agent/jamf/vpnconfiguration.webp) + +## Notifications Settings + +**NOTE:** This step is optional. To continue the process, go to the Scope section. + +On the Notifications section, click **Configure** and then enter the following information: + +- App Name - `EppNotifier`. +- Bundle ID - `com.cososys.eppclient.notifier`. +- Toggle the switch to include the settings type and then disable/enable to manage each notification + option. + +![Optional Notifiaction Settings](/img/product_docs/endpointprotector/5.9.4.2/install/agent/jamf/notificationsettings.webp) + +## Scope + +Once you manage all settings, go to the Scope tab and select the devices and users to deploy the new +profile. + +Click **Save** to apply all settings to the new configuration profile. + +**NOTE:** To confirm that the new configuration profile is saved successfully, reboot your computer +at this point. + +![Selecting Devices and Users to deploy to the new profile.](/img/product_docs/endpointprotector/5.9.4.2/install/agent/jamf/scope.webp) diff --git a/docs/endpointprotector/5.9.4.2/install/agent/jamf/creatingpolicy.md b/docs/endpointprotector/5.9.4.2/install/jamf/creatingpolicy.md similarity index 95% rename from docs/endpointprotector/5.9.4.2/install/agent/jamf/creatingpolicy.md rename to docs/endpointprotector/5.9.4.2/install/jamf/creatingpolicy.md index 47d4ac5d1f..f0c5a628f4 100644 --- a/docs/endpointprotector/5.9.4.2/install/agent/jamf/creatingpolicy.md +++ b/docs/endpointprotector/5.9.4.2/install/jamf/creatingpolicy.md @@ -1,3 +1,9 @@ +--- +title: "Creating the Policy" +description: "Creating the Policy" +sidebar_position: 30 +--- + # Creating the Policy Once the script and package are successfully uploaded, you need to create a new Jamf policy. To diff --git a/docs/endpointprotector/5.9.4.2/install/jamf/overview.md b/docs/endpointprotector/5.9.4.2/install/jamf/overview.md new file mode 100644 index 0000000000..17b786446c --- /dev/null +++ b/docs/endpointprotector/5.9.4.2/install/jamf/overview.md @@ -0,0 +1,21 @@ +--- +title: "Jamf" +description: "Jamf" +sidebar_position: 40 +--- + +# Jamf + +Since the release of macOS 11.0 (Big Sur), significant changes have been made regarding system +extensions that now allow deploying endpoint security solutions without kernel-level access. + +This affects the deployment of the Netwrix Endpoint Protector Client on all Macs that are using 11.0 +operating systems or later. Companies can use third-party deployment tools such as Jamf as well as +other alternatives. + +This user guide aims to explain how to use Jamf in order to deploy Endpoint Protector on multiple +endpoints. + +**NOTE:** This is an optional document for Jamf. It is not kept up-to-date with product changes and +may not accurately represent the current interface or features. For the latest information, consult +the official resources from the product vendor. diff --git a/docs/endpointprotector/5.9.4.2/install/agent/jamf/scriptandpackage.md b/docs/endpointprotector/5.9.4.2/install/jamf/scriptandpackage.md similarity index 92% rename from docs/endpointprotector/5.9.4.2/install/agent/jamf/scriptandpackage.md rename to docs/endpointprotector/5.9.4.2/install/jamf/scriptandpackage.md index e2215f9c8f..c12924036d 100644 --- a/docs/endpointprotector/5.9.4.2/install/agent/jamf/scriptandpackage.md +++ b/docs/endpointprotector/5.9.4.2/install/jamf/scriptandpackage.md @@ -1,3 +1,9 @@ +--- +title: "Uploading the Script and Package" +description: "Uploading the Script and Package" +sidebar_position: 20 +--- + # Uploading the Script and Package To deploy the Endpoint Protector Client, upload the `EndpointProtector.pkg` package along with the diff --git a/docs/endpointprotector/5.9.4.2/install/overview.md b/docs/endpointprotector/5.9.4.2/install/overview.md index 154d1a1f91..4c01f84036 100644 --- a/docs/endpointprotector/5.9.4.2/install/overview.md +++ b/docs/endpointprotector/5.9.4.2/install/overview.md @@ -1,3 +1,9 @@ +--- +title: "Deployments" +description: "Deployments" +sidebar_position: 30 +--- + # Deployments This documentation provides comprehensive guidance on deploying Endpoint Protector across various @@ -26,8 +32,8 @@ The On-Premise option for a Customer-Managed instance allows for a virtualized i a customer’s LAN setting. Virtualization options include, but are not limited to: VMware and Hyper-V. The Hosted-Cloud method of deployment allows for use of a customer’s Amazon Web Services (AWS), Azure, or Google Cloud Platform (GCP) instance. To obtain more specific information for each -of these options, see the [Virtual Appliance Formats](/docs/endpointprotector/5.9.4.2/requirements/formats.md) topic and the -[Cloud Services](/docs/endpointprotector/5.9.4.2/configuration/overview.md) topic. +of these options, see the [Virtual Appliance Formats](/docs/endpointprotector/5.9.4.2/install/virtualappliance/formats/formats.md) topic and the +[Cloud Services](/docs/endpointprotector/5.9.4.2/install/configuration/overview.md) topic. Alternatively, if a Provider-Managed setup is required, an instance of Endpoint Protector can be spun up in an isolated cloud environment. To obtain more details on the Provider- Managed option, diff --git a/docs/endpointprotector/5.9.4.2/admin/updates.md b/docs/endpointprotector/5.9.4.2/install/updates.md similarity index 89% rename from docs/endpointprotector/5.9.4.2/admin/updates.md rename to docs/endpointprotector/5.9.4.2/install/updates.md index ccfee8f96a..1f0b908882 100644 --- a/docs/endpointprotector/5.9.4.2/admin/updates.md +++ b/docs/endpointprotector/5.9.4.2/install/updates.md @@ -1,3 +1,9 @@ +--- +title: "Updates" +description: "Updates" +sidebar_position: 60 +--- + # Updates Endpoint Protector updates are available through the Live Update or Offline Patches features. The diff --git a/docs/endpointprotector/5.9.4.2/install/virtualappliance/_category_.json b/docs/endpointprotector/5.9.4.2/install/virtualappliance/_category_.json new file mode 100644 index 0000000000..0080d9a8f5 --- /dev/null +++ b/docs/endpointprotector/5.9.4.2/install/virtualappliance/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Virtual Appliance", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "virtualappliance" + } +} \ No newline at end of file diff --git a/docs/endpointprotector/5.9.4.2/install/virtualappliance/formats/_category_.json b/docs/endpointprotector/5.9.4.2/install/virtualappliance/formats/_category_.json new file mode 100644 index 0000000000..37e5d040ca --- /dev/null +++ b/docs/endpointprotector/5.9.4.2/install/virtualappliance/formats/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Virtual Appliance Formats", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "formats" + } +} \ No newline at end of file diff --git a/docs/endpointprotector/5.9.4.2/install/citrixxenserver.md b/docs/endpointprotector/5.9.4.2/install/virtualappliance/formats/citrixxenserver.md similarity index 95% rename from docs/endpointprotector/5.9.4.2/install/citrixxenserver.md rename to docs/endpointprotector/5.9.4.2/install/virtualappliance/formats/citrixxenserver.md index 6462394b9a..139352e0b2 100644 --- a/docs/endpointprotector/5.9.4.2/install/citrixxenserver.md +++ b/docs/endpointprotector/5.9.4.2/install/virtualappliance/formats/citrixxenserver.md @@ -1,3 +1,9 @@ +--- +title: "Citrix XenServer" +description: "Citrix XenServer" +sidebar_position: 40 +--- + # Citrix XenServer Citrix XenServer facilitates the import of virtual appliances using the OVF format, catering to diff --git a/docs/endpointprotector/5.9.4.2/requirements/formats.md b/docs/endpointprotector/5.9.4.2/install/virtualappliance/formats/formats.md similarity index 94% rename from docs/endpointprotector/5.9.4.2/requirements/formats.md rename to docs/endpointprotector/5.9.4.2/install/virtualappliance/formats/formats.md index 2e09419f50..057e44a6dd 100644 --- a/docs/endpointprotector/5.9.4.2/requirements/formats.md +++ b/docs/endpointprotector/5.9.4.2/install/virtualappliance/formats/formats.md @@ -1,3 +1,9 @@ +--- +title: "Virtual Appliance Formats" +description: "Virtual Appliance Formats" +sidebar_position: 10 +--- + # Virtual Appliance Formats The Endpoint Protector Virtual Appliance is available in different formats and for various diff --git a/docs/endpointprotector/5.9.4.2/install/hypervtools.md b/docs/endpointprotector/5.9.4.2/install/virtualappliance/formats/hypervtools.md similarity index 97% rename from docs/endpointprotector/5.9.4.2/install/hypervtools.md rename to docs/endpointprotector/5.9.4.2/install/virtualappliance/formats/hypervtools.md index 57854d0d01..42869f4110 100644 --- a/docs/endpointprotector/5.9.4.2/install/hypervtools.md +++ b/docs/endpointprotector/5.9.4.2/install/virtualappliance/formats/hypervtools.md @@ -1,3 +1,9 @@ +--- +title: "Hyper-V" +description: "Hyper-V" +sidebar_position: 20 +--- + # Hyper-V Hyper-V Tools utilize the VHD format for virtualization, ensuring seamless integration with diff --git a/docs/endpointprotector/5.9.4.2/install/oraclevm.md b/docs/endpointprotector/5.9.4.2/install/virtualappliance/formats/oraclevm.md similarity index 94% rename from docs/endpointprotector/5.9.4.2/install/oraclevm.md rename to docs/endpointprotector/5.9.4.2/install/virtualappliance/formats/oraclevm.md index 327e56a7e6..7ee113545c 100644 --- a/docs/endpointprotector/5.9.4.2/install/oraclevm.md +++ b/docs/endpointprotector/5.9.4.2/install/virtualappliance/formats/oraclevm.md @@ -1,3 +1,9 @@ +--- +title: "Oracle VM VirtualBox" +description: "Oracle VM VirtualBox" +sidebar_position: 30 +--- + # Oracle VM VirtualBox Oracle VM VirtualBox supports the OVF format for deploying virtual appliances, offering a diff --git a/docs/endpointprotector/5.9.4.2/install/vmwaretools.md b/docs/endpointprotector/5.9.4.2/install/virtualappliance/formats/vmwaretools.md similarity index 98% rename from docs/endpointprotector/5.9.4.2/install/vmwaretools.md rename to docs/endpointprotector/5.9.4.2/install/virtualappliance/formats/vmwaretools.md index 28ce6f1726..887d137dc3 100644 --- a/docs/endpointprotector/5.9.4.2/install/vmwaretools.md +++ b/docs/endpointprotector/5.9.4.2/install/virtualappliance/formats/vmwaretools.md @@ -1,3 +1,9 @@ +--- +title: "VMware" +description: "VMware" +sidebar_position: 10 +--- + # VMware VMware Tools support a variety of formats such as OVF, OVA, and VMX for deploying the Endpoint diff --git a/docs/endpointprotector/5.9.4.2/install/setupwizard.md b/docs/endpointprotector/5.9.4.2/install/virtualappliance/setupwizard.md similarity index 96% rename from docs/endpointprotector/5.9.4.2/install/setupwizard.md rename to docs/endpointprotector/5.9.4.2/install/virtualappliance/setupwizard.md index e5d98ee2ce..f1f1d75ad7 100644 --- a/docs/endpointprotector/5.9.4.2/install/setupwizard.md +++ b/docs/endpointprotector/5.9.4.2/install/virtualappliance/setupwizard.md @@ -1,3 +1,9 @@ +--- +title: "Setup Wizard" +description: "Setup Wizard" +sidebar_position: 20 +--- + # Setup Wizard The Endpoint Protector Appliance requires incoming traffic for ports 443 inbound to be whitelisted diff --git a/docs/endpointprotector/5.9.4.2/install/virtualappliance.md b/docs/endpointprotector/5.9.4.2/install/virtualappliance/virtualappliance.md similarity index 89% rename from docs/endpointprotector/5.9.4.2/install/virtualappliance.md rename to docs/endpointprotector/5.9.4.2/install/virtualappliance/virtualappliance.md index b0c305ea32..2ead80c035 100644 --- a/docs/endpointprotector/5.9.4.2/install/virtualappliance.md +++ b/docs/endpointprotector/5.9.4.2/install/virtualappliance/virtualappliance.md @@ -1,3 +1,9 @@ +--- +title: "Virtual Appliance" +description: "Virtual Appliance" +sidebar_position: 10 +--- + # Virtual Appliance Welcome to the Endpoint Protector Virtual Appliance Guide, your comprehensive resource for diff --git a/docs/endpointprotector/5.9.4.2/overview.md b/docs/endpointprotector/5.9.4.2/overview.md deleted file mode 100644 index 19523bf689..0000000000 --- a/docs/endpointprotector/5.9.4.2/overview.md +++ /dev/null @@ -1,29 +0,0 @@ -# Netwrix Endpoint Protector v5.9.4 - -Netwrix Endpoint Protector is a comprehensive Data Loss Prevention (DLP) solution designed to -safeguard endpoint systems from data ex-filtration and loss. In today's interconnected world, where -portable storage devices and internet connectivity are ubiquitous, the risk of data theft and -accidental loss is ever-present. - -Traditional network security measures often struggle to prevent data breaches originating from -endpoints such as laptops, desktops, and servers. Endpoint Protector addresses this challenge with a -robust suite of features including Device Control, Content Aware Protection, eDiscovery, and -Enforced Encryption. - -Device Control empowers organizations to manage and monitor all device activities at the endpoint, -ensuring that sensitive data remains protected from unauthorized access or transfer. Content Aware -Protection extends this security by scanning and detecting sensitive content at all potential exit -points, whether it is being copied to external devices or transmitted over the internet. - -Moreover, Endpoint Protector facilitates compliance with regulatory standards such as PCI-DSS, -HIPAA, and GDPR through predefined discovery patterns and response strategies. It caters to diverse -organizational needs, from protecting intellectual property and client lists to ensuring compliance -with industry-specific regulations. - -With Endpoint Protector, administrators gain a centralized, web-based interface for seamless -management and enforcement of security policies across all endpoints. Whether preventing accidental -data leakage or mitigating risks from insider threats, Endpoint Protector offers essential tools to -safeguard critical business data. - -The subsequent sections will detail the deployment, setup, and configuration steps necessary to -implement Endpoint Protector and begin protecting your endpoints against data breaches effectively. diff --git a/docs/endpointprotector/5.9.4.2/overview/_category_.json b/docs/endpointprotector/5.9.4.2/overview/_category_.json new file mode 100644 index 0000000000..18c23a2b70 --- /dev/null +++ b/docs/endpointprotector/5.9.4.2/overview/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Netwrix Endpoint Protector v5.9.4", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/endpointprotector/5.9.4.2/overview/gettingstarted.md b/docs/endpointprotector/5.9.4.2/overview/gettingstarted.md new file mode 100644 index 0000000000..b69093f51a --- /dev/null +++ b/docs/endpointprotector/5.9.4.2/overview/gettingstarted.md @@ -0,0 +1,160 @@ +--- +title: "Getting Started" +description: "Getting Started" +sidebar_position: 10 +--- + +# Getting Started + +Welcome to Netwrix Endpoint Protector, your solution for securing endpoint data. With features like +Device Control, Content Aware Protection, eDiscovery, and Enforced Encryption, Endpoint Protector +safeguards against data breaches from a wide range of endpoints, including portable storage devices +such as USB flash drives, external HDDs, digital cameras, MP3 players, and iPods. These devices are +seamlessly connected to Windows, Mac, or Linux computers, increasing the risk of data theft or +accidental loss. Ensure compliance and protect sensitive information with our user-friendly +platform. + +## System Requirements + +Before starting, ensure that your environment meets the following requirements: + +- Operating Systems: Windows, macOS, Linux +- Disk Space: Sufficient for agent installation +- Network: Access to Endpoint Protector Server + +See the [Requirements](/docs/endpointprotector/5.9.4.2/requirements/overview.md) topic for additional information. + +## Staging the Server + +- Access the Endpoint Protector Management Console: + + - Access the appliance using the IP address configured during the deployment process, which is + also visible on the backend console. + - Log in using your administrator credentials. + +See the [Server Functionality](/docs/endpointprotector/5.9.4.2/admin/systemdashboard.md) topic for additional information. + +## Managing Administrators + +- Administrator Accounts: + + - Create and manage administrator accounts with appropriate permissions under System + Configuration > System Administrators. + +See the [System Configuration](/docs/endpointprotector/5.9.4.2/admin/systemconfiguration/overview.md) topic for additional +Information. + +## Configuring Device Control + +- Create Device Control Policies: + + - Navigate to Device Control. + - Create Custom Policies to configure device access rules. + - Customize policies based on device types and access requirements. + +See the [Device Control](/docs/endpointprotector/5.9.4.2/admin/module/module.md) topic for additional information. + +## Configuring Content Aware Protection + +- Create Content Aware Policies: + + - Navigate to Content Aware Protection > Content Aware Policies. + - Create Custom Policies to define file monitoring and protection rules. + - Specify Denylists, Predefined Content, or Custom Content to identify sensitive data. + +See the [Content Aware Protection](/docs/endpointprotector/5.9.4.2/admin/module/module_1.md) topic for more +information. + +## Configuring an eDiscovery Scan + +- Setup eDiscovery Scans: + + - Navigate to eDiscovery > Policies and Scans. + - Create custom scan policies to identify sensitive data at rest on endpoint systems. + - Configure scan options and remediation actions (Encrypt, Decrypt, Delete). + +See the [eDiscovery](/docs/endpointprotector/5.9.4.2/admin/module.md) topic for additional more information. + +## Configuring the User Experience + +- Customize Netwrix Endpoint Protector Client Settings: + + - Navigate to Device Control > Client Settings. + - Configure Client Modes (Normal, Transparent, Stealth, etc.) and Notification Preferences. + +See the [Device Control](/docs/endpointprotector/5.9.4.2/admin/module/module.md) topic for more information. + +### Configuring User Remediation Settings + +- Setup User Remediation: + + - Navigate to System Parameters > User Remediation. + - Configure settings such as Time Interval for user actions and User Remediation Pop-up + notifications. + +See the [System Parameters](/docs/endpointprotector/5.9.4.2/admin/overview_6.md) topic for more information. + +### Setting Up Offline Temporary Password + +- Generate Offline Temporary Passwords: + + - Navigate to Offline Temporary Passwords. + - Generate passwords to provide temporary access rights when User Remediation is unavailable. + +See the [Offline Temporary Password](/docs/endpointprotector/5.9.4.2/admin/overview_1.md) topic for more +information. + +## Deploying Agents + +- Deploy Netwrix Endpoint Protector Agents: + + - Access System Configuration > Client Software. + - Download and deploy Endpoint Protector Client packages for Windows, macOS, and Linux systems. + - Utilize MDM software or other deployment tools for efficient agent deployment. + +See the [System Configuration](/docs/endpointprotector/5.9.4.2/admin/systemconfiguration/overview.md) topic for more information. + +## Blocking Content Aware Protection Policies + +- Transition to Blocking Policies: + + - Duplicate "Report Only" CAP policies and modify them to enforce restrictions. + - Activate blocking policies to prevent unauthorized data movements. + +See the [Content Aware Protection](/docs/endpointprotector/5.9.4.2/admin/module/module_1.md) topic for more +information. + +## Performing Remediation within eDiscovery + +- Implement Remediation Actions: + + - Review eDiscovery scan results under eDiscovery > Scan Results and Actions. + - Perform actions such as Encrypt, Decrypt, or Delete on identified sensitive data to mitigate + risks. + +See the +[eDiscovery Scan Result and Actions](/docs/endpointprotector/5.9.4.2/admin/module/module.md) +topic for more information. + +## Deploying Enforced Encryption + +- Automatic Deployment: + + - Go to Device Control > Global Rights. + - Enable Allow Access if Trusted Device™ Level 1+. + - Ensures automatic deployment of Enforced Encryption 2 on USB devices recognized as Trusted + Device™ Level 1. + +- Manual Deployment: + + - Download Enforced Encryption installer for Windows/macOS. + - Copy installer to USB root. + - Execute installer from USB to setup Enforced Encryption. + +- Configuration: + + - Set Master Password and user policies in Settings > Enforced Encryption. + - Monitoring Devices: + - Manage Enforced Encryption devices in Clients list section. + +See the [Enforced Encryption](/docs/endpointprotector/5.9.4.2/admin/module_1.md) topic for more information. diff --git a/docs/endpointprotector/5.9.4.2/overview/overview.md b/docs/endpointprotector/5.9.4.2/overview/overview.md new file mode 100644 index 0000000000..0a7cd59ee8 --- /dev/null +++ b/docs/endpointprotector/5.9.4.2/overview/overview.md @@ -0,0 +1,35 @@ +--- +title: "Netwrix Endpoint Protector v5.9.4" +description: "Netwrix Endpoint Protector v5.9.4" +sidebar_position: 10 +--- + +# Netwrix Endpoint Protector v5.9.4 + +Netwrix Endpoint Protector is a comprehensive Data Loss Prevention (DLP) solution designed to +safeguard endpoint systems from data ex-filtration and loss. In today's interconnected world, where +portable storage devices and internet connectivity are ubiquitous, the risk of data theft and +accidental loss is ever-present. + +Traditional network security measures often struggle to prevent data breaches originating from +endpoints such as laptops, desktops, and servers. Endpoint Protector addresses this challenge with a +robust suite of features including Device Control, Content Aware Protection, eDiscovery, and +Enforced Encryption. + +Device Control empowers organizations to manage and monitor all device activities at the endpoint, +ensuring that sensitive data remains protected from unauthorized access or transfer. Content Aware +Protection extends this security by scanning and detecting sensitive content at all potential exit +points, whether it is being copied to external devices or transmitted over the internet. + +Moreover, Endpoint Protector facilitates compliance with regulatory standards such as PCI-DSS, +HIPAA, and GDPR through predefined discovery patterns and response strategies. It caters to diverse +organizational needs, from protecting intellectual property and client lists to ensuring compliance +with industry-specific regulations. + +With Endpoint Protector, administrators gain a centralized, web-based interface for seamless +management and enforcement of security policies across all endpoints. Whether preventing accidental +data leakage or mitigating risks from insider threats, Endpoint Protector offers essential tools to +safeguard critical business data. + +The subsequent sections will detail the deployment, setup, and configuration steps necessary to +implement Endpoint Protector and begin protecting your endpoints against data breaches effectively. diff --git a/docs/endpointprotector/5.9.4.2/overview/whatsnew.md b/docs/endpointprotector/5.9.4.2/overview/whatsnew.md new file mode 100644 index 0000000000..5c8808fa7c --- /dev/null +++ b/docs/endpointprotector/5.9.4.2/overview/whatsnew.md @@ -0,0 +1,149 @@ +--- +title: "What's New" +description: "What's New" +sidebar_position: 20 +--- + +# What's New + +## New Netwrix Community! + +All Netwrix product announcements have moved to the new Netwrix Community. See announcements for +Netwrix Endpoint Protector in the +[Endpoint Protector](https://community.netwrix.com/c/endpoint-protector/announcements/106) area of +our new community. + +The following information highlights the new and enhanced features introduced in Netwrix Endpoint +Protector v5.9.4. + +## Endpoint Protector 5.9.4 + +This release includes the following: + +## Product Versions + +Versions of components provided with this release: + +- Server Version: 5.9.4.0 +- Windows Client: 6.2.3.1010 +- Mac Client: 3.0.3.1009 +- Linux Client: 2.4.3.1007 +- Enforced Encryption: 2.1.0.2 + +## General + +Netwrix Endpoint Protector Rebranding + +This release marks the beginning of a soft rebranding initiative for Netwrix Endpoint Protector, +which includes its Server, Client, and Enforced Encryption components. The purpose of this change is +to enhance visual consistency and align with Netwrix's overall branding strategy. + +New branding cover: + +• CoSoSys Endpoint Protector is now Netwrix Endpoint Protector + +![eppnetwrixbranding](/img/product_docs/endpointprotector/5.9.4.2/eppnetwrixbranding.webp) + +**NOTE:** All hardcoded e-mail addresses are not changed from CoSoSys.com domain to avoid +misconfiguration issues of any existing firewall filtering configuration. + +**NOTE:** Modules abbreviations are not changed. + +Customizable Sender Email Address for Alerts + +Administrators can now customize the "From" email address used in alert notifications by specifying +a preferred sender address in the Netwrix Endpoint Protector Server Alternative mail method +configuration. + +## Device Control (DC) + +Enhanced File Rename Tracking on MacOS + +You can now capture both source and destination file names during file renames on MacOS for complete +audit trails and accurate shadowing. + +## Content Aware Protection (CAP) + +Improved Browser Printing Monitoring + +Enhancements to Netwrix Endpoint Protector expand monitoring capabilities for web browser printing +beyond print spooler notifications, ensuring broader coverage across various printing methods and +printer types. This upgrade strengthens data loss prevention efforts by enhancing control over +unauthorized or accidental printing. + +Defining behavior for not Content Aware Printing + +This update introduces new settings that allow you to configure the action triggered when Content +Aware Protection cannot access the content of the printed file. + +Strengthened Data Protection with Improved MPIP Integration + +This release enhances mobile threat defense for organizations using Microsoft Purview Information +Protection (MPIP), also known as MIP; enabling interception of files based on their MPIP label names +or GUIDs to enforce stricter control over sensitive data access and transfer on mobile devices. +Improved integration in Netwrix Endpoint Protector Server WebUI also offers a more comprehensive +configuration option, strengthening your organization's security strategy. + +Enhanced MPIP Encrypted Office Files Label Recognition + +Content Aware Protection (CAP) can now detect sensitive metadata within MIP encrypted Microsoft +Office files, ensuring accurate detection and blocking of sensitive content. + +Enhanced User Remediation Messaging with Rich Text Editing + +Administrators can now format User Remediation messages with bold, italics, underline, text color, +hyperlinks, and different font sizes, enabling them to create clear, visually appealing, and +impactful messages that enhance user comprehension and encourage policy compliance. + +Enhanced Control for Hightail Express File Sharing + +Hightail Express can now be designated as a controlled application in Content Aware Protection, +allowing you to monitor and regulate file transfers through this popular service. + +Expanded Content Aware Protection Policies + +The maximum number of Content Aware Protection (CAP) policies has been increased, allowing for more +granular control over sensitive data. + +Expanded Content Aware Protection Policies + +The maximum number of Content Aware Protection (CAP) policies has been increased from 48 to 300, +allowing for more granular control over sensitive data. + +Expanded Deny/Allowlists limits + +The maximum number of Deny/Allowlists has been increased up to 1 000 list per category, and each +list limit has been increased to 50 000 entries per list, allowing for more granular control over +sensitive data. Notably, the Allowlist Network Share category is not affected by this change. + +Improved Deny/Allowlists Management in CAP and eDiscovery + +We have enhanced the ability to create and manage more deny/allowlists and entities per list, +benefiting both Content Aware Protection (CAP) and eDiscovery with improved data filtering and +investigation efficiency. + +MyBox File Uploads Now Detectable with CAP + +Content Aware Protection (CAP) now identifies and controls file uploads to MyBox, extending security +to popular cloud storage platforms. + +More Precise OneDrive Content Inspection + +Content Aware Protection (CAP) now extracts text more accurately from OneDrive DOC and DOCX files +via the Chrome extension, reducing false positives and blocking only files containing selected +sensitive data (e.g., SSN US). + +Improved Google Docs Text Extraction + +Enhanced text extraction in Google Docs ensures accurate content inspection and minimizes false +positives. + +Improved Google Sheets Text Extraction + +Improved text extraction in Google Sheets reduces false positives for secure content analysis. + +Enhanced Mac Monitoring with Microsoft Remote Desktop Support + +Content Aware Protection now supports monitoring Microsoft Remote Desktop (MRD) connections on Mac +endpoints, enabling policy definition to detect and control sensitive data transfers during MRD +sessions, enhancing your overall data security. diff --git a/docs/endpointprotector/5.9.4.2/requirements/_category_.json b/docs/endpointprotector/5.9.4.2/requirements/_category_.json new file mode 100644 index 0000000000..8a00596580 --- /dev/null +++ b/docs/endpointprotector/5.9.4.2/requirements/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Requirements", + "position": 20, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/endpointprotector/5.9.4.2/requirements/client.md b/docs/endpointprotector/5.9.4.2/requirements/client.md index d623b12e8d..2804f2b659 100644 --- a/docs/endpointprotector/5.9.4.2/requirements/client.md +++ b/docs/endpointprotector/5.9.4.2/requirements/client.md @@ -1,3 +1,9 @@ +--- +title: "Client" +description: "Client" +sidebar_position: 20 +--- + # Client The Endpoint Protector Client has one of the smallest footprints of any similar solution on the diff --git a/docs/endpointprotector/5.9.4.2/requirements/components.md b/docs/endpointprotector/5.9.4.2/requirements/components.md index 13b330299c..58f33e050c 100644 --- a/docs/endpointprotector/5.9.4.2/requirements/components.md +++ b/docs/endpointprotector/5.9.4.2/requirements/components.md @@ -1,3 +1,9 @@ +--- +title: "Main Components" +description: "Main Components" +sidebar_position: 10 +--- + # Main Components Endpoint Protector is designed around several physical entities: diff --git a/docs/endpointprotector/5.9.4.2/requirements/overview.md b/docs/endpointprotector/5.9.4.2/requirements/overview.md index cf5d005d0b..533b5a5728 100644 --- a/docs/endpointprotector/5.9.4.2/requirements/overview.md +++ b/docs/endpointprotector/5.9.4.2/requirements/overview.md @@ -1,3 +1,9 @@ +--- +title: "Requirements" +description: "Requirements" +sidebar_position: 20 +--- + # Requirements This document provides an in-depth overview of the Netwrix Endpoint Protector solution, designed for diff --git a/docs/endpointprotector/5.9.4.2/whatsnew.md b/docs/endpointprotector/5.9.4.2/whatsnew.md deleted file mode 100644 index b7aff471b6..0000000000 --- a/docs/endpointprotector/5.9.4.2/whatsnew.md +++ /dev/null @@ -1,143 +0,0 @@ -# What's New - -## New Netwrix Community! - -All Netwrix product announcements have moved to the new Netwrix Community. See announcements for -Netwrix Endpoint Protector in the -[Endpoint Protector](https://community.netwrix.com/c/endpoint-protector/announcements/106) area of -our new community. - -The following information highlights the new and enhanced features introduced in Netwrix Endpoint -Protector v5.9.4. - -## Endpoint Protector 5.9.4 - -This release includes the following: - -## Product Versions - -Versions of components provided with this release: - -- Server Version: 5.9.4.0 -- Windows Client: 6.2.3.1010 -- Mac Client: 3.0.3.1009 -- Linux Client: 2.4.3.1007 -- Enforced Encryption: 2.1.0.2 - -## General - -Netwrix Endpoint Protector Rebranding - -This release marks the beginning of a soft rebranding initiative for Netwrix Endpoint Protector, -which includes its Server, Client, and Enforced Encryption components. The purpose of this change is -to enhance visual consistency and align with Netwrix's overall branding strategy. - -New branding cover: - -• CoSoSys Endpoint Protector is now Netwrix Endpoint Protector - -![eppnetwrixbranding](/img/product_docs/endpointprotector/5.9.4.2/eppnetwrixbranding.webp) - -**NOTE:** All hardcoded e-mail addresses are not changed from CoSoSys.com domain to avoid -misconfiguration issues of any existing firewall filtering configuration. - -**NOTE:** Modules abbreviations are not changed. - -Customizable Sender Email Address for Alerts - -Administrators can now customize the "From" email address used in alert notifications by specifying -a preferred sender address in the Netwrix Endpoint Protector Server Alternative mail method -configuration. - -## Device Control (DC) - -Enhanced File Rename Tracking on MacOS - -You can now capture both source and destination file names during file renames on MacOS for complete -audit trails and accurate shadowing. - -## Content Aware Protection (CAP) - -Improved Browser Printing Monitoring - -Enhancements to Netwrix Endpoint Protector expand monitoring capabilities for web browser printing -beyond print spooler notifications, ensuring broader coverage across various printing methods and -printer types. This upgrade strengthens data loss prevention efforts by enhancing control over -unauthorized or accidental printing. - -Defining behavior for not Content Aware Printing - -This update introduces new settings that allow you to configure the action triggered when Content -Aware Protection cannot access the content of the printed file. - -Strengthened Data Protection with Improved MPIP Integration - -This release enhances mobile threat defense for organizations using Microsoft Purview Information -Protection (MPIP), also known as MIP; enabling interception of files based on their MPIP label names -or GUIDs to enforce stricter control over sensitive data access and transfer on mobile devices. -Improved integration in Netwrix Endpoint Protector Server WebUI also offers a more comprehensive -configuration option, strengthening your organization's security strategy. - -Enhanced MPIP Encrypted Office Files Label Recognition - -Content Aware Protection (CAP) can now detect sensitive metadata within MIP encrypted Microsoft -Office files, ensuring accurate detection and blocking of sensitive content. - -Enhanced User Remediation Messaging with Rich Text Editing - -Administrators can now format User Remediation messages with bold, italics, underline, text color, -hyperlinks, and different font sizes, enabling them to create clear, visually appealing, and -impactful messages that enhance user comprehension and encourage policy compliance. - -Enhanced Control for Hightail Express File Sharing - -Hightail Express can now be designated as a controlled application in Content Aware Protection, -allowing you to monitor and regulate file transfers through this popular service. - -Expanded Content Aware Protection Policies - -The maximum number of Content Aware Protection (CAP) policies has been increased, allowing for more -granular control over sensitive data. - -Expanded Content Aware Protection Policies - -The maximum number of Content Aware Protection (CAP) policies has been increased from 48 to 300, -allowing for more granular control over sensitive data. - -Expanded Deny/Allowlists limits - -The maximum number of Deny/Allowlists has been increased up to 1 000 list per category, and each -list limit has been increased to 50 000 entries per list, allowing for more granular control over -sensitive data. Notably, the Allowlist Network Share category is not affected by this change. - -Improved Deny/Allowlists Management in CAP and eDiscovery - -We have enhanced the ability to create and manage more deny/allowlists and entities per list, -benefiting both Content Aware Protection (CAP) and eDiscovery with improved data filtering and -investigation efficiency. - -MyBox File Uploads Now Detectable with CAP - -Content Aware Protection (CAP) now identifies and controls file uploads to MyBox, extending security -to popular cloud storage platforms. - -More Precise OneDrive Content Inspection - -Content Aware Protection (CAP) now extracts text more accurately from OneDrive DOC and DOCX files -via the Chrome extension, reducing false positives and blocking only files containing selected -sensitive data (e.g., SSN US). - -Improved Google Docs Text Extraction - -Enhanced text extraction in Google Docs ensures accurate content inspection and minimizes false -positives. - -Improved Google Sheets Text Extraction - -Improved text extraction in Google Sheets reduces false positives for secure content analysis. - -Enhanced Mac Monitoring with Microsoft Remote Desktop Support - -Content Aware Protection now supports monitoring Microsoft Remote Desktop (MRD) connections on Mac -endpoints, enabling policy definition to detect and control sensitive data transfers during MRD -sessions, enhancing your overall data security. diff --git a/docs/passwordpolicyenforcer/11.0/administration-overview/_category_.json b/docs/passwordpolicyenforcer/11.0/administration-overview/_category_.json new file mode 100644 index 0000000000..5874d2dc57 --- /dev/null +++ b/docs/passwordpolicyenforcer/11.0/administration-overview/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Administration", + "position": 40, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "administration_overview" + } +} \ No newline at end of file diff --git a/docs/passwordpolicyenforcer/11.0/administration/administration_overview.md b/docs/passwordpolicyenforcer/11.0/administration-overview/administration_overview.md similarity index 87% rename from docs/passwordpolicyenforcer/11.0/administration/administration_overview.md rename to docs/passwordpolicyenforcer/11.0/administration-overview/administration_overview.md index 6bd340e52b..d8de90d7b7 100644 --- a/docs/passwordpolicyenforcer/11.0/administration/administration_overview.md +++ b/docs/passwordpolicyenforcer/11.0/administration-overview/administration_overview.md @@ -1,3 +1,9 @@ +--- +title: "Administration" +description: "Administration" +sidebar_position: 40 +--- + # Administration Netwrix Password Policy Enforcer helps secure your network by ensuring users set strong passwords. @@ -13,7 +19,7 @@ not jeopardize network security. You can also use Password Policy Enforcer to ensure that passwords are compatible with other systems, and to synchronize passwords with other networks and applications. -**NOTE:** The [Evaluate Password Policy Enforcer](/docs/passwordpolicyenforcer/11.0/evaluation/evaluation_overview.md) contains +**NOTE:** The [Evaluate Password Policy Enforcer](/docs/passwordpolicyenforcer/11.0/evaluation-overview/evaluation_overview.md) contains step-by-step instructions to help you quickly install, configure, and evaluate Password Policy Enforcer. Consider using the Evaluation Guide if you are using Password Policy Enforcer for the first time, prior to installing and deploying on your domains. diff --git a/docs/passwordpolicyenforcer/11.0/administration-overview/cmdlets/_category_.json b/docs/passwordpolicyenforcer/11.0/administration-overview/cmdlets/_category_.json new file mode 100644 index 0000000000..56191c74b1 --- /dev/null +++ b/docs/passwordpolicyenforcer/11.0/administration-overview/cmdlets/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "PPE cmdlets", + "position": 60, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "cmdlets" + } +} \ No newline at end of file diff --git a/docs/passwordpolicyenforcer/11.0/administration/cmdconnectppe.md b/docs/passwordpolicyenforcer/11.0/administration-overview/cmdlets/cmdconnectppe.md similarity index 92% rename from docs/passwordpolicyenforcer/11.0/administration/cmdconnectppe.md rename to docs/passwordpolicyenforcer/11.0/administration-overview/cmdlets/cmdconnectppe.md index 5b75c62c6d..0620813363 100644 --- a/docs/passwordpolicyenforcer/11.0/administration/cmdconnectppe.md +++ b/docs/passwordpolicyenforcer/11.0/administration-overview/cmdlets/cmdconnectppe.md @@ -1,3 +1,9 @@ +--- +title: "Connect-PPE" +description: "Connect-PPE" +sidebar_position: 10 +--- + # Connect-PPE The **Connect-PPE** cmdlet establishes a connection to the PPE Server. diff --git a/docs/passwordpolicyenforcer/11.0/administration/cmdcopyppepolicy.md b/docs/passwordpolicyenforcer/11.0/administration-overview/cmdlets/cmdcopyppepolicy.md similarity index 91% rename from docs/passwordpolicyenforcer/11.0/administration/cmdcopyppepolicy.md rename to docs/passwordpolicyenforcer/11.0/administration-overview/cmdlets/cmdcopyppepolicy.md index f5270e5888..0bdc87ff51 100644 --- a/docs/passwordpolicyenforcer/11.0/administration/cmdcopyppepolicy.md +++ b/docs/passwordpolicyenforcer/11.0/administration-overview/cmdlets/cmdcopyppepolicy.md @@ -1,3 +1,9 @@ +--- +title: "Copy-PPEPolicy" +description: "Copy-PPEPolicy" +sidebar_position: 20 +--- + # Copy-PPEPolicy The **CopyPPEPolicy** cmdlet makes a copy of a PPE policy. diff --git a/docs/passwordpolicyenforcer/11.0/administration/cmdexportppeconfig.md b/docs/passwordpolicyenforcer/11.0/administration-overview/cmdlets/cmdexportppeconfig.md similarity index 89% rename from docs/passwordpolicyenforcer/11.0/administration/cmdexportppeconfig.md rename to docs/passwordpolicyenforcer/11.0/administration-overview/cmdlets/cmdexportppeconfig.md index db151c0cfd..a7929603a1 100644 --- a/docs/passwordpolicyenforcer/11.0/administration/cmdexportppeconfig.md +++ b/docs/passwordpolicyenforcer/11.0/administration-overview/cmdlets/cmdexportppeconfig.md @@ -1,3 +1,9 @@ +--- +title: "Export-PPEConfig" +description: "Export-PPEConfig" +sidebar_position: 30 +--- + # Export-PPEConfig The **Export-PPEConfig** cmdlet exports the Password Policy Enforcer configuration to a file. diff --git a/docs/passwordpolicyenforcer/11.0/administration/cmdexportppepolicy.md b/docs/passwordpolicyenforcer/11.0/administration-overview/cmdlets/cmdexportppepolicy.md similarity index 92% rename from docs/passwordpolicyenforcer/11.0/administration/cmdexportppepolicy.md rename to docs/passwordpolicyenforcer/11.0/administration-overview/cmdlets/cmdexportppepolicy.md index 71081f3b4f..ebe6f23730 100644 --- a/docs/passwordpolicyenforcer/11.0/administration/cmdexportppepolicy.md +++ b/docs/passwordpolicyenforcer/11.0/administration-overview/cmdlets/cmdexportppepolicy.md @@ -1,3 +1,9 @@ +--- +title: "Export-PPEPolicy" +description: "Export-PPEPolicy" +sidebar_position: 40 +--- + # Export-PPEPolicy The **Export-PPEPolicy** exports a Password Policy Enforcer policy to a file. diff --git a/docs/passwordpolicyenforcer/11.0/administration/cmdgetppebulkpasswordtest.md b/docs/passwordpolicyenforcer/11.0/administration-overview/cmdlets/cmdgetppebulkpasswordtest.md similarity index 92% rename from docs/passwordpolicyenforcer/11.0/administration/cmdgetppebulkpasswordtest.md rename to docs/passwordpolicyenforcer/11.0/administration-overview/cmdlets/cmdgetppebulkpasswordtest.md index 684e3a45db..0ca624a581 100644 --- a/docs/passwordpolicyenforcer/11.0/administration/cmdgetppebulkpasswordtest.md +++ b/docs/passwordpolicyenforcer/11.0/administration-overview/cmdlets/cmdgetppebulkpasswordtest.md @@ -1,3 +1,9 @@ +--- +title: "Get-PPEBulkPasswordTest" +description: "Get-PPEBulkPasswordTest" +sidebar_position: 50 +--- + # Get-PPEBulkPasswordTest The **Get-PPEBulkPasswordTest** cmdlet runs the Password Policy Enforcer bulk password test of the diff --git a/docs/passwordpolicyenforcer/11.0/administration/cmdgetppeconfigreport.md b/docs/passwordpolicyenforcer/11.0/administration-overview/cmdlets/cmdgetppeconfigreport.md similarity index 91% rename from docs/passwordpolicyenforcer/11.0/administration/cmdgetppeconfigreport.md rename to docs/passwordpolicyenforcer/11.0/administration-overview/cmdlets/cmdgetppeconfigreport.md index ae0cc8c5db..db354c5f2f 100644 --- a/docs/passwordpolicyenforcer/11.0/administration/cmdgetppeconfigreport.md +++ b/docs/passwordpolicyenforcer/11.0/administration-overview/cmdlets/cmdgetppeconfigreport.md @@ -1,3 +1,9 @@ +--- +title: "Get-PPEConfigReport" +description: "Get-PPEConfigReport" +sidebar_position: 60 +--- + # Get-PPEConfigReport The **Get-PPEConfigReport** cmdlet saves a Password Policy Enforcer configuration report. diff --git a/docs/passwordpolicyenforcer/11.0/administration/cmdgetppedefaultpolicy.md b/docs/passwordpolicyenforcer/11.0/administration-overview/cmdlets/cmdgetppedefaultpolicy.md similarity index 86% rename from docs/passwordpolicyenforcer/11.0/administration/cmdgetppedefaultpolicy.md rename to docs/passwordpolicyenforcer/11.0/administration-overview/cmdlets/cmdgetppedefaultpolicy.md index 1bb6122f93..77edf0df0b 100644 --- a/docs/passwordpolicyenforcer/11.0/administration/cmdgetppedefaultpolicy.md +++ b/docs/passwordpolicyenforcer/11.0/administration-overview/cmdlets/cmdgetppedefaultpolicy.md @@ -1,3 +1,9 @@ +--- +title: "Get-PPEDefaultPolicy" +description: "Get-PPEDefaultPolicy" +sidebar_position: 70 +--- + # Get-PPEDefaultPolicy The **Get-PPEDefaultPolicy** cmdlet reports the name of the Password Policy Enforcer default Policy. diff --git a/docs/passwordpolicyenforcer/11.0/administration/cmdgetppeenabled.md b/docs/passwordpolicyenforcer/11.0/administration-overview/cmdlets/cmdgetppeenabled.md similarity index 87% rename from docs/passwordpolicyenforcer/11.0/administration/cmdgetppeenabled.md rename to docs/passwordpolicyenforcer/11.0/administration-overview/cmdlets/cmdgetppeenabled.md index de440e66ac..83d95d50e2 100644 --- a/docs/passwordpolicyenforcer/11.0/administration/cmdgetppeenabled.md +++ b/docs/passwordpolicyenforcer/11.0/administration-overview/cmdlets/cmdgetppeenabled.md @@ -1,3 +1,9 @@ +--- +title: "Get-PPEEnabled" +description: "Get-PPEEnabled" +sidebar_position: 80 +--- + # Get-PPEEnabled The **Get-PPEEnabled** cmdlet returns the enabled/disabled status of the PPE Server. diff --git a/docs/passwordpolicyenforcer/11.0/administration/cmdgetppehelp.md b/docs/passwordpolicyenforcer/11.0/administration-overview/cmdlets/cmdgetppehelp.md similarity index 93% rename from docs/passwordpolicyenforcer/11.0/administration/cmdgetppehelp.md rename to docs/passwordpolicyenforcer/11.0/administration-overview/cmdlets/cmdgetppehelp.md index f02f9486d9..cea8556678 100644 --- a/docs/passwordpolicyenforcer/11.0/administration/cmdgetppehelp.md +++ b/docs/passwordpolicyenforcer/11.0/administration-overview/cmdlets/cmdgetppehelp.md @@ -1,3 +1,9 @@ +--- +title: "Get-PPEHelp" +description: "Get-PPEHelp" +sidebar_position: 90 +--- + # Get-PPEHelp The **Get-PPEHelp** cmdlet lists the available Password Policy Enforcer cmdlets. If a cmdlet is diff --git a/docs/passwordpolicyenforcer/11.0/administration/cmdgetppelicenseinfo.md b/docs/passwordpolicyenforcer/11.0/administration-overview/cmdlets/cmdgetppelicenseinfo.md similarity index 93% rename from docs/passwordpolicyenforcer/11.0/administration/cmdgetppelicenseinfo.md rename to docs/passwordpolicyenforcer/11.0/administration-overview/cmdlets/cmdgetppelicenseinfo.md index 8d16e5fd93..96042b8e27 100644 --- a/docs/passwordpolicyenforcer/11.0/administration/cmdgetppelicenseinfo.md +++ b/docs/passwordpolicyenforcer/11.0/administration-overview/cmdlets/cmdgetppelicenseinfo.md @@ -1,3 +1,9 @@ +--- +title: "Get-PPELicenseInfo" +description: "Get-PPELicenseInfo" +sidebar_position: 100 +--- + # Get-PPELicenseInfo The **Get-PPELicenseInfo** cmdlet returns the Password Policy Enforcer license information. diff --git a/docs/passwordpolicyenforcer/11.0/administration/cmdgetppepasswordtest.md b/docs/passwordpolicyenforcer/11.0/administration-overview/cmdlets/cmdgetppepasswordtest.md similarity index 94% rename from docs/passwordpolicyenforcer/11.0/administration/cmdgetppepasswordtest.md rename to docs/passwordpolicyenforcer/11.0/administration-overview/cmdlets/cmdgetppepasswordtest.md index de6da5cae2..ae819adbd3 100644 --- a/docs/passwordpolicyenforcer/11.0/administration/cmdgetppepasswordtest.md +++ b/docs/passwordpolicyenforcer/11.0/administration-overview/cmdlets/cmdgetppepasswordtest.md @@ -1,3 +1,9 @@ +--- +title: "Get-PPEPasswordTest" +description: "Get-PPEPasswordTest" +sidebar_position: 110 +--- + # Get-PPEPasswordTest The **Get-PPEPasswordTest** cmdlet runs the Password Policy Enforcer password test for a user. diff --git a/docs/passwordpolicyenforcer/11.0/administration/cmdgetppepolicies.md b/docs/passwordpolicyenforcer/11.0/administration-overview/cmdlets/cmdgetppepolicies.md similarity index 87% rename from docs/passwordpolicyenforcer/11.0/administration/cmdgetppepolicies.md rename to docs/passwordpolicyenforcer/11.0/administration-overview/cmdlets/cmdgetppepolicies.md index df22babf0a..74d2df619e 100644 --- a/docs/passwordpolicyenforcer/11.0/administration/cmdgetppepolicies.md +++ b/docs/passwordpolicyenforcer/11.0/administration-overview/cmdlets/cmdgetppepolicies.md @@ -1,3 +1,9 @@ +--- +title: "Get-PPEPolicies" +description: "Get-PPEPolicies" +sidebar_position: 120 +--- + # Get-PPEPolicies The **Get-PPEPolicies** cmdlet returns the Password Policy Enforcer policies. diff --git a/docs/passwordpolicyenforcer/11.0/administration/cmdgetppepolicyenabled.md b/docs/passwordpolicyenforcer/11.0/administration-overview/cmdlets/cmdgetppepolicyenabled.md similarity index 89% rename from docs/passwordpolicyenforcer/11.0/administration/cmdgetppepolicyenabled.md rename to docs/passwordpolicyenforcer/11.0/administration-overview/cmdlets/cmdgetppepolicyenabled.md index 9e9ea4e7b0..7a831c4ff2 100644 --- a/docs/passwordpolicyenforcer/11.0/administration/cmdgetppepolicyenabled.md +++ b/docs/passwordpolicyenforcer/11.0/administration-overview/cmdlets/cmdgetppepolicyenabled.md @@ -1,3 +1,9 @@ +--- +title: "Get-PPEPolicyEnabled" +description: "Get-PPEPolicyEnabled" +sidebar_position: 130 +--- + # Get-PPEPolicyEnabled The **Get-PPEPolicyEnabled** cmdlet returns the enabled/disabled status of a Password Policy diff --git a/docs/passwordpolicyenforcer/11.0/administration/cmdgetppeserverversion.md b/docs/passwordpolicyenforcer/11.0/administration-overview/cmdlets/cmdgetppeserverversion.md similarity index 90% rename from docs/passwordpolicyenforcer/11.0/administration/cmdgetppeserverversion.md rename to docs/passwordpolicyenforcer/11.0/administration-overview/cmdlets/cmdgetppeserverversion.md index beabd0e1da..117af5b55b 100644 --- a/docs/passwordpolicyenforcer/11.0/administration/cmdgetppeserverversion.md +++ b/docs/passwordpolicyenforcer/11.0/administration-overview/cmdlets/cmdgetppeserverversion.md @@ -1,3 +1,9 @@ +--- +title: "Get-PPEServerVersion" +description: "Get-PPEServerVersion" +sidebar_position: 140 +--- + # Get-PPEServerVersion The **Get-PPEServerVersion** cmdlet returns the Password Policy Enforcer server version. diff --git a/docs/passwordpolicyenforcer/11.0/administration/cmdgetppeversion.md b/docs/passwordpolicyenforcer/11.0/administration-overview/cmdlets/cmdgetppeversion.md similarity index 87% rename from docs/passwordpolicyenforcer/11.0/administration/cmdgetppeversion.md rename to docs/passwordpolicyenforcer/11.0/administration-overview/cmdlets/cmdgetppeversion.md index 4e8852809b..57a5f654bf 100644 --- a/docs/passwordpolicyenforcer/11.0/administration/cmdgetppeversion.md +++ b/docs/passwordpolicyenforcer/11.0/administration-overview/cmdlets/cmdgetppeversion.md @@ -1,3 +1,9 @@ +--- +title: "Get-PPEVersion" +description: "Get-PPEVersion" +sidebar_position: 150 +--- + # Get-PPEVersion The **Get-PPEVersion** cmdlet returns the version of the Password Policy Enforcer PowerShell module. diff --git a/docs/passwordpolicyenforcer/11.0/administration/cmdimportppeconfig.md b/docs/passwordpolicyenforcer/11.0/administration-overview/cmdlets/cmdimportppeconfig.md similarity index 90% rename from docs/passwordpolicyenforcer/11.0/administration/cmdimportppeconfig.md rename to docs/passwordpolicyenforcer/11.0/administration-overview/cmdlets/cmdimportppeconfig.md index 06e9ca2d03..f3a5710cbc 100644 --- a/docs/passwordpolicyenforcer/11.0/administration/cmdimportppeconfig.md +++ b/docs/passwordpolicyenforcer/11.0/administration-overview/cmdlets/cmdimportppeconfig.md @@ -1,3 +1,9 @@ +--- +title: "Import-PPEConfig" +description: "Import-PPEConfig" +sidebar_position: 160 +--- + # Import-PPEConfig The **Import-PPEConfig** cmdlet imports a Password Policy Enforcer configuration file. diff --git a/docs/passwordpolicyenforcer/11.0/administration/cmdimportppepolicy.md b/docs/passwordpolicyenforcer/11.0/administration-overview/cmdlets/cmdimportppepolicy.md similarity index 90% rename from docs/passwordpolicyenforcer/11.0/administration/cmdimportppepolicy.md rename to docs/passwordpolicyenforcer/11.0/administration-overview/cmdlets/cmdimportppepolicy.md index 20ada9276e..10082824c0 100644 --- a/docs/passwordpolicyenforcer/11.0/administration/cmdimportppepolicy.md +++ b/docs/passwordpolicyenforcer/11.0/administration-overview/cmdlets/cmdimportppepolicy.md @@ -1,3 +1,9 @@ +--- +title: "Import-PPEPolicy" +description: "Import-PPEPolicy" +sidebar_position: 170 +--- + # Import-PPEPolicy The **Import-PPEPolicy** cmdlet imports a Password Policy Enforcer policy from a file. diff --git a/docs/passwordpolicyenforcer/11.0/administration-overview/cmdlets/cmdlets.md b/docs/passwordpolicyenforcer/11.0/administration-overview/cmdlets/cmdlets.md new file mode 100644 index 0000000000..2c788157a0 --- /dev/null +++ b/docs/passwordpolicyenforcer/11.0/administration-overview/cmdlets/cmdlets.md @@ -0,0 +1,53 @@ +--- +title: "PPE cmdlets" +description: "PPE cmdlets" +sidebar_position: 60 +--- + +# PPE cmdlets + +The PPE Cmdlets are available to manage Password Policy Enforcer from a Windows PowerShell. The +cmdlets are not case-sensitive. + +To establish the connection: + +**Step 1 –** Open a Windows PowerShell. Some cmdlets require administrative permissions. You can use +the **Run as Administrator** option. + +**Step 2 –** Import the PPE cmdlets module: +**Import-Module "C:\Program Files\Password Policy Enforcer\PS\PPEConf.PowerShell.dll"** + +**Step 3 –** Connect to your domain: +**Connect-PPE -d "_domain_"** where _domain_ is the full name of your domain controller. +**NT-DC03.NWXTECH.COM** in this example. + +**Get-PPEHelp** with no parameters, displays a list of available cmdlets. Use the PowerShell +**get-help** _Cmdlet_ for information about the cmdlet. + +![PPE cmdlets Connect](/img/product_docs/passwordpolicyenforcer/11.0/administration/cmdletconnect.webp) + +Click a PPE cmdlet name for details. + +- [Connect-PPE](/docs/passwordpolicyenforcer/11.0/administration-overview/cmdlets/cmdconnectppe.md) +- [Copy-PPEPolicy](/docs/passwordpolicyenforcer/11.0/administration-overview/cmdlets/cmdcopyppepolicy.md) +- [Export-PPEConfig](/docs/passwordpolicyenforcer/11.0/administration-overview/cmdlets/cmdexportppeconfig.md) +- [Export-PPEPolicy](/docs/passwordpolicyenforcer/11.0/administration-overview/cmdlets/cmdexportppepolicy.md) +- [Get-PPEBulkPasswordTest](/docs/passwordpolicyenforcer/11.0/administration-overview/cmdlets/cmdgetppebulkpasswordtest.md) +- [Get-PPEConfigReport](/docs/passwordpolicyenforcer/11.0/administration-overview/cmdlets/cmdgetppeconfigreport.md) +- [Get-PPEDefaultPolicy](/docs/passwordpolicyenforcer/11.0/administration-overview/cmdlets/cmdgetppedefaultpolicy.md) +- [Get-PPEEnabled](/docs/passwordpolicyenforcer/11.0/administration-overview/cmdlets/cmdgetppeenabled.md) +- [Get-PPEHelp](/docs/passwordpolicyenforcer/11.0/administration-overview/cmdlets/cmdgetppehelp.md) +- [Get-PPELicenseInfo](/docs/passwordpolicyenforcer/11.0/administration-overview/cmdlets/cmdgetppelicenseinfo.md) +- [Get-PPEPasswordTest](/docs/passwordpolicyenforcer/11.0/administration-overview/cmdlets/cmdgetppepasswordtest.md) +- [Get-PPEPolicies](/docs/passwordpolicyenforcer/11.0/administration-overview/cmdlets/cmdgetppepolicies.md) +- [Get-PPEPolicyEnabled](/docs/passwordpolicyenforcer/11.0/administration-overview/cmdlets/cmdgetppepolicyenabled.md) +- [Get-PPEServerVersion](/docs/passwordpolicyenforcer/11.0/administration-overview/cmdlets/cmdgetppeserverversion.md) +- [Get-PPEVersion](/docs/passwordpolicyenforcer/11.0/administration-overview/cmdlets/cmdgetppeversion.md) +- [Import-PPEConfig](/docs/passwordpolicyenforcer/11.0/administration-overview/cmdlets/cmdimportppeconfig.md) +- [Import-PPEPolicy](/docs/passwordpolicyenforcer/11.0/administration-overview/cmdlets/cmdimportppepolicy.md) +- [Remove-PPEPolicy](/docs/passwordpolicyenforcer/11.0/administration-overview/cmdlets/cmdremoveppepolicy.md) +- [Set-PPEDefaultPolicy](/docs/passwordpolicyenforcer/11.0/administration-overview/cmdlets/cmdsetppedefaultpolicy.md) +- [Set-PPEEnabled](/docs/passwordpolicyenforcer/11.0/administration-overview/cmdlets/cmdsetppeenabled.md) +- [Set-PPEPolicyEnabled](/docs/passwordpolicyenforcer/11.0/administration-overview/cmdlets/cmdsetppepolicyenabled.md) +- [Start-PPECompromisedPasswordChecker](/docs/passwordpolicyenforcer/11.0/administration-overview/cmdlets/cmdstartppecompromisedpasswordchecker.md) +- [Start-PPEHibpUpdater](/docs/passwordpolicyenforcer/11.0/administration-overview/cmdlets/cmdstartppehibpupdater.md) diff --git a/docs/passwordpolicyenforcer/11.0/administration/cmdremoveppepolicy.md b/docs/passwordpolicyenforcer/11.0/administration-overview/cmdlets/cmdremoveppepolicy.md similarity index 88% rename from docs/passwordpolicyenforcer/11.0/administration/cmdremoveppepolicy.md rename to docs/passwordpolicyenforcer/11.0/administration-overview/cmdlets/cmdremoveppepolicy.md index f18de5e7dd..9d3ef6c6e3 100644 --- a/docs/passwordpolicyenforcer/11.0/administration/cmdremoveppepolicy.md +++ b/docs/passwordpolicyenforcer/11.0/administration-overview/cmdlets/cmdremoveppepolicy.md @@ -1,3 +1,9 @@ +--- +title: "Remove-PPEPolicy" +description: "Remove-PPEPolicy" +sidebar_position: 180 +--- + # Remove-PPEPolicy The **Remove-PPEPolicy** cmdlet removes a Password Policy Enforcer policy. diff --git a/docs/passwordpolicyenforcer/11.0/administration/cmdsetppedefaultpolicy.md b/docs/passwordpolicyenforcer/11.0/administration-overview/cmdlets/cmdsetppedefaultpolicy.md similarity index 88% rename from docs/passwordpolicyenforcer/11.0/administration/cmdsetppedefaultpolicy.md rename to docs/passwordpolicyenforcer/11.0/administration-overview/cmdlets/cmdsetppedefaultpolicy.md index 40627adbd4..5c73cb5142 100644 --- a/docs/passwordpolicyenforcer/11.0/administration/cmdsetppedefaultpolicy.md +++ b/docs/passwordpolicyenforcer/11.0/administration-overview/cmdlets/cmdsetppedefaultpolicy.md @@ -1,3 +1,9 @@ +--- +title: "Set-PPEDefaultPolicy" +description: "Set-PPEDefaultPolicy" +sidebar_position: 190 +--- + # Set-PPEDefaultPolicy The **Set-PPEDefaultPolicy** cmdlet sets the Password Policy Enforcer policy as the default. diff --git a/docs/passwordpolicyenforcer/11.0/administration/cmdsetppeenabled.md b/docs/passwordpolicyenforcer/11.0/administration-overview/cmdlets/cmdsetppeenabled.md similarity index 90% rename from docs/passwordpolicyenforcer/11.0/administration/cmdsetppeenabled.md rename to docs/passwordpolicyenforcer/11.0/administration-overview/cmdlets/cmdsetppeenabled.md index 533ae7be11..04a05837c9 100644 --- a/docs/passwordpolicyenforcer/11.0/administration/cmdsetppeenabled.md +++ b/docs/passwordpolicyenforcer/11.0/administration-overview/cmdlets/cmdsetppeenabled.md @@ -1,3 +1,9 @@ +--- +title: "Set-PPEEnabled" +description: "Set-PPEEnabled" +sidebar_position: 200 +--- + # Set-PPEEnabled The **Set-PPEEnabled** cmdlet sets the enabled/disabled status for the PPE Server. diff --git a/docs/passwordpolicyenforcer/11.0/administration/cmdsetppepolicyenabled.md b/docs/passwordpolicyenforcer/11.0/administration-overview/cmdlets/cmdsetppepolicyenabled.md similarity index 91% rename from docs/passwordpolicyenforcer/11.0/administration/cmdsetppepolicyenabled.md rename to docs/passwordpolicyenforcer/11.0/administration-overview/cmdlets/cmdsetppepolicyenabled.md index b0d1439ad6..2a4d13794a 100644 --- a/docs/passwordpolicyenforcer/11.0/administration/cmdsetppepolicyenabled.md +++ b/docs/passwordpolicyenforcer/11.0/administration-overview/cmdlets/cmdsetppepolicyenabled.md @@ -1,3 +1,9 @@ +--- +title: "Set-PPEPolicyEnabled" +description: "Set-PPEPolicyEnabled" +sidebar_position: 210 +--- + # Set-PPEPolicyEnabled The **Set-PPEPolicyEnabled** cmdlet sets the enabled/disabled status for a Password Policy Enforcer diff --git a/docs/passwordpolicyenforcer/11.0/administration/cmdstartppecompromisedpasswordchecker.md b/docs/passwordpolicyenforcer/11.0/administration-overview/cmdlets/cmdstartppecompromisedpasswordchecker.md similarity index 84% rename from docs/passwordpolicyenforcer/11.0/administration/cmdstartppecompromisedpasswordchecker.md rename to docs/passwordpolicyenforcer/11.0/administration-overview/cmdlets/cmdstartppecompromisedpasswordchecker.md index 59af49f266..0ae6243e31 100644 --- a/docs/passwordpolicyenforcer/11.0/administration/cmdstartppecompromisedpasswordchecker.md +++ b/docs/passwordpolicyenforcer/11.0/administration-overview/cmdlets/cmdstartppecompromisedpasswordchecker.md @@ -1,3 +1,9 @@ +--- +title: "Start-PPECompromisedPasswordChecker" +description: "Start-PPECompromisedPasswordChecker" +sidebar_position: 220 +--- + # Start-PPECompromisedPasswordChecker The **Start-PPECompromisedPasswordChecker** cmdlet runs the Password Policy Enforcer Compromised diff --git a/docs/passwordpolicyenforcer/11.0/administration/cmdstartppehibpupdater.md b/docs/passwordpolicyenforcer/11.0/administration-overview/cmdlets/cmdstartppehibpupdater.md similarity index 93% rename from docs/passwordpolicyenforcer/11.0/administration/cmdstartppehibpupdater.md rename to docs/passwordpolicyenforcer/11.0/administration-overview/cmdlets/cmdstartppehibpupdater.md index 9513c4db39..f82495daac 100644 --- a/docs/passwordpolicyenforcer/11.0/administration/cmdstartppehibpupdater.md +++ b/docs/passwordpolicyenforcer/11.0/administration-overview/cmdlets/cmdstartppehibpupdater.md @@ -1,3 +1,9 @@ +--- +title: "Start-PPEHibpUpdater" +description: "Start-PPEHibpUpdater" +sidebar_position: 230 +--- + # Start-PPEHibpUpdater The **Start-PPEHibpUpdater** cmdlet starts an update of the Hibp database. diff --git a/docs/passwordpolicyenforcer/11.0/administration/command_line_interface.md b/docs/passwordpolicyenforcer/11.0/administration-overview/command_line_interface.md similarity index 95% rename from docs/passwordpolicyenforcer/11.0/administration/command_line_interface.md rename to docs/passwordpolicyenforcer/11.0/administration-overview/command_line_interface.md index e168487ba6..4d4a749d77 100644 --- a/docs/passwordpolicyenforcer/11.0/administration/command_line_interface.md +++ b/docs/passwordpolicyenforcer/11.0/administration-overview/command_line_interface.md @@ -1,3 +1,9 @@ +--- +title: "Command Line Interface" +description: "Command Line Interface" +sidebar_position: 70 +--- + # Command Line Interface ## Silent Installation diff --git a/docs/passwordpolicyenforcer/11.0/administration/compromisedpasswordcheck.md b/docs/passwordpolicyenforcer/11.0/administration-overview/compromisedpasswordcheck.md similarity index 95% rename from docs/passwordpolicyenforcer/11.0/administration/compromisedpasswordcheck.md rename to docs/passwordpolicyenforcer/11.0/administration-overview/compromisedpasswordcheck.md index 2d12958853..8e6c6ce233 100644 --- a/docs/passwordpolicyenforcer/11.0/administration/compromisedpasswordcheck.md +++ b/docs/passwordpolicyenforcer/11.0/administration-overview/compromisedpasswordcheck.md @@ -1,3 +1,9 @@ +--- +title: "Compromised Password Check" +description: "Compromised Password Check" +sidebar_position: 30 +--- + # Compromised Password Check The Compromised Password Checker finds compromised passwords. Users can be notified via email and @@ -5,7 +11,7 @@ advised or forced to change their password. The check can be scheduled to check against a compromised hash list at any time. **NOTE:** Create the **Compromised Passwords Base** file prior to enabling the Compromised Password -Check. See the [HIBP Updater](/docs/passwordpolicyenforcer/11.0/administration/hibpupdater.md) topic for instructions. +Check. See the [HIBP Updater](/docs/passwordpolicyenforcer/11.0/installation/hibpupdater.md) topic for instructions. The Compromised Password Checker is launched from the Configuration Console: @@ -23,7 +29,7 @@ Click the **Compromised Password Check** toggle to enable/disable the feature. ![Compromised Password Check](/img/product_docs/passwordpolicyenforcer/11.0/administration/compromisedpasswords.webp) - **Compromised Passwords Base** specify the database to use when checking for compromised - passwords. Netwrix recommends using the [HIBP Updater](/docs/passwordpolicyenforcer/11.0/administration/hibpupdater.md) to create this database. + passwords. Netwrix recommends using the [HIBP Updater](/docs/passwordpolicyenforcer/11.0/installation/hibpupdater.md) to create this database. Click **Browse** to navigate to the folder. Default is **C:\HIBP\DB** - **Domain Controller (FQDN)** specify the fully qualified domain controller name where you want to run the password check. Click **Browse** and select from the list. diff --git a/docs/passwordpolicyenforcer/11.0/administration/configconsole.md b/docs/passwordpolicyenforcer/11.0/administration-overview/configconsole.md similarity index 93% rename from docs/passwordpolicyenforcer/11.0/administration/configconsole.md rename to docs/passwordpolicyenforcer/11.0/administration-overview/configconsole.md index 4bd5688bfd..adfd4cf78d 100644 --- a/docs/passwordpolicyenforcer/11.0/administration/configconsole.md +++ b/docs/passwordpolicyenforcer/11.0/administration-overview/configconsole.md @@ -1,3 +1,9 @@ +--- +title: "Configuration Console" +description: "Configuration Console" +sidebar_position: 10 +--- + # Configuration Console The PPE Configuration Console manages Password Policy Enforcer across your domain. It can be @@ -23,9 +29,9 @@ Enforcer. In addition, there are tiles to access Password Policy Enforcer major features: -- [Manage Policies](/docs/passwordpolicyenforcer/11.0/administration/manage_policies.md) -- [Compromised Password Check](/docs/passwordpolicyenforcer/11.0/administration/compromisedpasswordcheck.md) -- [System Audit and Support](/docs/passwordpolicyenforcer/11.0/administration/systemaudit.md) - Version Tracker, Support Tools, Property Editor +- [Manage Policies](/docs/passwordpolicyenforcer/11.0/administration-overview/manage-policies/manage_policies.md) +- [Compromised Password Check](/docs/passwordpolicyenforcer/11.0/administration-overview/compromisedpasswordcheck.md) +- [System Audit and Support](/docs/passwordpolicyenforcer/11.0/administration-overview/systemaudit.md) - Version Tracker, Support Tools, Property Editor See the specific topics for details. @@ -75,7 +81,7 @@ Local - You can copy a local configuration to another computer by exporting the configuration from the registry, and then importing it into the registry of the other computer. You can also use Group Policy to distribute a local configuration to many computers. See the - [Domain and Local Policies](/docs/passwordpolicyenforcer/11.0/administration/domain_and_local_policies.md) topic for additional information. + [Domain and Local Policies](/docs/passwordpolicyenforcer/11.0/installation/domain_and_local_policies.md) topic for additional information. ![Connected To Local Configuration](/img/product_docs/passwordpolicyenforcer/11.0/administration/connecttodomain.webp) @@ -119,11 +125,11 @@ Here are the default settings. - Minimum Age rule is never enforced during a reset. - History rule is enforced if this option is selected and the **Enforce this rule when a - password is reset** option is selected on the [History Rule](/docs/passwordpolicyenforcer/11.0/administration/history_rule.md) Properties. + password is reset** option is selected on the [History Rule](/docs/passwordpolicyenforcer/11.0/administration-overview/manage-policies/rules/history_rule.md) Properties. - **Accept encrypted client request only** specifies requests from Password Policy Client, Netwrix Password Reset and Password Policy/Web must be encrypted. Client requests do not contain passwords - or password hashes. See the [Password Policy Client](/docs/passwordpolicyenforcer/11.0/administration/password_policy_client.md) topic for + or password hashes. See the [Password Policy Client](/docs/passwordpolicyenforcer/11.0/administration-overview/password-policy-client/password_policy_client.md) topic for additional information. Default is checked. - **Log event when password not checked by service** adds an entry to the Windows Application Event Log whenever it accepts a password without checking it. Default is checked. This can occur if: @@ -151,7 +157,7 @@ Here are the default settings. - An event is only logged if the Password Policy Enforcer Client version is 9.0 or later. If a password is rejected by the Password Policy Server, then the event is logged. - Client logged events only show the local rules the password violated. For example, the - Compromised rule is only enforced by the Password Policy Server. See the [Rules](/docs/passwordpolicyenforcer/11.0/administration/rules.md) + Compromised rule is only enforced by the Password Policy Server. See the [Rules](/docs/passwordpolicyenforcer/11.0/administration-overview/manage-policies/rules/rules.md) topic for additional information. - Client rejections can be lost or duplicated if there are communication issues between the Password Policy Client and Password Policy Server. diff --git a/docs/passwordpolicyenforcer/11.0/administration-overview/manage-policies/_category_.json b/docs/passwordpolicyenforcer/11.0/administration-overview/manage-policies/_category_.json new file mode 100644 index 0000000000..414e42eecc --- /dev/null +++ b/docs/passwordpolicyenforcer/11.0/administration-overview/manage-policies/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Manage Policies", + "position": 20, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "manage_policies" + } +} \ No newline at end of file diff --git a/docs/passwordpolicyenforcer/11.0/administration/manage_policies.md b/docs/passwordpolicyenforcer/11.0/administration-overview/manage-policies/manage_policies.md similarity index 91% rename from docs/passwordpolicyenforcer/11.0/administration/manage_policies.md rename to docs/passwordpolicyenforcer/11.0/administration-overview/manage-policies/manage_policies.md index 3f79b20863..7f74260c03 100644 --- a/docs/passwordpolicyenforcer/11.0/administration/manage_policies.md +++ b/docs/passwordpolicyenforcer/11.0/administration-overview/manage-policies/manage_policies.md @@ -1,8 +1,14 @@ +--- +title: "Manage Policies" +description: "Manage Policies" +sidebar_position: 20 +--- + # Manage Policies Netwrix Password Policy Enforcer can enforce up to 256 different password policies. You can assign policies to users directly, or indirectly through Active Directory security groups and containers -(Organizational Units). See the [Assign Policies to Users & Groups](/docs/passwordpolicyenforcer/11.0/administration/usersgroups.md) topic for +(Organizational Units). See the [Assign Policies to Users & Groups](/docs/passwordpolicyenforcer/11.0/administration-overview/manage-policies/usersgroups.md) topic for additional information. Open the Configuration Console: @@ -91,16 +97,16 @@ most popular regulatory frameworks. Once you add a policy, it needs to be set up or reviewed if you used a template. Click on the policy name to edit the policy. For each policy: -- Set up [Rules](/docs/passwordpolicyenforcer/11.0/administration/rules.md). -- [Assign Policies to Users & Groups](/docs/passwordpolicyenforcer/11.0/administration/usersgroups.md). -- Enable the use of an optional [Passphrase](/docs/passwordpolicyenforcer/11.0/administration/passphrases.md). -- Set up [Policy Properties](/docs/passwordpolicyenforcer/11.0/administration/policy_properties.md). -- Set up [Messages](/docs/passwordpolicyenforcer/11.0/administration/messages.md) for your users. +- Set up [Rules](/docs/passwordpolicyenforcer/11.0/administration-overview/manage-policies/rules/rules.md). +- [Assign Policies to Users & Groups](/docs/passwordpolicyenforcer/11.0/administration-overview/manage-policies/usersgroups.md). +- Enable the use of an optional [Passphrase](/docs/passwordpolicyenforcer/11.0/administration-overview/manage-policies/passphrases.md). +- Set up [Policy Properties](/docs/passwordpolicyenforcer/11.0/administration-overview/manage-policies/policy_properties.md). +- Set up [Messages](/docs/passwordpolicyenforcer/11.0/administration-overview/manage-policies/messages.md) for your users. ## Test Policy Launches the Test policy tool in a separate window. You can test **By user** and by **Password bulk -test**. See the [Test Policy](/docs/passwordpolicyenforcer/11.0/administration/testpolicy.md) topic for additional information. +test**. See the [Test Policy](/docs/passwordpolicyenforcer/11.0/administration-overview/manage-policies/testpolicy.md) topic for additional information. ## Set Priorities @@ -112,7 +118,7 @@ priorities** to save the new order. ### Policy Selection Flowchart This flowchart shows how Password Policy Enforcer determines a policy for each user. Use the -[Test Policy](/docs/passwordpolicyenforcer/11.0/administration/testpolicy.md) tool to quickly determine which policy Password Policy Enforcer is +[Test Policy](/docs/passwordpolicyenforcer/11.0/administration-overview/manage-policies/testpolicy.md) tool to quickly determine which policy Password Policy Enforcer is enforced for a particular user. ![managing_policies](/img/product_docs/passwordpolicyenforcer/11.0/administration/managing_policies.webp) diff --git a/docs/passwordpolicyenforcer/11.0/administration-overview/manage-policies/messages.md b/docs/passwordpolicyenforcer/11.0/administration-overview/manage-policies/messages.md new file mode 100644 index 0000000000..505af7f355 --- /dev/null +++ b/docs/passwordpolicyenforcer/11.0/administration-overview/manage-policies/messages.md @@ -0,0 +1,60 @@ +--- +title: "Messages" +description: "Messages" +sidebar_position: 50 +--- + +# Messages + +Each Password Policy Enforcer password policy has multiple message templates, one for each of the +Password Policy Client messages. + +- Password Policy – Displays the password policy guidelines on clients that have the Netwrix + Password Policy Enforcer Client installed. +- [POLICY] – Customize the text for the active rules. +- [LIVE_POLICY] – Password Policy Client (10.2 and above) messages can be configured to display live + feedback for the active rules to users as they enter their passwords. This feature enables users + to see if their passwords meet the requirements of the policy set by the organization. Here is an + example of a live policy message. + + ![Messages](/img/product_docs/passwordpolicyenforcer/11.0/administration/mesages2.webp) + + **NOTE:** Start each custom message with two spaces, a hypen, and a space before your message so + the X and checks can appear for the rule. For example: " **- Include an upper case alpha + character.**" The quotes are only there to illustrate the message. + +- Rejection Reason – Displays why an intended password was rejected on clients that have the Netwrix + Password Policy Enforcer Client installed +- Generic Rejection – Displays if Password Policy Enforcer does not have a specific reason for the + rejection, generally because the password does not comply with the Windows password policy + +**Step 1 –** Open the Configuration Console: + +Click **Start** > **Netwrix Password Policy Enforcer** > **PPE Configuration** +or +Double click the **PPE Configuration** desktop shortcut. + +**Step 2 –** Click on a policy name to open the policy configuration page. + +**Step 3 –** Open the **Messages** tab. + +![Set up messages](/img/product_docs/passwordpolicyenforcer/11.0/administration/messages.webp) + +**Step 4 –** Select the message language from the drop-down list. You can set messages for multiple +languages. You do not have to create a Password Policy Enforcer policy for each language. To set +multiple languages, pick one, edit the message templates. Select another language, and edit the +message templates. Repeat for each language you want to implement. The correct message is displayed +to users based on their selected language. + +**Step 5 –** Edit the message templates in the Password policy, [POLICY], [LIVE_POLICY], Rejection +Reason, and Generic rejection messages for any of the components you want to use. + +**Step 6 –** Insert the macros into your message. Click **Macro** and pick one to insert it. + +![Use macros for your message](/img/product_docs/passwordpolicyenforcer/11.0/administration/messagesmacros.webp) + +**Step 7 –** Click **Save** and review your changes in the Preview area. Click **Save** f you edit +the message. + +**NOTE:** If you do not see the **Preview**, contact your network administrator to set up the +firewall to allow Password Policy Enforcer to communicate. diff --git a/docs/passwordpolicyenforcer/11.0/administration-overview/manage-policies/passphrases.md b/docs/passwordpolicyenforcer/11.0/administration-overview/manage-policies/passphrases.md new file mode 100644 index 0000000000..0f998d6f99 --- /dev/null +++ b/docs/passwordpolicyenforcer/11.0/administration-overview/manage-policies/passphrases.md @@ -0,0 +1,41 @@ +--- +title: "Passphrase" +description: "Passphrase" +sidebar_position: 30 +--- + +# Passphrase + +Passphrases have gained popularity in recent years as they can be more difficult to crack and easier +to remember than passwords. The difference between passwords and passphrases is their length. +Passwords are rarely longer than 15 characters, but passphrases commonly contain 20 or more +characters. + +Complexity and dictionary rules are less important for passphrases as passphrases rely primarily on +length for security. You may want to relax some password policy requirements for passphrases. + +**Step 1 –** Open the Configuration Console: + +Click **Start** > **Netwrix Password Policy Enforcer** > **PPE Configuration** +or +Double click the **PPE Configuration** desktop shortcut. + +**Step 2 –** Click on a policy name to open the policy configuration page. + +**Step 3 –** Open the **Passphrase** tab. + +![Enable Passphrases](/img/product_docs/passwordpolicyenforcer/11.0/administration/passphrase.webp) + +**Step 4 –** Select the number of characters the password must contain before the selected rules are +disabled. + +**Step 5 –** Select the rules to be disabled. + +Disabled rules are not counted when calculating the compliance level, but Password Policy Enforcer +accepts passphrases that comply with all enabled rules, irrespective of the compliance level. This +ensures that passphrases can be used, even if they do not meet the compliance level when Password +Policy Enforcer is configured to disable one or more rules for passphrases. + +**NOTE:** Opinions differ on how long a passphrase needs to be. Even a 30 character passphrase can +be weaker than a well-chosen password. Do not disable too many rules under the assumption that +length alone makes up for the reduced complexity. diff --git a/docs/passwordpolicyenforcer/11.0/administration/policy_properties.md b/docs/passwordpolicyenforcer/11.0/administration-overview/manage-policies/policy_properties.md similarity index 90% rename from docs/passwordpolicyenforcer/11.0/administration/policy_properties.md rename to docs/passwordpolicyenforcer/11.0/administration-overview/manage-policies/policy_properties.md index 5975ea53c7..e92bffd545 100644 --- a/docs/passwordpolicyenforcer/11.0/administration/policy_properties.md +++ b/docs/passwordpolicyenforcer/11.0/administration-overview/manage-policies/policy_properties.md @@ -1,3 +1,9 @@ +--- +title: "Policy Properties" +description: "Policy Properties" +sidebar_position: 40 +--- + # Policy Properties Sets the properties for the selected policy. @@ -12,7 +18,7 @@ Double click the **PPE Configuration** desktop shortcut. **Step 3 –** Open the **Properties** tab. -![Set the Policy Properties](/img/product_docs/activitymonitor/8.0/install/agent/properties.webp) +![Set the Policy Properties](/img/product_docs/passwordpolicyenforcer/11.0/administration/properties.webp) Each policy must have a unique name. To change the name of a policy, type the new name in the text box. @@ -41,10 +47,10 @@ Select the number of rules for **Passwords must comply with** from the drop-down the required compliance level for this policy. The default value **(all the rules**) requires users to comply with all enabled rules. Choose an alternative option if Password Policy Enforcer should enforce a more lenient password policy. The Minimum Age and Maximum Age rules are excluded from -compliance level calculations. See the [Rules](/docs/passwordpolicyenforcer/11.0/administration/rules.md) topic for additional information. +compliance level calculations. See the [Rules](/docs/passwordpolicyenforcer/11.0/administration-overview/manage-policies/rules/rules.md) topic for additional information. When setting the compliance level, consider that some rules may be disabled when a user enters a -passphrase. See the [Passphrase](/docs/passwordpolicyenforcer/11.0/administration/passphrases.md) topic for additional information. Password Policy +passphrase. See the [Passphrase](/docs/passwordpolicyenforcer/11.0/administration-overview/manage-policies/passphrases.md) topic for additional information. Password Policy Enforcer accepts passphrases that comply with all enabled rules, irrespective of the compliance level. This ensures that passphrases can be used, even if they do not meet the compliance level when Password Policy Enforcer is configured to disable one or more rules for passphrases. diff --git a/docs/passwordpolicyenforcer/11.0/administration-overview/manage-policies/rules/_category_.json b/docs/passwordpolicyenforcer/11.0/administration-overview/manage-policies/rules/_category_.json new file mode 100644 index 0000000000..278fe80f06 --- /dev/null +++ b/docs/passwordpolicyenforcer/11.0/administration-overview/manage-policies/rules/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Rules", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "rules" + } +} \ No newline at end of file diff --git a/docs/passwordpolicyenforcer/11.0/administration/character_rules.md b/docs/passwordpolicyenforcer/11.0/administration-overview/manage-policies/rules/character_rules.md similarity index 94% rename from docs/passwordpolicyenforcer/11.0/administration/character_rules.md rename to docs/passwordpolicyenforcer/11.0/administration-overview/manage-policies/rules/character_rules.md index b8c3516d58..24263dc659 100644 --- a/docs/passwordpolicyenforcer/11.0/administration/character_rules.md +++ b/docs/passwordpolicyenforcer/11.0/administration-overview/manage-policies/rules/character_rules.md @@ -1,3 +1,9 @@ +--- +title: "Character (Granular) Rules" +description: "Character (Granular) Rules" +sidebar_position: 40 +--- + # Character (Granular) Rules Password Policy Enforcer has seven Character rules that reject passwords if they contain, or do not @@ -10,7 +16,7 @@ All the Character rules work identically, but each has their own default charact set is the collection of characters that each rule searches for when checking a password. You can use the Character rules with their default character sets, or define your own. By default, the Password Policy Enforcer selects the Password Policy Enforcer character on the -[Set Priorities](manage_policies.md#set-priorities) page. +[Set Priorities](/docs/passwordpolicyenforcer/11.0/administration-overview/manage-policies/manage_policies.md#set-priorities) page. **NOTE:** Only Password Policy Enforcer 11 and higher will contain the Windows character set. Password Policy Enforcer 9, Netwrix Password Reset3 and Password Policy Enforcer Web 7 (and older diff --git a/docs/passwordpolicyenforcer/11.0/administration/complexity_rule.md b/docs/passwordpolicyenforcer/11.0/administration-overview/manage-policies/rules/complexity_rule.md similarity index 92% rename from docs/passwordpolicyenforcer/11.0/administration/complexity_rule.md rename to docs/passwordpolicyenforcer/11.0/administration-overview/manage-policies/rules/complexity_rule.md index d9f8aaf053..6fb0b7a9c0 100644 --- a/docs/passwordpolicyenforcer/11.0/administration/complexity_rule.md +++ b/docs/passwordpolicyenforcer/11.0/administration-overview/manage-policies/rules/complexity_rule.md @@ -1,3 +1,9 @@ +--- +title: "Characters (Complexity) Rule" +description: "Characters (Complexity) Rule" +sidebar_position: 30 +--- + # Characters (Complexity) Rule The Complexity rule rejects passwords that do not contain characters from a variety of character @@ -16,7 +22,7 @@ greater than the number of required character sets. Select the **Passwords must always comply with this rule** check box to make the Complexity rule mandatory. Password Policy Enforcer rules are mandatory by default, but can be made optional by changing the Reject passwords that do not comply with value in the Policy Properties page. A -mandatory rule can still be disabled when a passphrase is used. See the [Passphrase](/docs/passwordpolicyenforcer/11.0/administration/passphrases.md) +mandatory rule can still be disabled when a passphrase is used. See the [Passphrase](/docs/passwordpolicyenforcer/11.0/administration-overview/manage-policies/passphrases.md) topic for additional information. **NOTE:** The Complexity rule uses custom character set definitions from the Character rules, even diff --git a/docs/passwordpolicyenforcer/11.0/administration-overview/manage-policies/rules/compromised_rule.md b/docs/passwordpolicyenforcer/11.0/administration-overview/manage-policies/rules/compromised_rule.md new file mode 100644 index 0000000000..368df99438 --- /dev/null +++ b/docs/passwordpolicyenforcer/11.0/administration-overview/manage-policies/rules/compromised_rule.md @@ -0,0 +1,23 @@ +--- +title: "Compromised Rule" +description: "Compromised Rule" +sidebar_position: 50 +--- + +# Compromised Rule + +The Compromised rule rejects passwords from prior breaches. These passwords should not be used as +they are vulnerable to credential stuffing attacks. + +![Compromised password rule](/img/product_docs/passwordpolicyenforcer/11.0/administration/compromised.webp) + +Select the **Compromised** check box to enable the Compromised rule. + +You can browse to your compromised passwords base files or type a path into the text box. The path +can contain environment variables like + +**CAUTION:** %SystemRoot%. hash files should only be read from a local disk. Using shared hash files +degrades performance, and could jeopardize security. + +See the [HIBP Updater](/docs/passwordpolicyenforcer/11.0/installation/hibpupdater.md) topic for the information about the Have I Been Pwnd (HIBP) +database usage. diff --git a/docs/passwordpolicyenforcer/11.0/administration/dictionary_rule.md b/docs/passwordpolicyenforcer/11.0/administration-overview/manage-policies/rules/dictionary_rule.md similarity index 98% rename from docs/passwordpolicyenforcer/11.0/administration/dictionary_rule.md rename to docs/passwordpolicyenforcer/11.0/administration-overview/manage-policies/rules/dictionary_rule.md index 470292bdd0..bd214e004b 100644 --- a/docs/passwordpolicyenforcer/11.0/administration/dictionary_rule.md +++ b/docs/passwordpolicyenforcer/11.0/administration-overview/manage-policies/rules/dictionary_rule.md @@ -1,3 +1,9 @@ +--- +title: "Dictionary Rule" +description: "Dictionary Rule" +sidebar_position: 60 +--- + # Dictionary Rule The Dictionary rule rejects passwords that are vulnerable to guessing, hybrid, and precomputed diff --git a/docs/passwordpolicyenforcer/11.0/administration/history_rule.md b/docs/passwordpolicyenforcer/11.0/administration-overview/manage-policies/rules/history_rule.md similarity index 98% rename from docs/passwordpolicyenforcer/11.0/administration/history_rule.md rename to docs/passwordpolicyenforcer/11.0/administration-overview/manage-policies/rules/history_rule.md index d2cbf72d1b..df064ac61b 100644 --- a/docs/passwordpolicyenforcer/11.0/administration/history_rule.md +++ b/docs/passwordpolicyenforcer/11.0/administration-overview/manage-policies/rules/history_rule.md @@ -1,3 +1,9 @@ +--- +title: "History Rule" +description: "History Rule" +sidebar_position: 70 +--- + # History Rule The History rule rejects passwords that are identical to recently used passwords. Password reuse @@ -5,7 +11,7 @@ should be avoided because it defeats the purpose of regular password changes. Pa Enforcer can stop users from reusing passwords for a specified number of password changes or a number of days. -![History rule](/img/product_docs/threatprevention/7.5/admin/policies/history.webp) +![History rule](/img/product_docs/passwordpolicyenforcer/11.0/administration/history.webp) Select the **History** check box to enable the History rule. diff --git a/docs/passwordpolicyenforcer/11.0/administration/length_rule.md b/docs/passwordpolicyenforcer/11.0/administration-overview/manage-policies/rules/length_rule.md similarity index 92% rename from docs/passwordpolicyenforcer/11.0/administration/length_rule.md rename to docs/passwordpolicyenforcer/11.0/administration-overview/manage-policies/rules/length_rule.md index 62217d5970..f7885f216d 100644 --- a/docs/passwordpolicyenforcer/11.0/administration/length_rule.md +++ b/docs/passwordpolicyenforcer/11.0/administration-overview/manage-policies/rules/length_rule.md @@ -1,3 +1,9 @@ +--- +title: "Length Rule" +description: "Length Rule" +sidebar_position: 80 +--- + # Length Rule The Length rule rejects passwords that contain too few or too many characters. Longer passwords are diff --git a/docs/passwordpolicyenforcer/11.0/administration-overview/manage-policies/rules/maximum_age_rule.md b/docs/passwordpolicyenforcer/11.0/administration-overview/manage-policies/rules/maximum_age_rule.md new file mode 100644 index 0000000000..105428a766 --- /dev/null +++ b/docs/passwordpolicyenforcer/11.0/administration-overview/manage-policies/rules/maximum_age_rule.md @@ -0,0 +1,111 @@ +--- +title: "Age (Max) Rule" +description: "Age (Max) Rule" +sidebar_position: 10 +--- + +# Age (Max) Rule + +The Maximum Age rule forces users to change their passwords regularly. This decreases the likelihood +of an attacker discovering a password before it changes. This rule can only be enforced by domain +policies. + +![Maximum Age rule](/img/product_docs/passwordpolicyenforcer/11.0/administration/agemax.webp) + +Select the **Age (Max)** checkbox to enable the Maximum Age rule. + +Choose a value from the first days drop-down list to specify how many days must elapse before +passwords expire. + +You can encourage users to choose longer passwords by extending the lifetime of their password if it +exceeds a certain length. To enable this feature, choose a higher value from the second days +drop-down list and a minimum length from the contains drop-down list. Passwords that contain the +required number of characters do not expire until the second (higher) days value. If both days +values are identical, then passwords will expire after the specified number of days, irrespective of +length. + +**NOTE:** When the Maximum Age rule is configured to delay the expiry of longer passwords, it +creates an Active Directory security group called "PPE Extended Maximum Age Users". Password Policy +Enforcer uses this group to identify which users are eligible for a delayed password expiry. Users +are added and removed from the group automatically. You can move and rename this group, but do not +change the pre-Windows 2000 name. Contact Netwrix support if you must change the pre-Windows 2000 +name. Change a Password Policy Enforcer configuration setting (any setting) after moving or renaming +the group to trigger a cache update in Password Policy Enforcer. Password Policy Enforcer recreates +this group if you delete it. To stop creating a group, make the two days values equal in all +policies. + +Choose a value from the Mode drop-down list to specify how Password Policy Enforcer handles expired +passwords. The Standard mode forces all users with expired passwords to change their password during +logon. The Transitional modes force a percentage of users with expired passwords to change their +password during logon. The Warning mode warns users that their password has expired without forcing +them to change it. + +Use the Warning and Transitional modes to gradually introduce a new password policy. These modes +reduce the number of forced password changes, allowing the help desk to deal with any extra calls +relating to the new policy. Switch to the Standard mode after most users have had a chance to change +their password. + +It takes approximately 50 days for all users with expired passwords to be forced to change them in +the 2% Transitional mode (2% every day). The 5% Transitional mode reduces this to 20 days, and the +10% Transitional mode further reduces it to 10 days. The selection algorithm is randomized, so these +are estimates only. You must switch to the Standard mode to ensure that all old passwords will +expire. + +Users with expired passwords are always prompted to change their password, even in the Transitional +and Warning modes. Users can ignore the prompt to change their password unless they are being forced +to change it. + +**NOTE:** The password expiry prompt is a Windows client feature, and is displayed even if the +Password Policy Client is not installed. Windows clients display the prompt 5 days before passwords +expire by default. You can alter this behavior in the Windows Group Policy security settings. See +the +[Interactive logon: Prompt user to change password before expiration](https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/interactive-logon-prompt-user-to-change-password-before-expiration) +Microsoft article for additional information. + +Password Policy Enforcer expires passwords at 1:00 AM every day on the domain controller holding the +PDC emulator operations master role. It sets "User must change password at next logon" for users +whose password has expired, or is due to expire on that day. Password Policy Enforcer does not +expire passwords if the Maximum Age rule is in Warning mode, or for users with "Password never +expires" set in Active Directory. Some passwords will not expire immediately when the Maximum Age +rule is in a Transitional mode. + +### Set up Email + +Click the **Set up email** to configure the e-mail message options. + +Type the name and email address you wish to appear in the email's From field in the **From** text +box. The correct format is "Display Name" `` + +Type the text for the email's Subject field in the **Subject** text box. + +Type the body of the email in the large text box. The email is sent as plain text unless the body +includes the `` tag. If sending email as HTML, you must include the complete HTML document +starting with `` and ending with ``. If the body is too long to fit in the text box, +type a path to a file like this: + +`file:C:\path\filename.ext` + +The path can contain environment variables like %SystemRoot%. Do not use quotes for long filenames +and do not include any other text. The Password Policy Enforcer Mailer will read the email body from +the specified file. + +The email's subject and body can contain various macros. Use these macros to personalize the email. + +| Macro | Replaced with | +| ------------------- | ------------------------------------- | +| [LOGON_NAME] | User's logon name | +| [FIRST_NAME] | User's first name | +| [LAST_NAME] | User's last name | +| [DAYS_TO_EXPIRY] | Days until password expires | +| [EXPIRY_DATE] | Expiry date in short format | +| [EXPIRY_DATE_LONG] | Expiry date in long format | +| [EXPIRY_DAY] | Expiry day (1 to 31) | +| [EXPIRY_DAY_NAME] | Expiry day (Monday, Tuesday, ...) | +| [EXPIRY_MONTH] | Expiry month (1 to 12) | +| [EXPIRY_MONTH_NAME] | Expiry month (January, February, ...) | +| [EXPIRY_YEAR] | Expiry year (2021, 2022, ...) | + +### Set up SMTP + +Opens the Notification settings. See the [Configuration Console](/docs/passwordpolicyenforcer/11.0/administration-overview/configconsole.md) topic for +additional details. diff --git a/docs/passwordpolicyenforcer/11.0/administration-overview/manage-policies/rules/minimum_age_rule.md b/docs/passwordpolicyenforcer/11.0/administration-overview/manage-policies/rules/minimum_age_rule.md new file mode 100644 index 0000000000..eedbc3b561 --- /dev/null +++ b/docs/passwordpolicyenforcer/11.0/administration-overview/manage-policies/rules/minimum_age_rule.md @@ -0,0 +1,28 @@ +--- +title: "Age (Min) Rule" +description: "Age (Min) Rule" +sidebar_position: 20 +--- + +# Age (Min) Rule + +The Minimum Age rule stops users from quickly cycling through a series of passwords in order to +evade the History and Similarity rules. This rule can only be enforced by domain policies. + +![Minimum age rule](/img/product_docs/passwordpolicyenforcer/11.0/administration/agemin.webp) + +Select the **Age (Min)** check box to enable the Minimum Age rule. + +Select the number of days before a user can change their password. + +**NOTE:** The Minimum Age rule is unique because users cannot comply with it by choosing a different +password; they must wait until the required number of days has elapsed. The Password Policy Client +consequently handles rejections by this rule differently to other rules. Rather than displaying the +usual message components, the Password Policy Client only displays the Minimum Age rule's Reason +insert. See [Password Policy Client](/docs/passwordpolicyenforcer/11.0/administration-overview/password-policy-client/password_policy_client.md) topic for additional information. +The Rejection Reason template, macros, and inserts from other rules are not displayed when a +password change is denied by the Minimum Age rule. + +The Minimum Age rule is not enforced during policy testing, but the test log does show the user's +password age. A log entry is also added if the Minimum Age rule would have rejected the password +change. diff --git a/docs/passwordpolicyenforcer/11.0/administration/patterns.md b/docs/passwordpolicyenforcer/11.0/administration-overview/manage-policies/rules/patterns.md similarity index 96% rename from docs/passwordpolicyenforcer/11.0/administration/patterns.md rename to docs/passwordpolicyenforcer/11.0/administration-overview/manage-policies/rules/patterns.md index 45ce9f470d..70d0db72bb 100644 --- a/docs/passwordpolicyenforcer/11.0/administration/patterns.md +++ b/docs/passwordpolicyenforcer/11.0/administration-overview/manage-policies/rules/patterns.md @@ -1,3 +1,9 @@ +--- +title: "Patterns Rule" +description: "Patterns Rule" +sidebar_position: 90 +--- + # Patterns Rule The Patterns rule rejects passwords that contain character patterns such as "abcde". Character diff --git a/docs/passwordpolicyenforcer/11.0/administration/repetition.md b/docs/passwordpolicyenforcer/11.0/administration-overview/manage-policies/rules/repetition.md similarity index 95% rename from docs/passwordpolicyenforcer/11.0/administration/repetition.md rename to docs/passwordpolicyenforcer/11.0/administration-overview/manage-policies/rules/repetition.md index db1f4d7ad8..127d5de808 100644 --- a/docs/passwordpolicyenforcer/11.0/administration/repetition.md +++ b/docs/passwordpolicyenforcer/11.0/administration-overview/manage-policies/rules/repetition.md @@ -1,3 +1,9 @@ +--- +title: "Repetition Rule" +description: "Repetition Rule" +sidebar_position: 100 +--- + # Repetition Rule The Repetition rule rejects passwords that contain excessive character or pattern repetition. diff --git a/docs/passwordpolicyenforcer/11.0/administration/rules.md b/docs/passwordpolicyenforcer/11.0/administration-overview/manage-policies/rules/rules.md similarity index 88% rename from docs/passwordpolicyenforcer/11.0/administration/rules.md rename to docs/passwordpolicyenforcer/11.0/administration-overview/manage-policies/rules/rules.md index a437ec1080..fdd27ab53a 100644 --- a/docs/passwordpolicyenforcer/11.0/administration/rules.md +++ b/docs/passwordpolicyenforcer/11.0/administration-overview/manage-policies/rules/rules.md @@ -1,3 +1,9 @@ +--- +title: "Rules" +description: "Rules" +sidebar_position: 10 +--- + # Rules Netwrix Password Policy Enforcer uses rules to decide if it should accept or reject a password. Each @@ -25,18 +31,18 @@ logging** on the **Test Policy** window to see which rules you have tested. Rules: -- [Age (Max) Rule](/docs/passwordpolicyenforcer/11.0/administration/maximum_age_rule.md) -- [Age (Min) Rule](/docs/passwordpolicyenforcer/11.0/administration/minimum_age_rule.md) -- [Characters (Complexity) Rule](/docs/passwordpolicyenforcer/11.0/administration/complexity_rule.md) -- [Character (Granular) Rules](/docs/passwordpolicyenforcer/11.0/administration/character_rules.md) -- [Compromised Rule](/docs/passwordpolicyenforcer/11.0/administration/compromised_rule.md) -- [Dictionary Rule](/docs/passwordpolicyenforcer/11.0/administration/dictionary_rule.md) -- [History Rule](/docs/passwordpolicyenforcer/11.0/administration/history_rule.md) -- [Length Rule](/docs/passwordpolicyenforcer/11.0/administration/length_rule.md) -- [Patterns Rule](/docs/passwordpolicyenforcer/11.0/administration/patterns.md) -- [Repetition Rule](/docs/passwordpolicyenforcer/11.0/administration/repetition.md) -- [Similarity Rule](/docs/passwordpolicyenforcer/11.0/administration/similarity_rule.md) -- [Unique Characters Rule](/docs/passwordpolicyenforcer/11.0/administration/unique_characters.md) +- [Age (Max) Rule](/docs/passwordpolicyenforcer/11.0/administration-overview/manage-policies/rules/maximum_age_rule.md) +- [Age (Min) Rule](/docs/passwordpolicyenforcer/11.0/administration-overview/manage-policies/rules/minimum_age_rule.md) +- [Characters (Complexity) Rule](/docs/passwordpolicyenforcer/11.0/administration-overview/manage-policies/rules/complexity_rule.md) +- [Character (Granular) Rules](/docs/passwordpolicyenforcer/11.0/administration-overview/manage-policies/rules/character_rules.md) +- [Compromised Rule](/docs/passwordpolicyenforcer/11.0/administration-overview/manage-policies/rules/compromised_rule.md) +- [Dictionary Rule](/docs/passwordpolicyenforcer/11.0/administration-overview/manage-policies/rules/dictionary_rule.md) +- [History Rule](/docs/passwordpolicyenforcer/11.0/administration-overview/manage-policies/rules/history_rule.md) +- [Length Rule](/docs/passwordpolicyenforcer/11.0/administration-overview/manage-policies/rules/length_rule.md) +- [Patterns Rule](/docs/passwordpolicyenforcer/11.0/administration-overview/manage-policies/rules/patterns.md) +- [Repetition Rule](/docs/passwordpolicyenforcer/11.0/administration-overview/manage-policies/rules/repetition.md) +- [Similarity Rule](/docs/passwordpolicyenforcer/11.0/administration-overview/manage-policies/rules/similarity_rule.md) +- [Unique Characters Rule](/docs/passwordpolicyenforcer/11.0/administration-overview/manage-policies/rules/unique_characters.md) ## Detecting Character Substitution diff --git a/docs/passwordpolicyenforcer/11.0/administration/similarity_rule.md b/docs/passwordpolicyenforcer/11.0/administration-overview/manage-policies/rules/similarity_rule.md similarity index 95% rename from docs/passwordpolicyenforcer/11.0/administration/similarity_rule.md rename to docs/passwordpolicyenforcer/11.0/administration-overview/manage-policies/rules/similarity_rule.md index cc0e718f7a..f81debd7c9 100644 --- a/docs/passwordpolicyenforcer/11.0/administration/similarity_rule.md +++ b/docs/passwordpolicyenforcer/11.0/administration-overview/manage-policies/rules/similarity_rule.md @@ -1,3 +1,9 @@ +--- +title: "Similarity Rule" +description: "Similarity Rule" +sidebar_position: 110 +--- + # Similarity Rule The Similarity rule rejects passwords that are similar to a user's current password. Password diff --git a/docs/passwordpolicyenforcer/11.0/administration/unique_characters.md b/docs/passwordpolicyenforcer/11.0/administration-overview/manage-policies/rules/unique_characters.md similarity index 88% rename from docs/passwordpolicyenforcer/11.0/administration/unique_characters.md rename to docs/passwordpolicyenforcer/11.0/administration-overview/manage-policies/rules/unique_characters.md index 31d1826a9d..92cd4258a1 100644 --- a/docs/passwordpolicyenforcer/11.0/administration/unique_characters.md +++ b/docs/passwordpolicyenforcer/11.0/administration-overview/manage-policies/rules/unique_characters.md @@ -1,3 +1,9 @@ +--- +title: "Unique Characters Rule" +description: "Unique Characters Rule" +sidebar_position: 120 +--- + # Unique Characters Rule The Unique Characters rule rejects passwords that do not contain a minimum number of unique diff --git a/docs/passwordpolicyenforcer/11.0/administration/testpolicy.md b/docs/passwordpolicyenforcer/11.0/administration-overview/manage-policies/testpolicy.md similarity index 98% rename from docs/passwordpolicyenforcer/11.0/administration/testpolicy.md rename to docs/passwordpolicyenforcer/11.0/administration-overview/manage-policies/testpolicy.md index 5b648cbf38..7e2edd5db1 100644 --- a/docs/passwordpolicyenforcer/11.0/administration/testpolicy.md +++ b/docs/passwordpolicyenforcer/11.0/administration-overview/manage-policies/testpolicy.md @@ -1,3 +1,9 @@ +--- +title: "Test Policy" +description: "Test Policy" +sidebar_position: 60 +--- + # Test Policy You can quickly test your Password Policy Enforcer configuration by simulating a password change. diff --git a/docs/passwordpolicyenforcer/11.0/administration-overview/manage-policies/usersgroups.md b/docs/passwordpolicyenforcer/11.0/administration-overview/manage-policies/usersgroups.md new file mode 100644 index 0000000000..3ac22d64bb --- /dev/null +++ b/docs/passwordpolicyenforcer/11.0/administration-overview/manage-policies/usersgroups.md @@ -0,0 +1,82 @@ +--- +title: "Assign Policies to Users & Groups" +description: "Assign Policies to Users & Groups" +sidebar_position: 20 +--- + +# Assign Policies to Users & Groups + +Password Policy Enforcer uses policy assignments to decide which policy to enforce for each user. +Domain policies can be assigned to users, groups, and containers (Organizational Units). Local +policies can only be assigned to users. See the +[Domain and Local Policies](/docs/passwordpolicyenforcer/11.0/installation/domain_and_local_policies.md) topic for additional information. + +**Step 1 –** Open the Configuration Console: + +Click **Start** > **Netwrix Password Policy Enforcer** > **PPE Configuration** +or +Double click the **PPE Configuration** desktop shortcut. + +**Step 2 –** Click on a policy name to open the policy configuration page. + +**Step 3 –** Open the **Users & Groups** tab. + +![Assign policies to Users and Groups](/img/product_docs/passwordpolicyenforcer/11.0/administration/usersandgroups.webp) + +When a domain policy is assigned to a user or group, Password Policy Enforcer stores the user or +group SID in the configuration. The assignment remains valid even if the user or group is renamed. +When a local policy is assigned to a user, Password Policy Enforcer stores the username in the +configuration. The assignment is invalidated if the user is renamed. + +When a policy is assigned to a group, Password Policy Enforcer enforces the policy for all members +of the group as well as any nested groups. For example, if the Helpdesk group is a member of the +Info Tech group, then any policy assigned to the Info Tech group also applies to the members of the +Helpdesk group. If this behavior is not desired, then you can assign a different policy to the +Helpdesk group. + +When a policy is assigned to a container, Password Policy Enforcer enforces the policy for all users +in the container as well as any child containers. For example, if the Helpdesk and Managers OUs are +children of the Info Tech OU, then any policy assigned to the Info Tech OU also applies to the two +child OUs. If this behavior is not desired, then you can assign a different policy to a child OU. + +![managing_policies_3](/img/product_docs/passwordpolicyenforcer/11.0/administration/managing_policies_3.webp) + +**NOTE:** Different assignment types can be used for a single policy. For example, you may assign +users to a policy by both OU and group at the same time. + +As you assign users and groups to the policy, they are displayed on the page. + +![Policy assignments](/img/product_docs/passwordpolicyenforcer/11.0/administration/usersandgroups2.webp) + +To remove a policy assignment: + +**Step 1 –** Select the user, group or container. For example, **Administrators** under **Groups**. + +**Step 2 –** Click the trash can icon in the appropriate header. For example, **Groups**. + +## Policy Assignment Conflicts + +A policy assignment conflict occurs when more than one policy is assigned to a user. Password Policy +Enforcer can resolve these conflicts and choose one policy for each user. + +Password Policy Enforcer first tries to resolve a policy assignment conflict by examining the +assignment type. Assignments by user take precedence over assignments by group, which in turn take +precedence over assignments by container. For example, if Policy A is assigned to a user by group, +and Policy B is assigned to the same user by container, then Password Policy Enforcer enforces +Policy A because assignments by group take precedence over assignments by container. + +If all the policies are assigned to the user by container, then Password Policy Enforcer enforces +the policy that is assigned to the nearest parent container. For example, if Policy A is assigned to +the Users OU, and Policy B is assigned to the Users\Students OU, then Password Policy Enforcer +enforces Policy B for all users in the Users\Students and Users\Students\Science OUs because it is +the policy assigned to the nearest parent container. + +If a policy assignment conflict still exists, then Password Policy Enforcer checks the priority of +each remaining policy, and enforces the policy with the highest priority. See the +[Policy Selection Flowchart](manage_policies.md#policy-selection-flowchart) topic for a diagrammatic +representation of this algorithm. + +Click **Test Policy** and expand the **View log** to see which policy Password Policy Enforcer +enforces for a particular user. + +![Expand View log under Test to see which policy is enforced](/img/product_docs/passwordpolicyenforcer/11.0/administration/testviewlog.webp) diff --git a/docs/passwordpolicyenforcer/11.0/administration-overview/password-policy-client/_category_.json b/docs/passwordpolicyenforcer/11.0/administration-overview/password-policy-client/_category_.json new file mode 100644 index 0000000000..7194f80dac --- /dev/null +++ b/docs/passwordpolicyenforcer/11.0/administration-overview/password-policy-client/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Password Policy Client", + "position": 50, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "password_policy_client" + } +} \ No newline at end of file diff --git a/docs/passwordpolicyenforcer/11.0/administration/configuring_the_password_policy_client.md b/docs/passwordpolicyenforcer/11.0/administration-overview/password-policy-client/configuring_the_password_policy_client.md similarity index 95% rename from docs/passwordpolicyenforcer/11.0/administration/configuring_the_password_policy_client.md rename to docs/passwordpolicyenforcer/11.0/administration-overview/password-policy-client/configuring_the_password_policy_client.md index 4058277ad3..fcbc08cf85 100644 --- a/docs/passwordpolicyenforcer/11.0/administration/configuring_the_password_policy_client.md +++ b/docs/passwordpolicyenforcer/11.0/administration-overview/password-policy-client/configuring_the_password_policy_client.md @@ -1,7 +1,13 @@ +--- +title: "Configuring the Password Policy Client" +description: "Configuring the Password Policy Client" +sidebar_position: 10 +--- + # Configuring the Password Policy Client The Password Policy Client is self-configuring and does not require manual configuration in most -cases. See the [Install Password Policy Enforcer Client](/docs/passwordpolicyenforcer/11.0/install/installationclient.md) topic for +cases. See the [Install Password Policy Enforcer Client](/docs/passwordpolicyenforcer/11.0/installation/installationclient.md) topic for additional details. You may need to manually configure the Password Policy Client if: - You want to install it in a disabled state to be enabled later. diff --git a/docs/passwordpolicyenforcer/11.0/administration/password_policy_client.md b/docs/passwordpolicyenforcer/11.0/administration-overview/password-policy-client/password_policy_client.md similarity index 83% rename from docs/passwordpolicyenforcer/11.0/administration/password_policy_client.md rename to docs/passwordpolicyenforcer/11.0/administration-overview/password-policy-client/password_policy_client.md index eb1215d6dd..627e94c3d0 100644 --- a/docs/passwordpolicyenforcer/11.0/administration/password_policy_client.md +++ b/docs/passwordpolicyenforcer/11.0/administration-overview/password-policy-client/password_policy_client.md @@ -1,10 +1,16 @@ +--- +title: "Password Policy Client" +description: "Password Policy Client" +sidebar_position: 50 +--- + # Password Policy Client The Password Policy Client helps users to choose a compliant password. Detailed information is provided if their new password is rejected. The Password Policy Client is optional. If it is not installed, the -[Similarity Rule](/docs/passwordpolicyenforcer/11.0/administration/similarity_rule.md) can not be enforced. Users only see the default Windows error +[Similarity Rule](/docs/passwordpolicyenforcer/11.0/administration-overview/manage-policies/rules/similarity_rule.md) can not be enforced. Users only see the default Windows error message if their password is rejected, not the detailed help they receive from the Password Policy Client. diff --git a/docs/passwordpolicyenforcer/11.0/administration/ppe_tool.md b/docs/passwordpolicyenforcer/11.0/administration-overview/ppe_tool.md similarity index 99% rename from docs/passwordpolicyenforcer/11.0/administration/ppe_tool.md rename to docs/passwordpolicyenforcer/11.0/administration-overview/ppe_tool.md index a34eea0611..6c77403e11 100644 --- a/docs/passwordpolicyenforcer/11.0/administration/ppe_tool.md +++ b/docs/passwordpolicyenforcer/11.0/administration-overview/ppe_tool.md @@ -1,3 +1,9 @@ +--- +title: "PPE Tool" +description: "PPE Tool" +sidebar_position: 80 +--- + # PPE Tool The PPE Tool is designed to configure local and domain instances of Password Policy Enforcer and diff --git a/docs/passwordpolicyenforcer/11.0/administration/systemaudit.md b/docs/passwordpolicyenforcer/11.0/administration-overview/systemaudit.md similarity index 96% rename from docs/passwordpolicyenforcer/11.0/administration/systemaudit.md rename to docs/passwordpolicyenforcer/11.0/administration-overview/systemaudit.md index ba4f015efd..27499d4d95 100644 --- a/docs/passwordpolicyenforcer/11.0/administration/systemaudit.md +++ b/docs/passwordpolicyenforcer/11.0/administration-overview/systemaudit.md @@ -1,3 +1,9 @@ +--- +title: "System Audit and Support" +description: "System Audit and Support" +sidebar_position: 40 +--- + # System Audit and Support Password Policy Enforcer can run a discovery and testing of your domain controllers for an overview diff --git a/docs/passwordpolicyenforcer/11.0/administration/troubleshooting.md b/docs/passwordpolicyenforcer/11.0/administration-overview/troubleshooting.md similarity index 84% rename from docs/passwordpolicyenforcer/11.0/administration/troubleshooting.md rename to docs/passwordpolicyenforcer/11.0/administration-overview/troubleshooting.md index 7ca41701b1..a039644826 100644 --- a/docs/passwordpolicyenforcer/11.0/administration/troubleshooting.md +++ b/docs/passwordpolicyenforcer/11.0/administration-overview/troubleshooting.md @@ -1,3 +1,9 @@ +--- +title: "Troubleshooting" +description: "Troubleshooting" +sidebar_position: 90 +--- + # Troubleshooting This topic contains troubleshooting information for the most common support questions. Contact @@ -11,7 +17,7 @@ them. Select the first (blank) item in the drop-down list if you do not want a d Open the Programs and Features list in Control Panel on the computer you are changing the password from, and check if the Password Policy Client is in the list of installed programs. If it is not, -then install the Password Policy Client. See the [Password Policy Client](/docs/passwordpolicyenforcer/11.0/administration/password_policy_client.md) +then install the Password Policy Client. See the [Password Policy Client](/docs/passwordpolicyenforcer/11.0/administration-overview/password-policy-client/password_policy_client.md) topic for additional information. If Password Policy Enforcer is enforcing a domain policy, then search the Windows Application Event @@ -33,7 +39,7 @@ Make sure that the Password Policy Server is enabled. See the [Configuration Console](/docs/passwordpolicyenforcer/11.0/administration/configconsoleoverview.md) topic for additional information. Make sure that the Password Policy Client is enabled. See -[Password Policy Client](/docs/passwordpolicyenforcer/11.0/administration/password_policy_client.md) topic for additional information. +[Password Policy Client](/docs/passwordpolicyenforcer/11.0/administration-overview/password-policy-client/password_policy_client.md) topic for additional information. #### Accepting passwords that do not comply with the policy @@ -47,7 +53,7 @@ local policies, search the Application Event Log on the local computer. Use the Test Policies page to test a password that Password Policy Enforcer is accepting. Examine the test results and event log to determine why Password Policy Enforcer accepted the password. If the Test Policies page rejects the password, you must configure the policy. See the -[Policy Testing vs. Password Changes](testpolicy.md#policy-testing-vs-password-changes) topic for +[Policy Testing vs. Password Changes](/docs/passwordpolicyenforcer/11.0/administration-overview/manage-policies/testpolicy.md#policy-testing-vs-password-changes) topic for additional information. If the **Enforce policy when password is reset** check box is not selected in the PPS Properties @@ -61,7 +67,7 @@ Password screen. Use the Test Policies page to test a password that Password Policy Enforcer is rejecting. Examine the test results and event log to determine why Password Policy Enforcer rejected the password. If the Test Policies page rejects the password, you must configure the policy. See the -[Policy Testing vs. Password Changes](testpolicy.md#policy-testing-vs-password-changes) topic for +[Policy Testing vs. Password Changes](/docs/passwordpolicyenforcer/11.0/administration-overview/manage-policies/testpolicy.md#policy-testing-vs-password-changes) topic for additional information. Set **User must change password at next logon** for the user and repeat the password change test. If @@ -72,5 +78,5 @@ at next logon before every password change test to bypass the rule. #### Passwords that are accepted in the Test Policies page are rejected during a password change -See the [Policy Testing vs. Password Changes](testpolicy.md#policy-testing-vs-password-changes) +See the [Policy Testing vs. Password Changes](/docs/passwordpolicyenforcer/11.0/administration-overview/manage-policies/testpolicy.md#policy-testing-vs-password-changes) topic for additional information. diff --git a/docs/passwordpolicyenforcer/11.0/administration/windowseventviewer.md b/docs/passwordpolicyenforcer/11.0/administration-overview/windowseventviewer.md similarity index 86% rename from docs/passwordpolicyenforcer/11.0/administration/windowseventviewer.md rename to docs/passwordpolicyenforcer/11.0/administration-overview/windowseventviewer.md index 7f102cdbbf..f68045d9c9 100644 --- a/docs/passwordpolicyenforcer/11.0/administration/windowseventviewer.md +++ b/docs/passwordpolicyenforcer/11.0/administration-overview/windowseventviewer.md @@ -1,3 +1,9 @@ +--- +title: "View Event Logs in Windows Event Viewer" +description: "View Event Logs in Windows Event Viewer" +sidebar_position: 100 +--- + # View Event Logs in Windows Event Viewer Follow the steps below to view events logs in Windows Event Viewer. diff --git a/docs/passwordpolicyenforcer/11.0/administration/cmdlets.md b/docs/passwordpolicyenforcer/11.0/administration/cmdlets.md deleted file mode 100644 index dc672afb09..0000000000 --- a/docs/passwordpolicyenforcer/11.0/administration/cmdlets.md +++ /dev/null @@ -1,47 +0,0 @@ -# PPE cmdlets - -The PPE Cmdlets are available to manage Password Policy Enforcer from a Windows PowerShell. The -cmdlets are not case-sensitive. - -To establish the connection: - -**Step 1 –** Open a Windows PowerShell. Some cmdlets require administrative permissions. You can use -the **Run as Administrator** option. - -**Step 2 –** Import the PPE cmdlets module: -**Import-Module "C:\Program Files\Password Policy Enforcer\PS\PPEConf.PowerShell.dll"** - -**Step 3 –** Connect to your domain: -**Connect-PPE -d "_domain_"** where _domain_ is the full name of your domain controller. -**NT-DC03.NWXTECH.COM** in this example. - -**Get-PPEHelp** with no parameters, displays a list of available cmdlets. Use the PowerShell -**get-help** _Cmdlet_ for information about the cmdlet. - -![PPE cmdlets Connect](/img/product_docs/passwordpolicyenforcer/11.0/administration/cmdletconnect.webp) - -Click a PPE cmdlet name for details. - -- [Connect-PPE](/docs/passwordpolicyenforcer/11.0/administration/cmdconnectppe.md) -- [Copy-PPEPolicy](/docs/passwordpolicyenforcer/11.0/administration/cmdcopyppepolicy.md) -- [Export-PPEConfig](/docs/passwordpolicyenforcer/11.0/administration/cmdexportppeconfig.md) -- [Export-PPEPolicy](/docs/passwordpolicyenforcer/11.0/administration/cmdexportppepolicy.md) -- [Get-PPEBulkPasswordTest](/docs/passwordpolicyenforcer/11.0/administration/cmdgetppebulkpasswordtest.md) -- [Get-PPEConfigReport](/docs/passwordpolicyenforcer/11.0/administration/cmdgetppeconfigreport.md) -- [Get-PPEDefaultPolicy](/docs/passwordpolicyenforcer/11.0/administration/cmdgetppedefaultpolicy.md) -- [Get-PPEEnabled](/docs/passwordpolicyenforcer/11.0/administration/cmdgetppeenabled.md) -- [Get-PPEHelp](/docs/passwordpolicyenforcer/11.0/administration/cmdgetppehelp.md) -- [Get-PPELicenseInfo](/docs/passwordpolicyenforcer/11.0/administration/cmdgetppelicenseinfo.md) -- [Get-PPEPasswordTest](/docs/passwordpolicyenforcer/11.0/administration/cmdgetppepasswordtest.md) -- [Get-PPEPolicies](/docs/passwordpolicyenforcer/11.0/administration/cmdgetppepolicies.md) -- [Get-PPEPolicyEnabled](/docs/passwordpolicyenforcer/11.0/administration/cmdgetppepolicyenabled.md) -- [Get-PPEServerVersion](/docs/passwordpolicyenforcer/11.0/administration/cmdgetppeserverversion.md) -- [Get-PPEVersion](/docs/passwordpolicyenforcer/11.0/administration/cmdgetppeversion.md) -- [Import-PPEConfig](/docs/passwordpolicyenforcer/11.0/administration/cmdimportppeconfig.md) -- [Import-PPEPolicy](/docs/passwordpolicyenforcer/11.0/administration/cmdimportppepolicy.md) -- [Remove-PPEPolicy](/docs/passwordpolicyenforcer/11.0/administration/cmdremoveppepolicy.md) -- [Set-PPEDefaultPolicy](/docs/passwordpolicyenforcer/11.0/administration/cmdsetppedefaultpolicy.md) -- [Set-PPEEnabled](/docs/passwordpolicyenforcer/11.0/administration/cmdsetppeenabled.md) -- [Set-PPEPolicyEnabled](/docs/passwordpolicyenforcer/11.0/administration/cmdsetppepolicyenabled.md) -- [Start-PPECompromisedPasswordChecker](/docs/passwordpolicyenforcer/11.0/administration/cmdstartppecompromisedpasswordchecker.md) -- [Start-PPEHibpUpdater](/docs/passwordpolicyenforcer/11.0/administration/cmdstartppehibpupdater.md) diff --git a/docs/passwordpolicyenforcer/11.0/administration/compromised_rule.md b/docs/passwordpolicyenforcer/11.0/administration/compromised_rule.md deleted file mode 100644 index 2d6015df5a..0000000000 --- a/docs/passwordpolicyenforcer/11.0/administration/compromised_rule.md +++ /dev/null @@ -1,17 +0,0 @@ -# Compromised Rule - -The Compromised rule rejects passwords from prior breaches. These passwords should not be used as -they are vulnerable to credential stuffing attacks. - -![Compromised password rule](/img/product_docs/passwordpolicyenforcer/11.0/administration/compromised.webp) - -Select the **Compromised** check box to enable the Compromised rule. - -You can browse to your compromised passwords base files or type a path into the text box. The path -can contain environment variables like - -**CAUTION:** %SystemRoot%. hash files should only be read from a local disk. Using shared hash files -degrades performance, and could jeopardize security. - -See the [HIBP Updater](/docs/passwordpolicyenforcer/11.0/administration/hibpupdater.md) topic for the information about the Have I Been Pwnd (HIBP) -database usage. diff --git a/docs/passwordpolicyenforcer/11.0/administration/configconsoleoverview.md b/docs/passwordpolicyenforcer/11.0/administration/configconsoleoverview.md index 664defd38b..a4999bdbe1 100644 --- a/docs/passwordpolicyenforcer/11.0/administration/configconsoleoverview.md +++ b/docs/passwordpolicyenforcer/11.0/administration/configconsoleoverview.md @@ -2,7 +2,7 @@ This Password Policy Enforcer configuration console configures and manages Password Policy Enforcer's global properties. It can be installed on any servers and workstations in your domain. -See the [Install the Configuration Console](/docs/passwordpolicyenforcer/11.0/install/installationconfigconsole.md) topic for +See the [Install the Configuration Console](/docs/passwordpolicyenforcer/11.0/installation/installationconfigconsole.md) topic for additional information. For security, you can disable/enable it as needed without uninstalling it. Open the Configuration Console: @@ -16,6 +16,6 @@ If this is the first time you have launched the Configuration Console, you are p ![First start](/img/product_docs/passwordpolicyenforcer/11.0/administration/ppe1.webp) -The [Configuration Console](/docs/passwordpolicyenforcer/11.0/administration/configconsole.md) is displayed: +The [Configuration Console](/docs/passwordpolicyenforcer/11.0/administration-overview/configconsole.md) is displayed: ![Configuration Console Dashboard](/img/product_docs/passwordpolicyenforcer/11.0/evaluation/ppedashboard.webp) diff --git a/docs/passwordpolicyenforcer/11.0/administration/maximum_age_rule.md b/docs/passwordpolicyenforcer/11.0/administration/maximum_age_rule.md deleted file mode 100644 index 8385a6cec7..0000000000 --- a/docs/passwordpolicyenforcer/11.0/administration/maximum_age_rule.md +++ /dev/null @@ -1,105 +0,0 @@ -# Age (Max) Rule - -The Maximum Age rule forces users to change their passwords regularly. This decreases the likelihood -of an attacker discovering a password before it changes. This rule can only be enforced by domain -policies. - -![Maximum Age rule](/img/product_docs/passwordpolicyenforcer/11.0/administration/agemax.webp) - -Select the **Age (Max)** checkbox to enable the Maximum Age rule. - -Choose a value from the first days drop-down list to specify how many days must elapse before -passwords expire. - -You can encourage users to choose longer passwords by extending the lifetime of their password if it -exceeds a certain length. To enable this feature, choose a higher value from the second days -drop-down list and a minimum length from the contains drop-down list. Passwords that contain the -required number of characters do not expire until the second (higher) days value. If both days -values are identical, then passwords will expire after the specified number of days, irrespective of -length. - -**NOTE:** When the Maximum Age rule is configured to delay the expiry of longer passwords, it -creates an Active Directory security group called "PPE Extended Maximum Age Users". Password Policy -Enforcer uses this group to identify which users are eligible for a delayed password expiry. Users -are added and removed from the group automatically. You can move and rename this group, but do not -change the pre-Windows 2000 name. Contact Netwrix support if you must change the pre-Windows 2000 -name. Change a Password Policy Enforcer configuration setting (any setting) after moving or renaming -the group to trigger a cache update in Password Policy Enforcer. Password Policy Enforcer recreates -this group if you delete it. To stop creating a group, make the two days values equal in all -policies. - -Choose a value from the Mode drop-down list to specify how Password Policy Enforcer handles expired -passwords. The Standard mode forces all users with expired passwords to change their password during -logon. The Transitional modes force a percentage of users with expired passwords to change their -password during logon. The Warning mode warns users that their password has expired without forcing -them to change it. - -Use the Warning and Transitional modes to gradually introduce a new password policy. These modes -reduce the number of forced password changes, allowing the help desk to deal with any extra calls -relating to the new policy. Switch to the Standard mode after most users have had a chance to change -their password. - -It takes approximately 50 days for all users with expired passwords to be forced to change them in -the 2% Transitional mode (2% every day). The 5% Transitional mode reduces this to 20 days, and the -10% Transitional mode further reduces it to 10 days. The selection algorithm is randomized, so these -are estimates only. You must switch to the Standard mode to ensure that all old passwords will -expire. - -Users with expired passwords are always prompted to change their password, even in the Transitional -and Warning modes. Users can ignore the prompt to change their password unless they are being forced -to change it. - -**NOTE:** The password expiry prompt is a Windows client feature, and is displayed even if the -Password Policy Client is not installed. Windows clients display the prompt 5 days before passwords -expire by default. You can alter this behavior in the Windows Group Policy security settings. See -the -[Interactive logon: Prompt user to change password before expiration](https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/interactive-logon-prompt-user-to-change-password-before-expiration) -Microsoft article for additional information. - -Password Policy Enforcer expires passwords at 1:00 AM every day on the domain controller holding the -PDC emulator operations master role. It sets "User must change password at next logon" for users -whose password has expired, or is due to expire on that day. Password Policy Enforcer does not -expire passwords if the Maximum Age rule is in Warning mode, or for users with "Password never -expires" set in Active Directory. Some passwords will not expire immediately when the Maximum Age -rule is in a Transitional mode. - -### Set up Email - -Click the **Set up email** to configure the e-mail message options. - -Type the name and email address you wish to appear in the email's From field in the **From** text -box. The correct format is "Display Name" `` - -Type the text for the email's Subject field in the **Subject** text box. - -Type the body of the email in the large text box. The email is sent as plain text unless the body -includes the `` tag. If sending email as HTML, you must include the complete HTML document -starting with `` and ending with ``. If the body is too long to fit in the text box, -type a path to a file like this: - -`file:C:\path\filename.ext` - -The path can contain environment variables like %SystemRoot%. Do not use quotes for long filenames -and do not include any other text. The Password Policy Enforcer Mailer will read the email body from -the specified file. - -The email's subject and body can contain various macros. Use these macros to personalize the email. - -| Macro | Replaced with | -| ------------------- | ------------------------------------- | -| [LOGON_NAME] | User's logon name | -| [FIRST_NAME] | User's first name | -| [LAST_NAME] | User's last name | -| [DAYS_TO_EXPIRY] | Days until password expires | -| [EXPIRY_DATE] | Expiry date in short format | -| [EXPIRY_DATE_LONG] | Expiry date in long format | -| [EXPIRY_DAY] | Expiry day (1 to 31) | -| [EXPIRY_DAY_NAME] | Expiry day (Monday, Tuesday, ...) | -| [EXPIRY_MONTH] | Expiry month (1 to 12) | -| [EXPIRY_MONTH_NAME] | Expiry month (January, February, ...) | -| [EXPIRY_YEAR] | Expiry year (2021, 2022, ...) | - -### Set up SMTP - -Opens the Notification settings. See the [Configuration Console](/docs/passwordpolicyenforcer/11.0/administration/configconsole.md) topic for -additional details. diff --git a/docs/passwordpolicyenforcer/11.0/administration/messages.md b/docs/passwordpolicyenforcer/11.0/administration/messages.md deleted file mode 100644 index 409d4c9318..0000000000 --- a/docs/passwordpolicyenforcer/11.0/administration/messages.md +++ /dev/null @@ -1,54 +0,0 @@ -# Messages - -Each Password Policy Enforcer password policy has multiple message templates, one for each of the -Password Policy Client messages. - -- Password Policy – Displays the password policy guidelines on clients that have the Netwrix - Password Policy Enforcer Client installed. -- [POLICY] – Customize the text for the active rules. -- [LIVE_POLICY] – Password Policy Client (10.2 and above) messages can be configured to display live - feedback for the active rules to users as they enter their passwords. This feature enables users - to see if their passwords meet the requirements of the policy set by the organization. Here is an - example of a live policy message. - - ![Messages](/img/product_docs/passwordpolicyenforcer/11.0/administration/mesages2.webp) - - **NOTE:** Start each custom message with two spaces, a hypen, and a space before your message so - the X and checks can appear for the rule. For example: " **- Include an upper case alpha - character.**" The quotes are only there to illustrate the message. - -- Rejection Reason – Displays why an intended password was rejected on clients that have the Netwrix - Password Policy Enforcer Client installed -- Generic Rejection – Displays if Password Policy Enforcer does not have a specific reason for the - rejection, generally because the password does not comply with the Windows password policy - -**Step 1 –** Open the Configuration Console: - -Click **Start** > **Netwrix Password Policy Enforcer** > **PPE Configuration** -or -Double click the **PPE Configuration** desktop shortcut. - -**Step 2 –** Click on a policy name to open the policy configuration page. - -**Step 3 –** Open the **Messages** tab. - -![Set up messages](/img/product_docs/accessanalyzer/12.0/admin/jobs/messages.webp) - -**Step 4 –** Select the message language from the drop-down list. You can set messages for multiple -languages. You do not have to create a Password Policy Enforcer policy for each language. To set -multiple languages, pick one, edit the message templates. Select another language, and edit the -message templates. Repeat for each language you want to implement. The correct message is displayed -to users based on their selected language. - -**Step 5 –** Edit the message templates in the Password policy, [POLICY], [LIVE_POLICY], Rejection -Reason, and Generic rejection messages for any of the components you want to use. - -**Step 6 –** Insert the macros into your message. Click **Macro** and pick one to insert it. - -![Use macros for your message](/img/product_docs/passwordpolicyenforcer/11.0/administration/messagesmacros.webp) - -**Step 7 –** Click **Save** and review your changes in the Preview area. Click **Save** f you edit -the message. - -**NOTE:** If you do not see the **Preview**, contact your network administrator to set up the -firewall to allow Password Policy Enforcer to communicate. diff --git a/docs/passwordpolicyenforcer/11.0/administration/minimum_age_rule.md b/docs/passwordpolicyenforcer/11.0/administration/minimum_age_rule.md deleted file mode 100644 index 17812fb64a..0000000000 --- a/docs/passwordpolicyenforcer/11.0/administration/minimum_age_rule.md +++ /dev/null @@ -1,22 +0,0 @@ -# Age (Min) Rule - -The Minimum Age rule stops users from quickly cycling through a series of passwords in order to -evade the History and Similarity rules. This rule can only be enforced by domain policies. - -![Minimum age rule](/img/product_docs/passwordpolicyenforcer/11.0/administration/agemin.webp) - -Select the **Age (Min)** check box to enable the Minimum Age rule. - -Select the number of days before a user can change their password. - -**NOTE:** The Minimum Age rule is unique because users cannot comply with it by choosing a different -password; they must wait until the required number of days has elapsed. The Password Policy Client -consequently handles rejections by this rule differently to other rules. Rather than displaying the -usual message components, the Password Policy Client only displays the Minimum Age rule's Reason -insert. See [Password Policy Client](/docs/passwordpolicyenforcer/11.0/administration/password_policy_client.md) topic for additional information. -The Rejection Reason template, macros, and inserts from other rules are not displayed when a -password change is denied by the Minimum Age rule. - -The Minimum Age rule is not enforced during policy testing, but the test log does show the user's -password age. A log entry is also added if the Minimum Age rule would have rejected the password -change. diff --git a/docs/passwordpolicyenforcer/11.0/administration/passphrases.md b/docs/passwordpolicyenforcer/11.0/administration/passphrases.md deleted file mode 100644 index 471ebb7064..0000000000 --- a/docs/passwordpolicyenforcer/11.0/administration/passphrases.md +++ /dev/null @@ -1,35 +0,0 @@ -# Passphrase - -Passphrases have gained popularity in recent years as they can be more difficult to crack and easier -to remember than passwords. The difference between passwords and passphrases is their length. -Passwords are rarely longer than 15 characters, but passphrases commonly contain 20 or more -characters. - -Complexity and dictionary rules are less important for passphrases as passphrases rely primarily on -length for security. You may want to relax some password policy requirements for passphrases. - -**Step 1 –** Open the Configuration Console: - -Click **Start** > **Netwrix Password Policy Enforcer** > **PPE Configuration** -or -Double click the **PPE Configuration** desktop shortcut. - -**Step 2 –** Click on a policy name to open the policy configuration page. - -**Step 3 –** Open the **Passphrase** tab. - -![Enable Passphrases](/img/product_docs/passwordpolicyenforcer/11.0/administration/passphrase.webp) - -**Step 4 –** Select the number of characters the password must contain before the selected rules are -disabled. - -**Step 5 –** Select the rules to be disabled. - -Disabled rules are not counted when calculating the compliance level, but Password Policy Enforcer -accepts passphrases that comply with all enabled rules, irrespective of the compliance level. This -ensures that passphrases can be used, even if they do not meet the compliance level when Password -Policy Enforcer is configured to disable one or more rules for passphrases. - -**NOTE:** Opinions differ on how long a passphrase needs to be. Even a 30 character passphrase can -be weaker than a well-chosen password. Do not disable too many rules under the assumption that -length alone makes up for the reduced complexity. diff --git a/docs/passwordpolicyenforcer/11.0/administration/usersgroups.md b/docs/passwordpolicyenforcer/11.0/administration/usersgroups.md deleted file mode 100644 index 7315ffee3f..0000000000 --- a/docs/passwordpolicyenforcer/11.0/administration/usersgroups.md +++ /dev/null @@ -1,76 +0,0 @@ -# Assign Policies to Users & Groups - -Password Policy Enforcer uses policy assignments to decide which policy to enforce for each user. -Domain policies can be assigned to users, groups, and containers (Organizational Units). Local -policies can only be assigned to users. See the -[Domain and Local Policies](/docs/passwordpolicyenforcer/11.0/administration/domain_and_local_policies.md) topic for additional information. - -**Step 1 –** Open the Configuration Console: - -Click **Start** > **Netwrix Password Policy Enforcer** > **PPE Configuration** -or -Double click the **PPE Configuration** desktop shortcut. - -**Step 2 –** Click on a policy name to open the policy configuration page. - -**Step 3 –** Open the **Users & Groups** tab. - -![Assign policies to Users and Groups](/img/product_docs/passwordpolicyenforcer/11.0/administration/usersandgroups.webp) - -When a domain policy is assigned to a user or group, Password Policy Enforcer stores the user or -group SID in the configuration. The assignment remains valid even if the user or group is renamed. -When a local policy is assigned to a user, Password Policy Enforcer stores the username in the -configuration. The assignment is invalidated if the user is renamed. - -When a policy is assigned to a group, Password Policy Enforcer enforces the policy for all members -of the group as well as any nested groups. For example, if the Helpdesk group is a member of the -Info Tech group, then any policy assigned to the Info Tech group also applies to the members of the -Helpdesk group. If this behavior is not desired, then you can assign a different policy to the -Helpdesk group. - -When a policy is assigned to a container, Password Policy Enforcer enforces the policy for all users -in the container as well as any child containers. For example, if the Helpdesk and Managers OUs are -children of the Info Tech OU, then any policy assigned to the Info Tech OU also applies to the two -child OUs. If this behavior is not desired, then you can assign a different policy to a child OU. - -![managing_policies_3](/img/product_docs/passwordpolicyenforcer/11.0/administration/managing_policies_3.webp) - -**NOTE:** Different assignment types can be used for a single policy. For example, you may assign -users to a policy by both OU and group at the same time. - -As you assign users and groups to the policy, they are displayed on the page. - -![Policy assignments](/img/product_docs/passwordpolicyenforcer/11.0/administration/usersandgroups2.webp) - -To remove a policy assignment: - -**Step 1 –** Select the user, group or container. For example, **Administrators** under **Groups**. - -**Step 2 –** Click the trash can icon in the appropriate header. For example, **Groups**. - -## Policy Assignment Conflicts - -A policy assignment conflict occurs when more than one policy is assigned to a user. Password Policy -Enforcer can resolve these conflicts and choose one policy for each user. - -Password Policy Enforcer first tries to resolve a policy assignment conflict by examining the -assignment type. Assignments by user take precedence over assignments by group, which in turn take -precedence over assignments by container. For example, if Policy A is assigned to a user by group, -and Policy B is assigned to the same user by container, then Password Policy Enforcer enforces -Policy A because assignments by group take precedence over assignments by container. - -If all the policies are assigned to the user by container, then Password Policy Enforcer enforces -the policy that is assigned to the nearest parent container. For example, if Policy A is assigned to -the Users OU, and Policy B is assigned to the Users\Students OU, then Password Policy Enforcer -enforces Policy B for all users in the Users\Students and Users\Students\Science OUs because it is -the policy assigned to the nearest parent container. - -If a policy assignment conflict still exists, then Password Policy Enforcer checks the priority of -each remaining policy, and enforces the policy with the highest priority. See the -[Policy Selection Flowchart](manage_policies.md#policy-selection-flowchart) topic for a diagrammatic -representation of this algorithm. - -Click **Test Policy** and expand the **View log** to see which policy Password Policy Enforcer -enforces for a particular user. - -![Expand View log under Test to see which policy is enforced](/img/product_docs/passwordpolicyenforcer/11.0/administration/testviewlog.webp) diff --git a/docs/passwordpolicyenforcer/11.0/evaluation-overview/_category_.json b/docs/passwordpolicyenforcer/11.0/evaluation-overview/_category_.json new file mode 100644 index 0000000000..8ccf8e8f97 --- /dev/null +++ b/docs/passwordpolicyenforcer/11.0/evaluation-overview/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Evaluate Password Policy Enforcer", + "position": 50, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "evaluation_overview" + } +} \ No newline at end of file diff --git a/docs/passwordpolicyenforcer/11.0/evaluation/conclusion.md b/docs/passwordpolicyenforcer/11.0/evaluation-overview/conclusion.md similarity index 76% rename from docs/passwordpolicyenforcer/11.0/evaluation/conclusion.md rename to docs/passwordpolicyenforcer/11.0/evaluation-overview/conclusion.md index e540baedb6..ff16932fb3 100644 --- a/docs/passwordpolicyenforcer/11.0/evaluation/conclusion.md +++ b/docs/passwordpolicyenforcer/11.0/evaluation-overview/conclusion.md @@ -1,12 +1,18 @@ +--- +title: "Conclusion" +description: "Conclusion" +sidebar_position: 80 +--- + # Conclusion Congratulations! You have successfully installed, configured, and tested Netwrix Password Policy Enforcer. This guide is an introduction to Password Policy Enforcer's capabilities. You can enforce almost any password policy imaginable with Password Policy Enforcer, customize the Password Policy Client messages, and even synchronize passwords with other networks and applications. The -[Administration](/docs/passwordpolicyenforcer/11.0/administration/administration_overview.md) topic contains more information to +[Administration](/docs/passwordpolicyenforcer/11.0/administration-overview/administration_overview.md) topic contains more information to help you get the most out of Password Policy Enforcer. -The [Password Policy Enforcer Web](/docs/passwordpolicyenforcer/11.0/web/web_overview.md) application enables users to securely +The [Password Policy Enforcer Web](/docs/passwordpolicyenforcer/11.0/web-overview/web_overview.md) application enables users to securely manage their passwords from a web browser, ensuring passwords comply with the password policy, and helping users choose compliant passwords. diff --git a/docs/passwordpolicyenforcer/11.0/evaluation/configuring_policy_rules.md b/docs/passwordpolicyenforcer/11.0/evaluation-overview/configuring_policy_rules.md similarity index 97% rename from docs/passwordpolicyenforcer/11.0/evaluation/configuring_policy_rules.md rename to docs/passwordpolicyenforcer/11.0/evaluation-overview/configuring_policy_rules.md index 13ffff333e..f1e3f8aea8 100644 --- a/docs/passwordpolicyenforcer/11.0/evaluation/configuring_policy_rules.md +++ b/docs/passwordpolicyenforcer/11.0/evaluation-overview/configuring_policy_rules.md @@ -1,3 +1,9 @@ +--- +title: "Configure Policy Rules" +description: "Configure Policy Rules" +sidebar_position: 40 +--- + # Configure Policy Rules The policy you just created does not enforce any password requirements yet. You can now configure diff --git a/docs/passwordpolicyenforcer/11.0/evaluation-overview/creating-a-password-policy/_category_.json b/docs/passwordpolicyenforcer/11.0/evaluation-overview/creating-a-password-policy/_category_.json new file mode 100644 index 0000000000..b944d1d256 --- /dev/null +++ b/docs/passwordpolicyenforcer/11.0/evaluation-overview/creating-a-password-policy/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Create a Password Policy", + "position": 30, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "creating_a_password_policy" + } +} \ No newline at end of file diff --git a/docs/passwordpolicyenforcer/11.0/evaluation/creating_a_password_policy.md b/docs/passwordpolicyenforcer/11.0/evaluation-overview/creating-a-password-policy/creating_a_password_policy.md similarity index 89% rename from docs/passwordpolicyenforcer/11.0/evaluation/creating_a_password_policy.md rename to docs/passwordpolicyenforcer/11.0/evaluation-overview/creating-a-password-policy/creating_a_password_policy.md index 5b0f029da8..f6bfd404db 100644 --- a/docs/passwordpolicyenforcer/11.0/evaluation/creating_a_password_policy.md +++ b/docs/passwordpolicyenforcer/11.0/evaluation-overview/creating-a-password-policy/creating_a_password_policy.md @@ -1,3 +1,9 @@ +--- +title: "Create a Password Policy" +description: "Create a Password Policy" +sidebar_position: 30 +--- + # Create a Password Policy There are no password policies defined when Password Policy Enforcer is first installed. You can now @@ -22,7 +28,7 @@ getting started with Password Policy Enforcer. example. **Step 4 –** Select a Policy template or **None** if you are creating your own. For a list of -policies see [Policy Templates ](/docs/passwordpolicyenforcer/11.0/evaluation/policy_templates.md). +policies see [Policy Templates ](/docs/passwordpolicyenforcer/11.0/evaluation-overview/creating-a-password-policy/policy_templates.md). **Step 5 –** Click **Create policy**. diff --git a/docs/passwordpolicyenforcer/11.0/evaluation/policy_templates.md b/docs/passwordpolicyenforcer/11.0/evaluation-overview/creating-a-password-policy/policy_templates.md similarity index 96% rename from docs/passwordpolicyenforcer/11.0/evaluation/policy_templates.md rename to docs/passwordpolicyenforcer/11.0/evaluation-overview/creating-a-password-policy/policy_templates.md index 0c506f6bf7..b87a6522ab 100644 --- a/docs/passwordpolicyenforcer/11.0/evaluation/policy_templates.md +++ b/docs/passwordpolicyenforcer/11.0/evaluation-overview/creating-a-password-policy/policy_templates.md @@ -1,3 +1,9 @@ +--- +title: "Policy Templates" +description: "Policy Templates" +sidebar_position: 10 +--- + # Policy Templates Password Policy Enforcer contains Out-of-the-box Policy Templates based on the requirements of the diff --git a/docs/passwordpolicyenforcer/11.0/evaluation/enforcing_multiple_policies.md b/docs/passwordpolicyenforcer/11.0/evaluation-overview/enforcing_multiple_policies.md similarity index 93% rename from docs/passwordpolicyenforcer/11.0/evaluation/enforcing_multiple_policies.md rename to docs/passwordpolicyenforcer/11.0/evaluation-overview/enforcing_multiple_policies.md index fd6ac7542e..0ab5f3f00e 100644 --- a/docs/passwordpolicyenforcer/11.0/evaluation/enforcing_multiple_policies.md +++ b/docs/passwordpolicyenforcer/11.0/evaluation-overview/enforcing_multiple_policies.md @@ -1,3 +1,9 @@ +--- +title: "Enforce Multiple Policies" +description: "Enforce Multiple Policies" +sidebar_position: 70 +--- + # Enforce Multiple Policies Password Policy Enforcer can enforce up to 256 password policies on each domain or computer. You can @@ -64,6 +70,6 @@ Active Directory Users and Computers console, or the Local Users and Groups cons changes and resets for the **PPETestUser** and **PPETestAdmin** accounts. Password Policy Enforcer should enforce the Eval policy for **PPETestUser**, and the Admins policy for **PPETestAdmin**. -**NOTE:** The [Set Priorities](/docs/passwordpolicyenforcer/11.0/administration/manage_policies.md#set-priorities) topic contains +**NOTE:** The [Set Priorities](/docs/passwordpolicyenforcer/11.0/administration-overview/manage-policies/manage_policies.md#set-priorities) topic contains more information about policy assignments, and how Password Policy Enforcer resolves policy assignment conflicts that occur when more than one policy is assigned to a user. diff --git a/docs/passwordpolicyenforcer/11.0/evaluation/evaluation_overview.md b/docs/passwordpolicyenforcer/11.0/evaluation-overview/evaluation_overview.md similarity index 89% rename from docs/passwordpolicyenforcer/11.0/evaluation/evaluation_overview.md rename to docs/passwordpolicyenforcer/11.0/evaluation-overview/evaluation_overview.md index 3c4c1bdd9e..e0e2dc7947 100644 --- a/docs/passwordpolicyenforcer/11.0/evaluation/evaluation_overview.md +++ b/docs/passwordpolicyenforcer/11.0/evaluation-overview/evaluation_overview.md @@ -1,3 +1,9 @@ +--- +title: "Evaluate Password Policy Enforcer" +description: "Evaluate Password Policy Enforcer" +sidebar_position: 50 +--- + # Evaluate Password Policy Enforcer Netwrix Password Policy Enforcer is an advanced password filter for Windows. Use this guide to diff --git a/docs/passwordpolicyenforcer/11.0/evaluation/improving_the_password_policy.md b/docs/passwordpolicyenforcer/11.0/evaluation-overview/improving_the_password_policy.md similarity index 94% rename from docs/passwordpolicyenforcer/11.0/evaluation/improving_the_password_policy.md rename to docs/passwordpolicyenforcer/11.0/evaluation-overview/improving_the_password_policy.md index 64b05f5b59..301efc9b97 100644 --- a/docs/passwordpolicyenforcer/11.0/evaluation/improving_the_password_policy.md +++ b/docs/passwordpolicyenforcer/11.0/evaluation-overview/improving_the_password_policy.md @@ -1,3 +1,9 @@ +--- +title: "Improve the Password Policy" +description: "Improve the Password Policy" +sidebar_position: 60 +--- + # Improve the Password Policy Password Policy Enforcer rules have properties that control how rules are enforced. You can improve diff --git a/docs/passwordpolicyenforcer/11.0/evaluation-overview/installforeval.md b/docs/passwordpolicyenforcer/11.0/evaluation-overview/installforeval.md new file mode 100644 index 0000000000..7f8dd96a25 --- /dev/null +++ b/docs/passwordpolicyenforcer/11.0/evaluation-overview/installforeval.md @@ -0,0 +1,25 @@ +--- +title: "Install Password Policy Enforcer for Evaluation" +description: "Install Password Policy Enforcer for Evaluation" +sidebar_position: 20 +--- + +# Install Password Policy Enforcer for Evaluation + +The evaluation installation uses the standard installation packages: + +- Server Installation: install on each server and domain controller in the domain you are + evaluating. You can install manually using the procedure in + [Install Password Policy Enforcer on a Server](/docs/passwordpolicyenforcer/11.0/installation/installationserver.md) or automatically + with [Install with Group Policy Management](/docs/passwordpolicyenforcer/11.0/installation/installationgpm.md) procedure. Installing + Password Policy Enforcer does not extend the Active Directory schema. Be sure and install the + **Configuration Console** feature on at least one server. +- Client Installation: install on each workstation you are evaluating. The Password Policy Client is + an optional Password Policy Enforcer component to help users choose compliant passwords. Follow + the [Install Password Policy Enforcer Client](/docs/passwordpolicyenforcer/11.0/installation/installationclient.md) procedure, or + [Install with Group Policy Management](/docs/passwordpolicyenforcer/11.0/installation/installationgpm.md). + +You may need to create a firewall port exception on the domain controllers if you are evaluating the +Password Policy Client on a domain with client computers. See the +[Password Policy Client](/docs/passwordpolicyenforcer/11.0/administration-overview/password-policy-client/password_policy_client.md) topic for additional +information. diff --git a/docs/passwordpolicyenforcer/11.0/evaluation/preparing_the_computer.md b/docs/passwordpolicyenforcer/11.0/evaluation-overview/preparing_the_computer.md similarity index 96% rename from docs/passwordpolicyenforcer/11.0/evaluation/preparing_the_computer.md rename to docs/passwordpolicyenforcer/11.0/evaluation-overview/preparing_the_computer.md index 6a23bef113..e3148f18fd 100644 --- a/docs/passwordpolicyenforcer/11.0/evaluation/preparing_the_computer.md +++ b/docs/passwordpolicyenforcer/11.0/evaluation-overview/preparing_the_computer.md @@ -1,3 +1,9 @@ +--- +title: "Prepare the Computer" +description: "Prepare the Computer" +sidebar_position: 10 +--- + # Prepare the Computer You only need one computer for the evaluation. A Windows Server 2016, 2019, or 2022 domain diff --git a/docs/passwordpolicyenforcer/11.0/evaluation/testing_the_password_policy.md b/docs/passwordpolicyenforcer/11.0/evaluation-overview/testing_the_password_policy.md similarity index 95% rename from docs/passwordpolicyenforcer/11.0/evaluation/testing_the_password_policy.md rename to docs/passwordpolicyenforcer/11.0/evaluation-overview/testing_the_password_policy.md index 9729df13bb..6d3b0a427b 100644 --- a/docs/passwordpolicyenforcer/11.0/evaluation/testing_the_password_policy.md +++ b/docs/passwordpolicyenforcer/11.0/evaluation-overview/testing_the_password_policy.md @@ -1,3 +1,9 @@ +--- +title: "Test the Password Policy" +description: "Test the Password Policy" +sidebar_position: 50 +--- + # Test the Password Policy You can test the policy from the policy settings right where you are in the policy settings. You can @@ -33,7 +39,7 @@ event log can help you to understand why Password Policy Enforcer accepted or re **NOTE:** Policy testing simulates a password change, but it may not always reflect what happens when a user changes their password. See the -[Policy Testing vs. Password Changes](/docs/passwordpolicyenforcer/11.0/administration/testpolicy.md#policy-testing-vs-password-changes) +[Policy Testing vs. Password Changes](/docs/passwordpolicyenforcer/11.0/administration-overview/manage-policies/testpolicy.md#policy-testing-vs-password-changes) topic for additional information. ## Windows Change Password Screen @@ -65,7 +71,7 @@ The Password Policy Client does not modify any Windows system files, and you do it to enforce a Password Policy Enforcer password policy. Web browser based versions of the Password Policy Enforcer Client are also available. See the [Administration](/docs/passwordpolicyenforcer/11.0/passwordreset/administration/administration_overview.md) and -[](http://www.anixis.com/products/ppeweb/)[Password Policy Enforcer Web](/docs/passwordpolicyenforcer/11.0/web/web_overview.md) +[](http://www.anixis.com/products/ppeweb/)[Password Policy Enforcer Web](/docs/passwordpolicyenforcer/11.0/web-overview/web_overview.md) topics for more information. Password Reset and Password Policy Enforcer/Web are licensed separately. diff --git a/docs/passwordpolicyenforcer/11.0/evaluation/installforeval.md b/docs/passwordpolicyenforcer/11.0/evaluation/installforeval.md deleted file mode 100644 index 551b691456..0000000000 --- a/docs/passwordpolicyenforcer/11.0/evaluation/installforeval.md +++ /dev/null @@ -1,19 +0,0 @@ -# Install Password Policy Enforcer for Evaluation - -The evaluation installation uses the standard installation packages: - -- Server Installation: install on each server and domain controller in the domain you are - evaluating. You can install manually using the procedure in - [Install Password Policy Enforcer on a Server](/docs/passwordpolicyenforcer/11.0/install/installationserver.md) or automatically - with [Install with Group Policy Management](/docs/passwordpolicyenforcer/11.0/install/installationgpm.md) procedure. Installing - Password Policy Enforcer does not extend the Active Directory schema. Be sure and install the - **Configuration Console** feature on at least one server. -- Client Installation: install on each workstation you are evaluating. The Password Policy Client is - an optional Password Policy Enforcer component to help users choose compliant passwords. Follow - the [Install Password Policy Enforcer Client](/docs/passwordpolicyenforcer/11.0/install/installationclient.md) procedure, or - [Install with Group Policy Management](/docs/passwordpolicyenforcer/11.0/install/installationgpm.md). - -You may need to create a firewall port exception on the domain controllers if you are evaluating the -Password Policy Client on a domain with client computers. See the -[Password Policy Client](/docs/passwordpolicyenforcer/11.0/administration/password_policy_client.md) topic for additional -information. diff --git a/docs/passwordpolicyenforcer/11.0/gettingstarted.md b/docs/passwordpolicyenforcer/11.0/gettingstarted.md deleted file mode 100644 index a0e064f85f..0000000000 --- a/docs/passwordpolicyenforcer/11.0/gettingstarted.md +++ /dev/null @@ -1,50 +0,0 @@ -# Getting Started - -Review the [Requirements](/docs/passwordpolicyenforcer/11.0/requirements.md) and the -[Domain and Local Policies](/docs/passwordpolicyenforcer/11.0/administration/domain_and_local_policies.md) topics. - -## Install Products - -Password Policy Enforcer (PPE Server) is installed on every domain controller to enforce the -password policy for domain user accounts, or on individual servers and workstations to enforce the -password policy for local user accounts. See the -[Install Password Policy Enforcer on a Server](/docs/passwordpolicyenforcer/11.0/install/installationserver.md) or -[Install with Group Policy Management](/docs/passwordpolicyenforcer/11.0/install/installationgpm.md) topics for additional -information. - -The Configuration Console can be installed on what ever servers are convenient for you to access. It -is a selectable feature in the server installation **msi** package. See the -[Install Password Policy Enforcer on a Server](/docs/passwordpolicyenforcer/11.0/install/installationserver.md) topic for additional -information. - -The Mailer Service is installed on a single server in each domain. See the -[Install Password Policy Enforcer on a Server](/docs/passwordpolicyenforcer/11.0/install/installationserver.md) topic for additional -information. - -Password Policy Enforcer client is optional, but recommended. Users receive immediate feedback when -setting up their passwords. This saves your users time and frustration when picking compliant -passwords. See the [Install Password Policy Enforcer Client](/docs/passwordpolicyenforcer/11.0/install/installationclient.md) or -[Install with Group Policy Management](/docs/passwordpolicyenforcer/11.0/install/installationgpm.md) topics for additional -information. - -Password Policy Enforcer Web is a separate product enabling users to change their Windows domain -password from a web browser. See the [Password Policy Enforcer Web](/docs/passwordpolicyenforcer/11.0/web/web_overview.md) topic for -additional information. - -Create the **Compromised Passwords Base** prior to enabling the Compromised Password Check. See the -[HIBP Updater](/docs/passwordpolicyenforcer/11.0/administration/hibpupdater.md) topic for additional information. - -## Exclude PPE Files from AntiVirus Checks - -Domain Controller - -**PPE.DLL** if this file does not load, the password policy is not enforced. - -Clients - -**PPEClt.dll** and **APRClt.dll** if either of these files are blocked, the client does not run. - -## Next Steps - -You can work through the [Evaluate Password Policy Enforcer](/docs/passwordpolicyenforcer/11.0/evaluation/evaluation_overview.md) or -open the [Configuration Console](/docs/passwordpolicyenforcer/11.0/administration/configconsoleoverview.md). diff --git a/docs/passwordpolicyenforcer/11.0/install/uninstall.md b/docs/passwordpolicyenforcer/11.0/install/uninstall.md deleted file mode 100644 index 2280514006..0000000000 --- a/docs/passwordpolicyenforcer/11.0/install/uninstall.md +++ /dev/null @@ -1,25 +0,0 @@ -# Uninstall Netwrix Password Policy Enforcer - -Follow the steps to uninstall Password Policy Enforcer. - -You can uninstall Password Policy Enforcer on every domain server and computer, or use Group Policy -Management to remove the PPE Server and PPE Client on all machines. - -You can also install/uninstall the products using command line -[Silent Installation](/docs/passwordpolicyenforcer/11.0/administration/command_line_interface.md#silent-installation). - -**Step 1 –** Open **Start** > **Control Panel** > **Programs and Features** on each system where a -PPE component is installed. - -**Step 2 –** Click **Uninstall a program**. - -**Step 3 –** Select Netwrix Password Policy Enforcer to uninstall the PPE Server, PPE Configuration -Console and Mailer. - -**Step 4 –** Click **Uninstall**. - -**Step 5 –** Select Netwrix Password Policy Client to uninstall the client. - -**Step 6 –** Click **Uninstall**. - -**Step 7 –** Reboot the Domain Controller. diff --git a/docs/passwordpolicyenforcer/11.0/installation/_category_.json b/docs/passwordpolicyenforcer/11.0/installation/_category_.json new file mode 100644 index 0000000000..0f6ac7ae2c --- /dev/null +++ b/docs/passwordpolicyenforcer/11.0/installation/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Installation", + "position": 30, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/passwordpolicyenforcer/11.0/administration/disable_windows_rules.md b/docs/passwordpolicyenforcer/11.0/installation/disable_windows_rules.md similarity index 90% rename from docs/passwordpolicyenforcer/11.0/administration/disable_windows_rules.md rename to docs/passwordpolicyenforcer/11.0/installation/disable_windows_rules.md index cad6c57c6b..7529ae4cfd 100644 --- a/docs/passwordpolicyenforcer/11.0/administration/disable_windows_rules.md +++ b/docs/passwordpolicyenforcer/11.0/installation/disable_windows_rules.md @@ -1,3 +1,9 @@ +--- +title: "Disable Windows Rules" +description: "Disable Windows Rules" +sidebar_position: 80 +--- + # Disable Windows Rules The Windows password policy rules can place restrictions on password history, age, length, and @@ -5,7 +11,7 @@ complexity. If you enable the Password Policy Enforcer rules and the Windows rul comply with both sets of rules. Password Policy Enforcer has its own history, minimum and maximum age, length, and complexity rules. -See the [Rules](/docs/passwordpolicyenforcer/11.0/administration/rules.md) topic for additional information. You can use the Password Policy Enforcer +See the [Rules](/docs/passwordpolicyenforcer/11.0/administration-overview/manage-policies/rules/rules.md) topic for additional information. You can use the Password Policy Enforcer and Windows rules together. A password is only accepted if it complies with the Windows and Password Policy Enforcer password policies. diff --git a/docs/passwordpolicyenforcer/11.0/administration/domain_and_local_policies.md b/docs/passwordpolicyenforcer/11.0/installation/domain_and_local_policies.md similarity index 89% rename from docs/passwordpolicyenforcer/11.0/administration/domain_and_local_policies.md rename to docs/passwordpolicyenforcer/11.0/installation/domain_and_local_policies.md index d0c6e14995..10acbb488a 100644 --- a/docs/passwordpolicyenforcer/11.0/administration/domain_and_local_policies.md +++ b/docs/passwordpolicyenforcer/11.0/installation/domain_and_local_policies.md @@ -1,3 +1,9 @@ +--- +title: "Domain and Local Policies" +description: "Domain and Local Policies" +sidebar_position: 10 +--- + # Domain and Local Policies Netwrix Password Policy Enforcer enforces password policies for both domain and local user accounts. @@ -18,7 +24,7 @@ policies for the domain accounts. To enforce password policies for domain user accounts, you should install Password Policy Enforcer onto all the domain controllers in the domain. If you have read-only domain controllers and aren't -using the [Rules](/docs/passwordpolicyenforcer/11.0/administration/rules.md), [Password Policy Client](/docs/passwordpolicyenforcer/11.0/administration/password_policy_client.md), or other software +using the [Rules](/docs/passwordpolicyenforcer/11.0/administration-overview/manage-policies/rules/rules.md), [Password Policy Client](/docs/passwordpolicyenforcer/11.0/administration-overview/password-policy-client/password_policy_client.md), or other software (such as [Netwrix Password Reset](https://www.netwrix.com/active_directory_password_reset_tool.html)) that uses the Password Policy Enforcer Client protocol, then you do not need to install Password Policy @@ -43,14 +49,14 @@ is also some information, such as the user's OU, which does not exist in the SAM limitations, the following rules and features cannot be used with local password policies: - The Minimum Age and Maximum Age rules (you can use the Windows version of these rules with - Password Policy Enforcer). See the [Rules](/docs/passwordpolicyenforcer/11.0/administration/rules.md) topic for additional information. + Password Policy Enforcer). See the [Rules](/docs/passwordpolicyenforcer/11.0/administration-overview/manage-policies/rules/rules.md) topic for additional information. - Policy assignments by groups and containers. See the - [Assign Policies to Users & Groups](/docs/passwordpolicyenforcer/11.0/administration/usersgroups.md) topic for additional information. + [Assign Policies to Users & Groups](/docs/passwordpolicyenforcer/11.0/administration-overview/manage-policies/usersgroups.md) topic for additional information. Password Policy Enforcer's configuration is stored in Active Directory for domain password policies, and in the Windows registry for local password policies. The Connect To page in the Password Policy Enforcer management console allows you to choose a configuration source. See the -[Connected To](configconsole.md#connected-to) topic for additional information. Changes you make to +[Connected To](/docs/passwordpolicyenforcer/11.0/administration-overview/configconsole.md#connected-to) topic for additional information. Changes you make to Password Policy Enforcer's domain configuration are replicated to all domain controllers in the domain. Changes to a local configuration are applied only to the local computer. If you want to use the same local configuration for many computers, export the HKLM\SOFTWARE\ANIXIS\Password Policy diff --git a/docs/passwordpolicyenforcer/11.0/administration/hibpupdater.md b/docs/passwordpolicyenforcer/11.0/installation/hibpupdater.md similarity index 96% rename from docs/passwordpolicyenforcer/11.0/administration/hibpupdater.md rename to docs/passwordpolicyenforcer/11.0/installation/hibpupdater.md index 95f120cb34..a5b33b2bf4 100644 --- a/docs/passwordpolicyenforcer/11.0/administration/hibpupdater.md +++ b/docs/passwordpolicyenforcer/11.0/installation/hibpupdater.md @@ -1,10 +1,16 @@ +--- +title: "HIBP Updater" +description: "HIBP Updater" +sidebar_position: 90 +--- + # HIBP Updater Password Policy Enforcer can be configured to use the Have I Been Pwnd (HIBP) database. A copy of this database is hosted on the Netwrix website. The HIBP database contains a list of the hashes of known compromised passwords. During password change operations, the application can be configured to reject passwords with a hash that matches a hash in the HIBP database. See the Password Policy -Enforcer [Compromised Password Check](/docs/passwordpolicyenforcer/11.0/administration/compromisedpasswordcheck.md) topic for HIBP database +Enforcer [Compromised Password Check](/docs/passwordpolicyenforcer/11.0/administration-overview/compromisedpasswordcheck.md) topic for HIBP database information and configuration options. The HIBP database must be initially deployed to a server or workstation with an internet connection @@ -98,7 +104,7 @@ Compromised rule to read the files from: \\127.0.0.1\sysvol\your.domain\filename.db -See the [Compromised Rule](/docs/passwordpolicyenforcer/11.0/administration/compromised_rule.md) topic for additional information. +See the [Compromised Rule](/docs/passwordpolicyenforcer/11.0/administration-overview/manage-policies/rules/compromised_rule.md) topic for additional information. The path above only works if the computer has a Sysvol share. This will not be the case if you are using a workstation for policy testing, or if you are using Password Policy Enforcer to enforce diff --git a/docs/passwordpolicyenforcer/11.0/install/installationclient.md b/docs/passwordpolicyenforcer/11.0/installation/installationclient.md similarity index 95% rename from docs/passwordpolicyenforcer/11.0/install/installationclient.md rename to docs/passwordpolicyenforcer/11.0/installation/installationclient.md index f9bbe420fa..3043c9f127 100644 --- a/docs/passwordpolicyenforcer/11.0/install/installationclient.md +++ b/docs/passwordpolicyenforcer/11.0/installation/installationclient.md @@ -1,9 +1,15 @@ +--- +title: "Install Password Policy Enforcer Client" +description: "Install Password Policy Enforcer Client" +sidebar_position: 30 +--- + # Install Password Policy Enforcer Client This procedure is used to install the client on your current workstation. See the -[Install with Group Policy Management](/docs/passwordpolicyenforcer/11.0/install/installationgpm.md) top for details on installing the client +[Install with Group Policy Management](/docs/passwordpolicyenforcer/11.0/installation/installationgpm.md) top for details on installing the client across your network. You can also install/uninstall the products using command line -[Silent Installation](/docs/passwordpolicyenforcer/11.0/administration/command_line_interface.md#silent-installation). +[Silent Installation](/docs/passwordpolicyenforcer/11.0/administration-overview/command_line_interface.md#silent-installation). **Step 1 –** Navigate to the folder where you extracted the installers downloaded from Netwrix. diff --git a/docs/passwordpolicyenforcer/11.0/install/installationconfigconsole.md b/docs/passwordpolicyenforcer/11.0/installation/installationconfigconsole.md similarity index 79% rename from docs/passwordpolicyenforcer/11.0/install/installationconfigconsole.md rename to docs/passwordpolicyenforcer/11.0/installation/installationconfigconsole.md index 88c6eaeb29..9ad2c9024b 100644 --- a/docs/passwordpolicyenforcer/11.0/install/installationconfigconsole.md +++ b/docs/passwordpolicyenforcer/11.0/installation/installationconfigconsole.md @@ -1,3 +1,9 @@ +--- +title: "Install the Configuration Console" +description: "Install the Configuration Console" +sidebar_position: 50 +--- + # Install the Configuration Console The Configuration Console is used to configure and manage Netwrix Password Policy Enforcer on your @@ -13,9 +19,9 @@ The Configuration Console is a feature package included in the server installati - Configuration Console – manages policy configuration. Install where ever needed. - Mailer Service – sends email reminders. Install on any server. -Follow the procedure in [Install Password Policy Enforcer on a Server](/docs/passwordpolicyenforcer/11.0/install/installationserver.md), +Follow the procedure in [Install Password Policy Enforcer on a Server](/docs/passwordpolicyenforcer/11.0/installation/installationserver.md), selecting the **Configuration Console** feature. You can select the other features if appropriate for the server. You can also install/uninstall the products using command line -[Silent Installation](/docs/passwordpolicyenforcer/11.0/administration/command_line_interface.md#silent-installation). +[Silent Installation](/docs/passwordpolicyenforcer/11.0/administration-overview/command_line_interface.md#silent-installation). diff --git a/docs/passwordpolicyenforcer/11.0/install/installationgpm.md b/docs/passwordpolicyenforcer/11.0/installation/installationgpm.md similarity index 92% rename from docs/passwordpolicyenforcer/11.0/install/installationgpm.md rename to docs/passwordpolicyenforcer/11.0/installation/installationgpm.md index 3e0ab29f89..65daf77758 100644 --- a/docs/passwordpolicyenforcer/11.0/install/installationgpm.md +++ b/docs/passwordpolicyenforcer/11.0/installation/installationgpm.md @@ -1,3 +1,9 @@ +--- +title: "Install with Group Policy Management" +description: "Install with Group Policy Management" +sidebar_position: 40 +--- + # Install with Group Policy Management An automated installation uses Group Policy to distribute Password Policy Enforcer. This type of @@ -5,7 +11,7 @@ installation is recommended when you need to install Password Policy Enforcer on This section shows you how to install Password Policy Enforcer on domain controllers to enforce domain policies, but you can also use Group Policy to target member servers and workstations if you need to enforce local policies. See the -[Domain and Local Policies](/docs/passwordpolicyenforcer/11.0/administration/domain_and_local_policies.md) topic for additional +[Domain and Local Policies](/docs/passwordpolicyenforcer/11.0/installation/domain_and_local_policies.md) topic for additional information. ## Create a Distribution Point diff --git a/docs/passwordpolicyenforcer/11.0/install/installationmailer.md b/docs/passwordpolicyenforcer/11.0/installation/installationmailer.md similarity index 82% rename from docs/passwordpolicyenforcer/11.0/install/installationmailer.md rename to docs/passwordpolicyenforcer/11.0/installation/installationmailer.md index 1be899475d..2a94a6a400 100644 --- a/docs/passwordpolicyenforcer/11.0/install/installationmailer.md +++ b/docs/passwordpolicyenforcer/11.0/installation/installationmailer.md @@ -1,10 +1,16 @@ +--- +title: "Install Mailer Service" +description: "Install Mailer Service" +sidebar_position: 60 +--- + # Install Mailer Service Netwrix Password Policy Enforcer sends email reminders to domain users before their passwords expire. This is especially useful for users who logon infrequently, and for remote users who access the network without logging on to the domain. You must install the Password Policy Enforcer Mailer and configure the email delivery and email message options to send email reminders to users. See the -[Notifications](/docs/passwordpolicyenforcer/11.0/administration/configconsole.md#notifications) topic for additional information. +[Notifications](/docs/passwordpolicyenforcer/11.0/administration-overview/configconsole.md#notifications) topic for additional information. Add your email address to a service account, and the Password Policy Enforcer Mailer reminds you to change the service account password before it expires. @@ -19,9 +25,9 @@ The mailer is a feature package included in the server installation **.msi** fil - Configuration Console – manages policy configuration. Install where ever needed. - Mailer Service – sends email reminders. Install on any server. -Follow the procedure in [Install Password Policy Enforcer on a Server](/docs/passwordpolicyenforcer/11.0/install/installationserver.md), +Follow the procedure in [Install Password Policy Enforcer on a Server](/docs/passwordpolicyenforcer/11.0/installation/installationserver.md), selecting the **Mailer Service** feature. You can select the other features if appropriate for the server. You can also install/uninstall the products using command line -[Silent Installation](/docs/passwordpolicyenforcer/11.0/administration/command_line_interface.md#silent-installation). +[Silent Installation](/docs/passwordpolicyenforcer/11.0/administration-overview/command_line_interface.md#silent-installation). diff --git a/docs/passwordpolicyenforcer/11.0/install/installationserver.md b/docs/passwordpolicyenforcer/11.0/installation/installationserver.md similarity index 87% rename from docs/passwordpolicyenforcer/11.0/install/installationserver.md rename to docs/passwordpolicyenforcer/11.0/installation/installationserver.md index ea09a85c5f..b31652cea0 100644 --- a/docs/passwordpolicyenforcer/11.0/install/installationserver.md +++ b/docs/passwordpolicyenforcer/11.0/installation/installationserver.md @@ -1,3 +1,9 @@ +--- +title: "Install Password Policy Enforcer on a Server" +description: "Install Password Policy Enforcer on a Server" +sidebar_position: 20 +--- + # Install Password Policy Enforcer on a Server Password Policy Enforcer server should be installed on every domain controller to enforce the @@ -7,10 +13,10 @@ password policy for local user accounts. If your domain contains some read-only domain controllers, then installation of Password Policy Enforcer on these servers is only necessary if you are using the following features: -- [Rules](/docs/passwordpolicyenforcer/11.0/administration/rules.md) -- [Password Policy Client](/docs/passwordpolicyenforcer/11.0/administration/password_policy_client.md) +- [Rules](/docs/passwordpolicyenforcer/11.0/administration-overview/manage-policies/rules/rules.md) +- [Password Policy Client](/docs/passwordpolicyenforcer/11.0/administration-overview/password-policy-client/password_policy_client.md) - [Netwrix Password Reset](https://helpcenter.netwrix.com/category/passwordreset) -- [Password Policy Enforcer Web](/docs/passwordpolicyenforcer/11.0/web/web_overview.md) +- [Password Policy Enforcer Web](/docs/passwordpolicyenforcer/11.0/web-overview/web_overview.md) The Server installation package includes multiple features selected during installation: @@ -23,9 +29,9 @@ The Server installation package includes multiple features selected during insta **Step 2 –** Extract the installers from the compressed file. If you are going to use Group Policy Manager to install Netwrix Password Policy Enforcer, copy the **msi** files to a distribution -folder. See the [Install with Group Policy Management](/docs/passwordpolicyenforcer/11.0/install/installationgpm.md) topic for additional +folder. See the [Install with Group Policy Management](/docs/passwordpolicyenforcer/11.0/installation/installationgpm.md) topic for additional details. You can also install/uninstall the products using command line -[Silent Installation](/docs/passwordpolicyenforcer/11.0/administration/command_line_interface.md#silent-installation). +[Silent Installation](/docs/passwordpolicyenforcer/11.0/administration-overview/command_line_interface.md#silent-installation). **NOTE:** Continue with these steps to install one or more features on your current server or domain controller. You must repeat these steps for each server where the features are installed. diff --git a/docs/passwordpolicyenforcer/11.0/install/installationweb.md b/docs/passwordpolicyenforcer/11.0/installation/installationweb.md similarity index 95% rename from docs/passwordpolicyenforcer/11.0/install/installationweb.md rename to docs/passwordpolicyenforcer/11.0/installation/installationweb.md index d342736737..a445f5263d 100644 --- a/docs/passwordpolicyenforcer/11.0/install/installationweb.md +++ b/docs/passwordpolicyenforcer/11.0/installation/installationweb.md @@ -1,3 +1,9 @@ +--- +title: "Install Password Policy Enforcer Web" +description: "Install Password Policy Enforcer Web" +sidebar_position: 70 +--- + # Install Password Policy Enforcer Web Password Policy Enforcer Web V7.11 is a web server enabling users to change their Windows domain diff --git a/docs/passwordpolicyenforcer/11.0/installation/uninstall.md b/docs/passwordpolicyenforcer/11.0/installation/uninstall.md new file mode 100644 index 0000000000..61f97026a5 --- /dev/null +++ b/docs/passwordpolicyenforcer/11.0/installation/uninstall.md @@ -0,0 +1,31 @@ +--- +title: "Uninstall Netwrix Password Policy Enforcer" +description: "Uninstall Netwrix Password Policy Enforcer" +sidebar_position: 120 +--- + +# Uninstall Netwrix Password Policy Enforcer + +Follow the steps to uninstall Password Policy Enforcer. + +You can uninstall Password Policy Enforcer on every domain server and computer, or use Group Policy +Management to remove the PPE Server and PPE Client on all machines. + +You can also install/uninstall the products using command line +[Silent Installation](/docs/passwordpolicyenforcer/11.0/administration-overview/command_line_interface.md#silent-installation). + +**Step 1 –** Open **Start** > **Control Panel** > **Programs and Features** on each system where a +PPE component is installed. + +**Step 2 –** Click **Uninstall a program**. + +**Step 3 –** Select Netwrix Password Policy Enforcer to uninstall the PPE Server, PPE Configuration +Console and Mailer. + +**Step 4 –** Click **Uninstall**. + +**Step 5 –** Select Netwrix Password Policy Client to uninstall the client. + +**Step 6 –** Click **Uninstall**. + +**Step 7 –** Reboot the Domain Controller. diff --git a/docs/passwordpolicyenforcer/11.0/install/upgrading.md b/docs/passwordpolicyenforcer/11.0/installation/upgrading.md similarity index 78% rename from docs/passwordpolicyenforcer/11.0/install/upgrading.md rename to docs/passwordpolicyenforcer/11.0/installation/upgrading.md index c77dcdf0a8..58b36ffd8d 100644 --- a/docs/passwordpolicyenforcer/11.0/install/upgrading.md +++ b/docs/passwordpolicyenforcer/11.0/installation/upgrading.md @@ -1,3 +1,9 @@ +--- +title: "Upgrading Password Policy Enforcer" +description: "Upgrading Password Policy Enforcer" +sidebar_position: 110 +--- + # Upgrading Password Policy Enforcer Upgrades are supported for versions 9.0 and above. Contact Customer Support at @@ -5,29 +11,29 @@ Upgrades are supported for versions 9.0 and above. Contact Customer Support at upgrading older versions You can also install/uninstall the products using command line -[Silent Installation](/docs/passwordpolicyenforcer/11.0/administration/command_line_interface.md#silent-installation). +[Silent Installation](/docs/passwordpolicyenforcer/11.0/administration-overview/command_line_interface.md#silent-installation). Upgrading the Password Policy Server The Password Policy Enforcer installer detects existing installations and upgrades them to 11. See -the [Install Password Policy Enforcer on a Server](/docs/passwordpolicyenforcer/11.0/install/installationserver.md) topic for additional +the [Install Password Policy Enforcer on a Server](/docs/passwordpolicyenforcer/11.0/installation/installationserver.md) topic for additional information. If you are performing an automated installation with Group Policy, then add the new **.msi** installer files to the same Group Policy Object used to install the older version. See the -[Install with Group Policy Management](/docs/passwordpolicyenforcer/11.0/install/installationgpm.md) topic for additional information. +[Install with Group Policy Management](/docs/passwordpolicyenforcer/11.0/installation/installationgpm.md) topic for additional information. **NOTE:** Upgrade all your servers and domain controllers. Configuration changes performed with the new version do not affect servers running an older version. If you have multiple versions, you must make configuration changes in both configuration consoles until all domain controllers are upgraded to 11. Failure to do so may lead to inconsistent enforcement of the password policy. -Open the [License](/docs/passwordpolicyenforcer/11.0/administration/configconsole.md#license) settings on the Configuration Console +Open the [License](/docs/passwordpolicyenforcer/11.0/administration-overview/configconsole.md#license) settings on the Configuration Console after an upgrade to check your license details. Password Policy Enforcer reverts to a 30-day evaluation license if it cannot import the license key. Upgrading the Password Policy Client The Password Policy Client installer detects existing installations and upgrades them to 11. See the -[Install Password Policy Enforcer Client](/docs/passwordpolicyenforcer/11.0/install/installationclient.md)[Install Password Policy Enforcer Client](/docs/passwordpolicyenforcer/11.0/install/installationclient.md) +[Install Password Policy Enforcer Client](/docs/passwordpolicyenforcer/11.0/installation/installationclient.md)[Install Password Policy Enforcer Client](/docs/passwordpolicyenforcer/11.0/installation/installationclient.md) topic for additional information. If you are distributing the Password Policy Client with Group Policy, then add the new client **.msi** file to the same Group Policy Object used to install the older version. Upgrade and reboot the Password Policy Servers before upgrading the clients. @@ -39,7 +45,7 @@ recommended. Upgrading the Mailer The Password Policy Enforcer installer detects existing installations of the Password Policy -Enforcer Mailer and upgrades them to 11. See the [Install Mailer Service](/docs/passwordpolicyenforcer/11.0/install/installationmailer.md) +Enforcer Mailer and upgrades them to 11. See the [Install Mailer Service](/docs/passwordpolicyenforcer/11.0/installation/installationmailer.md) topic for additional information. Upgrade Notes diff --git a/docs/passwordpolicyenforcer/11.0/administration/writeback.md b/docs/passwordpolicyenforcer/11.0/installation/writeback.md similarity index 88% rename from docs/passwordpolicyenforcer/11.0/administration/writeback.md rename to docs/passwordpolicyenforcer/11.0/installation/writeback.md index 46fe97eb8c..78e5beb5e8 100644 --- a/docs/passwordpolicyenforcer/11.0/administration/writeback.md +++ b/docs/passwordpolicyenforcer/11.0/installation/writeback.md @@ -1,3 +1,9 @@ +--- +title: "Enforce Password Reset with Azure Password Writeback" +description: "Enforce Password Reset with Azure Password Writeback" +sidebar_position: 100 +--- + # Enforce Password Reset with Azure Password Writeback You can use Password Policy Enforcer to enforce password policies for passwords reset from Microsoft diff --git a/docs/passwordpolicyenforcer/11.0/overview.md b/docs/passwordpolicyenforcer/11.0/overview.md deleted file mode 100644 index c48c68e8cf..0000000000 --- a/docs/passwordpolicyenforcer/11.0/overview.md +++ /dev/null @@ -1,5 +0,0 @@ -# Netwrix Password Policy Enforcer v11.0 - -Netwrix Password Policy Enforcer helps secure your network by ensuring users set strong passwords. -When a user enters a password that does not comply with the password policy, Password Policy -Enforcer immediately rejects the password and details why the password was rejected. diff --git a/docs/passwordpolicyenforcer/11.0/overview/_category_.json b/docs/passwordpolicyenforcer/11.0/overview/_category_.json new file mode 100644 index 0000000000..1ca703538c --- /dev/null +++ b/docs/passwordpolicyenforcer/11.0/overview/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Netwrix Password Policy Enforcer v11.0", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/passwordpolicyenforcer/11.0/overview/gettingstarted.md b/docs/passwordpolicyenforcer/11.0/overview/gettingstarted.md new file mode 100644 index 0000000000..7c93b00be7 --- /dev/null +++ b/docs/passwordpolicyenforcer/11.0/overview/gettingstarted.md @@ -0,0 +1,56 @@ +--- +title: "Getting Started" +description: "Getting Started" +sidebar_position: 10 +--- + +# Getting Started + +Review the [Requirements](/docs/passwordpolicyenforcer/11.0/requirements.md) and the +[Domain and Local Policies](/docs/passwordpolicyenforcer/11.0/installation/domain_and_local_policies.md) topics. + +## Install Products + +Password Policy Enforcer (PPE Server) is installed on every domain controller to enforce the +password policy for domain user accounts, or on individual servers and workstations to enforce the +password policy for local user accounts. See the +[Install Password Policy Enforcer on a Server](/docs/passwordpolicyenforcer/11.0/installation/installationserver.md) or +[Install with Group Policy Management](/docs/passwordpolicyenforcer/11.0/installation/installationgpm.md) topics for additional +information. + +The Configuration Console can be installed on what ever servers are convenient for you to access. It +is a selectable feature in the server installation **msi** package. See the +[Install Password Policy Enforcer on a Server](/docs/passwordpolicyenforcer/11.0/installation/installationserver.md) topic for additional +information. + +The Mailer Service is installed on a single server in each domain. See the +[Install Password Policy Enforcer on a Server](/docs/passwordpolicyenforcer/11.0/installation/installationserver.md) topic for additional +information. + +Password Policy Enforcer client is optional, but recommended. Users receive immediate feedback when +setting up their passwords. This saves your users time and frustration when picking compliant +passwords. See the [Install Password Policy Enforcer Client](/docs/passwordpolicyenforcer/11.0/installation/installationclient.md) or +[Install with Group Policy Management](/docs/passwordpolicyenforcer/11.0/installation/installationgpm.md) topics for additional +information. + +Password Policy Enforcer Web is a separate product enabling users to change their Windows domain +password from a web browser. See the [Password Policy Enforcer Web](/docs/passwordpolicyenforcer/11.0/web-overview/web_overview.md) topic for +additional information. + +Create the **Compromised Passwords Base** prior to enabling the Compromised Password Check. See the +[HIBP Updater](/docs/passwordpolicyenforcer/11.0/installation/hibpupdater.md) topic for additional information. + +## Exclude PPE Files from AntiVirus Checks + +Domain Controller + +**PPE.DLL** if this file does not load, the password policy is not enforced. + +Clients + +**PPEClt.dll** and **APRClt.dll** if either of these files are blocked, the client does not run. + +## Next Steps + +You can work through the [Evaluate Password Policy Enforcer](/docs/passwordpolicyenforcer/11.0/evaluation-overview/evaluation_overview.md) or +open the [Configuration Console](/docs/passwordpolicyenforcer/11.0/administration/configconsoleoverview.md). diff --git a/docs/passwordpolicyenforcer/11.0/overview/overview.md b/docs/passwordpolicyenforcer/11.0/overview/overview.md new file mode 100644 index 0000000000..f047df027f --- /dev/null +++ b/docs/passwordpolicyenforcer/11.0/overview/overview.md @@ -0,0 +1,11 @@ +--- +title: "Netwrix Password Policy Enforcer v11.0" +description: "Netwrix Password Policy Enforcer v11.0" +sidebar_position: 10 +--- + +# Netwrix Password Policy Enforcer v11.0 + +Netwrix Password Policy Enforcer helps secure your network by ensuring users set strong passwords. +When a user enters a password that does not comply with the password policy, Password Policy +Enforcer immediately rejects the password and details why the password was rejected. diff --git a/docs/passwordpolicyenforcer/11.0/overview/whatsnew.md b/docs/passwordpolicyenforcer/11.0/overview/whatsnew.md new file mode 100644 index 0000000000..bcedc89e2c --- /dev/null +++ b/docs/passwordpolicyenforcer/11.0/overview/whatsnew.md @@ -0,0 +1,64 @@ +--- +title: "What's New" +description: "What's New" +sidebar_position: 20 +--- + +# What's New + +## New Netwrix Community! + +All Netwrix product announcements have moved to the new Netwrix Community. See announcements for +Netwrix Password Policy Enforcer in the +[Password Policy Enforcer](https://community.netwrix.com/c/password-policy-enforcer/announcements/118) +area of our new community. + +The following information highlights the new and enhanced features introduced in this Netwrix +Password Policy Enforcer version 11.0. + +## Password Policy Enforcer v11.0 + +New: Redesigned UI + +The user interface of the Management Console has been fully redesigned to reflect modern design +standards and account for all the feedback our customers have given us throughout the years. + +New: PowerShell cmdlets + +Netwrix Password Policy Enforcer now includes a set of PowerShell cmdlets that enable administrators +to easily manage policy, generate reports, and check the health of Netwrix Password Policy Enforcer +from PowerShell in both interactive and automated ways. + +New: Support Tools + +Additional support tools have been added to allow administrators to check the health of the Netwrix +Password Policy Enforcer and audit the version of each installation from one location. This allows +customers to quickly identify any problems and keep their Netwrix Password Policy Enforcer +installation up to date. + +New: Updated Installer + +The Netwrix Password Policy Enforcer QuickStart Wizard has been replaced with MSI packages for +easier installation and upgrade of the client and the server. + +New: Netwrix Password Policy Enforcer Web + +PPE Web is now available to all licensed Password Policy Enforcer customers. PPE Web allows users to +change their Windows domain passwords from a web browser and integrates with Netwrix Password Policy +Enforcer to enforce customizable password policies and assist users in selecting compliant +passwords. + +Enhancement: Updated policy templates + +The out-of-the-box policy templates have been updated to reflect recent changes in different +compliance standards. Old templates will still be available, and customers' current policies will +not be changed as part of this update. + +Enhancement: Compatibility + +- Deprecation of 32-bit server installations – The product now only supports 64-bit server + installations. +- Currently supported Password Policy Server platforms – 64-bit Windows 10, 11 and Windows Server + 2016, 2019, and 2022. +- Currently supported Password Policy Client platforms – 32-bit Windows 10 and 64-bit Windows 10, + 11, and Windows Server 2016, 2019, and 2022. diff --git a/docs/passwordpolicyenforcer/11.0/passwordreset/administration/general_tab.md b/docs/passwordpolicyenforcer/11.0/passwordreset/administration/general_tab.md index 1451c2fbff..6ec8125e3b 100644 --- a/docs/passwordpolicyenforcer/11.0/passwordreset/administration/general_tab.md +++ b/docs/passwordpolicyenforcer/11.0/passwordreset/administration/general_tab.md @@ -98,7 +98,7 @@ policy, or no policy enforced if the queried server is not a domain controller i domain. Queries to the Password Policy Server are sent to UDP port 1333 by default. You may need to create firewall rules to open this port. See the -[Password Policy Client](/docs/passwordpolicyenforcer/11.0/administration/password_policy_client.md) +[Password Policy Client](/docs/passwordpolicyenforcer/11.0/administration-overview/password-policy-client/password_policy_client.md) topic for more information. **NOTE:** Due to a protocol upgrade, it is now recommended to enable protocol encryption for diff --git a/docs/passwordpolicyenforcer/11.0/requirements.md b/docs/passwordpolicyenforcer/11.0/requirements.md index 8cc1d6172d..a3a78e5205 100644 --- a/docs/passwordpolicyenforcer/11.0/requirements.md +++ b/docs/passwordpolicyenforcer/11.0/requirements.md @@ -1,3 +1,9 @@ +--- +title: "Requirements" +description: "Requirements" +sidebar_position: 20 +--- + # Requirements Netwrix Password Policy Enforcer 11 can be installed for both domain and local user accounts. diff --git a/docs/passwordpolicyenforcer/11.0/web-overview/_category_.json b/docs/passwordpolicyenforcer/11.0/web-overview/_category_.json new file mode 100644 index 0000000000..641fa612e9 --- /dev/null +++ b/docs/passwordpolicyenforcer/11.0/web-overview/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Password Policy Enforcer Web", + "position": 60, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "web_overview" + } +} \ No newline at end of file diff --git a/docs/passwordpolicyenforcer/11.0/web-overview/configuration.md b/docs/passwordpolicyenforcer/11.0/web-overview/configuration.md new file mode 100644 index 0000000000..af58045e9e --- /dev/null +++ b/docs/passwordpolicyenforcer/11.0/web-overview/configuration.md @@ -0,0 +1,81 @@ +--- +title: "Configuration" +description: "Configuration" +sidebar_position: 40 +--- + +# Configuration + +Click **Start** >**[All] Programs** > **PPE Web Configuration Console** to open the Password Policy +Enforcer Web Configuration Console. + +## General Tab + +Use the General tab to maintain the list of managed domains, and to configure Password Policy +Enforcer integration. See the Password Policy Enforcer topic for additional information. + +![configuring_ppe_web](/img/product_docs/passwordpolicyenforcer/11.0/web/configuring_ppe_web.webp) + +### Domain List + +When Password Policy Enforcer Web is first installed, the Domain List is empty and users must type +their domain name. You can configure Password Policy Enforcer Web to display a list of domains +instead of an empty text box. + +Add Domain + +Follow the steps below to add a domain to the list. + +**Step 1 –** Click the **Add...** button. + +**Step 2 –** Enter a NetBIOS (NT Compatible) or DNS domain name. + +**Step 3 –** Click **OK**, the click **Apply**. + +**NOTE:** The most frequently used domain should be first in the list as it will be the default. You +can rearrange the domains by dragging them to another position. You can also click **Sort** to sort +them alphabetically. + +Remove Domain + +Follow the steps below to remove a domain from the list. + +**Step 1 –** Select the domain name from the Domain List. + +**Step 2 –** Click **Remove**, then click **Yes** when asked to confirm. + +**Step 3 –** Click **Apply**. + +### Password Policy Enforcer + +Password Policy Enforcer is a configurable password filter that enforces granular password policies +with many advanced features. Password Policy Enforcer Web can integrate with Password Policy +Enforcer to help users choose a compliant password. + +![configuring_ppe_web_1](/img/product_docs/passwordpolicyenforcer/11.0/web/configuring_ppe_web_1.webp) + +Password Policy Enforcer Web displays the Password Policy Enforcer password policy message when a +user is prompted for their new password, and the Password Policy Enforcer rejection message if the +new password does not comply with the password policy. Select the **Password Policy Enforcer +integration** check box if you have installed and configured Password Policy Enforcer on your domain +controllers. + +You can also set the Port, Timeout, and number of Retries for the Password Policy Protocol if the +defaults are not suitable. + +**NOTE:** A Password Policy Enforcer Web license does not include a Password Policy Enforcer +license. Go to +[netwrix.com/password_policy_enforcer](https://www.netwrix.com/password_policy_enforcer.html) to +learn more about Password Policy Enforcer. + +## About Tab + +The **About** tab contains version and license key information. + +To install a new license key. + +**Step 1 –** Copy the entire license e-mail to the clipboard. + +**Step 2 –** Click **Get license from clipboard**. + +**Step 3 –** Click **Apply**. diff --git a/docs/passwordpolicyenforcer/11.0/web/editing_html_templates.md b/docs/passwordpolicyenforcer/11.0/web-overview/editing_html_templates.md similarity index 98% rename from docs/passwordpolicyenforcer/11.0/web/editing_html_templates.md rename to docs/passwordpolicyenforcer/11.0/web-overview/editing_html_templates.md index e26173a52b..7764fd6d67 100644 --- a/docs/passwordpolicyenforcer/11.0/web/editing_html_templates.md +++ b/docs/passwordpolicyenforcer/11.0/web-overview/editing_html_templates.md @@ -1,3 +1,9 @@ +--- +title: "Edit HTML Templates" +description: "Edit HTML Templates" +sidebar_position: 60 +--- + # Edit HTML Templates Password Policy Enforcer Web's user interface is built with customizable templates. You can easily @@ -10,7 +16,7 @@ a language code. The files for the US English language are: | Filename | Content | | --------------- | -------------------------------------------------------------------------------------------------------------------------------------- | -| en_default.htm | Static HTML for the Welcome page. See the [Launch Password Policy Enforcer Web](/docs/passwordpolicyenforcer/11.0/web/using_web.md) topic for additional information. | +| en_default.htm | Static HTML for the Welcome page. See the [Launch Password Policy Enforcer Web](/docs/passwordpolicyenforcer/11.0/web-overview/using_web.md) topic for additional information. | | en_ppeweb.htm | Template for the Password Change page. See the [Change Password](using_web.md#change-password) topic for additional information. | | en_finished.htm | Template for the Finished page. | | en_error.htm | Template for the Password Critical Error page. See the [Error Messages](using_web.md#error-messages) topic for additional information. | diff --git a/docs/passwordpolicyenforcer/11.0/web/securing_web.md b/docs/passwordpolicyenforcer/11.0/web-overview/securing_web.md similarity index 92% rename from docs/passwordpolicyenforcer/11.0/web/securing_web.md rename to docs/passwordpolicyenforcer/11.0/web-overview/securing_web.md index 9774d87f71..10f323e446 100644 --- a/docs/passwordpolicyenforcer/11.0/web/securing_web.md +++ b/docs/passwordpolicyenforcer/11.0/web-overview/securing_web.md @@ -1,3 +1,9 @@ +--- +title: "Secure Password Policy Enforcer Web" +description: "Secure Password Policy Enforcer Web" +sidebar_position: 50 +--- + # Secure Password Policy Enforcer Web Password Policy Enforcer Web is designed to operate securely, but you must ensure that the web diff --git a/docs/passwordpolicyenforcer/11.0/web/using_web.md b/docs/passwordpolicyenforcer/11.0/web-overview/using_web.md similarity index 88% rename from docs/passwordpolicyenforcer/11.0/web/using_web.md rename to docs/passwordpolicyenforcer/11.0/web-overview/using_web.md index cad4b651bb..177381bbb0 100644 --- a/docs/passwordpolicyenforcer/11.0/web/using_web.md +++ b/docs/passwordpolicyenforcer/11.0/web-overview/using_web.md @@ -1,3 +1,9 @@ +--- +title: "Launch Password Policy Enforcer Web" +description: "Launch Password Policy Enforcer Web" +sidebar_position: 30 +--- + # Launch Password Policy Enforcer Web The default URL for Password Policy Enforcer Web is: `http://[server]/ppeweb/` @@ -18,7 +24,7 @@ You can also include the username and/or domain in the URL: **_RECOMMENDED:_** Install the SSL Certificate the web server and use the HTTPS protocol if Password Policy Enforcer Web will be used on an unencrypted network. See the -[Install an SSL Certificate](securing_web.md#install-an-sslcertificate) topic for additional +[Install an SSL Certificate](/docs/passwordpolicyenforcer/11.0/web-overview/securing_web.md#install-an-sslcertificate) topic for additional information. **NOTE:** A license reminder message is shown occasionally when Password Policy Enforcer Web is used @@ -59,5 +65,5 @@ error message, but most critical errors are beyond the user's control. ![using_ppe_web_2](/img/product_docs/passwordpolicyenforcer/11.0/web/using_ppe_web_2.webp) Validation and critical error messages are stored in the HTML templates. You can modify the default -messages by editing the templates. See the [Edit HTML Templates](/docs/passwordpolicyenforcer/11.0/web/editing_html_templates.md) topic +messages by editing the templates. See the [Edit HTML Templates](/docs/passwordpolicyenforcer/11.0/web-overview/editing_html_templates.md) topic for additional information. diff --git a/docs/passwordpolicyenforcer/11.0/web/web_overview.md b/docs/passwordpolicyenforcer/11.0/web-overview/web_overview.md similarity index 93% rename from docs/passwordpolicyenforcer/11.0/web/web_overview.md rename to docs/passwordpolicyenforcer/11.0/web-overview/web_overview.md index f55caf7e92..09e6746511 100644 --- a/docs/passwordpolicyenforcer/11.0/web/web_overview.md +++ b/docs/passwordpolicyenforcer/11.0/web-overview/web_overview.md @@ -1,3 +1,9 @@ +--- +title: "Password Policy Enforcer Web" +description: "Password Policy Enforcer Web" +sidebar_position: 60 +--- + # Password Policy Enforcer Web Password Policy Enforcer Web enables users to change their Windows domain password from a web diff --git a/docs/passwordpolicyenforcer/11.0/web/what_new.md b/docs/passwordpolicyenforcer/11.0/web-overview/what_new.md similarity index 94% rename from docs/passwordpolicyenforcer/11.0/web/what_new.md rename to docs/passwordpolicyenforcer/11.0/web-overview/what_new.md index b530548378..443e63fbbc 100644 --- a/docs/passwordpolicyenforcer/11.0/web/what_new.md +++ b/docs/passwordpolicyenforcer/11.0/web-overview/what_new.md @@ -1,3 +1,9 @@ +--- +title: "What's New" +description: "What's New" +sidebar_position: 10 +--- + # What's New User Interface @@ -20,7 +26,7 @@ Other - The Configuration Console prompts for elevation to ensure that user has sufficient permissions to write configuration settings. - Imports PPE Web V6.x configuration settings. See the - [Install Password Policy Enforcer Web](/docs/passwordpolicyenforcer/11.0/install/installationweb.md) topic for additional + [Install Password Policy Enforcer Web](/docs/passwordpolicyenforcer/11.0/installation/installationweb.md) topic for additional information. **NOTE:** PPE Web V7.11 integrates with Password Policy Enforcer V7.0 or later. Disable Password diff --git a/docs/passwordpolicyenforcer/11.0/web/configuration.md b/docs/passwordpolicyenforcer/11.0/web/configuration.md deleted file mode 100644 index 59bca86edc..0000000000 --- a/docs/passwordpolicyenforcer/11.0/web/configuration.md +++ /dev/null @@ -1,75 +0,0 @@ -# Configuration - -Click **Start** >**[All] Programs** > **PPE Web Configuration Console** to open the Password Policy -Enforcer Web Configuration Console. - -## General Tab - -Use the General tab to maintain the list of managed domains, and to configure Password Policy -Enforcer integration. See the Password Policy Enforcer topic for additional information. - -![configuring_ppe_web](/img/product_docs/passwordpolicyenforcer/11.0/web/configuring_ppe_web.webp) - -### Domain List - -When Password Policy Enforcer Web is first installed, the Domain List is empty and users must type -their domain name. You can configure Password Policy Enforcer Web to display a list of domains -instead of an empty text box. - -Add Domain - -Follow the steps below to add a domain to the list. - -**Step 1 –** Click the **Add...** button. - -**Step 2 –** Enter a NetBIOS (NT Compatible) or DNS domain name. - -**Step 3 –** Click **OK**, the click **Apply**. - -**NOTE:** The most frequently used domain should be first in the list as it will be the default. You -can rearrange the domains by dragging them to another position. You can also click **Sort** to sort -them alphabetically. - -Remove Domain - -Follow the steps below to remove a domain from the list. - -**Step 1 –** Select the domain name from the Domain List. - -**Step 2 –** Click **Remove**, then click **Yes** when asked to confirm. - -**Step 3 –** Click **Apply**. - -### Password Policy Enforcer - -Password Policy Enforcer is a configurable password filter that enforces granular password policies -with many advanced features. Password Policy Enforcer Web can integrate with Password Policy -Enforcer to help users choose a compliant password. - -![configuring_ppe_web_1](/img/product_docs/passwordpolicyenforcer/11.0/web/configuring_ppe_web_1.webp) - -Password Policy Enforcer Web displays the Password Policy Enforcer password policy message when a -user is prompted for their new password, and the Password Policy Enforcer rejection message if the -new password does not comply with the password policy. Select the **Password Policy Enforcer -integration** check box if you have installed and configured Password Policy Enforcer on your domain -controllers. - -You can also set the Port, Timeout, and number of Retries for the Password Policy Protocol if the -defaults are not suitable. - -**NOTE:** A Password Policy Enforcer Web license does not include a Password Policy Enforcer -license. Go to -[netwrix.com/password_policy_enforcer](https://www.netwrix.com/password_policy_enforcer.html) to -learn more about Password Policy Enforcer. - -## About Tab - -The **About** tab contains version and license key information. - -To install a new license key. - -**Step 1 –** Copy the entire license e-mail to the clipboard. - -**Step 2 –** Click **Get license from clipboard**. - -**Step 3 –** Click **Apply**. diff --git a/docs/passwordpolicyenforcer/11.0/whatsnew.md b/docs/passwordpolicyenforcer/11.0/whatsnew.md deleted file mode 100644 index 6d53eaa486..0000000000 --- a/docs/passwordpolicyenforcer/11.0/whatsnew.md +++ /dev/null @@ -1,58 +0,0 @@ -# What's New - -## New Netwrix Community! - -All Netwrix product announcements have moved to the new Netwrix Community. See announcements for -Netwrix Password Policy Enforcer in the -[Password Policy Enforcer](https://community.netwrix.com/c/password-policy-enforcer/announcements/118) -area of our new community. - -The following information highlights the new and enhanced features introduced in this Netwrix -Password Policy Enforcer version 11.0. - -## Password Policy Enforcer v11.0 - -New: Redesigned UI - -The user interface of the Management Console has been fully redesigned to reflect modern design -standards and account for all the feedback our customers have given us throughout the years. - -New: PowerShell cmdlets - -Netwrix Password Policy Enforcer now includes a set of PowerShell cmdlets that enable administrators -to easily manage policy, generate reports, and check the health of Netwrix Password Policy Enforcer -from PowerShell in both interactive and automated ways. - -New: Support Tools - -Additional support tools have been added to allow administrators to check the health of the Netwrix -Password Policy Enforcer and audit the version of each installation from one location. This allows -customers to quickly identify any problems and keep their Netwrix Password Policy Enforcer -installation up to date. - -New: Updated Installer - -The Netwrix Password Policy Enforcer QuickStart Wizard has been replaced with MSI packages for -easier installation and upgrade of the client and the server. - -New: Netwrix Password Policy Enforcer Web - -PPE Web is now available to all licensed Password Policy Enforcer customers. PPE Web allows users to -change their Windows domain passwords from a web browser and integrates with Netwrix Password Policy -Enforcer to enforce customizable password policies and assist users in selecting compliant -passwords. - -Enhancement: Updated policy templates - -The out-of-the-box policy templates have been updated to reflect recent changes in different -compliance standards. Old templates will still be available, and customers' current policies will -not be changed as part of this update. - -Enhancement: Compatibility - -- Deprecation of 32-bit server installations – The product now only supports 64-bit server - installations. -- Currently supported Password Policy Server platforms – 64-bit Windows 10, 11 and Windows Server - 2016, 2019, and 2022. -- Currently supported Password Policy Client platforms – 32-bit Windows 10 and 64-bit Windows 10, - 11, and Windows Server 2016, 2019, and 2022. diff --git a/docs/passwordreset/3.23/administration/password_reset_client.md b/docs/passwordreset/3.23/administration/password_reset_client.md index 4f71830ee0..7a88494530 100644 --- a/docs/passwordreset/3.23/administration/password_reset_client.md +++ b/docs/passwordreset/3.23/administration/password_reset_client.md @@ -4,7 +4,7 @@ The Password Reset Client allows users to securely reset their password or unloc the Windows Logon and Unlock Computer screens. Users click **Reset Password** to access the Password Reset system. -![the_password_reset_client](/img/product_docs/passwordreset/3.23/evaluation/the_password_reset_client_1.webp) +![the_password_reset_client](/img/product_docs/passwordreset/3.23/administration/the_password_reset_client_1.webp) **NOTE:** The Password Reset Client does not modify any Windows system files. @@ -61,7 +61,7 @@ this domain, and Link it here...** **Step 4 –** Enter **Password Reset Client**, then press **ENTER**. -![the_password_reset_client_1](/img/product_docs/passwordreset/3.23/evaluation/the_password_reset_client_1.webp) +![the_password_reset_client_1](/img/product_docs/passwordreset/3.23/administration/the_password_reset_client_1.webp) ### Edit the Group Policy Object @@ -122,7 +122,7 @@ installation folder. (`\Program Files\ANIXIS Password Reset\` by default). **Step 7 –** Select **APRClt.adm**, and then click **Open**. -![the_password_reset_client_2](/img/product_docs/passwordpolicyenforcer/10.2/password_reset/administration/the_password_reset_client_2.webp) +![the_password_reset_client_2](/img/product_docs/passwordreset/3.23/administration/the_password_reset_client_2.webp) **Step 8 –** Click **Close**. @@ -142,11 +142,11 @@ Reset Client** items. **Step 4 –** Double-click the **Browser settings** item in the right pane of the Group Policy Management Editor. -![the_password_reset_client_3](/img/product_docs/passwordpolicyenforcer/10.2/password_reset/administration/the_password_reset_client_3.webp) +![the_password_reset_client_3](/img/product_docs/passwordreset/3.23/administration/the_password_reset_client_3.webp) **Step 5 –** Select the **Enabled** option. -![the_password_reset_client_4](/img/product_docs/passwordpolicyenforcer/10.2/password_reset/administration/the_password_reset_client_4.webp) +![the_password_reset_client_4](/img/product_docs/passwordreset/3.23/administration/the_password_reset_client_4.webp) **Step 6 –** Enter the desired **Width** and **Height** of the PRC browser window. diff --git a/docs/passwordreset/3.23/administration/using_password_reset.md b/docs/passwordreset/3.23/administration/using_password_reset.md index 67508105cf..47f09c351d 100644 --- a/docs/passwordreset/3.23/administration/using_password_reset.md +++ b/docs/passwordreset/3.23/administration/using_password_reset.md @@ -12,7 +12,7 @@ example: `http://[server]/pwreset/apr.dll? cmd=enroll&username=maryjones&domain= Where [server] is the name or IP address of the server hosting the Web Interface. -![using_apr](/img/product_docs/passwordreset/3.23/evaluation/using_apr_1.webp) +![using_apr](/img/product_docs/passwordreset/3.23/administration/using_apr_1.webp) Users access the Enroll, Reset, Unlock, and Change features from the menu. These features are explained on the following pages. @@ -68,7 +68,7 @@ Follow the steps below to reset an account password. **Step 2 –** Type a **Username** and **Domain**, and then click **Next**. -![using_apr_1](/img/product_docs/passwordreset/3.23/evaluation/using_apr_1.webp) +![using_apr_1](/img/product_docs/passwordreset/3.23/administration/using_apr_1.webp) **Step 3 –** Type the **Answer** to the first question, and then click **Next**. Repeat until all questions are answered correctly. diff --git a/docs/passwordreset/3.23/administration/using_the_data_console.md b/docs/passwordreset/3.23/administration/using_the_data_console.md index 74b5d1cebc..689fa39a15 100644 --- a/docs/passwordreset/3.23/administration/using_the_data_console.md +++ b/docs/passwordreset/3.23/administration/using_the_data_console.md @@ -64,7 +64,7 @@ with the [Custom Filters](#custom-filters)and [The Filter Editor](#the-filter-ed The top row in the **Audit Log** and **Users** tabs is called the Filter Row. You can type filter values directly into this row. -![using_the_data_console_3](/img/product_docs/passwordpolicyenforcer/10.2/password_reset/administration/using_the_data_console_3.webp) +![using_the_data_console_3](/img/product_docs/passwordreset/3.23/administration/using_the_data_console_3.webp) The Filter Row is empty when you first open the Data Console. To create a filter, click the **Filter Row** in the column you wish to filter. A cursor will appear. Type a value, and then press **ENTER** @@ -74,7 +74,7 @@ You may see a button to the right of the cursor. Click the button to shown an ed that helps you enter a value. Values can include wildcard characters. Use a ? to match any single character, or a \* to match more than one character. -![using_the_data_console_4](/img/product_docs/passwordpolicyenforcer/10.2/password_reset/administration/using_the_data_console_4.webp) +![using_the_data_console_4](/img/product_docs/passwordreset/3.23/administration/using_the_data_console_4.webp) The image above shows a filter on the Date, Source, and Source IP columns. Only password reset events on 2/5/2015 originating from IP addresses starting with 192.168.115 are shown. The small blue @@ -87,19 +87,19 @@ or the filter editor windows for a logical OR filter. You can also create a filter by selecting values from a list in the column headers. -![using_the_data_console_5](/img/product_docs/passwordpolicyenforcer/10.2/password_reset/administration/using_the_data_console_5.webp) +![using_the_data_console_5](/img/product_docs/passwordreset/3.23/administration/using_the_data_console_5.webp) Hover the mouse pointer over a column header until a small button appears on the right side of the header. -![using_the_data_console_6](/img/product_docs/passwordpolicyenforcer/10.2/password_reset/administration/using_the_data_console_6.webp) +![using_the_data_console_6](/img/product_docs/passwordreset/3.23/administration/using_the_data_console_6.webp) Click the button to show a list of values in the column. Select one or more values from the list. Rows that do not match one of the selected values are hidden. -![using_the_data_console_7](/img/product_docs/passwordpolicyenforcer/10.2/password_reset/administration/using_the_data_console_7.webp) +![using_the_data_console_7](/img/product_docs/passwordreset/3.23/administration/using_the_data_console_7.webp) The list of values for date and date/time columns also includes date ranges such as **Last 7 days**, **Today**, **Yesterday**, etc. @@ -112,7 +112,7 @@ filter. Use custom filters to search for partial matches, find a range of values, or to create more complex filters. Click **(Custom...)** in a column header's value list to create a custom filter. -![using_the_data_console_8](/img/product_docs/passwordpolicyenforcer/10.2/password_reset/administration/using_the_data_console_8.webp) +![using_the_data_console_8](/img/product_docs/passwordreset/3.23/administration/using_the_data_console_8.webp) Custom filters can contain one or two conditions for each column. Select an operator for the first condition from the drop-down list below the column name. Only relevant operators are shown for each @@ -165,7 +165,7 @@ Some columns are hidden in the Data Console. You can use the Filter Editor to cr these columns. For example, the filter in the image below shows all users with an APR v1 enrollment record. -![using_the_data_console_10](/img/product_docs/passwordpolicyenforcer/10.2/password_reset/administration/using_the_data_console_10.webp) +![using_the_data_console_10](/img/product_docs/passwordreset/3.23/administration/using_the_data_console_10.webp) ### The Filter and Status Bars @@ -173,16 +173,16 @@ The Status Bar appears at the very bottom of the Data Console. It shows the numb records and the total record count. The Filter Bar appears above the Status Bar, and it shows the active filter. The button on the right side of the Filter Bar opens the Filter Editor. -![using_the_data_console_11](/img/product_docs/passwordpolicyenforcer/10.2/password_reset/administration/using_the_data_console_11.webp) +![using_the_data_console_11](/img/product_docs/passwordreset/3.23/administration/using_the_data_console_11.webp) A button and a check box appear on the left side of the Filter Bar when a filter is active. Click the button to clear the filter. Toggle the check box to disable or enable the filter. -![using_the_data_console_12](/img/product_docs/passwordpolicyenforcer/10.2/password_reset/administration/using_the_data_console_12.webp) +![using_the_data_console_12](/img/product_docs/passwordreset/3.23/administration/using_the_data_console_12.webp) A drop-down button appears to the right of the filter. Click it to select a recently used filter. -![using_the_data_console_13](/img/product_docs/passwordpolicyenforcer/10.2/password_reset/administration/using_the_data_console_13.webp) +![using_the_data_console_13](/img/product_docs/passwordreset/3.23/administration/using_the_data_console_13.webp) ## Exporting Data diff --git a/docs/passwordreset/3.23/administration/working_with_the_database.md b/docs/passwordreset/3.23/administration/working_with_the_database.md index eee143d31e..9086e40c5f 100644 --- a/docs/passwordreset/3.23/administration/working_with_the_database.md +++ b/docs/passwordreset/3.23/administration/working_with_the_database.md @@ -93,7 +93,7 @@ Windows authentication. To identify the service account, open services.msc, doub Password Reset service, and then click the Log On tab. Password Reset logs on to SQL Server with this account. -![working_with_the_database](/img/product_docs/passwordpolicyenforcer/10.2/password_reset/administration/working_with_the_database.webp) +![working_with_the_database](/img/product_docs/passwordreset/3.23/administration/working_with_the_database.webp) **Step 3 –** Create an SQL Server user, and map it to the service account login. @@ -139,7 +139,7 @@ information, and **Trust server certificate** must be selected if SQL Server is certificate. SQL Server uses a self-signed certificate if a trusted certificate is not installed. The SQL Server Native Client must be installed if **Trust server certificate** is selected. -![working_with_the_database_1](/img/product_docs/passwordpolicyenforcer/10.2/password_reset/administration/working_with_the_database_1.webp) +![working_with_the_database_1](/img/product_docs/passwordreset/3.23/administration/working_with_the_database_1.webp) **Step 8 –** Click **Next**. diff --git a/docs/passwordreset/3.23/evaluation/evaluation_overview.md b/docs/passwordreset/3.23/evaluation/evaluation_overview.md index 1fad9c5b17..bd7b0a16ee 100644 --- a/docs/passwordreset/3.23/evaluation/evaluation_overview.md +++ b/docs/passwordreset/3.23/evaluation/evaluation_overview.md @@ -11,7 +11,7 @@ the first time. Please contact Netwrix support[ ](mailto:support@anixis.com)if you have any questions, or if you encounter any problems during your evaluation. -![introduction_1_1](/img/product_docs/passwordpolicyenforcer/10.2/password_reset/evaluation/introduction_1_1.webp) +![introduction_1_1](/img/product_docs/passwordreset/3.23/evaluation/introduction_1_1.webp) The Password Reset Administrator's Guide contains additional installation and configuration information. Refer to the Administrator's Guide for more detailed coverage of the topics discussed diff --git a/docs/passwordreset/3.23/password_policy_enforcer/administration/rules.md b/docs/passwordreset/3.23/password_policy_enforcer/administration/rules.md index d49452ba6c..37d357d519 100644 --- a/docs/passwordreset/3.23/password_policy_enforcer/administration/rules.md +++ b/docs/passwordreset/3.23/password_policy_enforcer/administration/rules.md @@ -82,7 +82,7 @@ The Maximum Age rule forces users to change their passwords regularly. This decr of an attacker discovering a password before it changes. This rule can only be enforced by domain policies. -![ppe_rules](/img/product_docs/passwordpolicyenforcer/10.2/administration/ppe_rules.webp) +![ppe_rules](/img/product_docs/passwordreset/3.23/password_policy_enforcer/administration/ppe_rules_6.webp) Select the **Enabled** check box to enable the Maximum Age rule. diff --git a/docs/passwordreset/3.3/administration/configuring_password_reset.md b/docs/passwordreset/3.3/administration/configuring_password_reset.md index bb9a31870e..0018a1cd5b 100644 --- a/docs/passwordreset/3.3/administration/configuring_password_reset.md +++ b/docs/passwordreset/3.3/administration/configuring_password_reset.md @@ -9,7 +9,7 @@ Configuration Console to edit the configuration settings. Click **Start** > **Ne Reset** > **NPR Configuration Console**on the Password Reset Server computer to open the Configuration Console. -![configuring_npr](/img/product_docs/passwordpolicyenforcer/11.0/passwordreset/administration/configuring_npr.webp) +![configuring_npr](/img/product_docs/passwordreset/3.3/administration/configuring_npr_3.webp) Information about the configuration console tabs can be found in the following topics: diff --git a/docs/passwordreset/3.3/administration/general_tab.md b/docs/passwordreset/3.3/administration/general_tab.md index 9cd6e0f36f..27acf91695 100644 --- a/docs/passwordreset/3.3/administration/general_tab.md +++ b/docs/passwordreset/3.3/administration/general_tab.md @@ -8,7 +8,7 @@ Use the General tab to maintain the list of managed domains, set the database op the Password Policy Enforcer integration. See the Netwrix Password Policy Enforcer topic for additional information. -![configuring_npr](/img/product_docs/passwordpolicyenforcer/11.0/passwordreset/administration/configuring_npr.webp) +![configuring_npr](/img/product_docs/passwordreset/3.3/administration/configuring_npr_3.webp) ### Domain List diff --git a/docs/passwordreset/3.3/administration/using_password_reset.md b/docs/passwordreset/3.3/administration/using_password_reset.md index c97fbeebd0..d86619c950 100644 --- a/docs/passwordreset/3.3/administration/using_password_reset.md +++ b/docs/passwordreset/3.3/administration/using_password_reset.md @@ -14,7 +14,7 @@ example: `http://[server]/pwreset/apr.dll? cmd=enroll&username=johnsmith&domain= Where [server] is the name or IP address of the server hosting the Web Interface. -![using_npr](/img/product_docs/passwordreset/3.3/evaluation/using_npr_1.webp) +![using_npr](/img/product_docs/passwordreset/3.3/administration/using_npr_1.webp) Users access the Enroll, Reset, Unlock, and Change features from the menu. These features are explained on the following pages. @@ -63,7 +63,7 @@ Follow the steps below to reset an account password. **Step 1 –** Click the **Reset** item in the menu. -![using_npr_1](/img/product_docs/passwordreset/3.3/evaluation/using_npr_1.webp) +![using_npr_1](/img/product_docs/passwordreset/3.3/administration/using_npr_1.webp) **Step 2 –** Type a **Username** and **Domain**, and then click **Next**. diff --git a/docs/passwordsecure/9.1/configuration/basic_view/basic_view.md b/docs/passwordsecure/9.1/configuration/basic_view/basic_view.md index e735b4a681..2d6d1dae3d 100644 --- a/docs/passwordsecure/9.1/configuration/basic_view/basic_view.md +++ b/docs/passwordsecure/9.1/configuration/basic_view/basic_view.md @@ -10,7 +10,7 @@ intuitively and without previous knowledge or training by any user. The Basic vi up to 50 passwords. The Basic view introduces to professional password management. It is also the ideal tool for the daily handling of passwords. -![image1](/img/product_docs/directorymanager/11.0/admincenter/portal/linkedcombo/image1.webp) +![image1](/img/product_docs/passwordsecure/9.1/configuration/basic_view/image1.webp) ## Requirements & required rights diff --git a/docs/passwordsecure/9.1/configuration/basic_view/checklist/checklist_of_the_basic_view.md b/docs/passwordsecure/9.1/configuration/basic_view/checklist/checklist_of_the_basic_view.md index 992b4093f8..83aaaacf9e 100644 --- a/docs/passwordsecure/9.1/configuration/basic_view/checklist/checklist_of_the_basic_view.md +++ b/docs/passwordsecure/9.1/configuration/basic_view/checklist/checklist_of_the_basic_view.md @@ -27,7 +27,7 @@ You can either define the user directly as Basic view user. This works by changi accordingly. Alternatively, you can activate the setting **Start Basic view at next login.** This will prompt the user to log in to the Basic view. -![image2](/img/product_docs/directorymanager/11.0/admincenter/portal/linkedcombo/image2.webp) +![image2](/img/product_docs/passwordsecure/9.1/configuration/basic_view/checklist/image2.webp) 5. Add default applications (optional) diff --git a/docs/passwordsecure/9.1/enduser/createnewentry.md b/docs/passwordsecure/9.1/enduser/createnewentry.md index dfbf067b04..15c0140b79 100644 --- a/docs/passwordsecure/9.1/enduser/createnewentry.md +++ b/docs/passwordsecure/9.1/enduser/createnewentry.md @@ -23,11 +23,11 @@ Step 3 – Let`s fill out the website form in this example. - Set a description for your stored password. -![description](/img/product_docs/accessanalyzer/11.6/admin/action/servicenow/description.webp) +![description](/img/product_docs/passwordsecure/9.1/enduser/description.webp) - Enter the username or email address needed for login. -![username](/img/product_docs/threatprevention/7.4/eperestsite/username.webp) +![username](/img/product_docs/passwordsecure/9.1/enduser/username.webp) - Enter the password manually or use the password generator by clicking on the button in the middle (high number). The password generator will open. @@ -43,10 +43,10 @@ password. - Enter the website URL that leads to the login. -![websiteurl](/img/product_docs/accessanalyzer/11.6/admin/settings/websiteurl.webp) +![websiteurl](/img/product_docs/passwordsecure/9.1/enduser/websiteurl.webp) - Add one or more tags to categorize your password and find it easier (i.e., "HR" or "Internet"). -![tags](/img/product_docs/threatprevention/7.4/admin/tags/tags.webp) +![tags](/img/product_docs/passwordsecure/9.1/enduser/tags.webp) Step 4 – Click **Save**, and you are done! diff --git a/docs/passwordsecure/9.1/enduser/organizepasswords.md b/docs/passwordsecure/9.1/enduser/organizepasswords.md index c16aa77e00..7387736822 100644 --- a/docs/passwordsecure/9.1/enduser/organizepasswords.md +++ b/docs/passwordsecure/9.1/enduser/organizepasswords.md @@ -14,7 +14,7 @@ Step 1 – Click on the **Plus** sign and a form will open. Step 2 – You can now search for a specific organizational unit by clicking on the tree on the left or use the search field to find the unit you need. -![search](/img/product_docs/accessanalyzer/11.6/admin/report/interactivegrids/search.webp) +![search](/img/product_docs/passwordsecure/9.1/enduser/search.webp) Step 3 – Click **OK** to close the form and your new team tab will open automatically. @@ -30,7 +30,7 @@ To find a password, just use the search field and enter a tag like the departmen are in (i.e., "Marketing"). Netwrix Password Secure now not only is searching for tags, but also for “Marketing” in all Netwrix Password Secure fields (i.e., Content Marketing). -![searchresults](/img/product_docs/activitymonitor/7.1/admin/search/results/searchresults.webp) +![searchresults](/img/product_docs/passwordsecure/9.1/enduser/searchresults.webp) NOTE: Optimize your search results by using the **minus sign (-)** to exclude terms: Only results in which this word does not appear will be displayed (i.e., all social media accounts that are used diff --git a/docs/passwordsecure/9.2/enduser/createnewentry.md b/docs/passwordsecure/9.2/enduser/createnewentry.md index e179063cc1..14df01ede4 100644 --- a/docs/passwordsecure/9.2/enduser/createnewentry.md +++ b/docs/passwordsecure/9.2/enduser/createnewentry.md @@ -23,11 +23,11 @@ Step 3 – Let`s fill out the website form in this example. - Set a description for your stored password. -![description](/img/product_docs/accessanalyzer/12.0/admin/action/servicenow/description.webp) +![description](/img/product_docs/passwordsecure/9.2/enduser/description.webp) - Enter the username or email address needed for login. -![username](/img/product_docs/threatprevention/7.5/eperestsite/username.webp) +![username](/img/product_docs/passwordsecure/9.2/enduser/username.webp) - Enter the password manually or use the password generator by clicking on the button in the middle (high number). The password generator will open. @@ -42,10 +42,10 @@ password. - Enter the website URL that leads to the login. -![websiteurl](/img/product_docs/accessanalyzer/12.0/admin/settings/websiteurl.webp) +![websiteurl](/img/product_docs/passwordsecure/9.2/enduser/websiteurl.webp) - Add one or more tags to categorize your password and find it easier (i.e., "HR" or "Internet"). -![tags](/img/product_docs/threatprevention/7.5/admin/tags/tags.webp) +![tags](/img/product_docs/passwordsecure/9.2/enduser/tags.webp) Step 4 – Click **Save**, and you are done! diff --git a/docs/passwordsecure/9.2/enduser/organizepasswords.md b/docs/passwordsecure/9.2/enduser/organizepasswords.md index 7f52d6f56b..5929885488 100644 --- a/docs/passwordsecure/9.2/enduser/organizepasswords.md +++ b/docs/passwordsecure/9.2/enduser/organizepasswords.md @@ -14,7 +14,7 @@ Step 1 – Click on the **Plus** sign and a form will open. Step 2 – You can now search for a specific organizational unit by clicking on the tree on the left or use the search field to find the unit you need. -![search](/img/product_docs/threatprevention/7.5/reportingmodule/configuration/integrations/search.webp) +![search](/img/product_docs/passwordsecure/9.2/enduser/search.webp) Step 3 – Click **OK** to close the form and your new team tab will open automatically. @@ -30,7 +30,7 @@ To find a password, just use the search field and enter a tag like the departmen are in (i.e., "Marketing"). Netwrix Password Secure now not only is searching for tags, but also for “Marketing” in all Netwrix Password Secure fields (i.e., Content Marketing). -![searchresults](/img/product_docs/activitymonitor/8.0/admin/search/results/searchresults.webp) +![searchresults](/img/product_docs/passwordsecure/9.2/enduser/searchresults.webp) NOTE: Optimize your search results by using the **minus sign (-)** to exclude terms: Only results in which this word does not appear will be displayed (i.e., all social media accounts that are used diff --git a/docs/platgovsalesforce/tech_debt/tech_debt_change_monitoring.md b/docs/platgovsalesforce/tech_debt/tech_debt_change_monitoring.md index 0a34e0780e..cdb536192a 100644 --- a/docs/platgovsalesforce/tech_debt/tech_debt_change_monitoring.md +++ b/docs/platgovsalesforce/tech_debt/tech_debt_change_monitoring.md @@ -127,7 +127,7 @@ the policy. 1. Open **Customizations**. 2. Search for **Customizations** **CustomObject**. - ![Search for Customizations > CustomObject](/img/product_docs/threatprevention/7.5/reportingmodule/configuration/integrations/search.webp) + ![Search for Customizations > CustomObject](/img/product_docs/platgovsalesforce/tech_debt/search.webp) 3. Open the Customization to add to a policy. 4. Click **Set Policy**. diff --git a/docs/privilegesecure/4.1/accessmanagement/admin/access/myactivities.md b/docs/privilegesecure/4.1/accessmanagement/admin/access/myactivities.md index 373492967f..9c52f26c82 100644 --- a/docs/privilegesecure/4.1/accessmanagement/admin/access/myactivities.md +++ b/docs/privilegesecure/4.1/accessmanagement/admin/access/myactivities.md @@ -3,7 +3,7 @@ The Access > My Activities page displays activities mapped to the user as individual cards, organized alphabetically or by Access Policy. -![My Activities Page](/img/product_docs/privilegesecure/4.1/accessmanagement/install/myactivities.webp) +![My Activities Page](/img/product_docs/privilegesecure/4.1/accessmanagement/admin/access/myactivities.webp) To access the My Activities page, open the Access interface. If there is only a single activity card present on this page that activity will open automatically. diff --git a/docs/privilegesecure/4.1/accessmanagement/admin/auditreporting/interface.md b/docs/privilegesecure/4.1/accessmanagement/admin/auditreporting/interface.md index 7cd901cd85..96d53b8584 100644 --- a/docs/privilegesecure/4.1/accessmanagement/admin/auditreporting/interface.md +++ b/docs/privilegesecure/4.1/accessmanagement/admin/auditreporting/interface.md @@ -4,7 +4,7 @@ The Audit and Reporting interface provides auditing and reporting tools to inter activity data in the Privilege Secure Console. This chapter explains the interface features and how to use them. -![interface](/img/product_docs/threatprevention/7.4/reportingmodule/interface.webp) +![interface](/img/product_docs/privilegesecure/4.1/accessmanagement/admin/auditreporting/interface.webp) Click Audit and Reporting to expand the menu. Settings can be configured for: diff --git a/docs/privilegesecure/4.1/accessmanagement/admin/auditreporting/page/accesscertification.md b/docs/privilegesecure/4.1/accessmanagement/admin/auditreporting/page/accesscertification.md index 779e759220..568c0bd731 100644 --- a/docs/privilegesecure/4.1/accessmanagement/admin/auditreporting/page/accesscertification.md +++ b/docs/privilegesecure/4.1/accessmanagement/admin/auditreporting/page/accesscertification.md @@ -5,7 +5,7 @@ user access. Only User(s) / group member(s) assigned the Admin Role can create a tasks. User(s) / group member(s) with the Reviewer role will see the access certification task(s) assigned to them here. -![Access Certification Page](/img/product_docs/threatprevention/7.4/reportingmodule/configuration/systemsettings/page.webp) +![Access Certification Page](/img/product_docs/privilegesecure/4.1/accessmanagement/admin/auditreporting/page/page.webp) On the left of the page, the Access Certification Task list shows the different access certification tasks and has the following features: diff --git a/docs/privilegesecure/4.1/accessmanagement/admin/auditreporting/tab/users.md b/docs/privilegesecure/4.1/accessmanagement/admin/auditreporting/tab/users.md index b90f281eb8..21a66574e0 100644 --- a/docs/privilegesecure/4.1/accessmanagement/admin/auditreporting/tab/users.md +++ b/docs/privilegesecure/4.1/accessmanagement/admin/auditreporting/tab/users.md @@ -3,7 +3,7 @@ The Users tab shows the users and groups in the selected access certification task for which the reviewer must certify access entitlement. -![userstab](/img/product_docs/activitymonitor/7.1/admin/monitoreddomains/admonitoringconfiguration/userstab.webp) +![userstab](/img/product_docs/privilegesecure/4.1/accessmanagement/admin/auditreporting/tab/userstab.webp) The Users table has the following features: diff --git a/docs/privilegesecure/4.1/accessmanagement/admin/configuration/interface.md b/docs/privilegesecure/4.1/accessmanagement/admin/configuration/interface.md index ed111b0d12..0c8222536c 100644 --- a/docs/privilegesecure/4.1/accessmanagement/admin/configuration/interface.md +++ b/docs/privilegesecure/4.1/accessmanagement/admin/configuration/interface.md @@ -3,7 +3,7 @@ The Configuration interface provides information and management options for advanced configuration settings. -![Configuration Interface](/img/product_docs/threatprevention/7.4/reportingmodule/interface.webp) +![Configuration Interface](/img/product_docs/privilegesecure/4.1/accessmanagement/admin/configuration/interface.webp) Expand the Configuration menu in the Navigation pane for related pages: diff --git a/docs/privilegesecure/4.1/accessmanagement/admin/configuration/page/siemtemplates.md b/docs/privilegesecure/4.1/accessmanagement/admin/configuration/page/siemtemplates.md index 7d686aeb0f..5e75dd276d 100644 --- a/docs/privilegesecure/4.1/accessmanagement/admin/configuration/page/siemtemplates.md +++ b/docs/privilegesecure/4.1/accessmanagement/admin/configuration/page/siemtemplates.md @@ -8,7 +8,7 @@ Two out of the box templates are provided for most common use cases, CEF and LEE be configured according to the requirements of the target SIEM solution, and the specific event data that needs to be sent. -![SIEM Templates Page](/img/product_docs/threatprevention/7.4/admin/configuration/systemalerting/siemtemplates.webp) +![SIEM Templates Page](/img/product_docs/privilegesecure/4.1/accessmanagement/admin/configuration/page/siemtemplates.webp) ## Custom SIEM Templates diff --git a/docs/privilegesecure/4.1/accessmanagement/admin/configuration/servicetype/proxy.md b/docs/privilegesecure/4.1/accessmanagement/admin/configuration/servicetype/proxy.md index 6d36e4cb1a..dc87a52d98 100644 --- a/docs/privilegesecure/4.1/accessmanagement/admin/configuration/servicetype/proxy.md +++ b/docs/privilegesecure/4.1/accessmanagement/admin/configuration/servicetype/proxy.md @@ -2,7 +2,7 @@ The Proxy Service page shows the details of the selected service on the host. -![Proxy Service Page](/img/product_docs/threatprevention/7.4/reportingmodule/configuration/systemsettings/page.webp) +![Proxy Service Page](/img/product_docs/privilegesecure/4.1/accessmanagement/admin/configuration/servicetype/page_1.webp) The Proxy Service page lists the properties for the selected proxy service: diff --git a/docs/privilegesecure/4.1/accessmanagement/admin/dashboard/credentials.md b/docs/privilegesecure/4.1/accessmanagement/admin/dashboard/credentials.md index 3bff2afcd5..17b335b339 100644 --- a/docs/privilegesecure/4.1/accessmanagement/admin/dashboard/credentials.md +++ b/docs/privilegesecure/4.1/accessmanagement/admin/dashboard/credentials.md @@ -7,7 +7,7 @@ the application. This includes managed user accounts created by activity session dashboard displays the same information as the [Credentials Page](/docs/privilegesecure/4.1/accessmanagement/admin/policy/page/credentials.md). -![Credentials Dashboard Page](/img/product_docs/activitymonitor/7.1/install/agent/credentials.webp) +![Credentials Dashboard Page](/img/product_docs/privilegesecure/4.1/accessmanagement/admin/dashboard/credentials.webp) The dashboard has the following features: diff --git a/docs/privilegesecure/4.1/accessmanagement/admin/dashboard/overview.md b/docs/privilegesecure/4.1/accessmanagement/admin/dashboard/overview.md index 6096185290..50918ed7ba 100644 --- a/docs/privilegesecure/4.1/accessmanagement/admin/dashboard/overview.md +++ b/docs/privilegesecure/4.1/accessmanagement/admin/dashboard/overview.md @@ -3,7 +3,7 @@ The Dashboard interface displays an overview of activity sessions, users, resources and related information. -![Dashboard Interface](/img/product_docs/threatprevention/7.4/reportingmodule/interface.webp) +![Dashboard Interface](/img/product_docs/privilegesecure/4.1/accessmanagement/admin/dashboard/interface.webp) The overview section shows information for the following: diff --git a/docs/privilegesecure/4.1/accessmanagement/admin/dashboard/resources.md b/docs/privilegesecure/4.1/accessmanagement/admin/dashboard/resources.md index f237f17080..31a15b84ca 100644 --- a/docs/privilegesecure/4.1/accessmanagement/admin/dashboard/resources.md +++ b/docs/privilegesecure/4.1/accessmanagement/admin/dashboard/resources.md @@ -5,7 +5,7 @@ sessions, policies, and service accounts for the host resources and domain resou added to the console. The Resources dashboard displays the same information as the [Resources Page](/docs/privilegesecure/4.1/accessmanagement/admin/policy/page/resources.md). -![Resources Dashboard Page](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/resources.webp) +![Resources Dashboard Page](/img/product_docs/privilegesecure/4.1/accessmanagement/admin/dashboard/resources.webp) The Resources table has the following features: diff --git a/docs/privilegesecure/4.1/accessmanagement/admin/policy/add/connectionprofile.md b/docs/privilegesecure/4.1/accessmanagement/admin/policy/add/connectionprofile.md index 04c075c20a..752789c28a 100644 --- a/docs/privilegesecure/4.1/accessmanagement/admin/policy/add/connectionprofile.md +++ b/docs/privilegesecure/4.1/accessmanagement/admin/policy/add/connectionprofile.md @@ -8,7 +8,7 @@ topic for detailed descriptions of the fields. **Step 2 –** In the Connection Profiles list, click the **Plus** icon. -![Add Connection Profile](/img/product_docs/accessanalyzer/11.6/admin/settings/connection/profile/addconnectionprofile.webp) +![Add Connection Profile](/img/product_docs/privilegesecure/4.1/accessmanagement/admin/policy/add/addconnectionprofile.webp) **Step 3 –** Enter the desired information to configure a new connection profile. diff --git a/docs/privilegesecure/4.1/accessmanagement/admin/policy/interface.md b/docs/privilegesecure/4.1/accessmanagement/admin/policy/interface.md index 3e2b1fd3eb..b53c64cfd9 100644 --- a/docs/privilegesecure/4.1/accessmanagement/admin/policy/interface.md +++ b/docs/privilegesecure/4.1/accessmanagement/admin/policy/interface.md @@ -4,7 +4,7 @@ The Policy interface provides users with options for creating access policies, i activity sessions, onboarding and managing users, groups, resources, and credentials. This topic explains the interface features and how to use them. -![Admin Policy Interface](/img/product_docs/threatprevention/7.4/reportingmodule/interface.webp) +![Admin Policy Interface](/img/product_docs/privilegesecure/4.1/accessmanagement/admin/policy/interface.webp) Select the Policy interface for related pages: diff --git a/docs/privilegesecure/4.1/accessmanagement/admin/policy/page/accesspolicy.md b/docs/privilegesecure/4.1/accessmanagement/admin/policy/page/accesspolicy.md index 2fe619223f..fbe94106af 100644 --- a/docs/privilegesecure/4.1/accessmanagement/admin/policy/page/accesspolicy.md +++ b/docs/privilegesecure/4.1/accessmanagement/admin/policy/page/accesspolicy.md @@ -4,7 +4,7 @@ The Access Policies page is accessible from the Navigation pane underPolicyPolic configured access policies, which are used to control which users can complete which activities on which resources. -![Access Policy Page](/img/product_docs/threatprevention/7.4/reportingmodule/configuration/systemsettings/page.webp) +![Access Policy Page](/img/product_docs/privilegesecure/4.1/accessmanagement/admin/policy/page/page.webp) The pane on the left side of the page displays a list of the configured access policies. This pane has the following features: diff --git a/docs/privilegesecure/4.1/accessmanagement/admin/policy/page/activitytokencomplexity.md b/docs/privilegesecure/4.1/accessmanagement/admin/policy/page/activitytokencomplexity.md index 51a25181cc..bd1179cbd8 100644 --- a/docs/privilegesecure/4.1/accessmanagement/admin/policy/page/activitytokencomplexity.md +++ b/docs/privilegesecure/4.1/accessmanagement/admin/policy/page/activitytokencomplexity.md @@ -4,7 +4,7 @@ The Activity Token Complexity Policy page is accessible from the Navigation pane underPolicyPolicies>Activity Token ComplexityAccess Policies. It shows the configuration options for managing the complexity of activity tokens for connection profiles. -![Activity Token Complexity Page](/img/product_docs/threatprevention/7.4/reportingmodule/configuration/systemsettings/page.webp) +![Activity Token Complexity Page](/img/product_docs/privilegesecure/4.1/accessmanagement/admin/policy/page/page_1.webp) The pane on the left side of the page displays a list of the configured activity token complexity policies. This pane has the following features: diff --git a/docs/privilegesecure/4.1/accessmanagement/admin/policy/page/connectionprofiles.md b/docs/privilegesecure/4.1/accessmanagement/admin/policy/page/connectionprofiles.md index c2b15ca7cb..24ad45ad7d 100644 --- a/docs/privilegesecure/4.1/accessmanagement/admin/policy/page/connectionprofiles.md +++ b/docs/privilegesecure/4.1/accessmanagement/admin/policy/page/connectionprofiles.md @@ -5,7 +5,7 @@ Profile. It shows the configuration options for managing the session of the sele An approval workflow can be configured so that the session must be approved before the requestor of the session can log in. -![Connection Profiles Page](/img/product_docs/threatprevention/7.4/reportingmodule/configuration/systemsettings/page.webp) +![Connection Profiles Page](/img/product_docs/privilegesecure/4.1/accessmanagement/admin/policy/page/page_2.webp) The pane on the left side of the page displays a list of the configured connection profiles. This pane has the following features: diff --git a/docs/privilegesecure/4.1/accessmanagement/admin/policy/page/passwordcomplexity.md b/docs/privilegesecure/4.1/accessmanagement/admin/policy/page/passwordcomplexity.md index a4a6dd15ed..354280120b 100644 --- a/docs/privilegesecure/4.1/accessmanagement/admin/policy/page/passwordcomplexity.md +++ b/docs/privilegesecure/4.1/accessmanagement/admin/policy/page/passwordcomplexity.md @@ -18,7 +18,7 @@ fail. Create password policies and configure the password complexity requirements on this page. The password policy only applies to managed accounts created by Privilege Secure. -![Password Complexity Page](/img/product_docs/threatprevention/7.4/reportingmodule/configuration/systemsettings/page.webp) +![Password Complexity Page](/img/product_docs/privilegesecure/4.1/accessmanagement/admin/policy/page/page_5.webp) The pane on the left side of the page displays a list of the configured password complexity policies. This pane has the following features: diff --git a/docs/privilegesecure/4.1/accessmanagement/admin/policy/page/platforms/activedirectory.md b/docs/privilegesecure/4.1/accessmanagement/admin/policy/page/platforms/activedirectory.md index 8472546b6f..e7b40c6d2b 100644 --- a/docs/privilegesecure/4.1/accessmanagement/admin/policy/page/platforms/activedirectory.md +++ b/docs/privilegesecure/4.1/accessmanagement/admin/policy/page/platforms/activedirectory.md @@ -2,7 +2,7 @@ The Active Directory menu displays the configuration options for Active Directory platforms. -![Active Directory Platform Configuration](/img/product_docs/accessanalyzer/11.6/admin/hostdiscovery/wizard/activedirectory.webp) +![Active Directory Platform Configuration](/img/product_docs/privilegesecure/4.1/accessmanagement/admin/policy/page/platforms/activedirectory.webp) Details for the selected platform are displayed on the right side of the page. Below are the configuration options for an Active Directory Platform. diff --git a/docs/privilegesecure/4.1/accessmanagement/admin/policy/page/platforms/entraid.md b/docs/privilegesecure/4.1/accessmanagement/admin/policy/page/platforms/entraid.md index d7eb0050aa..a580d297dd 100644 --- a/docs/privilegesecure/4.1/accessmanagement/admin/policy/page/platforms/entraid.md +++ b/docs/privilegesecure/4.1/accessmanagement/admin/policy/page/platforms/entraid.md @@ -3,7 +3,7 @@ The Microsoft Entra ID (formerly Azure AD) menu displays the configuration options for Microsoft Entra ID platforms. -![Azure AD Platform Configuration](/img/product_docs/activitymonitor/7.1/admin/outputs/azuread.webp) +![Azure AD Platform Configuration](/img/product_docs/privilegesecure/4.1/accessmanagement/admin/policy/page/platforms/azuread.webp) Details for the selected platform are displayed on the right side of the page. Below are the configuration options for an Microsoft Entra ID Platform. diff --git a/docs/privilegesecure/4.1/accessmanagement/admin/policy/page/platforms/linux.md b/docs/privilegesecure/4.1/accessmanagement/admin/policy/page/platforms/linux.md index 0f73d30f48..0a5cfd3f3c 100644 --- a/docs/privilegesecure/4.1/accessmanagement/admin/policy/page/platforms/linux.md +++ b/docs/privilegesecure/4.1/accessmanagement/admin/policy/page/platforms/linux.md @@ -2,7 +2,7 @@ The Linux menu displays the configuration options for Linux platforms. -![Linux Platform Configuration](/img/product_docs/activitymonitor/7.1/admin/outputs/linux.webp) +![Linux Platform Configuration](/img/product_docs/privilegesecure/4.1/accessmanagement/admin/policy/page/platforms/linux.webp) Details for the selected platform are displayed on the right side of the page. Below are the configuration options for a Linux Platform. diff --git a/docs/privilegesecure/4.1/accessmanagement/admin/policy/page/platforms/oracle.md b/docs/privilegesecure/4.1/accessmanagement/admin/policy/page/platforms/oracle.md index 424931bb63..08bacb170f 100644 --- a/docs/privilegesecure/4.1/accessmanagement/admin/policy/page/platforms/oracle.md +++ b/docs/privilegesecure/4.1/accessmanagement/admin/policy/page/platforms/oracle.md @@ -2,7 +2,7 @@ The Oracle menu displays the configuration options for Oracle platforms. -![Oracle Platform Configuration](/img/product_docs/accessanalyzer/11.6/admin/settings/connection/profile/oracle.webp) +![Oracle Platform Configuration](/img/product_docs/privilegesecure/4.1/accessmanagement/admin/policy/page/platforms/oracle.webp) Details for the selected platform are displayed on the right side of the page. Below are the configuration options for an Oracle Platform. diff --git a/docs/privilegesecure/4.1/accessmanagement/admin/policy/page/platforms/overview.md b/docs/privilegesecure/4.1/accessmanagement/admin/policy/page/platforms/overview.md index 68d81f7bc7..2ccc5584b0 100644 --- a/docs/privilegesecure/4.1/accessmanagement/admin/policy/page/platforms/overview.md +++ b/docs/privilegesecure/4.1/accessmanagement/admin/policy/page/platforms/overview.md @@ -4,7 +4,7 @@ The Platforms page is accessible from the Navigation pane under Policies. The me displays all the supported platform types and previously configured platforms. This allows administrators to apply default configurations across all resources defined by that platform type. -![Platforms Page](/img/product_docs/accessanalyzer/11.6/admin/hostdiscovery/wizard/activedirectory.webp) +![Platforms Page](/img/product_docs/privilegesecure/4.1/accessmanagement/admin/policy/page/platforms/activedirectory.webp) The pane on the left side of the page displays a list of the configured platforms. The pane has the following features: diff --git a/docs/privilegesecure/4.1/accessmanagement/admin/policy/page/platforms/windows.md b/docs/privilegesecure/4.1/accessmanagement/admin/policy/page/platforms/windows.md index 7801fa373d..e18be82f2e 100644 --- a/docs/privilegesecure/4.1/accessmanagement/admin/policy/page/platforms/windows.md +++ b/docs/privilegesecure/4.1/accessmanagement/admin/policy/page/platforms/windows.md @@ -2,7 +2,7 @@ The Windows menu displays the configuration options for Windows platforms. -![Windows Platform Configuration](/img/product_docs/activitymonitor/7.1/admin/monitoredhosts/properties/windows.webp) +![Windows Platform Configuration](/img/product_docs/privilegesecure/4.1/accessmanagement/admin/policy/page/platforms/windows.webp) Details for the selected platform are displayed on the right side of the page. Below are the configuration options for a Windows Platform. diff --git a/docs/privilegesecure/4.1/accessmanagement/admin/policy/page/protectionpolicies.md b/docs/privilegesecure/4.1/accessmanagement/admin/policy/page/protectionpolicies.md index 31714c8766..7cd35a430a 100644 --- a/docs/privilegesecure/4.1/accessmanagement/admin/policy/page/protectionpolicies.md +++ b/docs/privilegesecure/4.1/accessmanagement/admin/policy/page/protectionpolicies.md @@ -21,7 +21,7 @@ the session completes, instead of waiting for the scheduled sync. See the [Activities Page](/docs/privilegesecure/4.1/accessmanagement/admin/policy/page/activities.md) topic for additional information. -![Protection policies page](/img/product_docs/threatprevention/7.4/reportingmodule/configuration/systemsettings/page.webp) +![Protection policies page](/img/product_docs/privilegesecure/4.1/accessmanagement/admin/policy/page/page_4.webp) The pane on the left side of the page displays a list of the configured protection policies. This pane has the following features: diff --git a/docs/privilegesecure/4.1/accessmanagement/admin/policy/page/schedulepolicies.md b/docs/privilegesecure/4.1/accessmanagement/admin/policy/page/schedulepolicies.md index f378fbfcaf..065af7f691 100644 --- a/docs/privilegesecure/4.1/accessmanagement/admin/policy/page/schedulepolicies.md +++ b/docs/privilegesecure/4.1/accessmanagement/admin/policy/page/schedulepolicies.md @@ -19,7 +19,7 @@ Schedules can be applied: - Verification — Check that the passwords for managed accounts match the credentials set by Privilege Secure -![Schedule Policies Page](/img/product_docs/threatprevention/7.4/reportingmodule/configuration/systemsettings/page.webp) +![Schedule Policies Page](/img/product_docs/privilegesecure/4.1/accessmanagement/admin/policy/page/page_3.webp) The pane on the left side of the page displays a list of the configured schedule policies. This pane has the following features: diff --git a/docs/privilegesecure/4.1/accessmanagement/admin/policy/tab/policyprotection/resources.md b/docs/privilegesecure/4.1/accessmanagement/admin/policy/tab/policyprotection/resources.md index d313ee7321..299a74a190 100644 --- a/docs/privilegesecure/4.1/accessmanagement/admin/policy/tab/policyprotection/resources.md +++ b/docs/privilegesecure/4.1/accessmanagement/admin/policy/tab/policyprotection/resources.md @@ -2,7 +2,7 @@ The Resources tab shows the resources associated with the selected protection policy. -![Protection policy resources tab](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/resources.webp) +![Protection policy resources tab](/img/product_docs/privilegesecure/4.1/accessmanagement/admin/policy/tab/policyprotection/resources.webp) The Resources table has the following features: diff --git a/docs/privilegesecure/4.1/accessmanagement/admin/policy/tab/policyprotection/schedule.md b/docs/privilegesecure/4.1/accessmanagement/admin/policy/tab/policyprotection/schedule.md index 45af3587d3..782c0feeea 100644 --- a/docs/privilegesecure/4.1/accessmanagement/admin/policy/tab/policyprotection/schedule.md +++ b/docs/privilegesecure/4.1/accessmanagement/admin/policy/tab/policyprotection/schedule.md @@ -4,7 +4,7 @@ The Schedule tab shows the schedule tasks for the resources in the selected prot protection policy schedule is run based on the platform type configuration on the [Platforms Page](/docs/privilegesecure/4.1/accessmanagement/admin/policy/page/platforms/overview.md). -![schedule](/img/product_docs/accessanalyzer/11.6/admin/settings/schedule.webp) +![schedule](/img/product_docs/privilegesecure/4.1/accessmanagement/admin/policy/tab/policyprotection/schedule.webp) The Schedule tab has the following features: diff --git a/docs/privilegesecure/4.1/accessmanagement/admin/policy/tab/policyresource/users.md b/docs/privilegesecure/4.1/accessmanagement/admin/policy/tab/policyresource/users.md index e0a42dc111..9ee780f158 100644 --- a/docs/privilegesecure/4.1/accessmanagement/admin/policy/tab/policyresource/users.md +++ b/docs/privilegesecure/4.1/accessmanagement/admin/policy/tab/policyresource/users.md @@ -2,7 +2,7 @@ The Users tab shows the users and groups associated with the selected access policy. -![Resource based policy users tab](/img/product_docs/activitymonitor/7.1/admin/monitoreddomains/admonitoringconfiguration/userstab.webp) +![Resource based policy users tab](/img/product_docs/privilegesecure/4.1/accessmanagement/admin/policy/tab/policyresource/userstab.webp) The Users tab has the following features: diff --git a/docs/privilegesecure/4.1/accessmanagement/admin/policy/window/activities/addaction.md b/docs/privilegesecure/4.1/accessmanagement/admin/policy/window/activities/addaction.md index f031deb9b1..d6bdca4bef 100644 --- a/docs/privilegesecure/4.1/accessmanagement/admin/policy/window/activities/addaction.md +++ b/docs/privilegesecure/4.1/accessmanagement/admin/policy/window/activities/addaction.md @@ -16,7 +16,7 @@ part. Follow the instructions to add actions to the activity. These actions may be paired with a corresponding Pre-Session action. -![addactionwindow](/img/product_docs/threatprevention/7.4/admin/policies/actions/addactionwindow.webp) +![addactionwindow](/img/product_docs/privilegesecure/4.1/accessmanagement/admin/policy/window/activities/addactionwindow.webp) **Step 4 –** Complete the following fields: diff --git a/docs/privilegesecure/4.1/accessmanagement/admin/policy/window/credentials/addcredentials.md b/docs/privilegesecure/4.1/accessmanagement/admin/policy/window/credentials/addcredentials.md index dd791bb04c..a90fb162ce 100644 --- a/docs/privilegesecure/4.1/accessmanagement/admin/policy/window/credentials/addcredentials.md +++ b/docs/privilegesecure/4.1/accessmanagement/admin/policy/window/credentials/addcredentials.md @@ -4,7 +4,7 @@ The Add Credentials window provides a list of Credentials that have been onboard already present in the collection.. Credentials are onboarded in the [Credentials Page](/docs/privilegesecure/4.1/accessmanagement/admin/policy/page/credentials.md). -![Add Credentials Window](/img/product_docs/privilegesecure/4.1/accessmanagement/admin/policy/window/accesspolicy/addcredentials.webp) +![Add Credentials Window](/img/product_docs/privilegesecure/4.1/accessmanagement/admin/policy/window/credentials/addcredentials.webp) The window has the following features: diff --git a/docs/privilegesecure/4.1/accessmanagement/enduser/dashboard/historical.md b/docs/privilegesecure/4.1/accessmanagement/enduser/dashboard/historical.md index 34f8f08fd0..630cdb28d2 100644 --- a/docs/privilegesecure/4.1/accessmanagement/enduser/dashboard/historical.md +++ b/docs/privilegesecure/4.1/accessmanagement/enduser/dashboard/historical.md @@ -2,7 +2,7 @@ The Historical sessions dashboard shows all created sessions and their status. -![Historical Dashboard](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/historicaldashboard.webp) +![Historical Dashboard](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/dashboard/historicaldashboard.webp) The Historical Sessions table has the following features: diff --git a/docs/privilegesecure/4.1/accessmanagement/enduser/navigation.md b/docs/privilegesecure/4.1/accessmanagement/enduser/navigation.md index d5087ccf4c..9df18b47a9 100644 --- a/docs/privilegesecure/4.1/accessmanagement/enduser/navigation.md +++ b/docs/privilegesecure/4.1/accessmanagement/enduser/navigation.md @@ -42,13 +42,13 @@ Interface Icons | Icon | Interface | | ---------------------------------------------------------------------------------------------------------------------------- | ------------------- | -| ![myactivities](/img/product_docs/privilegesecure/4.1/accessmanagement/install/myactivities.webp) | My Activities | +| ![myactivities](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/myactivities.webp) | My Activities | | ![dashboard](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/dashboard.webp) | Dashboard | -| ![policy](/img/product_docs/threatprevention/7.4/admin/configuration/databasemaintenance/policy.webp) | Policy | -| ![users](/img/product_docs/activitymonitor/7.1/admin/monitoreddomains/admonitoringconfiguration/users.webp) | Users & Groups | +| ![policy](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/policy.webp) | Policy | +| ![users](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/users.webp) | Users & Groups | | ![resources](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/resources.webp) | Resources | -| ![credentials](/img/product_docs/activitymonitor/7.1/install/agent/credentials.webp) | Credentials | -| ![activities](/img/product_docs/accessanalyzer/11.6/admin/hostdiscovery/activities.webp) | Activities | +| ![credentials](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/credentials.webp) | Credentials | +| ![activities](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/activities.webp) | Activities | | ![configuration](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/configuration.webp) | Configuration | | ![servicenodes](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/servicenodes.webp) | Service Nodes | | ![auditreporting](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/auditreporting.webp) | Audit and Reporting | diff --git a/docs/privilegesecure/4.1/accessmanagement/install/actionservice.md b/docs/privilegesecure/4.1/accessmanagement/install/actionservice.md index 6710fbb5ac..206780fc2d 100644 --- a/docs/privilegesecure/4.1/accessmanagement/install/actionservice.md +++ b/docs/privilegesecure/4.1/accessmanagement/install/actionservice.md @@ -31,11 +31,11 @@ server. **Step 3 –** Open the NPS.ActionService.exe and the Netwrix Privilege Secure Action Service Setup wizard will open. -![licenseagreement](/img/product_docs/threatprevention/7.4/install/licenseagreement.webp) +![licenseagreement](/img/product_docs/privilegesecure/4.1/accessmanagement/install/licenseagreement_3.webp) **Step 4 –** To install the Action Service in an alternate location, click **Options**. -![installlocation](/img/product_docs/activitymonitor/7.1/install/agent/installlocation.webp) +![installlocation](/img/product_docs/privilegesecure/4.1/accessmanagement/install/installlocation.webp) **Step 5 –** Enter the destination folder for installation and click OK. diff --git a/docs/privilegesecure/4.1/accessmanagement/install/firstlaunch.md b/docs/privilegesecure/4.1/accessmanagement/install/firstlaunch.md index e6932690d3..ea626e88c7 100644 --- a/docs/privilegesecure/4.1/accessmanagement/install/firstlaunch.md +++ b/docs/privilegesecure/4.1/accessmanagement/install/firstlaunch.md @@ -12,7 +12,7 @@ Symantec VIP, etc.) ready to setup for this account through the wizard. There are two methods for launching the Setup Wizard: -![Netwrix Privilege Secure desktop icon](/img/product_docs/threatprevention/7.4/install/desktopicon.webp) +![Netwrix Privilege Secure desktop icon](/img/product_docs/privilegesecure/4.1/accessmanagement/install/desktopicon.webp) - Double-click the desktop icon. Your default browser opens to the Setup Wizard. - Open a supported browser window and navigate to the following URL, which opens the Setup Wizard: @@ -43,7 +43,7 @@ Follow the steps to walk through the Setup Wizard. **Step 1 –** Launch the  Setup Wizard. -![Setup Wizard on the Welcome page](/img/product_docs/activitymonitor/7.1/install/welcome.webp) +![Setup Wizard on the Welcome page](/img/product_docs/privilegesecure/4.1/accessmanagement/install/welcome.webp) **Step 2 –** Click **Let's get started**. diff --git a/docs/privilegesecure/4.1/accessmanagement/install/proxyservice.md b/docs/privilegesecure/4.1/accessmanagement/install/proxyservice.md index 19e36a453d..098b817b28 100644 --- a/docs/privilegesecure/4.1/accessmanagement/install/proxyservice.md +++ b/docs/privilegesecure/4.1/accessmanagement/install/proxyservice.md @@ -28,7 +28,7 @@ knowledge base article. **Step 2 –** Right-click on the installer and select Run as administrator. The Netwrix Privilege Secure Proxy Service Setup wizard opens. -![Netwrix Privileged Secure Proxy Service Setup wizard on the EULA page](/img/product_docs/threatprevention/7.4/install/licenseagreement.webp) +![Netwrix Privileged Secure Proxy Service Setup wizard on the EULA page](/img/product_docs/privilegesecure/4.1/accessmanagement/install/licenseagreement_2.webp) **Step 3 –** On the End User License Agreement page, check the I agree to the license terms and conditions box and click Options. @@ -49,7 +49,7 @@ C:\Program Files\Netwrix\Netwrix Privilege Secure Proxy Service **NOTE:** The installation process begins and the wizard displays the its Progress. This may take a few moments. -![Netwrix Privileged Secure Proxy Service Setup wizard on the Successfully Completed page](/img/product_docs/accessanalyzer/11.6/install/sensitivedatadiscovery/completed.webp) +![Netwrix Privileged Secure Proxy Service Setup wizard on the Successfully Completed page](/img/product_docs/privilegesecure/4.1/accessmanagement/install/completed_2.webp) **Step 6 –** When installation is complete, click Close. diff --git a/docs/privilegesecure/4.1/accessmanagement/install/schedulerservice.md b/docs/privilegesecure/4.1/accessmanagement/install/schedulerservice.md index c4d988265f..e33cf9de7d 100644 --- a/docs/privilegesecure/4.1/accessmanagement/install/schedulerservice.md +++ b/docs/privilegesecure/4.1/accessmanagement/install/schedulerservice.md @@ -23,7 +23,7 @@ server. **Step 3 –** Open the NPS.SchedulerService.exe and thePrivilege Secure Scheduler Service Setup wizard will open. -![licenseagreement](/img/product_docs/threatprevention/7.4/install/licenseagreement.webp) +![licenseagreement](/img/product_docs/privilegesecure/4.1/accessmanagement/install/licenseagreement_4.webp) **Step 4 –** To install the Scheduler Service in an alternate location, click **Options**. diff --git a/docs/privilegesecure/4.1/accessmanagement/install/setuplauncher.md b/docs/privilegesecure/4.1/accessmanagement/install/setuplauncher.md index bf98c9ac52..9c607ba2d4 100644 --- a/docs/privilegesecure/4.1/accessmanagement/install/setuplauncher.md +++ b/docs/privilegesecure/4.1/accessmanagement/install/setuplauncher.md @@ -30,11 +30,11 @@ wizard opens. **NOTE:** If PostgreSQL v12 is already installed, a green checkmark is displayed to the left of the Install PostgreSQL 12 button and you can install the Privilege Secure application. -![Stealthbits PostgreSQL v12 Setup Wizard on the Install page](/img/product_docs/threatprevention/7.4/install/upgrade/install.webp) +![Stealthbits PostgreSQL v12 Setup Wizard on the Install page](/img/product_docs/privilegesecure/4.1/accessmanagement/install/install.webp) **Step 2 –** On the Install page, click **Install**. -![Stealthbits PostgreSQL v12 Setup Wizard on the License Agreement page](/img/product_docs/threatprevention/7.4/install/licenseagreement.webp) +![Stealthbits PostgreSQL v12 Setup Wizard on the License Agreement page](/img/product_docs/privilegesecure/4.1/accessmanagement/install/licenseagreement.webp) **Step 3 –** On the End User License Agreement page, check the **I accept the license agreement** box and click **Next**. @@ -53,7 +53,7 @@ C:\Program Files\Stealthbits\Postgres12 **NOTE:** The installation process begins and the Setup wizard displays the its Progress. This may take a few moments. -![Stealthbits PostgreSQL v12 Setup Wizard on the Completed Successfully page](/img/product_docs/accessanalyzer/11.6/install/sensitivedatadiscovery/completed.webp) +![Stealthbits PostgreSQL v12 Setup Wizard on the Completed Successfully page](/img/product_docs/privilegesecure/4.1/accessmanagement/install/completed.webp) **Step 5 –** When installation is complete, click **Exit**. The Stealthbits PostgeSQL v12 Setup wizard closes. @@ -75,7 +75,7 @@ PostgreSQL Setup. Click Netwrix Privilege Secure Setup. **NOTE:** This window remains open in the background while the database is installed. -![Netwrix Privilege Secure Setup wizard on the License Agreement page](/img/product_docs/threatprevention/7.4/install/licenseagreement.webp) +![Netwrix Privilege Secure Setup wizard on the License Agreement page](/img/product_docs/privilegesecure/4.1/accessmanagement/install/licenseagreement_1.webp) **Step 2 –** On the End User License Agreement page, check the **I agree to the license terms and conditions** box and click **Options**. @@ -96,7 +96,7 @@ C:\Program Files\Stealthbits\PAM **NOTE:** The installation process begins and the wizard displays the its Progress. This may take a few moments. -![Netwrix Privilege Secure Setup wizard on the Completed Successfully page](/img/product_docs/accessanalyzer/11.6/install/sensitivedatadiscovery/completed.webp) +![Netwrix Privilege Secure Setup wizard on the Completed Successfully page](/img/product_docs/privilegesecure/4.1/accessmanagement/install/completed_1.webp) **Step 5 –** When installation is complete, click **Close**. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/access/myactivities.md b/docs/privilegesecure/4.2/accessmanagement/admin/access/myactivities.md index 85b805e558..ae598d5a1d 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/access/myactivities.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/access/myactivities.md @@ -3,7 +3,7 @@ The Access > My Activities page displays activities mapped to the user as individual cards, organized alphabetically or by Access Policy. -![My Activities Page](/img/product_docs/privilegesecure/4.2/accessmanagement/install/myactivities.webp) +![My Activities Page](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/access/myactivities.webp) To access the My Activities page, open the Access interface. If there is only a single activity card present on this page that activity will open automatically. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/auditreporting/interface.md b/docs/privilegesecure/4.2/accessmanagement/admin/auditreporting/interface.md index 88585dc327..400336dca0 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/auditreporting/interface.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/auditreporting/interface.md @@ -4,7 +4,7 @@ The Audit and Reporting interface provides auditing and reporting tools to inter activity data in the Privilege Secure Console. This chapter explains the interface features and how to use them. -![interface](/img/product_docs/threatprevention/7.5/reportingmodule/interface.webp) +![interface](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/auditreporting/interface.webp) Click Audit and Reporting to expand the menu. Settings can be configured for: diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/auditreporting/page/accesscertification.md b/docs/privilegesecure/4.2/accessmanagement/admin/auditreporting/page/accesscertification.md index 08690cc2f7..5be9310364 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/auditreporting/page/accesscertification.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/auditreporting/page/accesscertification.md @@ -5,7 +5,7 @@ user access. Only User(s) / group member(s) assigned the Admin Role can create a tasks. User(s) / group member(s) with the Reviewer role will see the access certification task(s) assigned to them here. -![Access Certification Page](/img/product_docs/threatprevention/7.5/reportingmodule/configuration/systemsettings/page.webp) +![Access Certification Page](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/auditreporting/page/page.webp) On the left of the page, the Access Certification Task list shows the different access certification tasks and has the following features: diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/auditreporting/tab/users.md b/docs/privilegesecure/4.2/accessmanagement/admin/auditreporting/tab/users.md index 50e8628a15..4b6a1742f1 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/auditreporting/tab/users.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/auditreporting/tab/users.md @@ -3,7 +3,7 @@ The Users tab shows the users and groups in the selected access certification task for which the reviewer must certify access entitlement. -![userstab](/img/product_docs/activitymonitor/8.0/admin/monitoreddomains/admonitoringconfiguration/userstab.webp) +![userstab](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/auditreporting/tab/userstab.webp) The Users table has the following features: diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/configuration/interface.md b/docs/privilegesecure/4.2/accessmanagement/admin/configuration/interface.md index 1dc0231408..b73d1b9017 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/configuration/interface.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/configuration/interface.md @@ -3,7 +3,7 @@ The Configuration interface provides information and management options for advanced configuration settings. -![Configuration Interface](/img/product_docs/threatprevention/7.5/reportingmodule/interface.webp) +![Configuration Interface](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/configuration/interface.webp) Expand the Configuration menu in the Navigation pane for related pages: diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/configuration/page/siemtemplates.md b/docs/privilegesecure/4.2/accessmanagement/admin/configuration/page/siemtemplates.md index 2a20392f96..9a909f642a 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/configuration/page/siemtemplates.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/configuration/page/siemtemplates.md @@ -8,7 +8,7 @@ Two out of the box templates are provided for most common use cases, CEF and LEE be configured according to the requirements of the target SIEM solution, and the specific event data that needs to be sent. Privilege Secure supports 1.0 versions of CEF and LEEF. -![SIEM Templates Page](/img/product_docs/threatprevention/7.5/admin/configuration/systemalerting/siemtemplates.webp) +![SIEM Templates Page](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/configuration/page/siemtemplates.webp) ## Custom SIEM Templates diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/configuration/servicetype/proxy.md b/docs/privilegesecure/4.2/accessmanagement/admin/configuration/servicetype/proxy.md index 7e99984da4..547d2e30a4 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/configuration/servicetype/proxy.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/configuration/servicetype/proxy.md @@ -2,7 +2,7 @@ The Proxy Service page shows the details of the selected service on the host. -![Proxy Service Page](/img/product_docs/threatprevention/7.5/reportingmodule/configuration/systemsettings/page.webp) +![Proxy Service Page](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/configuration/servicetype/page_1.webp) The Proxy Service page lists the properties for the selected proxy service: diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/configuration/servicetype/scheduler.md b/docs/privilegesecure/4.2/accessmanagement/admin/configuration/servicetype/scheduler.md index 01376f1ea9..7c7199c993 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/configuration/servicetype/scheduler.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/configuration/servicetype/scheduler.md @@ -2,7 +2,7 @@ On the Scheduler Service page, view information for scheduled services. -![Scheduler service Page](/img/product_docs/threatprevention/7.5/reportingmodule/configuration/systemsettings/page.webp) +![Scheduler service Page](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/configuration/servicetype/page.webp) The Scheduler Service page shows details of the selected service and has the following features: diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/credentials.md b/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/credentials.md index d9291b4951..42c4a758a4 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/credentials.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/credentials.md @@ -6,7 +6,7 @@ domain account, or Privilege Secure application local account that has its crede the application. This includes managed user accounts created by activity sessions. The Credentials dashboard displays the same information as the [Credentials Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/credentials.md). -![Credentials Dashboard Page](/img/product_docs/activitymonitor/8.0/install/agent/credentials.webp) +![Credentials Dashboard Page](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/dashboard/credentials.webp) The dashboard has the following features: diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/overview.md b/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/overview.md index 2c48f9ea4f..0f5d467073 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/overview.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/overview.md @@ -3,7 +3,7 @@ The Dashboard interface displays an overview of activity sessions, users, resources and related information. -![Dashboard Interface](/img/product_docs/threatprevention/7.5/reportingmodule/interface.webp) +![Dashboard Interface](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/dashboard/interface.webp) The overview section shows information for the following: diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/resources.md b/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/resources.md index 9a75888b87..ebcb767c49 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/resources.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/resources.md @@ -5,7 +5,7 @@ sessions, policies, and service accounts for the host resources and domain resou added to the console. The Resources dashboard displays the same information as the [Resources Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/resources.md). -![Resources Dashboard Page](/img/product_docs/platgovnetsuiteflashlight/getting_started/resources.webp) +![Resources Dashboard Page](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/dashboard/resources.webp) The Resources table has the following features: diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/add/connectionprofile.md b/docs/privilegesecure/4.2/accessmanagement/admin/policy/add/connectionprofile.md index 792dc80283..97a91c8b30 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/add/connectionprofile.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/policy/add/connectionprofile.md @@ -8,7 +8,7 @@ fields. **Step 2 –** In the Connection Profiles list, click the **Plus** icon. -![Add Connection Profile](/img/product_docs/accessanalyzer/12.0/admin/settings/connection/profile/addconnectionprofile.webp) +![Add Connection Profile](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/add/addconnectionprofile.webp) **Step 3 –** Enter the desired information to configure a new connection profile. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/interface.md b/docs/privilegesecure/4.2/accessmanagement/admin/policy/interface.md index 57f69f6d22..cc7e7a848e 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/interface.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/policy/interface.md @@ -4,7 +4,7 @@ The Policy interface provides users with options for creating access policies, i activity sessions, onboarding and managing users, groups, resources, and credentials. This topic explains the interface features and how to use them. -![Admin Policy Interface](/img/product_docs/threatprevention/7.5/reportingmodule/interface.webp) +![Admin Policy Interface](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/interface.webp) Select the Policy interface for related pages: diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/accesspolicy.md b/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/accesspolicy.md index 147e3b5ea7..9ed4736d4a 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/accesspolicy.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/accesspolicy.md @@ -4,7 +4,7 @@ The Access Policies page is accessible from the Navigation pane underPolicyPolic configured access policies, which are used to control which users can complete which activities on which resources. -![Access Policy Page](/img/product_docs/threatprevention/7.5/reportingmodule/configuration/systemsettings/page.webp) +![Access Policy Page](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/page/page.webp) The pane on the left side of the page displays a list of the configured access policies. This pane has the following features: diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/activitytokencomplexity.md b/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/activitytokencomplexity.md index ac7384f315..c934b8f6bb 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/activitytokencomplexity.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/activitytokencomplexity.md @@ -4,7 +4,7 @@ The Activity Token Complexity Policy page is accessible from the Navigation pane underPolicyPolicies>Activity Token ComplexityAccess Policies. It shows the configuration options for managing the complexity of activity tokens for connection profiles. -![Activity Token Complexity Page](/img/product_docs/threatprevention/7.5/reportingmodule/configuration/systemsettings/page.webp) +![Activity Token Complexity Page](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/page/page_1.webp) The pane on the left side of the page displays a list of the configured activity token complexity policies. This pane has the following features: diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/connectionprofiles.md b/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/connectionprofiles.md index dfd3f8cc9d..7418528c0d 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/connectionprofiles.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/connectionprofiles.md @@ -5,7 +5,7 @@ Policy** > **Connection Profiles**. It shows the configuration options for manag the selected access policy. An approval workflow can be configured so that the session must be approved before the requester of the session can log in. -![Connection Profiles Page](/img/product_docs/threatprevention/7.5/reportingmodule/configuration/systemsettings/page.webp) +![Connection Profiles Page](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/page/page_2.webp) The pane on the left side of the page displays a list of the configured connection profiles. This pane has the following features: diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/passwordcomplexity.md b/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/passwordcomplexity.md index 5e167ea7ba..2cd14db2ac 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/passwordcomplexity.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/passwordcomplexity.md @@ -17,7 +17,7 @@ fail. Create password policies and configure the password complexity requirements on this page. The password policy only applies to managed accounts created by Privilege Secure. -![Password Complexity Page](/img/product_docs/threatprevention/7.5/reportingmodule/configuration/systemsettings/page.webp) +![Password Complexity Page](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/page/page_5.webp) The pane on the left side of the page displays a list of the configured password complexity policies. This pane has the following features: diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/platforms/activedirectory.md b/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/platforms/activedirectory.md index 065e115c06..b529c873b7 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/platforms/activedirectory.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/platforms/activedirectory.md @@ -2,7 +2,7 @@ The Active Directory menu displays the configuration options for Active Directory platforms. -![Active Directory Platform Configuration](/img/product_docs/accessanalyzer/12.0/admin/hostdiscovery/wizard/activedirectory.webp) +![Active Directory Platform Configuration](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/page/platforms/activedirectory.webp) Details for the selected platform are displayed on the right side of the page. Below are the configuration options for an Active Directory Platform. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/platforms/entraid.md b/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/platforms/entraid.md index c1ce992244..f80d06f2c0 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/platforms/entraid.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/platforms/entraid.md @@ -3,7 +3,7 @@ The Microsoft Entra ID (formerly Azure AD) menu displays the configuration options for Microsoft Entra ID platforms. -![Azure AD Platform Configuration](/img/product_docs/activitymonitor/8.0/admin/outputs/azuread.webp) +![Azure AD Platform Configuration](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/page/platforms/azuread.webp) Details for the selected platform are displayed on the right side of the page. Below are the configuration options for an Microsoft Entra ID Platform. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/platforms/linux.md b/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/platforms/linux.md index 540b0dae5a..02a2e50794 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/platforms/linux.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/platforms/linux.md @@ -2,7 +2,7 @@ The Linux menu displays the configuration options for Linux platforms. -![Linux Platform Configuration](/img/product_docs/activitymonitor/8.0/admin/outputs/linux.webp) +![Linux Platform Configuration](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/page/platforms/linux.webp) Details for the selected platform are displayed on the right side of the page. Below are the configuration options for a Linux Platform. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/platforms/oracle.md b/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/platforms/oracle.md index eb54164583..c7faab6b7a 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/platforms/oracle.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/platforms/oracle.md @@ -2,7 +2,7 @@ The Oracle menu displays the configuration options for Oracle platforms. -![Oracle Platform Configuration](/img/product_docs/accessanalyzer/12.0/admin/settings/connection/profile/oracle.webp) +![Oracle Platform Configuration](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/page/platforms/oracle.webp) Details for the selected platform are displayed on the right side of the page. Below are the configuration options for an Oracle Platform. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/platforms/overview.md b/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/platforms/overview.md index 126eced487..69545e5811 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/platforms/overview.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/platforms/overview.md @@ -4,7 +4,7 @@ The Platforms page is accessible from the Navigation pane under Policies. The me displays all the supported platform types and previously configured platforms. This allows administrators to apply default configurations across all resources defined by that platform type. -![Platforms Page](/img/product_docs/accessanalyzer/12.0/admin/hostdiscovery/wizard/activedirectory.webp) +![Platforms Page](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/page/platforms/activedirectory.webp) The pane on the left side of the page displays a list of the configured platforms. The pane has the following features: diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/platforms/windows.md b/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/platforms/windows.md index cea33cfc56..fbb5f45bab 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/platforms/windows.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/platforms/windows.md @@ -2,7 +2,7 @@ The Windows menu displays the configuration options for Windows platforms. -![Windows Platform Configuration](/img/product_docs/activitymonitor/8.0/admin/monitoredhosts/properties/windows.webp) +![Windows Platform Configuration](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/page/platforms/windows.webp) Details for the selected platform are displayed on the right side of the page. Below are the configuration options for a Windows Platform. diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/protectionpolicies.md b/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/protectionpolicies.md index 0aacb9274b..80d1ae1330 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/protectionpolicies.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/protectionpolicies.md @@ -12,7 +12,7 @@ activity. This will proactively run all protection policies that apply to the ta the session completes, instead of waiting for the scheduled sync. See the [Activities Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/activities.md) topic for additional information. -![Protection policies page](/img/product_docs/threatprevention/7.5/reportingmodule/configuration/systemsettings/page.webp) +![Protection policies page](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/page/page_4.webp) The pane on the left side of the page displays a list of the configured protection policies. This pane has the following features: diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/schedulepolicies.md b/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/schedulepolicies.md index b86648109c..bcfefdf492 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/schedulepolicies.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/schedulepolicies.md @@ -16,7 +16,7 @@ Schedules can be applied: - Verification — Check that the passwords for managed accounts match the credentials set by Privilege Secure -![Schedule Policies Page](/img/product_docs/threatprevention/7.5/reportingmodule/configuration/systemsettings/page.webp) +![Schedule Policies Page](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/page/page_3.webp) The pane on the left side of the page displays a list of the configured schedule policies. This pane has the following features: diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/policyprotection/resources.md b/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/policyprotection/resources.md index 5af347dc9a..6c67fb461f 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/policyprotection/resources.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/policyprotection/resources.md @@ -2,7 +2,7 @@ The Resources tab shows the resources associated with the selected protection policy. -![Protection policy resources tab](/img/product_docs/platgovnetsuiteflashlight/getting_started/resources.webp) +![Protection policy resources tab](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/policyprotection/resources.webp) The Resources table has the following features: diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/policyprotection/schedule.md b/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/policyprotection/schedule.md index d34c268f22..b6542963a6 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/policyprotection/schedule.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/policyprotection/schedule.md @@ -4,7 +4,7 @@ The Schedule tab shows the schedule tasks for the resources in the selected prot protection policy schedule is run based on the platform type configuration on the [Platforms Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/platforms/overview.md). -![schedule](/img/product_docs/threatprevention/7.5/admin/configuration/databasemaintenance/schedule.webp) +![schedule](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/policyprotection/schedule.webp) The Schedule tab has the following features: diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/policyresource/users.md b/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/policyresource/users.md index b965d7fb93..7afb5df91a 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/policyresource/users.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/policyresource/users.md @@ -2,7 +2,7 @@ The Users tab shows the users and groups associated with the selected access policy. -![Resource based policy users tab](/img/product_docs/activitymonitor/8.0/admin/monitoreddomains/admonitoringconfiguration/userstab.webp) +![Resource based policy users tab](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/tab/policyresource/userstab.webp) The Users tab has the following features: diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/accesspolicy/addcredentials.md b/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/accesspolicy/addcredentials.md index 3410e4c341..4923e80d40 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/accesspolicy/addcredentials.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/accesspolicy/addcredentials.md @@ -3,7 +3,7 @@ The Add Credentials window provides a list of Credentials that have been onboarded. Credentials are onboarded in the [Credentials Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/credentials.md). -![Add credentials window](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/add/addcredentials.webp) +![Add credentials window](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/window/accesspolicy/addcredentials.webp) The window has the following features: diff --git a/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/activities/addaction.md b/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/activities/addaction.md index 95bd0a7cc5..09e3956049 100644 --- a/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/activities/addaction.md +++ b/docs/privilegesecure/4.2/accessmanagement/admin/policy/window/activities/addaction.md @@ -16,7 +16,7 @@ part. Follow the instructions to add actions to the activity. These actions may be paired with a corresponding Pre-Session action. -![addactionwindow](/img/product_docs/threatprevention/7.5/admin/policies/actions/addactionwindow.webp) +![addactionwindow](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/window/activities/addactionwindow.webp) **Step 4 –** Complete the following fields: diff --git a/docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/historical.md b/docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/historical.md index 12bb883f02..901baa0f84 100644 --- a/docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/historical.md +++ b/docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/historical.md @@ -2,7 +2,7 @@ The Historical sessions dashboard shows all created sessions and their status. -![Historical Dashboard](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/historicaldashboard.webp) +![Historical Dashboard](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/historicaldashboard.webp) The Historical Sessions table has the following features: diff --git a/docs/privilegesecure/4.2/accessmanagement/enduser/navigation.md b/docs/privilegesecure/4.2/accessmanagement/enduser/navigation.md index 2f4de542b4..b2b1450249 100644 --- a/docs/privilegesecure/4.2/accessmanagement/enduser/navigation.md +++ b/docs/privilegesecure/4.2/accessmanagement/enduser/navigation.md @@ -39,13 +39,13 @@ Interface Icons | Icon | Interface | | -------------------------------------------------------------------------------------------------------------------------------------------- | ------------------- | -| ![myactivities](/img/product_docs/privilegesecure/4.2/accessmanagement/install/myactivities.webp) | My Activities | -| ![dashboard](/img/product_docs/directorymanager/11.1/admincenter/general/dashboard.webp) | Dashboard | -| ![policy](/img/product_docs/threatprevention/7.5/admin/configuration/databasemaintenance/policy.webp) | Policy | -| ![users](/img/product_docs/activitymonitor/8.0/admin/monitoreddomains/admonitoringconfiguration/users.webp) | Users & Groups | -| ![resources](/img/product_docs/platgovnetsuiteflashlight/getting_started/resources.webp) | Resources | -| ![credentials](/img/product_docs/activitymonitor/8.0/install/agent/credentials.webp) | Credentials | -| ![activities](/img/product_docs/accessanalyzer/12.0/admin/hostdiscovery/activities.webp) | Activities | +| ![myactivities](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/myactivities.webp) | My Activities | +| ![dashboard](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/dashboard.webp) | Dashboard | +| ![policy](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/policy.webp) | Policy | +| ![users](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/users.webp) | Users & Groups | +| ![resources](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/resources.webp) | Resources | +| ![credentials](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/credentials.webp) | Credentials | +| ![activities](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/activities.webp) | Activities | | ![configuration](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/configuration.webp) | Configuration | | ![servicenodes](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/servicenodes.webp) | Service Nodes | | ![auditreporting](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/auditreporting.webp) | Audit and Reporting | diff --git a/docs/privilegesecure/4.2/accessmanagement/install/actionservice.md b/docs/privilegesecure/4.2/accessmanagement/install/actionservice.md index 7276468548..f28087a852 100644 --- a/docs/privilegesecure/4.2/accessmanagement/install/actionservice.md +++ b/docs/privilegesecure/4.2/accessmanagement/install/actionservice.md @@ -29,11 +29,11 @@ server. **Step 3 –** Open the NPS.ActionService.exe and the Netwrix Privilege Secure Action Service Setup wizard will open. -![licenseagreement](/img/product_docs/threatprevention/7.5/install/licenseagreement.webp) +![licenseagreement](/img/product_docs/privilegesecure/4.2/accessmanagement/install/licenseagreement_3.webp) **Step 4 –** To install the Action Service in an alternate location, click **Options**. -![installlocation](/img/product_docs/activitymonitor/8.0/install/agent/installlocation.webp) +![installlocation](/img/product_docs/privilegesecure/4.2/accessmanagement/install/installlocation.webp) **Step 5 –** Enter the destination folder for installation and click OK. diff --git a/docs/privilegesecure/4.2/accessmanagement/install/firstlaunch.md b/docs/privilegesecure/4.2/accessmanagement/install/firstlaunch.md index 4699c4aafd..e9bdf4b7c4 100644 --- a/docs/privilegesecure/4.2/accessmanagement/install/firstlaunch.md +++ b/docs/privilegesecure/4.2/accessmanagement/install/firstlaunch.md @@ -12,7 +12,7 @@ Symantec VIP, etc.) ready to setup for this account through the wizard. There are two methods for launching the Setup Wizard: -![Netwrix Privilege Secure desktop icon](/img/product_docs/threatprevention/7.5/install/desktopicon.webp) +![Netwrix Privilege Secure desktop icon](/img/product_docs/privilegesecure/4.2/accessmanagement/install/desktopicon.webp) - Double-click the desktop icon. Your default browser opens to the Setup Wizard. - Open a supported browser window and navigate to the following URL, which opens the Setup Wizard: @@ -43,7 +43,7 @@ Follow the steps to walk through the Setup Wizard. **Step 1 –** Launch the  Setup Wizard. -![Setup Wizard on the Welcome page](/img/product_docs/activitymonitor/8.0/install/welcome.webp) +![Setup Wizard on the Welcome page](/img/product_docs/privilegesecure/4.2/accessmanagement/install/welcome.webp) **Step 2 –** Click **Let's get started**. diff --git a/docs/privilegesecure/4.2/accessmanagement/install/proxyservice.md b/docs/privilegesecure/4.2/accessmanagement/install/proxyservice.md index 47468b7a1e..79eed5b63d 100644 --- a/docs/privilegesecure/4.2/accessmanagement/install/proxyservice.md +++ b/docs/privilegesecure/4.2/accessmanagement/install/proxyservice.md @@ -27,7 +27,7 @@ knowledge base article. **Step 2 –** Right-click on the installer and select Run as administrator. The Netwrix Privilege Secure Proxy Service Setup wizard opens. -![Netwrix Privileged Secure Proxy Service Setup wizard on the EULA page](/img/product_docs/threatprevention/7.5/install/licenseagreement.webp) +![Netwrix Privileged Secure Proxy Service Setup wizard on the EULA page](/img/product_docs/privilegesecure/4.2/accessmanagement/install/licenseagreement_2.webp) **Step 3 –** On the End User License Agreement page, check the I agree to the license terms and conditions box and click Options. @@ -48,7 +48,7 @@ _Remember,_ it is a best practice to read the agreement before accepting it. **NOTE:** The installation process begins and the wizard displays the its Progress. This may take a few moments. -![Netwrix Privileged Secure Proxy Service Setup wizard on the Successfully Completed page](/img/product_docs/threatprevention/7.5/install/reportingmodule/completed.webp) +![Netwrix Privileged Secure Proxy Service Setup wizard on the Successfully Completed page](/img/product_docs/privilegesecure/4.2/accessmanagement/install/completed_2.webp) **Step 6 –** When installation is complete, click Close. diff --git a/docs/privilegesecure/4.2/accessmanagement/install/schedulerservice.md b/docs/privilegesecure/4.2/accessmanagement/install/schedulerservice.md index a77a968d41..c8b4be72f8 100644 --- a/docs/privilegesecure/4.2/accessmanagement/install/schedulerservice.md +++ b/docs/privilegesecure/4.2/accessmanagement/install/schedulerservice.md @@ -22,7 +22,7 @@ server. **Step 3 –** Open the NPS.SchedulerService.exe and thePrivilege Secure Scheduler Service Setup wizard will open. -![licenseagreement](/img/product_docs/threatprevention/7.5/install/licenseagreement.webp) +![licenseagreement](/img/product_docs/privilegesecure/4.2/accessmanagement/install/licenseagreement_4.webp) **Step 4 –** To install the Scheduler Service in an alternate location, click **Options**. diff --git a/docs/privilegesecure/4.2/accessmanagement/install/setuplauncher.md b/docs/privilegesecure/4.2/accessmanagement/install/setuplauncher.md index 8a9f153501..38d3696e42 100644 --- a/docs/privilegesecure/4.2/accessmanagement/install/setuplauncher.md +++ b/docs/privilegesecure/4.2/accessmanagement/install/setuplauncher.md @@ -30,11 +30,11 @@ wizard opens. **NOTE:** If PostgreSQL v16 is already installed, a green checkmark is displayed to the left of the Install PostgreSQL 16 button and you can install the Privilege Secure application. -![Stealthbits PostgreSQL v12 Setup Wizard on the Install page](/img/product_docs/threatprevention/7.5/install/upgrade/install.webp) +![Stealthbits PostgreSQL v12 Setup Wizard on the Install page](/img/product_docs/privilegesecure/4.2/accessmanagement/install/install.webp) **Step 2 –** On the Install page, click **Install**. -![Stealthbits PostgreSQL v12 Setup Wizard on the License Agreement page](/img/product_docs/threatprevention/7.5/install/licenseagreement.webp) +![Stealthbits PostgreSQL v12 Setup Wizard on the License Agreement page](/img/product_docs/privilegesecure/4.2/accessmanagement/install/licenseagreement.webp) **Step 3 –** On the End User License Agreement page, check the **I accept the license agreement** box and click **Next**. @@ -53,7 +53,7 @@ C:\Program Files\Stealthbits\Postgres16 **NOTE:** The installation process begins and the Setup wizard displays the its Progress. This may take a few moments. -![Stealthbits PostgreSQL v12 Setup Wizard on the Completed Successfully page](/img/product_docs/threatprevention/7.5/install/reportingmodule/completed.webp) +![Stealthbits PostgreSQL v12 Setup Wizard on the Completed Successfully page](/img/product_docs/privilegesecure/4.2/accessmanagement/install/completed.webp) **Step 5 –** When installation is complete, click **Exit**. The Stealthbits PostgeSQL v16 Setup wizard closes. @@ -75,7 +75,7 @@ PostgreSQL Setup. Click Netwrix Privilege Secure Setup. **NOTE:** This window remains open in the background while the database is installed. -![Netwrix Privilege Secure Setup wizard on the License Agreement page](/img/product_docs/threatprevention/7.5/install/licenseagreement.webp) +![Netwrix Privilege Secure Setup wizard on the License Agreement page](/img/product_docs/privilegesecure/4.2/accessmanagement/install/licenseagreement_1.webp) **Step 2 –** On the End User License Agreement page, check the **I agree to the license terms and conditions** box and click **Options**. @@ -96,7 +96,7 @@ C:\Program Files\Stealthbits\PAM **NOTE:** The installation process begins and the wizard displays the its Progress. This may take a few moments. -![Netwrix Privilege Secure Setup wizard on the Completed Successfully page](/img/product_docs/threatprevention/7.5/install/reportingmodule/completed.webp) +![Netwrix Privilege Secure Setup wizard on the Completed Successfully page](/img/product_docs/privilegesecure/4.2/accessmanagement/install/completed_1.webp) **Step 5 –** When installation is complete, click **Close**. diff --git a/docs/privilegesecure/4.2/remoteaccessgateway/overview.md b/docs/privilegesecure/4.2/remoteaccessgateway/overview.md index 4c968021cc..ebd29a32a6 100644 --- a/docs/privilegesecure/4.2/remoteaccessgateway/overview.md +++ b/docs/privilegesecure/4.2/remoteaccessgateway/overview.md @@ -4,7 +4,7 @@ The Remote Access Gateway (RAG) may be added to any Netwrix Privilege Secure ins securely extend access to external users such as remote workers or third-party vendors. VPN-less access is provided via web page with browser-based sessions for RDP and SSH. -![architecture](/img/product_docs/changetracker/8.1/architecture.webp) +![architecture](/img/product_docs/privilegesecure/4.2/remoteaccessgateway/architecture.webp) The RAG is made up of two components: diff --git a/docs/threatmanager/3.0/administration/_category_.json b/docs/threatmanager/3.0/administration/_category_.json new file mode 100644 index 0000000000..51435b6e32 --- /dev/null +++ b/docs/threatmanager/3.0/administration/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Administration", + "position": 40, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/threatmanager/3.0/administration/configuration/_category_.json b/docs/threatmanager/3.0/administration/configuration/_category_.json new file mode 100644 index 0000000000..bed0e5a225 --- /dev/null +++ b/docs/threatmanager/3.0/administration/configuration/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Configuration Menu", + "position": 20, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/threatmanager/3.0/administration/configuration/integrations/_category_.json b/docs/threatmanager/3.0/administration/configuration/integrations/_category_.json new file mode 100644 index 0000000000..5fd5950dee --- /dev/null +++ b/docs/threatmanager/3.0/administration/configuration/integrations/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Integrations Interface", + "position": 30, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/threatmanager/3.0/administration/configuration/integrations/activedirectorysync.md b/docs/threatmanager/3.0/administration/configuration/integrations/activedirectorysync.md index 1a9a785a36..3800409707 100644 --- a/docs/threatmanager/3.0/administration/configuration/integrations/activedirectorysync.md +++ b/docs/threatmanager/3.0/administration/configuration/integrations/activedirectorysync.md @@ -1,3 +1,9 @@ +--- +title: "Active Directory Sync Page" +description: "Active Directory Sync Page" +sidebar_position: 10 +--- + # Active Directory Sync Page The Active Directory Sync page within the Integrations interface lists the domains that are synced diff --git a/docs/threatmanager/3.0/administration/configuration/integrations/apptoken.md b/docs/threatmanager/3.0/administration/configuration/integrations/apptoken.md index 772973c45a..5b3d245486 100644 --- a/docs/threatmanager/3.0/administration/configuration/integrations/apptoken.md +++ b/docs/threatmanager/3.0/administration/configuration/integrations/apptoken.md @@ -1,3 +1,9 @@ +--- +title: "App Tokens Page" +description: "App Tokens Page" +sidebar_position: 30 +--- + # App Tokens Page The App Tokens page provides the ability to generate and manage the app tokens needed to send data diff --git a/docs/threatmanager/3.0/administration/configuration/integrations/authenticationprovider/openid.md b/docs/threatmanager/3.0/administration/configuration/integrations/authenticationprovider/openid.md deleted file mode 100644 index 5d804ff2bd..0000000000 --- a/docs/threatmanager/3.0/administration/configuration/integrations/authenticationprovider/openid.md +++ /dev/null @@ -1,67 +0,0 @@ -# OpenID Authentication Provider - -OpenID is an open standard for authentication that allows users to log into multiple websites using -a single set of credentials, eliminating the need for multiple usernames and passwords. Unlike -traditional authentication methods, OpenID delegates authentication to a third-party provider, -allowing users to authenticate with their chosen identity provider. - -Follow the instructions to integrate the OpenID authentication provider with Threat Manager. - -![Integrations interface displaying the details for an OpenID authneication provider](/img/product_docs/threatmanager/3.0/administration/configuration/integrations/authenticationprovider/openid.webp) - -The details page for an OpenID authentication provider has two tabs: - -- Configuration -- Users/Groups - -## Configuration Tab - -Configure the following settings for an OpenID provider on the Configuration tab: - -![Configuration tab for an OpenID authneication provider](/img/product_docs/threatprevention/7.5/reportingmodule/configuration/integrations/authenticationprovider/configurationopenid.webp) - -- Default – The default profile applied when a user is assigned multiple authentication profiles. - When off, the profile will be determined in alphabetical order of the profile name. Toggle off and - on as desired. -- Authority – The OpenId Connect provider authority URI. Out-going redirection requires the correct - Authority path to be set. Incorrect settings will generally result in a 404 error. -- Client Id – The ID assigned to an application that allows it to request authentication and - interact with the identity provider -- Login Type – The login type to use to log into the account. Use the drop-down menu to select one - of the following: Sam Account Name, User Principal Name, Email Address, or Sid -- User Source – The source type to use to validate the user from the token. Use the drop-down menu - to select one of the following: Introspection, User Info, Token Parse, or Id Token Parse -- User Source Field – The field in the token to use for validating the user - -Click Save to commit the configuration settings. - -## Users/Groups Tab - -The Users/Groups tab displays users and groups that are currently assigned to this authentication -profile. To give access to the application to new users, click the New Access button, which opens -the Add Console Access window. To assign this authentication provider to existing users, go to -System Settings > User Access Page. - -![UserGroups tab for an authneication provider](/img/product_docs/threatmanager/3.0/administration/configuration/integrations/authenticationprovider/usersgroupssamltab.webp) - -The table displays the following information: - -- Access rule type – Indicates the access type as _Allow_, which enables console access, or _Deny_, - which disables console access -- Login name – The NTStyle domain name for the user or group account -- Display name – The display name for the user or group account -- Domain name – Name of the domain. This may be either the domain DNS name or domain controller - hostname. -- Role – The role assigned to the user or group for accessing this application -- Authentication Type – Type of MFA authentication assigned to the user or group -- Action – This column has the following icons for conducting actions on the user or group: - - - Edit icon – Allows you to edit the columns in the selected row by enabling drop-down menus. - The edit icon changes to a save icon while in edit mode. - - Trash icon – Opens a Warning window to confirm the action of deleting the user or group. - Removing a user or group removes console access for it. - - Reset MFA button – Forces the user or every user in the group to reconfigure MFA on the next - login. This option is only available if an MFA authentication type is applied to the user or - group. - -See the [User Access Page](/docs/threatmanager/3.0/administration/configuration/systemsettings/useraccess.md) topic for additional information. diff --git a/docs/threatmanager/3.0/administration/configuration/integrations/authenticationprovider/page.md b/docs/threatmanager/3.0/administration/configuration/integrations/authenticationprovider/page.md deleted file mode 100644 index 758d02287f..0000000000 --- a/docs/threatmanager/3.0/administration/configuration/integrations/authenticationprovider/page.md +++ /dev/null @@ -1,49 +0,0 @@ -# Authentication Provider Page - -The Authentication Provider page provides configuration settings for third-party authentication -providers using RADIUS, OpenID, and SAML integrations. - -Use the gear icon in the upper right corner of the console to open the Configuration menu. Then -select **Integrations** to open the Integrations interface. - -![Integrations interface on the Authentication Provider page](/img/product_docs/threatmanager/3.0/administration/configuration/integrations/authenticationprovider/page.webp) - -Click **Authentication Provider** in the navigation pane to view a list of already configured -authentication providers, if any. - -The table displays the provider name, as supplied during configuration, and an icon indicating if -the integration is enabled. To view provider details or make modifications, select a provider from -the table or select it from the Credential Profile drop-down in the navigation pane. - -## Add an Authentication Provider - -Follow the steps to add an authentication provider. - -**Step 1 –** On the Integrations interface, click Add New Integration in the navigation pane. The -Add New Integration window opens. - -![Add New Integration window with Authentication Provider type selected](/img/product_docs/threatprevention/7.5/reportingmodule/configuration/integrations/authenticationprovider/authenticationprovider.webp) - -**Step 2 –** In the Type drop-down list, select Authentication Provider. - -**Step 3 –** Provide a unique name and description for the authentication provider. - -**Step 4 –** Click Add. The Add New Integration window closes. - -The authentication provider is listed in the Integrations navigation pane and the configuration -window for the provider opens. You must configure the provider for use with a supported -authentication provider type, i.e., OpenID, RADIUS, or SAML. - -## Supported Types of Authentication Providers - -On the Integrations interface, select an authentication provider under the Authentication Provider -node in the navigation pane or from the table to configure, view, or modify its details. - -![Integrations interface displaying the details for an Authentication Provider with the type drop-down menu open](/img/product_docs/threatmanager/3.0/administration/configuration/integrations/authenticationprovider/types.webp) - -The following authentication provider types are supported; you can configure an authentication -provider for any of these: - -- RADIUS – See the [RADIUS Authentication Provider](/docs/threatmanager/3.0/administration/configuration/integrations/authenticationprovider/radius.md) topic for additional information. -- OpenID – See the [OpenID Authentication Provider](/docs/threatmanager/3.0/administration/configuration/integrations/authenticationprovider/openid.md) topic for additional information. -- SAML – See the [SAML Authentication Provider](/docs/threatmanager/3.0/administration/configuration/integrations/authenticationprovider/saml.md) topic for additional information. diff --git a/docs/threatmanager/3.0/administration/configuration/integrations/authenticationprovider/radius.md b/docs/threatmanager/3.0/administration/configuration/integrations/authenticationprovider/radius.md deleted file mode 100644 index cf02b18c70..0000000000 --- a/docs/threatmanager/3.0/administration/configuration/integrations/authenticationprovider/radius.md +++ /dev/null @@ -1,114 +0,0 @@ -# RADIUS Authentication Provider - -The Remote Authentication Dial-In User Service (RADIUS) is a networking protocol that provides -centralized authentication, authorization, and accounting management for users connecting to a -network service. - -![Integrations interface displaying the details for a Radius authneication provider](/img/product_docs/threatmanager/3.0/administration/configuration/integrations/authenticationprovider/radius.webp) - -The details page for a RADIUS authentication provider has three tabs: - -- Configuration -- Customization -- Users/Groups - -## Configuration Tab - -Configure the following settings for a RADIUS provider on the Configuration tab: - -![Configuration tab for a RADIUS authneication provider](/img/product_docs/threatprevention/7.5/reportingmodule/configuration/integrations/authenticationprovider/configurationradius.webp) - -- Default – The default profile applied when a user is assigned multiple authentication profiles. - When off, the profile will be determined in alphabetical order of the profile name. Toggle off and - on as desired. -- Server FQDN/IP – The address of the RADIUS proxy -- Port – The port for the RADIUS proxy -- Auth Type – The security protocol used by the RADIUS proxy. Use the drop-down menu to select - either MSCHAPv2 or PAP. -- Shared Secret – A secret shared between the application server and the RADIUS proxy -- User Name Format Type – Active Directory attribute or attributes that will be sent to the RADIUS - authentication provider to identify the user. Some common identification attributes are available - in the drop-down list. If necessary, a custom option is also provided. This option instructs the - application to send a custom value to the RADIUS provider based on the user's Active Directory - attribute, supplied in the Custom Name Format field. -- Custom Name Format – This field appears when the Custom User Name Format Type is selected. It has - a unique syntax as follows: - - - Active Directory Attribute: `{attributename}` - - - Example – `{firstname}_{lastname}` - - - First Character(s) of an Active Directory Attribute: `{3:AttributeName}` – Where "3" is the - number of characters to select - - - Example – `{1:firstname}_{lastname}` - - - Last Character(s) of an Active Directory Attribute: `{AttributeName:3}` – Where "3" is the - number of characters to select - - - Example – `{firstname}_{telephoneNumber:4}` - - - Text values can be hard coded to send a static text value for each user: - - - Example – `MyCompany_{lastname}` - -- Max Retries – The maximum number of times to attempt reconnecting to the RADIUS proxy if unable to - connect -- Timeouts (in seconds) – The default timeout value for RADIUS connection and authentication - requests. The default value is 60 seconds. - -Click Save to commit the configuration settings. - -## Customization Tab - -The Customization tab is unique to RADIUS authentication providers. It contains the following -settings that need to be configured: - -![Customization tab for a Radius authneication provider](/img/product_docs/threatprevention/7.5/reportingmodule/configuration/integrations/authenticationprovider/customizationtab.webp) - -- Title for MFA Authentication dialog – The title that is displayed to the user when prompted for - MFA -- Text for MFA Authentication dialog – The text description that is displayed to the user when - prompted for MFA -- Send Initial Text – If On, the value in the Initial Auto Response Text is automatically sent to - the RADIUS proxy without user action. Toggle On or Off as desired. -- Initial Auto Response Text – This value is sent to the RADIUS server automatically if the Send - Initial Text option is enabled. For example, this might be “push” to immediately have the user’s - phone app prompt for authorization. -- Prefix for Response Text – This value is added to the start of the responses. The value will vary - according to server. -- Send NAS Identifier – When On, NAS identifiers are transmitted to the RADIUS proxy. This is needed - for certain RADIUS proxy implementations that require it. Toggle On or Off as desired. - -Click Save to save the configuration settings. - -### Users/Groups Tab - -The Users/Groups tab displays users and groups that are currently assigned to this authentication -profile. To give access to the application to new users, click the New Access button, which opens -the Add Console Access window. To assign this authentication provider to existing users, go to -System Settings > User Access Page. - -![UserGroups tab for an authneication provider](/img/product_docs/threatprevention/7.5/reportingmodule/configuration/integrations/authenticationprovider/usersgroupstab.webp) - -The table displays the following information: - -- Access rule type – Indicates the access type as _Allow_, which enables console access, or _Deny_, - which disables console access -- Login name – The NTStyle domain name for the user or group account -- Display name – The display name for the user or group account -- Domain name – Name of the domain. This may be either the domain DNS name or domain controller - hostname. -- Role – The role assigned to the user or group for accessing this application -- Authentication Type – Type of MFA authentication assigned to the user or group -- Action – This column has the following icons for conducting actions on the user or group: - - - Edit icon – Allows you to edit the columns in the selected row by enabling drop-down menus. - The edit icon changes to a save icon while in edit mode. - - Trash icon – Opens a Warning window to confirm the action of deleting the user or group. - Removing a user or group removes console access for it. - - Reset MFA button – Forces the user or every user in the group to reconfigure MFA on the next - login. This option is only available if an MFA authentication type is applied to the user or - group. - -See the [User Access Page](/docs/threatmanager/3.0/administration/configuration/systemsettings/useraccess.md) topic for additional information. diff --git a/docs/threatmanager/3.0/administration/configuration/integrations/authenticationprovider/saml.md b/docs/threatmanager/3.0/administration/configuration/integrations/authenticationprovider/saml.md deleted file mode 100644 index ebe5f93e6d..0000000000 --- a/docs/threatmanager/3.0/administration/configuration/integrations/authenticationprovider/saml.md +++ /dev/null @@ -1,74 +0,0 @@ -# SAML Authentication Provider - -The Security Assertion Markup Language (SAML) is an XML framework for exchanging authentication and -authorization information. It provides functions to describe and transmit security-related -information. This means that you can use one set of credentials to log in to many different -websites. It is much easier to manage one login per user than separate logins for email, Customer -Relationship Management (CRM) software, Active Directory, and more. - -![Integrations interface displaying the details for a SAML authneication provider](/img/product_docs/threatmanager/3.0/administration/configuration/integrations/authenticationprovider/saml.webp) - -The details page for a SAML authentication provider has two tabs: - -- Configuration -- Users/Groups - -Prerequisites - -For users to be able to use SAML, "SMTP" must be set up and an email address must be stored with the -respective users. - -## Configuration Tab - -Configure the following settings for a SAML provider on the Configuration tab: - -![Configuration tab for a SAML authneication provider](/img/product_docs/threatprevention/7.5/reportingmodule/configuration/integrations/authenticationprovider/configurationsaml.webp) - -- Default – The default profile applied when a user is assigned multiple authentication profiles. - When off, the profile will be determined in alphabetical order of the profile name. Toggle off and - on as desired. -- Login URI – Login URI is a specific web address where users can authenticate themselves to access - a web application or service -- Logout Uri – A logout URI is a specific web address where users are directed to terminate their - authenticated session in a web application or service -- Login Type – The login type to use to log into the account. Use the drop-down menu to select one - of the following: Sam Account Name, User Principal Name, Email Address, or Sid -- User Claim – A user claim is an assertion made by the identity provider about a user, such as - their name, role, or email, that the service provider can use for authorization decisions -- Check Certificate – If enabled, this validates the response certificate to the certificate - provided in the Certificate field. Use the toggle button to enable and disable this setting. -- Certificate – A certificate is a digital credential used to validate the identity of parties and - secure communications between an Identity Provider (IdP) and a Service Provider (SP) - -Click Save to commit the configuration settings. - -## Users/Groups Tab - -The Users/Groups tab displays users and groups that are currently assigned to this authentication -profile. To give access to the application to new users, click the New Access button, which opens -the Add Console Access window. To assign this authentication provider to existing users, go to -System Settings > User Access Page. - -![UserGroups tab for an authneication provider](/img/product_docs/threatmanager/3.0/administration/configuration/integrations/authenticationprovider/usersgroupssamltab.webp) - -The table displays the following information: - -- Access rule type – Indicates the access type as _Allow_, which enables console access, or _Deny_, - which disables console access -- Login name – The NTStyle domain name for the user or group account -- Display name – The display name for the user or group account -- Domain name – Name of the domain. This may be either the domain DNS name or domain controller - hostname. -- Role – The role assigned to the user or group for accessing this application -- Authentication Type – Type of MFA authentication assigned to the user or group -- Action – This column has the following icons for conducting actions on the user or group: - - - Edit icon – Allows you to edit the columns in the selected row by enabling drop-down menus. - The edit icon changes to a save icon while in edit mode. - - Trash icon – Opens a Warning window to confirm the action of deleting the user or group. - Removing a user or group removes console access for it. - - Reset MFA button – Forces the user or every user in the group to reconfigure MFA on the next - login. This option is only available if an MFA authentication type is applied to the user or - group. - -See the [User Access Page](/docs/threatmanager/3.0/administration/configuration/systemsettings/useraccess.md) topic for additional information. diff --git a/docs/threatmanager/3.0/administration/configuration/integrations/credentialprofile.md b/docs/threatmanager/3.0/administration/configuration/integrations/credentialprofile.md index 1d75d11663..75318527a9 100644 --- a/docs/threatmanager/3.0/administration/configuration/integrations/credentialprofile.md +++ b/docs/threatmanager/3.0/administration/configuration/integrations/credentialprofile.md @@ -1,3 +1,9 @@ +--- +title: "Credential Profile Page" +description: "Credential Profile Page" +sidebar_position: 50 +--- + # Credential Profile Page The Credential Profile page within the Integrations interface lists all of the credentials used by diff --git a/docs/threatmanager/3.0/administration/configuration/integrations/email.md b/docs/threatmanager/3.0/administration/configuration/integrations/email.md index 2163c9e174..f9a14a1685 100644 --- a/docs/threatmanager/3.0/administration/configuration/integrations/email.md +++ b/docs/threatmanager/3.0/administration/configuration/integrations/email.md @@ -1,3 +1,9 @@ +--- +title: "Email Page" +description: "Email Page" +sidebar_position: 60 +--- + # Email Page The Email page within the Integrations interface allows users to configure the application to send diff --git a/docs/threatmanager/3.0/administration/configuration/integrations/entraidsync.md b/docs/threatmanager/3.0/administration/configuration/integrations/entraidsync.md index 5d5a356a56..a472447603 100644 --- a/docs/threatmanager/3.0/administration/configuration/integrations/entraidsync.md +++ b/docs/threatmanager/3.0/administration/configuration/integrations/entraidsync.md @@ -1,3 +1,9 @@ +--- +title: "Entra ID Sync Page" +description: "Entra ID Sync Page" +sidebar_position: 20 +--- + # Entra ID Sync Page The Entra ID Sync page within the Integrations interface lists all the Entra ID tenants for which diff --git a/docs/threatmanager/3.0/administration/configuration/integrations/foldersettings.md b/docs/threatmanager/3.0/administration/configuration/integrations/foldersettings.md index 901259e724..39e130493f 100644 --- a/docs/threatmanager/3.0/administration/configuration/integrations/foldersettings.md +++ b/docs/threatmanager/3.0/administration/configuration/integrations/foldersettings.md @@ -1,3 +1,9 @@ +--- +title: "Folder Settings Page" +description: "Folder Settings Page" +sidebar_position: 70 +--- + # Folder Settings Page The Folder Settings page within the Integrations interface allows users to designate the diff --git a/docs/threatmanager/3.0/administration/configuration/integrations/netwrixintegrations.md b/docs/threatmanager/3.0/administration/configuration/integrations/netwrixintegrations.md index 0fae733965..941b6131ba 100644 --- a/docs/threatmanager/3.0/administration/configuration/integrations/netwrixintegrations.md +++ b/docs/threatmanager/3.0/administration/configuration/integrations/netwrixintegrations.md @@ -1,3 +1,9 @@ +--- +title: "Netwrix Integrations Page" +description: "Netwrix Integrations Page" +sidebar_position: 90 +--- + # Netwrix Integrations Page The Netwrix Integrations page within the Integrations interface lists the products for which the diff --git a/docs/threatmanager/3.0/administration/configuration/integrations/overview.md b/docs/threatmanager/3.0/administration/configuration/integrations/overview.md index 902f8f872d..5bed24ffcc 100644 --- a/docs/threatmanager/3.0/administration/configuration/integrations/overview.md +++ b/docs/threatmanager/3.0/administration/configuration/integrations/overview.md @@ -1,3 +1,9 @@ +--- +title: "Integrations Interface" +description: "Integrations Interface" +sidebar_position: 30 +--- + # Integrations Interface The Integrations interface allows you to configure integrations with a variety of Netwrix products @@ -13,7 +19,7 @@ It contains the following integration pages: - [Active Directory Sync Page](/docs/threatmanager/3.0/administration/configuration/integrations/activedirectorysync.md) - [Entra ID Sync Page](/docs/threatmanager/3.0/administration/configuration/integrations/entraidsync.md) - [App Tokens Page](/docs/threatmanager/3.0/administration/configuration/integrations/apptoken.md) -- [Authentication Provider Page](/docs/threatmanager/3.0/administration/configuration/integrations/authenticationprovider/page.md) +- [Authentication Provider Page](/docs/threatmanager/3.0/administration/configuration/integrations/page/page.md) - [Credential Profile Page](/docs/threatmanager/3.0/administration/configuration/integrations/credentialprofile.md) - [Email Page](/docs/threatmanager/3.0/administration/configuration/integrations/email.md) - [Folder Settings Page](/docs/threatmanager/3.0/administration/configuration/integrations/foldersettings.md) diff --git a/docs/threatmanager/3.0/administration/configuration/integrations/page/_category_.json b/docs/threatmanager/3.0/administration/configuration/integrations/page/_category_.json new file mode 100644 index 0000000000..c48478f5c7 --- /dev/null +++ b/docs/threatmanager/3.0/administration/configuration/integrations/page/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Authentication Provider Page", + "position": 40, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "page" + } +} \ No newline at end of file diff --git a/docs/threatmanager/3.0/administration/configuration/integrations/page/openid/_category_.json b/docs/threatmanager/3.0/administration/configuration/integrations/page/openid/_category_.json new file mode 100644 index 0000000000..143aa23275 --- /dev/null +++ b/docs/threatmanager/3.0/administration/configuration/integrations/page/openid/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "OpenID Authentication Provider", + "position": 20, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "openid" + } +} \ No newline at end of file diff --git a/docs/threatmanager/3.0/administration/configuration/integrations/authenticationprovider/entraidopenid.md b/docs/threatmanager/3.0/administration/configuration/integrations/page/openid/entraidopenid.md similarity index 98% rename from docs/threatmanager/3.0/administration/configuration/integrations/authenticationprovider/entraidopenid.md rename to docs/threatmanager/3.0/administration/configuration/integrations/page/openid/entraidopenid.md index 0bd5b1cada..bc842464c6 100644 --- a/docs/threatmanager/3.0/administration/configuration/integrations/authenticationprovider/entraidopenid.md +++ b/docs/threatmanager/3.0/administration/configuration/integrations/page/openid/entraidopenid.md @@ -1,3 +1,9 @@ +--- +title: "Microsoft Entra ID Configuration" +description: "Microsoft Entra ID Configuration" +sidebar_position: 10 +--- + # Microsoft Entra ID Configuration For enhanced security, you can integrate Microsoft Entra ID OpenID Connect with Threat Manager using diff --git a/docs/threatmanager/3.0/administration/configuration/integrations/page/openid/openid.md b/docs/threatmanager/3.0/administration/configuration/integrations/page/openid/openid.md new file mode 100644 index 0000000000..50858a32bd --- /dev/null +++ b/docs/threatmanager/3.0/administration/configuration/integrations/page/openid/openid.md @@ -0,0 +1,73 @@ +--- +title: "OpenID Authentication Provider" +description: "OpenID Authentication Provider" +sidebar_position: 20 +--- + +# OpenID Authentication Provider + +OpenID is an open standard for authentication that allows users to log into multiple websites using +a single set of credentials, eliminating the need for multiple usernames and passwords. Unlike +traditional authentication methods, OpenID delegates authentication to a third-party provider, +allowing users to authenticate with their chosen identity provider. + +Follow the instructions to integrate the OpenID authentication provider with Threat Manager. + +![Integrations interface displaying the details for an OpenID authneication provider](/img/product_docs/threatmanager/3.0/administration/configuration/integrations/authenticationprovider/openid.webp) + +The details page for an OpenID authentication provider has two tabs: + +- Configuration +- Users/Groups + +## Configuration Tab + +Configure the following settings for an OpenID provider on the Configuration tab: + +![Configuration tab for an OpenID authneication provider](/img/product_docs/threatprevention/7.5/reportingmodule/configuration/integrations/authenticationprovider/configurationopenid.webp) + +- Default – The default profile applied when a user is assigned multiple authentication profiles. + When off, the profile will be determined in alphabetical order of the profile name. Toggle off and + on as desired. +- Authority – The OpenId Connect provider authority URI. Out-going redirection requires the correct + Authority path to be set. Incorrect settings will generally result in a 404 error. +- Client Id – The ID assigned to an application that allows it to request authentication and + interact with the identity provider +- Login Type – The login type to use to log into the account. Use the drop-down menu to select one + of the following: Sam Account Name, User Principal Name, Email Address, or Sid +- User Source – The source type to use to validate the user from the token. Use the drop-down menu + to select one of the following: Introspection, User Info, Token Parse, or Id Token Parse +- User Source Field – The field in the token to use for validating the user + +Click Save to commit the configuration settings. + +## Users/Groups Tab + +The Users/Groups tab displays users and groups that are currently assigned to this authentication +profile. To give access to the application to new users, click the New Access button, which opens +the Add Console Access window. To assign this authentication provider to existing users, go to +System Settings > User Access Page. + +![UserGroups tab for an authneication provider](/img/product_docs/threatmanager/3.0/administration/configuration/integrations/authenticationprovider/usersgroupssamltab.webp) + +The table displays the following information: + +- Access rule type – Indicates the access type as _Allow_, which enables console access, or _Deny_, + which disables console access +- Login name – The NTStyle domain name for the user or group account +- Display name – The display name for the user or group account +- Domain name – Name of the domain. This may be either the domain DNS name or domain controller + hostname. +- Role – The role assigned to the user or group for accessing this application +- Authentication Type – Type of MFA authentication assigned to the user or group +- Action – This column has the following icons for conducting actions on the user or group: + + - Edit icon – Allows you to edit the columns in the selected row by enabling drop-down menus. + The edit icon changes to a save icon while in edit mode. + - Trash icon – Opens a Warning window to confirm the action of deleting the user or group. + Removing a user or group removes console access for it. + - Reset MFA button – Forces the user or every user in the group to reconfigure MFA on the next + login. This option is only available if an MFA authentication type is applied to the user or + group. + +See the [User Access Page](/docs/threatmanager/3.0/administration/configuration/systemsettings/useraccess.md) topic for additional information. diff --git a/docs/threatmanager/3.0/administration/configuration/integrations/page/page.md b/docs/threatmanager/3.0/administration/configuration/integrations/page/page.md new file mode 100644 index 0000000000..6ec1714ed8 --- /dev/null +++ b/docs/threatmanager/3.0/administration/configuration/integrations/page/page.md @@ -0,0 +1,55 @@ +--- +title: "Authentication Provider Page" +description: "Authentication Provider Page" +sidebar_position: 40 +--- + +# Authentication Provider Page + +The Authentication Provider page provides configuration settings for third-party authentication +providers using RADIUS, OpenID, and SAML integrations. + +Use the gear icon in the upper right corner of the console to open the Configuration menu. Then +select **Integrations** to open the Integrations interface. + +![Integrations interface on the Authentication Provider page](/img/product_docs/threatmanager/3.0/administration/configuration/integrations/authenticationprovider/page.webp) + +Click **Authentication Provider** in the navigation pane to view a list of already configured +authentication providers, if any. + +The table displays the provider name, as supplied during configuration, and an icon indicating if +the integration is enabled. To view provider details or make modifications, select a provider from +the table or select it from the Credential Profile drop-down in the navigation pane. + +## Add an Authentication Provider + +Follow the steps to add an authentication provider. + +**Step 1 –** On the Integrations interface, click Add New Integration in the navigation pane. The +Add New Integration window opens. + +![Add New Integration window with Authentication Provider type selected](/img/product_docs/threatprevention/7.5/reportingmodule/configuration/integrations/authenticationprovider/authenticationprovider.webp) + +**Step 2 –** In the Type drop-down list, select Authentication Provider. + +**Step 3 –** Provide a unique name and description for the authentication provider. + +**Step 4 –** Click Add. The Add New Integration window closes. + +The authentication provider is listed in the Integrations navigation pane and the configuration +window for the provider opens. You must configure the provider for use with a supported +authentication provider type, i.e., OpenID, RADIUS, or SAML. + +## Supported Types of Authentication Providers + +On the Integrations interface, select an authentication provider under the Authentication Provider +node in the navigation pane or from the table to configure, view, or modify its details. + +![Integrations interface displaying the details for an Authentication Provider with the type drop-down menu open](/img/product_docs/threatmanager/3.0/administration/configuration/integrations/authenticationprovider/types.webp) + +The following authentication provider types are supported; you can configure an authentication +provider for any of these: + +- RADIUS – See the [RADIUS Authentication Provider](/docs/threatmanager/3.0/administration/configuration/integrations/page/radius.md) topic for additional information. +- OpenID – See the [OpenID Authentication Provider](/docs/threatmanager/3.0/administration/configuration/integrations/page/openid/openid.md) topic for additional information. +- SAML – See the [SAML Authentication Provider](/docs/threatmanager/3.0/administration/configuration/integrations/page/saml.md) topic for additional information. diff --git a/docs/threatmanager/3.0/administration/configuration/integrations/page/radius.md b/docs/threatmanager/3.0/administration/configuration/integrations/page/radius.md new file mode 100644 index 0000000000..7da6a34888 --- /dev/null +++ b/docs/threatmanager/3.0/administration/configuration/integrations/page/radius.md @@ -0,0 +1,120 @@ +--- +title: "RADIUS Authentication Provider" +description: "RADIUS Authentication Provider" +sidebar_position: 10 +--- + +# RADIUS Authentication Provider + +The Remote Authentication Dial-In User Service (RADIUS) is a networking protocol that provides +centralized authentication, authorization, and accounting management for users connecting to a +network service. + +![Integrations interface displaying the details for a Radius authneication provider](/img/product_docs/threatmanager/3.0/administration/configuration/integrations/authenticationprovider/radius.webp) + +The details page for a RADIUS authentication provider has three tabs: + +- Configuration +- Customization +- Users/Groups + +## Configuration Tab + +Configure the following settings for a RADIUS provider on the Configuration tab: + +![Configuration tab for a RADIUS authneication provider](/img/product_docs/threatprevention/7.5/reportingmodule/configuration/integrations/authenticationprovider/configurationradius.webp) + +- Default – The default profile applied when a user is assigned multiple authentication profiles. + When off, the profile will be determined in alphabetical order of the profile name. Toggle off and + on as desired. +- Server FQDN/IP – The address of the RADIUS proxy +- Port – The port for the RADIUS proxy +- Auth Type – The security protocol used by the RADIUS proxy. Use the drop-down menu to select + either MSCHAPv2 or PAP. +- Shared Secret – A secret shared between the application server and the RADIUS proxy +- User Name Format Type – Active Directory attribute or attributes that will be sent to the RADIUS + authentication provider to identify the user. Some common identification attributes are available + in the drop-down list. If necessary, a custom option is also provided. This option instructs the + application to send a custom value to the RADIUS provider based on the user's Active Directory + attribute, supplied in the Custom Name Format field. +- Custom Name Format – This field appears when the Custom User Name Format Type is selected. It has + a unique syntax as follows: + + - Active Directory Attribute: `{attributename}` + + - Example – `{firstname}_{lastname}` + + - First Character(s) of an Active Directory Attribute: `{3:AttributeName}` – Where "3" is the + number of characters to select + + - Example – `{1:firstname}_{lastname}` + + - Last Character(s) of an Active Directory Attribute: `{AttributeName:3}` – Where "3" is the + number of characters to select + + - Example – `{firstname}_{telephoneNumber:4}` + + - Text values can be hard coded to send a static text value for each user: + + - Example – `MyCompany_{lastname}` + +- Max Retries – The maximum number of times to attempt reconnecting to the RADIUS proxy if unable to + connect +- Timeouts (in seconds) – The default timeout value for RADIUS connection and authentication + requests. The default value is 60 seconds. + +Click Save to commit the configuration settings. + +## Customization Tab + +The Customization tab is unique to RADIUS authentication providers. It contains the following +settings that need to be configured: + +![Customization tab for a Radius authneication provider](/img/product_docs/threatprevention/7.5/reportingmodule/configuration/integrations/authenticationprovider/customizationtab.webp) + +- Title for MFA Authentication dialog – The title that is displayed to the user when prompted for + MFA +- Text for MFA Authentication dialog – The text description that is displayed to the user when + prompted for MFA +- Send Initial Text – If On, the value in the Initial Auto Response Text is automatically sent to + the RADIUS proxy without user action. Toggle On or Off as desired. +- Initial Auto Response Text – This value is sent to the RADIUS server automatically if the Send + Initial Text option is enabled. For example, this might be “push” to immediately have the user’s + phone app prompt for authorization. +- Prefix for Response Text – This value is added to the start of the responses. The value will vary + according to server. +- Send NAS Identifier – When On, NAS identifiers are transmitted to the RADIUS proxy. This is needed + for certain RADIUS proxy implementations that require it. Toggle On or Off as desired. + +Click Save to save the configuration settings. + +### Users/Groups Tab + +The Users/Groups tab displays users and groups that are currently assigned to this authentication +profile. To give access to the application to new users, click the New Access button, which opens +the Add Console Access window. To assign this authentication provider to existing users, go to +System Settings > User Access Page. + +![UserGroups tab for an authneication provider](/img/product_docs/threatprevention/7.5/reportingmodule/configuration/integrations/authenticationprovider/usersgroupstab.webp) + +The table displays the following information: + +- Access rule type – Indicates the access type as _Allow_, which enables console access, or _Deny_, + which disables console access +- Login name – The NTStyle domain name for the user or group account +- Display name – The display name for the user or group account +- Domain name – Name of the domain. This may be either the domain DNS name or domain controller + hostname. +- Role – The role assigned to the user or group for accessing this application +- Authentication Type – Type of MFA authentication assigned to the user or group +- Action – This column has the following icons for conducting actions on the user or group: + + - Edit icon – Allows you to edit the columns in the selected row by enabling drop-down menus. + The edit icon changes to a save icon while in edit mode. + - Trash icon – Opens a Warning window to confirm the action of deleting the user or group. + Removing a user or group removes console access for it. + - Reset MFA button – Forces the user or every user in the group to reconfigure MFA on the next + login. This option is only available if an MFA authentication type is applied to the user or + group. + +See the [User Access Page](/docs/threatmanager/3.0/administration/configuration/systemsettings/useraccess.md) topic for additional information. diff --git a/docs/threatmanager/3.0/administration/configuration/integrations/page/saml.md b/docs/threatmanager/3.0/administration/configuration/integrations/page/saml.md new file mode 100644 index 0000000000..b0dba79ccf --- /dev/null +++ b/docs/threatmanager/3.0/administration/configuration/integrations/page/saml.md @@ -0,0 +1,80 @@ +--- +title: "SAML Authentication Provider" +description: "SAML Authentication Provider" +sidebar_position: 30 +--- + +# SAML Authentication Provider + +The Security Assertion Markup Language (SAML) is an XML framework for exchanging authentication and +authorization information. It provides functions to describe and transmit security-related +information. This means that you can use one set of credentials to log in to many different +websites. It is much easier to manage one login per user than separate logins for email, Customer +Relationship Management (CRM) software, Active Directory, and more. + +![Integrations interface displaying the details for a SAML authneication provider](/img/product_docs/threatmanager/3.0/administration/configuration/integrations/authenticationprovider/saml.webp) + +The details page for a SAML authentication provider has two tabs: + +- Configuration +- Users/Groups + +Prerequisites + +For users to be able to use SAML, "SMTP" must be set up and an email address must be stored with the +respective users. + +## Configuration Tab + +Configure the following settings for a SAML provider on the Configuration tab: + +![Configuration tab for a SAML authneication provider](/img/product_docs/threatprevention/7.5/reportingmodule/configuration/integrations/authenticationprovider/configurationsaml.webp) + +- Default – The default profile applied when a user is assigned multiple authentication profiles. + When off, the profile will be determined in alphabetical order of the profile name. Toggle off and + on as desired. +- Login URI – Login URI is a specific web address where users can authenticate themselves to access + a web application or service +- Logout Uri – A logout URI is a specific web address where users are directed to terminate their + authenticated session in a web application or service +- Login Type – The login type to use to log into the account. Use the drop-down menu to select one + of the following: Sam Account Name, User Principal Name, Email Address, or Sid +- User Claim – A user claim is an assertion made by the identity provider about a user, such as + their name, role, or email, that the service provider can use for authorization decisions +- Check Certificate – If enabled, this validates the response certificate to the certificate + provided in the Certificate field. Use the toggle button to enable and disable this setting. +- Certificate – A certificate is a digital credential used to validate the identity of parties and + secure communications between an Identity Provider (IdP) and a Service Provider (SP) + +Click Save to commit the configuration settings. + +## Users/Groups Tab + +The Users/Groups tab displays users and groups that are currently assigned to this authentication +profile. To give access to the application to new users, click the New Access button, which opens +the Add Console Access window. To assign this authentication provider to existing users, go to +System Settings > User Access Page. + +![UserGroups tab for an authneication provider](/img/product_docs/threatmanager/3.0/administration/configuration/integrations/authenticationprovider/usersgroupssamltab.webp) + +The table displays the following information: + +- Access rule type – Indicates the access type as _Allow_, which enables console access, or _Deny_, + which disables console access +- Login name – The NTStyle domain name for the user or group account +- Display name – The display name for the user or group account +- Domain name – Name of the domain. This may be either the domain DNS name or domain controller + hostname. +- Role – The role assigned to the user or group for accessing this application +- Authentication Type – Type of MFA authentication assigned to the user or group +- Action – This column has the following icons for conducting actions on the user or group: + + - Edit icon – Allows you to edit the columns in the selected row by enabling drop-down menus. + The edit icon changes to a save icon while in edit mode. + - Trash icon – Opens a Warning window to confirm the action of deleting the user or group. + Removing a user or group removes console access for it. + - Reset MFA button – Forces the user or every user in the group to reconfigure MFA on the next + login. This option is only available if an MFA authentication type is applied to the user or + group. + +See the [User Access Page](/docs/threatmanager/3.0/administration/configuration/systemsettings/useraccess.md) topic for additional information. diff --git a/docs/threatmanager/3.0/administration/configuration/integrations/siem.md b/docs/threatmanager/3.0/administration/configuration/integrations/siem.md index b9de116967..929e8f0cca 100644 --- a/docs/threatmanager/3.0/administration/configuration/integrations/siem.md +++ b/docs/threatmanager/3.0/administration/configuration/integrations/siem.md @@ -1,3 +1,9 @@ +--- +title: "SIEM Page" +description: "SIEM Page" +sidebar_position: 80 +--- + # SIEM Page The SIEM page provides configuration settings for forwarding threat information to a SIEM service diff --git a/docs/threatmanager/3.0/administration/configuration/integrations/tagmanagement.md b/docs/threatmanager/3.0/administration/configuration/integrations/tagmanagement.md index 4f8577cf04..1adb19183d 100644 --- a/docs/threatmanager/3.0/administration/configuration/integrations/tagmanagement.md +++ b/docs/threatmanager/3.0/administration/configuration/integrations/tagmanagement.md @@ -1,3 +1,9 @@ +--- +title: "Tag Management Page" +description: "Tag Management Page" +sidebar_position: 100 +--- + # Tag Management Page The Tag Management page displays all tags that are currently managed by the application, including diff --git a/docs/threatmanager/3.0/administration/configuration/overview.md b/docs/threatmanager/3.0/administration/configuration/overview.md index 07fcfb4bb0..b40a75a422 100644 --- a/docs/threatmanager/3.0/administration/configuration/overview.md +++ b/docs/threatmanager/3.0/administration/configuration/overview.md @@ -1,3 +1,9 @@ +--- +title: "Configuration Menu" +description: "Configuration Menu" +sidebar_position: 20 +--- + # Configuration Menu Use the gear icon in the upper right corner of the console to open the Configuration menu. @@ -7,7 +13,7 @@ Use the gear icon in the upper right corner of the console to open the Configura It contains links to the component configuration and settings interfaces: - Threat Detection – Provides an interface to configure threat monitoring. See the - [Threat Detection Page](/docs/threatmanager/3.0/administration/configuration/threatdetection.md) topic for additional information. + [Threat Detection Page](/docs/threatmanager/3.0/administration/configuration/threatdetection/threatdetection.md) topic for additional information. - Threat Response – Provides the ability to designate playbooks, which contain actions that can be executed in response to detected threats. See the [Threat Response Page](/docs/threatmanager/3.0/administration/configuration/threatresponse.md) topic for additional information. diff --git a/docs/threatmanager/3.0/administration/configuration/policies/_category_.json b/docs/threatmanager/3.0/administration/configuration/policies/_category_.json new file mode 100644 index 0000000000..90cbccbd17 --- /dev/null +++ b/docs/threatmanager/3.0/administration/configuration/policies/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Policies Page", + "position": 40, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/threatmanager/3.0/administration/configuration/policies/honeytoken.md b/docs/threatmanager/3.0/administration/configuration/policies/honeytoken.md index 89bddacb0a..7c9c1c8b57 100644 --- a/docs/threatmanager/3.0/administration/configuration/policies/honeytoken.md +++ b/docs/threatmanager/3.0/administration/configuration/policies/honeytoken.md @@ -1,3 +1,9 @@ +--- +title: "Configure Honeytoken Threats" +description: "Configure Honeytoken Threats" +sidebar_position: 20 +--- + # Configure Honeytoken Threats The first step for configuring Honeytoken threats is to select a good Honeytoken username format. diff --git a/docs/threatmanager/3.0/administration/configuration/policies/overview.md b/docs/threatmanager/3.0/administration/configuration/policies/overview.md index a1e951dcb7..76d022672e 100644 --- a/docs/threatmanager/3.0/administration/configuration/policies/overview.md +++ b/docs/threatmanager/3.0/administration/configuration/policies/overview.md @@ -1,3 +1,9 @@ +--- +title: "Policies Page" +description: "Policies Page" +sidebar_position: 40 +--- + # Policies Page The Policies Page provides an overview of the policies added to the Policies box and their @@ -18,7 +24,7 @@ The Deployment History table displays the following information: - Created – When the policy was applied to a host - Host – The host on which the policy was applied. If the host exists in the Threat Manager - database, click on the host link to go to the [Host Details Page](/docs/threatmanager/3.0/administration/threatdetails/host.md) + database, click on the host link to go to the [Host Details Page](/docs/threatmanager/3.0/administration/threats/activedirectoryobjects/host.md) - User Name – The user account associated with the policy. (In the case of a Honeytoken policy, the user account created by the Honeytoken policy.) - Policy – The policy name. Click on the policy link to go to the Configuration tab for that policy. diff --git a/docs/threatmanager/3.0/administration/configuration/policies/policiesconfiguration.md b/docs/threatmanager/3.0/administration/configuration/policies/policiesconfiguration.md index 6155048c87..643f0e1db2 100644 --- a/docs/threatmanager/3.0/administration/configuration/policies/policiesconfiguration.md +++ b/docs/threatmanager/3.0/administration/configuration/policies/policiesconfiguration.md @@ -1,3 +1,9 @@ +--- +title: "Policy Configuration" +description: "Policy Configuration" +sidebar_position: 10 +--- + # Policy Configuration The Policy Details page displays information about the Honeytoken configuration. diff --git a/docs/threatmanager/3.0/administration/configuration/systemhealth/_category_.json b/docs/threatmanager/3.0/administration/configuration/systemhealth/_category_.json new file mode 100644 index 0000000000..f7216322de --- /dev/null +++ b/docs/threatmanager/3.0/administration/configuration/systemhealth/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "System Health Interface", + "position": 50, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/threatmanager/3.0/administration/configuration/systemhealth/actionqueue.md b/docs/threatmanager/3.0/administration/configuration/systemhealth/actionqueue.md index 7412b20d81..e3b9ee7b39 100644 --- a/docs/threatmanager/3.0/administration/configuration/systemhealth/actionqueue.md +++ b/docs/threatmanager/3.0/administration/configuration/systemhealth/actionqueue.md @@ -1,3 +1,9 @@ +--- +title: "Action Queue" +description: "Action Queue" +sidebar_position: 20 +--- + # Action Queue The Action Queue Overview shows any pending or in-progress actions taken by the Threat Manager diff --git a/docs/threatmanager/3.0/administration/configuration/systemhealth/agents.md b/docs/threatmanager/3.0/administration/configuration/systemhealth/agents.md index 621001d1fe..367474dd37 100644 --- a/docs/threatmanager/3.0/administration/configuration/systemhealth/agents.md +++ b/docs/threatmanager/3.0/administration/configuration/systemhealth/agents.md @@ -1,3 +1,9 @@ +--- +title: "Agents" +description: "Agents" +sidebar_position: 30 +--- + # Agents The Agents Overview reports which Threat Prevention agents have successfully sent events to Threat diff --git a/docs/threatmanager/3.0/administration/configuration/systemhealth/backlog.md b/docs/threatmanager/3.0/administration/configuration/systemhealth/backlog.md index bdb84c5de6..718cb309b1 100644 --- a/docs/threatmanager/3.0/administration/configuration/systemhealth/backlog.md +++ b/docs/threatmanager/3.0/administration/configuration/systemhealth/backlog.md @@ -1,3 +1,9 @@ +--- +title: "Backlog" +description: "Backlog" +sidebar_position: 10 +--- + # Backlog The Backlog overview displays a summary of all threats and system jobs with the events in queue to diff --git a/docs/threatmanager/3.0/administration/configuration/systemhealth/overview.md b/docs/threatmanager/3.0/administration/configuration/systemhealth/overview.md index 46c507e45b..3b90a1d05c 100644 --- a/docs/threatmanager/3.0/administration/configuration/systemhealth/overview.md +++ b/docs/threatmanager/3.0/administration/configuration/systemhealth/overview.md @@ -1,3 +1,9 @@ +--- +title: "System Health Interface" +description: "System Health Interface" +sidebar_position: 50 +--- + # System Health Interface The System Health interface displays database statistics and the total number of events for all diff --git a/docs/threatmanager/3.0/administration/configuration/systemhealth/services.md b/docs/threatmanager/3.0/administration/configuration/systemhealth/services.md index 530013d59c..43aca57373 100644 --- a/docs/threatmanager/3.0/administration/configuration/systemhealth/services.md +++ b/docs/threatmanager/3.0/administration/configuration/systemhealth/services.md @@ -1,3 +1,9 @@ +--- +title: "Services Page" +description: "Services Page" +sidebar_position: 40 +--- + # Services Page The Services page displays the services associated with the application server. See the diff --git a/docs/threatmanager/3.0/administration/configuration/systemsettings/_category_.json b/docs/threatmanager/3.0/administration/configuration/systemsettings/_category_.json new file mode 100644 index 0000000000..4b3fcbbbd1 --- /dev/null +++ b/docs/threatmanager/3.0/administration/configuration/systemsettings/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "System Settings Interface", + "position": 60, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/threatmanager/3.0/administration/configuration/systemsettings/about.md b/docs/threatmanager/3.0/administration/configuration/systemsettings/about.md index 60434e072e..5394b6dd54 100644 --- a/docs/threatmanager/3.0/administration/configuration/systemsettings/about.md +++ b/docs/threatmanager/3.0/administration/configuration/systemsettings/about.md @@ -1,3 +1,9 @@ +--- +title: "About Threat Manager Page" +description: "About Threat Manager Page" +sidebar_position: 50 +--- + # About Threat Manager Page The About Threat Manager page in the System Settings interface provides information about the diff --git a/docs/threatmanager/3.0/administration/configuration/systemsettings/auditing.md b/docs/threatmanager/3.0/administration/configuration/systemsettings/auditing.md index 0c737e9a01..b265b5fa0c 100644 --- a/docs/threatmanager/3.0/administration/configuration/systemsettings/auditing.md +++ b/docs/threatmanager/3.0/administration/configuration/systemsettings/auditing.md @@ -1,3 +1,9 @@ +--- +title: "Auditing Page" +description: "Auditing Page" +sidebar_position: 10 +--- + # Auditing Page The Auditing page within the System Settings interface contains the Audit History table with diff --git a/docs/threatmanager/3.0/administration/configuration/systemsettings/licensing.md b/docs/threatmanager/3.0/administration/configuration/systemsettings/licensing.md index ecbdeab4e4..5784b09f3c 100644 --- a/docs/threatmanager/3.0/administration/configuration/systemsettings/licensing.md +++ b/docs/threatmanager/3.0/administration/configuration/systemsettings/licensing.md @@ -1,3 +1,9 @@ +--- +title: "Licensing Page" +description: "Licensing Page" +sidebar_position: 30 +--- + # Licensing Page License information is displayed on the Licensing page of the System Settings interface. Threat diff --git a/docs/threatmanager/3.0/administration/configuration/systemsettings/overview.md b/docs/threatmanager/3.0/administration/configuration/systemsettings/overview.md index 141129c2b1..e8c27b822f 100644 --- a/docs/threatmanager/3.0/administration/configuration/systemsettings/overview.md +++ b/docs/threatmanager/3.0/administration/configuration/systemsettings/overview.md @@ -1,3 +1,9 @@ +--- +title: "System Settings Interface" +description: "System Settings Interface" +sidebar_position: 60 +--- + # System Settings Interface The System Settings interface provides access to system logs, user access controls, licensing, and diff --git a/docs/threatmanager/3.0/administration/configuration/systemsettings/systemjobs.md b/docs/threatmanager/3.0/administration/configuration/systemsettings/systemjobs.md index 061de0168a..79360b48bf 100644 --- a/docs/threatmanager/3.0/administration/configuration/systemsettings/systemjobs.md +++ b/docs/threatmanager/3.0/administration/configuration/systemsettings/systemjobs.md @@ -1,3 +1,9 @@ +--- +title: "System Jobs Page" +description: "System Jobs Page" +sidebar_position: 40 +--- + # System Jobs Page The System Jobs page within the System Settings interface contains information and configuration diff --git a/docs/threatmanager/3.0/administration/configuration/systemsettings/useraccess.md b/docs/threatmanager/3.0/administration/configuration/systemsettings/useraccess.md index e9e74bf67b..3cb0151b4a 100644 --- a/docs/threatmanager/3.0/administration/configuration/systemsettings/useraccess.md +++ b/docs/threatmanager/3.0/administration/configuration/systemsettings/useraccess.md @@ -1,3 +1,9 @@ +--- +title: "User Access Page" +description: "User Access Page" +sidebar_position: 20 +--- + # User Access Page The User Access page within the System Settings interface displays users and groups with their @@ -126,7 +132,7 @@ The following authentication types can be assigned to users and groups: third-party authentication provider. This must be configure in the Authentication Provider page of the Integrations interface in order to be available for user assignment. -See the [Authentication Provider Page](/docs/threatmanager/3.0/administration/configuration/integrations/authenticationprovider/page.md) topic for +See the [Authentication Provider Page](/docs/threatmanager/3.0/administration/configuration/integrations/page/page.md) topic for additional information. ### Add Console Access diff --git a/docs/threatmanager/3.0/administration/configuration/threatdetection/_category_.json b/docs/threatmanager/3.0/administration/configuration/threatdetection/_category_.json new file mode 100644 index 0000000000..730274e926 --- /dev/null +++ b/docs/threatmanager/3.0/administration/configuration/threatdetection/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Threat Detection Page", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "threatdetection" + } +} \ No newline at end of file diff --git a/docs/threatmanager/3.0/administration/configuration/threatconfiguration.md b/docs/threatmanager/3.0/administration/configuration/threatdetection/threatconfiguration.md similarity index 96% rename from docs/threatmanager/3.0/administration/configuration/threatconfiguration.md rename to docs/threatmanager/3.0/administration/configuration/threatdetection/threatconfiguration.md index 12af83b038..7a8aaabcef 100644 --- a/docs/threatmanager/3.0/administration/configuration/threatconfiguration.md +++ b/docs/threatmanager/3.0/administration/configuration/threatdetection/threatconfiguration.md @@ -1,3 +1,9 @@ +--- +title: "Fine Tune a Threat" +description: "Fine Tune a Threat" +sidebar_position: 10 +--- + # Fine Tune a Threat Selecting a threat in the Threats list displays details for that threat. The Threat Description box @@ -25,14 +31,14 @@ General: visualizations throughout the console. This setting does not influence the behavior of the threat response. - High – Indicates a serious threat that should be investigated immediately. The high threat - level setting can be used as a filter on the [Threats Page](/docs/threatmanager/3.0/administration/threats.md). + level setting can be used as a filter on the [Threats Page](/docs/threatmanager/3.0/administration/threats/threats.md). - Medium – Indicates a potentially serious threat of activities leading to a serious threat that should be investigated. The medium threat level setting can be used as a filter on the - [Threats Page](/docs/threatmanager/3.0/administration/threats.md). + [Threats Page](/docs/threatmanager/3.0/administration/threats/threats.md). - Low – Indicates activity that is a potential risk or a bad practice. The low threat level - setting can be used as a filter on the [Threats Page](/docs/threatmanager/3.0/administration/threats.md). + setting can be used as a filter on the [Threats Page](/docs/threatmanager/3.0/administration/threats/threats.md). - Audit – Indicates activity that is not necessarily a threat, but should be monitored. The - audit setting can be used as a filter on the [Threats Page](/docs/threatmanager/3.0/administration/threats.md). Some threats will + audit setting can be used as a filter on the [Threats Page](/docs/threatmanager/3.0/administration/threats/threats.md). Some threats will auto-escalate from audit to a higher level, for example, threats with a high threat event count or if the perpetrators of the threat are sensitive users. Audit events are also shown on the [Home Page](/docs/threatmanager/3.0/administration/home.md). diff --git a/docs/threatmanager/3.0/administration/configuration/threatdetection.md b/docs/threatmanager/3.0/administration/configuration/threatdetection/threatdetection.md similarity index 79% rename from docs/threatmanager/3.0/administration/configuration/threatdetection.md rename to docs/threatmanager/3.0/administration/configuration/threatdetection/threatdetection.md index e7feb09af2..44607cd017 100644 --- a/docs/threatmanager/3.0/administration/configuration/threatdetection.md +++ b/docs/threatmanager/3.0/administration/configuration/threatdetection/threatdetection.md @@ -1,3 +1,9 @@ +--- +title: "Threat Detection Page" +description: "Threat Detection Page" +sidebar_position: 10 +--- + # Threat Detection Page The Threat Detection page provides an interface to view and configure threats detected by Threat @@ -19,10 +25,10 @@ disabled. The Threats list divides the threats into sections: -- [Active Directory Threats](/docs/threatmanager/3.0/threats/activedirectory.md) -- [Entra ID Threats](/docs/threatmanager/3.0/threats/entraid.md) -- [File System Threats](/docs/threatmanager/3.0/threats/filesystem.md) -- [General Threats](/docs/threatmanager/3.0/threats/general.md) +- [Active Directory Threats](/docs/threatmanager/3.0/overview/threats/activedirectory.md) +- [Entra ID Threats](/docs/threatmanager/3.0/overview/threats/entraid.md) +- [File System Threats](/docs/threatmanager/3.0/overview/threats/filesystem.md) +- [General Threats](/docs/threatmanager/3.0/overview/threats/general.md) - Threat Detection Page Select a threat from the list to display the threat's configuration options to the right of the @@ -39,7 +45,7 @@ information: - Enabled – A green check mark indicates that the threat type is enabled for threat detection. A gray x indicates that the threat type is not enabled for threat detection. - Level – The relative severity level, or risk level, of the threat. See the - [Fine Tune a Threat](/docs/threatmanager/3.0/administration/configuration/threatconfiguration.md) topic for additional information. + [Fine Tune a Threat](/docs/threatmanager/3.0/administration/configuration/threatdetection/threatconfiguration.md) topic for additional information. - Email – A green check mark indicates that email notifications will be sent when the threat is detected. A gray x indicates that emailed notifications are disabled. - SIEM – A green check mark indicates that threat information will be sent to a SIEM service when @@ -48,8 +54,8 @@ information: - Playbook – A green check mark indicates that a Playbook is assigned to the threat. This means that a Playbook will be automatically executed every time a threat of this type is detected. - Rollup – A green check mark indicates that rollups are enabled. A gray x indicates that rollups - are not enabled. See the [Fine Tune a Threat](/docs/threatmanager/3.0/administration/configuration/threatconfiguration.md) topic for additional + are not enabled. See the [Fine Tune a Threat](/docs/threatmanager/3.0/administration/configuration/threatdetection/threatconfiguration.md) topic for additional information. - Exclusions – A green check mark indicates that one or more exclusions are present for this threat type. A gray x indicates that no exclusions are present for this threat. See the - [Fine Tune a Threat](/docs/threatmanager/3.0/administration/configuration/threatconfiguration.md) topic for additional information. + [Fine Tune a Threat](/docs/threatmanager/3.0/administration/configuration/threatdetection/threatconfiguration.md) topic for additional information. diff --git a/docs/threatmanager/3.0/administration/configuration/threatresponse.md b/docs/threatmanager/3.0/administration/configuration/threatresponse.md index 18420fdd28..5fff874b21 100644 --- a/docs/threatmanager/3.0/administration/configuration/threatresponse.md +++ b/docs/threatmanager/3.0/administration/configuration/threatresponse.md @@ -1,3 +1,9 @@ +--- +title: "Threat Response Page" +description: "Threat Response Page" +sidebar_position: 20 +--- + # Threat Response Page The Threat Response page provides the ability to create playbooks and add steps which contain diff --git a/docs/threatmanager/3.0/administration/home.md b/docs/threatmanager/3.0/administration/home.md index e17be5d890..535fc99028 100644 --- a/docs/threatmanager/3.0/administration/home.md +++ b/docs/threatmanager/3.0/administration/home.md @@ -1,3 +1,9 @@ +--- +title: "Home Page" +description: "Home Page" +sidebar_position: 10 +--- + # Home Page The Home page provides an "at a glance" overview of the possible threats detected in an diff --git a/docs/threatmanager/3.0/administration/investigations/_category_.json b/docs/threatmanager/3.0/administration/investigations/_category_.json new file mode 100644 index 0000000000..d26d105fe4 --- /dev/null +++ b/docs/threatmanager/3.0/administration/investigations/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Investigations Interface", + "position": 40, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/threatmanager/3.0/administration/investigations/auditcompliance.md b/docs/threatmanager/3.0/administration/investigations/auditcompliance.md index b5d706b826..d3d81c432e 100644 --- a/docs/threatmanager/3.0/administration/investigations/auditcompliance.md +++ b/docs/threatmanager/3.0/administration/investigations/auditcompliance.md @@ -1,3 +1,9 @@ +--- +title: "Audit and Compliance Page" +description: "Audit and Compliance Page" +sidebar_position: 50 +--- + # Audit and Compliance Page The Audit and Compliance page in the Investigations interface list of saved out-of-the-box diff --git a/docs/threatmanager/3.0/administration/investigations/favorites.md b/docs/threatmanager/3.0/administration/investigations/favorites.md index 52d166cb13..3e5a014b58 100644 --- a/docs/threatmanager/3.0/administration/investigations/favorites.md +++ b/docs/threatmanager/3.0/administration/investigations/favorites.md @@ -1,3 +1,9 @@ +--- +title: "Favorites Page" +description: "Favorites Page" +sidebar_position: 40 +--- + # Favorites Page The Favorites page in the Investigations interface lists all saved investigations the logged in user diff --git a/docs/threatmanager/3.0/administration/investigations/myinvestigations.md b/docs/threatmanager/3.0/administration/investigations/myinvestigations.md index 3b778273b0..b6f7fdd5fb 100644 --- a/docs/threatmanager/3.0/administration/investigations/myinvestigations.md +++ b/docs/threatmanager/3.0/administration/investigations/myinvestigations.md @@ -1,3 +1,9 @@ +--- +title: "My Investigations Page" +description: "My Investigations Page" +sidebar_position: 70 +--- + # My Investigations Page The My Investigations page in the Investigations interface provides a list of saved investigations diff --git a/docs/threatmanager/3.0/administration/investigations/newinvestigation.md b/docs/threatmanager/3.0/administration/investigations/newinvestigation.md index f7105070a2..3137e8f938 100644 --- a/docs/threatmanager/3.0/administration/investigations/newinvestigation.md +++ b/docs/threatmanager/3.0/administration/investigations/newinvestigation.md @@ -1,3 +1,9 @@ +--- +title: "New Investigation Page" +description: "New Investigation Page" +sidebar_position: 30 +--- + # New Investigation Page The New Investigation page within the Investigations interface enables you to run queries on diff --git a/docs/threatmanager/3.0/administration/investigations/options/_category_.json b/docs/threatmanager/3.0/administration/investigations/options/_category_.json new file mode 100644 index 0000000000..ac363bcbf4 --- /dev/null +++ b/docs/threatmanager/3.0/administration/investigations/options/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Investigation Options", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/threatmanager/3.0/administration/investigations/options/edit.md b/docs/threatmanager/3.0/administration/investigations/options/edit.md index b32cc9b415..415ba8a9ad 100644 --- a/docs/threatmanager/3.0/administration/investigations/options/edit.md +++ b/docs/threatmanager/3.0/administration/investigations/options/edit.md @@ -1,3 +1,9 @@ +--- +title: "Edit or Duplicate an Investigation" +description: "Edit or Duplicate an Investigation" +sidebar_position: 20 +--- + # Edit or Duplicate an Investigation An investigation can be edited and even duplicated. diff --git a/docs/threatmanager/3.0/administration/investigations/options/export.md b/docs/threatmanager/3.0/administration/investigations/options/export.md index 7ececa9979..2f0530f7aa 100644 --- a/docs/threatmanager/3.0/administration/investigations/options/export.md +++ b/docs/threatmanager/3.0/administration/investigations/options/export.md @@ -1,3 +1,9 @@ +--- +title: "Export Report" +description: "Export Report" +sidebar_position: 40 +--- + # Export Report An export puts the report results for an investigation into a desired format. The Export option diff --git a/docs/threatmanager/3.0/administration/investigations/options/filters.md b/docs/threatmanager/3.0/administration/investigations/options/filters.md index 25f960f87f..dda9e0a164 100644 --- a/docs/threatmanager/3.0/administration/investigations/options/filters.md +++ b/docs/threatmanager/3.0/administration/investigations/options/filters.md @@ -1,3 +1,9 @@ +--- +title: "Filters Section" +description: "Filters Section" +sidebar_position: 10 +--- + # Filters Section The Filters section provides options to build a filter statement by selecting the Attribute, diff --git a/docs/threatmanager/3.0/administration/investigations/options/overview.md b/docs/threatmanager/3.0/administration/investigations/options/overview.md index 3bb57e5a75..0f6ce61ba2 100644 --- a/docs/threatmanager/3.0/administration/investigations/options/overview.md +++ b/docs/threatmanager/3.0/administration/investigations/options/overview.md @@ -1,3 +1,9 @@ +--- +title: "Investigation Options" +description: "Investigation Options" +sidebar_position: 10 +--- + # Investigation Options Every investigation has the following options at the top of the page: @@ -12,7 +18,7 @@ Every investigation has the following options at the top of the page: [Edit or Duplicate an Investigation](/docs/threatmanager/3.0/administration/investigations/options/edit.md) topic for additional information. - Create threat – In addition to preconfigured threats, a user can create a custom threat when certain events are considered to be dangerous in the environment, for example, when one of the - privileged users makes file changes. See the [Custom Threats](/docs/threatmanager/3.0/threats/custom.md)topic for + privileged users makes file changes. See the [Custom Threats](/docs/threatmanager/3.0/overview/threats/custom.md)topic for additional information. - Subscriptions – Click the Subscriptions link to open the Subscription to window. You can specify recipients to receive this report as an email attachment in a specified format. See the diff --git a/docs/threatmanager/3.0/administration/investigations/options/subscription.md b/docs/threatmanager/3.0/administration/investigations/options/subscription.md index 2b5d0ccb79..ee49cccdd6 100644 --- a/docs/threatmanager/3.0/administration/investigations/options/subscription.md +++ b/docs/threatmanager/3.0/administration/investigations/options/subscription.md @@ -1,3 +1,9 @@ +--- +title: "Add Subscription" +description: "Add Subscription" +sidebar_position: 30 +--- + # Add Subscription A subscription sends the report results for an investigation to recipients via email as an diff --git a/docs/threatmanager/3.0/administration/investigations/overview.md b/docs/threatmanager/3.0/administration/investigations/overview.md index ce1a7194e9..66de55e092 100644 --- a/docs/threatmanager/3.0/administration/investigations/overview.md +++ b/docs/threatmanager/3.0/administration/investigations/overview.md @@ -1,3 +1,9 @@ +--- +title: "Investigations Interface" +description: "Investigations Interface" +sidebar_position: 40 +--- + # Investigations Interface The Investigation interface allows administrators to investigate all data available to the diff --git a/docs/threatmanager/3.0/administration/investigations/predefinedinvestigations.md b/docs/threatmanager/3.0/administration/investigations/predefinedinvestigations.md index 745dee5c0d..7966101d4d 100644 --- a/docs/threatmanager/3.0/administration/investigations/predefinedinvestigations.md +++ b/docs/threatmanager/3.0/administration/investigations/predefinedinvestigations.md @@ -1,3 +1,9 @@ +--- +title: "Predefined Investigations Page" +description: "Predefined Investigations Page" +sidebar_position: 60 +--- + # Predefined Investigations Page The Predefined Investigations page in the Investigations interface provides a list of saved diff --git a/docs/threatmanager/3.0/administration/investigations/reports.md b/docs/threatmanager/3.0/administration/investigations/reports.md index dd29007d2c..844f0bcd6e 100644 --- a/docs/threatmanager/3.0/administration/investigations/reports.md +++ b/docs/threatmanager/3.0/administration/investigations/reports.md @@ -1,3 +1,9 @@ +--- +title: "Investigation Reports" +description: "Investigation Reports" +sidebar_position: 20 +--- + # Investigation Reports Every report generated by an investigation query displays the following information: @@ -63,8 +69,8 @@ The table displays the following data: Click the arrow () in the table for a specific event to view additional details. -See the [Host Details Page](/docs/threatmanager/3.0/administration/threatdetails/host.md) topic and the -[User Details Page](/docs/threatmanager/3.0/administration/threatdetails/user.md) topic for additional information. +See the [Host Details Page](/docs/threatmanager/3.0/administration/threats/activedirectoryobjects/host.md) topic and the +[User Details Page](/docs/threatmanager/3.0/administration/threats/activedirectoryobjects/user.md) topic for additional information. ## Events Over Time Section @@ -112,5 +118,5 @@ It contains the following columns: - Users – The number of users who generated events - Actions – The number of events generated by all users on the target -Click the link to view target details.See the [Host Details Page](/docs/threatmanager/3.0/administration/threatdetails/host.md) topic +Click the link to view target details.See the [Host Details Page](/docs/threatmanager/3.0/administration/threats/activedirectoryobjects/host.md) topic for additional information. diff --git a/docs/threatmanager/3.0/administration/investigations/subscriptionsexports.md b/docs/threatmanager/3.0/administration/investigations/subscriptionsexports.md index 99b0bae0d8..b553438ad0 100644 --- a/docs/threatmanager/3.0/administration/investigations/subscriptionsexports.md +++ b/docs/threatmanager/3.0/administration/investigations/subscriptionsexports.md @@ -1,3 +1,9 @@ +--- +title: "Subscriptions and Exports Page" +description: "Subscriptions and Exports Page" +sidebar_position: 80 +--- + # Subscriptions and Exports Page A subscription sends the report results for an investigation to recipients via email as an diff --git a/docs/threatmanager/3.0/administration/overview.md b/docs/threatmanager/3.0/administration/overview.md index e292a8b9cb..8c10edf522 100644 --- a/docs/threatmanager/3.0/administration/overview.md +++ b/docs/threatmanager/3.0/administration/overview.md @@ -1,3 +1,9 @@ +--- +title: "Administration" +description: "Administration" +sidebar_position: 40 +--- + # Administration The navigation header contains the following links on the top left side of the page: @@ -5,7 +11,7 @@ The navigation header contains the following links on the top left side of the p ![headerbarleft](/img/product_docs/threatmanager/3.0/administration/headerbarleft.webp) - Threat Manager – Opens the Home page for the Threat Manager Console -- Threats – Opens the [Threats Page](/docs/threatmanager/3.0/administration/threats.md) +- Threats – Opens the [Threats Page](/docs/threatmanager/3.0/administration/threats/threats.md) - Investigate – Opens the [Investigations Interface](/docs/threatmanager/3.0/administration/investigations/overview.md) **NOTE:** For mobile users, only the icons are displayed for the Threats and Investigate links. @@ -40,7 +46,7 @@ and users with risky activity. ## Threats Page -The Threat Manager [Threats Page](/docs/threatmanager/3.0/administration/threats.md) is where end users and analysts investigate possible +The Threat Manager [Threats Page](/docs/threatmanager/3.0/administration/threats/threats.md) is where end users and analysts investigate possible threats in their environment. This page displays a historical timeline of the detected threats and advanced filtering that allows users to find threats with ease. An end user can drill down into threats and view additional details. Threats have a response workflow that enables teams to assign a diff --git a/docs/threatmanager/3.0/administration/playbooks/_category_.json b/docs/threatmanager/3.0/administration/playbooks/_category_.json new file mode 100644 index 0000000000..ac50ae720f --- /dev/null +++ b/docs/threatmanager/3.0/administration/playbooks/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Playbooks", + "position": 50, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/threatmanager/3.0/administration/playbooks/action/_category_.json b/docs/threatmanager/3.0/administration/playbooks/action/_category_.json new file mode 100644 index 0000000000..2b2ed5ff18 --- /dev/null +++ b/docs/threatmanager/3.0/administration/playbooks/action/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Action Configuration for Playbook Steps", + "position": 70, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/threatmanager/3.0/administration/playbooks/action/activedirectory.md b/docs/threatmanager/3.0/administration/playbooks/action/activedirectory.md index 2fc432f268..d72d4ddadf 100644 --- a/docs/threatmanager/3.0/administration/playbooks/action/activedirectory.md +++ b/docs/threatmanager/3.0/administration/playbooks/action/activedirectory.md @@ -1,3 +1,9 @@ +--- +title: "Active Directory Target Actions" +description: "Active Directory Target Actions" +sidebar_position: 10 +--- + # Active Directory Target Actions The following actions target Active Directory. diff --git a/docs/threatmanager/3.0/administration/playbooks/action/entraid.md b/docs/threatmanager/3.0/administration/playbooks/action/entraid.md index 9af0f2684b..2f3f1f2058 100644 --- a/docs/threatmanager/3.0/administration/playbooks/action/entraid.md +++ b/docs/threatmanager/3.0/administration/playbooks/action/entraid.md @@ -1,3 +1,9 @@ +--- +title: "Entra ID Target Actions" +description: "Entra ID Target Actions" +sidebar_position: 20 +--- + # Entra ID Target Actions The following actions target an Entra ID application. diff --git a/docs/threatmanager/3.0/administration/playbooks/action/localhost.md b/docs/threatmanager/3.0/administration/playbooks/action/localhost.md index 2d0f0387ba..b6b7af224f 100644 --- a/docs/threatmanager/3.0/administration/playbooks/action/localhost.md +++ b/docs/threatmanager/3.0/administration/playbooks/action/localhost.md @@ -1,3 +1,9 @@ +--- +title: "Local Host Target Actions" +description: "Local Host Target Actions" +sidebar_position: 30 +--- + # Local Host Target Actions The following actions target the Threat Manager server. diff --git a/docs/threatmanager/3.0/administration/playbooks/action/overview.md b/docs/threatmanager/3.0/administration/playbooks/action/overview.md index 8cdf3f2c6d..010e9a60c5 100644 --- a/docs/threatmanager/3.0/administration/playbooks/action/overview.md +++ b/docs/threatmanager/3.0/administration/playbooks/action/overview.md @@ -1,3 +1,9 @@ +--- +title: "Action Configuration for Playbook Steps" +description: "Action Configuration for Playbook Steps" +sidebar_position: 70 +--- + # Action Configuration for Playbook Steps When adding preconfigured actions as steps in a playbook, the configuration information required diff --git a/docs/threatmanager/3.0/administration/playbooks/action/tag.md b/docs/threatmanager/3.0/administration/playbooks/action/tag.md index 7eb16c8770..df877ed11c 100644 --- a/docs/threatmanager/3.0/administration/playbooks/action/tag.md +++ b/docs/threatmanager/3.0/administration/playbooks/action/tag.md @@ -1,3 +1,9 @@ +--- +title: "Tag Threat Actions" +description: "Tag Threat Actions" +sidebar_position: 40 +--- + # Tag Threat Actions The following action targets Threat Manager. diff --git a/docs/threatmanager/3.0/administration/playbooks/action/thirdparty.md b/docs/threatmanager/3.0/administration/playbooks/action/thirdparty.md index f66e1c69d9..3b73999c9e 100644 --- a/docs/threatmanager/3.0/administration/playbooks/action/thirdparty.md +++ b/docs/threatmanager/3.0/administration/playbooks/action/thirdparty.md @@ -1,3 +1,9 @@ +--- +title: "Third-Party Applications Target Actions" +description: "Third-Party Applications Target Actions" +sidebar_position: 50 +--- + # Third-Party Applications Target Actions The following actions target third-party applications. diff --git a/docs/threatmanager/3.0/administration/playbooks/action/windowsfileserver.md b/docs/threatmanager/3.0/administration/playbooks/action/windowsfileserver.md index da14e4a78c..345e386c45 100644 --- a/docs/threatmanager/3.0/administration/playbooks/action/windowsfileserver.md +++ b/docs/threatmanager/3.0/administration/playbooks/action/windowsfileserver.md @@ -1,3 +1,9 @@ +--- +title: "Windows File System Target Actions" +description: "Windows File System Target Actions" +sidebar_position: 60 +--- + # Windows File System Target Actions The following actions target Windows File System. diff --git a/docs/threatmanager/3.0/administration/playbooks/action/windowsserver.md b/docs/threatmanager/3.0/administration/playbooks/action/windowsserver.md index 71ac5f74d4..561a908b58 100644 --- a/docs/threatmanager/3.0/administration/playbooks/action/windowsserver.md +++ b/docs/threatmanager/3.0/administration/playbooks/action/windowsserver.md @@ -1,3 +1,9 @@ +--- +title: "Windows Server Target Actions" +description: "Windows Server Target Actions" +sidebar_position: 70 +--- + # Windows Server Target Actions The following actions target Windows servers. diff --git a/docs/threatmanager/3.0/administration/playbooks/editstep.md b/docs/threatmanager/3.0/administration/playbooks/editstep.md index ef478652fa..9980259fe9 100644 --- a/docs/threatmanager/3.0/administration/playbooks/editstep.md +++ b/docs/threatmanager/3.0/administration/playbooks/editstep.md @@ -1,3 +1,9 @@ +--- +title: "Edit or Delete a Playbook Step" +description: "Edit or Delete a Playbook Step" +sidebar_position: 10 +--- + # Edit or Delete a Playbook Step Follow the steps to edit a playbook step. diff --git a/docs/threatmanager/3.0/administration/playbooks/export.md b/docs/threatmanager/3.0/administration/playbooks/export.md index 4b3bed5719..c98aeee5dc 100644 --- a/docs/threatmanager/3.0/administration/playbooks/export.md +++ b/docs/threatmanager/3.0/administration/playbooks/export.md @@ -1,3 +1,9 @@ +--- +title: "Export a Playbook" +description: "Export a Playbook" +sidebar_position: 40 +--- + # Export a Playbook Playbooks can be exported from the Threat Manager Console. diff --git a/docs/threatmanager/3.0/administration/playbooks/import.md b/docs/threatmanager/3.0/administration/playbooks/import.md index 6c0b6a733d..726e756d2d 100644 --- a/docs/threatmanager/3.0/administration/playbooks/import.md +++ b/docs/threatmanager/3.0/administration/playbooks/import.md @@ -1,3 +1,9 @@ +--- +title: "Import a Playbook" +description: "Import a Playbook" +sidebar_position: 30 +--- + # Import a Playbook Playbooks created in a different location than the Threat Manager installation can be imported to diff --git a/docs/threatmanager/3.0/administration/playbooks/importsteps.md b/docs/threatmanager/3.0/administration/playbooks/importsteps.md index 2f1c3f35fa..2b82fd7813 100644 --- a/docs/threatmanager/3.0/administration/playbooks/importsteps.md +++ b/docs/threatmanager/3.0/administration/playbooks/importsteps.md @@ -1,3 +1,9 @@ +--- +title: "Import Action Steps for Playbooks" +description: "Import Action Steps for Playbooks" +sidebar_position: 50 +--- + # Import Action Steps for Playbooks The Threat Response box contains an Import button which provides the ability to import custom diff --git a/docs/threatmanager/3.0/administration/playbooks/overview.md b/docs/threatmanager/3.0/administration/playbooks/overview.md index 30925f3479..3bdaaf7aad 100644 --- a/docs/threatmanager/3.0/administration/playbooks/overview.md +++ b/docs/threatmanager/3.0/administration/playbooks/overview.md @@ -1,9 +1,15 @@ +--- +title: "Playbooks" +description: "Playbooks" +sidebar_position: 50 +--- + # Playbooks The first step in designating steps to run in response to a threat is to add a playbook. A playbook is used to tie a threat or "trigger type" to the desired step(s) to take in response to that threat. A threat response can be assigned to a playbook on the -[Threat Detection Page](/docs/threatmanager/3.0/administration/configuration/threatdetection.md). Once a playbook has been created, +[Threat Detection Page](/docs/threatmanager/3.0/administration/configuration/threatdetection/threatdetection.md). Once a playbook has been created, steps that specify the desired action for the threat response are then added. **_RECOMMENDED:_** Execute playbooks in a test environment and review the results prior to executing @@ -126,7 +132,7 @@ executions and also provides the ability to search the table. The table provides the following information: - Threat – The threat type that triggered the playbook - - Click the threat link to open the [Threat Details Page](/docs/threatmanager/3.0/administration/threatdetails/overview.md) and view + - Click the threat link to open the [Threat Details Page](/docs/threatmanager/3.0/administration/threats/threatdetails/overview.md) and view information about the threat. - Threat Detected – The time that the threat was detected - Time Started – The time that the playbook was executed diff --git a/docs/threatmanager/3.0/administration/playbooks/save.md b/docs/threatmanager/3.0/administration/playbooks/save.md index c089e6ca72..315615799e 100644 --- a/docs/threatmanager/3.0/administration/playbooks/save.md +++ b/docs/threatmanager/3.0/administration/playbooks/save.md @@ -1,3 +1,9 @@ +--- +title: "Save a Playbook Step to My Steps" +description: "Save a Playbook Step to My Steps" +sidebar_position: 20 +--- + # Save a Playbook Step to My Steps Sometimes it may be convenient to save a step so that it can be added to multiple playbooks without diff --git a/docs/threatmanager/3.0/administration/playbooks/trigger.md b/docs/threatmanager/3.0/administration/playbooks/trigger.md index bd082a3570..1072b390b8 100644 --- a/docs/threatmanager/3.0/administration/playbooks/trigger.md +++ b/docs/threatmanager/3.0/administration/playbooks/trigger.md @@ -1,3 +1,9 @@ +--- +title: "Trigger a Playbook Manually" +description: "Trigger a Playbook Manually" +sidebar_position: 60 +--- + # Trigger a Playbook Manually If a playbook is configured to be allowed for a threat, a Threat Response button will be shown on diff --git a/docs/threatmanager/3.0/administration/threatdetails/group.md b/docs/threatmanager/3.0/administration/threatdetails/group.md deleted file mode 100644 index 64bd37f897..0000000000 --- a/docs/threatmanager/3.0/administration/threatdetails/group.md +++ /dev/null @@ -1,77 +0,0 @@ -# Group Details Page - -The Group Details page provides information about the selected Active Directory group, threats -generated by the group, and group membership. - -![AD Group Details page](/img/product_docs/threatmanager/3.0/administration/threatdetails/page_3.webp) - -The top of the page displays a group profile card which may contain the following information about -the group: - -- Name -- DN -- Sam Account Name -- Object GUID -- Object Type -- Domain -- Tags, with an option to add additional tags - -The Group Details page has the following tabs: - -- Threats Tab -- Members Tab -- Group Membership Tab - -## Threats Tab - -The Threats tab for a group displays the threats detected for the group by timeframe. - -![Threats tab for on the Group Details page](/img/product_docs/threatmanager/3.0/administration/threatdetails/threatstab.webp) - -A key for threat types is displayed below the chart. - -## Members Tab - -The Members tab displays information about its members. - -![AD Group Details Members Page](/img/product_docs/threatmanager/3.0/administration/threatdetails/memberstab.webp) - -![Group Members Tab All Members Page](/img/product_docs/threatmanager/3.0/administration/threatdetails/memberstaballmembers.webp) - -The Membership tab displays two tables: - -- Direct Member – Lists users who are direct members of the group -- All Members – has the following two tables: - - - Domain Admins – Users responsible for managing and controlling settings within the domain - - Domain Guests – Temporary accounts who need limited access to the domain - -Each table has the following columns: - -- Name – The display name of the member -- Domain – The domain name of the member -- Email – The email address of the member -- Title – The member's job title -- Department – The member's department - -## Group Membership Tab - -The Group Membership tab displays a table that lists the users who are members of the group. - -![Group Membership tab for on the Group Details page](/img/product_docs/threatmanager/3.0/administration/threatdetails/groupmembershiptab_1.webp) - -![Group Membership Tab Indirect Memberof Page](/img/product_docs/threatmanager/3.0/administration/threatdetails/groupmembershiptabindirect.webp) - -The Group Membership tab displays the groups that _the group_ is a member of. Here, 'the group' -refers to the group whose details you are viewing. - -The tab has two sub-tabs: - -- Direct Member Of – Lists groups the group is a direct member of -- Indirect Member Of – Lists groups the group is a member of via membership in a nested group - -Each sub-tab displays a table with the following columns: - -- Name - The name of the group. Click the link to view group details. -- Domain - Name of the domain. This may be either the domain DNS name or domain controller hostname. -- Tags - The tag present on the perpetrator, file, or host associated with the event diff --git a/docs/threatmanager/3.0/administration/threatdetails/host.md b/docs/threatmanager/3.0/administration/threatdetails/host.md deleted file mode 100644 index edccf05c77..0000000000 --- a/docs/threatmanager/3.0/administration/threatdetails/host.md +++ /dev/null @@ -1,62 +0,0 @@ -# Host Details Page - -The Host Details page displays all threats on the selected host. - -![Host Details page](/img/product_docs/threatmanager/3.0/administration/threatdetails/page_2.webp) - -The top of the page displays a host profile card which may contain the following information about -the host: - -- Host Name -- Distinguished Name (DN) -- NT Name (SAM Account Name) -- DNG Host Name -- Operating System -- Operating System Version -- Object GUID -- Object Type -- Domain -- Tags, with an option to add additional tags - -The page has the following tabs: - -- Threats Tab -- Activity Summary Tab -- Group Membership Tab - -## Threats Tab - -The Threats tab for a host displays the threats for the host by timeframe. - -![Threats tab of the Host Details page](/img/product_docs/threatmanager/3.0/administration/threatdetails/threatstab.webp) - -The Threats tab contains a bar chart that displays each type of threat on the host and a pie chart -that shows the total number of threats on the host. The Threats List displayed below the Historical -Events section displays all threats that occurred on the host for the selected timeframe. - -## Activity Summary Tab - -The Activity Summary tab displays charts for host activity over different time periods. - -![Activity Summary tab of the Host Details page](/img/product_docs/threatmanager/3.0/administration/threatdetails/activitysummarytab.webp) - -The Activity Overview (Past 12 Months) shows a color-coded heat map of host activity. Other metrics -include Average Activity by Hour, and Average Activity by Day, and Events by Type. - -## Group Membership Tab - -The Group Membership tab displays the groups the host is a member of. It has the following sub-tabs: - -- Direct Member Of – Lists groups the host is a direct member of -- Indirect Member Of – Lists groups the host is a member of via membership in a nested group - -![groupmembershiptab](/img/product_docs/threatmanager/3.0/administration/threatdetails/groupmembershiptab.webp) - -![Group Membership Tab Indirect Member of Page](/img/product_docs/threatmanager/3.0/administration/threatdetails/groupmembershiptabindirect.webp) - -Each table has the following columns: - -- Name – The name of the group. Click the link to view group details. See the - [Group Details Page](/docs/threatmanager/3.0/administration/threatdetails/group.md) topic for additional information. -- Domain – Name of the domain. This may be either the domain DNS name or domain controller hostname. -- Tags – The tag present on the perpetrator, file, or host associated with the event diff --git a/docs/threatmanager/3.0/administration/threatdetails/overview.md b/docs/threatmanager/3.0/administration/threatdetails/overview.md deleted file mode 100644 index f271d8eab3..0000000000 --- a/docs/threatmanager/3.0/administration/threatdetails/overview.md +++ /dev/null @@ -1,167 +0,0 @@ -# Threat Details Page - -The Threat Details page provides details on the selected threat. View the details for a threat by -selecting the threat from the list on the [Threats Page](/docs/threatmanager/3.0/administration/threats.md) and clicking View Details. - -![threatdetails](/img/product_docs/threatmanager/3.0/administration/threatdetails/threatdetails.webp) - -The top of the page displays a Threat Overview box, Threat Activity diagram, and an Evidence box. - -The Threat Overview box that contains the following information: - -- Description – Displays the threat type, the user account that generated the threat, a description - of the threat activity and the host against which the threat occurred -- Threat Level – The relative severity level, or risk level, of the threat -- Threat Detected – The date and timestamp for the threat -- Definition – The threat definition is a detailed explanation of the threat providing insight into - why the incident is a potential risk - -The Threat Activity diagram contains a diagram that displays the flow of the threat activity. - -![threatactivity](/img/product_docs/threatmanager/3.0/administration/threatdetails/threatactivity.webp) - -The Evidence box below the Threat Activity diagram provides specific information about the threat. - -The Threats page displays three buttons in the top right corner: - -![evidencebox](/img/product_docs/threatmanager/3.0/administration/threatdetails/evidencebox.webp) - -- Unassigned – If the threat has not been assigned to an owner, the button will display as - Unassigned. If a user has been assigned to an owner, the button will display the username. Click - it to open the Workflow Window where assigned user and/or status can be updated. -- Set Status – If no status is set for the threat the button will display as _Set Status_. If a - status has been set for the threat then this button displays the status of the threat. Click it to - open the Workflow Window, where assigned user and/or status can be updated. -- Threat Response – Click to open the Threat Response Window and designate the playbook to response - to the threat. - -## Workflow Window - -The Workflow window displays the owner of a threat, or provides settings to assign an owner to a -threat. - -![Workflow window](/img/product_docs/threatmanager/3.0/administration/threatdetails/workflow.webp) - -The Workflow window contains the following configuration settings: - -**NOTE:** The information displayed on this page is dependent upon the type of threat selected. - -- _(Optional)_ Assigned To – Displays the user currently assigned to the threat. Assign or edit the - Assigned User using the drop-down list. The list populates with users granted access to the - console on the User Access page of the System Settings interface. See the User Access Page topic - for additional information. -- Set Status – Select a status for the threat from the drop-down list: - - - Open – Default status for new threats - - Under Investigation – Threats that are currently under or pending investigation by an - administrator - - Closed - Resolved – Legitimate threats that have been contained or dealt with - - Closed - False Positive – Behavior that has been incorrectly identified by Threat Manager as a - threat - - **NOTE:** Abnormal behavior threat detection will be influenced by false positives. Marking - abnormal behavior threats as False Positive will reduce the sensitivity of the abnormality - detection for this perpetrator. - -- _(Optional)_ Comment – Add a comment to the threat -- Ignore future threats of this type by (user) – Select this checkbox to ignore threats of this type - from the selected user -- Submit – Click to update the workflow - -In the Threat Activity Diagram, click the user to view the [User Details Page](/docs/threatmanager/3.0/administration/threatdetails/user.md) page. Click -the host to view the [Host Details Page](/docs/threatmanager/3.0/administration/threatdetails/host.md) page. - -hhhhh - -## Threat Response Window - -The Threat Response window contains the following configuration options: - -![Threat Response window](/img/product_docs/threatmanager/3.0/administration/threatdetails/threatresponse.webp) - -- Select Playbook – Select a playbook for the threat response -- Description – Description of the playbook that has been selected -- Status – The state of the playbook -- Last Executed – When the playbook was last executed - -The Threat Details Overview contains the following tabs: - -- Event Details Tab -- Related Threats Tab -- Related Activity Tab -- History Tab - -## Event Details Tab - -The Event Details tab shows details for the selected threat. - -![eventdetails](/img/product_docs/threatmanager/3.0/administration/threatdetails/eventdetails.webp) - -- Time Stamp – The exact date and time when the event occurred -- Target – The specific object, resource, or entity that was the focus of the event -- Perpetrator – The user or service account that initiated the event -- Successful – Indicates whether the action associated with the event was successfully completed - True if the operation was successful. False if the operation failed -- Blocked – Indicates whether the operation was prevented by a security measure, such as a Netwrix - agent True if the operation was blocked by a Netwrix agent. False if not blocked. -- Operation – Type of operation performed -- Client – The device, IP address, or host that initiated the event -- Description – A summary of the event - -Use the Search icon to search for data in the table. Click the + icon in the table to view -additional details about a threat. Click the Export CSV button to export the current rows displayed -on the page into a CSV file. Click the Export All button to export all data returned into a CSV -file. - -## Related Threats Tab - -The Related Threats tab lists other threats generated by the same user that may be related to the -threat listed in the Event Details tab. - -![relatedthreats](/img/product_docs/threatmanager/3.0/administration/threatdetails/relatedthreats.webp) - -The Related Threats table has the following columns: - -- Time Stamp – Time that the threat was detected -- Threat – Type of threat detected -- Status – Workflow status of the threat: Open, Under investigation, Closed - Resolved, or Closed - - False Positive -- View Details – Click View Details to view the details page for the related threat - -Use the Search icon to search for data in the table. - -## Related Activity Tab - -The Related Activity tab lists activity by the selected user that may be related to the threat. - -![relatedactivity](/img/product_docs/threatmanager/3.0/administration/threatdetails/relatedactivity.webp) - -- Time Stamp – The exact date and time when the event occurred -- Target – The specific object, resource, or entity that was the focus of the event -- Perpetrator – The user or service account that initiated the event -- Successful – Indicates whether the action associated with the event was successfully completed - True if the operation was successful. False if the operation failed -- Blocked – Indicates whether the operation was prevented by a security measure, such as a Netwrix - agent True if the operation was blocked by a Netwrix agent. False if not blocked. -- Operation – The type of activity performed -- Client – The device, IP address, or host that initiated the event -- Description – A summary of the event - -Use the Search icon to search for data in the table. Click the + icon in the table to view -additional details about a threat. Click the Export CSV button to export the current rows displayed -on the page into a CSV file. Click the Export All button to export all data returned into a CSV -file. - -## History Tab - -The History tab lists updates made to the threat in the Update box and provides a section to add -comments. - -![history](/img/product_docs/threatmanager/3.0/administration/threatdetails/history.webp) - -The History table has the following columns: - -- Add Comments – Type any desired comments in the box and click Add Comment -- Time Stamp – Exact date and time when the status was updated. -- Message – Displays the content of the comments entered by users or the system -- User – The name of the user who entered the comment diff --git a/docs/threatmanager/3.0/administration/threatdetails/user.md b/docs/threatmanager/3.0/administration/threatdetails/user.md deleted file mode 100644 index bb2b82a329..0000000000 --- a/docs/threatmanager/3.0/administration/threatdetails/user.md +++ /dev/null @@ -1,93 +0,0 @@ -# User Details Page - -The Active Directory User Details page provides information about the user including threats -generated by the user, user activity, and group membership for the user. - -![page](/img/product_docs/threatmanager/3.0/administration/threatdetails/page.webp) - -The top of the page displays a user profile card which may contain the following information about -the user: - -- Name -- DN -- NT Name (SAM Account Name) -- Email -- Object GUID -- Object Type -- Domain -- Tags, with an option to add additional tags - -The page has the following tabs: - -- Threats Tab -- Activity Summary Tab -- Group Membership Tab - -## Threats Tab - -The Threats tab for a user displays the threats for the user by timeframe. - -![Active Directory User Threats tab](/img/product_docs/threatmanager/3.0/administration/threatdetails/aduserthreats.webp) - -A key for threat types is displayed below the chart. - -## Activity Summary Tab - -The Activity Summary tab displays charts for a user's activity over different time periods. - -![activitysummary](/img/product_docs/threatmanager/3.0/administration/threatdetails/activitysummary.webp) - -The Activity Overview (Past 12 Months) shows a color-coded heat map of user activity. Other metrics -include, Average Activity by Day, and Events by Type. - -The Activity by Host, Activity by Client, and Activity Details tables are displayed below the -charts. - -Activity by Host Table - -The Activity by Host table displays the user's activity by host. - -![activitybyhost](/img/product_docs/threatmanager/3.0/administration/threatdetails/activitybyhost.webp) - -- Server – Server where the activity occurred -- First Access – First date and time that the server was accessed -- Last Access – Last date and time that the server was accessed -- Number of Events – Total number of activity events on the server - -Use the Search icon to search for data contained in any column. Click the Export CSV button to -export the current rows displayed on the page into a CSV file. - -Activity by Client Table - -The Activity by Client table displays the user's activity by host. - -![activitybyclient](/img/product_docs/threatmanager/3.0/administration/threatdetails/activitybyclient.webp) - -- Client IP – IP address for the client -- Client Name– Client where the activity occurred -- First Access – First date and time that the client was accessed -- Last Access – Last date and time that the client was accessed -- Number of Events – Total number of activity events on the client - -Use the Search icon to search for data contained in any column. Click the Export CSV button to -export the current rows displayed on the page into a CSV file. - -## Group Membership Tab - -The Group Membership tab displays groups in which the user is a member. - -![groupmembership](/img/product_docs/threatmanager/3.0/administration/threatdetails/groupmembership.webp) - -![Group Membership Indirect Member of Page](/img/product_docs/threatmanager/3.0/administration/threatdetails/groupmembershipindirect.webp) - -The Group Membership tab displays the groups the user is a member of. It has the following sub-tabs: - -- Direct Member Of – Lists groups the user is a direct member of -- Indirect Member Of – Lists groups the user is a member of via membership in a nested group - -Each table has the following columns: - -- Name – The name of the group. Click the link to view group details. See the - [Group Details Page](/docs/threatmanager/3.0/administration/threatdetails/group.md) topic for additional information. -- Domain – Name of the domain. This may be either the domain DNS name or domain controller hostname. -- Tags – The tag present on the perpetrator, file, or host associated with the event diff --git a/docs/threatmanager/3.0/administration/threats/_category_.json b/docs/threatmanager/3.0/administration/threats/_category_.json new file mode 100644 index 0000000000..e03fe015d5 --- /dev/null +++ b/docs/threatmanager/3.0/administration/threats/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Threats Page", + "position": 30, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "threats" + } +} \ No newline at end of file diff --git a/docs/threatmanager/3.0/administration/threats/activedirectoryobjects/_category_.json b/docs/threatmanager/3.0/administration/threats/activedirectoryobjects/_category_.json new file mode 100644 index 0000000000..c2bb33e25c --- /dev/null +++ b/docs/threatmanager/3.0/administration/threats/activedirectoryobjects/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Active Directory Object Details Pages", + "position": 20, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "activedirectoryobjects" + } +} \ No newline at end of file diff --git a/docs/threatmanager/3.0/administration/threatdetails/activedirectoryobjects.md b/docs/threatmanager/3.0/administration/threats/activedirectoryobjects/activedirectoryobjects.md similarity index 91% rename from docs/threatmanager/3.0/administration/threatdetails/activedirectoryobjects.md rename to docs/threatmanager/3.0/administration/threats/activedirectoryobjects/activedirectoryobjects.md index 040c52562f..f1a7dda9a8 100644 --- a/docs/threatmanager/3.0/administration/threatdetails/activedirectoryobjects.md +++ b/docs/threatmanager/3.0/administration/threats/activedirectoryobjects/activedirectoryobjects.md @@ -1,16 +1,22 @@ +--- +title: "Active Directory Object Details Pages" +description: "Active Directory Object Details Pages" +sidebar_position: 20 +--- + # Active Directory Object Details Pages Active Directory Object details pages provide details on Active Directory objects including users, groups,  and hosts (computers). These pages can be used to discover more information about the various resources related to threats and events in Threat Manager. Pages include: -- [User Details Page](/docs/threatmanager/3.0/administration/threatdetails/user.md) -- [Group Details Page](/docs/threatmanager/3.0/administration/threatdetails/group.md) -- [Host Details Page](/docs/threatmanager/3.0/administration/threatdetails/host.md) +- [User Details Page](/docs/threatmanager/3.0/administration/threats/activedirectoryobjects/user.md) +- [Group Details Page](/docs/threatmanager/3.0/administration/threats/activedirectoryobjects/group.md) +- [Host Details Page](/docs/threatmanager/3.0/administration/threats/activedirectoryobjects/host.md) ![threatlist](/img/product_docs/threatmanager/3.0/administration/threatlist.webp) -The [Threats Page](/docs/threatmanager/3.0/administration/threats.md) contains a threats list with hyperlinks which can be clicked to +The [Threats Page](/docs/threatmanager/3.0/administration/threats/threats.md) contains a threats list with hyperlinks which can be clicked to access these pages. Common Details Page Elements diff --git a/docs/threatmanager/3.0/administration/threats/activedirectoryobjects/group.md b/docs/threatmanager/3.0/administration/threats/activedirectoryobjects/group.md new file mode 100644 index 0000000000..46511f2171 --- /dev/null +++ b/docs/threatmanager/3.0/administration/threats/activedirectoryobjects/group.md @@ -0,0 +1,83 @@ +--- +title: "Group Details Page" +description: "Group Details Page" +sidebar_position: 20 +--- + +# Group Details Page + +The Group Details page provides information about the selected Active Directory group, threats +generated by the group, and group membership. + +![AD Group Details page](/img/product_docs/threatmanager/3.0/administration/threatdetails/page_3.webp) + +The top of the page displays a group profile card which may contain the following information about +the group: + +- Name +- DN +- Sam Account Name +- Object GUID +- Object Type +- Domain +- Tags, with an option to add additional tags + +The Group Details page has the following tabs: + +- Threats Tab +- Members Tab +- Group Membership Tab + +## Threats Tab + +The Threats tab for a group displays the threats detected for the group by timeframe. + +![Threats tab for on the Group Details page](/img/product_docs/threatmanager/3.0/administration/threatdetails/threatstab.webp) + +A key for threat types is displayed below the chart. + +## Members Tab + +The Members tab displays information about its members. + +![AD Group Details Members Page](/img/product_docs/threatmanager/3.0/administration/threatdetails/memberstab.webp) + +![Group Members Tab All Members Page](/img/product_docs/threatmanager/3.0/administration/threatdetails/memberstaballmembers.webp) + +The Membership tab displays two tables: + +- Direct Member – Lists users who are direct members of the group +- All Members – has the following two tables: + + - Domain Admins – Users responsible for managing and controlling settings within the domain + - Domain Guests – Temporary accounts who need limited access to the domain + +Each table has the following columns: + +- Name – The display name of the member +- Domain – The domain name of the member +- Email – The email address of the member +- Title – The member's job title +- Department – The member's department + +## Group Membership Tab + +The Group Membership tab displays a table that lists the users who are members of the group. + +![Group Membership tab for on the Group Details page](/img/product_docs/threatmanager/3.0/administration/threatdetails/groupmembershiptab_1.webp) + +![Group Membership Tab Indirect Memberof Page](/img/product_docs/threatmanager/3.0/administration/threatdetails/groupmembershiptabindirect.webp) + +The Group Membership tab displays the groups that _the group_ is a member of. Here, 'the group' +refers to the group whose details you are viewing. + +The tab has two sub-tabs: + +- Direct Member Of – Lists groups the group is a direct member of +- Indirect Member Of – Lists groups the group is a member of via membership in a nested group + +Each sub-tab displays a table with the following columns: + +- Name - The name of the group. Click the link to view group details. +- Domain - Name of the domain. This may be either the domain DNS name or domain controller hostname. +- Tags - The tag present on the perpetrator, file, or host associated with the event diff --git a/docs/threatmanager/3.0/administration/threats/activedirectoryobjects/host.md b/docs/threatmanager/3.0/administration/threats/activedirectoryobjects/host.md new file mode 100644 index 0000000000..c594b2d02b --- /dev/null +++ b/docs/threatmanager/3.0/administration/threats/activedirectoryobjects/host.md @@ -0,0 +1,68 @@ +--- +title: "Host Details Page" +description: "Host Details Page" +sidebar_position: 30 +--- + +# Host Details Page + +The Host Details page displays all threats on the selected host. + +![Host Details page](/img/product_docs/threatmanager/3.0/administration/threatdetails/page_2.webp) + +The top of the page displays a host profile card which may contain the following information about +the host: + +- Host Name +- Distinguished Name (DN) +- NT Name (SAM Account Name) +- DNG Host Name +- Operating System +- Operating System Version +- Object GUID +- Object Type +- Domain +- Tags, with an option to add additional tags + +The page has the following tabs: + +- Threats Tab +- Activity Summary Tab +- Group Membership Tab + +## Threats Tab + +The Threats tab for a host displays the threats for the host by timeframe. + +![Threats tab of the Host Details page](/img/product_docs/threatmanager/3.0/administration/threatdetails/threatstab.webp) + +The Threats tab contains a bar chart that displays each type of threat on the host and a pie chart +that shows the total number of threats on the host. The Threats List displayed below the Historical +Events section displays all threats that occurred on the host for the selected timeframe. + +## Activity Summary Tab + +The Activity Summary tab displays charts for host activity over different time periods. + +![Activity Summary tab of the Host Details page](/img/product_docs/threatmanager/3.0/administration/threatdetails/activitysummarytab.webp) + +The Activity Overview (Past 12 Months) shows a color-coded heat map of host activity. Other metrics +include Average Activity by Hour, and Average Activity by Day, and Events by Type. + +## Group Membership Tab + +The Group Membership tab displays the groups the host is a member of. It has the following sub-tabs: + +- Direct Member Of – Lists groups the host is a direct member of +- Indirect Member Of – Lists groups the host is a member of via membership in a nested group + +![groupmembershiptab](/img/product_docs/threatmanager/3.0/administration/threatdetails/groupmembershiptab.webp) + +![Group Membership Tab Indirect Member of Page](/img/product_docs/threatmanager/3.0/administration/threatdetails/groupmembershiptabindirect.webp) + +Each table has the following columns: + +- Name – The name of the group. Click the link to view group details. See the + [Group Details Page](/docs/threatmanager/3.0/administration/threats/activedirectoryobjects/group.md) topic for additional information. +- Domain – Name of the domain. This may be either the domain DNS name or domain controller hostname. +- Tags – The tag present on the perpetrator, file, or host associated with the event diff --git a/docs/threatmanager/3.0/administration/threats/activedirectoryobjects/user.md b/docs/threatmanager/3.0/administration/threats/activedirectoryobjects/user.md new file mode 100644 index 0000000000..5f05977220 --- /dev/null +++ b/docs/threatmanager/3.0/administration/threats/activedirectoryobjects/user.md @@ -0,0 +1,99 @@ +--- +title: "User Details Page" +description: "User Details Page" +sidebar_position: 10 +--- + +# User Details Page + +The Active Directory User Details page provides information about the user including threats +generated by the user, user activity, and group membership for the user. + +![page](/img/product_docs/threatmanager/3.0/administration/threatdetails/page.webp) + +The top of the page displays a user profile card which may contain the following information about +the user: + +- Name +- DN +- NT Name (SAM Account Name) +- Email +- Object GUID +- Object Type +- Domain +- Tags, with an option to add additional tags + +The page has the following tabs: + +- Threats Tab +- Activity Summary Tab +- Group Membership Tab + +## Threats Tab + +The Threats tab for a user displays the threats for the user by timeframe. + +![Active Directory User Threats tab](/img/product_docs/threatmanager/3.0/administration/threatdetails/aduserthreats.webp) + +A key for threat types is displayed below the chart. + +## Activity Summary Tab + +The Activity Summary tab displays charts for a user's activity over different time periods. + +![activitysummary](/img/product_docs/threatmanager/3.0/administration/threatdetails/activitysummary.webp) + +The Activity Overview (Past 12 Months) shows a color-coded heat map of user activity. Other metrics +include, Average Activity by Day, and Events by Type. + +The Activity by Host, Activity by Client, and Activity Details tables are displayed below the +charts. + +Activity by Host Table + +The Activity by Host table displays the user's activity by host. + +![activitybyhost](/img/product_docs/threatmanager/3.0/administration/threatdetails/activitybyhost.webp) + +- Server – Server where the activity occurred +- First Access – First date and time that the server was accessed +- Last Access – Last date and time that the server was accessed +- Number of Events – Total number of activity events on the server + +Use the Search icon to search for data contained in any column. Click the Export CSV button to +export the current rows displayed on the page into a CSV file. + +Activity by Client Table + +The Activity by Client table displays the user's activity by host. + +![activitybyclient](/img/product_docs/threatmanager/3.0/administration/threatdetails/activitybyclient.webp) + +- Client IP – IP address for the client +- Client Name– Client where the activity occurred +- First Access – First date and time that the client was accessed +- Last Access – Last date and time that the client was accessed +- Number of Events – Total number of activity events on the client + +Use the Search icon to search for data contained in any column. Click the Export CSV button to +export the current rows displayed on the page into a CSV file. + +## Group Membership Tab + +The Group Membership tab displays groups in which the user is a member. + +![groupmembership](/img/product_docs/threatmanager/3.0/administration/threatdetails/groupmembership.webp) + +![Group Membership Indirect Member of Page](/img/product_docs/threatmanager/3.0/administration/threatdetails/groupmembershipindirect.webp) + +The Group Membership tab displays the groups the user is a member of. It has the following sub-tabs: + +- Direct Member Of – Lists groups the user is a direct member of +- Indirect Member Of – Lists groups the user is a member of via membership in a nested group + +Each table has the following columns: + +- Name – The name of the group. Click the link to view group details. See the + [Group Details Page](/docs/threatmanager/3.0/administration/threats/activedirectoryobjects/group.md) topic for additional information. +- Domain – Name of the domain. This may be either the domain DNS name or domain controller hostname. +- Tags – The tag present on the perpetrator, file, or host associated with the event diff --git a/docs/threatmanager/3.0/administration/threats/entraidobjects/_category_.json b/docs/threatmanager/3.0/administration/threats/entraidobjects/_category_.json new file mode 100644 index 0000000000..3c781697bd --- /dev/null +++ b/docs/threatmanager/3.0/administration/threats/entraidobjects/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Entra ID Object Details Pages", + "position": 30, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "entraidobjects" + } +} \ No newline at end of file diff --git a/docs/threatmanager/3.0/administration/threatdetails/entraidapplication.md b/docs/threatmanager/3.0/administration/threats/entraidobjects/entraidapplication.md similarity index 95% rename from docs/threatmanager/3.0/administration/threatdetails/entraidapplication.md rename to docs/threatmanager/3.0/administration/threats/entraidobjects/entraidapplication.md index e02b975667..793df2dabd 100644 --- a/docs/threatmanager/3.0/administration/threatdetails/entraidapplication.md +++ b/docs/threatmanager/3.0/administration/threats/entraidobjects/entraidapplication.md @@ -1,3 +1,9 @@ +--- +title: "Application Details Page" +description: "Application Details Page" +sidebar_position: 40 +--- + # Application Details Page The Application Details page provides information about an application registered in Microsoft Entra @@ -49,7 +55,7 @@ The Group Membership tab displays two tables: Each table has the following columns: - Name – The name of the group. Click the link to view group details. See the - [Group Details Page](/docs/threatmanager/3.0/administration/threatdetails/entraidgroup.md) topic for additional information. + [Group Details Page](/docs/threatmanager/3.0/administration/threats/entraidobjects/entraidgroup.md) topic for additional information. - Group Type – The type of group within Microsoft Entra ID - Membership Type - How the group membership was assigned diff --git a/docs/threatmanager/3.0/administration/threatdetails/entraidgroup.md b/docs/threatmanager/3.0/administration/threats/entraidobjects/entraidgroup.md similarity index 98% rename from docs/threatmanager/3.0/administration/threatdetails/entraidgroup.md rename to docs/threatmanager/3.0/administration/threats/entraidobjects/entraidgroup.md index 9fcb011912..417b026451 100644 --- a/docs/threatmanager/3.0/administration/threatdetails/entraidgroup.md +++ b/docs/threatmanager/3.0/administration/threats/entraidobjects/entraidgroup.md @@ -1,3 +1,9 @@ +--- +title: "Group Details Page" +description: "Group Details Page" +sidebar_position: 20 +--- + # Group Details Page The Microsoft Entra ID Group Details page provides information about the group including threats diff --git a/docs/threatmanager/3.0/administration/threatdetails/entraidobjects.md b/docs/threatmanager/3.0/administration/threats/entraidobjects/entraidobjects.md similarity index 88% rename from docs/threatmanager/3.0/administration/threatdetails/entraidobjects.md rename to docs/threatmanager/3.0/administration/threats/entraidobjects/entraidobjects.md index 28952ccd8a..74eb88191a 100644 --- a/docs/threatmanager/3.0/administration/threatdetails/entraidobjects.md +++ b/docs/threatmanager/3.0/administration/threats/entraidobjects/entraidobjects.md @@ -1,20 +1,26 @@ +--- +title: "Entra ID Object Details Pages" +description: "Entra ID Object Details Pages" +sidebar_position: 30 +--- + # Entra ID Object Details Pages The Microsoft Entra ID Object details pages provide details on Microsoft Entra ID objects including users, groups, applications, devices and roles. These pages can be used to discover more information about the various resources related to threats and events in Threat Manager. Pages include: -- [User Details Page](/docs/threatmanager/3.0/administration/threatdetails/entraiduser.md) +- [User Details Page](/docs/threatmanager/3.0/administration/threats/entraidobjects/entraiduser.md) -- [Group Details Page](/docs/threatmanager/3.0/administration/threatdetails/entraidgroup.md) +- [Group Details Page](/docs/threatmanager/3.0/administration/threats/entraidobjects/entraidgroup.md) -- [Role Details Page](/docs/threatmanager/3.0/administration/threatdetails/entraidrole.md) +- [Role Details Page](/docs/threatmanager/3.0/administration/threats/entraidobjects/entraidrole.md) -- [Application Details Page](/docs/threatmanager/3.0/administration/threatdetails/entraidapplication.md) +- [Application Details Page](/docs/threatmanager/3.0/administration/threats/entraidobjects/entraidapplication.md) ![threatlist](/img/product_docs/threatmanager/3.0/administration/threatlist.webp) -The [Threats Page](/docs/threatmanager/3.0/administration/threats.md) contains a threats list with hyperlinks which can be clicked to +The [Threats Page](/docs/threatmanager/3.0/administration/threats/threats.md) contains a threats list with hyperlinks which can be clicked to access these pages. Common Details Page Elements diff --git a/docs/threatmanager/3.0/administration/threatdetails/entraidrole.md b/docs/threatmanager/3.0/administration/threats/entraidobjects/entraidrole.md similarity index 93% rename from docs/threatmanager/3.0/administration/threatdetails/entraidrole.md rename to docs/threatmanager/3.0/administration/threats/entraidobjects/entraidrole.md index 741d8d8383..6fd8a70b79 100644 --- a/docs/threatmanager/3.0/administration/threatdetails/entraidrole.md +++ b/docs/threatmanager/3.0/administration/threats/entraidobjects/entraidrole.md @@ -1,3 +1,9 @@ +--- +title: "Role Details Page" +description: "Role Details Page" +sidebar_position: 30 +--- + # Role Details Page The Role Details page provides information about a role including its description and role diff --git a/docs/threatmanager/3.0/administration/threatdetails/entraiduser.md b/docs/threatmanager/3.0/administration/threats/entraidobjects/entraiduser.md similarity index 97% rename from docs/threatmanager/3.0/administration/threatdetails/entraiduser.md rename to docs/threatmanager/3.0/administration/threats/entraidobjects/entraiduser.md index 622b2158be..e87ac8979c 100644 --- a/docs/threatmanager/3.0/administration/threatdetails/entraiduser.md +++ b/docs/threatmanager/3.0/administration/threats/entraidobjects/entraiduser.md @@ -1,3 +1,9 @@ +--- +title: "User Details Page" +description: "User Details Page" +sidebar_position: 10 +--- + # User Details Page The Microsoft Entra ID User Details page provides information about the user including threats @@ -91,7 +97,7 @@ The Group Membership tab displays the groups the user is a member of. It has the Each table has the following columns: - Name – The name of the group. Click the link to view group details. See the - [Group Details Page](/docs/threatmanager/3.0/administration/threatdetails/entraidgroup.md) topic for additional information. + [Group Details Page](/docs/threatmanager/3.0/administration/threats/entraidobjects/entraidgroup.md) topic for additional information. - Group Type – The type of group within Microsoft Entra ID - Membership Type - How the group membership was assigned diff --git a/docs/threatmanager/3.0/administration/threats/threatdetails/_category_.json b/docs/threatmanager/3.0/administration/threats/threatdetails/_category_.json new file mode 100644 index 0000000000..d979e6425f --- /dev/null +++ b/docs/threatmanager/3.0/administration/threats/threatdetails/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Threat Details Page", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/threatmanager/3.0/administration/threatdetails/abnormalbehavior.md b/docs/threatmanager/3.0/administration/threats/threatdetails/abnormalbehavior.md similarity index 91% rename from docs/threatmanager/3.0/administration/threatdetails/abnormalbehavior.md rename to docs/threatmanager/3.0/administration/threats/threatdetails/abnormalbehavior.md index f110599007..3df8955e27 100644 --- a/docs/threatmanager/3.0/administration/threatdetails/abnormalbehavior.md +++ b/docs/threatmanager/3.0/administration/threats/threatdetails/abnormalbehavior.md @@ -1,3 +1,9 @@ +--- +title: "Abnormal Behavior Threat Details" +description: "Abnormal Behavior Threat Details" +sidebar_position: 10 +--- + # Abnormal Behavior Threat Details The Threat Details page for abnormal behavior has a different layout and provides different diff --git a/docs/threatmanager/3.0/administration/threats/threatdetails/overview.md b/docs/threatmanager/3.0/administration/threats/threatdetails/overview.md new file mode 100644 index 0000000000..8b5dc79d11 --- /dev/null +++ b/docs/threatmanager/3.0/administration/threats/threatdetails/overview.md @@ -0,0 +1,173 @@ +--- +title: "Threat Details Page" +description: "Threat Details Page" +sidebar_position: 10 +--- + +# Threat Details Page + +The Threat Details page provides details on the selected threat. View the details for a threat by +selecting the threat from the list on the [Threats Page](/docs/threatmanager/3.0/administration/threats/threats.md) and clicking View Details. + +![threatdetails](/img/product_docs/threatmanager/3.0/administration/threatdetails/threatdetails.webp) + +The top of the page displays a Threat Overview box, Threat Activity diagram, and an Evidence box. + +The Threat Overview box that contains the following information: + +- Description – Displays the threat type, the user account that generated the threat, a description + of the threat activity and the host against which the threat occurred +- Threat Level – The relative severity level, or risk level, of the threat +- Threat Detected – The date and timestamp for the threat +- Definition – The threat definition is a detailed explanation of the threat providing insight into + why the incident is a potential risk + +The Threat Activity diagram contains a diagram that displays the flow of the threat activity. + +![threatactivity](/img/product_docs/threatmanager/3.0/administration/threatdetails/threatactivity.webp) + +The Evidence box below the Threat Activity diagram provides specific information about the threat. + +The Threats page displays three buttons in the top right corner: + +![evidencebox](/img/product_docs/threatmanager/3.0/administration/threatdetails/evidencebox.webp) + +- Unassigned – If the threat has not been assigned to an owner, the button will display as + Unassigned. If a user has been assigned to an owner, the button will display the username. Click + it to open the Workflow Window where assigned user and/or status can be updated. +- Set Status – If no status is set for the threat the button will display as _Set Status_. If a + status has been set for the threat then this button displays the status of the threat. Click it to + open the Workflow Window, where assigned user and/or status can be updated. +- Threat Response – Click to open the Threat Response Window and designate the playbook to response + to the threat. + +## Workflow Window + +The Workflow window displays the owner of a threat, or provides settings to assign an owner to a +threat. + +![Workflow window](/img/product_docs/threatmanager/3.0/administration/threatdetails/workflow.webp) + +The Workflow window contains the following configuration settings: + +**NOTE:** The information displayed on this page is dependent upon the type of threat selected. + +- _(Optional)_ Assigned To – Displays the user currently assigned to the threat. Assign or edit the + Assigned User using the drop-down list. The list populates with users granted access to the + console on the User Access page of the System Settings interface. See the User Access Page topic + for additional information. +- Set Status – Select a status for the threat from the drop-down list: + + - Open – Default status for new threats + - Under Investigation – Threats that are currently under or pending investigation by an + administrator + - Closed - Resolved – Legitimate threats that have been contained or dealt with + - Closed - False Positive – Behavior that has been incorrectly identified by Threat Manager as a + threat + + **NOTE:** Abnormal behavior threat detection will be influenced by false positives. Marking + abnormal behavior threats as False Positive will reduce the sensitivity of the abnormality + detection for this perpetrator. + +- _(Optional)_ Comment – Add a comment to the threat +- Ignore future threats of this type by (user) – Select this checkbox to ignore threats of this type + from the selected user +- Submit – Click to update the workflow + +In the Threat Activity Diagram, click the user to view the [User Details Page](/docs/threatmanager/3.0/administration/threats/activedirectoryobjects/user.md) page. Click +the host to view the [Host Details Page](/docs/threatmanager/3.0/administration/threats/activedirectoryobjects/host.md) page. + +hhhhh + +## Threat Response Window + +The Threat Response window contains the following configuration options: + +![Threat Response window](/img/product_docs/threatmanager/3.0/administration/threatdetails/threatresponse.webp) + +- Select Playbook – Select a playbook for the threat response +- Description – Description of the playbook that has been selected +- Status – The state of the playbook +- Last Executed – When the playbook was last executed + +The Threat Details Overview contains the following tabs: + +- Event Details Tab +- Related Threats Tab +- Related Activity Tab +- History Tab + +## Event Details Tab + +The Event Details tab shows details for the selected threat. + +![eventdetails](/img/product_docs/threatmanager/3.0/administration/threatdetails/eventdetails.webp) + +- Time Stamp – The exact date and time when the event occurred +- Target – The specific object, resource, or entity that was the focus of the event +- Perpetrator – The user or service account that initiated the event +- Successful – Indicates whether the action associated with the event was successfully completed + True if the operation was successful. False if the operation failed +- Blocked – Indicates whether the operation was prevented by a security measure, such as a Netwrix + agent True if the operation was blocked by a Netwrix agent. False if not blocked. +- Operation – Type of operation performed +- Client – The device, IP address, or host that initiated the event +- Description – A summary of the event + +Use the Search icon to search for data in the table. Click the + icon in the table to view +additional details about a threat. Click the Export CSV button to export the current rows displayed +on the page into a CSV file. Click the Export All button to export all data returned into a CSV +file. + +## Related Threats Tab + +The Related Threats tab lists other threats generated by the same user that may be related to the +threat listed in the Event Details tab. + +![relatedthreats](/img/product_docs/threatmanager/3.0/administration/threatdetails/relatedthreats.webp) + +The Related Threats table has the following columns: + +- Time Stamp – Time that the threat was detected +- Threat – Type of threat detected +- Status – Workflow status of the threat: Open, Under investigation, Closed - Resolved, or Closed - + False Positive +- View Details – Click View Details to view the details page for the related threat + +Use the Search icon to search for data in the table. + +## Related Activity Tab + +The Related Activity tab lists activity by the selected user that may be related to the threat. + +![relatedactivity](/img/product_docs/threatmanager/3.0/administration/threatdetails/relatedactivity.webp) + +- Time Stamp – The exact date and time when the event occurred +- Target – The specific object, resource, or entity that was the focus of the event +- Perpetrator – The user or service account that initiated the event +- Successful – Indicates whether the action associated with the event was successfully completed + True if the operation was successful. False if the operation failed +- Blocked – Indicates whether the operation was prevented by a security measure, such as a Netwrix + agent True if the operation was blocked by a Netwrix agent. False if not blocked. +- Operation – The type of activity performed +- Client – The device, IP address, or host that initiated the event +- Description – A summary of the event + +Use the Search icon to search for data in the table. Click the + icon in the table to view +additional details about a threat. Click the Export CSV button to export the current rows displayed +on the page into a CSV file. Click the Export All button to export all data returned into a CSV +file. + +## History Tab + +The History tab lists updates made to the threat in the Update box and provides a section to add +comments. + +![history](/img/product_docs/threatmanager/3.0/administration/threatdetails/history.webp) + +The History table has the following columns: + +- Add Comments – Type any desired comments in the box and click Add Comment +- Time Stamp – Exact date and time when the status was updated. +- Message – Displays the content of the comments entered by users or the system +- User – The name of the user who entered the comment diff --git a/docs/threatmanager/3.0/administration/threats.md b/docs/threatmanager/3.0/administration/threats/threats.md similarity index 89% rename from docs/threatmanager/3.0/administration/threats.md rename to docs/threatmanager/3.0/administration/threats/threats.md index b9b9c8d466..1cb2e6fc56 100644 --- a/docs/threatmanager/3.0/administration/threats.md +++ b/docs/threatmanager/3.0/administration/threats/threats.md @@ -1,3 +1,9 @@ +--- +title: "Threats Page" +description: "Threats Page" +sidebar_position: 30 +--- + # Threats Page The Threats page is where end-users and analysts investigate possible threats in their environment. @@ -32,10 +38,10 @@ The Threats list is displayed below the Historical Events section. The list displays threats that have a threat level of Low, Medium, High, or Audit for the selected timeframe. Each threat in the list contains a link which opens the -[User Details Page](/docs/threatmanager/3.0/administration/threatdetails/user.md) or the [Group Details Page](/docs/threatmanager/3.0/administration/threatdetails/group.md) and a -host link which opens the [Host Details Page](/docs/threatmanager/3.0/administration/threatdetails/host.md). In addition, threats have an +[User Details Page](/docs/threatmanager/3.0/administration/threats/activedirectoryobjects/user.md) or the [Group Details Page](/docs/threatmanager/3.0/administration/threats/activedirectoryobjects/group.md) and a +host link which opens the [Host Details Page](/docs/threatmanager/3.0/administration/threats/activedirectoryobjects/host.md). In addition, threats have an Edit button which opens the Edit Threats window. The View Details button opens the -[Threat Details Page](/docs/threatmanager/3.0/administration/threatdetails/overview.md). +[Threat Details Page](/docs/threatmanager/3.0/administration/threats/threatdetails/overview.md). ## Filter Threats @@ -50,15 +56,15 @@ The Type section displays the threat types which can be selected for filtering. to filter by is dynamic, depending upon the type of threats detected. See the following topics for additional information: -- [Active Directory Threats](/docs/threatmanager/3.0/threats/activedirectory.md) -- [Entra ID Threats](/docs/threatmanager/3.0/threats/entraid.md) -- [File System Threats](/docs/threatmanager/3.0/threats/filesystem.md) -- [General Threats](/docs/threatmanager/3.0/threats/general.md) +- [Active Directory Threats](/docs/threatmanager/3.0/overview/threats/activedirectory.md) +- [Entra ID Threats](/docs/threatmanager/3.0/overview/threats/entraid.md) +- [File System Threats](/docs/threatmanager/3.0/overview/threats/filesystem.md) +- [General Threats](/docs/threatmanager/3.0/overview/threats/general.md) ### Level The Level section displays the threat types which can be selected for filtering. Levels are assigned -or configured on the [Threat Detection Page](/docs/threatmanager/3.0/administration/configuration/threatdetection.md). +or configured on the [Threat Detection Page](/docs/threatmanager/3.0/administration/configuration/threatdetection/threatdetection.md). ### Tags @@ -155,4 +161,4 @@ Follow the steps to edit a threat. **Step 3 –** Click Submit to save the changes. -Threats can also be edited from the [Threat Details Page](/docs/threatmanager/3.0/administration/threatdetails/overview.md). +Threats can also be edited from the [Threat Details Page](/docs/threatmanager/3.0/administration/threats/threatdetails/overview.md). diff --git a/docs/threatmanager/3.0/administration/troubleshooting/_category_.json b/docs/threatmanager/3.0/administration/troubleshooting/_category_.json new file mode 100644 index 0000000000..9f3d281f3b --- /dev/null +++ b/docs/threatmanager/3.0/administration/troubleshooting/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Troubleshooting", + "position": 60, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/threatmanager/3.0/administration/troubleshooting/log.md b/docs/threatmanager/3.0/administration/troubleshooting/log.md index 2a792f6c45..8d5609ffba 100644 --- a/docs/threatmanager/3.0/administration/troubleshooting/log.md +++ b/docs/threatmanager/3.0/administration/troubleshooting/log.md @@ -1,3 +1,9 @@ +--- +title: "Log Files" +description: "Log Files" +sidebar_position: 10 +--- + # Log Files Each component of Threat Manager has a log file that will report errors, warnings, and debug diff --git a/docs/threatmanager/3.0/administration/troubleshooting/overview.md b/docs/threatmanager/3.0/administration/troubleshooting/overview.md index 4a996235c9..985e87b9f4 100644 --- a/docs/threatmanager/3.0/administration/troubleshooting/overview.md +++ b/docs/threatmanager/3.0/administration/troubleshooting/overview.md @@ -1,3 +1,9 @@ +--- +title: "Troubleshooting" +description: "Troubleshooting" +sidebar_position: 60 +--- + # Troubleshooting In case you are experiencing issues with the Netwrix Threat Manager, see the following topics for diff --git a/docs/threatmanager/3.0/administration/troubleshooting/updatepasswords.md b/docs/threatmanager/3.0/administration/troubleshooting/updatepasswords.md index 2b82815926..c4b20f00f5 100644 --- a/docs/threatmanager/3.0/administration/troubleshooting/updatepasswords.md +++ b/docs/threatmanager/3.0/administration/troubleshooting/updatepasswords.md @@ -1,3 +1,9 @@ +--- +title: "Updating Passwords" +description: "Updating Passwords" +sidebar_position: 20 +--- + # Updating Passwords This section describes how to update passwords in the Threat Manager console. Passwords in Threat diff --git a/docs/threatmanager/3.0/gettingstarted.md b/docs/threatmanager/3.0/gettingstarted.md deleted file mode 100644 index 6a8974f319..0000000000 --- a/docs/threatmanager/3.0/gettingstarted.md +++ /dev/null @@ -1,80 +0,0 @@ -# Getting Started with Threat Manager - -Once Threat Manager is installed, complete the following configuration to enable users to begin -viewing threat analytics in an organization’s environment. - -After installation, configuration is required for many of Threat Manager's additional capabilities. -This includes the option to configure sensitive data from Netwrix Access Analyzer (formerly -Enterprise Auditor). Features such as Active Directory data collection, email notifications, and -SIEM service integration can be enabled in their respective configuration pages. - -## Send Data to Threat Manager - -Threat Manager threat detection requires file system and/or Active Directory and/or Microsoft Entra -ID activity to be monitored by either the Activity Monitor or Threat Prevention. An agent must be -deployed to the server being monitored, and the products must be configured to stream data to Threat -Manager. - -See the [Integration with Other Netwrix Products](install/integration/overview) topic for additional -information. - -### File System Activity - -File system activity is monitored by the Activity Monitor or the Threat Prevention file system -policy. Deploy an activity agent to every Windows file server to be monitored and/or to Windows -proxy servers for every NAS device to be monitored. The monitored host must be configured to send -events to Threat Manager. See the -[Netwrix Activity Monitor Integration](install/integration/activitymonitor) topic for additional -information. - -### Active Directory Activity - -Active Directory activity can be monitored by either the Activity Monitor or Threat Prevention. -Deploy an Active Directory agent to domain controllers in order for Threat Manager to receive Active -Directory events: - -- Activity Monitor – Monitored domain must be configured to stream data through the domain - properties > Threat Manager tab - - See the [Netwrix Activity Monitor Integration](install/integration/activitymonitor) topic for - additional information. -- Threat Prevention – Threat Prevention Admin Console must be configured to stream data through the - Threat Manager Event Sink feature - - See the [Netwrix Threat Prevention Integration](install/integration/threatprevention) topic - for additional information. - -### Microsoft Entra ID Activity - -Microsoft Entra ID activity can be monitored by Activity Monitor. Deploy an Activity Monitor agent -to a Windows server and configure it to monitor an Microsoft Entra ID tenant to send events to -Threat Manager. The monitored tenant must be configured to send events to Threat Manager. See the -[Netwrix Activity Monitor Integration](install/integration/activitymonitor) topic for additional -information. - -### Sensitive Data Discovery - -Sensitive data is collected by Access Analyzer. It requires a license for the Access Analyzer File -System Solution with the Sensitive Data Discovery Add-on. Access Analyzer has a custom job which can -be added to the FileSystem > 0.Collection Job Group to stream data after the collection tasks -complete. See the -[Netwrix Access Analyzer (formerly Enterprise Auditor) Integration](install/integration/accessanalyzer) topic -for additional information. - -## Enable Features in the Threat Manager Console - -The Threat Manager Console has features that require initial configuration to turn them on. These -pages are located under the [Configuration Menu](administration/configuration/overview): - -- The [Integrations Interface](administration/configuration/integrations/overview) provides the - ability to add and configure external integrations for Threat Manager including: - - [Active Directory Sync Page](administration/configuration/integrations/activedirectorysync) - - [Entra ID Sync Page](administration/configuration/integrations/entraidsync) - - [App Tokens Page](administration/configuration/integrations/apptoken) - - [Authentication Provider Page](administration/configuration/integrations/authenticationprovider/page) - - [Credential Profile Page](administration/configuration/integrations/credentialprofile) - - [Email Page](administration/configuration/integrations/email) - - [Folder Settings Page](administration/configuration/integrations/foldersettings) - - [SIEM Page](administration/configuration/integrations/siem) - - [Netwrix Integrations Page](administration/configuration/integrations/netwrixintegrations) - - [Tag Management Page](administration/configuration/integrations/tagmanagement) -- The [Policies Page](administration/configuration/policies/overview) provides the ability to add - and configure policies used for threat detection including Honeytoken threats diff --git a/docs/threatmanager/3.0/install/_category_.json b/docs/threatmanager/3.0/install/_category_.json new file mode 100644 index 0000000000..f87e537fff --- /dev/null +++ b/docs/threatmanager/3.0/install/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Installation", + "position": 30, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/threatmanager/3.0/install/actionservice.md b/docs/threatmanager/3.0/install/actionservice.md index 2af92e0ec9..518591bc10 100644 --- a/docs/threatmanager/3.0/install/actionservice.md +++ b/docs/threatmanager/3.0/install/actionservice.md @@ -1,3 +1,9 @@ +--- +title: "Optionally Install the Action Service on Additional Servers" +description: "Optionally Install the Action Service on Additional Servers" +sidebar_position: 30 +--- + # Optionally Install the Action Service on Additional Servers The Action Service is installed with Threat Manager and is configured in the Threat Manager Console. diff --git a/docs/threatmanager/3.0/install/application.md b/docs/threatmanager/3.0/install/application.md index 51355421bf..a3fd27a04e 100644 --- a/docs/threatmanager/3.0/install/application.md +++ b/docs/threatmanager/3.0/install/application.md @@ -1,3 +1,9 @@ +--- +title: "Install the Threat Manager Application" +description: "Install the Threat Manager Application" +sidebar_position: 20 +--- + # Install the Threat Manager Application The application can be installed on the same server as the PostgreSQL databases or a different @@ -78,4 +84,4 @@ following topics for additional information: - [Optionally Install the Action Service on Additional Servers](/docs/threatmanager/3.0/install/actionservice.md) - [Secure the Threat Manager Console](/docs/threatmanager/3.0/install/secure.md) - During the first launch, you will set up the built-in Administrator account. See the - [First Launch](/docs/threatmanager/3.0/install/firstlaunch.md) topic for additional information. + [First Launch](/docs/threatmanager/3.0/install/firstlaunch/firstlaunch.md) topic for additional information. diff --git a/docs/threatmanager/3.0/install/database.md b/docs/threatmanager/3.0/install/database.md index 9c6f85590c..a431ba28b6 100644 --- a/docs/threatmanager/3.0/install/database.md +++ b/docs/threatmanager/3.0/install/database.md @@ -1,3 +1,9 @@ +--- +title: "Install the PostgreSQL Database Application" +description: "Install the PostgreSQL Database Application" +sidebar_position: 10 +--- + # Install the PostgreSQL Database Application The PostgreSQL database application can be installed on the same server as the application or a diff --git a/docs/threatmanager/3.0/install/firstlaunch.md b/docs/threatmanager/3.0/install/firstlaunch.md deleted file mode 100644 index 4a8075076c..0000000000 --- a/docs/threatmanager/3.0/install/firstlaunch.md +++ /dev/null @@ -1,61 +0,0 @@ -# First Launch - -The installer places the following icon on the desktop, which opens the Threat Manager console: - -![Desktop icon](/img/product_docs/threatmanager/3.0/install/desktopicon.webp) - -**Step 1 –** Double-click the **Netwrix Threat Manager Dashboard** icon to open the console for the -first time. - -![First launch showing fields for setting up the builtin Administrator account](/img/product_docs/threatprevention/7.5/install/reportingmodule/builtinadminpassword.webp) - -There is a built-in ADMIN account used for the initial configuration steps and granting user access. -The User Name is "admin". You will set the password and optionally enable MFA for this account -during first launch. Follow the steps to setup this account. - -**Step 2 –** Specify a password in the **New Password** and **Confirm Password** fields. It must -meet the following minimum requirements: - -- At least one uppercase letter -- At least one lowercase letter -- At least one number -- At least one special character (symbol) -- Have a minimum length of 10 characters - -**Step 3 –** By default, MFA is enabled. Toggle this option off or on as desired. If the Enable MFA -option is set to ON, the application will provide an internally-generated one-time password (OTP) -option for the Administrator account. If the Enable MFA option is set to OFF, only a username and -password will be required to sign in. - -**Step 4 –** Click Set Password. - -The built-in ADMIN account password is now set. - -If the Enable MFA option is set to OFF, no additional configuration is required and the Threat -Manager Console opens. See the [Getting Started with Threat Manager](/docs/threatmanager/3.0/gettingstarted.md) topic for -next steps. - -If the Enable MFA option is set to ON, registration of an MFA authenticator is required. Proceed to -the Configure MFA for the Bultin Administrator Account topic. - -## Configure MFA for the Bultin Administrator Account - -If MFA was enabled for the buildtin Administrator account during first launch, follow the steps to -configure MFA for the account. - -![registerauthenticator](/img/product_docs/threatprevention/7.5/install/reportingmodule/registerauthenticator.webp) - -**Step 1 –** Register the MFA authenticator. The Register Authenticator prompt will provide -instructions to configure multi-factor authentication with an external or third-party application. - -**Step 2 –** On successful registration with an authenticator, enter the verification code and click -Continue. - -**Step 3 –** A list of recovery codes will be presented in order to restore access to the -application in the event of lost access to the authenticator application or device. Save this list -of codes to access for account recovery, if needed. - -**Step 4 –** Click **Continue**. - -Once MFA is configured for this account, the Threat Manager Console opens. See the -[Getting Started with Threat Manager](/docs/threatmanager/3.0/gettingstarted.md) topic for next steps. diff --git a/docs/threatmanager/3.0/install/firstlaunch/_category_.json b/docs/threatmanager/3.0/install/firstlaunch/_category_.json new file mode 100644 index 0000000000..4cbc985ee7 --- /dev/null +++ b/docs/threatmanager/3.0/install/firstlaunch/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "First Launch", + "position": 50, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "firstlaunch" + } +} \ No newline at end of file diff --git a/docs/threatmanager/3.0/install/firstlaunch/firstlaunch.md b/docs/threatmanager/3.0/install/firstlaunch/firstlaunch.md new file mode 100644 index 0000000000..14e11a5895 --- /dev/null +++ b/docs/threatmanager/3.0/install/firstlaunch/firstlaunch.md @@ -0,0 +1,67 @@ +--- +title: "First Launch" +description: "First Launch" +sidebar_position: 50 +--- + +# First Launch + +The installer places the following icon on the desktop, which opens the Threat Manager console: + +![Desktop icon](/img/product_docs/threatmanager/3.0/install/desktopicon.webp) + +**Step 1 –** Double-click the **Netwrix Threat Manager Dashboard** icon to open the console for the +first time. + +![First launch showing fields for setting up the builtin Administrator account](/img/product_docs/threatprevention/7.5/install/reportingmodule/builtinadminpassword.webp) + +There is a built-in ADMIN account used for the initial configuration steps and granting user access. +The User Name is "admin". You will set the password and optionally enable MFA for this account +during first launch. Follow the steps to setup this account. + +**Step 2 –** Specify a password in the **New Password** and **Confirm Password** fields. It must +meet the following minimum requirements: + +- At least one uppercase letter +- At least one lowercase letter +- At least one number +- At least one special character (symbol) +- Have a minimum length of 10 characters + +**Step 3 –** By default, MFA is enabled. Toggle this option off or on as desired. If the Enable MFA +option is set to ON, the application will provide an internally-generated one-time password (OTP) +option for the Administrator account. If the Enable MFA option is set to OFF, only a username and +password will be required to sign in. + +**Step 4 –** Click Set Password. + +The built-in ADMIN account password is now set. + +If the Enable MFA option is set to OFF, no additional configuration is required and the Threat +Manager Console opens. See the [Getting Started with Threat Manager](/docs/threatmanager/3.0/overview/gettingstarted.md) topic for +next steps. + +If the Enable MFA option is set to ON, registration of an MFA authenticator is required. Proceed to +the Configure MFA for the Bultin Administrator Account topic. + +## Configure MFA for the Bultin Administrator Account + +If MFA was enabled for the buildtin Administrator account during first launch, follow the steps to +configure MFA for the account. + +![registerauthenticator](/img/product_docs/threatprevention/7.5/install/reportingmodule/registerauthenticator.webp) + +**Step 1 –** Register the MFA authenticator. The Register Authenticator prompt will provide +instructions to configure multi-factor authentication with an external or third-party application. + +**Step 2 –** On successful registration with an authenticator, enter the verification code and click +Continue. + +**Step 3 –** A list of recovery codes will be presented in order to restore access to the +application in the event of lost access to the authenticator application or device. Save this list +of codes to access for account recovery, if needed. + +**Step 4 –** Click **Continue**. + +Once MFA is configured for this account, the Threat Manager Console opens. See the +[Getting Started with Threat Manager](/docs/threatmanager/3.0/overview/gettingstarted.md) topic for next steps. diff --git a/docs/threatmanager/3.0/install/firstlaunch/login.md b/docs/threatmanager/3.0/install/firstlaunch/login.md new file mode 100644 index 0000000000..e5d2093009 --- /dev/null +++ b/docs/threatmanager/3.0/install/firstlaunch/login.md @@ -0,0 +1,21 @@ +--- +title: "User Login After First Launch" +description: "User Login After First Launch" +sidebar_position: 10 +--- + +# User Login After First Launch + +Once Threat Manager is installed, users granted access can log into the console using either of the +following methods: + +Log into Threat Manager locally on the default port using default credentials. For example + +- http://localhost:8080 +- http://[MACHINENAME.DOMAIN.COM]:8080 + +Threat Manager can also be accessed through the Web Console. This console can be opened with the +desktop icon laid down by the Netwrix Access Analyzer (formerly Enterprise Auditor) installer on its +server. + +- http://[MACHINENAME.DOMAIN.COM]:8082 diff --git a/docs/threatmanager/3.0/install/integration/_category_.json b/docs/threatmanager/3.0/install/integration/_category_.json new file mode 100644 index 0000000000..635bc3037d --- /dev/null +++ b/docs/threatmanager/3.0/install/integration/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Integration with Other Netwrix Products", + "position": 60, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/threatmanager/3.0/install/integration/activitymonitor.md b/docs/threatmanager/3.0/install/integration/activitymonitor.md index 539325a00c..e3c3aa33c5 100644 --- a/docs/threatmanager/3.0/install/integration/activitymonitor.md +++ b/docs/threatmanager/3.0/install/integration/activitymonitor.md @@ -1,3 +1,9 @@ +--- +title: "Netwrix Activity Monitor Integration" +description: "Netwrix Activity Monitor Integration" +sidebar_position: 10 +--- + # Netwrix Activity Monitor Integration The Activity Monitor can be configured to send file system data and/or Active Directory and/or diff --git a/docs/threatmanager/3.0/install/integration/overview.md b/docs/threatmanager/3.0/install/integration/overview.md index 5d1e317ca8..ea9a647436 100644 --- a/docs/threatmanager/3.0/install/integration/overview.md +++ b/docs/threatmanager/3.0/install/integration/overview.md @@ -1,3 +1,9 @@ +--- +title: "Integration with Other Netwrix Products" +description: "Integration with Other Netwrix Products" +sidebar_position: 60 +--- + # Integration with Other Netwrix Products The following Netwrix products can be configured to send data to Threat Manager: @@ -6,7 +12,7 @@ The following Netwrix products can be configured to send data to Threat Manager: send file system data and/or Active Directory data to Threat Manager. - The Active Directory data stream requires a unique App Token to be generated within Threat Manager. -- [Netwrix Threat Prevention Integration](/docs/threatmanager/3.0/install/integration/threatprevention.md) – Threat Prevention can be configured +- [Netwrix Threat Prevention Integration](/docs/threatmanager/3.0/install/integration/threatprevention/threatprevention.md) – Threat Prevention can be configured to send file system data and/or Active Directory data to Threat Manager. - Requires a unique App Token to be generated within Threat Manager. - [Netwrix Access Analyzer (formerly Enterprise Auditor) Integration](/docs/threatmanager/3.0/install/integration/accessanalyzer.md) – Access diff --git a/docs/threatmanager/3.0/install/integration/threatprevention.md b/docs/threatmanager/3.0/install/integration/threatprevention.md deleted file mode 100644 index 2c938fb02a..0000000000 --- a/docs/threatmanager/3.0/install/integration/threatprevention.md +++ /dev/null @@ -1,17 +0,0 @@ -# Netwrix Threat Prevention Integration - -Threat Prevention v6.0+ can be configured to send Active Directory data to Threat Manager. This is -done by generating an App Token in Threat Manager and then using that app token when configuring the -Threat Manager Event Sink in Threat Prevention. See the -[Threat Prevention documentation](https://helpcenter.netwrix.com/category/threatprevention) for -additional information. - -**NOTE:** Integration between Threat Prevention and Threat Manager was introduced with the release -of Threat Prevention v6.0 or later and Threat Manager v2.0 or later. - -The Threat Manager DC Sync threat is sourced by a Threat Prevention AD Replication Monitoring -policy. It is necessary for the policy to be configured to exclude domain controllers on the Host -(From) filter. - -Threat Prevention v7.2+ supports sending events to Threat Manager utilizing Protobuf, which allows -for higher performance event delivery to Threat Manager. diff --git a/docs/threatmanager/3.0/install/integration/threatprevention/_category_.json b/docs/threatmanager/3.0/install/integration/threatprevention/_category_.json new file mode 100644 index 0000000000..71ef9aa2e1 --- /dev/null +++ b/docs/threatmanager/3.0/install/integration/threatprevention/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Netwrix Threat Prevention Integration", + "position": 20, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "threatprevention" + } +} \ No newline at end of file diff --git a/docs/threatmanager/3.0/install/integration/threatprevention/threatprevention.md b/docs/threatmanager/3.0/install/integration/threatprevention/threatprevention.md new file mode 100644 index 0000000000..090e2a1da0 --- /dev/null +++ b/docs/threatmanager/3.0/install/integration/threatprevention/threatprevention.md @@ -0,0 +1,23 @@ +--- +title: "Netwrix Threat Prevention Integration" +description: "Netwrix Threat Prevention Integration" +sidebar_position: 20 +--- + +# Netwrix Threat Prevention Integration + +Threat Prevention v6.0+ can be configured to send Active Directory data to Threat Manager. This is +done by generating an App Token in Threat Manager and then using that app token when configuring the +Threat Manager Event Sink in Threat Prevention. See the +[Threat Prevention documentation](https://helpcenter.netwrix.com/category/threatprevention) for +additional information. + +**NOTE:** Integration between Threat Prevention and Threat Manager was introduced with the release +of Threat Prevention v6.0 or later and Threat Manager v2.0 or later. + +The Threat Manager DC Sync threat is sourced by a Threat Prevention AD Replication Monitoring +policy. It is necessary for the policy to be configured to exclude domain controllers on the Host +(From) filter. + +Threat Prevention v7.2+ supports sending events to Threat Manager utilizing Protobuf, which allows +for higher performance event delivery to Threat Manager. diff --git a/docs/threatmanager/3.0/install/login.md b/docs/threatmanager/3.0/install/login.md deleted file mode 100644 index 34e47cbf24..0000000000 --- a/docs/threatmanager/3.0/install/login.md +++ /dev/null @@ -1,15 +0,0 @@ -# User Login After First Launch - -Once Threat Manager is installed, users granted access can log into the console using either of the -following methods: - -Log into Threat Manager locally on the default port using default credentials. For example - -- http://localhost:8080 -- http://[MACHINENAME.DOMAIN.COM]:8080 - -Threat Manager can also be accessed through the Web Console. This console can be opened with the -desktop icon laid down by the Netwrix Access Analyzer (formerly Enterprise Auditor) installer on its -server. - -- http://[MACHINENAME.DOMAIN.COM]:8082 diff --git a/docs/threatmanager/3.0/install/overview.md b/docs/threatmanager/3.0/install/overview.md index b0742f1546..195fbeed60 100644 --- a/docs/threatmanager/3.0/install/overview.md +++ b/docs/threatmanager/3.0/install/overview.md @@ -1,3 +1,9 @@ +--- +title: "Installation" +description: "Installation" +sidebar_position: 30 +--- + # Installation Prior to installing Threat Manager, please ensure that all of the prerequisites have been met in @@ -95,7 +101,7 @@ launcher opens. You can now install the following components on the same server: - Configure a remote Action Service to register with Threat Manager. - Configure a service account to run actions. -**Step 3 –** Log into the console for the first time. See the [First Launch](/docs/threatmanager/3.0/install/firstlaunch.md) topic +**Step 3 –** Log into the console for the first time. See the [First Launch](/docs/threatmanager/3.0/install/firstlaunch/firstlaunch.md) topic for additional information. **Step 4 –** Configure integration with one or more Netwrix products to feed the desired type of @@ -104,7 +110,7 @@ data into Threat Manager: - [Netwrix Activity Monitor Integration](/docs/threatmanager/3.0/install/integration/activitymonitor.md) – Configure Netwrix Activity Monitor to send file system data and/or Active Directory data and/or Microsoft Entra ID data to Threat Manager -- [Netwrix Threat Prevention Integration](/docs/threatmanager/3.0/install/integration/threatprevention.md) – Configure Netwrix +- [Netwrix Threat Prevention Integration](/docs/threatmanager/3.0/install/integration/threatprevention/threatprevention.md) – Configure Netwrix Threat Prevention to send Active Directory data to Threat Manager - [Netwrix Access Analyzer (formerly Enterprise Auditor) Integration](/docs/threatmanager/3.0/install/integration/accessanalyzer.md) – Configure Netwrix Access Analyzer (formerly Enterprise Auditor) to send Sensitive Data to Threat diff --git a/docs/threatmanager/3.0/install/secure.md b/docs/threatmanager/3.0/install/secure.md index ff45fe1689..fd78157e53 100644 --- a/docs/threatmanager/3.0/install/secure.md +++ b/docs/threatmanager/3.0/install/secure.md @@ -1,3 +1,9 @@ +--- +title: "Secure the Threat Manager Console" +description: "Secure the Threat Manager Console" +sidebar_position: 40 +--- + # Secure the Threat Manager Console To support HTTPS, do the following: diff --git a/docs/threatmanager/3.0/install/upgrade.md b/docs/threatmanager/3.0/install/upgrade.md deleted file mode 100644 index 17e496403c..0000000000 --- a/docs/threatmanager/3.0/install/upgrade.md +++ /dev/null @@ -1,54 +0,0 @@ -# Upgrade Procedure - -This topic describes the steps needed for upgrading Threat Manager to the latest version. - -See the [What's New](/docs/threatmanager/3.0/whatsnew.md) topic for details on new and improved features included with -each release. - -## Considerations - -Configure integration with one or more Netwrix products to feed the desired type of data into Threat -Manager: - -- [Netwrix Activity Monitor Documentation](https://helpcenter.netwrix.com/category/activitymonitor) -- [Netwrix Threat Prevention Documentation](https://helpcenter.netwrix.com/category/threatprevention) -- [Netwrix Access Analyzer Documentation](https://helpcenter.netwrix.com/category/accessanalyzer) - -If Netwrix Activity Monitor is used to send data to Threat Manager, the versions of both products -must be compatible. - -**NOTE:** It is not required to upgrade the Activity Monitor to the latest version when upgrading -Threat Manager, but it is recommended to upgrade it in order to take full advantage of the new -features. - -| Netwrix Activity Monitor Version | Compatibility with Threat Manager v3.0 | -| -------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| 7.1 | Fully compatible for monitoring of: - File System Data - Active Directory Data - Microsoft Entra ID Data Threat Manager also supports file copy event type and file size information. **NOTE:** SharePoint, SharePoint Online, Exchange Online, Linux, and SQL monitoring are not supported | -| 7.0 | Fully compatible for monitoring of: - File System Data - Active Directory Data - Microsoft Entra ID Data Threat Manager also supports file copy event type and file size information. **NOTE:** SharePoint, SharePoint Online, Exchange Online, Linux, and SQL monitoring are not supported. | -| 6.0 | Fully compatible for monitoring of: - File system Data - Active Directory Data Threat Manager also supports file copy event type and file size information. **NOTE:** SharePoint, SharePoint Online, Exchange Online, Microsoft Entra ID, Linux, and SQL monitoring are not supported | - -## Threat Manager Services - -Stop all Threat Manager services. - -**Step 1 –** Go to Services in the Windows Services Management Console (`services.msc`) on the -server where Netwrix Threat Manageris installed. - -**Step 2 –** Right-click on each Threat Manager service and click Stop in the following order: - -- Netwrix Threat Manager Action Service -- Netwrix Threat Manager Active Directory Service -- Netwrix Threat Manager Email Service -- Netwrix Threat Manager Event Service -- Netwrix Threat Manager Integration Service -- Netwrix Threat Manager Job Service -- Netwrix Threat Manager License Service -- Netwrix Threat Manager SIEM Service -- Netwrix Threat Manager Web Service - -## Upgrade Cases - -You can: - -- [Upgrade Threat Manager from 2.8 to 3.0](/docs/threatmanager/3.0/install/upgrade3.0.md) -- [Upgrade Threat Manager from 2.6/2.7 To 2.8](/docs/threatmanager/3.0/install/upgrade2.8.md) diff --git a/docs/threatmanager/3.0/install/upgrade/_category_.json b/docs/threatmanager/3.0/install/upgrade/_category_.json new file mode 100644 index 0000000000..481c03deff --- /dev/null +++ b/docs/threatmanager/3.0/install/upgrade/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Upgrade Procedure", + "position": 70, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "upgrade" + } +} \ No newline at end of file diff --git a/docs/threatmanager/3.0/install/upgrade/upgrade.md b/docs/threatmanager/3.0/install/upgrade/upgrade.md new file mode 100644 index 0000000000..f236b81f78 --- /dev/null +++ b/docs/threatmanager/3.0/install/upgrade/upgrade.md @@ -0,0 +1,60 @@ +--- +title: "Upgrade Procedure" +description: "Upgrade Procedure" +sidebar_position: 70 +--- + +# Upgrade Procedure + +This topic describes the steps needed for upgrading Threat Manager to the latest version. + +See the [What's New](/docs/threatmanager/3.0/overview/whatsnew.md) topic for details on new and improved features included with +each release. + +## Considerations + +Configure integration with one or more Netwrix products to feed the desired type of data into Threat +Manager: + +- [Netwrix Activity Monitor Documentation](https://helpcenter.netwrix.com/category/activitymonitor) +- [Netwrix Threat Prevention Documentation](https://helpcenter.netwrix.com/category/threatprevention) +- [Netwrix Access Analyzer Documentation](https://helpcenter.netwrix.com/category/accessanalyzer) + +If Netwrix Activity Monitor is used to send data to Threat Manager, the versions of both products +must be compatible. + +**NOTE:** It is not required to upgrade the Activity Monitor to the latest version when upgrading +Threat Manager, but it is recommended to upgrade it in order to take full advantage of the new +features. + +| Netwrix Activity Monitor Version | Compatibility with Threat Manager v3.0 | +| -------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| 7.1 | Fully compatible for monitoring of: - File System Data - Active Directory Data - Microsoft Entra ID Data Threat Manager also supports file copy event type and file size information. **NOTE:** SharePoint, SharePoint Online, Exchange Online, Linux, and SQL monitoring are not supported | +| 7.0 | Fully compatible for monitoring of: - File System Data - Active Directory Data - Microsoft Entra ID Data Threat Manager also supports file copy event type and file size information. **NOTE:** SharePoint, SharePoint Online, Exchange Online, Linux, and SQL monitoring are not supported. | +| 6.0 | Fully compatible for monitoring of: - File system Data - Active Directory Data Threat Manager also supports file copy event type and file size information. **NOTE:** SharePoint, SharePoint Online, Exchange Online, Microsoft Entra ID, Linux, and SQL monitoring are not supported | + +## Threat Manager Services + +Stop all Threat Manager services. + +**Step 1 –** Go to Services in the Windows Services Management Console (`services.msc`) on the +server where Netwrix Threat Manageris installed. + +**Step 2 –** Right-click on each Threat Manager service and click Stop in the following order: + +- Netwrix Threat Manager Action Service +- Netwrix Threat Manager Active Directory Service +- Netwrix Threat Manager Email Service +- Netwrix Threat Manager Event Service +- Netwrix Threat Manager Integration Service +- Netwrix Threat Manager Job Service +- Netwrix Threat Manager License Service +- Netwrix Threat Manager SIEM Service +- Netwrix Threat Manager Web Service + +## Upgrade Cases + +You can: + +- [Upgrade Threat Manager from 2.8 to 3.0](/docs/threatmanager/3.0/install/upgrade/upgrade3.0.md) +- [Upgrade Threat Manager from 2.6/2.7 To 2.8](/docs/threatmanager/3.0/install/upgrade/upgrade2.8.md) diff --git a/docs/threatmanager/3.0/install/upgrade2.8.md b/docs/threatmanager/3.0/install/upgrade/upgrade2.8.md similarity index 97% rename from docs/threatmanager/3.0/install/upgrade2.8.md rename to docs/threatmanager/3.0/install/upgrade/upgrade2.8.md index 031c57e18b..c1bdbfa9df 100644 --- a/docs/threatmanager/3.0/install/upgrade2.8.md +++ b/docs/threatmanager/3.0/install/upgrade/upgrade2.8.md @@ -1,3 +1,9 @@ +--- +title: "Upgrade Threat Manager from 2.6/2.7 To 2.8" +description: "Upgrade Threat Manager from 2.6/2.7 To 2.8" +sidebar_position: 10 +--- + # Upgrade Threat Manager from 2.6/2.7 To 2.8 Follow the steps to upgrade Threat Manager 2.6/2.7 to 2.8 or to apply a hotfix to Threat Manager. diff --git a/docs/threatmanager/3.0/install/upgrade3.0.md b/docs/threatmanager/3.0/install/upgrade/upgrade3.0.md similarity index 97% rename from docs/threatmanager/3.0/install/upgrade3.0.md rename to docs/threatmanager/3.0/install/upgrade/upgrade3.0.md index 688aa5d6d3..4f03e9484d 100644 --- a/docs/threatmanager/3.0/install/upgrade3.0.md +++ b/docs/threatmanager/3.0/install/upgrade/upgrade3.0.md @@ -1,3 +1,9 @@ +--- +title: "Upgrade Threat Manager from 2.8 to 3.0" +description: "Upgrade Threat Manager from 2.8 to 3.0" +sidebar_position: 20 +--- + # Upgrade Threat Manager from 2.8 to 3.0 The upgrade process from Threat Manager 2.8 to 3.0 involves the following steps: diff --git a/docs/threatmanager/3.0/overview.md b/docs/threatmanager/3.0/overview.md deleted file mode 100644 index a90a5b0300..0000000000 --- a/docs/threatmanager/3.0/overview.md +++ /dev/null @@ -1,46 +0,0 @@ -# Netwrix Threat Manager v3.0 - -Threat Manager detects and responds to abnormal behavior and advanced attacks against Active -Directory and File Systems with unprecedented accuracy and speed. Threat Manager provides -programmatic and automated response options when threats are identified. In addition to an extensive -catalog of preconfigured response actions, Threat Manager can be configured to integrate with you -own business processes using integrated PowerShell or webhook facilities. - -Threat Manager can also deliver threat data to administrators in their preferred applications, -including Microsoft Teams, Slack, ServiceNow, and a wide variety of SIEM platforms. - -## Architecture - -The following diagram is a visual representation of Threat Manager architecture. It maps out the -physical implementation of Threat Manager components. - -![Netwrix Threat Manager Architecture diagram](/img/product_docs/threatmanager/3.0/tmarch.webp) - -## Administration - -Organizations of virtually any size find it to be impossible, even counterproductive, to evaluate -the substantial amount of file access events and Active Directory events occurring within their -environments on any given day. To overcome this challenge and achieve proper visibility into this -otherwise significant blind spot in an organization's cyber security program, Threat Manager® -provides built-in threat analytics to highlight the most unusual behaviors that occur within an -organization each day. Threat Manager also provides a method to deep dive into activity data using a -series of customizable filters to discover threats unique to their organization. - -## Supported Platforms - -Supported platforms include the Active Directory and File system platforms supported for monitoring -by either Netwrix Threat Prevention or Netwrix Activity Monitor. See the following product -documentation for additional information: - -- [Netwrix Threat Prevention Documentation](https://helpcenter.netwrix.com/category/threatprevention) -- [Netwrix Activity Monitor Documentation](https://helpcenter.netwrix.com/category/activitymonitor) - -## Threat Manager Threats - -Threat Manager monitors the following threats. See each section for information on monitored threat -types. - -- [Active Directory Threats](/docs/threatmanager/3.0/threats/activedirectory.md) -- [Entra ID Threats](/docs/threatmanager/3.0/threats/entraid.md) -- [File System Threats](/docs/threatmanager/3.0/threats/filesystem.md) -- [General Threats](/docs/threatmanager/3.0/threats/general.md) diff --git a/docs/threatmanager/3.0/overview/_category_.json b/docs/threatmanager/3.0/overview/_category_.json new file mode 100644 index 0000000000..15809d6632 --- /dev/null +++ b/docs/threatmanager/3.0/overview/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Netwrix Threat Manager v3.0", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/threatmanager/3.0/overview/gettingstarted.md b/docs/threatmanager/3.0/overview/gettingstarted.md new file mode 100644 index 0000000000..af1195b099 --- /dev/null +++ b/docs/threatmanager/3.0/overview/gettingstarted.md @@ -0,0 +1,86 @@ +--- +title: "Getting Started with Threat Manager" +description: "Getting Started with Threat Manager" +sidebar_position: 10 +--- + +# Getting Started with Threat Manager + +Once Threat Manager is installed, complete the following configuration to enable users to begin +viewing threat analytics in an organization’s environment. + +After installation, configuration is required for many of Threat Manager's additional capabilities. +This includes the option to configure sensitive data from Netwrix Access Analyzer (formerly +Enterprise Auditor). Features such as Active Directory data collection, email notifications, and +SIEM service integration can be enabled in their respective configuration pages. + +## Send Data to Threat Manager + +Threat Manager threat detection requires file system and/or Active Directory and/or Microsoft Entra +ID activity to be monitored by either the Activity Monitor or Threat Prevention. An agent must be +deployed to the server being monitored, and the products must be configured to stream data to Threat +Manager. + +See the [Integration with Other Netwrix Products](/docs/threatmanager/3.0/install/integration/overview.md) topic for additional +information. + +### File System Activity + +File system activity is monitored by the Activity Monitor or the Threat Prevention file system +policy. Deploy an activity agent to every Windows file server to be monitored and/or to Windows +proxy servers for every NAS device to be monitored. The monitored host must be configured to send +events to Threat Manager. See the +[Netwrix Activity Monitor Integration](/docs/threatmanager/3.0/install/integration/activitymonitor.md) topic for additional +information. + +### Active Directory Activity + +Active Directory activity can be monitored by either the Activity Monitor or Threat Prevention. +Deploy an Active Directory agent to domain controllers in order for Threat Manager to receive Active +Directory events: + +- Activity Monitor – Monitored domain must be configured to stream data through the domain + properties > Threat Manager tab + - See the [Netwrix Activity Monitor Integration](/docs/threatmanager/3.0/install/integration/activitymonitor.md) topic for + additional information. +- Threat Prevention – Threat Prevention Admin Console must be configured to stream data through the + Threat Manager Event Sink feature + - See the [Netwrix Threat Prevention Integration](/docs/threatmanager/3.0/install/integration/threatprevention/threatprevention.md) topic + for additional information. + +### Microsoft Entra ID Activity + +Microsoft Entra ID activity can be monitored by Activity Monitor. Deploy an Activity Monitor agent +to a Windows server and configure it to monitor an Microsoft Entra ID tenant to send events to +Threat Manager. The monitored tenant must be configured to send events to Threat Manager. See the +[Netwrix Activity Monitor Integration](/docs/threatmanager/3.0/install/integration/activitymonitor.md) topic for additional +information. + +### Sensitive Data Discovery + +Sensitive data is collected by Access Analyzer. It requires a license for the Access Analyzer File +System Solution with the Sensitive Data Discovery Add-on. Access Analyzer has a custom job which can +be added to the FileSystem > 0.Collection Job Group to stream data after the collection tasks +complete. See the +[Netwrix Access Analyzer (formerly Enterprise Auditor) Integration](/docs/threatmanager/3.0/install/integration/accessanalyzer.md) topic +for additional information. + +## Enable Features in the Threat Manager Console + +The Threat Manager Console has features that require initial configuration to turn them on. These +pages are located under the [Configuration Menu](/docs/threatmanager/3.0/administration/configuration/overview.md): + +- The [Integrations Interface](/docs/threatmanager/3.0/administration/configuration/integrations/overview.md) provides the + ability to add and configure external integrations for Threat Manager including: + - [Active Directory Sync Page](/docs/threatmanager/3.0/administration/configuration/integrations/activedirectorysync.md) + - [Entra ID Sync Page](/docs/threatmanager/3.0/administration/configuration/integrations/entraidsync.md) + - [App Tokens Page](/docs/threatmanager/3.0/administration/configuration/integrations/apptoken.md) + - [Authentication Provider Page](/docs/threatmanager/3.0/administration/configuration/integrations/page/page.md) + - [Credential Profile Page](/docs/threatmanager/3.0/administration/configuration/integrations/credentialprofile.md) + - [Email Page](/docs/threatmanager/3.0/administration/configuration/integrations/email.md) + - [Folder Settings Page](/docs/threatmanager/3.0/administration/configuration/integrations/foldersettings.md) + - [SIEM Page](/docs/threatmanager/3.0/administration/configuration/integrations/siem.md) + - [Netwrix Integrations Page](/docs/threatmanager/3.0/administration/configuration/integrations/netwrixintegrations.md) + - [Tag Management Page](/docs/threatmanager/3.0/administration/configuration/integrations/tagmanagement.md) +- The [Policies Page](/docs/threatmanager/3.0/administration/configuration/policies/overview.md) provides the ability to add + and configure policies used for threat detection including Honeytoken threats diff --git a/docs/threatmanager/3.0/overview/overview.md b/docs/threatmanager/3.0/overview/overview.md new file mode 100644 index 0000000000..9bf02cb363 --- /dev/null +++ b/docs/threatmanager/3.0/overview/overview.md @@ -0,0 +1,52 @@ +--- +title: "Netwrix Threat Manager v3.0" +description: "Netwrix Threat Manager v3.0" +sidebar_position: 10 +--- + +# Netwrix Threat Manager v3.0 + +Threat Manager detects and responds to abnormal behavior and advanced attacks against Active +Directory and File Systems with unprecedented accuracy and speed. Threat Manager provides +programmatic and automated response options when threats are identified. In addition to an extensive +catalog of preconfigured response actions, Threat Manager can be configured to integrate with you +own business processes using integrated PowerShell or webhook facilities. + +Threat Manager can also deliver threat data to administrators in their preferred applications, +including Microsoft Teams, Slack, ServiceNow, and a wide variety of SIEM platforms. + +## Architecture + +The following diagram is a visual representation of Threat Manager architecture. It maps out the +physical implementation of Threat Manager components. + +![Netwrix Threat Manager Architecture diagram](/img/product_docs/threatmanager/3.0/tmarch.webp) + +## Administration + +Organizations of virtually any size find it to be impossible, even counterproductive, to evaluate +the substantial amount of file access events and Active Directory events occurring within their +environments on any given day. To overcome this challenge and achieve proper visibility into this +otherwise significant blind spot in an organization's cyber security program, Threat Manager® +provides built-in threat analytics to highlight the most unusual behaviors that occur within an +organization each day. Threat Manager also provides a method to deep dive into activity data using a +series of customizable filters to discover threats unique to their organization. + +## Supported Platforms + +Supported platforms include the Active Directory and File system platforms supported for monitoring +by either Netwrix Threat Prevention or Netwrix Activity Monitor. See the following product +documentation for additional information: + +- [Netwrix Threat Prevention Documentation](https://helpcenter.netwrix.com/category/threatprevention) +- [Netwrix Activity Monitor Documentation](https://helpcenter.netwrix.com/category/activitymonitor) + +## Threat Manager Threats + +Threat Manager monitors the following threats. See each section for information on monitored threat +types. + +- [Active Directory Threats](/docs/threatmanager/3.0/overview/threats/activedirectory.md) +- [Entra ID Threats](/docs/threatmanager/3.0/overview/threats/entraid.md) +- [File System Threats](/docs/threatmanager/3.0/overview/threats/filesystem.md) +- [General Threats](/docs/threatmanager/3.0/overview/threats/general.md) diff --git a/docs/threatmanager/3.0/overview/threats/_category_.json b/docs/threatmanager/3.0/overview/threats/_category_.json new file mode 100644 index 0000000000..0f333d944a --- /dev/null +++ b/docs/threatmanager/3.0/overview/threats/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Type of Threats", + "position": 30, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/threatmanager/3.0/overview/threats/activedirectory.md b/docs/threatmanager/3.0/overview/threats/activedirectory.md new file mode 100644 index 0000000000..61f2c19a62 --- /dev/null +++ b/docs/threatmanager/3.0/overview/threats/activedirectory.md @@ -0,0 +1,158 @@ +--- +title: "Active Directory Threats" +description: "Active Directory Threats" +sidebar_position: 10 +--- + +# Active Directory Threats + +The following threats are monitored for Active Directory: + +## AdminSDHolder ACL Tampering + +| AdminSDHolder ACL Tampering | | +| --------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Definition | Modifying the Access Control List (ACL) of the AdminSDHolder container in Active Directory enables an attacker to achieve and maintain persistence in an already compromised domain, even if an administrator finds and removes the attacker's permission on a protected object the AdminSDHolder controls. | + +## AS-REP Roasted Users + +| AS-REP Roasted Users | | +| -------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| **Definition** | AS-REP roasting is a technique that allows retrieving password hashes for users that have 'Do not require Kerberos pre-authentication' property selected. Those hashes can then be cracked offline. | + +## DCShadow + +| DCShadow | | +| ---------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Definition | DCShadow is a feature of Mimikatz and a technique for elevating a regular workstation account to a domain controller and executing malicious replication against the domain. DCShadow can set arbitrary attributes within Active Directory. | + +## DC Sync + +| DC Sync | | +| ---------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | +| Definition | Replication from a non-domain controller account can be evidence of a Mimikatz DCSync attack. Performing a DCSync remotely extracts the NTLM password hash for the account that is the target of the attack. | + +**NOTE:** The domain monitoring policy must be configured to exclude domain controllers. See the +[Integration with Other Netwrix Products](/docs/threatmanager/3.0/install/integration/overview.md) topic for additional +information. + +## Domain Backup Key Compromise + +| Domain Backup Key Compromise | | +| ---------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Definition | The Data Protection API (DPAPI) is used by Windows to encrypt user secrets such as saved credentials, browser cookies, website passwords, and other sensitive information. For computers joined to an Active Directory domain, secrets protected by the DPAPI are also encrypted with a domain backup key. This key is stored in Active Directory and enables recovery of DPAPI-protected secrets should the user lose their own backup key. Because the domain backup key cannot be rotated, its exposure is a significant event. | + +## Exposed Administrative Credentials + +| Exposed Administrative Credentials | | +| ---------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Definition | Highly privileged accounts, groups, and systems have direct or indirect administrative control over the Active Directory forest/domain. Given the sensitive nature of these accounts, they should only be used on domain controllers. Pass-the-Hash attacks are successful because highly privileged credentials are used to access lower security systems. Having access to a privileged user's hash allows attackers to move laterally. This threat aligns to best practices for securing Active Directory. If an organization does not enforce limiting privileged account access to only Domain Controllers, this threat should remain disabled to eliminate noise. | + +## Golden Ticket + +| Golden Ticket | | +| ------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Definition | By obtaining the password hash for the most powerful service account in Active Directory, the KRBTGT account, an attacker is able to compromise every account within Active Directory, giving them unlimited and virtually undetectable access to any system connected to Active Directory. | + +## Forged Ticket + +| Forged Ticket | | +| ------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Definition | Forged Tickets provide a way for an attacker to elevate privileges by injecting additional group membership into their Kerberos tickets, giving them more privileges than they actually have in Active Directory. Threat Manager will compare PAC data in authentication to the user's actual group member and generate a threat when it finds a discrepancy. | +| Trigger | Perform Authentication using fabricated/invalid tickets with groups present in the authentication Ticket PAC data that does not match the users Active Directory group membership. | + +## GMSA Password Access + +| GMSA Password Access | | +| -------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Definition | The passwords for Group Managed Service Accounts (GMSA) are stored in BLOB format in the msDS-ManagedPassword attribute of the GMSA account object in Active Directory. It is trivial to convert the BLOB to a useable clear text password. It is suspicious for a user to attempt to read this attribute, as only authorized computer accounts should retrieve a GMSA’s password. | + +## GMSA Permissions Assignment + +| GMSA Permissions Assignment | | +| --------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Definition | Permissions to retrieve passwords for Group Managed Service Accounts (GMSA) are typically granted only to the computer account of each computer running the service. The assignment of privileges to non-computer accounts (e.g. human accounts) can be indicative of an adversary's attempt to compromise the GMSA password. | + +## Hidden Object + +| Hidden Object | | +| ------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Definition | Changing object Deny Read or Deny List Contents permissions can effectively hide an Active Directory object as it will not be returned in LDAP queries. This causes the object to avoid monitoring and detection, as service accounts used by these solutions will be unable to query the object. | + +## Honeytoken + +| Honeytoken | | +| ---------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | +| Definition | Honeytokens are fake credentials stored in memory. When an attack scans memory they may try to authenticate or query the domain for information about the account. A Honeytoken threat can be generated by two methods: LDAP or Authentication. An authentication Honeytoken threat is generated when a perpetrator attempts to authenticate with a Honeytoken user account. An LDAP Honeytoken threat is generated when a perpetrator performs an LDAP query against a Honeytoken user account. | + +## Insecure UAC Change + +| Insecure UAC Change | | +| ------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Definition | Some changes to User Account Control Flags on Active Directory Objects can potentially expose security risks."PASSWD_CANT_CHANGE", "TRUSTED_FOR_DELEGATION", "USE_DES_KEY_ONLY", and "DONT_REQ_PREAUTH" are particularly risky. | + +## Kerberoasting + +| Kerberoasting | | +| ------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Definition | Kerberoasting is an attack method that allows an attacker to crack the passwords of service accounts in Active Directory offline and without fear of detection. | + +## LDAP Reconnaissance + +| LDAP Reconnaissance | | +| ------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Definition | When an attacker initially compromises a system on a network, they will have few to no privileges within the domain. However, due to the architecture of Active Directory, once an attacker has infiltrated any domain-joined computer, they are able to query the directory and its objects using LDAP, allowing them to locate sensitive accounts and assets to target in their attack. | + +## LSASS Process Injection + +| LSASS Process Injection | | +| ----------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Definition | LSASS process injection is a deliberate and common method used by a variety of attacks including: Skeleton Key, MemSSP, and SID History Tampering. By injecting code into the lsass.exe process an attacker can scrape the password hashes directly out of process memory. | + +## Pass-The-Ticket + +| Pass-The-Ticket | | +| --------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | +| Definition | A Pass-the-Ticket event occurs when a user extracts a valid Kerberos ticket from one system and uses it to authenticate from another system. This allows the attacker to compromise a user's account and use it from any domain-joined computer. | + +## Password Spraying + +| Password Spraying | | +| ----------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | +| Definition | Password Spraying indicates an attempt to gain access to credentials by using common passwords against large numbers of accounts while also staying below an organization’s defined lockout threshold. | + +## Replication Permissions + +| Replication Permissions | | +| ----------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Definition | Providing a user with replication permissions allows the user to execute domain replication commands against domain controllers. This type of behavior is common with DCSync and DCShadow threats. | + +## Sensitive Group Changes + +| Sensitive Group Changes | | +| ----------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Definition | Sensitive Group Changes indicate that the membership of a group containing extremely sensitive permissions has been modified. This includes any Active Directory group with the Sensitive tag in Threat Manager, which includes many standard Active Directory Groups such as: Domain Admins, Enterprise Admins, and Schema Admins. | + +## Service Account Misuse + +| Service Account Misuse | | +| ---------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Definition | Indicates that a service account was used to log into a machine that is not listed in their service principal names attribute. This threat aligns to best practices for securing Active Directory. If an organization does not enforce service accounts to only authenticate to hosts within their servicePrincipalName values, this threat should remain disabled to eliminate noise. | + +## SID History Tampering + +| SID History Tampering | | +| --------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Definition | Mimikatz or other tools can be used to inject SID History into user accounts. This allows an account to effectively be given permissions, such as Domain Admin, even though it is not actually a member of Domain Admins. | + +## SPN Assigned to Privileged User + +| SPN Assigned to Privileged User | | +| ------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| **Definition** | An account is only vulnerable to Kerberoasting attacks if it has a service principal name. Service accounts should not have more privileges than required to perform their function. Visit [Netwrix Attack Catalog](https://www.netwrix.com/attack.html) to learn more about this threat. | + +## Zerologon Exploitation + +| Zerologon Exploitation | | +| ---------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Definition | CVE-2020-1472 (a.k.a. "Zerologon") is an elevation of privilege vulnerability that allows an unauthenticated attacker to escalate their privileges to domain administrator by exploiting a flaw in the Netlogon Remote Protocol (MS-NRPC). To exploit this vulnerability, an attacker requires only the ability to communicate over the MS-NRPC protocol to a domain controller. | diff --git a/docs/threatmanager/3.0/overview/threats/custom.md b/docs/threatmanager/3.0/overview/threats/custom.md new file mode 100644 index 0000000000..e6b4baa89a --- /dev/null +++ b/docs/threatmanager/3.0/overview/threats/custom.md @@ -0,0 +1,93 @@ +--- +title: "Custom Threats" +description: "Custom Threats" +sidebar_position: 50 +--- + +# Custom Threats + +In additional to pre-configured threats, Threat Manager provides the ability to create custom +threats. A user can create a custom threat if they consider certain events to be dangerous in their +environment. For example, when one of the privileged users makes file changes. + +Custom threats can be created in one of the following ways: + +- Custom Option on the Threat Detection Page +- Create Threat Option on the Investigation Page + +## Custom Option on the Threat Detection Page + +Follow the steps to create a custom threat. + +**Step 1 –** Click on the gear icon at the top right of the screen. + +**Step 2 –** Select **Threat Detection**. This opens the Threat Detection page. + +**Step 3 –** In the Threats box on the left, click **Custom** . This opens the Investigate page. + +**Step 4 –** On the Investigate page, do one of the following: + +- Select an existing investigation, or +- Save a new one. See the + [New Investigation Page](/docs/threatmanager/3.0/administration/investigations/newinvestigation.md) for additional + information. + +**Step 5 –** In the selected investigation, click the **Create Threat** option. + +![CreateThreat Option](/img/product_docs/threatmanager/3.0/threats/createthreat.webp) + +The Custom Threat page opens. + +![Create Threat Dialog Box](/img/product_docs/threatmanager/3.0/threats/createthreatdialogbox.webp) + +**Step 6 –** Severity – The relative severity level, or risk level, of the threat. See the +[Fine Tune a Threat](/docs/threatmanager/3.0/administration/configuration/threatdetection/threatconfiguration.md) topic for additional +information. + +**Step 7 –** Description – Description of the threat. + +**NOTE:** Click the + sign in the description box to insert the `{{userName}}` macro. The macro will +associate the user that committed the threat. + +**Step 8 –** Definition – The threat definition is a detailed explanation of the threat providing +insight into why the incident is a potential risk. It appears at the top of the Threat Details page. +See the [Threat Details Page](/docs/threatmanager/3.0/administration/threats/threatdetails/overview.md) topic for additional +information. + +**Step 9 –** The Custom Threat page has two tabs for threat configuration: + +- Threat Response – Assigning a threat response includes the following: + + - SIEM Alert – Check the box to forward threat information to a SIEM service when the threat is + detected. Uncheck it to turn off forwarding threat information to a SIEM service. + - Email Alert – Check the box to send email notifications when the threat is detected. Uncheck + it to turn off email notifications. + - Run Playbook – Select the playbook that will be used to respond to the threat. + +- Threat Settings – Select the Threshold check-box to enable configuration options i.e. the minimum + number of events during a specific time frame which will trigger a threat. + + - Count –The number of times that an event must occur before a threat is generated + - Time – The time period over which the count must occur to generate a threat. Enter a value and + set the units for the time period in the next field. + - Units – The time period units. Options in the drop-down menu include Minutes, Hours, or Days. + - Group By Perpetrator – When checked, the threat criteria is evaluated on a per-user basis. + This means that each perpetrating user's individual activity must match the investigation + criteria in order to generate a threat. The default is unchecked. + +Exclusions Tab + +The Exclusions tab lists existing exclusions for the threat. Exclusions allow rule-based definitions +to be defined for specific criteria to be excluded from threat detection for the threat type. + +![Threat Exclusion Tab](/img/product_docs/threatmanager/3.0/threats/exclusionstab.webp) + +**Step 10 –** Click **Save**. The investigation is now saved as a custom threat. + +## Create Threat Option on the Investigation Page + +For creating a custom threat from an Investigation page, the steps are as follows: + +1. Click Investigate in the application's header bar. +2. select an investigation and follow the steps from the Step 5 in the Custom Option on the Threat + Detection Page section above. diff --git a/docs/threatmanager/3.0/threats/entraid.md b/docs/threatmanager/3.0/overview/threats/entraid.md similarity index 98% rename from docs/threatmanager/3.0/threats/entraid.md rename to docs/threatmanager/3.0/overview/threats/entraid.md index 8e1cc83abc..07bb32192e 100644 --- a/docs/threatmanager/3.0/threats/entraid.md +++ b/docs/threatmanager/3.0/overview/threats/entraid.md @@ -1,3 +1,9 @@ +--- +title: "Entra ID Threats" +description: "Entra ID Threats" +sidebar_position: 20 +--- + # Entra ID Threats The following threats are monitored for Microsoft Entra ID. diff --git a/docs/threatmanager/3.0/overview/threats/filesystem.md b/docs/threatmanager/3.0/overview/threats/filesystem.md new file mode 100644 index 0000000000..3f7481ca36 --- /dev/null +++ b/docs/threatmanager/3.0/overview/threats/filesystem.md @@ -0,0 +1,51 @@ +--- +title: "File System Threats" +description: "File System Threats" +sidebar_position: 30 +--- + +# File System Threats + +The following threats are monitored for File System: + +## High Risk Permissions + +High Risk Permissions are those which grant unrestricted access to a file or folder. When high risk +permissions are added or increased on a folder or file, a threat is created. + +| High Risk Permissions | | +| --------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Definition | The High Risk Permissions threat creates a threat when a high risk trustee (Domain Users, Anonymous Logon, Authenticated Users, and Everyone) is added to the ACL on a folder or file. These permissions are high risk because they grant unrestricted access to a resource. | +| Example | Domain Users are given Read access to a folder. Everyone is given Full Control on a folder which already had Domain Users with Read Access. | +| Trigger | A threat is created when a user adds a high risk trustee (defined above) to a folder or file, which increases the amount of open access. This threat is updated with the total number of folders or files affected due to the inherited permissions. | + +## NTDS.dit File Access + +Unauthorized file system interaction with the NTDS.dit file stored on Active Directory Domain +Controllers will be detected as a threat. + +| NTDS.dit File Access | | +| -------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Definition | By accessing the NTDS.dit file, Active Directory's database, an attacker can extract a copy of every user's password hash and subsequently act as any user in the domain. Threat Manager audits all activity related to the NTDS file and VSS copy to notify when an attacker could be accessing the information for an offline attack. | +| Trigger | Perform File or VSS activity against the NTDS.DIT file. | + +## Ransomware + +When a user creates or renames at least 100 files with a known ransomware extension or a name that +resembles common ransom notes, a threat is created for each rename action. + +| Ransomware | | +| ---------- | --------------------------------------------------------------------------------------------------------------------------------------- | +| Definition | Detects file activity that involves a file with a known ransomware extension or a file with a name that resembles common ransom notes. | +| Example | A user created a ".locky" file, and created and renamed more than 100 files with common ransomware extensions. | +| Trigger | Using a pre-defined library of known ransomware extensions, Threat Manager alerts on file create/rename activity with known extensions. | + +## Unusual Processes + +If a user runs a process on a monitored server for the first time, a threat is created. + +| Unusual Processes | | +| ----------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Definition | The Unusual Processes threat detects if previously unseen processes are launched on critical file servers. | +| Example | A user launches a "python.exe" process that has never been launched by anyone else in the environment. | +| Trigger | Threat Manager records the name of the processes associated with file access activities. Over a learning period (e.g. 30 days), Threat Manager profiles which processes are normal by aggregating data across all file servers. After that, if a new process is identified that has not been seen on any other file servers, a threat will be created. NOTE: This threat is only applicable on Windows file servers when the activity is performed locally. | diff --git a/docs/threatmanager/3.0/overview/threats/general.md b/docs/threatmanager/3.0/overview/threats/general.md new file mode 100644 index 0000000000..a556fa85b7 --- /dev/null +++ b/docs/threatmanager/3.0/overview/threats/general.md @@ -0,0 +1,42 @@ +--- +title: "General Threats" +description: "General Threats" +sidebar_position: 40 +--- + +# General Threats + +The following threats are monitored for File System and Active Directory. + +## Abnormal User Behavior + +Abnormal behavior detection begins when a user has been active for a minimum of 30 days, with up to +120 days of activity used to establish the baseline behavior for a user. Behavior for all users is +evaluated every 15 minutes. If a user deviates significantly from their baseline, a threat is +created. + +| Abnormal Behavior | | +| ----------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Definition | Indicates that a user's file system or Active Directory behavior has deviated from the user's normal behavioral profile. | +| Example | Sensitive Data Example: A user suddenly accesses far more files containing sensitive content than they normally do. Ransomware Example: New ransomware variants not represented in Threat Manager's pre-defined library will still exhibit abnormal behavior with regard to file access operations, including large volumes of updates, renames and writes. Lateral Movement Example: If a user is accessing an abnormal number of hosts and is performing file activity on a large number of resources, this could be an indicator of suspicious lateral movement. Delete Example: Upon termination, disgruntled employees sometimes delete large volumes of files to cause the organization harm. | +| Trigger | Threat Manager analyzes the following aspects of each user’s behavior and create a threat when abnormalities are detected based on a given user's normal level of activity. File System - Number of Reads - Number of Updates - Number of Deletes - Number of Renames - Number of Permission Changes - Number of Writes - Number of Denied Events - Number of Hosts Accessed - Number of Resources - Number of Files with Sensitive Data Active Directory - Successful Kerberos authentications - Successful NTLM authentications - Failed authentications - Object changes - Object adds - Object deletes - Object renames - Distinct clients used (for AD activity) - Distinct hosts accessed (for AD activity) - LDAP objects queried Outliers are detected through unsupervised clustering of a user's historical activity. | + +## First-Time Client Use + +If a user accesses a share using a new client, a threat is created. + +| First-Time Client Use | | +| --------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Definition | The First-Time Client Use threat detects when a user accesses file share data from a client they have never used to access data previously. | +| Example | A user normally uses their own workstation to access file shares. On a given day, the user accesses files from a different workstation, indicating the user’s account may be compromised. | +| Trigger | Threat Manager analyzes user behavior over a learning period (e.g. 30 days) to profile which clients a user normally leverages. Once a new client is used to perform file system activity for the first time for a particular user, Threat Manager creates a threat. | + +## First-Time Host Access + +If a user accesses a host for the first time, a threat is created. + +| First-Time Host Access | | +| ---------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Definition | The First-Time Host Access threat detects when a user performs file activity on a new host they haven’t accessed previously. | +| Example | Most users only interact with a few file servers based on their geographic location, the department they are in, etc. Over a learning period (e.g. 30 days), Threat Manager profiles which hosts a user commonly accesses data on. After the learning period, Threat Manager creates a threat if a new host is accessed for the first time. | +| Trigger | A user accessed an open share on a new host for the first time. | diff --git a/docs/threatmanager/3.0/overview/threats/overview.md b/docs/threatmanager/3.0/overview/threats/overview.md new file mode 100644 index 0000000000..8e0c5b4ec8 --- /dev/null +++ b/docs/threatmanager/3.0/overview/threats/overview.md @@ -0,0 +1,25 @@ +--- +title: "Type of Threats" +description: "Type of Threats" +sidebar_position: 30 +--- + +# Type of Threats + +Netwrix Threat Manager by default provides some pre-configured threats and users can create custom +threats using the Custom option or through the Create Threat option on the Investigation page. The +pre-defined and custom threats are listed in the Threat box. Threats that are crossed out are +disabled threats. + +![Threats Box](/img/product_docs/threatmanager/3.0/threats/threatsbox.webp) + +The Threats list divides the threats into the following sections: + +- [Active Directory Threats](/docs/threatmanager/3.0/overview/threats/activedirectory.md) +- [Entra ID Threats](/docs/threatmanager/3.0/overview/threats/entraid.md) +- [File System Threats](/docs/threatmanager/3.0/overview/threats/filesystem.md) +- [General Threats](/docs/threatmanager/3.0/overview/threats/general.md) +- [Custom Threats](/docs/threatmanager/3.0/overview/threats/custom.md) + +Select a threat from the list to display the threat's configuration options to the right of the +Threats box. diff --git a/docs/threatmanager/3.0/overview/whatsnew.md b/docs/threatmanager/3.0/overview/whatsnew.md new file mode 100644 index 0000000000..ba48754828 --- /dev/null +++ b/docs/threatmanager/3.0/overview/whatsnew.md @@ -0,0 +1,59 @@ +--- +title: "What's New" +description: "What's New" +sidebar_position: 20 +--- + +# What's New + +## New Netwrix Community! + +All Netwrix product announcements have moved to the new Netwrix Community. See announcements for +Netwrix Threat Manager in the +[Threat Manager](https://community.netwrix.com/c/threat-manager/announcements/162) area of our new +community. + +The following information highlights the new and enhanced features introduced in this Netwrix Threat +Manager version. + +## Threat Manager 3.0 + +New: Microsoft Entra ID Threat Detection & Response + +Netwrix Threat Manager 3.0 now safeguards your entire identity infrastructure by extending +protection to Microsoft Entra ID, in addition to on-premises Active Directory + +New: Threat Detection for Entra ID + +- Application Permission Changes: Modifications to application permissions, potentially granting + excessive access to Entra ID resources, and Microsoft Entra ID +- Compromised User Activity: Actions performed by an account identified as “Confirmed Compromised” + within Microsoft Entra ID +- Impossible Travel: User activity detected from multiple geographic locations, suggesting account + compromise or unauthorized access +- New Application Credential: Creation of a new application credential, potentially indicating a + compromised application +- Sensitive Role Changes: Modifications to sensitive roles in Microsoft Entra ID, such as Global + Admins +- Updated Detection for Abnormal User Behavior: Now includes Entra ID activity + +New: Automated Response Actions for Entra ID + +- Entra ID Group Membership: Modify group memberships for the affected user or perpetrator +- Disable Entra ID User: Temporarily or permanently disable the user account to prevent further + unauthorized access +- Flag Entra ID User as Confirmed Compromised: Mark the user account as compromised to trigger + additional security measures and investigations +- Reset Entra ID Password: Resets the perpetrator or affected users password to prevent further + access +- Revoke Entra ID Sessions: Terminate all active sessions for the perpetrator or affected user to + prevent unauthorized access + +Enhancement: More Granular Role-Based Access Control (RBAC) for Reporting & Investigations + +More precise role-based access control for managing reporting and investigations, ensuring that only +authorized users have access to sensitive information + +Enhancement: Updated Investigations Interface + +Improved interface for a more intuitive user experience diff --git a/docs/threatmanager/3.0/requirements/_category_.json b/docs/threatmanager/3.0/requirements/_category_.json new file mode 100644 index 0000000000..8a00596580 --- /dev/null +++ b/docs/threatmanager/3.0/requirements/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Requirements", + "position": 20, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/threatmanager/3.0/requirements/actionservice.md b/docs/threatmanager/3.0/requirements/actionservice.md index 39898d1c2d..afe0942a63 100644 --- a/docs/threatmanager/3.0/requirements/actionservice.md +++ b/docs/threatmanager/3.0/requirements/actionservice.md @@ -1,3 +1,9 @@ +--- +title: "Action Service Requirements" +description: "Action Service Requirements" +sidebar_position: 40 +--- + # Action Service Requirements The Action Service can be installed on additional servers. diff --git a/docs/threatmanager/3.0/requirements/client.md b/docs/threatmanager/3.0/requirements/client.md index 9dc3242e77..971300fdd6 100644 --- a/docs/threatmanager/3.0/requirements/client.md +++ b/docs/threatmanager/3.0/requirements/client.md @@ -1,3 +1,9 @@ +--- +title: "Client Requirements" +description: "Client Requirements" +sidebar_position: 30 +--- + # Client Requirements Threat Manager is a web service which can be accessed locally or remotely if the server’s firewall diff --git a/docs/threatmanager/3.0/requirements/database.md b/docs/threatmanager/3.0/requirements/database.md index 2e3b2692bc..95c443c7b2 100644 --- a/docs/threatmanager/3.0/requirements/database.md +++ b/docs/threatmanager/3.0/requirements/database.md @@ -1,3 +1,9 @@ +--- +title: "Database Server Requirements" +description: "Database Server Requirements" +sidebar_position: 20 +--- + # Database Server Requirements **NOTE:** Use this information when the database server is separate from the application server. diff --git a/docs/threatmanager/3.0/requirements/overview.md b/docs/threatmanager/3.0/requirements/overview.md index 1b9108a7e8..926aedd1a8 100644 --- a/docs/threatmanager/3.0/requirements/overview.md +++ b/docs/threatmanager/3.0/requirements/overview.md @@ -1,3 +1,9 @@ +--- +title: "Requirements" +description: "Requirements" +sidebar_position: 20 +--- + # Requirements This topic describes the recommended configuration of the servers needed to install the application diff --git a/docs/threatmanager/3.0/requirements/permissions/_category_.json b/docs/threatmanager/3.0/requirements/permissions/_category_.json new file mode 100644 index 0000000000..f9bfdd83ff --- /dev/null +++ b/docs/threatmanager/3.0/requirements/permissions/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Overview", + "position": 60, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/threatmanager/3.0/requirements/permissions/adsync.md b/docs/threatmanager/3.0/requirements/permissions/adsync.md index 1c53a0c886..bf44704c5c 100644 --- a/docs/threatmanager/3.0/requirements/permissions/adsync.md +++ b/docs/threatmanager/3.0/requirements/permissions/adsync.md @@ -1,3 +1,9 @@ +--- +title: "Permissions for Active Directory Sync" +description: "Permissions for Active Directory Sync" +sidebar_position: 10 +--- + # Permissions for Active Directory Sync The following permissions are required for the credential used by Threat Manager for Active diff --git a/docs/threatmanager/3.0/requirements/permissions/entraidsync.md b/docs/threatmanager/3.0/requirements/permissions/entraidsync.md index b35edaeeb5..cc92868b9b 100644 --- a/docs/threatmanager/3.0/requirements/permissions/entraidsync.md +++ b/docs/threatmanager/3.0/requirements/permissions/entraidsync.md @@ -1,3 +1,9 @@ +--- +title: "Application Permissions for Entra ID Sync" +description: "Application Permissions for Entra ID Sync" +sidebar_position: 20 +--- + # Application Permissions for Entra ID Sync The following permissions are required for the credential used by Threat Manager for Microsoft Entra diff --git a/docs/threatmanager/3.0/requirements/permissions/overview.md b/docs/threatmanager/3.0/requirements/permissions/overview.md index 0222c13e71..a6f01f3f4b 100644 --- a/docs/threatmanager/3.0/requirements/permissions/overview.md +++ b/docs/threatmanager/3.0/requirements/permissions/overview.md @@ -1,3 +1,9 @@ +--- +title: "Overview" +description: "Overview" +sidebar_position: 60 +--- + # Overview To sync Active Directory domain(s) and Microsoft Entra ID tenant(s) in Threat Manager you must use diff --git a/docs/threatmanager/3.0/requirements/ports.md b/docs/threatmanager/3.0/requirements/ports.md index 46d9f096e7..548486d88a 100644 --- a/docs/threatmanager/3.0/requirements/ports.md +++ b/docs/threatmanager/3.0/requirements/ports.md @@ -1,3 +1,9 @@ +--- +title: "Ports Requirements" +description: "Ports Requirements" +sidebar_position: 50 +--- + # Ports Requirements Netwrix Threat Manager architecture and components interactions are shown in the figure below. diff --git a/docs/threatmanager/3.0/requirements/server.md b/docs/threatmanager/3.0/requirements/server.md index 6c53c893a4..a582646aba 100644 --- a/docs/threatmanager/3.0/requirements/server.md +++ b/docs/threatmanager/3.0/requirements/server.md @@ -1,3 +1,9 @@ +--- +title: "Application Server Requirements" +description: "Application Server Requirements" +sidebar_position: 10 +--- + # Application Server Requirements **CAUTION:** Netwrix Threat Manager cannot be installed on the same server as Netwrix Threat Manager diff --git a/docs/threatmanager/3.0/threats/activedirectory.md b/docs/threatmanager/3.0/threats/activedirectory.md deleted file mode 100644 index b22532fdb1..0000000000 --- a/docs/threatmanager/3.0/threats/activedirectory.md +++ /dev/null @@ -1,152 +0,0 @@ -# Active Directory Threats - -The following threats are monitored for Active Directory: - -## AdminSDHolder ACL Tampering - -| AdminSDHolder ACL Tampering | | -| --------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Definition | Modifying the Access Control List (ACL) of the AdminSDHolder container in Active Directory enables an attacker to achieve and maintain persistence in an already compromised domain, even if an administrator finds and removes the attacker's permission on a protected object the AdminSDHolder controls. | - -## AS-REP Roasted Users - -| AS-REP Roasted Users | | -| -------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| **Definition** | AS-REP roasting is a technique that allows retrieving password hashes for users that have 'Do not require Kerberos pre-authentication' property selected. Those hashes can then be cracked offline. | - -## DCShadow - -| DCShadow | | -| ---------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Definition | DCShadow is a feature of Mimikatz and a technique for elevating a regular workstation account to a domain controller and executing malicious replication against the domain. DCShadow can set arbitrary attributes within Active Directory. | - -## DC Sync - -| DC Sync | | -| ---------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -| Definition | Replication from a non-domain controller account can be evidence of a Mimikatz DCSync attack. Performing a DCSync remotely extracts the NTLM password hash for the account that is the target of the attack. | - -**NOTE:** The domain monitoring policy must be configured to exclude domain controllers. See the -[Integration with Other Netwrix Products](/docs/threatmanager/3.0/install/integration/overview.md) topic for additional -information. - -## Domain Backup Key Compromise - -| Domain Backup Key Compromise | | -| ---------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Definition | The Data Protection API (DPAPI) is used by Windows to encrypt user secrets such as saved credentials, browser cookies, website passwords, and other sensitive information. For computers joined to an Active Directory domain, secrets protected by the DPAPI are also encrypted with a domain backup key. This key is stored in Active Directory and enables recovery of DPAPI-protected secrets should the user lose their own backup key. Because the domain backup key cannot be rotated, its exposure is a significant event. | - -## Exposed Administrative Credentials - -| Exposed Administrative Credentials | | -| ---------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Definition | Highly privileged accounts, groups, and systems have direct or indirect administrative control over the Active Directory forest/domain. Given the sensitive nature of these accounts, they should only be used on domain controllers. Pass-the-Hash attacks are successful because highly privileged credentials are used to access lower security systems. Having access to a privileged user's hash allows attackers to move laterally. This threat aligns to best practices for securing Active Directory. If an organization does not enforce limiting privileged account access to only Domain Controllers, this threat should remain disabled to eliminate noise. | - -## Golden Ticket - -| Golden Ticket | | -| ------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Definition | By obtaining the password hash for the most powerful service account in Active Directory, the KRBTGT account, an attacker is able to compromise every account within Active Directory, giving them unlimited and virtually undetectable access to any system connected to Active Directory. | - -## Forged Ticket - -| Forged Ticket | | -| ------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Definition | Forged Tickets provide a way for an attacker to elevate privileges by injecting additional group membership into their Kerberos tickets, giving them more privileges than they actually have in Active Directory. Threat Manager will compare PAC data in authentication to the user's actual group member and generate a threat when it finds a discrepancy. | -| Trigger | Perform Authentication using fabricated/invalid tickets with groups present in the authentication Ticket PAC data that does not match the users Active Directory group membership. | - -## GMSA Password Access - -| GMSA Password Access | | -| -------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Definition | The passwords for Group Managed Service Accounts (GMSA) are stored in BLOB format in the msDS-ManagedPassword attribute of the GMSA account object in Active Directory. It is trivial to convert the BLOB to a useable clear text password. It is suspicious for a user to attempt to read this attribute, as only authorized computer accounts should retrieve a GMSA’s password. | - -## GMSA Permissions Assignment - -| GMSA Permissions Assignment | | -| --------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Definition | Permissions to retrieve passwords for Group Managed Service Accounts (GMSA) are typically granted only to the computer account of each computer running the service. The assignment of privileges to non-computer accounts (e.g. human accounts) can be indicative of an adversary's attempt to compromise the GMSA password. | - -## Hidden Object - -| Hidden Object | | -| ------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Definition | Changing object Deny Read or Deny List Contents permissions can effectively hide an Active Directory object as it will not be returned in LDAP queries. This causes the object to avoid monitoring and detection, as service accounts used by these solutions will be unable to query the object. | - -## Honeytoken - -| Honeytoken | | -| ---------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -| Definition | Honeytokens are fake credentials stored in memory. When an attack scans memory they may try to authenticate or query the domain for information about the account. A Honeytoken threat can be generated by two methods: LDAP or Authentication. An authentication Honeytoken threat is generated when a perpetrator attempts to authenticate with a Honeytoken user account. An LDAP Honeytoken threat is generated when a perpetrator performs an LDAP query against a Honeytoken user account. | - -## Insecure UAC Change - -| Insecure UAC Change | | -| ------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Definition | Some changes to User Account Control Flags on Active Directory Objects can potentially expose security risks."PASSWD_CANT_CHANGE", "TRUSTED_FOR_DELEGATION", "USE_DES_KEY_ONLY", and "DONT_REQ_PREAUTH" are particularly risky. | - -## Kerberoasting - -| Kerberoasting | | -| ------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Definition | Kerberoasting is an attack method that allows an attacker to crack the passwords of service accounts in Active Directory offline and without fear of detection. | - -## LDAP Reconnaissance - -| LDAP Reconnaissance | | -| ------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Definition | When an attacker initially compromises a system on a network, they will have few to no privileges within the domain. However, due to the architecture of Active Directory, once an attacker has infiltrated any domain-joined computer, they are able to query the directory and its objects using LDAP, allowing them to locate sensitive accounts and assets to target in their attack. | - -## LSASS Process Injection - -| LSASS Process Injection | | -| ----------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Definition | LSASS process injection is a deliberate and common method used by a variety of attacks including: Skeleton Key, MemSSP, and SID History Tampering. By injecting code into the lsass.exe process an attacker can scrape the password hashes directly out of process memory. | - -## Pass-The-Ticket - -| Pass-The-Ticket | | -| --------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -| Definition | A Pass-the-Ticket event occurs when a user extracts a valid Kerberos ticket from one system and uses it to authenticate from another system. This allows the attacker to compromise a user's account and use it from any domain-joined computer. | - -## Password Spraying - -| Password Spraying | | -| ----------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -| Definition | Password Spraying indicates an attempt to gain access to credentials by using common passwords against large numbers of accounts while also staying below an organization’s defined lockout threshold. | - -## Replication Permissions - -| Replication Permissions | | -| ----------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Definition | Providing a user with replication permissions allows the user to execute domain replication commands against domain controllers. This type of behavior is common with DCSync and DCShadow threats. | - -## Sensitive Group Changes - -| Sensitive Group Changes | | -| ----------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Definition | Sensitive Group Changes indicate that the membership of a group containing extremely sensitive permissions has been modified. This includes any Active Directory group with the Sensitive tag in Threat Manager, which includes many standard Active Directory Groups such as: Domain Admins, Enterprise Admins, and Schema Admins. | - -## Service Account Misuse - -| Service Account Misuse | | -| ---------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Definition | Indicates that a service account was used to log into a machine that is not listed in their service principal names attribute. This threat aligns to best practices for securing Active Directory. If an organization does not enforce service accounts to only authenticate to hosts within their servicePrincipalName values, this threat should remain disabled to eliminate noise. | - -## SID History Tampering - -| SID History Tampering | | -| --------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Definition | Mimikatz or other tools can be used to inject SID History into user accounts. This allows an account to effectively be given permissions, such as Domain Admin, even though it is not actually a member of Domain Admins. | - -## SPN Assigned to Privileged User - -| SPN Assigned to Privileged User | | -| ------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| **Definition** | An account is only vulnerable to Kerberoasting attacks if it has a service principal name. Service accounts should not have more privileges than required to perform their function. Visit [Netwrix Attack Catalog](https://www.netwrix.com/attack.html) to learn more about this threat. | - -## Zerologon Exploitation - -| Zerologon Exploitation | | -| ---------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Definition | CVE-2020-1472 (a.k.a. "Zerologon") is an elevation of privilege vulnerability that allows an unauthenticated attacker to escalate their privileges to domain administrator by exploiting a flaw in the Netlogon Remote Protocol (MS-NRPC). To exploit this vulnerability, an attacker requires only the ability to communicate over the MS-NRPC protocol to a domain controller. | diff --git a/docs/threatmanager/3.0/threats/custom.md b/docs/threatmanager/3.0/threats/custom.md deleted file mode 100644 index dd392469f4..0000000000 --- a/docs/threatmanager/3.0/threats/custom.md +++ /dev/null @@ -1,87 +0,0 @@ -# Custom Threats - -In additional to pre-configured threats, Threat Manager provides the ability to create custom -threats. A user can create a custom threat if they consider certain events to be dangerous in their -environment. For example, when one of the privileged users makes file changes. - -Custom threats can be created in one of the following ways: - -- Custom Option on the Threat Detection Page -- Create Threat Option on the Investigation Page - -## Custom Option on the Threat Detection Page - -Follow the steps to create a custom threat. - -**Step 1 –** Click on the gear icon at the top right of the screen. - -**Step 2 –** Select **Threat Detection**. This opens the Threat Detection page. - -**Step 3 –** In the Threats box on the left, click **Custom** . This opens the Investigate page. - -**Step 4 –** On the Investigate page, do one of the following: - -- Select an existing investigation, or -- Save a new one. See the - [New Investigation Page](/docs/threatmanager/3.0/administration/investigations/newinvestigation.md) for additional - information. - -**Step 5 –** In the selected investigation, click the **Create Threat** option. - -![CreateThreat Option](/img/product_docs/threatmanager/3.0/threats/createthreat.webp) - -The Custom Threat page opens. - -![Create Threat Dialog Box](/img/product_docs/threatmanager/3.0/threats/createthreatdialogbox.webp) - -**Step 6 –** Severity – The relative severity level, or risk level, of the threat. See the -[Fine Tune a Threat](/docs/threatmanager/3.0/administration/configuration/threatconfiguration.md) topic for additional -information. - -**Step 7 –** Description – Description of the threat. - -**NOTE:** Click the + sign in the description box to insert the `{{userName}}` macro. The macro will -associate the user that committed the threat. - -**Step 8 –** Definition – The threat definition is a detailed explanation of the threat providing -insight into why the incident is a potential risk. It appears at the top of the Threat Details page. -See the [Threat Details Page](/docs/threatmanager/3.0/administration/threatdetails/overview.md) topic for additional -information. - -**Step 9 –** The Custom Threat page has two tabs for threat configuration: - -- Threat Response – Assigning a threat response includes the following: - - - SIEM Alert – Check the box to forward threat information to a SIEM service when the threat is - detected. Uncheck it to turn off forwarding threat information to a SIEM service. - - Email Alert – Check the box to send email notifications when the threat is detected. Uncheck - it to turn off email notifications. - - Run Playbook – Select the playbook that will be used to respond to the threat. - -- Threat Settings – Select the Threshold check-box to enable configuration options i.e. the minimum - number of events during a specific time frame which will trigger a threat. - - - Count –The number of times that an event must occur before a threat is generated - - Time – The time period over which the count must occur to generate a threat. Enter a value and - set the units for the time period in the next field. - - Units – The time period units. Options in the drop-down menu include Minutes, Hours, or Days. - - Group By Perpetrator – When checked, the threat criteria is evaluated on a per-user basis. - This means that each perpetrating user's individual activity must match the investigation - criteria in order to generate a threat. The default is unchecked. - -Exclusions Tab - -The Exclusions tab lists existing exclusions for the threat. Exclusions allow rule-based definitions -to be defined for specific criteria to be excluded from threat detection for the threat type. - -![Threat Exclusion Tab](/img/product_docs/threatmanager/3.0/threats/exclusionstab.webp) - -**Step 10 –** Click **Save**. The investigation is now saved as a custom threat. - -## Create Threat Option on the Investigation Page - -For creating a custom threat from an Investigation page, the steps are as follows: - -1. Click Investigate in the application's header bar. -2. select an investigation and follow the steps from the Step 5 in the Custom Option on the Threat - Detection Page section above. diff --git a/docs/threatmanager/3.0/threats/filesystem.md b/docs/threatmanager/3.0/threats/filesystem.md deleted file mode 100644 index 2a8e4bb9cb..0000000000 --- a/docs/threatmanager/3.0/threats/filesystem.md +++ /dev/null @@ -1,45 +0,0 @@ -# File System Threats - -The following threats are monitored for File System: - -## High Risk Permissions - -High Risk Permissions are those which grant unrestricted access to a file or folder. When high risk -permissions are added or increased on a folder or file, a threat is created. - -| High Risk Permissions | | -| --------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Definition | The High Risk Permissions threat creates a threat when a high risk trustee (Domain Users, Anonymous Logon, Authenticated Users, and Everyone) is added to the ACL on a folder or file. These permissions are high risk because they grant unrestricted access to a resource. | -| Example | Domain Users are given Read access to a folder. Everyone is given Full Control on a folder which already had Domain Users with Read Access. | -| Trigger | A threat is created when a user adds a high risk trustee (defined above) to a folder or file, which increases the amount of open access. This threat is updated with the total number of folders or files affected due to the inherited permissions. | - -## NTDS.dit File Access - -Unauthorized file system interaction with the NTDS.dit file stored on Active Directory Domain -Controllers will be detected as a threat. - -| NTDS.dit File Access | | -| -------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Definition | By accessing the NTDS.dit file, Active Directory's database, an attacker can extract a copy of every user's password hash and subsequently act as any user in the domain. Threat Manager audits all activity related to the NTDS file and VSS copy to notify when an attacker could be accessing the information for an offline attack. | -| Trigger | Perform File or VSS activity against the NTDS.DIT file. | - -## Ransomware - -When a user creates or renames at least 100 files with a known ransomware extension or a name that -resembles common ransom notes, a threat is created for each rename action. - -| Ransomware | | -| ---------- | --------------------------------------------------------------------------------------------------------------------------------------- | -| Definition | Detects file activity that involves a file with a known ransomware extension or a file with a name that resembles common ransom notes. | -| Example | A user created a ".locky" file, and created and renamed more than 100 files with common ransomware extensions. | -| Trigger | Using a pre-defined library of known ransomware extensions, Threat Manager alerts on file create/rename activity with known extensions. | - -## Unusual Processes - -If a user runs a process on a monitored server for the first time, a threat is created. - -| Unusual Processes | | -| ----------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Definition | The Unusual Processes threat detects if previously unseen processes are launched on critical file servers. | -| Example | A user launches a "python.exe" process that has never been launched by anyone else in the environment. | -| Trigger | Threat Manager records the name of the processes associated with file access activities. Over a learning period (e.g. 30 days), Threat Manager profiles which processes are normal by aggregating data across all file servers. After that, if a new process is identified that has not been seen on any other file servers, a threat will be created. NOTE: This threat is only applicable on Windows file servers when the activity is performed locally. | diff --git a/docs/threatmanager/3.0/threats/general.md b/docs/threatmanager/3.0/threats/general.md deleted file mode 100644 index 2e677d1160..0000000000 --- a/docs/threatmanager/3.0/threats/general.md +++ /dev/null @@ -1,36 +0,0 @@ -# General Threats - -The following threats are monitored for File System and Active Directory. - -## Abnormal User Behavior - -Abnormal behavior detection begins when a user has been active for a minimum of 30 days, with up to -120 days of activity used to establish the baseline behavior for a user. Behavior for all users is -evaluated every 15 minutes. If a user deviates significantly from their baseline, a threat is -created. - -| Abnormal Behavior | | -| ----------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Definition | Indicates that a user's file system or Active Directory behavior has deviated from the user's normal behavioral profile. | -| Example | Sensitive Data Example: A user suddenly accesses far more files containing sensitive content than they normally do. Ransomware Example: New ransomware variants not represented in Threat Manager's pre-defined library will still exhibit abnormal behavior with regard to file access operations, including large volumes of updates, renames and writes. Lateral Movement Example: If a user is accessing an abnormal number of hosts and is performing file activity on a large number of resources, this could be an indicator of suspicious lateral movement. Delete Example: Upon termination, disgruntled employees sometimes delete large volumes of files to cause the organization harm. | -| Trigger | Threat Manager analyzes the following aspects of each user’s behavior and create a threat when abnormalities are detected based on a given user's normal level of activity. File System - Number of Reads - Number of Updates - Number of Deletes - Number of Renames - Number of Permission Changes - Number of Writes - Number of Denied Events - Number of Hosts Accessed - Number of Resources - Number of Files with Sensitive Data Active Directory - Successful Kerberos authentications - Successful NTLM authentications - Failed authentications - Object changes - Object adds - Object deletes - Object renames - Distinct clients used (for AD activity) - Distinct hosts accessed (for AD activity) - LDAP objects queried Outliers are detected through unsupervised clustering of a user's historical activity. | - -## First-Time Client Use - -If a user accesses a share using a new client, a threat is created. - -| First-Time Client Use | | -| --------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Definition | The First-Time Client Use threat detects when a user accesses file share data from a client they have never used to access data previously. | -| Example | A user normally uses their own workstation to access file shares. On a given day, the user accesses files from a different workstation, indicating the user’s account may be compromised. | -| Trigger | Threat Manager analyzes user behavior over a learning period (e.g. 30 days) to profile which clients a user normally leverages. Once a new client is used to perform file system activity for the first time for a particular user, Threat Manager creates a threat. | - -## First-Time Host Access - -If a user accesses a host for the first time, a threat is created. - -| First-Time Host Access | | -| ---------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Definition | The First-Time Host Access threat detects when a user performs file activity on a new host they haven’t accessed previously. | -| Example | Most users only interact with a few file servers based on their geographic location, the department they are in, etc. Over a learning period (e.g. 30 days), Threat Manager profiles which hosts a user commonly accesses data on. After the learning period, Threat Manager creates a threat if a new host is accessed for the first time. | -| Trigger | A user accessed an open share on a new host for the first time. | diff --git a/docs/threatmanager/3.0/threats/overview.md b/docs/threatmanager/3.0/threats/overview.md deleted file mode 100644 index af83d58663..0000000000 --- a/docs/threatmanager/3.0/threats/overview.md +++ /dev/null @@ -1,19 +0,0 @@ -# Type of Threats - -Netwrix Threat Manager by default provides some pre-configured threats and users can create custom -threats using the Custom option or through the Create Threat option on the Investigation page. The -pre-defined and custom threats are listed in the Threat box. Threats that are crossed out are -disabled threats. - -![Threats Box](/img/product_docs/threatmanager/3.0/threats/threatsbox.webp) - -The Threats list divides the threats into the following sections: - -- [Active Directory Threats](/docs/threatmanager/3.0/threats/activedirectory.md) -- [Entra ID Threats](/docs/threatmanager/3.0/threats/entraid.md) -- [File System Threats](/docs/threatmanager/3.0/threats/filesystem.md) -- [General Threats](/docs/threatmanager/3.0/threats/general.md) -- [Custom Threats](/docs/threatmanager/3.0/threats/custom.md) - -Select a threat from the list to display the threat's configuration options to the right of the -Threats box. diff --git a/docs/threatmanager/3.0/whatsnew.md b/docs/threatmanager/3.0/whatsnew.md deleted file mode 100644 index 54c99f6823..0000000000 --- a/docs/threatmanager/3.0/whatsnew.md +++ /dev/null @@ -1,53 +0,0 @@ -# What's New - -## New Netwrix Community! - -All Netwrix product announcements have moved to the new Netwrix Community. See announcements for -Netwrix Threat Manager in the -[Threat Manager](https://community.netwrix.com/c/threat-manager/announcements/162) area of our new -community. - -The following information highlights the new and enhanced features introduced in this Netwrix Threat -Manager version. - -## Threat Manager 3.0 - -New: Microsoft Entra ID Threat Detection & Response - -Netwrix Threat Manager 3.0 now safeguards your entire identity infrastructure by extending -protection to Microsoft Entra ID, in addition to on-premises Active Directory - -New: Threat Detection for Entra ID - -- Application Permission Changes: Modifications to application permissions, potentially granting - excessive access to Entra ID resources, and Microsoft Entra ID -- Compromised User Activity: Actions performed by an account identified as “Confirmed Compromised” - within Microsoft Entra ID -- Impossible Travel: User activity detected from multiple geographic locations, suggesting account - compromise or unauthorized access -- New Application Credential: Creation of a new application credential, potentially indicating a - compromised application -- Sensitive Role Changes: Modifications to sensitive roles in Microsoft Entra ID, such as Global - Admins -- Updated Detection for Abnormal User Behavior: Now includes Entra ID activity - -New: Automated Response Actions for Entra ID - -- Entra ID Group Membership: Modify group memberships for the affected user or perpetrator -- Disable Entra ID User: Temporarily or permanently disable the user account to prevent further - unauthorized access -- Flag Entra ID User as Confirmed Compromised: Mark the user account as compromised to trigger - additional security measures and investigations -- Reset Entra ID Password: Resets the perpetrator or affected users password to prevent further - access -- Revoke Entra ID Sessions: Terminate all active sessions for the perpetrator or affected user to - prevent unauthorized access - -Enhancement: More Granular Role-Based Access Control (RBAC) for Reporting & Investigations - -More precise role-based access control for managing reporting and investigations, ensuring that only -authorized users have access to sensitive information - -Enhancement: Updated Investigations Interface - -Improved interface for a more intuitive user experience diff --git a/docs/threatprevention/7.5/admin/_category_.json b/docs/threatprevention/7.5/admin/_category_.json new file mode 100644 index 0000000000..51435b6e32 --- /dev/null +++ b/docs/threatprevention/7.5/admin/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Administration", + "position": 40, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/threatprevention/7.5/admin/agents/_category_.json b/docs/threatprevention/7.5/admin/agents/_category_.json new file mode 100644 index 0000000000..bbf550f6ac --- /dev/null +++ b/docs/threatprevention/7.5/admin/agents/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Agents Interface", + "position": 40, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/threatprevention/7.5/admin/agents/agent-management/_category_.json b/docs/threatprevention/7.5/admin/agents/agent-management/_category_.json new file mode 100644 index 0000000000..d48b1d56c3 --- /dev/null +++ b/docs/threatprevention/7.5/admin/agents/agent-management/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Agent Management", + "position": 40, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/threatprevention/7.5/admin/agents/management/clearqueue.md b/docs/threatprevention/7.5/admin/agents/agent-management/clearqueue.md similarity index 95% rename from docs/threatprevention/7.5/admin/agents/management/clearqueue.md rename to docs/threatprevention/7.5/admin/agents/agent-management/clearqueue.md index 4d9ade5e39..8877671dcd 100644 --- a/docs/threatprevention/7.5/admin/agents/management/clearqueue.md +++ b/docs/threatprevention/7.5/admin/agents/agent-management/clearqueue.md @@ -1,3 +1,9 @@ +--- +title: "Clear SQLite Agent Queue" +description: "Clear SQLite Agent Queue" +sidebar_position: 80 +--- + # Clear SQLite Agent Queue When the Agent is unable to communicate with the Enterprise Manager, Agent events queue up in the diff --git a/docs/threatprevention/7.5/admin/agents/management/harden.md b/docs/threatprevention/7.5/admin/agents/agent-management/harden.md similarity index 95% rename from docs/threatprevention/7.5/admin/agents/management/harden.md rename to docs/threatprevention/7.5/admin/agents/agent-management/harden.md index b26d85cac3..6da8fe2106 100644 --- a/docs/threatprevention/7.5/admin/agents/management/harden.md +++ b/docs/threatprevention/7.5/admin/agents/agent-management/harden.md @@ -1,3 +1,9 @@ +--- +title: "Harden Agent" +description: "Harden Agent" +sidebar_position: 40 +--- + # Harden Agent You van harden an Agent to protect it from being altered, stopped, or started from within the local diff --git a/docs/threatprevention/7.5/admin/agents/management/removeserver.md b/docs/threatprevention/7.5/admin/agents/agent-management/removeserver.md similarity index 86% rename from docs/threatprevention/7.5/admin/agents/management/removeserver.md rename to docs/threatprevention/7.5/admin/agents/agent-management/removeserver.md index c304437b3e..2f631734ab 100644 --- a/docs/threatprevention/7.5/admin/agents/management/removeserver.md +++ b/docs/threatprevention/7.5/admin/agents/agent-management/removeserver.md @@ -1,3 +1,9 @@ +--- +title: "Remove Server from List" +description: "Remove Server from List" +sidebar_position: 70 +--- + # Remove Server from List The Agents Interface displays a list of servers where the Agent has been deployed. You may want to diff --git a/docs/threatprevention/7.5/admin/agents/management/soften.md b/docs/threatprevention/7.5/admin/agents/agent-management/soften.md similarity index 95% rename from docs/threatprevention/7.5/admin/agents/management/soften.md rename to docs/threatprevention/7.5/admin/agents/agent-management/soften.md index 43d494ea4b..59bc6622cd 100644 --- a/docs/threatprevention/7.5/admin/agents/management/soften.md +++ b/docs/threatprevention/7.5/admin/agents/agent-management/soften.md @@ -1,3 +1,9 @@ +--- +title: "Soften Agent" +description: "Soften Agent" +sidebar_position: 50 +--- + # Soften Agent You can soften a previously hardened Agent. Softening unlocks the Agent so it can be controlled from diff --git a/docs/threatprevention/7.5/admin/agents/management/start.md b/docs/threatprevention/7.5/admin/agents/agent-management/start.md similarity index 95% rename from docs/threatprevention/7.5/admin/agents/management/start.md rename to docs/threatprevention/7.5/admin/agents/agent-management/start.md index 2d989dd2f5..06f191a2b8 100644 --- a/docs/threatprevention/7.5/admin/agents/management/start.md +++ b/docs/threatprevention/7.5/admin/agents/agent-management/start.md @@ -1,3 +1,9 @@ +--- +title: "Start Agent" +description: "Start Agent" +sidebar_position: 10 +--- + # Start Agent If the Agent has stopped on a server, it no longer monitors and captures events. You must restart it diff --git a/docs/threatprevention/7.5/admin/agents/management/startpendingmodules.md b/docs/threatprevention/7.5/admin/agents/agent-management/startpendingmodules.md similarity index 93% rename from docs/threatprevention/7.5/admin/agents/management/startpendingmodules.md rename to docs/threatprevention/7.5/admin/agents/agent-management/startpendingmodules.md index 2afb0d465d..70a8b6b92b 100644 --- a/docs/threatprevention/7.5/admin/agents/management/startpendingmodules.md +++ b/docs/threatprevention/7.5/admin/agents/agent-management/startpendingmodules.md @@ -1,3 +1,9 @@ +--- +title: "Start Pending Modules" +description: "Start Pending Modules" +sidebar_position: 30 +--- + # Start Pending Modules If the Agent was deployed using the Safe Mode option, then it could enter a _Start Pending Modules_ diff --git a/docs/threatprevention/7.5/admin/agents/management/stop.md b/docs/threatprevention/7.5/admin/agents/agent-management/stop.md similarity index 95% rename from docs/threatprevention/7.5/admin/agents/management/stop.md rename to docs/threatprevention/7.5/admin/agents/agent-management/stop.md index a82ea97f58..716f113815 100644 --- a/docs/threatprevention/7.5/admin/agents/management/stop.md +++ b/docs/threatprevention/7.5/admin/agents/agent-management/stop.md @@ -1,3 +1,9 @@ +--- +title: "Stop Agent" +description: "Stop Agent" +sidebar_position: 20 +--- + # Stop Agent You may want to stop the Agent on a server for any reason, such as troubleshooting. diff --git a/docs/threatprevention/7.5/admin/agents/management/upgradeadmonitor.md b/docs/threatprevention/7.5/admin/agents/agent-management/upgradeadmonitor.md similarity index 95% rename from docs/threatprevention/7.5/admin/agents/management/upgradeadmonitor.md rename to docs/threatprevention/7.5/admin/agents/agent-management/upgradeadmonitor.md index fae7d023e6..ed41c4a90a 100644 --- a/docs/threatprevention/7.5/admin/agents/management/upgradeadmonitor.md +++ b/docs/threatprevention/7.5/admin/agents/agent-management/upgradeadmonitor.md @@ -1,3 +1,9 @@ +--- +title: "Upgrade ADMonitor" +description: "Upgrade ADMonitor" +sidebar_position: 60 +--- + # Upgrade ADMonitor You can update the instrumentation DLL, SI.ActiveDirectoryMonitor.dll (commonly known as ADMonitor diff --git a/docs/threatprevention/7.5/admin/agents/agents-windows/_category_.json b/docs/threatprevention/7.5/admin/agents/agents-windows/_category_.json new file mode 100644 index 0000000000..4f59c74977 --- /dev/null +++ b/docs/threatprevention/7.5/admin/agents/agents-windows/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Agents Windows", + "position": 30, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/threatprevention/7.5/admin/agents/window/agentinstallerupdate.md b/docs/threatprevention/7.5/admin/agents/agents-windows/agentinstallerupdate.md similarity index 94% rename from docs/threatprevention/7.5/admin/agents/window/agentinstallerupdate.md rename to docs/threatprevention/7.5/admin/agents/agents-windows/agentinstallerupdate.md index 53837b7bd3..fe7efc267e 100644 --- a/docs/threatprevention/7.5/admin/agents/window/agentinstallerupdate.md +++ b/docs/threatprevention/7.5/admin/agents/agents-windows/agentinstallerupdate.md @@ -1,3 +1,9 @@ +--- +title: "Agent Installer Update Window" +description: "Agent Installer Update Window" +sidebar_position: 10 +--- + # Agent Installer Update Window Netwrix periodically releases updated Agent installation packages. Typically these updates are diff --git a/docs/threatprevention/7.5/admin/agents/window/configureautodeploy.md b/docs/threatprevention/7.5/admin/agents/agents-windows/configureautodeploy.md similarity index 94% rename from docs/threatprevention/7.5/admin/agents/window/configureautodeploy.md rename to docs/threatprevention/7.5/admin/agents/agents-windows/configureautodeploy.md index fcfae09119..0be0b2ec40 100644 --- a/docs/threatprevention/7.5/admin/agents/window/configureautodeploy.md +++ b/docs/threatprevention/7.5/admin/agents/agents-windows/configureautodeploy.md @@ -1,3 +1,9 @@ +--- +title: "Configure Auto Deploy Window" +description: "Configure Auto Deploy Window" +sidebar_position: 20 +--- + # Configure Auto Deploy Window You can automatically deploy Agents to discovered domain controllers in a domain, provided that the diff --git a/docs/threatprevention/7.5/admin/agents/window/enrollmentsecretconfiguration.md b/docs/threatprevention/7.5/admin/agents/agents-windows/enrollmentsecretconfiguration.md similarity index 93% rename from docs/threatprevention/7.5/admin/agents/window/enrollmentsecretconfiguration.md rename to docs/threatprevention/7.5/admin/agents/agents-windows/enrollmentsecretconfiguration.md index 530f12e1d9..49662967d8 100644 --- a/docs/threatprevention/7.5/admin/agents/window/enrollmentsecretconfiguration.md +++ b/docs/threatprevention/7.5/admin/agents/agents-windows/enrollmentsecretconfiguration.md @@ -1,3 +1,9 @@ +--- +title: "Enrollment Secret Configuration Window" +description: "Enrollment Secret Configuration Window" +sidebar_position: 30 +--- + # Enrollment Secret Configuration Window The Enrollment Secret is a limited-life (1 hour) password generated by the Enterprise Manager. The @@ -9,7 +15,7 @@ enrollment secret is applied depends on the method used to install the Agent. and use a new enrollment secret as part of automated Agent installation. - If installing the Agent manually, the enrollment secret must be entered in the Certificates window of the Agent Setup wizard during installation. See the - [Manual Agent Deployment](/docs/threatprevention/7.5/install/agent/manual.md) topic for additional information. + [Manual Agent Deployment](/docs/threatprevention/7.5/install/agent/manual/manual.md) topic for additional information. Follow the steps to generate the enrollment secret. diff --git a/docs/threatprevention/7.5/admin/agents/window/loglevelconfiguration.md b/docs/threatprevention/7.5/admin/agents/agents-windows/loglevelconfiguration.md similarity index 97% rename from docs/threatprevention/7.5/admin/agents/window/loglevelconfiguration.md rename to docs/threatprevention/7.5/admin/agents/agents-windows/loglevelconfiguration.md index 17724ccfd8..c91449cf40 100644 --- a/docs/threatprevention/7.5/admin/agents/window/loglevelconfiguration.md +++ b/docs/threatprevention/7.5/admin/agents/agents-windows/loglevelconfiguration.md @@ -1,3 +1,9 @@ +--- +title: "Log Level Configuration Window" +description: "Log Level Configuration Window" +sidebar_position: 40 +--- + # Log Level Configuration Window The Log Level Configuration window displays the current log levels for the Agents, Enterprise diff --git a/docs/threatprevention/7.5/admin/agents/deploy/_category_.json b/docs/threatprevention/7.5/admin/agents/deploy/_category_.json new file mode 100644 index 0000000000..3b79969e0b --- /dev/null +++ b/docs/threatprevention/7.5/admin/agents/deploy/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Deploy Agents", + "position": 20, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/threatprevention/7.5/admin/agents/deploy/installing.md b/docs/threatprevention/7.5/admin/agents/deploy/installing.md index 9a1e8fd96e..0a705d8321 100644 --- a/docs/threatprevention/7.5/admin/agents/deploy/installing.md +++ b/docs/threatprevention/7.5/admin/agents/deploy/installing.md @@ -1,3 +1,9 @@ +--- +title: "Installing Window" +description: "Installing Window" +sidebar_position: 40 +--- + # Installing Window The Deploy Agents wizard's Installing window is the last in a sequence of four windows to deploy the diff --git a/docs/threatprevention/7.5/admin/agents/deploy/overview.md b/docs/threatprevention/7.5/admin/agents/deploy/overview.md index d78c9ff010..46ca0bd40e 100644 --- a/docs/threatprevention/7.5/admin/agents/deploy/overview.md +++ b/docs/threatprevention/7.5/admin/agents/deploy/overview.md @@ -1,3 +1,9 @@ +--- +title: "Deploy Agents" +description: "Deploy Agents" +sidebar_position: 20 +--- + # Deploy Agents The Threat Prevention Agent can be deployed through any of the following methods: @@ -9,7 +15,7 @@ The Threat Prevention Agent can be deployed through any of the following methods - Manually through the Windows Agent Setup Wizard – Run the Agent executable to launch this wizard -See the [Manual Agent Deployment](/docs/threatprevention/7.5/install/agent/manual.md) topic for additional +See the [Manual Agent Deployment](/docs/threatprevention/7.5/install/agent/manual/manual.md) topic for additional information. ## Deploy Agents Wizard @@ -18,7 +24,7 @@ The Deploy Agents wizard enables you to deploy Agents from the Administration Co targeted for Agent deployment must meet the minimum .NET Framework version required by the Agent or the deployment fails. Remember to check server requirements before deploying the Agent, including compatibility with other security products. See the -[Agent Server Requirements](/docs/threatprevention/7.5/requirements/agent.md) topic for additional information. +[Agent Server Requirements](/docs/threatprevention/7.5/requirements/agent/agent.md) topic for additional information. **NOTE:** The wizard does not block access to the Administration Console and can be minimized while actions are in progress. If this wizard is hidden by clicking outside of the dialog box, a flashing diff --git a/docs/threatprevention/7.5/admin/agents/deploy/prerequisitescheck.md b/docs/threatprevention/7.5/admin/agents/deploy/prerequisitescheck.md index 716ba0914a..925f7583d7 100644 --- a/docs/threatprevention/7.5/admin/agents/deploy/prerequisitescheck.md +++ b/docs/threatprevention/7.5/admin/agents/deploy/prerequisitescheck.md @@ -1,3 +1,9 @@ +--- +title: "Prerequisites Check Window" +description: "Prerequisites Check Window" +sidebar_position: 30 +--- + # Prerequisites Check Window The Deploy Agents wizard's Prerequisites Check window is the third in a sequence of four windows to diff --git a/docs/threatprevention/7.5/admin/agents/deploy/selectcomputers.md b/docs/threatprevention/7.5/admin/agents/deploy/selectcomputers.md index 765bd6a6b9..7fa28fae85 100644 --- a/docs/threatprevention/7.5/admin/agents/deploy/selectcomputers.md +++ b/docs/threatprevention/7.5/admin/agents/deploy/selectcomputers.md @@ -1,3 +1,9 @@ +--- +title: "Select Computers Window" +description: "Select Computers Window" +sidebar_position: 10 +--- + # Select Computers Window The Deploy Agents wizard's Select Computer window is the first in a sequence of four windows to diff --git a/docs/threatprevention/7.5/admin/agents/deploy/setoptions.md b/docs/threatprevention/7.5/admin/agents/deploy/setoptions.md index 86ea45ece4..82e6847abc 100644 --- a/docs/threatprevention/7.5/admin/agents/deploy/setoptions.md +++ b/docs/threatprevention/7.5/admin/agents/deploy/setoptions.md @@ -1,3 +1,9 @@ +--- +title: "Set Options Window" +description: "Set Options Window" +sidebar_position: 20 +--- + # Set Options Window The Deploy Agents wizard's Set Options window is the second in a sequence of four windows to deploy diff --git a/docs/threatprevention/7.5/admin/agents/overview.md b/docs/threatprevention/7.5/admin/agents/overview.md index 20af2de284..1fa3ca93d4 100644 --- a/docs/threatprevention/7.5/admin/agents/overview.md +++ b/docs/threatprevention/7.5/admin/agents/overview.md @@ -1,3 +1,9 @@ +--- +title: "Agents Interface" +description: "Agents Interface" +sidebar_position: 40 +--- + # Agents Interface The Agents interface allows you to quickly view, deploy, and manage Agents from a centralized @@ -15,7 +21,7 @@ The Threat Prevention Agent can be deployed through any of the following methods - Manually through the Windows Agent Setup Wizard – Run the Agent executable to launch this wizard See the [Deploy Agents](/docs/threatprevention/7.5/admin/agents/deploy/overview.md) and -[Manual Agent Deployment](/docs/threatprevention/7.5/install/agent/manual.md) topics for additional information. +[Manual Agent Deployment](/docs/threatprevention/7.5/install/agent/manual/manual.md) topics for additional information. Click **Agents** in the left pane to open the Agents interface. @@ -55,7 +61,7 @@ information for an Agent: names. **NOTE:** You can use the FSMO roles information in combination with a policy created for the - [FSMO Role Monitoring Event Type](/docs/threatprevention/7.5/admin/policies/eventtype/fsmorolemonitoring.md) to view events + [FSMO Role Monitoring Event Type](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/fsmorolemonitoring.md) to view events about which machine acquired a FSMO role and which machine relinquished it. - Operating System – Operating system for the machine where the Agent is deployed with version @@ -122,11 +128,11 @@ interface | ---------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | ![Agents Interface - Export Agent List icon](/img/product_docs/threatprevention/7.5/admin/agents/exporticon.webp) | Export Agent List… | Save the information to an XML file for export | | ![Agents Interface - Refresh Agent List icon](/img/product_docs/threatprevention/7.5/admin/agents/refreshicon.webp) | Refresh Agent List… | Refresh the Agent information | -| ![Agents Interface - Update Logging Levels icon](/img/product_docs/threatprevention/7.5/admin/agents/updateloggingicon.webp) | Update Logging Levels… | Configure the log levels for the Agent(s). It opens the [Log Level Configuration Window](/docs/threatprevention/7.5/admin/agents/window/loglevelconfiguration.md). | -| ![Agents Interface - Get Agent Log icon](/img/product_docs/threatprevention/7.5/admin/agents/getagentlogicon.webp) | Get Agent Log… | Access Agent log files. See the [Access Agent Log Files](/docs/threatprevention/7.5/admin/agents/window/loglevelconfiguration.md#access-agent-log-files) topic for additional information. | -| ![Agents Interface - Update Agent Installer icon](/img/product_docs/threatprevention/7.5/admin/agents/updateinstallericon.webp) | Update Agent Installer | Check with Netwrix for a newer version of the Agent Installer according to the version in use. It opens the [Agent Installer Update Window](/docs/threatprevention/7.5/admin/agents/window/agentinstallerupdate.md). | -| ![Agents Interface - Configure Auto Deploy icon](/img/product_docs/threatprevention/7.5/admin/agents/autodeployicon.webp) | Configure Auto Deploy | If enabled, the Agent is automatically deployed to all domain controllers without an Agent. This feature requires at least one Agent to be present in the domain in order to detect additional domain controllers. It opens the [Configure Auto Deploy Window](/docs/threatprevention/7.5/admin/agents/window/configureautodeploy.md). | -| ![Agents Interface - Agent Enrollment Secret icon](/img/product_docs/threatprevention/7.5/admin/agents/enrollmentsecreticon.webp) | Agent Enrollment Secret | Generate the enrollment secret used to deploy the Agent. Opens the [Enrollment Secret Configuration Window](/docs/threatprevention/7.5/admin/agents/window/enrollmentsecretconfiguration.md). | +| ![Agents Interface - Update Logging Levels icon](/img/product_docs/threatprevention/7.5/admin/agents/updateloggingicon.webp) | Update Logging Levels… | Configure the log levels for the Agent(s). It opens the [Log Level Configuration Window](/docs/threatprevention/7.5/admin/agents/agents-windows/loglevelconfiguration.md). | +| ![Agents Interface - Get Agent Log icon](/img/product_docs/threatprevention/7.5/admin/agents/getagentlogicon.webp) | Get Agent Log… | Access Agent log files. See the [Access Agent Log Files](/docs/threatprevention/7.5/admin/agents/agents-windows/loglevelconfiguration.md#access-agent-log-files) topic for additional information. | +| ![Agents Interface - Update Agent Installer icon](/img/product_docs/threatprevention/7.5/admin/agents/updateinstallericon.webp) | Update Agent Installer | Check with Netwrix for a newer version of the Agent Installer according to the version in use. It opens the [Agent Installer Update Window](/docs/threatprevention/7.5/admin/agents/agents-windows/agentinstallerupdate.md). | +| ![Agents Interface - Configure Auto Deploy icon](/img/product_docs/threatprevention/7.5/admin/agents/autodeployicon.webp) | Configure Auto Deploy | If enabled, the Agent is automatically deployed to all domain controllers without an Agent. This feature requires at least one Agent to be present in the domain in order to detect additional domain controllers. It opens the [Configure Auto Deploy Window](/docs/threatprevention/7.5/admin/agents/agents-windows/configureautodeploy.md). | +| ![Agents Interface - Agent Enrollment Secret icon](/img/product_docs/threatprevention/7.5/admin/agents/enrollmentsecreticon.webp) | Agent Enrollment Secret | Generate the enrollment secret used to deploy the Agent. Opens the [Enrollment Secret Configuration Window](/docs/threatprevention/7.5/admin/agents/agents-windows/enrollmentsecretconfiguration.md). | | ![Agents Interface - Deploy Agent icon](/img/product_docs/threatprevention/7.5/admin/agents/deployagent.webp) | Deploy Agent | Deploy the Agent to selected servers. It opens the Deploy Agents wizard. See the [Deploy Agents](/docs/threatprevention/7.5/admin/agents/deploy/overview.md) topic for additional information. | ## Right-Click Menu @@ -143,15 +149,15 @@ The right-click menu contains the following selections: | Install Agent | Deploys the Agent to the desired machines. Opens the Deploy Agent wizard. See the [Deploy Agents](/docs/threatprevention/7.5/admin/agents/deploy/overview.md) topic for additional information. | | Uninstall Agent | Uninstalls a previously deployed Agent from its server. See the [Uninstall Agent](/docs/threatprevention/7.5/install/upgrade/uninstallagent.md) topic for additional information. | | Upgrade Agent | Upgrades the Agent to a newer version. See the [Upgrade Agent](/docs/threatprevention/7.5/install/upgrade/agent.md) topic for additional information. | -| Upgrade ADMonitor | Updates the SI.ActiveDirectoryMonitor.dll (LSASS module) only rather than the entire Agent. See the [Upgrade ADMonitor](/docs/threatprevention/7.5/admin/agents/management/upgradeadmonitor.md) topic for additional information. | +| Upgrade ADMonitor | Updates the SI.ActiveDirectoryMonitor.dll (LSASS module) only rather than the entire Agent. See the [Upgrade ADMonitor](/docs/threatprevention/7.5/admin/agents/agent-management/upgradeadmonitor.md) topic for additional information. | | Update Agent Settings | Allows for modification of the Agent settings, such as the modules, Enterprise Manager address, or enabling/disabling the DNS Host Name Resolution option. It opens the Deploy Agent wizard. See the [Update Agent Settings](/docs/threatprevention/7.5/admin/agents/deploy/overview.md#update-agent-settings) topic for additional information. | -| Start Agent | Starts the Agent service on the selected machine(s). See the [Start Agent](/docs/threatprevention/7.5/admin/agents/management/start.md) topic for additional information. | -| Stop Agent | Stops the Agent service on the selected machine(s). See the [Stop Agent](/docs/threatprevention/7.5/admin/agents/management/stop.md) sections for additional information. | -| Start Pending Modules | Starts Agent service modules that did not start with the Agent due to a change in LSASS (only available on Agents configured to use Safe Mode). See the [Agent Safe Mode](/docs/threatprevention/7.5/admin/agents/safemode.md) topic and the [Start Pending Modules](/docs/threatprevention/7.5/admin/agents/management/startpendingmodules.md) topic for additional information. | -| Harden Agent | Protects an Agent from being altered, stopped, or started from within the local Service Control Manager. See the [Harden Agent](/docs/threatprevention/7.5/admin/agents/management/harden.md) topic for additional information. | -| Soften Agent | Unlocks the Agent so it can be controlled from within the local Service Control Manager. See the [Soften Agent](/docs/threatprevention/7.5/admin/agents/management/soften.md) topic for additional information. | -| Remove Server from List | Removes a server from the Agent data grid. If the server has a deployed Agent, it will be added back to the list the next time the Agent sends information to the Enterprise Manager. See the [Remove Server from List](/docs/threatprevention/7.5/admin/agents/management/removeserver.md) topic for additional information. | -| Clear SQLite Agent Queue | When the Agent is unable to communicate with the Enterprise Manager, Agent events queue up in the Agents local SQLite database until the Enterprise Manager is available to accept events. The Clear SQLite Agent Queue option dumps the queue and all pending events are lost. See the [Clear SQLite Agent Queue](/docs/threatprevention/7.5/admin/agents/management/clearqueue.md) topic for additional information. | +| Start Agent | Starts the Agent service on the selected machine(s). See the [Start Agent](/docs/threatprevention/7.5/admin/agents/agent-management/start.md) topic for additional information. | +| Stop Agent | Stops the Agent service on the selected machine(s). See the [Stop Agent](/docs/threatprevention/7.5/admin/agents/agent-management/stop.md) sections for additional information. | +| Start Pending Modules | Starts Agent service modules that did not start with the Agent due to a change in LSASS (only available on Agents configured to use Safe Mode). See the [Agent Safe Mode](/docs/threatprevention/7.5/admin/agents/safemode.md) topic and the [Start Pending Modules](/docs/threatprevention/7.5/admin/agents/agent-management/startpendingmodules.md) topic for additional information. | +| Harden Agent | Protects an Agent from being altered, stopped, or started from within the local Service Control Manager. See the [Harden Agent](/docs/threatprevention/7.5/admin/agents/agent-management/harden.md) topic for additional information. | +| Soften Agent | Unlocks the Agent so it can be controlled from within the local Service Control Manager. See the [Soften Agent](/docs/threatprevention/7.5/admin/agents/agent-management/soften.md) topic for additional information. | +| Remove Server from List | Removes a server from the Agent data grid. If the server has a deployed Agent, it will be added back to the list the next time the Agent sends information to the Enterprise Manager. See the [Remove Server from List](/docs/threatprevention/7.5/admin/agents/agent-management/removeserver.md) topic for additional information. | +| Clear SQLite Agent Queue | When the Agent is unable to communicate with the Enterprise Manager, Agent events queue up in the Agents local SQLite database until the Enterprise Manager is available to accept events. The Clear SQLite Agent Queue option dumps the queue and all pending events are lost. See the [Clear SQLite Agent Queue](/docs/threatprevention/7.5/admin/agents/agent-management/clearqueue.md) topic for additional information. | For certain actions, you can select multiple Agents listed in the data grid, to perform that action on all the selected Agents. The appropriate right-click menu options will not be grayed out if @@ -182,7 +188,7 @@ Below are some considerations: in this event and the Agent is stopped. As a result, all monitoring/blocking by that Agent stops. To resolve the issue, either upgrade to the latest version of the Agent or simply upgrade SI.ActiveDirectoryMonitor.dll - commonly known as ADMonitor DLL (recommended). See the - [Upgrade ADMonitor](/docs/threatprevention/7.5/admin/agents/management/upgradeadmonitor.md)topic for additional information. + [Upgrade ADMonitor](/docs/threatprevention/7.5/admin/agents/agent-management/upgradeadmonitor.md)topic for additional information. **_RECOMMENDED:_** Activate an email notification for the _LSASS process terminated_ alert. See the @@ -197,9 +203,9 @@ Below are some considerations: monitoring/blocking by that Agent stops. The 'Agent Started in AD Monitor pending mode' alert (Operations alert) is triggered in this event. To resolve the issue temporarily, the Threat Prevention administrator should start the pending modules. See the - [Start Pending Modules](/docs/threatprevention/7.5/admin/agents/management/startpendingmodules.md) topic for additional information. It is + [Start Pending Modules](/docs/threatprevention/7.5/admin/agents/agent-management/startpendingmodules.md) topic for additional information. It is also recommended to upgrade SI.ActiveDirectoryMonitor.dll (commonly known as ADMonitor DLL) to - resolve the issue permanently. See the [Upgrade ADMonitor](/docs/threatprevention/7.5/admin/agents/management/upgradeadmonitor.md) + resolve the issue permanently. See the [Upgrade ADMonitor](/docs/threatprevention/7.5/admin/agents/agent-management/upgradeadmonitor.md) topic for additional information. **_RECOMMENDED:_** Activate an email notification for this alert. See the diff --git a/docs/threatprevention/7.5/admin/agents/safemode.md b/docs/threatprevention/7.5/admin/agents/safemode.md index 3748704657..f79393e681 100644 --- a/docs/threatprevention/7.5/admin/agents/safemode.md +++ b/docs/threatprevention/7.5/admin/agents/safemode.md @@ -1,3 +1,9 @@ +--- +title: "Agent Safe Mode" +description: "Agent Safe Mode" +sidebar_position: 10 +--- + # Agent Safe Mode To collect real-time activity data, the Agent hooks into (intercepts) specific Microsoft APIs in the @@ -10,7 +16,7 @@ LSASS process. Below are some considerations: in this event and the Agent is stopped. As a result, all monitoring/blocking by that Agent stops. To resolve the issue, either upgrade to the latest version of the Agent or simply upgrade SI.ActiveDirectoryMonitor.dll - commonly known as ADMonitor DLL (recommended). See the - [Upgrade ADMonitor](/docs/threatprevention/7.5/admin/agents/management/upgradeadmonitor.md)topic for additional information. + [Upgrade ADMonitor](/docs/threatprevention/7.5/admin/agents/agent-management/upgradeadmonitor.md)topic for additional information. **_RECOMMENDED:_** Activate an email notification for the _LSASS process terminated_ alert. See the @@ -25,9 +31,9 @@ LSASS process. Below are some considerations: monitoring/blocking by that Agent stops. The 'Agent Started in AD Monitor pending mode' alert (Operations alert) is triggered in this event. To resolve the issue temporarily, the Threat Prevention administrator should start the pending modules. See the - [Start Pending Modules](/docs/threatprevention/7.5/admin/agents/management/startpendingmodules.md) topic for additional information. It is + [Start Pending Modules](/docs/threatprevention/7.5/admin/agents/agent-management/startpendingmodules.md) topic for additional information. It is also recommended to upgrade SI.ActiveDirectoryMonitor.dll (commonly known as ADMonitor DLL) to - resolve the issue permanently. See the [Upgrade ADMonitor](/docs/threatprevention/7.5/admin/agents/management/upgradeadmonitor.md) + resolve the issue permanently. See the [Upgrade ADMonitor](/docs/threatprevention/7.5/admin/agents/agent-management/upgradeadmonitor.md) topic for additional information. **_RECOMMENDED:_** Activate an email notification for this alert. See the Enable Agent Started @@ -42,7 +48,7 @@ instrumentation. Active Directory monitoring/blocking will not resume until the pending modules are started. To determine if the LSASS changes will conflict with the Agent instrumentation, start the pending -modules on one domain controller (see the [Start Pending Modules](/docs/threatprevention/7.5/admin/agents/management/startpendingmodules.md) +modules on one domain controller (see the [Start Pending Modules](/docs/threatprevention/7.5/admin/agents/agent-management/startpendingmodules.md) topic). If there are no issues after five minutes, it is unlikely that the changes are conflicting with the Agent instrumentation. If there are any concerns about the changes, reach out to [](mailto:support@stealthbits.com)[Netwrix Support](https://www.netwrix.com/support.html) for more diff --git a/docs/threatprevention/7.5/admin/alerts/_category_.json b/docs/threatprevention/7.5/admin/alerts/_category_.json new file mode 100644 index 0000000000..e52c1d2584 --- /dev/null +++ b/docs/threatprevention/7.5/admin/alerts/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Alerts Interface", + "position": 50, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/threatprevention/7.5/admin/alerts/window/alertscleanup.md b/docs/threatprevention/7.5/admin/alerts/alertscleanup.md similarity index 91% rename from docs/threatprevention/7.5/admin/alerts/window/alertscleanup.md rename to docs/threatprevention/7.5/admin/alerts/alertscleanup.md index 06289e2cc4..5827621f30 100644 --- a/docs/threatprevention/7.5/admin/alerts/window/alertscleanup.md +++ b/docs/threatprevention/7.5/admin/alerts/alertscleanup.md @@ -1,10 +1,16 @@ +--- +title: "Alerts Cleanup Window" +description: "Alerts Cleanup Window" +sidebar_position: 10 +--- + # Alerts Cleanup Window You can clear alert data displayed on the [Alerts Interface](/docs/threatprevention/7.5/admin/alerts/overview.md) as well as schedule cleanups for this data. **_RECOMMENDED:_** Export alert data before using the Clear option. See the -[Alerts Export Window](/docs/threatprevention/7.5/admin/alerts/window/alertsexport.md) topic for additional information. +[Alerts Export Window](/docs/threatprevention/7.5/admin/alerts/alertsexport.md) topic for additional information. Follow the steps to clear the alerts data. diff --git a/docs/threatprevention/7.5/admin/alerts/window/alertsexport.md b/docs/threatprevention/7.5/admin/alerts/alertsexport.md similarity index 90% rename from docs/threatprevention/7.5/admin/alerts/window/alertsexport.md rename to docs/threatprevention/7.5/admin/alerts/alertsexport.md index 1e249b7de0..2985992875 100644 --- a/docs/threatprevention/7.5/admin/alerts/window/alertsexport.md +++ b/docs/threatprevention/7.5/admin/alerts/alertsexport.md @@ -1,3 +1,9 @@ +--- +title: "Alerts Export Window" +description: "Alerts Export Window" +sidebar_position: 20 +--- + # Alerts Export Window You can export alert data displayed on the Alerts interface to a CSV file. diff --git a/docs/threatprevention/7.5/admin/alerts/overview.md b/docs/threatprevention/7.5/admin/alerts/overview.md index 33fbaf2337..2d9e5d9f5a 100644 --- a/docs/threatprevention/7.5/admin/alerts/overview.md +++ b/docs/threatprevention/7.5/admin/alerts/overview.md @@ -1,3 +1,9 @@ +--- +title: "Alerts Interface" +description: "Alerts Interface" +sidebar_position: 50 +--- + # Alerts Interface The Alerts interface allows you to quickly view recent Security events, Operations events, and @@ -5,7 +11,7 @@ Configuration events for Threat Prevention - all of which are known as alerts. T system-generated and do not require any prior configuration. You can choose to view alerts related to analytics configuration and monitoring status on the Alerts -interface. See the [Alerts Cleanup Window](/docs/threatprevention/7.5/admin/alerts/window/alertscleanup.md) topic for options to display +interface. See the [Alerts Cleanup Window](/docs/threatprevention/7.5/admin/alerts/alertscleanup.md) topic for options to display this data. Click **Alerts** in the left pane to launch the Alerts interface. @@ -65,7 +71,7 @@ The data grid displays the following information for each event: - Message – Description and details about the event. The **Policy updated on server Changeset #[number]** link is displayed for events that represent a change to a policy, be it a policy under the Policies node or one defined for analytics. Click it to open the - [Policy Comparison Window](/docs/threatprevention/7.5/admin/alerts/window/policycomparison.md) where you can view any changes made to the + [Policy Comparison Window](/docs/threatprevention/7.5/admin/alerts/policycomparison.md) where you can view any changes made to the policy. Alerts generated for an archive database maintenance job have "Archive DB:" as the message prefix to differentiate them from those generated for the database maintenance job. @@ -87,7 +93,7 @@ Below are some considerations: in this event and the Agent is stopped. As a result, all monitoring/blocking by that Agent stops. To resolve the issue, either upgrade to the latest version of the Agent or simply upgrade SI.ActiveDirectoryMonitor.dll - commonly known as ADMonitor DLL (recommended). See the - [Upgrade ADMonitor](/docs/threatprevention/7.5/admin/agents/management/upgradeadmonitor.md)topic for additional information. + [Upgrade ADMonitor](/docs/threatprevention/7.5/admin/agents/agent-management/upgradeadmonitor.md)topic for additional information. **_RECOMMENDED:_** Activate an email notification for the _LSASS process terminated_ alert. See the @@ -102,10 +108,10 @@ Below are some considerations: monitoring/blocking by that Agent stops. The 'Agent Started in AD Monitor pending mode' alert (Operations alert) is triggered in this event. To resolve the issue temporarily, the Threat Prevention administrator should start the pending modules. See the - [Start Pending Modules](/docs/threatprevention/7.5/admin/agents/management/startpendingmodules.md) topic for additional + [Start Pending Modules](/docs/threatprevention/7.5/admin/agents/agent-management/startpendingmodules.md) topic for additional information. It is also recommended to upgrade SI.ActiveDirectoryMonitor.dll (commonly known as ADMonitor DLL) to resolve the issue permanently. See the - [Upgrade ADMonitor](/docs/threatprevention/7.5/admin/agents/management/upgradeadmonitor.md) topic for additional information. + [Upgrade ADMonitor](/docs/threatprevention/7.5/admin/agents/agent-management/upgradeadmonitor.md) topic for additional information. **_RECOMMENDED:_** Activate an email notification for this alert. See the [Enable Agent Started in AD Monitor Pending Mode Email Alert](/docs/threatprevention/7.5/admin/agents/safemode.md#enable-agent-started-in-ad-monitor-pending-mode-email-alert) diff --git a/docs/threatprevention/7.5/admin/alerts/window/policycomparison.md b/docs/threatprevention/7.5/admin/alerts/policycomparison.md similarity index 94% rename from docs/threatprevention/7.5/admin/alerts/window/policycomparison.md rename to docs/threatprevention/7.5/admin/alerts/policycomparison.md index 78e7c7d2f6..69ff34e3cb 100644 --- a/docs/threatprevention/7.5/admin/alerts/window/policycomparison.md +++ b/docs/threatprevention/7.5/admin/alerts/policycomparison.md @@ -1,3 +1,9 @@ +--- +title: "Policy Comparison Window" +description: "Policy Comparison Window" +sidebar_position: 30 +--- + # Policy Comparison Window When you edit a policy, the change creates an alert in the Alerts interface. You can track the diff --git a/docs/threatprevention/7.5/admin/analytics/_category_.json b/docs/threatprevention/7.5/admin/analytics/_category_.json new file mode 100644 index 0000000000..0c8210da2c --- /dev/null +++ b/docs/threatprevention/7.5/admin/analytics/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Analytics Interface", + "position": 70, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/threatprevention/7.5/admin/analytics/baduseridsourcehost.md b/docs/threatprevention/7.5/admin/analytics/baduseridsourcehost.md index 0b537875d3..9276bcab15 100644 --- a/docs/threatprevention/7.5/admin/analytics/baduseridsourcehost.md +++ b/docs/threatprevention/7.5/admin/analytics/baduseridsourcehost.md @@ -1,3 +1,9 @@ +--- +title: "Bad User ID (by Source Host) Analytic Type" +description: "Bad User ID (by Source Host) Analytic Type" +sidebar_position: 10 +--- + # Bad User ID (by Source Host) Analytic Type The **Bad User ID (by source host)** analytic type identifies pre-authentication failures due to @@ -60,12 +66,12 @@ Policy Tab The Policy tab for configuring analytics consists of three sub-tabs: -- General tab – Configured the same way a regular policy’s [General Tab](/docs/threatprevention/7.5/admin/policies/general.md) is +- General tab – Configured the same way a regular policy’s [General Tab](/docs/threatprevention/7.5/admin/policies/configuration/general.md) is configured. The only exception is that the Name and Description are hard coded, and cannot be modified. The Tags field is disabled for analytics. - Event Type tab – Configured the same way a regular policy’s - [Event Type Tab](/docs/threatprevention/7.5/admin/policies/eventtype/overview.md) is configured. The only exception is that the - [Authentication Monitoring Event Type](/docs/threatprevention/7.5/admin/policies/eventtype/authenticationmonitoring.md) is hard + [Event Type Tab](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/overview.md) is configured. The only exception is that the + [Authentication Monitoring Event Type](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/authenticationmonitoring.md) is hard coded, and the Success filter cannot be modified. Additionally, there is no AD Perpetrator filter. - _Optional:_ Scope the protocol to be monitored on the Authentication Protocol filter. If @@ -86,7 +92,7 @@ The Policy tab for configuring analytics consists of three sub-tabs: filter values. - Actions tab – Configured the same way a regular policy’s - [Actions Tab](/docs/threatprevention/7.5/admin/policies/actions/overview.md) is configured. The only exceptions are that the + [Actions Tab](/docs/threatprevention/7.5/admin/policies/configuration/actions/overview.md) is configured. The only exceptions are that the “Send to Event DB” and “Email Notifications” options are disabled. The event data collected by analytic policies are stored in memory until an incident is triggered. For the “Send Raw Data to SIEM” option, use _caution_, as this will send all event data not the triggered incident, which @@ -102,7 +108,7 @@ These incidences are grouped per unique source machine. ![Bad User ID by Source Host window](/img/product_docs/threatprevention/7.5/admin/analytics/baduseridsourcehost.webp) The data grid can be filtered according to the Event Tracker status: All, New, or Reviewed. See the -[Event Tracker Window](/docs/threatprevention/7.5/admin/policies/recentevents/eventtracker.md) topic for additional information. +[Event Tracker Window](/docs/threatprevention/7.5/admin/policies/configuration/recentevents/eventtracker.md) topic for additional information. The top data grid includes the following information for each incident: diff --git a/docs/threatprevention/7.5/admin/analytics/baduseriduser.md b/docs/threatprevention/7.5/admin/analytics/baduseriduser.md index 05ff907631..c08c88b5b2 100644 --- a/docs/threatprevention/7.5/admin/analytics/baduseriduser.md +++ b/docs/threatprevention/7.5/admin/analytics/baduseriduser.md @@ -1,3 +1,9 @@ +--- +title: "Bad User ID (by User) Analytic Type" +description: "Bad User ID (by User) Analytic Type" +sidebar_position: 20 +--- + # Bad User ID (by User) Analytic Type The **Bad User ID (by user)** analytic type identifies pre-authentication failures due to using @@ -59,12 +65,12 @@ Policy Tab The **Policy** tab for configuring analytics consists of three sub-tabs: -- General tab – Configured the same way a regular policy’s [General Tab](/docs/threatprevention/7.5/admin/policies/general.md) is +- General tab – Configured the same way a regular policy’s [General Tab](/docs/threatprevention/7.5/admin/policies/configuration/general.md) is configured. The only exception is that the Name and Description are hard coded, and cannot be modified. The Tags field is disabled for analytics. - Event Type tab – Configured the same way a regular policy’s - [Event Type Tab](/docs/threatprevention/7.5/admin/policies/eventtype/overview.md) is configured. The only exception is that the - [Authentication Monitoring Event Type](/docs/threatprevention/7.5/admin/policies/eventtype/authenticationmonitoring.md) is hard + [Event Type Tab](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/overview.md) is configured. The only exception is that the + [Authentication Monitoring Event Type](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/authenticationmonitoring.md) is hard coded, and the Success filter cannot be modified. Additionally, there is no AD Perpetrator filter. - *Optional:* Scope the protocol to be monitored on the Authentication Protocol filter. If @@ -85,7 +91,7 @@ The **Policy** tab for configuring analytics consists of three sub-tabs: filter values. - Actions tab – Configured the same way a regular policy’s - [Actions Tab](/docs/threatprevention/7.5/admin/policies/actions/overview.md) is configured. The only exceptions are that the + [Actions Tab](/docs/threatprevention/7.5/admin/policies/configuration/actions/overview.md) is configured. The only exceptions are that the “Send to Event DB” and “Email Notifications” options are disabled. The event data collected by analytic policies are stored in memory until an incident is triggered. For the “Send Raw Data to SIEM” option, use _caution_, as this will send all event data not the triggered incident, which @@ -101,7 +107,7 @@ incidences are grouped per unique bad user name. ![Bad User ID (by User) Analytic Type window](/img/product_docs/threatprevention/7.5/admin/analytics/baduseriduser.webp) The data grid can be filtered according to the Event Tracker status: All, New, or Reviewed. See the -[Event Tracker Window](/docs/threatprevention/7.5/admin/policies/recentevents/eventtracker.md) topic for additional information. +[Event Tracker Window](/docs/threatprevention/7.5/admin/policies/configuration/recentevents/eventtracker.md) topic for additional information. The top data grid includes the following information for each incident: diff --git a/docs/threatprevention/7.5/admin/analytics/breachedpassword.md b/docs/threatprevention/7.5/admin/analytics/breachedpassword.md index efd7f86da0..3ef965f6f7 100644 --- a/docs/threatprevention/7.5/admin/analytics/breachedpassword.md +++ b/docs/threatprevention/7.5/admin/analytics/breachedpassword.md @@ -1,3 +1,9 @@ +--- +title: "Breached Password Analytic Type" +description: "Breached Password Analytic Type" +sidebar_position: 30 +--- + # Breached Password Analytic Type The **Breached Password** analytic type identifies multiple failed authentications followed by a @@ -55,12 +61,12 @@ Policy Tab The **Policy** tab for configuring analytics consists of three sub-tabs: -- General tab – Configured the same way a regular policy’s [General Tab](/docs/threatprevention/7.5/admin/policies/general.md) is +- General tab – Configured the same way a regular policy’s [General Tab](/docs/threatprevention/7.5/admin/policies/configuration/general.md) is configured. The only exception is that the Name and Description are hard coded, and cannot be modified. The Tags field is disabled for analytics. - Event Type tab – Configured the same way a regular policy’s - [Event Type Tab](/docs/threatprevention/7.5/admin/policies/eventtype/overview.md) is configured. The only exception is that the - [Authentication Monitoring Event Type](/docs/threatprevention/7.5/admin/policies/eventtype/authenticationmonitoring.md) is hard + [Event Type Tab](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/overview.md) is configured. The only exception is that the + [Authentication Monitoring Event Type](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/authenticationmonitoring.md) is hard coded, and the Success filter cannot be modified. - Scope the protocol to be monitored on the Authentication Protocol filter. If enabling the @@ -83,7 +89,7 @@ The **Policy** tab for configuring analytics consists of three sub-tabs: filter values. - Actions tab – Configured the same way a regular policy’s - [Actions Tab](/docs/threatprevention/7.5/admin/policies/actions/overview.md) is configured. The only exceptions are that the + [Actions Tab](/docs/threatprevention/7.5/admin/policies/configuration/actions/overview.md) is configured. The only exceptions are that the “Send to Event DB” and “Email Notifications” options are disabled. The event data collected by analytic policies are stored in memory until an incident is triggered. For the “Send Raw Data to SIEM” option, use _caution_, as this will send all event data not the triggered incident, which @@ -98,7 +104,7 @@ The data grid on the **Breached Password** node lists one row per incident ident ![Breached Password Analytic Type window](/img/product_docs/threatprevention/7.5/admin/analytics/breachedpassword.webp) The data grid can be filtered according to the Event Tracker status: All, New, or Reviewed. See the -[Event Tracker Window](/docs/threatprevention/7.5/admin/policies/recentevents/eventtracker.md) topic for additional information. +[Event Tracker Window](/docs/threatprevention/7.5/admin/policies/configuration/recentevents/eventtracker.md) topic for additional information. The top data grid includes the following information for each incident: diff --git a/docs/threatprevention/7.5/admin/analytics/bruteforceattacks.md b/docs/threatprevention/7.5/admin/analytics/bruteforceattacks.md index dc17dc1ebf..32dad69186 100644 --- a/docs/threatprevention/7.5/admin/analytics/bruteforceattacks.md +++ b/docs/threatprevention/7.5/admin/analytics/bruteforceattacks.md @@ -1,3 +1,9 @@ +--- +title: "Brute Force Attacks Analytic Type" +description: "Brute Force Attacks Analytic Type" +sidebar_position: 40 +--- + # Brute Force Attacks Analytic Type The **Brute Force Attacks** analytic type identifies failed attempts from a single host to access a @@ -63,12 +69,12 @@ Policy Tab The **Policy** tab for configuring analytics consists of three sub-tabs: -- General tab – Configured the same way a regular policy’s [General Tab](/docs/threatprevention/7.5/admin/policies/general.md) is +- General tab – Configured the same way a regular policy’s [General Tab](/docs/threatprevention/7.5/admin/policies/configuration/general.md) is configured. The only exception is that the Name and Description are hard coded, and cannot be modified. The Tags field is disabled for analytics. - Event Type tab – Configured the same way a regular policy’s - [Event Type Tab](/docs/threatprevention/7.5/admin/policies/eventtype/overview.md) is configured. The only exception is that the - [Authentication Monitoring Event Type](/docs/threatprevention/7.5/admin/policies/eventtype/authenticationmonitoring.md) is hard + [Event Type Tab](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/overview.md) is configured. The only exception is that the + [Authentication Monitoring Event Type](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/authenticationmonitoring.md) is hard coded, and the Success filter cannot be modified. - Scope the servers to be included in or excluded from monitoring on the IP Addresses (from) @@ -91,7 +97,7 @@ The **Policy** tab for configuring analytics consists of three sub-tabs: Perpetrator filter. - Actions tab – Configured the same way a regular policy’s - [Actions Tab](/docs/threatprevention/7.5/admin/policies/actions/overview.md) is configured. The only exceptions are that the + [Actions Tab](/docs/threatprevention/7.5/admin/policies/configuration/actions/overview.md) is configured. The only exceptions are that the “Send to Event DB” and “Email Notifications” options are disabled. The event data collected by analytic policies are stored in memory until an incident is triggered. For the “Send Raw Data to SIEM” option, use _caution_, as this will send all event data not the triggered incident, which @@ -106,7 +112,7 @@ The data grid on the **Brute Force Attacks** node lists one row per incident ide ![Brute Force Attacks Analytic Type window](/img/product_docs/threatprevention/7.5/admin/analytics/bruteforce.webp) The data grid can be filtered according to the Event Tracker status: All, New, or Reviewed. See the -[Event Tracker Window](/docs/threatprevention/7.5/admin/policies/recentevents/eventtracker.md) topic for additional information. +[Event Tracker Window](/docs/threatprevention/7.5/admin/policies/configuration/recentevents/eventtracker.md) topic for additional information. The top data grid includes the following information for each incident: diff --git a/docs/threatprevention/7.5/admin/analytics/concurrentlogins.md b/docs/threatprevention/7.5/admin/analytics/concurrentlogins.md index 07263787b9..4c28f21834 100644 --- a/docs/threatprevention/7.5/admin/analytics/concurrentlogins.md +++ b/docs/threatprevention/7.5/admin/analytics/concurrentlogins.md @@ -1,3 +1,9 @@ +--- +title: "Concurrent Logins Analytic Type" +description: "Concurrent Logins Analytic Type" +sidebar_position: 50 +--- + # Concurrent Logins Analytic Type The **Concurrent Logins** analytic type identifies same account logins from multiple locations @@ -58,12 +64,12 @@ Policy Tab The **Policy** tab for configuring analytics consists of three sub-tabs: -- General tab – Configured the same way a regular policy’s [General Tab](/docs/threatprevention/7.5/admin/policies/general.md) is +- General tab – Configured the same way a regular policy’s [General Tab](/docs/threatprevention/7.5/admin/policies/configuration/general.md) is configured. The only exception is that the Name and Description are hard coded, and cannot be modified. The Tags field is disabled for analytics. - Event Type tab – Configured the same way a regular policy’s - [Event Type Tab](/docs/threatprevention/7.5/admin/policies/eventtype/overview.md) is configured. The only exception is that the - [Authentication Monitoring Event Type](/docs/threatprevention/7.5/admin/policies/eventtype/authenticationmonitoring.md) is hard + [Event Type Tab](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/overview.md) is configured. The only exception is that the + [Authentication Monitoring Event Type](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/authenticationmonitoring.md) is hard coded, and the Success filter cannot be modified. - _Optional:_ Scope the protocol to be monitored on the Authentication Protocol filter. If @@ -86,7 +92,7 @@ The **Policy** tab for configuring analytics consists of three sub-tabs: filter values. - Actions tab – Configured the same way a regular policy’s - [Actions Tab](/docs/threatprevention/7.5/admin/policies/actions/overview.md) is configured. The only exceptions are that the + [Actions Tab](/docs/threatprevention/7.5/admin/policies/configuration/actions/overview.md) is configured. The only exceptions are that the “Send to Event DB” and “Email Notifications” options are disabled. The event data collected by analytic policies are stored in memory until an incident is triggered. For the “Send Raw Data to SIEM” option, use _caution_, as this will send all event data not the triggered incident, which @@ -101,7 +107,7 @@ The data grid on the **Concurrent Logins** node lists one row per incident ident ![Concurrent Logins Analytic Type window](/img/product_docs/threatprevention/7.5/admin/analytics/concurrentlogins.webp) The data grid can be filtered according to the Event Tracker status: All, New, or Reviewed. See the -[Event Tracker Window](/docs/threatprevention/7.5/admin/policies/recentevents/eventtracker.md) topic for additional information. +[Event Tracker Window](/docs/threatprevention/7.5/admin/policies/configuration/recentevents/eventtracker.md) topic for additional information. The top data grid includes the following information for each incident: diff --git a/docs/threatprevention/7.5/admin/analytics/filesystemattacksuser.md b/docs/threatprevention/7.5/admin/analytics/filesystemattacksuser.md index be697c7f64..37bc344fd1 100644 --- a/docs/threatprevention/7.5/admin/analytics/filesystemattacksuser.md +++ b/docs/threatprevention/7.5/admin/analytics/filesystemattacksuser.md @@ -1,3 +1,9 @@ +--- +title: "File System Attacks (by User) Analytic Type" +description: "File System Attacks (by User) Analytic Type" +sidebar_position: 60 +--- + # File System Attacks (by User) Analytic Type The **File System Attacks (by user)** analytic type identifies activity where a significant number @@ -72,11 +78,11 @@ Policy Tab for Monitoring Only The **Policy** tab for configuring analytics consists of the following sub-tabs: -- General tab – Configured the same way a regular policy’s [General Tab](/docs/threatprevention/7.5/admin/policies/general.md) is +- General tab – Configured the same way a regular policy’s [General Tab](/docs/threatprevention/7.5/admin/policies/configuration/general.md) is configured. The only exception is that the Name and Description are hard coded, and cannot be modified. The Tags field is disabled for analytics. - Event Type tab – Configured the same way a regular policy’s - [Event Type Tab](/docs/threatprevention/7.5/admin/policies/eventtype/overview.md) is configured. For monitoring only, it + [Event Type Tab](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/overview.md) is configured. For monitoring only, it contains the File System Changes event type. The only exception is that the Success filter cannot be modified. @@ -99,7 +105,7 @@ The **Policy** tab for configuring analytics consists of the following sub-tabs: Perpetrator filter. - Actions tab – Configured the same way a regular policy’s - [Actions Tab](/docs/threatprevention/7.5/admin/policies/actions/overview.md) is configured. The only exceptions are that the + [Actions Tab](/docs/threatprevention/7.5/admin/policies/configuration/actions/overview.md) is configured. The only exceptions are that the “Send to Event DB” and “Email Notifications” options are disabled. The event data collected by analytic policies are stored in memory until an incident is triggered. For the “Send Raw Data to SIEM” option, use _caution_, as this will send all event data not the triggered incident, which @@ -117,13 +123,13 @@ Changes Event Type. The **Policy** tab for configuring analytics consists of the following sub-tabs: -- General tab – Configured the same way a regular policy’s [General Tab](/docs/threatprevention/7.5/admin/policies/general.md) is +- General tab – Configured the same way a regular policy’s [General Tab](/docs/threatprevention/7.5/admin/policies/configuration/general.md) is configured. The only exception is that the Name and Description are hard coded, and cannot be modified. The Tags field is disabled for analytics. - Event Type tab – Configured the same way a regular policy’s - [Event Type Tab](/docs/threatprevention/7.5/admin/policies/eventtype/overview.md) is configured. It contains both the - [File System Lockdown Event Type](/docs/threatprevention/7.5/admin/policies/eventtype/filesystemlockdown.md) and the - [File System Changes Event Type](/docs/threatprevention/7.5/admin/policies/eventtype/filesystemchanges.md). The only exception + [Event Type Tab](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/overview.md) is configured. It contains both the + [File System Lockdown Event Type](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/filesystemlockdown.md) and the + [File System Changes Event Type](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/filesystemchanges/filesystemchanges.md). The only exception is that for the Lockdown Event Type, the File System filter is hard coded to mirror the configuration of the File System Changes Event Type settings. @@ -138,7 +144,7 @@ The **Policy** tab for configuring analytics consists of the following sub-tabs: they trigger another incident - Actions tab – Configured the same way a regular policy’s - [Actions Tab](/docs/threatprevention/7.5/admin/policies/actions/overview.md) is configured. The only exceptions are that the + [Actions Tab](/docs/threatprevention/7.5/admin/policies/configuration/actions/overview.md) is configured. The only exceptions are that the “Send to Event DB” and “Email Notifications” options are disabled. The event data collected by analytic policies are stored in memory until an incident is triggered. For the “Send Raw Data to SIEM” option, use _caution_, as this will send all event data not the triggered incident, which @@ -153,7 +159,7 @@ The data grid on the **File System Attacks (by user)** node lists one row per in ![File System Attacks (by User) Analytic Type window](/img/product_docs/threatprevention/7.5/admin/analytics/fsattacks.webp) The data grid can be filtered according to the Event Tracker status: All, New, or Reviewed. See the -[Event Tracker Window](/docs/threatprevention/7.5/admin/policies/recentevents/eventtracker.md) topic for additional information. +[Event Tracker Window](/docs/threatprevention/7.5/admin/policies/configuration/recentevents/eventtracker.md) topic for additional information. The top data grid includes the following information for each incident: diff --git a/docs/threatprevention/7.5/admin/analytics/forgedpac.md b/docs/threatprevention/7.5/admin/analytics/forgedpac.md index a03219f684..dee39c4b24 100644 --- a/docs/threatprevention/7.5/admin/analytics/forgedpac.md +++ b/docs/threatprevention/7.5/admin/analytics/forgedpac.md @@ -1,3 +1,9 @@ +--- +title: "Forged PAC Analytic Type" +description: "Forged PAC Analytic Type" +sidebar_position: 70 +--- + # Forged PAC Analytic Type The **Forged Privilege Account Certificate** (PAC) analytic type identifies Kerberos tickets with a @@ -49,7 +55,7 @@ You can select specific RIDs that Threat Prevention compares against the PAC and for a mismatch to trigger the incident. - Click the **Add** (**+**) button to open the - [Select AD Groups Window](/docs/threatprevention/7.5/admin/policies/eventtype/window/selectactivedirectory/groups.md), where you + [Select AD Groups Window](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/groups.md), where you can select the desired Active Directory group(s). On selection, the RID of that group is monitored for modifications. - The **Remove** (**x**) button removes the selected item(s) from the incident criteria. @@ -60,12 +66,12 @@ Policy Tab The **Policy** tab for configuring analytics consists of three sub-tabs: -- General tab – Configured the same way a regular policy’s [General Tab](/docs/threatprevention/7.5/admin/policies/general.md) is +- General tab – Configured the same way a regular policy’s [General Tab](/docs/threatprevention/7.5/admin/policies/configuration/general.md) is configured. The only exception is that the Name and Description are hard coded, and cannot be modified. The Tags field is disabled for analytics. - Event Type tab – Configured the same way a regular policy’s - [Event Type Tab](/docs/threatprevention/7.5/admin/policies/eventtype/overview.md) is configured. The only exception is that the - [Authentication Monitoring Event Type](/docs/threatprevention/7.5/admin/policies/eventtype/authenticationmonitoring.md) is hard + [Event Type Tab](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/overview.md) is configured. The only exception is that the + [Authentication Monitoring Event Type](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/authenticationmonitoring.md) is hard coded, and the Success filter cannot be modified. - Scope the servers to be included in or excluded from monitoring on the IP Addresses (from) @@ -89,7 +95,7 @@ The **Policy** tab for configuring analytics consists of three sub-tabs: Perpetrator filter. - Actions tab – Configured the same way a regular policy’s - [Actions Tab](/docs/threatprevention/7.5/admin/policies/actions/overview.md) is configured. The only exceptions are that the + [Actions Tab](/docs/threatprevention/7.5/admin/policies/configuration/actions/overview.md) is configured. The only exceptions are that the “Send to Event DB” and “Email Notifications” options are disabled. The event data collected by analytic policies are stored in memory until an incident is triggered. For the “Send Raw Data to SIEM” option, use _caution_, as this will send all event data not the triggered incident, which @@ -104,7 +110,7 @@ The data grid on the **Forged PAC** node lists one row per incident identified. ![Forged PAC Analytic Type window](/img/product_docs/threatprevention/7.5/admin/analytics/forgedpac.webp) The data grid can be filtered according to the Event Tracker status: All, New, or Reviewed. See the -[Event Tracker Window](/docs/threatprevention/7.5/admin/policies/recentevents/eventtracker.md) topic for additional information. +[Event Tracker Window](/docs/threatprevention/7.5/admin/policies/configuration/recentevents/eventtracker.md) topic for additional information. The top data grid includes the following information for each incident: diff --git a/docs/threatprevention/7.5/admin/analytics/goldenticket.md b/docs/threatprevention/7.5/admin/analytics/goldenticket.md index 973553885a..dedea35520 100644 --- a/docs/threatprevention/7.5/admin/analytics/goldenticket.md +++ b/docs/threatprevention/7.5/admin/analytics/goldenticket.md @@ -1,3 +1,9 @@ +--- +title: "Golden Ticket Analytic Type" +description: "Golden Ticket Analytic Type" +sidebar_position: 80 +--- + # Golden Ticket Analytic Type The **Golden Tickets** analytic type identifies Kerberos tickets that exceed the specified maximum @@ -54,12 +60,12 @@ Policy Tab The **Policy** tab for configuring analytics consists of three sub-tabs: -- General tab – Configured the same way a regular policy’s [General Tab](/docs/threatprevention/7.5/admin/policies/general.md) is +- General tab – Configured the same way a regular policy’s [General Tab](/docs/threatprevention/7.5/admin/policies/configuration/general.md) is configured. The only exception is that the Name and Description are hard coded, and cannot be modified. The Tags field is disabled for analytics. - Event Type tab – Configured the same way a regular policy’s - [Event Type Tab](/docs/threatprevention/7.5/admin/policies/eventtype/overview.md) is configured. The only exception is that the - [Authentication Monitoring Event Type](/docs/threatprevention/7.5/admin/policies/eventtype/authenticationmonitoring.md) is hard + [Event Type Tab](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/overview.md) is configured. The only exception is that the + [Authentication Monitoring Event Type](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/authenticationmonitoring.md) is hard coded, and the Success filter cannot be modified. **_RECOMMENDED:_** Do not configure any filters for this analytic type. @@ -84,7 +90,7 @@ The **Policy** tab for configuring analytics consists of three sub-tabs: filter values. - Actions tab – Configured the same way a regular policy’s - [Actions Tab](/docs/threatprevention/7.5/admin/policies/actions/overview.md) is configured. The only exceptions are that the + [Actions Tab](/docs/threatprevention/7.5/admin/policies/configuration/actions/overview.md) is configured. The only exceptions are that the “Send to Event DB” and “Email Notifications” options are disabled. The event data collected by analytic policies are stored in memory until an incident is triggered. For the “Send Raw Data to SIEM” option, use _caution_, as this will send all event data not the triggered incident, which @@ -99,7 +105,7 @@ The data grid on the **Golden Tickets** node lists one row per incident identifi ![Golden Ticket Analytic Type window](/img/product_docs/threatprevention/7.5/admin/analytics/goldenticket.webp) The data grid can be filtered according to the Event Tracker status: All, New, or Reviewed. See the -[Event Tracker Window](/docs/threatprevention/7.5/admin/policies/recentevents/eventtracker.md) topic for additional information. +[Event Tracker Window](/docs/threatprevention/7.5/admin/policies/configuration/recentevents/eventtracker.md) topic for additional information. The top data grid includes the following information for each incident: diff --git a/docs/threatprevention/7.5/admin/analytics/horizontalmovementattacks.md b/docs/threatprevention/7.5/admin/analytics/horizontalmovementattacks.md index 4c80c2ca3a..43352fa3c2 100644 --- a/docs/threatprevention/7.5/admin/analytics/horizontalmovementattacks.md +++ b/docs/threatprevention/7.5/admin/analytics/horizontalmovementattacks.md @@ -1,3 +1,9 @@ +--- +title: "Horizontal Movement Attacks Analytic Type" +description: "Horizontal Movement Attacks Analytic Type" +sidebar_position: 90 +--- + # Horizontal Movement Attacks Analytic Type The **Horizontal Movement Attacks** analytic type identifies security principals that are accessing @@ -61,12 +67,12 @@ Policy Tab The **Policy** tab for configuring analytics consists of three sub-tabs: -- General tab – Configured the same way a regular policy’s [General Tab](/docs/threatprevention/7.5/admin/policies/general.md) is +- General tab – Configured the same way a regular policy’s [General Tab](/docs/threatprevention/7.5/admin/policies/configuration/general.md) is configured. The only exception is that the Name and Description are hard coded, and cannot be modified. The Tags field is disabled for analytics. - Event Type tab – Configured the same way a regular policy’s - [Event Type Tab](/docs/threatprevention/7.5/admin/policies/eventtype/overview.md) is configured. The only exception is that the - [Authentication Monitoring Event Type](/docs/threatprevention/7.5/admin/policies/eventtype/authenticationmonitoring.md) is hard + [Event Type Tab](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/overview.md) is configured. The only exception is that the + [Authentication Monitoring Event Type](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/authenticationmonitoring.md) is hard coded, and the Success filter cannot be modified. - Scope the accounts to include in or exclude from being monitored on the AD Perpetrator filter. @@ -88,7 +94,7 @@ The **Policy** tab for configuring analytics consists of three sub-tabs: filter values. - Actions tab – Configured the same way a regular policy’s - [Actions Tab](/docs/threatprevention/7.5/admin/policies/actions/overview.md) is configured. The only exceptions are that the + [Actions Tab](/docs/threatprevention/7.5/admin/policies/configuration/actions/overview.md) is configured. The only exceptions are that the “Send to Event DB” and “Email Notifications” options are disabled. The event data collected by analytic policies are stored in memory until an incident is triggered. For the “Send Raw Data to SIEM” option, use _caution_, as this will send all event data not the triggered incident, which @@ -103,7 +109,7 @@ The data grid on the **Horizontal Movement Attacks** node lists one row per inci ![Horizontal Movement Attacks Analytic Type window](/img/product_docs/threatprevention/7.5/admin/analytics/horizontalmovement.webp) The data grid can be filtered according to the Event Tracker status: All, New, or Reviewed. See the -[Event Tracker Window](/docs/threatprevention/7.5/admin/policies/recentevents/eventtracker.md) topic for additional information. +[Event Tracker Window](/docs/threatprevention/7.5/admin/policies/configuration/recentevents/eventtracker.md) topic for additional information. The top data grid includes the following information for each incident: diff --git a/docs/threatprevention/7.5/admin/analytics/impersonationlogins.md b/docs/threatprevention/7.5/admin/analytics/impersonationlogins.md index 9aa412b220..36ec4c480d 100644 --- a/docs/threatprevention/7.5/admin/analytics/impersonationlogins.md +++ b/docs/threatprevention/7.5/admin/analytics/impersonationlogins.md @@ -1,3 +1,9 @@ +--- +title: "Impersonation Logins Analytic Type" +description: "Impersonation Logins Analytic Type" +sidebar_position: 100 +--- + # Impersonation Logins Analytic Type The **Impersonation Logins** analytic type identifies multiple authenticated accounts from a single @@ -58,12 +64,12 @@ Policy Tab The **Policy** tab for configuring analytics consists of three sub-tabs: -- General tab – Configured the same way a regular policy’s [General Tab](/docs/threatprevention/7.5/admin/policies/general.md) is +- General tab – Configured the same way a regular policy’s [General Tab](/docs/threatprevention/7.5/admin/policies/configuration/general.md) is configured. The only exception is that the Name and Description are hard coded, and cannot be modified. The Tags field is disabled for analytics. - Event Type tab – Configured the same way a regular policy’s - [Event Type Tab](/docs/threatprevention/7.5/admin/policies/eventtype/overview.md) is configured. The only exception is that the - [Authentication Monitoring Event Type](/docs/threatprevention/7.5/admin/policies/eventtype/authenticationmonitoring.md) is hard + [Event Type Tab](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/overview.md) is configured. The only exception is that the + [Authentication Monitoring Event Type](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/authenticationmonitoring.md) is hard coded, and the Success filter cannot be modified. - _Optional:_ Scope the protocol to be monitored on the Authentication Protocol filter. If @@ -86,7 +92,7 @@ The **Policy** tab for configuring analytics consists of three sub-tabs: filter values. - Actions tab – Configured the same way a regular policy’s - [Actions Tab](/docs/threatprevention/7.5/admin/policies/actions/overview.md) is configured. The only exceptions are that the + [Actions Tab](/docs/threatprevention/7.5/admin/policies/configuration/actions/overview.md) is configured. The only exceptions are that the “Send to Event DB” and “Email Notifications” options are disabled. The event data collected by analytic policies are stored in memory until an incident is triggered. For the “Send Raw Data to SIEM” option, use _caution_, as this will send all event data not the triggered incident, which @@ -101,7 +107,7 @@ The data grid on the **Impersonation Logins** node lists one row per incident id ![Impersonation Logins Analytic Type window](/img/product_docs/threatprevention/7.5/admin/analytics/impersonationlogins.webp) The data grid can be filtered according to the Event Tracker status: All, New, or Reviewed. See the -[Event Tracker Window](/docs/threatprevention/7.5/admin/policies/recentevents/eventtracker.md) topic for additional information. +[Event Tracker Window](/docs/threatprevention/7.5/admin/policies/configuration/recentevents/eventtracker.md) topic for additional information. The top data grid includes the following information for each incident: diff --git a/docs/threatprevention/7.5/admin/analytics/kerberosweakencryption.md b/docs/threatprevention/7.5/admin/analytics/kerberosweakencryption.md index 17999db12f..2a9ffb06c4 100644 --- a/docs/threatprevention/7.5/admin/analytics/kerberosweakencryption.md +++ b/docs/threatprevention/7.5/admin/analytics/kerberosweakencryption.md @@ -1,3 +1,9 @@ +--- +title: "Kerberos Weak Encryption Analytic Type" +description: "Kerberos Weak Encryption Analytic Type" +sidebar_position: 110 +--- + # Kerberos Weak Encryption Analytic Type The **Kerberos Weak Encryption** analytic type identifies Kerberos tickets with RC4_HMAC_MD5 @@ -41,12 +47,12 @@ Policy Tab The **Policy** tab for configuring analytics consists of three sub-tabs: -- General tab – Configured the same way a regular policy’s [General Tab](/docs/threatprevention/7.5/admin/policies/general.md) is +- General tab – Configured the same way a regular policy’s [General Tab](/docs/threatprevention/7.5/admin/policies/configuration/general.md) is configured. The only exception is that the Name and Description are hard coded, and cannot be modified. The Tags field is disabled for analytics. - Event Type tab – Configured the same way a regular policy’s - [Event Type Tab](/docs/threatprevention/7.5/admin/policies/eventtype/overview.md) is configured. The only exception is that the - [Authentication Monitoring Event Type](/docs/threatprevention/7.5/admin/policies/eventtype/authenticationmonitoring.md) is hard + [Event Type Tab](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/overview.md) is configured. The only exception is that the + [Authentication Monitoring Event Type](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/authenticationmonitoring.md) is hard coded, and the Success filter cannot be modified. - Scope the servers to be included in or excluded from monitoring on the IP Addresses (from) @@ -70,7 +76,7 @@ The **Policy** tab for configuring analytics consists of three sub-tabs: Perpetrator filter. - Actions tab – Configured the same way a regular policy’s - [Actions Tab](/docs/threatprevention/7.5/admin/policies/actions/overview.md) is configured. The only exceptions are that the + [Actions Tab](/docs/threatprevention/7.5/admin/policies/configuration/actions/overview.md) is configured. The only exceptions are that the “Send to Event DB” and “Email Notifications” options are disabled. The event data collected by analytic policies are stored in memory until an incident is triggered. For the “Send Raw Data to SIEM” option, use _caution_, as this will send all event data not the triggered incident, which @@ -85,7 +91,7 @@ The data grid on the **Kerberos Weak Encryption** node lists one row per inciden ![kerberosweakencryption](/img/product_docs/threatprevention/7.5/admin/analytics/kerberosweakencryption.webp) The data grid can be filtered according to the Event Tracker status: All, New, or Reviewed. See the -[Event Tracker Window](/docs/threatprevention/7.5/admin/policies/recentevents/eventtracker.md) topic for additional information. +[Event Tracker Window](/docs/threatprevention/7.5/admin/policies/configuration/recentevents/eventtracker.md) topic for additional information. The top data grid includes the following information for each incident: diff --git a/docs/threatprevention/7.5/admin/analytics/overview.md b/docs/threatprevention/7.5/admin/analytics/overview.md index 69f9db9922..b374e63b95 100644 --- a/docs/threatprevention/7.5/admin/analytics/overview.md +++ b/docs/threatprevention/7.5/admin/analytics/overview.md @@ -1,3 +1,9 @@ +--- +title: "Analytics Interface" +description: "Analytics Interface" +sidebar_position: 70 +--- + # Analytics Interface Analytics provide organizations with the ability to capture and analyze authentication traffic diff --git a/docs/threatprevention/7.5/admin/analytics/useraccounthacking.md b/docs/threatprevention/7.5/admin/analytics/useraccounthacking.md index 8a569d5e0b..a8027cc3cb 100644 --- a/docs/threatprevention/7.5/admin/analytics/useraccounthacking.md +++ b/docs/threatprevention/7.5/admin/analytics/useraccounthacking.md @@ -1,3 +1,9 @@ +--- +title: "User Account Hacking Analytic Type" +description: "User Account Hacking Analytic Type" +sidebar_position: 120 +--- + # User Account Hacking Analytic Type The **User Account Hacking** analytic type identifies multiple bad passwords provided for a given @@ -71,12 +77,12 @@ Policy Tab The **Policy** tab for configuring analytics consists of three sub-tabs: -- General tab – Configured the same way a regular policy’s [General Tab](/docs/threatprevention/7.5/admin/policies/general.md) is +- General tab – Configured the same way a regular policy’s [General Tab](/docs/threatprevention/7.5/admin/policies/configuration/general.md) is configured. The only exception is that the Name and Description are hard coded, and cannot be modified. The Tags field is disabled for analytics. - Event Type tab – Configured the same way a regular policy’s - [Event Type Tab](/docs/threatprevention/7.5/admin/policies/eventtype/overview.md) is configured. The only exception is that the - [Authentication Monitoring Event Type](/docs/threatprevention/7.5/admin/policies/eventtype/authenticationmonitoring.md) is hard + [Event Type Tab](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/overview.md) is configured. The only exception is that the + [Authentication Monitoring Event Type](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/authenticationmonitoring.md) is hard coded, and the Success filter cannot be modified. - Scope the accounts to include in or exclude from being monitored on the AD Perpetrator filter. @@ -98,7 +104,7 @@ The **Policy** tab for configuring analytics consists of three sub-tabs: filter values. - Actions tab – Configured the same way a regular policy’s - [Actions Tab](/docs/threatprevention/7.5/admin/policies/actions/overview.md) is configured. The only exceptions are that the + [Actions Tab](/docs/threatprevention/7.5/admin/policies/configuration/actions/overview.md) is configured. The only exceptions are that the “Send to Event DB” and “Email Notifications” options are disabled. The event data collected by analytic policies are stored in memory until an incident is triggered. For the “Send Raw Data to SIEM” option, use _caution_, as this will send all event data not the triggered incident, which @@ -113,7 +119,7 @@ The data grid on the **User Account Hacking** node lists one row per incident id ![User Account Hacking Analytic Type window](/img/product_docs/threatprevention/7.5/admin/analytics/useraccounthacking.webp) The data grid can be filtered according to the Event Tracker status: All, New, or Reviewed. See the -[Event Tracker Window](/docs/threatprevention/7.5/admin/policies/recentevents/eventtracker.md) topic for additional information. +[Event Tracker Window](/docs/threatprevention/7.5/admin/policies/configuration/recentevents/eventtracker.md) topic for additional information. The top data grid includes the following information for each incident: diff --git a/docs/threatprevention/7.5/admin/configuration/_category_.json b/docs/threatprevention/7.5/admin/configuration/_category_.json new file mode 100644 index 0000000000..edfc42f1fc --- /dev/null +++ b/docs/threatprevention/7.5/admin/configuration/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Configuration", + "position": 30, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/threatprevention/7.5/admin/configuration/collectionmanager/_category_.json b/docs/threatprevention/7.5/admin/configuration/collectionmanager/_category_.json new file mode 100644 index 0000000000..d6eb3d18d8 --- /dev/null +++ b/docs/threatprevention/7.5/admin/configuration/collectionmanager/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Collection Manager Window", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/threatprevention/7.5/admin/configuration/collectionmanager/dynamic.md b/docs/threatprevention/7.5/admin/configuration/collectionmanager/dynamic.md index 37063449e9..37720d3d25 100644 --- a/docs/threatprevention/7.5/admin/configuration/collectionmanager/dynamic.md +++ b/docs/threatprevention/7.5/admin/configuration/collectionmanager/dynamic.md @@ -1,3 +1,9 @@ +--- +title: "Dynamic Collections" +description: "Dynamic Collections" +sidebar_position: 20 +--- + # Dynamic Collections Certain options in the upper-left corner of the diff --git a/docs/threatprevention/7.5/admin/configuration/collectionmanager/listcollections.md b/docs/threatprevention/7.5/admin/configuration/collectionmanager/listcollections.md index f54610e54c..101f671918 100644 --- a/docs/threatprevention/7.5/admin/configuration/collectionmanager/listcollections.md +++ b/docs/threatprevention/7.5/admin/configuration/collectionmanager/listcollections.md @@ -1,3 +1,9 @@ +--- +title: "List of Collections Window" +description: "List of Collections Window" +sidebar_position: 10 +--- + # List of Collections Window Use the List of Collections window to add new items to a collection as well as edit and remove @@ -43,7 +49,7 @@ populated when collections are created or changed. The Select… window opens. Select a server/Agent from the drop-down menu and click **Connect**. Expand the domain tree in the navigation pane. Select an item in the Results pane on the right and -click **OK**. See the [Selection Windows](/docs/threatprevention/7.5/admin/policies/eventtype/window/overview.md) topic for +click **OK**. See the [Selection Windows](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/overview.md) topic for additional information. ![Select window](/img/product_docs/threatprevention/7.5/admin/configuration/collectionmanager/selectadobjects.webp) diff --git a/docs/threatprevention/7.5/admin/configuration/collectionmanager/overview.md b/docs/threatprevention/7.5/admin/configuration/collectionmanager/overview.md index 85a6e2088e..96d0becf7e 100644 --- a/docs/threatprevention/7.5/admin/configuration/collectionmanager/overview.md +++ b/docs/threatprevention/7.5/admin/configuration/collectionmanager/overview.md @@ -1,3 +1,9 @@ +--- +title: "Collection Manager Window" +description: "Collection Manager Window" +sidebar_position: 10 +--- + # Collection Manager Window The Collection Manager window enables you to manage all Microsoft Collections. Click @@ -8,8 +14,8 @@ Threat Prevention administrators. Collections are reusable lists of policy filter settings that help streamline the task of associating filters with event types on the Event Type tab during -[Policy Configuration](/docs/threatprevention/7.5/admin/policies/configuration.md) or -[Template Configuration](/docs/threatprevention/7.5/admin/templates/configuration.md). They are configured globally and can be +[Policy Configuration](/docs/threatprevention/7.5/admin/policies/configuration/configuration.md) or +[Template Configuration](/docs/threatprevention/7.5/admin/templates/configuration/configuration.md). They are configured globally and can be used in multiple policies in place of or in conjunction with individual filters. These collections are empty until you populate them with your environment information. When a collection is modified, the modifications affect all policies referencing the collection. At least one Agent must be diff --git a/docs/threatprevention/7.5/admin/configuration/databasemaintenance/_category_.json b/docs/threatprevention/7.5/admin/configuration/databasemaintenance/_category_.json new file mode 100644 index 0000000000..edc3426e71 --- /dev/null +++ b/docs/threatprevention/7.5/admin/configuration/databasemaintenance/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Database Maintenance Window", + "position": 20, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/threatprevention/7.5/admin/configuration/databasemaintenance/archive.md b/docs/threatprevention/7.5/admin/configuration/databasemaintenance/archive.md index 83cd1ce93c..e28439551c 100644 --- a/docs/threatprevention/7.5/admin/configuration/databasemaintenance/archive.md +++ b/docs/threatprevention/7.5/admin/configuration/databasemaintenance/archive.md @@ -1,3 +1,9 @@ +--- +title: "Archive Data" +description: "Archive Data" +sidebar_position: 20 +--- + # Archive Data To use the Move operation on the [Database Maintenance Window](/docs/threatprevention/7.5/admin/configuration/databasemaintenance/overview.md), you must specify a diff --git a/docs/threatprevention/7.5/admin/configuration/databasemaintenance/enable.md b/docs/threatprevention/7.5/admin/configuration/databasemaintenance/enable.md index fe88814a48..6101284d8f 100644 --- a/docs/threatprevention/7.5/admin/configuration/databasemaintenance/enable.md +++ b/docs/threatprevention/7.5/admin/configuration/databasemaintenance/enable.md @@ -1,3 +1,9 @@ +--- +title: "Enable Database Maintenance" +description: "Enable Database Maintenance" +sidebar_position: 10 +--- + # Enable Database Maintenance Database maintenance can be enabled for all or specific event types, analytics, and/or policies. It diff --git a/docs/threatprevention/7.5/admin/configuration/databasemaintenance/overview.md b/docs/threatprevention/7.5/admin/configuration/databasemaintenance/overview.md index d5fdce0b39..98aa6a3e5f 100644 --- a/docs/threatprevention/7.5/admin/configuration/databasemaintenance/overview.md +++ b/docs/threatprevention/7.5/admin/configuration/databasemaintenance/overview.md @@ -1,3 +1,9 @@ +--- +title: "Database Maintenance Window" +description: "Database Maintenance Window" +sidebar_position: 20 +--- + # Database Maintenance Window The database maintenance function grooms the NVMonitorData database to optimize performance. It @@ -11,7 +17,7 @@ archiving. For this database, you can also define settings to delete data aged b threshold. _Remember,_ See the Database Maintenance Permission details in the -[Database Maintenance Feature Requirements](/docs/threatprevention/7.5/requirements/dbmaintenance.md) topic. +[Database Maintenance Feature Requirements](/docs/threatprevention/7.5/requirements/sqlserver/dbmaintenance.md) topic. See the [Stored Procedures](/docs/threatprevention/7.5/admin/configuration/databasemaintenance/storedprocedures.md) topic for additional information on stored procedures Threat Prevention uses on its SQL Server databases. @@ -70,7 +76,7 @@ the [Archive Data](/docs/threatprevention/7.5/admin/configuration/databasemainte **Step 5 –** Click **Save** to save the changes. **_RECOMMENDED:_** The SQL Server databases should be configured to use 'Simple Recovery Mode' in -the [SQL Server Requirements](/docs/threatprevention/7.5/requirements/sqlserver.md). This configuration has a direct +the [SQL Server Requirements](/docs/threatprevention/7.5/requirements/sqlserver/sqlserver.md). This configuration has a direct impact on the size of the transaction log during database maintenance delete tasks. If Simple Recovery Mode is not configured on the databases, the transaction log may get quite large during delete tasks. diff --git a/docs/threatprevention/7.5/admin/configuration/databasemaintenance/schedule.md b/docs/threatprevention/7.5/admin/configuration/databasemaintenance/schedule.md index 3bf158f0c5..26593aebbd 100644 --- a/docs/threatprevention/7.5/admin/configuration/databasemaintenance/schedule.md +++ b/docs/threatprevention/7.5/admin/configuration/databasemaintenance/schedule.md @@ -1,3 +1,9 @@ +--- +title: "Schedule Database Maintenance" +description: "Schedule Database Maintenance" +sidebar_position: 30 +--- + # Schedule Database Maintenance You must schedule the database maintenance job, which runs the specified operation on each of the diff --git a/docs/threatprevention/7.5/admin/configuration/databasemaintenance/storedprocedures.md b/docs/threatprevention/7.5/admin/configuration/databasemaintenance/storedprocedures.md index b19dbb9c1a..c5f79cc591 100644 --- a/docs/threatprevention/7.5/admin/configuration/databasemaintenance/storedprocedures.md +++ b/docs/threatprevention/7.5/admin/configuration/databasemaintenance/storedprocedures.md @@ -1,3 +1,9 @@ +--- +title: "Stored Procedures" +description: "Stored Procedures" +sidebar_position: 40 +--- + # Stored Procedures The table contains a list of the stored procedures Threat Prevention uses on its SQL Server diff --git a/docs/threatprevention/7.5/admin/configuration/epesettings.md b/docs/threatprevention/7.5/admin/configuration/epesettings.md index 77e7ffe455..88d3ee77ad 100644 --- a/docs/threatprevention/7.5/admin/configuration/epesettings.md +++ b/docs/threatprevention/7.5/admin/configuration/epesettings.md @@ -1,3 +1,9 @@ +--- +title: "EPE Settings Window" +description: "EPE Settings Window" +sidebar_position: 30 +--- + # EPE Settings Window Threat Prevention can be configured with Enterprise Password Enforcer (EPE) to use the Have I Been diff --git a/docs/threatprevention/7.5/admin/configuration/eventfilteringconfiguration.md b/docs/threatprevention/7.5/admin/configuration/eventfilteringconfiguration.md index 878ddc9ef5..c2830fa61a 100644 --- a/docs/threatprevention/7.5/admin/configuration/eventfilteringconfiguration.md +++ b/docs/threatprevention/7.5/admin/configuration/eventfilteringconfiguration.md @@ -1,3 +1,9 @@ +--- +title: "Event Filtering Configuration Window" +description: "Event Filtering Configuration Window" +sidebar_position: 50 +--- + # Event Filtering Configuration Window The Event Filtering Configuration window enables you to exclude specific Active Directory and @@ -83,7 +89,7 @@ Collection window. The Exclude Logins from Machine Accounts collection is only accessible through the Event Filtering Configuration window. Either use the **Add** (+) button to open the -[Select Active Directory Perpetrators Window](/docs/threatprevention/7.5/admin/policies/eventtype/window/selectactivedirectory/perpetrators.md) +[Select Active Directory Perpetrators Window](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/perpetrators.md) to browse for machine accounts or type the account name in the textbox. Only perpetrators with accounts ending in “$” are considered for this filter. Wild cards (\*) can be @@ -143,7 +149,7 @@ Collection window. The Exclude Authentication Events from Selected Accounts collection is only accessible through the Event Filtering Configuration window. Use the **Add** (+) button to open the -[Select Active Directory Perpetrators Window](/docs/threatprevention/7.5/admin/policies/eventtype/window/selectactivedirectory/perpetrators.md) +[Select Active Directory Perpetrators Window](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/perpetrators.md) to browse for the desired accounts. Account names [domain name\account] can also be typed in the textbox. Wild cards (\*) can be used as part of either the domain name or account. An asterisk (\*) appearing anywhere other than as the first character or the last character are treated as a literal diff --git a/docs/threatprevention/7.5/admin/configuration/eventsdatabaseconfiguration.md b/docs/threatprevention/7.5/admin/configuration/eventsdatabaseconfiguration.md index dd04849165..30992dec5c 100644 --- a/docs/threatprevention/7.5/admin/configuration/eventsdatabaseconfiguration.md +++ b/docs/threatprevention/7.5/admin/configuration/eventsdatabaseconfiguration.md @@ -1,3 +1,9 @@ +--- +title: "Events Database Configuration Window" +description: "Events Database Configuration Window" +sidebar_position: 40 +--- + # Events Database Configuration Window The Events Database Configuration window manages the NVMonitorData database, also known as the diff --git a/docs/threatprevention/7.5/admin/configuration/filemonitorsettings.md b/docs/threatprevention/7.5/admin/configuration/filemonitorsettings.md index 02981f6fe5..a0db34fbbc 100644 --- a/docs/threatprevention/7.5/admin/configuration/filemonitorsettings.md +++ b/docs/threatprevention/7.5/admin/configuration/filemonitorsettings.md @@ -1,3 +1,9 @@ +--- +title: "File Monitor Settings Window" +description: "File Monitor Settings Window" +sidebar_position: 60 +--- + # File Monitor Settings Window The File Monitor Settings window provides global settings for managing log retention, the ability to @@ -60,7 +66,7 @@ Collection window opens. ![File Monitor Settings > Edit Collection window (for accounts)](/img/product_docs/threatprevention/7.5/admin/configuration/editcollectionaccounts.webp) **Step 3 –** Use the **Add** (+) button to open the -[Select Active Directory Perpetrators Window](/docs/threatprevention/7.5/admin/policies/eventtype/window/selectactivedirectory/perpetrators.md) +[Select Active Directory Perpetrators Window](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/perpetrators.md) to browse for and select AD accounts. **Step 4 –** Click **OK** to save your changes. diff --git a/docs/threatprevention/7.5/admin/configuration/siemoutputviewer.md b/docs/threatprevention/7.5/admin/configuration/siemoutputviewer.md index c94b0ad4b1..4fe9593956 100644 --- a/docs/threatprevention/7.5/admin/configuration/siemoutputviewer.md +++ b/docs/threatprevention/7.5/admin/configuration/siemoutputviewer.md @@ -1,3 +1,9 @@ +--- +title: "SIEM Output Viewer" +description: "SIEM Output Viewer" +sidebar_position: 70 +--- + # SIEM Output Viewer The SIEM Output Viewer window displays the event data (messages) that Threat Prevention writes to @@ -5,10 +11,10 @@ syslog (SIEM) in real time. - Event data generated for a policy is sent to SIEM if the 'Send to SIEM' option is selected for that policy on the Actions tab. See the - [Send to SIEM](/docs/threatprevention/7.5/admin/policies/actions/overview.md#send-to-siem) topic for additional information. + [Send to SIEM](/docs/threatprevention/7.5/admin/policies/configuration/actions/overview.md#send-to-siem) topic for additional information. - Event data generated for an analytic is sent to SIEM if the 'Send Raw Data to SIEM' option is selected for that analytic on the Actions tab. See the - [Send to SIEM](/docs/threatprevention/7.5/admin/policies/actions/overview.md#send-to-siem) topic for additional information. + [Send to SIEM](/docs/threatprevention/7.5/admin/policies/configuration/actions/overview.md#send-to-siem) topic for additional information. - Event data generated for an event/incident/policy is sent to SIEM if a SIEM profile has been assigned to it on the [SIEM Tab](/docs/threatprevention/7.5/admin/configuration/systemalerting/siem.md) of the System Alerting Window. diff --git a/docs/threatprevention/7.5/admin/configuration/systemalerting/_category_.json b/docs/threatprevention/7.5/admin/configuration/systemalerting/_category_.json new file mode 100644 index 0000000000..4e8e958d45 --- /dev/null +++ b/docs/threatprevention/7.5/admin/configuration/systemalerting/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "System Alerting Window", + "position": 100, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/threatprevention/7.5/admin/configuration/systemalerting/email.md b/docs/threatprevention/7.5/admin/configuration/systemalerting/email.md index a51d75903d..6f1a9d4482 100644 --- a/docs/threatprevention/7.5/admin/configuration/systemalerting/email.md +++ b/docs/threatprevention/7.5/admin/configuration/systemalerting/email.md @@ -1,3 +1,9 @@ +--- +title: "Email Tab" +description: "Email Tab" +sidebar_position: 10 +--- + # Email Tab Alert notification via email sends messages through an SMTP gateway. Alerts are designed to send @@ -188,5 +194,5 @@ can be removed, but partial tokens do not retrieve data from the database. Now that at least one Message Profile has been created, it can be assigned to an event either through the System Altering window’s Email tab or assigned to a policy on the -[Actions Tab](/docs/threatprevention/7.5/admin/policies/actions/overview.md) of the policy configuration or the -[Actions Tab](/docs/threatprevention/7.5/admin/templates/actions.md) of the template configuration. +[Actions Tab](/docs/threatprevention/7.5/admin/policies/configuration/actions/overview.md) of the policy configuration or the +[Actions Tab](/docs/threatprevention/7.5/admin/templates/configuration/actions.md) of the template configuration. diff --git a/docs/threatprevention/7.5/admin/configuration/systemalerting/eventlog.md b/docs/threatprevention/7.5/admin/configuration/systemalerting/eventlog.md index 78e6cf2672..39b4d6b5a6 100644 --- a/docs/threatprevention/7.5/admin/configuration/systemalerting/eventlog.md +++ b/docs/threatprevention/7.5/admin/configuration/systemalerting/eventlog.md @@ -1,3 +1,9 @@ +--- +title: "Event Log Tab" +description: "Event Log Tab" +sidebar_position: 20 +--- + # Event Log Tab Alert notification via Event Log sends event notifications to the Windows Event Log. Follow the diff --git a/docs/threatprevention/7.5/admin/configuration/systemalerting/overview.md b/docs/threatprevention/7.5/admin/configuration/systemalerting/overview.md index 9d0560ae81..16b31170ad 100644 --- a/docs/threatprevention/7.5/admin/configuration/systemalerting/overview.md +++ b/docs/threatprevention/7.5/admin/configuration/systemalerting/overview.md @@ -1,3 +1,9 @@ +--- +title: "System Alerting Window" +description: "System Alerting Window" +sidebar_position: 100 +--- + # System Alerting Window The System Alerting window is only available to administrators, enabling them to configure and @@ -27,8 +33,8 @@ grouped into five types: Email and SIEM alert notifications for policy events can be enabled through: - The System Alerting window -- The [Actions Tab](/docs/threatprevention/7.5/admin/policies/actions/overview.md) of a policy -- The [Actions Tab](/docs/threatprevention/7.5/admin/templates/actions.md) of a policy template +- The [Actions Tab](/docs/threatprevention/7.5/admin/policies/configuration/actions/overview.md) of a policy +- The [Actions Tab](/docs/threatprevention/7.5/admin/templates/configuration/actions.md) of a policy template In any case, configuration must first be set through the System Alerting window. The [Alerts Interface](/docs/threatprevention/7.5/admin/alerts/overview.md) allows you to quickly view recent alerts in a @@ -60,7 +66,7 @@ Below are some considerations: triggered in this event and the Agent is stopped. As a result, all monitoring/blocking by that Agent stops. To resolve the issue, either upgrade to the latest version of the Agent or simply upgrade SI.ActiveDirectoryMonitor.dll - commonly known as ADMonitor DLL (recommended). See the - [Upgrade ADMonitor](/docs/threatprevention/7.5/admin/agents/management/upgradeadmonitor.md)topic for additional information. + [Upgrade ADMonitor](/docs/threatprevention/7.5/admin/agents/agent-management/upgradeadmonitor.md)topic for additional information. **_RECOMMENDED:_** Activate an email notification for the _LSASS process terminated_ alert. See the @@ -75,10 +81,10 @@ Below are some considerations: monitoring/blocking by that Agent stops. The 'Agent Started in AD Monitor pending mode' alert (Operations alert) is triggered in this event. To resolve the issue temporarily, the Threat Prevention administrator should start the pending modules. See the - [Start Pending Modules](/docs/threatprevention/7.5/admin/agents/management/startpendingmodules.md) topic for additional + [Start Pending Modules](/docs/threatprevention/7.5/admin/agents/agent-management/startpendingmodules.md) topic for additional information. It is also recommended to upgrade SI.ActiveDirectoryMonitor.dll (commonly known as ADMonitor DLL) to resolve the issue permanently. See the - [Upgrade ADMonitor](/docs/threatprevention/7.5/admin/agents/management/upgradeadmonitor.md) topic for additional information. + [Upgrade ADMonitor](/docs/threatprevention/7.5/admin/agents/agent-management/upgradeadmonitor.md) topic for additional information. **_RECOMMENDED:_** Activate an email notification for this alert. See the [Enable Agent Started in AD Monitor Pending Mode Email Alert](/docs/threatprevention/7.5/admin/agents/safemode.md#enable-agent-started-in-ad-monitor-pending-mode-email-alert) diff --git a/docs/threatprevention/7.5/admin/configuration/systemalerting/siem.md b/docs/threatprevention/7.5/admin/configuration/systemalerting/siem.md index 9373fd2153..23588eaaee 100644 --- a/docs/threatprevention/7.5/admin/configuration/systemalerting/siem.md +++ b/docs/threatprevention/7.5/admin/configuration/systemalerting/siem.md @@ -1,3 +1,9 @@ +--- +title: "SIEM Tab" +description: "SIEM Tab" +sidebar_position: 30 +--- + # SIEM Tab Alert notification via SIEM sends event notifications to a SIEM product using UDP or TCP protocol. @@ -124,8 +130,8 @@ mapping file formats are specifically designed for Analytics incidents. **Step 11 –** Click **OK** to save the settings. Once a SIEM server is configured, assign it to events using the System Alerting window’s SIEM Tab or -the [Actions Tab](/docs/threatprevention/7.5/admin/policies/actions/overview.md) of a policy or the -[Actions Tab](/docs/threatprevention/7.5/admin/templates/actions.md) of a policy template. +the [Actions Tab](/docs/threatprevention/7.5/admin/policies/configuration/actions/overview.md) of a policy or the +[Actions Tab](/docs/threatprevention/7.5/admin/templates/configuration/actions.md) of a policy template. IBM QRadar Integration @@ -139,8 +145,8 @@ for additional information. Splunk Integration Netwrix has created custom apps for integration between Threat Prevention and Splunk. See the -[Active Directory App for Splunk](/docs/threatprevention/7.5/siemdashboard/splunk/activedirectory/overview.md) topic -and the [Threat Hunting App for Splunk](/docs/threatprevention/7.5/siemdashboard/splunk/threathunting/overview.md) +[Active Directory App for Splunk](/docs/threatprevention/7.5/siemdashboard/activedirectory/overview.md) topic +and the [Threat Hunting App for Splunk](/docs/threatprevention/7.5/siemdashboard/threathunting/overview.md) topic for additional information. There is also a custom app for File Activity, that can receive data from either Threat Prevention or Netwrix Activity Monitor. See the [Netwrix Activity Monitor Documentation](https://helpcenter.netwrix.com/category/activitymonitor) diff --git a/docs/threatprevention/7.5/admin/configuration/threatmanagerconfiguration.md b/docs/threatprevention/7.5/admin/configuration/threatmanagerconfiguration.md index 2ea57423a1..a410f4cffb 100644 --- a/docs/threatprevention/7.5/admin/configuration/threatmanagerconfiguration.md +++ b/docs/threatprevention/7.5/admin/configuration/threatmanagerconfiguration.md @@ -1,3 +1,9 @@ +--- +title: "Netwrix Threat Manager Configuration Window" +description: "Netwrix Threat Manager Configuration Window" +sidebar_position: 80 +--- + # Netwrix Threat Manager Configuration Window The Netwrix Threat Manager Configuration window is a global setting to enable integration between diff --git a/docs/threatprevention/7.5/admin/configuration/threatprevention.md b/docs/threatprevention/7.5/admin/configuration/threatprevention.md new file mode 100644 index 0000000000..7cc9e5b687 --- /dev/null +++ b/docs/threatprevention/7.5/admin/configuration/threatprevention.md @@ -0,0 +1,46 @@ +--- +title: "Send Active Directory Event Data from Netwrix Threat Prevention to Netwrix Access Analyzer" +description: "Send Active Directory Event Data from Netwrix Threat Prevention to Netwrix Access Analyzer" +sidebar_position: 90 +--- + +# Send Active Directory Event Data from Netwrix Threat Prevention to Netwrix Access Analyzer + +When Netwrix Threat Prevention is configured to monitor a domain, the event data collected by the +policies can be provided to Netwrix Access Analyzer (formerly Enterprise Auditor) for auditing and +analysis. This is accomplished by configuring Threat Prevention to send data to Netwrix Activity +Monitor, which in turn creates the activity log files that Access Analyzer collects. + +**NOTE:** Threat Prevention can only be configured to send event data to one Netwrix application, +either Netwrix Activity Monitor or Netwrix Threat Manager but not both. However, the Activity +Monitor can be configured with outputs for Access Analyzer and Threat Manager. + +Follow the steps to configure this integration. + +**_RECOMMENDED:_** It is a best practice to use the API Server option of the Activity Monitor for +this integration between Threat Prevention and Access Analyzer. + +**Step 1 –** In the Threat Prevention Administration Console, click **Configuration** > **Netwrix +Threat Manager Configuration** on the menu. The Netwrix Threat Manager Configuration window opens. + +**Step 2 –** On the Event Sink tab, configure the following: + +- Netwrix Threat Manager URI – Enter the name of the Activity Monitor agent host and port, which is + 4499 by default, in the following format: + + `amqp://localhost:4499` + + You must use localhost, even if Activity Monitor and Threat Prevention are installed on + different servers. + +- App Token – Leave this field blank for integration with Activity Monitor +- Policies – The table displays all policies created in Threat Prevention along with a State icon + indicating if the policy is active. Check the **Send** box for the desired policies monitoring the + target domain activity. + +**Step 3 –** Click **Save**. + +All real-time event data from the selected policies is now sent to Activity Monitor. Additional +policies can be added to this data stream through the Netwrix Threat Manager Configuration window or +by selecting the **Send to Netwrix Threat Manager** option on the Actions tab of the respective +policy. diff --git a/docs/threatprevention/7.5/admin/configuration/userroles/_category_.json b/docs/threatprevention/7.5/admin/configuration/userroles/_category_.json new file mode 100644 index 0000000000..a7be09bb41 --- /dev/null +++ b/docs/threatprevention/7.5/admin/configuration/userroles/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Users and Roles Window", + "position": 110, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/threatprevention/7.5/admin/configuration/userroles/add.md b/docs/threatprevention/7.5/admin/configuration/userroles/add.md index 0d848c6fbf..07dc7d70db 100644 --- a/docs/threatprevention/7.5/admin/configuration/userroles/add.md +++ b/docs/threatprevention/7.5/admin/configuration/userroles/add.md @@ -1,3 +1,9 @@ +--- +title: "Add Users" +description: "Add Users" +sidebar_position: 10 +--- + # Add Users Follow the steps to add a user and assign access rights. @@ -22,7 +28,7 @@ Administrator automatically checks the Console Operator role. _Remember,_ the Report User role was a legacy role for the IIS-based SI Reporting Console and does not apply to the Netwrix Threat Manager Reporting Module console. See the -[User Access Page](/docs/threatprevention/7.5/reportingmodule/configuration/systemsettings/useraccess.md) topic for +[User Access Page](/docs/threatprevention/7.5/reportingmodule/configuration/interface/useraccess.md) topic for information on granting report access. **Step 5 –** _(Optional)_ Create as many users as required before clicking OK. diff --git a/docs/threatprevention/7.5/admin/configuration/userroles/delete.md b/docs/threatprevention/7.5/admin/configuration/userroles/delete.md index 50e0ccca57..b5e6625c4c 100644 --- a/docs/threatprevention/7.5/admin/configuration/userroles/delete.md +++ b/docs/threatprevention/7.5/admin/configuration/userroles/delete.md @@ -1,3 +1,9 @@ +--- +title: "Delete User" +description: "Delete User" +sidebar_position: 30 +--- + # Delete User The Administration Console prevents you from deleting the last user with Administrator rights. There diff --git a/docs/threatprevention/7.5/admin/configuration/userroles/modify.md b/docs/threatprevention/7.5/admin/configuration/userroles/modify.md index 5924cf04f4..21908e781c 100644 --- a/docs/threatprevention/7.5/admin/configuration/userroles/modify.md +++ b/docs/threatprevention/7.5/admin/configuration/userroles/modify.md @@ -1,3 +1,9 @@ +--- +title: "Modify User Access" +description: "Modify User Access" +sidebar_position: 20 +--- + # Modify User Access Follow the steps to modify a user’s assigned rights. diff --git a/docs/threatprevention/7.5/admin/configuration/userroles/overview.md b/docs/threatprevention/7.5/admin/configuration/userroles/overview.md index ac59027c74..7944f73c98 100644 --- a/docs/threatprevention/7.5/admin/configuration/userroles/overview.md +++ b/docs/threatprevention/7.5/admin/configuration/userroles/overview.md @@ -1,8 +1,14 @@ +--- +title: "Users and Roles Window" +description: "Users and Roles Window" +sidebar_position: 110 +--- + # Users and Roles Window On the Users and Roles window, you can grant role based access to users on the Administration Console. See the -[User Access Page](/docs/threatprevention/7.5/reportingmodule/configuration/systemsettings/useraccess.md) topic for +[User Access Page](/docs/threatprevention/7.5/reportingmodule/configuration/interface/useraccess.md) topic for information on granting access to the Netwrix Threat Manager Reporting Module console. Click **Configuration** > **Users** on the menu to open the Users and Roles window. diff --git a/docs/threatprevention/7.5/admin/investigate/_category_.json b/docs/threatprevention/7.5/admin/investigate/_category_.json new file mode 100644 index 0000000000..e26c62f1a0 --- /dev/null +++ b/docs/threatprevention/7.5/admin/investigate/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Investigate Interface", + "position": 60, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/threatprevention/7.5/admin/investigate/datagrid.md b/docs/threatprevention/7.5/admin/investigate/datagrid.md index 5e279f80d3..e31b822a5f 100644 --- a/docs/threatprevention/7.5/admin/investigate/datagrid.md +++ b/docs/threatprevention/7.5/admin/investigate/datagrid.md @@ -1,3 +1,9 @@ +--- +title: "Investigate Data Grid" +description: "Investigate Data Grid" +sidebar_position: 30 +--- + # Investigate Data Grid Events are displayed in the data grid on the Investigate interface. @@ -36,7 +42,7 @@ from view. Each column in the data grid has a prefix identifying the type of information displayed. Double-click a populated grid column to access the -[Event Viewer Window](/docs/threatprevention/7.5/admin/policies/recentevents/eventviewer.md) with detailed information on the +[Event Viewer Window](/docs/threatprevention/7.5/admin/policies/configuration/recentevents/eventviewer.md) with detailed information on the event. The columns display the following information for each event: - Event: Policy Name – Policy which monitored or blocked the event diff --git a/docs/threatprevention/7.5/admin/investigate/filters.md b/docs/threatprevention/7.5/admin/investigate/filters.md index 205bb16a26..fd9e1fd122 100644 --- a/docs/threatprevention/7.5/admin/investigate/filters.md +++ b/docs/threatprevention/7.5/admin/investigate/filters.md @@ -1,3 +1,9 @@ +--- +title: "Investigate Filters" +description: "Investigate Filters" +sidebar_position: 40 +--- + # Investigate Filters On the [Investigate Interface](/docs/threatprevention/7.5/admin/investigate/overview.md), there are six filter categories that can be applied to diff --git a/docs/threatprevention/7.5/admin/investigate/overview.md b/docs/threatprevention/7.5/admin/investigate/overview.md index 34daaf3d40..c4b23781b9 100644 --- a/docs/threatprevention/7.5/admin/investigate/overview.md +++ b/docs/threatprevention/7.5/admin/investigate/overview.md @@ -1,3 +1,9 @@ +--- +title: "Investigate Interface" +description: "Investigate Interface" +sidebar_position: 60 +--- + # Investigate Interface The Investigate interface allows you to quickly view recent events in a centralized location. You diff --git a/docs/threatprevention/7.5/admin/investigate/saved.md b/docs/threatprevention/7.5/admin/investigate/saved.md index ce1bc28883..01699d699a 100644 --- a/docs/threatprevention/7.5/admin/investigate/saved.md +++ b/docs/threatprevention/7.5/admin/investigate/saved.md @@ -1,3 +1,9 @@ +--- +title: "Saved Investigations" +description: "Saved Investigations" +sidebar_position: 10 +--- + # Saved Investigations You can apply filters on the [Investigate Interface](/docs/threatprevention/7.5/admin/investigate/overview.md) to filter event data as desired. diff --git a/docs/threatprevention/7.5/admin/investigate/summaryfolders.md b/docs/threatprevention/7.5/admin/investigate/summaryfolders.md index ce8d55495c..7324a99f25 100644 --- a/docs/threatprevention/7.5/admin/investigate/summaryfolders.md +++ b/docs/threatprevention/7.5/admin/investigate/summaryfolders.md @@ -1,3 +1,9 @@ +--- +title: "Summary Folders" +description: "Summary Folders" +sidebar_position: 20 +--- + # Summary Folders The EPE Summary and LDAP Summary folders under Investigate in the navigation pane are pre-defined diff --git a/docs/threatprevention/7.5/admin/navigation/_category_.json b/docs/threatprevention/7.5/admin/navigation/_category_.json new file mode 100644 index 0000000000..4ee7155632 --- /dev/null +++ b/docs/threatprevention/7.5/admin/navigation/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Navigation", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/threatprevention/7.5/admin/navigation/datagrid.md b/docs/threatprevention/7.5/admin/navigation/datagrid.md index 8ecb6f93a6..778b12e2f0 100644 --- a/docs/threatprevention/7.5/admin/navigation/datagrid.md +++ b/docs/threatprevention/7.5/admin/navigation/datagrid.md @@ -1,3 +1,9 @@ +--- +title: "Data Grid Functionality" +description: "Data Grid Functionality" +sidebar_position: 20 +--- + # Data Grid Functionality Result data is displayed using data grids on several interfaces in the Administration Console. These @@ -125,7 +131,7 @@ The data grids provide an option to export data. - Data grids on the Agents interface and on the Analytics windows export all available data from the grid to a CSV file. Clicking the **Export** button from these interfaces opens a Save As window. - Clicking the Export button from the Alerts interface opens the Alerts Export window. See the - [Alerts Export Window](/docs/threatprevention/7.5/admin/alerts/window/alertsexport.md) topic for additional information. + [Alerts Export Window](/docs/threatprevention/7.5/admin/alerts/alertsexport.md) topic for additional information. - Clicking the Export button from the Investigate interface or the Recent Events tab of a policy opens the Export window. diff --git a/docs/threatprevention/7.5/admin/navigation/licensemanager.md b/docs/threatprevention/7.5/admin/navigation/licensemanager.md index 6ee915cc66..fac0cf616a 100644 --- a/docs/threatprevention/7.5/admin/navigation/licensemanager.md +++ b/docs/threatprevention/7.5/admin/navigation/licensemanager.md @@ -1,3 +1,9 @@ +--- +title: "License Manager Window" +description: "License Manager Window" +sidebar_position: 30 +--- + # License Manager Window The License Manager window displays the Threat Prevention modules that you are licensed for. If @@ -58,19 +64,19 @@ The Active Directory solution comes with the following licensed modules: See the following topics for additional information: -- [Active Directory Changes Event Type](/docs/threatprevention/7.5/admin/policies/eventtype/activedirectorychanges.md) -- [Active Directory Lockdown Event Type](/docs/threatprevention/7.5/admin/policies/eventtype/activedirectorylockdown.md) -- [Active Directory Read Monitoring Event Type](/docs/threatprevention/7.5/admin/policies/eventtype/activedirectoryreadmonitoring.md) -- [AD Replication Monitoring Event Type](/docs/threatprevention/7.5/admin/policies/eventtype/adreplicationmonitoring.md) -- [AD Replication Lockdown Event Type](/docs/threatprevention/7.5/admin/policies/eventtype/adreplicationlockdown.md) -- [Authentication Monitoring Event Type](/docs/threatprevention/7.5/admin/policies/eventtype/authenticationmonitoring.md) -- [Authentication Lockdown Event Type](/docs/threatprevention/7.5/admin/policies/eventtype/authenticationlockdown.md) -- [Effective Group Membership Event Type](/docs/threatprevention/7.5/admin/policies/eventtype/effectivegroupmembership.md) -- [FSMO Role Monitoring Event Type](/docs/threatprevention/7.5/admin/policies/eventtype/fsmorolemonitoring.md) -- [GPO Setting Changes Event Type](/docs/threatprevention/7.5/admin/policies/eventtype/gposettingchanges.md) -- [GPO Setting Lockdown Event Type](/docs/threatprevention/7.5/admin/policies/eventtype/gposettinglockdown.md) -- [LSASS Guardian – Monitor Event Type](/docs/threatprevention/7.5/admin/policies/eventtype/lsassguardianmonitor.md) -- [LSASS Guardian – Protect Event Type](/docs/threatprevention/7.5/admin/policies/eventtype/lsassguardianprotect.md) +- [Active Directory Changes Event Type](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/activedirectorychanges.md) +- [Active Directory Lockdown Event Type](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/activedirectorylockdown.md) +- [Active Directory Read Monitoring Event Type](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/activedirectoryreadmonitoring.md) +- [AD Replication Monitoring Event Type](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/adreplicationmonitoring.md) +- [AD Replication Lockdown Event Type](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/adreplicationlockdown.md) +- [Authentication Monitoring Event Type](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/authenticationmonitoring.md) +- [Authentication Lockdown Event Type](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/authenticationlockdown.md) +- [Effective Group Membership Event Type](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/effectivegroupmembership.md) +- [FSMO Role Monitoring Event Type](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/fsmorolemonitoring.md) +- [GPO Setting Changes Event Type](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/gposettingchanges.md) +- [GPO Setting Lockdown Event Type](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/gposettinglockdown.md) +- [LSASS Guardian – Monitor Event Type](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/lsassguardianmonitor.md) +- [LSASS Guardian – Protect Event Type](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/lsassguardianprotect.md) #### Enterprise Password Enforcer Solution @@ -80,7 +86,7 @@ The Enterprise Password Enforcer solution comes with the following licensed modu | --------------------------- | -------------------- | | Password Enforcement Module | Password Enforcement | -See the [Password Enforcement Event Type](/docs/threatprevention/7.5/admin/policies/eventtype/passwordenforcement.md) topics for +See the [Password Enforcement Event Type](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/passwordenforcement/passwordenforcement.md) topics for additional information. #### Exchange Solution @@ -94,8 +100,8 @@ The Exchange solution comes with the following licensed modules: See the following topics for additional information: -- [Exchange Changes Event Type](/docs/threatprevention/7.5/admin/policies/eventtype/exchangechanges.md) -- [Exchange Lockdown Event Type](/docs/threatprevention/7.5/admin/policies/eventtype/exchangelockdown.md) +- [Exchange Changes Event Type](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/exchangechanges.md) +- [Exchange Lockdown Event Type](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/exchangelockdown.md) #### File System Solution @@ -113,9 +119,9 @@ event types assigned. See the following topics for additional information: -- [File System Changes Event Type](/docs/threatprevention/7.5/admin/policies/eventtype/filesystemchanges.md) – For Windows file +- [File System Changes Event Type](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/filesystemchanges/filesystemchanges.md) – For Windows file servers and/or NAS devices -- [File System Lockdown Event Type](/docs/threatprevention/7.5/admin/policies/eventtype/filesystemlockdown.md) – For Windows file +- [File System Lockdown Event Type](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/filesystemlockdown.md) – For Windows file servers - [File System Enterprise Auditor Event Type](/docs/threatprevention/7.5/admin/policies/eventtype/filesystemaccessanalyzer.md) – For Windows file servers @@ -130,6 +136,6 @@ The LDAP solution comes with the following licensed modules: See the following topics for additional information: -- [LDAP Monitoring Event Type](/docs/threatprevention/7.5/admin/policies/eventtype/ldapmonitoring.md) -- [LDAP Lockdown Event Type](/docs/threatprevention/7.5/admin/policies/eventtype/ldaplockdown.md) -- [LDAP Bind Monitoring Event Type](/docs/threatprevention/7.5/admin/policies/eventtype/ldapbindmonitoring.md) +- [LDAP Monitoring Event Type](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/ldapmonitoring/ldapmonitoring.md) +- [LDAP Lockdown Event Type](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/ldaplockdown.md) +- [LDAP Bind Monitoring Event Type](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/ldapbindmonitoring.md) diff --git a/docs/threatprevention/7.5/admin/navigation/overview.md b/docs/threatprevention/7.5/admin/navigation/overview.md index 9592fe29f7..e61479d292 100644 --- a/docs/threatprevention/7.5/admin/navigation/overview.md +++ b/docs/threatprevention/7.5/admin/navigation/overview.md @@ -1,3 +1,9 @@ +--- +title: "Navigation" +description: "Navigation" +sidebar_position: 10 +--- + # Navigation The Threat Prevention Administration Console is used to: @@ -71,7 +77,7 @@ interface. The following interface options are available: - [Analytics Interface](/docs/threatprevention/7.5/admin/analytics/overview.md) - [Policies Interface](/docs/threatprevention/7.5/admin/policies/overview.md) - [Templates Interface](/docs/threatprevention/7.5/admin/templates/overview.md) -- [Tags Node](/docs/threatprevention/7.5/admin/tags/overview.md) +- [Tags Node](/docs/threatprevention/7.5/admin/overview_1.md) Several right-click menus and additional features are available within these interfaces. diff --git a/docs/threatprevention/7.5/admin/navigation/rightclickmenus.md b/docs/threatprevention/7.5/admin/navigation/rightclickmenus.md index 428804ed6d..03fc5688bf 100644 --- a/docs/threatprevention/7.5/admin/navigation/rightclickmenus.md +++ b/docs/threatprevention/7.5/admin/navigation/rightclickmenus.md @@ -1,3 +1,9 @@ +--- +title: "Right-Click Menus" +description: "Right-Click Menus" +sidebar_position: 10 +--- + # Right-Click Menus In the Navigation pane, the Policies node, Templates node, folders, policies, and templates have diff --git a/docs/threatprevention/7.5/admin/overview.md b/docs/threatprevention/7.5/admin/overview.md index dbd450aa37..5504055c8b 100644 --- a/docs/threatprevention/7.5/admin/overview.md +++ b/docs/threatprevention/7.5/admin/overview.md @@ -1,3 +1,9 @@ +--- +title: "Administration" +description: "Administration" +sidebar_position: 40 +--- + # Administration Threat Prevention monitors events in real‐time, gathers and processes event data, then outputs that @@ -83,7 +89,7 @@ Administrators group. A Threat Prevention Policy has many attributes which define the activities and objects it monitors, where on a network that policy applies, and when it is active. See the -[Policy Configuration](/docs/threatprevention/7.5/admin/policies/configuration.md) topic for additional information. +[Policy Configuration](/docs/threatprevention/7.5/admin/policies/configuration/configuration.md) topic for additional information. General @@ -125,7 +131,7 @@ customized for a particular installation, e.g. the name of a text file, the conn for a local SMTP server, etc. See the [Pre-Created Templates](/docs/threatprevention/7.5/admin/templates/folder/overview.md) and -[Template Configuration](/docs/threatprevention/7.5/admin/templates/configuration.md) topics for additional information. +[Template Configuration](/docs/threatprevention/7.5/admin/templates/configuration/configuration.md) topics for additional information. ## Database Components diff --git a/docs/threatprevention/7.5/admin/overview_1.md b/docs/threatprevention/7.5/admin/overview_1.md new file mode 100644 index 0000000000..d4da5316bc --- /dev/null +++ b/docs/threatprevention/7.5/admin/overview_1.md @@ -0,0 +1,20 @@ +--- +title: "Tags Node" +description: "Tags Node" +sidebar_position: 100 +--- + +# Tags Node + +Tags can be added to templates as an organizational tool. Tags are displaed as folders under the +TAGS node. Several preconfigured templates include tags, which are displayed after those templates +have been imported into the Administration Console. A template can have multiple tags added, and the +template is displayed in the folder for each tag. If a new tag is added, Refresh the TAGS node to +view its folder. + +![Tags node](/img/product_docs/threatprevention/7.5/admin/tags/tags.webp) + +Adding tags to a template does not create a duplicate template, but rather multiple places to access +the template from. A modification made to a template within a folder under the TAGS node is a +modification to that template no matter where it is accessed after that, i.e. from under the +Templates node or from another folder under the TAGS node. diff --git a/docs/threatprevention/7.5/admin/policies/_category_.json b/docs/threatprevention/7.5/admin/policies/_category_.json new file mode 100644 index 0000000000..3c7c330d60 --- /dev/null +++ b/docs/threatprevention/7.5/admin/policies/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Policies Interface", + "position": 80, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/threatprevention/7.5/admin/policies/actions/overview.md b/docs/threatprevention/7.5/admin/policies/actions/overview.md deleted file mode 100644 index 777cb34ab4..0000000000 --- a/docs/threatprevention/7.5/admin/policies/actions/overview.md +++ /dev/null @@ -1,144 +0,0 @@ -# Actions Tab - -The Actions tab is for configuring various responses, or event consumers, to the event data a policy -captures. - -![Policies - Actions tab](/img/product_docs/threatprevention/7.5/admin/policies/actions/actionstab.webp) - -The following types of actions are available: - -- Send to Events DB – Logs events to the event database for reporting, using the built-in database - event consumer -- Send to SIEM – Sends formatted messages to a SIEM server as configured in a profile -- Send to Netwrix Threat Manager – Sends data for this policy to Netwrix Threat Manager, formerly - StealthDEFEND -- Email Notifications – Sends formatted email notifications to the selected message profile -- Add Custom Scripts - - - File Actions – Records the events to a log (text) file in XML or Comma Delimited (CSV) format - - .NET Script Actions – Runs a user‐supplied script that implements an automated action in - response to the event. Scripts can be written in Visual Basic or C# - - PowerShell 4.0 Actions – Runs a user-supplied PowerShell script that implements an automated - action in response to the event - -Multiple event consumers can be configured for a single policy, even multiple event consumers of the -same type. However, only one database event consumer can be added per policy. - -Actions are configured to run on a separate thread from the policy’s event processing thread. -Incoming events have a dedicated thread/queue for processing. Email notification has a dedicated -thread/queue for processing. Custom Script actions has a dedicated thread/queue for processing. This -allows the action to process without blocking new events from going into the database while the -action completes. - -You can enable or disable an action in any of the following ways: - -- Check or uncheck the Enabled checkbox for an action in the Action Configurations list -- On selecting an action in the Action Configurations list, its details are displayed on the Actions - tab. You can check or uncheck the Enabled checkbox for the action here. - -Save all changes made to a policy or a template before leaving the configuration interface. - -## Send to Events DB - -This is the primary action and is enabled by default in new policies. It saves the event data a -policy monitors and captures to the NVMonitorData database. Typically this option is only unchecked -by Netwrix Support during a troubleshooting session or when the only desired output is a file for an -alert. Reporting uses the events database. - -## Send to SIEM - -This action is added by selecting the desired SIEM profile to be the recipient of the SIEM -notifications from the drop-down menu. Only SIEM profiles previously created are available for -selection. This action can also be assigned on the -[SIEM Tab](/docs/threatprevention/7.5/admin/configuration/systemalerting/siem.md) of the System Alerting Window. - -All notifications sent to SIEM are also displayed on the -[SIEM Output Viewer](/docs/threatprevention/7.5/admin/configuration/siemoutputviewer.md) window. - -**NOTE:** To enable this feature, a Threat Prevention administrator must first establish a -connection with the SIEM server and configure the mapping file through the -[System Alerting Window](/docs/threatprevention/7.5/admin/configuration/systemalerting/overview.md). - -## Send to Netwrix Threat Manager - -This action can be checked to send event data for the policy to Netwrix Threat Manager. This is -specific to integration with a full version deployment of Netwrix Threat Manager. The Netwrix Threat -Manager Reporting Module uses the NVMonitorData database (Send to Events DB option) for reporting -purposes. - -**NOTE:** To enable this feature, the Web Request Action Module (Netwrix Threat Manager URI) must be -created and configured by a Threat Prevention administrator through the -[Event Sink Tab](/docs/threatprevention/7.5/admin/configuration/threatmanagerconfiguration.md#event-sink-tab) on the Netwrix -Threat Manager Configuration window. - -## Email Notifications - -**CAUTION:** Email notifications should not be used on highly active policies. Please reserve this -feature for policies where immediate notification of an event is needed. - -To enable email notifications, select the desired message profile to be recipient of the email -notifications from the drop-down menu. Only message profiles previously created are available for -selection. This action can also be assigned on the -[System Alerting Window](/docs/threatprevention/7.5/admin/configuration/systemalerting/overview.md). - -![Actions tab - Email Notifications section](/img/product_docs/threatprevention/7.5/admin/policies/actions/emailnotificationssetup.webp) - -Enable the Email Notifications checkbox, select a message profile and then choose to enable the -**Prevent Repeat Emails by** option. If enabled: - -- Select the radio button for either Policy or Subject: - - - Policy – Threat Prevention will send an email notification for the first event only, and skip - notifications for any other events captured by the same policy during the duration you specify - in the boxes below. - - Subject – Threat Prevention will send an email notification (say, Notification1) for the first - event only, and skip notifications for any other events whose email notification will have the - same subject line as Notification1. It will skip sending notifications for the duration you - specify in the boxes below. Note that the subject line is configured within the message - profile. - -- Set the duration (in minutes or hours) for which emails notifications are skipped after an email - is sent for a policy/subject line. - -Example: - -In the following example, let’s assume you have the following settings for Prevent Repeat Emails by: - -- Option selected: Policy -- Duration set: 5 minutes - -In a situation where Threat Prevention captures 15 events in 5 minutes against a policy, an email -notification will be sent in real time for the first event only. The remaining events will be logged -in the application but email notifications will not be generated. - -Two hours later, when another event is captured against that same policy, Threat Prevention will -send an email notification for it. If more events are captured within the next five minutes, email -notifications will not be generated. - -**NOTE:** To enable email notifications, the SMTP gateway must first be configured and message -profiles created by a Threat Prevention  administrator, which is done through the -[System Alerting Window](/docs/threatprevention/7.5/admin/configuration/systemalerting/overview.md). - -## Custom Scripts - -In the Actions Configurations area at the top of the tab, assigned File, .NET Script, or PowerShell -4.0 actions are listed with their name, type, description, and whether they are enabled or disabled. - -- Click **Add** (+) to open the Add Action window. Choose the type of action and configure the - script. -- Use the Remove (x) button to delete a custom script action from a policy. - -See the following topics for additional information: - -- [File Actions](/docs/threatprevention/7.5/admin/policies/actions/file.md) -- [.NET Script Actions](/docs/threatprevention/7.5/admin/policies/actions/netscript.md) - - - Optionally, custom scripts can be provided through a Netwrix Statement of Work. - -- [PowerShell 4.0 Actions](/docs/threatprevention/7.5/admin/policies/actions/powershell.md) - - - Optionally, custom scripts can be provided through a Netwrix Statement of Work. - -**NOTE:** There are custom scripts created by Netwrix Engineers that execute the notification -emails. See the [Custom Scripts](/docs/threatprevention/7.5/admin/templates/folder/actions.md#custom-scripts) topic for -additional information. diff --git a/docs/threatprevention/7.5/admin/policies/configuration.md b/docs/threatprevention/7.5/admin/policies/configuration.md deleted file mode 100644 index 9762df6a12..0000000000 --- a/docs/threatprevention/7.5/admin/policies/configuration.md +++ /dev/null @@ -1,20 +0,0 @@ -# Policy Configuration - -A Threat Prevention policy has many elements that define the objects and events it monitors or -blocks, where it looks in networks, and when it is active. These policy attributes are organized -into the following major components: - -- [General Tab](/docs/threatprevention/7.5/admin/policies/general.md) -- [Event Type Tab](/docs/threatprevention/7.5/admin/policies/eventtype/overview.md) -- [Actions Tab](/docs/threatprevention/7.5/admin/policies/actions/overview.md) (Event Consumers) - -Each major component has its own tabbed view. A policy requires at least the General tab and Event -Type tab to be configured before it properly functions. The Actions tab is optional. - -The [Recent Events Tab](/docs/threatprevention/7.5/admin/policies/recentevents/overview.md) provides information on the events that have been -recently monitored or blocked by the respective policy. These events are also available on the -[Investigate Interface](/docs/threatprevention/7.5/admin/investigate/overview.md). - -Through a PowerShell API integration, it is possible to create, edit, delete, and enable policies -without opening the Administration Console. See the -[PowerShell API Integration](/docs/threatprevention/7.5/api/overview.md) topic for additional information. diff --git a/docs/threatprevention/7.5/admin/policies/configuration/_category_.json b/docs/threatprevention/7.5/admin/policies/configuration/_category_.json new file mode 100644 index 0000000000..b8caa85a7f --- /dev/null +++ b/docs/threatprevention/7.5/admin/policies/configuration/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Policy Configuration", + "position": 20, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "configuration" + } +} \ No newline at end of file diff --git a/docs/threatprevention/7.5/admin/policies/configuration/actions/_category_.json b/docs/threatprevention/7.5/admin/policies/configuration/actions/_category_.json new file mode 100644 index 0000000000..0a89e91623 --- /dev/null +++ b/docs/threatprevention/7.5/admin/policies/configuration/actions/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Actions Tab", + "position": 30, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/threatprevention/7.5/admin/policies/actions/file.md b/docs/threatprevention/7.5/admin/policies/configuration/actions/file.md similarity index 96% rename from docs/threatprevention/7.5/admin/policies/actions/file.md rename to docs/threatprevention/7.5/admin/policies/configuration/actions/file.md index 675cca9527..c1073cd742 100644 --- a/docs/threatprevention/7.5/admin/policies/actions/file.md +++ b/docs/threatprevention/7.5/admin/policies/configuration/actions/file.md @@ -1,3 +1,9 @@ +--- +title: "File Actions" +description: "File Actions" +sidebar_position: 10 +--- + # File Actions A File action can output the event data collected by a policy to a log file. Follow the steps to add diff --git a/docs/threatprevention/7.5/admin/policies/actions/netscript.md b/docs/threatprevention/7.5/admin/policies/configuration/actions/netscript.md similarity index 99% rename from docs/threatprevention/7.5/admin/policies/actions/netscript.md rename to docs/threatprevention/7.5/admin/policies/configuration/actions/netscript.md index ab12ebdf3a..e9eb382aad 100644 --- a/docs/threatprevention/7.5/admin/policies/actions/netscript.md +++ b/docs/threatprevention/7.5/admin/policies/configuration/actions/netscript.md @@ -1,3 +1,9 @@ +--- +title: ".NET Script Actions" +description: ".NET Script Actions" +sidebar_position: 20 +--- + # .NET Script Actions A Visual Basic or C# script can be written and assigned to a policy by users or a Netwrix Engineer diff --git a/docs/threatprevention/7.5/admin/policies/configuration/actions/overview.md b/docs/threatprevention/7.5/admin/policies/configuration/actions/overview.md new file mode 100644 index 0000000000..e09223bf9d --- /dev/null +++ b/docs/threatprevention/7.5/admin/policies/configuration/actions/overview.md @@ -0,0 +1,150 @@ +--- +title: "Actions Tab" +description: "Actions Tab" +sidebar_position: 30 +--- + +# Actions Tab + +The Actions tab is for configuring various responses, or event consumers, to the event data a policy +captures. + +![Policies - Actions tab](/img/product_docs/threatprevention/7.5/admin/policies/actions/actionstab.webp) + +The following types of actions are available: + +- Send to Events DB – Logs events to the event database for reporting, using the built-in database + event consumer +- Send to SIEM – Sends formatted messages to a SIEM server as configured in a profile +- Send to Netwrix Threat Manager – Sends data for this policy to Netwrix Threat Manager, formerly + StealthDEFEND +- Email Notifications – Sends formatted email notifications to the selected message profile +- Add Custom Scripts + + - File Actions – Records the events to a log (text) file in XML or Comma Delimited (CSV) format + - .NET Script Actions – Runs a user‐supplied script that implements an automated action in + response to the event. Scripts can be written in Visual Basic or C# + - PowerShell 4.0 Actions – Runs a user-supplied PowerShell script that implements an automated + action in response to the event + +Multiple event consumers can be configured for a single policy, even multiple event consumers of the +same type. However, only one database event consumer can be added per policy. + +Actions are configured to run on a separate thread from the policy’s event processing thread. +Incoming events have a dedicated thread/queue for processing. Email notification has a dedicated +thread/queue for processing. Custom Script actions has a dedicated thread/queue for processing. This +allows the action to process without blocking new events from going into the database while the +action completes. + +You can enable or disable an action in any of the following ways: + +- Check or uncheck the Enabled checkbox for an action in the Action Configurations list +- On selecting an action in the Action Configurations list, its details are displayed on the Actions + tab. You can check or uncheck the Enabled checkbox for the action here. + +Save all changes made to a policy or a template before leaving the configuration interface. + +## Send to Events DB + +This is the primary action and is enabled by default in new policies. It saves the event data a +policy monitors and captures to the NVMonitorData database. Typically this option is only unchecked +by Netwrix Support during a troubleshooting session or when the only desired output is a file for an +alert. Reporting uses the events database. + +## Send to SIEM + +This action is added by selecting the desired SIEM profile to be the recipient of the SIEM +notifications from the drop-down menu. Only SIEM profiles previously created are available for +selection. This action can also be assigned on the +[SIEM Tab](/docs/threatprevention/7.5/admin/configuration/systemalerting/siem.md) of the System Alerting Window. + +All notifications sent to SIEM are also displayed on the +[SIEM Output Viewer](/docs/threatprevention/7.5/admin/configuration/siemoutputviewer.md) window. + +**NOTE:** To enable this feature, a Threat Prevention administrator must first establish a +connection with the SIEM server and configure the mapping file through the +[System Alerting Window](/docs/threatprevention/7.5/admin/configuration/systemalerting/overview.md). + +## Send to Netwrix Threat Manager + +This action can be checked to send event data for the policy to Netwrix Threat Manager. This is +specific to integration with a full version deployment of Netwrix Threat Manager. The Netwrix Threat +Manager Reporting Module uses the NVMonitorData database (Send to Events DB option) for reporting +purposes. + +**NOTE:** To enable this feature, the Web Request Action Module (Netwrix Threat Manager URI) must be +created and configured by a Threat Prevention administrator through the +[Event Sink Tab](/docs/threatprevention/7.5/admin/configuration/threatmanagerconfiguration.md#event-sink-tab) on the Netwrix +Threat Manager Configuration window. + +## Email Notifications + +**CAUTION:** Email notifications should not be used on highly active policies. Please reserve this +feature for policies where immediate notification of an event is needed. + +To enable email notifications, select the desired message profile to be recipient of the email +notifications from the drop-down menu. Only message profiles previously created are available for +selection. This action can also be assigned on the +[System Alerting Window](/docs/threatprevention/7.5/admin/configuration/systemalerting/overview.md). + +![Actions tab - Email Notifications section](/img/product_docs/threatprevention/7.5/admin/policies/actions/emailnotificationssetup.webp) + +Enable the Email Notifications checkbox, select a message profile and then choose to enable the +**Prevent Repeat Emails by** option. If enabled: + +- Select the radio button for either Policy or Subject: + + - Policy – Threat Prevention will send an email notification for the first event only, and skip + notifications for any other events captured by the same policy during the duration you specify + in the boxes below. + - Subject – Threat Prevention will send an email notification (say, Notification1) for the first + event only, and skip notifications for any other events whose email notification will have the + same subject line as Notification1. It will skip sending notifications for the duration you + specify in the boxes below. Note that the subject line is configured within the message + profile. + +- Set the duration (in minutes or hours) for which emails notifications are skipped after an email + is sent for a policy/subject line. + +Example: + +In the following example, let’s assume you have the following settings for Prevent Repeat Emails by: + +- Option selected: Policy +- Duration set: 5 minutes + +In a situation where Threat Prevention captures 15 events in 5 minutes against a policy, an email +notification will be sent in real time for the first event only. The remaining events will be logged +in the application but email notifications will not be generated. + +Two hours later, when another event is captured against that same policy, Threat Prevention will +send an email notification for it. If more events are captured within the next five minutes, email +notifications will not be generated. + +**NOTE:** To enable email notifications, the SMTP gateway must first be configured and message +profiles created by a Threat Prevention  administrator, which is done through the +[System Alerting Window](/docs/threatprevention/7.5/admin/configuration/systemalerting/overview.md). + +## Custom Scripts + +In the Actions Configurations area at the top of the tab, assigned File, .NET Script, or PowerShell +4.0 actions are listed with their name, type, description, and whether they are enabled or disabled. + +- Click **Add** (+) to open the Add Action window. Choose the type of action and configure the + script. +- Use the Remove (x) button to delete a custom script action from a policy. + +See the following topics for additional information: + +- [File Actions](/docs/threatprevention/7.5/admin/policies/configuration/actions/file.md) +- [.NET Script Actions](/docs/threatprevention/7.5/admin/policies/configuration/actions/netscript.md) + + - Optionally, custom scripts can be provided through a Netwrix Statement of Work. + +- [PowerShell 4.0 Actions](/docs/threatprevention/7.5/admin/policies/configuration/actions/powershell.md) + + - Optionally, custom scripts can be provided through a Netwrix Statement of Work. + +**NOTE:** There are custom scripts created by Netwrix Engineers that execute the notification +emails. See the [Custom Scripts](/docs/threatprevention/7.5/admin/templates/folder/actions/actions.md#custom-scripts) topic for +additional information. diff --git a/docs/threatprevention/7.5/admin/policies/actions/powershell.md b/docs/threatprevention/7.5/admin/policies/configuration/actions/powershell.md similarity index 96% rename from docs/threatprevention/7.5/admin/policies/actions/powershell.md rename to docs/threatprevention/7.5/admin/policies/configuration/actions/powershell.md index 792229933b..1d1d95dcd3 100644 --- a/docs/threatprevention/7.5/admin/policies/actions/powershell.md +++ b/docs/threatprevention/7.5/admin/policies/configuration/actions/powershell.md @@ -1,3 +1,9 @@ +--- +title: "PowerShell 4.0 Actions" +description: "PowerShell 4.0 Actions" +sidebar_position: 30 +--- + # PowerShell 4.0 Actions A PowerShell 4.0 script can be written and assigned to a policy by Threat Prevention users or a @@ -25,7 +31,7 @@ Follow the steps to add a PowerShell 4.0 action to a policy/template. ![Script Editor for PowerShell Scripts](/img/product_docs/threatprevention/7.5/admin/policies/actions/scripteditorforps.webp) **Step 4 –** Create or copy/paste the custom script in the Threat Prevention Script Editor. See the -[Threat Prevention Script Editor Tools](/docs/threatprevention/7.5/admin/policies/actions/netscript.md#threat-prevention-script-editor-tools) topic +[Threat Prevention Script Editor Tools](/docs/threatprevention/7.5/admin/policies/configuration/actions/netscript.md#threat-prevention-script-editor-tools) topic for additional information, i.e. Run for testing and Encrypt functionality. See the Default PowerShell 4.0 Script topic for the default custom script. Save and close. diff --git a/docs/threatprevention/7.5/admin/policies/configuration/configuration.md b/docs/threatprevention/7.5/admin/policies/configuration/configuration.md new file mode 100644 index 0000000000..a885c172e9 --- /dev/null +++ b/docs/threatprevention/7.5/admin/policies/configuration/configuration.md @@ -0,0 +1,26 @@ +--- +title: "Policy Configuration" +description: "Policy Configuration" +sidebar_position: 20 +--- + +# Policy Configuration + +A Threat Prevention policy has many elements that define the objects and events it monitors or +blocks, where it looks in networks, and when it is active. These policy attributes are organized +into the following major components: + +- [General Tab](/docs/threatprevention/7.5/admin/policies/configuration/general.md) +- [Event Type Tab](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/overview.md) +- [Actions Tab](/docs/threatprevention/7.5/admin/policies/configuration/actions/overview.md) (Event Consumers) + +Each major component has its own tabbed view. A policy requires at least the General tab and Event +Type tab to be configured before it properly functions. The Actions tab is optional. + +The [Recent Events Tab](/docs/threatprevention/7.5/admin/policies/configuration/recentevents/overview.md) provides information on the events that have been +recently monitored or blocked by the respective policy. These events are also available on the +[Investigate Interface](/docs/threatprevention/7.5/admin/investigate/overview.md). + +Through a PowerShell API integration, it is possible to create, edit, delete, and enable policies +without opening the Administration Console. See the +[PowerShell API Integration](/docs/threatprevention/7.5/api/overview.md) topic for additional information. diff --git a/docs/threatprevention/7.5/admin/policies/configuration/eventtype/_category_.json b/docs/threatprevention/7.5/admin/policies/configuration/eventtype/_category_.json new file mode 100644 index 0000000000..6f30592459 --- /dev/null +++ b/docs/threatprevention/7.5/admin/policies/configuration/eventtype/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Event Type Tab", + "position": 20, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/threatprevention/7.5/admin/policies/configuration/eventtype/activedirectorychanges.md b/docs/threatprevention/7.5/admin/policies/configuration/eventtype/activedirectorychanges.md new file mode 100644 index 0000000000..3d218100d8 --- /dev/null +++ b/docs/threatprevention/7.5/admin/policies/configuration/eventtype/activedirectorychanges.md @@ -0,0 +1,388 @@ +--- +title: "Active Directory Changes Event Type" +description: "Active Directory Changes Event Type" +sidebar_position: 10 +--- + +# Active Directory Changes Event Type + +The Active Directory Changes event type can be configured to generate an event when an Active +Directory object or attribute is changed (add, delete, modify, move, rename). + +The event filters for the Active Directory Changes event type are: + +- AD Event +- Domains/Servers +- AD Context +- AD Classes +- AD Attributes +- AD Objects +- AD Perpetrator +- IP Addresses (from) +- Hosts (from) +- Success +- Advanced Filter + +![Policy window - Active Directory Changes Event Type](/img/product_docs/threatprevention/7.5/admin/policies/eventtype/adchanges.webp) + +Each filter tab acts like an "AND" statement for the filter. Any filter tab left blank is treated +like an "ALL" for that filter set. + +## AD Event Filter + +Use the AD Event filter to select Active Directory events to be monitored or locked down by the +policy. + +![Policy window - AD Event filter](/img/product_docs/threatprevention/7.5/admin/policies/eventtype/adevent.webp) + +Check the **All** box to monitor or lockdown all operations, or select specific operations: + +- Object Added – The policy monitors for objects being added to Active Directory +- Object Deleted – The policy monitors for objects being deleted from Active Directory +- Object Modified – The policy monitors for Active Directory objects being modified +- Object Moved or Renamed – The policy monitors for Active Directory objects being moved or renamed + +If applied to a Lockdown Event Type, the policy both monitors and lockdowns the objects based on the +selection. + +## Domains/Servers Filter + +Use the Domains/Servers filter to set the scope of the policy to specific domains and/or servers or +to exclude specific domains and/or servers. + +![Event Type - Domains/Servers Monitoring filter](/img/product_docs/threatprevention/7.5/admin/policies/eventtype/domainsserversmonitoring.webp) + +Use the buttons in the Include and Exclude areas to edit the lists. + +- The Add (+) buttons open the [Select Domains and Servers Window](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/selectdomainsservers.md). +- The Collection button opens the + [List of Collections Window](/docs/threatprevention/7.5/admin/configuration/collectionmanager/listcollections.md) to the + appropriate Collection category. +- The Remove (x) button deletes the selected item(s) from that box. + +**NOTE:** To enable a Dynamic Policy, use the Collection button to select the desired Dynamic +Collection. See the [Dynamic Collections](/docs/threatprevention/7.5/admin/configuration/collectionmanager/dynamic.md) topic +for additional information. + +## AD Context Filter + +Use the AD Context filter to set the scope of the policy to only monitor specific contexts (e.g. +containers and organizational units) in Active Directory or to exclude specific contexts from being +monitored. + +![Policy window - AD Context filter](/img/product_docs/threatprevention/7.5/admin/policies/eventtype/adcontext.webp) + +Use the buttons in the Include Contexts, Include Collections, Exclude Contexts, and Exclude +Collections areas to edit the lists. + +- The Context Add (+) button opens the + [Select Active Directory Contexts Window](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/context.md). +- The Collection button opens the + [List of Collections Window](/docs/threatprevention/7.5/admin/configuration/collectionmanager/listcollections.md) to the + appropriate Collection category. +- The Remove (x) button deletes the selected item(s) from that box. + +Sub Tree + +![Sub-Tree option in event type filters](/img/product_docs/threatprevention/7.5/admin/policies/eventtype/subtree.webp) + +When contexts are added, a Sub-Tree checkbox displays. Check it to apply the filter to the parent +and all child contexts. Uncheck it to apply the filter to the listed context only. + +## AD Classes Filter + +Use the AD Classes filter to set the scope of the policy to only monitor specific classes within +Active Directory or to exclude specific classes from being monitored. + +![Policy window - AD Classes filter](/img/product_docs/threatprevention/7.5/admin/policies/eventtype/adclasses.webp) + +Use the buttons in the Include and Exclude areas to edit the lists. + +- The Add (+) buttons open the [Class List Window](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/classlist.md). +- The Collection button opens the + [List of Collections Window](/docs/threatprevention/7.5/admin/configuration/collectionmanager/listcollections.md) to the + appropriate Collection category. +- The Remove (x) button deletes the selected item(s) from that box. + +## AD Attributes Filter + +Use the AD Attributes filter to set the scope of the policy to only monitor specific Active +Directory attributes or to exclude specific attributes from being monitored. + +![Policy window - AD Attributes filter](/img/product_docs/threatprevention/7.5/admin/policies/eventtype/adattributes.webp) + +Use the buttons in the Include Attributes, Include Collections, Exclude Attributes, and Exclude +Collections areas to edit the lists. + +- The Attributes Add (+) button opens the [Attribute List Window](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/attributelist.md). +- The Collection button opens the + [List of Collections Window](/docs/threatprevention/7.5/admin/configuration/collectionmanager/listcollections.md) to the + appropriate Collection category. +- The Remove (x) button deletes the selected item(s) from that box. + +Attribute, Operator and Value + +When an attribute is selected, it is added to the filter and a drop-down menu is displayed in the +Operation column with **Any Value** selected. You can further scope the attributes to enable the +policy to only capture events based on the new value. Use the Operation and Value columns of the +Include Attributes and Exclude Attributes boxes to achieve this. + +The Operation drop-down menu has the following options: + +- Any Value – No scoping applied for this attribute +- (empty value) – Blank attribute values +- Equal – Attribute values that are identical to the Value field +- Not Equal – Attribute values that do not match the Value field +- Less Than – Attribute values below the numeric value or before the alphabetical value supplied in + the Value field +- Greater Than – Attribute values above the numeric value or after the alphabetical value supplied + in the Value field +- Contains – Attribute value includes the user supplied string (numbers are treated as strings) in + the Value field +- Not Contain – Attribute values do not include the user supplied string (numbers are treated as + strings) in the Value field +- Starts with – Attribute values start with the user supplied string in the Value field + +Select an **Operation** and type a value in the textbox. The value may include alphanumeric +characters, string type, or dates. Only one value is supported; do not specify multiple values for +the attribute. Also the Value field is not case sensitive. + +When you select another attribute, a new row is added, where you can specify an operator and a value +for that attribute. Each row is treated as an “OR” statement. If any event matches any of the +attribute filters, then the event data includes all attributes in the list. + +**NOTE:** You cannot specify more than one value for an attribute and you cannot select the same +attribute twice. To use the same attribute again, you have to add the same event type again to the +policy, select that event type and then select a previously used attribute to include in the Add +Attributes filter. + +When the userAccountControl attribute is included or excluded in the filter, selecting the Any Value +dropdown opens the [User Account Control Window](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/useraccountcontrol.md) with additional UAC +flags to add to the filter. + +## AD Objects Filter + +Use the AD Objects filter to set the scope of the policy to only monitor specific objects in Active +Directory or to exclude specific objects from being monitored. + +![Policy window - AD Objects filter](/img/product_docs/threatprevention/7.5/admin/policies/eventtype/adobjects.webp) + +Use the buttons in the Include and Exclude areas to edit the lists. + +- The Add (+) buttons open the + [Select Active Directory Objects Window](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/objects.md). +- The Collection button opens the + [List of Collections Window](/docs/threatprevention/7.5/admin/configuration/collectionmanager/listcollections.md) to the + appropriate Collection category. +- The Remove (x) button deletes the selected item(s) from that box. + +**NOTE:** To enable a Dynamic Policy, use the Collection button to select the desired Dynamic +Collection. See the [Dynamic Collections](/docs/threatprevention/7.5/admin/configuration/collectionmanager/dynamic.md) topic +for additional information. + +## AD Perpetrator Filter + +Use the AD Perpetrator filter for monitoring to set the scope of the policy to only monitor specific +security principals committing changes or to exclude specific security principals committing changes +from being monitored. + +![Event Type - AD Perpetrator Monitoring filter](/img/product_docs/threatprevention/7.5/admin/policies/eventtype/adperpetratormonitoring.webp) + +Use the buttons in the Include Perpetrators, Include Collections, Exclude Perpetrators, and Exclude +Collections areas to edit the lists. + +- The Perpetrators Add (+) button opens the + [Select Active Directory Perpetrators Window](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/perpetrators.md). +- The Collection button opens the + [List of Collections Window](/docs/threatprevention/7.5/admin/configuration/collectionmanager/listcollections.md) to the + appropriate Collection category. +- The Remove (x) button deletes the selected item(s) from that box. + +**NOTE:** To enable a Dynamic Policy, use the Collection button to select the desired Dynamic +Collection. See the [Dynamic Collections](/docs/threatprevention/7.5/admin/configuration/collectionmanager/dynamic.md) topic +for additional information. + +Sub Tree + +![Sub-Tree option in event type filters](/img/product_docs/threatprevention/7.5/admin/policies/eventtype/subtree.webp) + +When contexts are added, a Sub-Tree checkbox displays. Check it to apply the filter to the parent +and all child contexts. Uncheck it to apply the filter to the listed context only. + +## IP Addresses (from) Filter + +Use the IP Addresses (from) filter to set the scope of the policy to specific IP addresses as +originators of an event or to exclude specific IP addresses. + +![Event Type – IP Addresses (from) filter](/img/product_docs/threatprevention/7.5/admin/policies/eventtype/ipaddressesfrom.webp) + +Use the buttons in the Include IP Addresses, Include Collections, Exclude IP Addresses, and Exclude +Collections areas to edit the lists. + +- The IP Addresses Add (+) button opens the [Add IP Address Window](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/addipaddress.md). +- The Collection button opens the + [List of Collections Window](/docs/threatprevention/7.5/admin/configuration/collectionmanager/listcollections.md) to the + appropriate Collection category. +- The Remove (x) button deletes the selected item(s) from that box. + +**NOTE:** To enable a Dynamic Policy, use the Collection button to select the desired Dynamic +Collection. See the [Dynamic Collections](/docs/threatprevention/7.5/admin/configuration/collectionmanager/dynamic.md) topic +for additional information. + +## Hosts (from) Filter + +Use the Hosts (from) filter for monitoring to set the scope of the policy to only monitor specific +hosts as originators of an event or to exclude specific hosts from being monitored. + +![Event Type – Hosts (from) filter](/img/product_docs/threatprevention/7.5/admin/policies/eventtype/hostsfrom.webp) + +Use the buttons in the Include Hosts, Include Collections, Exclude Hosts, and Exclude Collections +areas to edit the lists. + +- The Hosts Add (+) button opens the [Select Computer Window](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/selectcomputers.md). +- The Collection button opens the + [List of Collections Window](/docs/threatprevention/7.5/admin/configuration/collectionmanager/listcollections.md) to the + appropriate Collection category. +- The Remove (x) button deletes the selected item(s) from that box. + +**NOTE:** To enable a Dynamic Policy, use the Collection button to select the desired Dynamic +Collection. See the [Dynamic Collections](/docs/threatprevention/7.5/admin/configuration/collectionmanager/dynamic.md) topic +for additional information. + +## Success Filter + +The Success filter is where the policy is set to only monitor successful events, failed events, or +both. + +![Event Type – Success filter](/img/product_docs/threatprevention/7.5/admin/policies/eventtype/success.webp) + +Select the radio button for the desired monitoring filter: + +- Success – Only monitors successful events +- Failure – Only monitors failed events +- Both Success and Failure – Monitors all events that are within the scope of the respective filters + for the event type + +## Advanced Filter + +Use the Advanced Filter to include or exclude attribute conditions for monitoring Active Directory +changes. + +![AD Changes event type - Advanced Filter](/img/product_docs/threatprevention/7.5/admin/policies/eventtype/advancedadchanges.webp) + +You can define a criteria (filter statements) to monitor event data based on event data values or +event attribute values or both. + +Filter statements can be added to the Include condition and Exclude condition boxes. The filter uses +pre-defined logical and comparison operators to create filter criteria for the scan. You can add +conditions to a filter statement. Conditions can be singular or grouped by a logical operator. + +In the screenshot above, the Exclude condition box displays singular conditions while the Include +condition box displays conditions grouped by logical operators. + +Logical Operator + +The logical operator is displayed as left aligned red text. To change the logical operator, click on +it to open a menu with the following options: + +- And +- Or +- Not And +- Not Or + +Add icon (+) + +To add a filter (condition) to the filter statement or to start a new group of filters, click the +**Add** (+) icon. Then select: + +- Add Condition – Adds a conditions to the filter statement +- Add Group – Adds a group with a conditions and a logical operator to the filter statement + +A new row is inserted that displays an event data drop-down menu, a comparison operator, and a Value +box. + +Event Data Selection + +The Event Data drop-down menu is displayed in orange. it contains a list of all the fields that can +be part of an event. Click it to select an event name. Your selection is displayed in orange text in +the box below. + +The “Attributes: New” and “Attributes: Old” options are special cases discussed below in detail. + +Comparison Operator + +The comparison operator drop-down menu is displayed in blue. To change it, click on it to open a +menu with options that associate with the selected event data field. + +If you have selected the “Attributes: New” or “Attributes: Old” option in the Event Data drop-down +menu, then only the following comparison operators are available: + +- ContainsValue +- DoesNotContainValue +- EqualsValue +- StartsWithValue +- EndsWithValue + +Your selected comparison operator is displayed in blue text in the box below. + +Value + +The value box is displayed in green. Click in it to type a value, then press Enter. The value is +displayed in green text in the box below. + +**NOTE:** The Value box only accepts a single string except when the “Attributes: New” or +“Attributes: Old” option is selected in the Event Data drop-down menu. + +In case of “Attributes: New” and “Attributes: Old”, type three comma separated values (parameters) +in the Value box in the following format: + +%name%,%suboperation%,%value% +(White space is not allowed between the comma and the argument, unless white space is part of the +argument.) + +where: + +- %name% – The attribute name, for example 'member' (case insensitive) +- %suboperation% – Attribute sub-operation, which can be Add Attribute, Add Value, Remove Attribute, + Remove Value, or Change Attribute (case insensitive) +- %value% – The attribute value (case insensitive) + +All the parameters are optional and only evaluated if non-empty. This means that you can select +attributes either only by %name% or %suboperation% or %value% or by combination of +%name%/%suboperation%/%value%. + +If %value% is not specified, all the functions behave in the same way because they implement the +same logic for %name% / %suboperation% comparison. The difference is applicable only when %value% is +specified. + +Following is how the comparison operator (displayed in blue) works with %value%: + +- ContainsValue – matches if an attribute has any value containing %value% +- DoesNotContainValue – matches if an attribute does not have any value containing %value% +- EqualsValue – matches if an attribute has any value equal to %value% +- StartsWithValue – matches if an attribute has any value starting with %value% +- EndsWithValue – matches if an attribute has any value ending with %value% + +Examples of how the comparison operator (displayed in blue) works with Value + +| Comparison Operator | Value (%name%,%suboperation%,%value%) | Outcome | +| ------------------- | ------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------- | +| ContainsValue | description,Change Attribute,testdescription | Matches any attribute where: - name is 'description' - operation is 'Change Attribute' - value contains 'testdescription' | +| ContainsValue | ,Change Attribute,testdescription | Matches any attribute where: - operation is 'Change Attribute' - value contains 'testdescription' | +| ContainsValue | description,,testdescription | Matches any attribute where: - name is 'description' - value contains 'testdescription' | +| ContainsValue | ,,testdescription | Matches any attribute where: - value contains 'testdescription' | +| ContainsValue | description OR description, OR description,, | Matches any attribute where: - name is 'description' | +| ContainsValue | description,Change Attribute OR description,Change Attribute, | Matches any attribute where: - name is 'description' - operation is 'Change Attribute' | + +Example of a filter statement with "Attribute New" + +Following is an example of a filter statement defined in the Include condition box with the +"Attribute New" option. + +![Example of an advanced filter](/img/product_docs/threatprevention/7.5/admin/policies/eventtype/filterstatement.webp) + +````And +[Attributes: New] [StartsWithValue] [telephoneNumber, change attribute, (555)]``` + +This filter statement would only generate an event if an object's telephoneNumber attribute is changed and the new value starts with (555), rather than generating an event every time the telephone number is changed. +```` diff --git a/docs/threatprevention/7.5/admin/policies/eventtype/activedirectorylockdown.md b/docs/threatprevention/7.5/admin/policies/configuration/eventtype/activedirectorylockdown.md similarity index 90% rename from docs/threatprevention/7.5/admin/policies/eventtype/activedirectorylockdown.md rename to docs/threatprevention/7.5/admin/policies/configuration/eventtype/activedirectorylockdown.md index 1206d5f39f..470c95da7b 100644 --- a/docs/threatprevention/7.5/admin/policies/eventtype/activedirectorylockdown.md +++ b/docs/threatprevention/7.5/admin/policies/configuration/eventtype/activedirectorylockdown.md @@ -1,3 +1,9 @@ +--- +title: "Active Directory Lockdown Event Type" +description: "Active Directory Lockdown Event Type" +sidebar_position: 20 +--- + # Active Directory Lockdown Event Type Based on policy rules, the Active Directory Lockdown event type can prevent a change in Active @@ -53,12 +59,12 @@ Use the buttons in the Objects and Containers, Collections of Objects and Contai areas to edit the lists. - Objects and Containers area – The Add (+) button opens the - [Select Active Directory Contexts Window](/docs/threatprevention/7.5/admin/policies/eventtype/window/selectactivedirectory/context.md). + [Select Active Directory Contexts Window](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/context.md). - Collection of Objects and Containers area – The Collection button opens the [List of Collections Window](/docs/threatprevention/7.5/admin/configuration/collectionmanager/listcollections.md) to the appropriate Collection category. - GUIDs area – The Add (+) button opens the - [Select Active Directory Contexts Window](/docs/threatprevention/7.5/admin/policies/eventtype/window/selectactivedirectory/context.md). + [Select Active Directory Contexts Window](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/context.md). - The Remove (x) button deletes the selected item(s) from that box. **NOTE:** To enable a Dynamic Policy, use the Collection button to select the desired Dynamic @@ -92,9 +98,9 @@ Select the **Block** or **Allow** option button and then edit the list. Use the buttons in the Classes and Attributes areas to edit the lists. -- Classes area – The Add (+) buttons open the [Class List Window](/docs/threatprevention/7.5/admin/policies/eventtype/window/classlist.md). +- Classes area – The Add (+) buttons open the [Class List Window](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/classlist.md). - Attributes area – The Attributes Add (+) button opens the - [Attribute List Window](/docs/threatprevention/7.5/admin/policies/eventtype/window/attributelist.md). + [Attribute List Window](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/attributelist.md). - The Collection button opens the [List of Collections Window](/docs/threatprevention/7.5/admin/configuration/collectionmanager/listcollections.md) to the appropriate Collection category. @@ -114,14 +120,14 @@ from being locked down. Select the **Block** or **Allow** option button and then edit the list. -**NOTE:** For the [Password Enforcement Event Type](/docs/threatprevention/7.5/admin/policies/eventtype/passwordenforcement.md), selecting **Allow** +**NOTE:** For the [Password Enforcement Event Type](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/passwordenforcement/passwordenforcement.md), selecting **Allow** means that this policy will not validate the new passwords for the accounts listed here. Selecting **Block** means that this policy will validate the new passwords for the accounts listed here. Use the buttons in the Perpetrators and Collections of Perpetrators areas to edit the lists. - Perpetrators area – The Add (+) button opens the - [Select Active Directory Perpetrators Window](/docs/threatprevention/7.5/admin/policies/eventtype/window/selectactivedirectory/perpetrators.md). + [Select Active Directory Perpetrators Window](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/perpetrators.md). - Collections of Perpetrators area - The Collection button opens the [List of Collections Window](/docs/threatprevention/7.5/admin/configuration/collectionmanager/listcollections.md) to the appropriate Collection category. @@ -140,15 +146,15 @@ hosts as originators of an event. Select the **Block** or **Allow** option button and then edit the list. -- For the [Password Enforcement Event Type](/docs/threatprevention/7.5/admin/policies/eventtype/passwordenforcement.md), selecting **Allow** means that +- For the [Password Enforcement Event Type](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/passwordenforcement/passwordenforcement.md), selecting **Allow** means that this policy will not validate the new passwords for the accounts listed here. Selecting **Block** means that this policy will validate the new passwords for the accounts listed here. -- For the [Authentication Lockdown Event Type](/docs/threatprevention/7.5/admin/policies/eventtype/authenticationlockdown.md), this filter blocks or +- For the [Authentication Lockdown Event Type](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/authenticationlockdown.md), this filter blocks or only allows authentication from the identified host(s). Use the buttons in the Include Hosts area to edit the list. -- The Hosts Add (+) button opens the [Select Computer Window](/docs/threatprevention/7.5/admin/policies/eventtype/window/selectcomputers.md). +- The Hosts Add (+) button opens the [Select Computer Window](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/selectcomputers.md). - The Remove (x) button deletes the selected item(s) from that box. ## User Account Control Filter diff --git a/docs/threatprevention/7.5/admin/policies/eventtype/activedirectoryreadmonitoring.md b/docs/threatprevention/7.5/admin/policies/configuration/eventtype/activedirectoryreadmonitoring.md similarity index 92% rename from docs/threatprevention/7.5/admin/policies/eventtype/activedirectoryreadmonitoring.md rename to docs/threatprevention/7.5/admin/policies/configuration/eventtype/activedirectoryreadmonitoring.md index 66aaf3510e..a929cda3d3 100644 --- a/docs/threatprevention/7.5/admin/policies/eventtype/activedirectoryreadmonitoring.md +++ b/docs/threatprevention/7.5/admin/policies/configuration/eventtype/activedirectoryreadmonitoring.md @@ -1,3 +1,9 @@ +--- +title: "Active Directory Read Monitoring Event Type" +description: "Active Directory Read Monitoring Event Type" +sidebar_position: 30 +--- + # Active Directory Read Monitoring Event Type The Active Directory Read Monitoring event type reports on a user's accessing or reading specific @@ -34,7 +40,7 @@ to exclude specific domains and/or servers. Use the buttons in the Include and Exclude areas to edit the lists. -- The Add (+) buttons open the [Select Domains and Servers Window](/docs/threatprevention/7.5/admin/policies/eventtype/window/selectdomainsservers.md). +- The Add (+) buttons open the [Select Domains and Servers Window](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/selectdomainsservers.md). - The Collection button opens the [List of Collections Window](/docs/threatprevention/7.5/admin/configuration/collectionmanager/listcollections.md) to the appropriate Collection category. @@ -53,7 +59,7 @@ Active Directory or to exclude specific classes from being monitored. Use the buttons in the Include and Exclude areas to edit the lists. -- The Add (+) buttons open the [Class List Window](/docs/threatprevention/7.5/admin/policies/eventtype/window/classlist.md). +- The Add (+) buttons open the [Class List Window](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/classlist.md). - The Collection button opens the [List of Collections Window](/docs/threatprevention/7.5/admin/configuration/collectionmanager/listcollections.md) to the appropriate Collection category. @@ -69,7 +75,7 @@ Directory or to exclude specific objects from being monitored. Use the buttons in the Include and Exclude areas to edit the lists. - The Add (+) buttons open the - [Select Active Directory Objects Window](/docs/threatprevention/7.5/admin/policies/eventtype/window/selectactivedirectory/objects.md). + [Select Active Directory Objects Window](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/objects.md). - The Collection button opens the [List of Collections Window](/docs/threatprevention/7.5/admin/configuration/collectionmanager/listcollections.md) to the appropriate Collection category. @@ -91,7 +97,7 @@ Use the buttons in the Include Contexts, Include Collections, Exclude Contexts, Collections areas to edit the lists. - The Context Add (+) button opens the - [Select Active Directory Contexts Window](/docs/threatprevention/7.5/admin/policies/eventtype/window/selectactivedirectory/context.md). + [Select Active Directory Contexts Window](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/context.md). - The Collection button opens the [List of Collections Window](/docs/threatprevention/7.5/admin/configuration/collectionmanager/listcollections.md) to the appropriate Collection category. @@ -116,7 +122,7 @@ Use the buttons in the Include Perpetrators, Include Collections, Exclude Perpet Collections areas to edit the lists. - The Perpetrators Add (+) button opens the - [Select Active Directory Perpetrators Window](/docs/threatprevention/7.5/admin/policies/eventtype/window/selectactivedirectory/perpetrators.md). + [Select Active Directory Perpetrators Window](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/perpetrators.md). - The Collection button opens the [List of Collections Window](/docs/threatprevention/7.5/admin/configuration/collectionmanager/listcollections.md) to the appropriate Collection category. @@ -142,7 +148,7 @@ Directory attributes or to exclude specific attributes from being monitored. Use the buttons in the Include and Exclude areas to edit the lists. -- The Attributes Add (+) button opens the [Attribute List Window](/docs/threatprevention/7.5/admin/policies/eventtype/window/attributelist.md). +- The Attributes Add (+) button opens the [Attribute List Window](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/attributelist.md). - The Collection button opens the [List of Collections Window](/docs/threatprevention/7.5/admin/configuration/collectionmanager/listcollections.md) to the appropriate Collection category. @@ -158,7 +164,7 @@ hosts as originators of an event or to exclude specific hosts from being monitor Use the buttons in the Include Hosts, Include Collections, Exclude Hosts, and Exclude Collections areas to edit the lists. -- The Hosts Add (+) button opens the [Select Computer Window](/docs/threatprevention/7.5/admin/policies/eventtype/window/selectcomputers.md). +- The Hosts Add (+) button opens the [Select Computer Window](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/selectcomputers.md). - The Collection button opens the [List of Collections Window](/docs/threatprevention/7.5/admin/configuration/collectionmanager/listcollections.md) to the appropriate Collection category. diff --git a/docs/threatprevention/7.5/admin/policies/eventtype/adreplicationlockdown.md b/docs/threatprevention/7.5/admin/policies/configuration/eventtype/adreplicationlockdown.md similarity index 93% rename from docs/threatprevention/7.5/admin/policies/eventtype/adreplicationlockdown.md rename to docs/threatprevention/7.5/admin/policies/configuration/eventtype/adreplicationlockdown.md index 2d46e2818e..6479659ab8 100644 --- a/docs/threatprevention/7.5/admin/policies/eventtype/adreplicationlockdown.md +++ b/docs/threatprevention/7.5/admin/policies/configuration/eventtype/adreplicationlockdown.md @@ -1,3 +1,9 @@ +--- +title: "AD Replication Lockdown Event Type" +description: "AD Replication Lockdown Event Type" +sidebar_position: 50 +--- + # AD Replication Lockdown Event Type The primary use case of the AD Replication Lockdown event type is to prevent non-domain controllers @@ -58,14 +64,14 @@ from being locked down. Select the **Block** or **Allow** option button and then edit the list. -**NOTE:** For the [Password Enforcement Event Type](/docs/threatprevention/7.5/admin/policies/eventtype/passwordenforcement.md), selecting **Allow** +**NOTE:** For the [Password Enforcement Event Type](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/passwordenforcement/passwordenforcement.md), selecting **Allow** means that this policy will not validate the new passwords for the accounts listed here. Selecting **Block** means that this policy will validate the new passwords for the accounts listed here. Use the buttons in the Perpetrators and Collections of Perpetrators areas to edit the lists. - Perpetrators area – The Add (+) button opens the - [Select Active Directory Perpetrators Window](/docs/threatprevention/7.5/admin/policies/eventtype/window/selectactivedirectory/perpetrators.md). + [Select Active Directory Perpetrators Window](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/perpetrators.md). - Collections of Perpetrators area - The Collection button opens the [List of Collections Window](/docs/threatprevention/7.5/admin/configuration/collectionmanager/listcollections.md) to the appropriate Collection category. @@ -105,7 +111,7 @@ to exclude specific domains and/or servers. Use the buttons in the Include and Exclude areas to edit the lists. -- The Add (+) buttons open the [Select Domains and Servers Window](/docs/threatprevention/7.5/admin/policies/eventtype/window/selectdomainsservers.md). +- The Add (+) buttons open the [Select Domains and Servers Window](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/selectdomainsservers.md). - The Collection button opens the [List of Collections Window](/docs/threatprevention/7.5/admin/configuration/collectionmanager/listcollections.md) to the appropriate Collection category. @@ -126,7 +132,7 @@ Select the **Block** or **Allow** option button and then edit the list. Use the buttons in the Include Hosts and Include Collections areas to edit the lists. -- The Hosts Add (+) button opens the [Select Computer Window](/docs/threatprevention/7.5/admin/policies/eventtype/window/selectcomputers.md). +- The Hosts Add (+) button opens the [Select Computer Window](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/selectcomputers.md). - The Collection button opens the [List of Collections Window](/docs/threatprevention/7.5/admin/configuration/collectionmanager/listcollections.md) to the appropriate Collection category. diff --git a/docs/threatprevention/7.5/admin/policies/eventtype/adreplicationmonitoring.md b/docs/threatprevention/7.5/admin/policies/configuration/eventtype/adreplicationmonitoring.md similarity index 94% rename from docs/threatprevention/7.5/admin/policies/eventtype/adreplicationmonitoring.md rename to docs/threatprevention/7.5/admin/policies/configuration/eventtype/adreplicationmonitoring.md index c882dd6271..6127502cc0 100644 --- a/docs/threatprevention/7.5/admin/policies/eventtype/adreplicationmonitoring.md +++ b/docs/threatprevention/7.5/admin/policies/configuration/eventtype/adreplicationmonitoring.md @@ -1,3 +1,9 @@ +--- +title: "AD Replication Monitoring Event Type" +description: "AD Replication Monitoring Event Type" +sidebar_position: 40 +--- + # AD Replication Monitoring Event Type The AD Replication Monitoring event type monitors domain controller syncing/replication. The primary @@ -60,7 +66,7 @@ Use the buttons in the Include Perpetrators, Include Collections, Exclude Perpet Collections areas to edit the lists. - The Perpetrators Add (+) button opens the - [Select Active Directory Perpetrators Window](/docs/threatprevention/7.5/admin/policies/eventtype/window/selectactivedirectory/perpetrators.md). + [Select Active Directory Perpetrators Window](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/perpetrators.md). - The Collection button opens the [List of Collections Window](/docs/threatprevention/7.5/admin/configuration/collectionmanager/listcollections.md) to the appropriate Collection category. @@ -107,7 +113,7 @@ to exclude specific domains and/or servers. Use the buttons in the Include and Exclude areas to edit the lists. -- The Add (+) buttons open the [Select Domains and Servers Window](/docs/threatprevention/7.5/admin/policies/eventtype/window/selectdomainsservers.md). +- The Add (+) buttons open the [Select Domains and Servers Window](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/selectdomainsservers.md). - The Collection button opens the [List of Collections Window](/docs/threatprevention/7.5/admin/configuration/collectionmanager/listcollections.md) to the appropriate Collection category. @@ -127,7 +133,7 @@ hosts as originators of an event or to exclude specific hosts from being monitor Use the buttons in the Include Hosts, Include Collections, Exclude Hosts, and Exclude Collections areas to edit the lists. -- The Hosts Add (+) button opens the [Select Computer Window](/docs/threatprevention/7.5/admin/policies/eventtype/window/selectcomputers.md). +- The Hosts Add (+) button opens the [Select Computer Window](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/selectcomputers.md). - The Collection button opens the [List of Collections Window](/docs/threatprevention/7.5/admin/configuration/collectionmanager/listcollections.md) to the appropriate Collection category. diff --git a/docs/threatprevention/7.5/admin/policies/eventtype/authenticationlockdown.md b/docs/threatprevention/7.5/admin/policies/configuration/eventtype/authenticationlockdown.md similarity index 91% rename from docs/threatprevention/7.5/admin/policies/eventtype/authenticationlockdown.md rename to docs/threatprevention/7.5/admin/policies/configuration/eventtype/authenticationlockdown.md index 45f4291712..b82c2c6764 100644 --- a/docs/threatprevention/7.5/admin/policies/eventtype/authenticationlockdown.md +++ b/docs/threatprevention/7.5/admin/policies/configuration/eventtype/authenticationlockdown.md @@ -1,3 +1,9 @@ +--- +title: "Authentication Lockdown Event Type" +description: "Authentication Lockdown Event Type" +sidebar_position: 70 +--- + # Authentication Lockdown Event Type Based on policy rules, the Authentication Lockdown event type can block specific Kerberos, TGT, TGS @@ -76,14 +82,14 @@ from being locked down. Select the **Block** or **Allow** option button and then edit the list. -**NOTE:** For the [Password Enforcement Event Type](/docs/threatprevention/7.5/admin/policies/eventtype/passwordenforcement.md), selecting **Allow** +**NOTE:** For the [Password Enforcement Event Type](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/passwordenforcement/passwordenforcement.md), selecting **Allow** means that this policy will not validate the new passwords for the accounts listed here. Selecting **Block** means that this policy will validate the new passwords for the accounts listed here. Use the buttons in the Perpetrators and Collections of Perpetrators areas to edit the lists. - Perpetrators area – The Add (+) button opens the - [Select Active Directory Perpetrators Window](/docs/threatprevention/7.5/admin/policies/eventtype/window/selectactivedirectory/perpetrators.md). + [Select Active Directory Perpetrators Window](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/perpetrators.md). - Collections of Perpetrators area - The Collection button opens the [List of Collections Window](/docs/threatprevention/7.5/admin/configuration/collectionmanager/listcollections.md) to the appropriate Collection category. @@ -102,7 +108,7 @@ hosts as originators of an event. Select the **Block** or **Allow** option button and then edit the list. -- For the [Password Enforcement Event Type](/docs/threatprevention/7.5/admin/policies/eventtype/passwordenforcement.md), selecting **Allow** means that +- For the [Password Enforcement Event Type](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/passwordenforcement/passwordenforcement.md), selecting **Allow** means that this policy will not validate the new passwords for the accounts listed here. Selecting **Block** means that this policy will validate the new passwords for the accounts listed here. - For the Authentication Lockdown Event Type, this filter blocks or only allows authentication from @@ -110,7 +116,7 @@ Select the **Block** or **Allow** option button and then edit the list. Use the buttons in the Include Hosts area to edit the list. -- The Hosts Add (+) button opens the [Select Computer Window](/docs/threatprevention/7.5/admin/policies/eventtype/window/selectcomputers.md). +- The Hosts Add (+) button opens the [Select Computer Window](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/selectcomputers.md). - The Remove (x) button deletes the selected item(s) from that box. ## Hosts (to) Filter @@ -122,7 +128,7 @@ hosts as target hosts of an event. Use the buttons in the Include Hosts area to edit the list. -- The Hosts Add (+) button opens the [Select Computer Window](/docs/threatprevention/7.5/admin/policies/eventtype/window/selectcomputers.md). +- The Hosts Add (+) button opens the [Select Computer Window](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/selectcomputers.md). - The Remove (x) button deletes the selected item(s) from that box. ## Rule Preview Filter diff --git a/docs/threatprevention/7.5/admin/policies/eventtype/authenticationmonitoring.md b/docs/threatprevention/7.5/admin/policies/configuration/eventtype/authenticationmonitoring.md similarity index 93% rename from docs/threatprevention/7.5/admin/policies/eventtype/authenticationmonitoring.md rename to docs/threatprevention/7.5/admin/policies/configuration/eventtype/authenticationmonitoring.md index f199cb91de..d43f68037b 100644 --- a/docs/threatprevention/7.5/admin/policies/eventtype/authenticationmonitoring.md +++ b/docs/threatprevention/7.5/admin/policies/configuration/eventtype/authenticationmonitoring.md @@ -1,3 +1,9 @@ +--- +title: "Authentication Monitoring Event Type" +description: "Authentication Monitoring Event Type" +sidebar_position: 60 +--- + # Authentication Monitoring Event Type The Authentication Monitoring event type captures events according to policy filters for Kerberos, @@ -76,7 +82,7 @@ to exclude specific domains and/or servers. Use the buttons in the Include and Exclude areas to edit the lists. -- The Add (+) buttons open the [Select Domains and Servers Window](/docs/threatprevention/7.5/admin/policies/eventtype/window/selectdomainsservers.md). +- The Add (+) buttons open the [Select Domains and Servers Window](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/selectdomainsservers.md). - The Collection button opens the [List of Collections Window](/docs/threatprevention/7.5/admin/configuration/collectionmanager/listcollections.md) to the appropriate Collection category. @@ -112,7 +118,7 @@ Use the buttons in the Include Perpetrators, Include Collections, Exclude Perpet Collections areas to edit the lists. - The Perpetrators Add (+) button opens the - [Select Active Directory Perpetrators Window](/docs/threatprevention/7.5/admin/policies/eventtype/window/selectactivedirectory/perpetrators.md). + [Select Active Directory Perpetrators Window](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/perpetrators.md). - The Collection button opens the [List of Collections Window](/docs/threatprevention/7.5/admin/configuration/collectionmanager/listcollections.md) to the appropriate Collection category. @@ -139,7 +145,7 @@ originators of an event or to exclude specific IP addresses. Use the buttons in the Include IP Addresses, Include Collections, Exclude IP Addresses, and Exclude Collections areas to edit the lists. -- The IP Addresses Add (+) button opens the [Add IP Address Window](/docs/threatprevention/7.5/admin/policies/eventtype/window/addipaddress.md). +- The IP Addresses Add (+) button opens the [Add IP Address Window](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/addipaddress.md). - The Collection button opens the [List of Collections Window](/docs/threatprevention/7.5/admin/configuration/collectionmanager/listcollections.md) to the appropriate Collection category. @@ -159,7 +165,7 @@ hosts of an event or to exclude specific IP addresses. Use the buttons in the Include IP Addresses, Include Collections, Exclude IP Addresses, and Exclude Collections areas to edit the lists. -- The IP Addresses Add (+) button opens the [Add IP Address Window](/docs/threatprevention/7.5/admin/policies/eventtype/window/addipaddress.md). +- The IP Addresses Add (+) button opens the [Add IP Address Window](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/addipaddress.md). - The Collection button opens the [List of Collections Window](/docs/threatprevention/7.5/admin/configuration/collectionmanager/listcollections.md) to the appropriate Collection category. @@ -179,7 +185,7 @@ hosts as originators of an event or to exclude specific hosts from being monitor Use the buttons in the Include Hosts, Include Collections, Exclude Hosts, and Exclude Collections areas to edit the lists. -- The Hosts Add (+) button opens the [Select Computer Window](/docs/threatprevention/7.5/admin/policies/eventtype/window/selectcomputers.md). +- The Hosts Add (+) button opens the [Select Computer Window](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/selectcomputers.md). - The Collection button opens the [List of Collections Window](/docs/threatprevention/7.5/admin/configuration/collectionmanager/listcollections.md) to the appropriate Collection category. @@ -199,7 +205,7 @@ target hosts of an event or to exclude specific hosts from being monitored. Use the buttons in the Include Hosts, Include Collections, Exclude Hosts, and Exclude Collections areas to edit the lists. -- The Hosts Add (+) button opens the [Select Computer Window](/docs/threatprevention/7.5/admin/policies/eventtype/window/selectcomputers.md). +- The Hosts Add (+) button opens the [Select Computer Window](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/selectcomputers.md). - The Collection button opens the [List of Collections Window](/docs/threatprevention/7.5/admin/configuration/collectionmanager/listcollections.md) to the appropriate Collection category. diff --git a/docs/threatprevention/7.5/admin/policies/eventtype/effectivegroupmembership.md b/docs/threatprevention/7.5/admin/policies/configuration/eventtype/effectivegroupmembership.md similarity index 91% rename from docs/threatprevention/7.5/admin/policies/eventtype/effectivegroupmembership.md rename to docs/threatprevention/7.5/admin/policies/configuration/eventtype/effectivegroupmembership.md index d56f5317e1..2c6b248988 100644 --- a/docs/threatprevention/7.5/admin/policies/eventtype/effectivegroupmembership.md +++ b/docs/threatprevention/7.5/admin/policies/configuration/eventtype/effectivegroupmembership.md @@ -1,3 +1,9 @@ +--- +title: "Effective Group Membership Event Type" +description: "Effective Group Membership Event Type" +sidebar_position: 80 +--- + # Effective Group Membership Event Type The Effective Group Membership event type generates an event when security principals are added to @@ -24,7 +30,7 @@ membership of the specified group as well as all its nested groups. Use the buttons to include Active Directory groups in the list. -- The Add (+) button opens the [Select AD Groups Window](/docs/threatprevention/7.5/admin/policies/eventtype/window/selectactivedirectory/groups.md). +- The Add (+) button opens the [Select AD Groups Window](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/groups.md). - The Remove (x) button deletes the selected item(s) from that box. ## AD Perpetrator Filter @@ -39,7 +45,7 @@ Use the buttons in the Include Perpetrators, Include Collections, Exclude Perpet Collections areas to edit the lists. - The Perpetrators Add (+) button opens the - [Select Active Directory Perpetrators Window](/docs/threatprevention/7.5/admin/policies/eventtype/window/selectactivedirectory/perpetrators.md). + [Select Active Directory Perpetrators Window](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/perpetrators.md). - The Collection button opens the [List of Collections Window](/docs/threatprevention/7.5/admin/configuration/collectionmanager/listcollections.md) to the appropriate Collection category. diff --git a/docs/threatprevention/7.5/admin/policies/eventtype/exchangechanges.md b/docs/threatprevention/7.5/admin/policies/configuration/eventtype/exchangechanges.md similarity index 96% rename from docs/threatprevention/7.5/admin/policies/eventtype/exchangechanges.md rename to docs/threatprevention/7.5/admin/policies/configuration/eventtype/exchangechanges.md index 5ba9cb8f09..8c28d01dec 100644 --- a/docs/threatprevention/7.5/admin/policies/eventtype/exchangechanges.md +++ b/docs/threatprevention/7.5/admin/policies/configuration/eventtype/exchangechanges.md @@ -1,3 +1,9 @@ +--- +title: "Exchange Changes Event Type" +description: "Exchange Changes Event Type" +sidebar_position: 90 +--- + # Exchange Changes Event Type The Exchange Changes event type produces events for specified activities on the Exchange Server. @@ -53,7 +59,7 @@ specific objects or containers from being monitored. Select the **Include** or **Exclude** button and then edit the list. - The **Add** (+) button opens the - [Select Exchange Objects from Active Directory Window](/docs/threatprevention/7.5/admin/policies/eventtype/window/selectactivedirectory/exchangeobjects.md). + [Select Exchange Objects from Active Directory Window](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/exchangeobjects.md). - The Collection button opens the [List of Collections Window](/docs/threatprevention/7.5/admin/configuration/collectionmanager/listcollections.md) to the appropriate Collection category. @@ -74,7 +80,7 @@ either **Include** or **Exclude**. Use the buttons in the Trustees and Collections of Trustees areas to edit the lists. - The Trustees **Add** (+) button opens the - [Select Active Directory Trustees Window](/docs/threatprevention/7.5/admin/policies/eventtype/window/selectactivedirectory/trustees.md). + [Select Active Directory Trustees Window](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/trustees.md). - The Collection button opens the [List of Collections Window](/docs/threatprevention/7.5/admin/configuration/collectionmanager/listcollections.md) to the appropriate Collection category. @@ -156,7 +162,7 @@ Both the checkboxes and the option buttons have their own set of Include or Excl Use the buttons in the Perpetrators and Collections of Perpetrators areas to edit the lists. - The Perpetrators Add (+) button opens the - [Select Active Directory Perpetrators Window](/docs/threatprevention/7.5/admin/policies/eventtype/window/selectactivedirectory/perpetrators.md). + [Select Active Directory Perpetrators Window](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/perpetrators.md). - The Collection button opens the [List of Collections Window](/docs/threatprevention/7.5/admin/configuration/collectionmanager/listcollections.md) to the appropriate Collection category. diff --git a/docs/threatprevention/7.5/admin/policies/eventtype/exchangelockdown.md b/docs/threatprevention/7.5/admin/policies/configuration/eventtype/exchangelockdown.md similarity index 96% rename from docs/threatprevention/7.5/admin/policies/eventtype/exchangelockdown.md rename to docs/threatprevention/7.5/admin/policies/configuration/eventtype/exchangelockdown.md index ad89c20504..6f6c61b05c 100644 --- a/docs/threatprevention/7.5/admin/policies/eventtype/exchangelockdown.md +++ b/docs/threatprevention/7.5/admin/policies/configuration/eventtype/exchangelockdown.md @@ -1,3 +1,9 @@ +--- +title: "Exchange Lockdown Event Type" +description: "Exchange Lockdown Event Type" +sidebar_position: 100 +--- + # Exchange Lockdown Event Type The Exchange Lockdown event type prevents specified types of changes in Exchange and generates an @@ -61,7 +67,7 @@ specific objects or containers from being locked down. Select the **Include** or **Exclude** button and then edit the list. - The **Add** (+) button opens the - [Select Exchange Objects from Active Directory Window](/docs/threatprevention/7.5/admin/policies/eventtype/window/selectactivedirectory/exchangeobjects.md). + [Select Exchange Objects from Active Directory Window](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/exchangeobjects.md). - The Collection button opens the [List of Collections Window](/docs/threatprevention/7.5/admin/configuration/collectionmanager/listcollections.md) to the appropriate Collection category. @@ -81,7 +87,7 @@ Select the **Block** or **Allow** option button and then edit the list. Use the buttons in the Trustees and Collections of Trustees areas to edit the lists. - The Trustees **Add** (+) button opens the - [Select Active Directory Trustees Window](/docs/threatprevention/7.5/admin/policies/eventtype/window/selectactivedirectory/trustees.md). + [Select Active Directory Trustees Window](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/trustees.md). - The Collection button opens the [List of Collections Window](/docs/threatprevention/7.5/admin/configuration/collectionmanager/listcollections.md) to the appropriate Collection category. @@ -165,7 +171,7 @@ Both the checkboxes and the option buttons have their own set of Block or Allow Use the buttons in the Perpetrators and Collections of Perpetrators areas to edit the lists. - The Perpetrators Add (+) button opens the - [Select Active Directory Perpetrators Window](/docs/threatprevention/7.5/admin/policies/eventtype/window/selectactivedirectory/perpetrators.md). + [Select Active Directory Perpetrators Window](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/perpetrators.md). - The Collection button opens the [List of Collections Window](/docs/threatprevention/7.5/admin/configuration/collectionmanager/listcollections.md) to the appropriate Collection category. diff --git a/docs/threatprevention/7.5/admin/policies/configuration/eventtype/filesystemchanges/_category_.json b/docs/threatprevention/7.5/admin/policies/configuration/eventtype/filesystemchanges/_category_.json new file mode 100644 index 0000000000..3c61e0c0fe --- /dev/null +++ b/docs/threatprevention/7.5/admin/policies/configuration/eventtype/filesystemchanges/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "File System Changes Event Type", + "position": 110, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "filesystemchanges" + } +} \ No newline at end of file diff --git a/docs/threatprevention/7.5/admin/policies/eventtype/filesystemchanges.md b/docs/threatprevention/7.5/admin/policies/configuration/eventtype/filesystemchanges/filesystemchanges.md similarity index 97% rename from docs/threatprevention/7.5/admin/policies/eventtype/filesystemchanges.md rename to docs/threatprevention/7.5/admin/policies/configuration/eventtype/filesystemchanges/filesystemchanges.md index 4c56a5aca7..ff857c5bc6 100644 --- a/docs/threatprevention/7.5/admin/policies/eventtype/filesystemchanges.md +++ b/docs/threatprevention/7.5/admin/policies/configuration/eventtype/filesystemchanges/filesystemchanges.md @@ -1,3 +1,9 @@ +--- +title: "File System Changes Event Type" +description: "File System Changes Event Type" +sidebar_position: 110 +--- + # File System Changes Event Type The File System Changes event type generates events for selected actions on selected files, such as @@ -148,7 +154,7 @@ Use the buttons in the Include Paths, Include Collections, Exclude Paths, and Ex areas to edit the lists. - The Path **Add** (+) button opens the - [Select File System Objects Window](/docs/threatprevention/7.5/admin/policies/eventtype/window/selectfilesystemobjects.md). + [Select File System Objects Window](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/selectfilesystemobjects.md). - The Collection button opens the [List of Collections Window](/docs/threatprevention/7.5/admin/configuration/collectionmanager/listcollections.md) to the appropriate Collection category. @@ -199,7 +205,7 @@ Use the buttons in the Include Perpetrators, Include Collections, Exclude Perpet Collections areas to edit the lists. - The Perpetrators Add (+) button opens the - [Select Active Directory Perpetrators Window](/docs/threatprevention/7.5/admin/policies/eventtype/window/selectactivedirectory/perpetrators.md). + [Select Active Directory Perpetrators Window](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/perpetrators.md). - The Collection button opens the [List of Collections Window](/docs/threatprevention/7.5/admin/configuration/collectionmanager/listcollections.md) to the appropriate Collection category. diff --git a/docs/threatprevention/7.5/admin/policies/eventtype/usecase/nasdevice.md b/docs/threatprevention/7.5/admin/policies/configuration/eventtype/filesystemchanges/nasdevice.md similarity index 93% rename from docs/threatprevention/7.5/admin/policies/eventtype/usecase/nasdevice.md rename to docs/threatprevention/7.5/admin/policies/configuration/eventtype/filesystemchanges/nasdevice.md index a3c5f9a42b..ab0433a25d 100644 --- a/docs/threatprevention/7.5/admin/policies/eventtype/usecase/nasdevice.md +++ b/docs/threatprevention/7.5/admin/policies/configuration/eventtype/filesystemchanges/nasdevice.md @@ -1,3 +1,9 @@ +--- +title: "Monitor NAS Devices" +description: "Monitor NAS Devices" +sidebar_position: 10 +--- + # Monitor NAS Devices Monitoring a NAS device first requires the Netwrix Activity Monitor to have an Activity agent @@ -18,7 +24,7 @@ Follow the steps to monitor NAS devices. **Step 3 –** In the Event Filters section, go to the Paths filter tab and click the **Add** button in the Include Paths area to open the -[Select File System Objects Window](/docs/threatprevention/7.5/admin/policies/eventtype/window/selectfilesystemobjects.md). +[Select File System Objects Window](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/selectfilesystemobjects.md). _Remember,_ any files or folders to be excluded need to be a subset of a folder identified in the Include Paths area. diff --git a/docs/threatprevention/7.5/admin/policies/eventtype/filesystemlockdown.md b/docs/threatprevention/7.5/admin/policies/configuration/eventtype/filesystemlockdown.md similarity index 95% rename from docs/threatprevention/7.5/admin/policies/eventtype/filesystemlockdown.md rename to docs/threatprevention/7.5/admin/policies/configuration/eventtype/filesystemlockdown.md index 2f0a0563e2..51c420fddb 100644 --- a/docs/threatprevention/7.5/admin/policies/eventtype/filesystemlockdown.md +++ b/docs/threatprevention/7.5/admin/policies/configuration/eventtype/filesystemlockdown.md @@ -1,3 +1,9 @@ +--- +title: "File System Lockdown Event Type" +description: "File System Lockdown Event Type" +sidebar_position: 120 +--- + # File System Lockdown Event Type Based on policy rules, the File System Lockdown event type can prevent file activity on selected @@ -98,7 +104,7 @@ The Paths section defines the top level folder or individual files for lockdown. the Paths and Path Collections areas to edit the lists. - The Path **Add** (+) button opens the - [Select File System Objects Window](/docs/threatprevention/7.5/admin/policies/eventtype/window/selectfilesystemobjects.md). + [Select File System Objects Window](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/selectfilesystemobjects.md). - The Collection button opens the [List of Collections Window](/docs/threatprevention/7.5/admin/configuration/collectionmanager/listcollections.md) to the appropriate Collection category. @@ -147,14 +153,14 @@ from being locked down. Select the **Block** or **Allow** option button and then edit the list. -**NOTE:** For the [Password Enforcement Event Type](/docs/threatprevention/7.5/admin/policies/eventtype/passwordenforcement.md), selecting **Allow** +**NOTE:** For the [Password Enforcement Event Type](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/passwordenforcement/passwordenforcement.md), selecting **Allow** means that this policy will not validate the new passwords for the accounts listed here. Selecting **Block** means that this policy will validate the new passwords for the accounts listed here. Use the buttons in the Perpetrators and Collections of Perpetrators areas to edit the lists. - Perpetrators area – The Add (+) button opens the - [Select Active Directory Perpetrators Window](/docs/threatprevention/7.5/admin/policies/eventtype/window/selectactivedirectory/perpetrators.md). + [Select Active Directory Perpetrators Window](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/perpetrators.md). - Collections of Perpetrators area - The Collection button opens the [List of Collections Window](/docs/threatprevention/7.5/admin/configuration/collectionmanager/listcollections.md) to the appropriate Collection category. diff --git a/docs/threatprevention/7.5/admin/policies/eventtype/fsmorolemonitoring.md b/docs/threatprevention/7.5/admin/policies/configuration/eventtype/fsmorolemonitoring.md similarity index 94% rename from docs/threatprevention/7.5/admin/policies/eventtype/fsmorolemonitoring.md rename to docs/threatprevention/7.5/admin/policies/configuration/eventtype/fsmorolemonitoring.md index ca2d1136d5..e4b159ba4f 100644 --- a/docs/threatprevention/7.5/admin/policies/eventtype/fsmorolemonitoring.md +++ b/docs/threatprevention/7.5/admin/policies/configuration/eventtype/fsmorolemonitoring.md @@ -1,3 +1,9 @@ +--- +title: "FSMO Role Monitoring Event Type" +description: "FSMO Role Monitoring Event Type" +sidebar_position: 130 +--- + # FSMO Role Monitoring Event Type The FSMO Role Monitoring event type generates events based on policy rules when domain controllers @@ -67,7 +73,7 @@ to exclude specific domains and/or servers. Use the buttons in the Include and Exclude areas to edit the lists. -- The Add (+) buttons open the [Select Domains and Servers Window](/docs/threatprevention/7.5/admin/policies/eventtype/window/selectdomainsservers.md). +- The Add (+) buttons open the [Select Domains and Servers Window](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/selectdomainsservers.md). - The Collection button opens the [List of Collections Window](/docs/threatprevention/7.5/admin/configuration/collectionmanager/listcollections.md) to the appropriate Collection category. @@ -89,7 +95,7 @@ Use the buttons in the Include Perpetrators, Include Collections, Exclude Perpet Collections areas to edit the lists. - The Perpetrators Add (+) button opens the - [Select Active Directory Perpetrators Window](/docs/threatprevention/7.5/admin/policies/eventtype/window/selectactivedirectory/perpetrators.md). + [Select Active Directory Perpetrators Window](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/perpetrators.md). - The Collection button opens the [List of Collections Window](/docs/threatprevention/7.5/admin/configuration/collectionmanager/listcollections.md) to the appropriate Collection category. diff --git a/docs/threatprevention/7.5/admin/policies/eventtype/gposettingchanges.md b/docs/threatprevention/7.5/admin/policies/configuration/eventtype/gposettingchanges.md similarity index 93% rename from docs/threatprevention/7.5/admin/policies/eventtype/gposettingchanges.md rename to docs/threatprevention/7.5/admin/policies/configuration/eventtype/gposettingchanges.md index f07a4dc742..f283abbde0 100644 --- a/docs/threatprevention/7.5/admin/policies/eventtype/gposettingchanges.md +++ b/docs/threatprevention/7.5/admin/policies/configuration/eventtype/gposettingchanges.md @@ -1,3 +1,9 @@ +--- +title: "GPO Setting Changes Event Type" +description: "GPO Setting Changes Event Type" +sidebar_position: 140 +--- + # GPO Setting Changes Event Type The GPO Setting Changes event type generates events based on rules for specified (or all) GPOs, to @@ -34,7 +40,7 @@ In the Group Policy Objects section, scope to specific GPOs: - List – Scopes to the specified GPOs - The **Add** (+) button opens the - [Select Active Directory Group Policy Objects Window](/docs/threatprevention/7.5/admin/policies/eventtype/window/selectactivedirectory/grouppolicyobjects.md). + [Select Active Directory Group Policy Objects Window](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/grouppolicyobjects.md). - The Remove (x) button deletes the selected item(s) from that box. ## AD Perpetrator Filter @@ -49,7 +55,7 @@ Use the buttons in the Include Perpetrators, Include Collections, Exclude Perpet Collections areas to edit the lists. - The Perpetrators Add (+) button opens the - [Select Active Directory Perpetrators Window](/docs/threatprevention/7.5/admin/policies/eventtype/window/selectactivedirectory/perpetrators.md). + [Select Active Directory Perpetrators Window](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/perpetrators.md). - The Collection button opens the [List of Collections Window](/docs/threatprevention/7.5/admin/configuration/collectionmanager/listcollections.md) to the appropriate Collection category. diff --git a/docs/threatprevention/7.5/admin/policies/eventtype/gposettinglockdown.md b/docs/threatprevention/7.5/admin/policies/configuration/eventtype/gposettinglockdown.md similarity index 89% rename from docs/threatprevention/7.5/admin/policies/eventtype/gposettinglockdown.md rename to docs/threatprevention/7.5/admin/policies/configuration/eventtype/gposettinglockdown.md index e84de17c89..c45ec99b9a 100644 --- a/docs/threatprevention/7.5/admin/policies/eventtype/gposettinglockdown.md +++ b/docs/threatprevention/7.5/admin/policies/configuration/eventtype/gposettinglockdown.md @@ -1,3 +1,9 @@ +--- +title: "GPO Setting Lockdown Event Type" +description: "GPO Setting Lockdown Event Type" +sidebar_position: 150 +--- + # GPO Setting Lockdown Event Type The GPO Setting Lockdown event type can prevent all changes against specified GPOs. Note that this @@ -40,7 +46,7 @@ In the Group Policy Objects section, scope to specific GPOs: - List – Scopes to the specified GPOs - The **Add** (+) button opens the - [Select Active Directory Group Policy Objects Window](/docs/threatprevention/7.5/admin/policies/eventtype/window/selectactivedirectory/grouppolicyobjects.md). + [Select Active Directory Group Policy Objects Window](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/grouppolicyobjects.md). - The Remove (x) button deletes the selected item(s) from that box. ## Domains/Servers Filter @@ -52,7 +58,7 @@ to exclude specific domains and/or servers. Use the buttons in the Include and Exclude areas to edit the lists. -- The Add (+) buttons open the [Select Domains and Servers Window](/docs/threatprevention/7.5/admin/policies/eventtype/window/selectdomainsservers.md). +- The Add (+) buttons open the [Select Domains and Servers Window](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/selectdomainsservers.md). - The Collection button opens the [List of Collections Window](/docs/threatprevention/7.5/admin/configuration/collectionmanager/listcollections.md) to the appropriate Collection category. @@ -72,14 +78,14 @@ from being locked down. Select the **Block** or **Allow** option button and then edit the list. -**NOTE:** For the [Password Enforcement Event Type](/docs/threatprevention/7.5/admin/policies/eventtype/passwordenforcement.md), selecting **Allow** +**NOTE:** For the [Password Enforcement Event Type](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/passwordenforcement/passwordenforcement.md), selecting **Allow** means that this policy will not validate the new passwords for the accounts listed here. Selecting **Block** means that this policy will validate the new passwords for the accounts listed here. Use the buttons in the Perpetrators and Collections of Perpetrators areas to edit the lists. - Perpetrators area – The Add (+) button opens the - [Select Active Directory Perpetrators Window](/docs/threatprevention/7.5/admin/policies/eventtype/window/selectactivedirectory/perpetrators.md). + [Select Active Directory Perpetrators Window](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/perpetrators.md). - Collections of Perpetrators area - The Collection button opens the [List of Collections Window](/docs/threatprevention/7.5/admin/configuration/collectionmanager/listcollections.md) to the appropriate Collection category. diff --git a/docs/threatprevention/7.5/admin/policies/eventtype/ldapbindmonitoring.md b/docs/threatprevention/7.5/admin/policies/configuration/eventtype/ldapbindmonitoring.md similarity index 91% rename from docs/threatprevention/7.5/admin/policies/eventtype/ldapbindmonitoring.md rename to docs/threatprevention/7.5/admin/policies/configuration/eventtype/ldapbindmonitoring.md index 8f60960c46..3002fac809 100644 --- a/docs/threatprevention/7.5/admin/policies/eventtype/ldapbindmonitoring.md +++ b/docs/threatprevention/7.5/admin/policies/configuration/eventtype/ldapbindmonitoring.md @@ -1,7 +1,13 @@ +--- +title: "LDAP Bind Monitoring Event Type" +description: "LDAP Bind Monitoring Event Type" +sidebar_position: 180 +--- + # LDAP Bind Monitoring Event Type The LDAP Bind Monitoring event type monitors all connections established with LDAP, including the -users who connected with LDAP. While the [LDAP Monitoring Event Type](/docs/threatprevention/7.5/admin/policies/eventtype/ldapmonitoring.md) creates +users who connected with LDAP. While the [LDAP Monitoring Event Type](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/ldapmonitoring/ldapmonitoring.md) creates events when actual LDAP queries are executed, LDAP Bind Monitoring creates events when a connection is established with LDAP. @@ -53,7 +59,7 @@ to exclude specific domains and/or servers. Use the buttons in the Include and Exclude areas to edit the lists. -- The Add (+) buttons open the [Select Domains and Servers Window](/docs/threatprevention/7.5/admin/policies/eventtype/window/selectdomainsservers.md). +- The Add (+) buttons open the [Select Domains and Servers Window](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/selectdomainsservers.md). - The Collection button opens the [List of Collections Window](/docs/threatprevention/7.5/admin/configuration/collectionmanager/listcollections.md) to the appropriate Collection category. @@ -89,7 +95,7 @@ Use the buttons in the Include Perpetrators, Include Collections, Exclude Perpet Collections areas to edit the lists. - The Perpetrators Add (+) button opens the - [Select Active Directory Perpetrators Window](/docs/threatprevention/7.5/admin/policies/eventtype/window/selectactivedirectory/perpetrators.md). + [Select Active Directory Perpetrators Window](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/perpetrators.md). - The Collection button opens the [List of Collections Window](/docs/threatprevention/7.5/admin/configuration/collectionmanager/listcollections.md) to the appropriate Collection category. @@ -116,7 +122,7 @@ originators of an event or to exclude specific IP addresses. Use the buttons in the Include IP Addresses, Include Collections, Exclude IP Addresses, and Exclude Collections areas to edit the lists. -- The IP Addresses Add (+) button opens the [Add IP Address Window](/docs/threatprevention/7.5/admin/policies/eventtype/window/addipaddress.md). +- The IP Addresses Add (+) button opens the [Add IP Address Window](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/addipaddress.md). - The Collection button opens the [List of Collections Window](/docs/threatprevention/7.5/admin/configuration/collectionmanager/listcollections.md) to the appropriate Collection category. @@ -136,7 +142,7 @@ hosts as originators of an event or to exclude specific hosts from being monitor Use the buttons in the Include Hosts, Include Collections, Exclude Hosts, and Exclude Collections areas to edit the lists. -- The Hosts Add (+) button opens the [Select Computer Window](/docs/threatprevention/7.5/admin/policies/eventtype/window/selectcomputers.md). +- The Hosts Add (+) button opens the [Select Computer Window](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/selectcomputers.md). - The Collection button opens the [List of Collections Window](/docs/threatprevention/7.5/admin/configuration/collectionmanager/listcollections.md) to the appropriate Collection category. diff --git a/docs/threatprevention/7.5/admin/policies/eventtype/ldaplockdown.md b/docs/threatprevention/7.5/admin/policies/configuration/eventtype/ldaplockdown.md similarity index 88% rename from docs/threatprevention/7.5/admin/policies/eventtype/ldaplockdown.md rename to docs/threatprevention/7.5/admin/policies/configuration/eventtype/ldaplockdown.md index c46320df18..58eca1a6cc 100644 --- a/docs/threatprevention/7.5/admin/policies/eventtype/ldaplockdown.md +++ b/docs/threatprevention/7.5/admin/policies/configuration/eventtype/ldaplockdown.md @@ -1,3 +1,9 @@ +--- +title: "LDAP Lockdown Event Type" +description: "LDAP Lockdown Event Type" +sidebar_position: 170 +--- + # LDAP Lockdown Event Type The LDAP Lockdown event type can prevent execution of LDAP queries that meet policy filters/rules. @@ -42,13 +48,13 @@ available for the event type: conform to your security configurations - This option displays additional filters for Secure configurations and Search scopes. See the - [LDAP Search Operations Use Case](/docs/threatprevention/7.5/admin/policies/eventtype/usecase/ldapsearch.md) topic for additional information. + [LDAP Search Operations Use Case](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/ldapmonitoring/ldapsearch.md) topic for additional information. - LDAP Ping – LDAP Ping is a Microsoft Active Directory specific Lightweight Directory Access Protocol (LDAP) or Connection-less Lightweight Directory Access Protocol (CLDAP) search that returns information about whether services are live on a domain controller - - See the [LDAP Ping Operations Use Case](/docs/threatprevention/7.5/admin/policies/eventtype/usecase/ldapping.md) topic for additional information. + - See the [LDAP Ping Operations Use Case](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/ldapmonitoring/ldapping.md) topic for additional information. When LDAP Ping is selected, the Secure Configurations and Search scopes sections are not displayed. @@ -62,7 +68,7 @@ to exclude specific domains and/or servers. Use the buttons in the Include and Exclude areas to edit the lists. -- The Add (+) buttons open the [Select Domains and Servers Window](/docs/threatprevention/7.5/admin/policies/eventtype/window/selectdomainsservers.md). +- The Add (+) buttons open the [Select Domains and Servers Window](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/selectdomainsservers.md). - The Collection button opens the [List of Collections Window](/docs/threatprevention/7.5/admin/configuration/collectionmanager/listcollections.md) to the appropriate Collection category. @@ -82,14 +88,14 @@ from being locked down. Select the **Block** or **Allow** option button and then edit the list. -**NOTE:** For the [Password Enforcement Event Type](/docs/threatprevention/7.5/admin/policies/eventtype/passwordenforcement.md), selecting **Allow** +**NOTE:** For the [Password Enforcement Event Type](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/passwordenforcement/passwordenforcement.md), selecting **Allow** means that this policy will not validate the new passwords for the accounts listed here. Selecting **Block** means that this policy will validate the new passwords for the accounts listed here. Use the buttons in the Perpetrators and Collections of Perpetrators areas to edit the lists. - Perpetrators area – The Add (+) button opens the - [Select Active Directory Perpetrators Window](/docs/threatprevention/7.5/admin/policies/eventtype/window/selectactivedirectory/perpetrators.md). + [Select Active Directory Perpetrators Window](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/perpetrators.md). - Collections of Perpetrators area - The Collection button opens the [List of Collections Window](/docs/threatprevention/7.5/admin/configuration/collectionmanager/listcollections.md) to the appropriate Collection category. @@ -121,7 +127,7 @@ Enter a query in the LDAP Queries box. You can type a string in the textbox. Alt buttons in the respective sections. - The Add (+) buttons open the - [Select Active Directory Objects Window](/docs/threatprevention/7.5/admin/policies/eventtype/window/selectactivedirectory/objects.md). + [Select Active Directory Objects Window](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/objects.md). - The Remove (x) button deletes the selected item(s) from that box. ## Hosts (from) Filter @@ -133,15 +139,15 @@ hosts as originators of an event. Select the **Block** or **Allow** option button and then edit the list. -- For the [Password Enforcement Event Type](/docs/threatprevention/7.5/admin/policies/eventtype/passwordenforcement.md), selecting **Allow** means that +- For the [Password Enforcement Event Type](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/passwordenforcement/passwordenforcement.md), selecting **Allow** means that this policy will not validate the new passwords for the accounts listed here. Selecting **Block** means that this policy will validate the new passwords for the accounts listed here. -- For the [Authentication Lockdown Event Type](/docs/threatprevention/7.5/admin/policies/eventtype/authenticationlockdown.md), this filter blocks or +- For the [Authentication Lockdown Event Type](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/authenticationlockdown.md), this filter blocks or only allows authentication from the identified host(s). Use the buttons in the Include Hosts area to edit the list. -- The Hosts Add (+) button opens the [Select Computer Window](/docs/threatprevention/7.5/admin/policies/eventtype/window/selectcomputers.md). +- The Hosts Add (+) button opens the [Select Computer Window](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/selectcomputers.md). - The Remove (x) button deletes the selected item(s) from that box. ## Rule Preview Filter diff --git a/docs/threatprevention/7.5/admin/policies/configuration/eventtype/ldapmonitoring/_category_.json b/docs/threatprevention/7.5/admin/policies/configuration/eventtype/ldapmonitoring/_category_.json new file mode 100644 index 0000000000..f970f948de --- /dev/null +++ b/docs/threatprevention/7.5/admin/policies/configuration/eventtype/ldapmonitoring/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "LDAP Monitoring Event Type", + "position": 160, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "ldapmonitoring" + } +} \ No newline at end of file diff --git a/docs/threatprevention/7.5/admin/policies/eventtype/ldapmonitoring.md b/docs/threatprevention/7.5/admin/policies/configuration/eventtype/ldapmonitoring/ldapmonitoring.md similarity index 92% rename from docs/threatprevention/7.5/admin/policies/eventtype/ldapmonitoring.md rename to docs/threatprevention/7.5/admin/policies/configuration/eventtype/ldapmonitoring/ldapmonitoring.md index 3b33f0ec62..3181a80d99 100644 --- a/docs/threatprevention/7.5/admin/policies/eventtype/ldapmonitoring.md +++ b/docs/threatprevention/7.5/admin/policies/configuration/eventtype/ldapmonitoring/ldapmonitoring.md @@ -1,3 +1,9 @@ +--- +title: "LDAP Monitoring Event Type" +description: "LDAP Monitoring Event Type" +sidebar_position: 160 +--- + # LDAP Monitoring Event Type The LDAP Monitoring event type generates an event for LDAP queries that match policy filter rules. @@ -44,13 +50,13 @@ available for the event type: conform to your security configurations - This option displays additional filters for Secure configurations and Search scopes. See the - [LDAP Search Operations Use Case](/docs/threatprevention/7.5/admin/policies/eventtype/usecase/ldapsearch.md) topic for additional information. + [LDAP Search Operations Use Case](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/ldapmonitoring/ldapsearch.md) topic for additional information. - LDAP Ping – LDAP Ping is a Microsoft Active Directory specific Lightweight Directory Access Protocol (LDAP) or Connection-less Lightweight Directory Access Protocol (CLDAP) search that returns information about whether services are live on a domain controller - - See the [LDAP Ping Operations Use Case](/docs/threatprevention/7.5/admin/policies/eventtype/usecase/ldapping.md) topic for additional information. + - See the [LDAP Ping Operations Use Case](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/ldapmonitoring/ldapping.md) topic for additional information. When LDAP Ping is selected, the Secure Configurations and Search scopes sections are not displayed. @@ -91,7 +97,7 @@ to exclude specific domains and/or servers. Use the buttons in the Include and Exclude areas to edit the lists. -- The Add (+) buttons open the [Select Domains and Servers Window](/docs/threatprevention/7.5/admin/policies/eventtype/window/selectdomainsservers.md). +- The Add (+) buttons open the [Select Domains and Servers Window](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/selectdomainsservers.md). - The Collection button opens the [List of Collections Window](/docs/threatprevention/7.5/admin/configuration/collectionmanager/listcollections.md) to the appropriate Collection category. @@ -127,7 +133,7 @@ Use the buttons in the Include Perpetrators, Include Collections, Exclude Perpet Collections areas to edit the lists. - The Perpetrators Add (+) button opens the - [Select Active Directory Perpetrators Window](/docs/threatprevention/7.5/admin/policies/eventtype/window/selectactivedirectory/perpetrators.md). + [Select Active Directory Perpetrators Window](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/perpetrators.md). - The Collection button opens the [List of Collections Window](/docs/threatprevention/7.5/admin/configuration/collectionmanager/listcollections.md) to the appropriate Collection category. @@ -155,7 +161,7 @@ Enter a query in the Include LDAP Queries and/or Exclude LDAP Queries boxes. You in the textbox. Alternatively, use the buttons in the respective sections. - The Add (+) buttons open the - [Select Active Directory Objects Window](/docs/threatprevention/7.5/admin/policies/eventtype/window/selectactivedirectory/objects.md). + [Select Active Directory Objects Window](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/objects.md). - The Remove (x) button deletes the selected item(s) from that box. ## LDAP Result Filter @@ -173,7 +179,7 @@ Specify the desired object in the Include Objects box. You can type a string in Alternatively, use the buttons in the respective sections. - The Add (+) buttons open the - [Select Active Directory Objects Window](/docs/threatprevention/7.5/admin/policies/eventtype/window/selectactivedirectory/objects.md). + [Select Active Directory Objects Window](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/objects.md). - The Remove (x) button deletes the selected item(s) from that box. ## LDAP Attributes Filter @@ -185,7 +191,7 @@ LDAP attributes or exclude specific attributes from being monitored. Use the buttons in the Include Attributes and Exclude Attributes boxes to edit the lists. -- The Attributes Add (+) button opens the [Attribute List Window](/docs/threatprevention/7.5/admin/policies/eventtype/window/attributelist.md). +- The Attributes Add (+) button opens the [Attribute List Window](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/attributelist.md). - The Collection button opens the [List of Collections Window](/docs/threatprevention/7.5/admin/configuration/collectionmanager/listcollections.md) to the appropriate Collection category. @@ -201,7 +207,7 @@ hosts as originators of an event or to exclude specific hosts from being monitor Use the buttons in the Include Hosts, Include Collections, Exclude Hosts, and Exclude Collections areas to edit the lists. -- The Hosts Add (+) button opens the [Select Computer Window](/docs/threatprevention/7.5/admin/policies/eventtype/window/selectcomputers.md). +- The Hosts Add (+) button opens the [Select Computer Window](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/selectcomputers.md). - The Collection button opens the [List of Collections Window](/docs/threatprevention/7.5/admin/configuration/collectionmanager/listcollections.md) to the appropriate Collection category. diff --git a/docs/threatprevention/7.5/admin/policies/eventtype/usecase/ldapping.md b/docs/threatprevention/7.5/admin/policies/configuration/eventtype/ldapmonitoring/ldapping.md similarity index 87% rename from docs/threatprevention/7.5/admin/policies/eventtype/usecase/ldapping.md rename to docs/threatprevention/7.5/admin/policies/configuration/eventtype/ldapmonitoring/ldapping.md index 75b526f537..df000d56a6 100644 --- a/docs/threatprevention/7.5/admin/policies/eventtype/usecase/ldapping.md +++ b/docs/threatprevention/7.5/admin/policies/configuration/eventtype/ldapmonitoring/ldapping.md @@ -1,3 +1,9 @@ +--- +title: "LDAP Ping Operations Use Case" +description: "LDAP Ping Operations Use Case" +sidebar_position: 20 +--- + # LDAP Ping Operations Use Case LDAP Ping is a Microsoft Active Directory specific Lightweight Directory Access Protocol (LDAP) or @@ -10,8 +16,8 @@ Threat Prevention can be configured to monitor and block LDAP Nom Nom, which is an anonymous bruteforce attack to find user names in Active Directory from domain controllers by using LDAP Ping requests. -When you create a policy with the [LDAP Monitoring Event Type](/docs/threatprevention/7.5/admin/policies/eventtype/ldapmonitoring.md) or the -[LDAP Lockdown Event Type](/docs/threatprevention/7.5/admin/policies/eventtype/ldaplockdown.md), the LDAP filter allows you to enable the LDAP Ping +When you create a policy with the [LDAP Monitoring Event Type](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/ldapmonitoring/ldapmonitoring.md) or the +[LDAP Lockdown Event Type](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/ldaplockdown.md), the LDAP filter allows you to enable the LDAP Ping option. ![LDAP filter for the LDAP Monitoring and LDAP Lockdown event types](/img/product_docs/threatprevention/7.5/admin/policies/eventtype/usecase/ldapping.webp) diff --git a/docs/threatprevention/7.5/admin/policies/eventtype/usecase/ldapsearch.md b/docs/threatprevention/7.5/admin/policies/configuration/eventtype/ldapmonitoring/ldapsearch.md similarity index 80% rename from docs/threatprevention/7.5/admin/policies/eventtype/usecase/ldapsearch.md rename to docs/threatprevention/7.5/admin/policies/configuration/eventtype/ldapmonitoring/ldapsearch.md index bb1d89ae99..411701b68d 100644 --- a/docs/threatprevention/7.5/admin/policies/eventtype/usecase/ldapsearch.md +++ b/docs/threatprevention/7.5/admin/policies/configuration/eventtype/ldapmonitoring/ldapsearch.md @@ -1,10 +1,16 @@ +--- +title: "LDAP Search Operations Use Case" +description: "LDAP Search Operations Use Case" +sidebar_position: 10 +--- + # LDAP Search Operations Use Case Use the LDAP Search operation to search for and identify activity that does not conform to your security configurations. -When you create a policy with the [LDAP Monitoring Event Type](/docs/threatprevention/7.5/admin/policies/eventtype/ldapmonitoring.md) or the -[LDAP Lockdown Event Type](/docs/threatprevention/7.5/admin/policies/eventtype/ldaplockdown.md), the LDAP filter allows you to enable the LDAP Search +When you create a policy with the [LDAP Monitoring Event Type](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/ldapmonitoring/ldapmonitoring.md) or the +[LDAP Lockdown Event Type](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/ldaplockdown.md), the LDAP filter allows you to enable the LDAP Search option. The Secure configurations and Search scope options filter the search based on a match to the diff --git a/docs/threatprevention/7.5/admin/policies/eventtype/usecase/threatmanagerldap.md b/docs/threatprevention/7.5/admin/policies/configuration/eventtype/ldapmonitoring/threatmanagerldap.md similarity index 93% rename from docs/threatprevention/7.5/admin/policies/eventtype/usecase/threatmanagerldap.md rename to docs/threatprevention/7.5/admin/policies/configuration/eventtype/ldapmonitoring/threatmanagerldap.md index cb953463f2..df5f4cbef5 100644 --- a/docs/threatprevention/7.5/admin/policies/eventtype/usecase/threatmanagerldap.md +++ b/docs/threatprevention/7.5/admin/policies/configuration/eventtype/ldapmonitoring/threatmanagerldap.md @@ -1,3 +1,9 @@ +--- +title: "Netwrix Threat Manager Honeytoken Threats Use Case" +description: "Netwrix Threat Manager Honeytoken Threats Use Case" +sidebar_position: 30 +--- + # Netwrix Threat Manager Honeytoken Threats Use Case Follow these steps to configure LDAP monitoring. diff --git a/docs/threatprevention/7.5/admin/policies/eventtype/lsassguardianmonitor.md b/docs/threatprevention/7.5/admin/policies/configuration/eventtype/lsassguardianmonitor.md similarity index 94% rename from docs/threatprevention/7.5/admin/policies/eventtype/lsassguardianmonitor.md rename to docs/threatprevention/7.5/admin/policies/configuration/eventtype/lsassguardianmonitor.md index 8fc020cd17..0b0986bf11 100644 --- a/docs/threatprevention/7.5/admin/policies/eventtype/lsassguardianmonitor.md +++ b/docs/threatprevention/7.5/admin/policies/configuration/eventtype/lsassguardianmonitor.md @@ -1,3 +1,9 @@ +--- +title: "LSASS Guardian – Monitor Event Type" +description: "LSASS Guardian – Monitor Event Type" +sidebar_position: 190 +--- + # LSASS Guardian – Monitor Event Type Based on policy rules, the LSASS Guardian – Monitor event type generates an event when a process not @@ -31,7 +37,7 @@ Use the buttons in the Include Perpetrators, Include Collections, Exclude Perpet Collections areas to edit the lists. - The Perpetrators Add (+) button opens the - [Select Active Directory Perpetrators Window](/docs/threatprevention/7.5/admin/policies/eventtype/window/selectactivedirectory/perpetrators.md). + [Select Active Directory Perpetrators Window](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/perpetrators.md). - The Collection button opens the [List of Collections Window](/docs/threatprevention/7.5/admin/configuration/collectionmanager/listcollections.md) to the appropriate Collection category. @@ -57,7 +63,7 @@ to exclude specific domains and/or servers. Use the buttons in the Include and Exclude areas to edit the lists. -- The Add (+) buttons open the [Select Domains and Servers Window](/docs/threatprevention/7.5/admin/policies/eventtype/window/selectdomainsservers.md). +- The Add (+) buttons open the [Select Domains and Servers Window](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/selectdomainsservers.md). - The Collection button opens the [List of Collections Window](/docs/threatprevention/7.5/admin/configuration/collectionmanager/listcollections.md) to the appropriate Collection category. diff --git a/docs/threatprevention/7.5/admin/policies/eventtype/lsassguardianprotect.md b/docs/threatprevention/7.5/admin/policies/configuration/eventtype/lsassguardianprotect.md similarity index 93% rename from docs/threatprevention/7.5/admin/policies/eventtype/lsassguardianprotect.md rename to docs/threatprevention/7.5/admin/policies/configuration/eventtype/lsassguardianprotect.md index fb6f3c08fb..7cced0c83e 100644 --- a/docs/threatprevention/7.5/admin/policies/eventtype/lsassguardianprotect.md +++ b/docs/threatprevention/7.5/admin/policies/configuration/eventtype/lsassguardianprotect.md @@ -1,3 +1,9 @@ +--- +title: "LSASS Guardian – Protect Event Type" +description: "LSASS Guardian – Protect Event Type" +sidebar_position: 200 +--- + # LSASS Guardian – Protect Event Type Based on policy rules, the LSASS Guardian – Protect event type can prevent processes not ‘white @@ -33,14 +39,14 @@ from being locked down. Select the **Block** or **Allow** option button and then edit the list. -**NOTE:** For the [Password Enforcement Event Type](/docs/threatprevention/7.5/admin/policies/eventtype/passwordenforcement.md), selecting **Allow** +**NOTE:** For the [Password Enforcement Event Type](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/passwordenforcement/passwordenforcement.md), selecting **Allow** means that this policy will not validate the new passwords for the accounts listed here. Selecting **Block** means that this policy will validate the new passwords for the accounts listed here. Use the buttons in the Perpetrators and Collections of Perpetrators areas to edit the lists. - Perpetrators area – The Add (+) button opens the - [Select Active Directory Perpetrators Window](/docs/threatprevention/7.5/admin/policies/eventtype/window/selectactivedirectory/perpetrators.md). + [Select Active Directory Perpetrators Window](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/perpetrators.md). - Collections of Perpetrators area - The Collection button opens the [List of Collections Window](/docs/threatprevention/7.5/admin/configuration/collectionmanager/listcollections.md) to the appropriate Collection category. @@ -59,7 +65,7 @@ to exclude specific domains and/or servers. Use the buttons in the Include and Exclude areas to edit the lists. -- The Add (+) buttons open the [Select Domains and Servers Window](/docs/threatprevention/7.5/admin/policies/eventtype/window/selectdomainsservers.md). +- The Add (+) buttons open the [Select Domains and Servers Window](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/selectdomainsservers.md). - The Collection button opens the [List of Collections Window](/docs/threatprevention/7.5/admin/configuration/collectionmanager/listcollections.md) to the appropriate Collection category. diff --git a/docs/threatprevention/7.5/admin/policies/configuration/eventtype/overview.md b/docs/threatprevention/7.5/admin/policies/configuration/eventtype/overview.md new file mode 100644 index 0000000000..c4b62e85ec --- /dev/null +++ b/docs/threatprevention/7.5/admin/policies/configuration/eventtype/overview.md @@ -0,0 +1,79 @@ +--- +title: "Event Type Tab" +description: "Event Type Tab" +sidebar_position: 20 +--- + +# Event Type Tab + +The Event Type tab enables you to define the objects and events that Threat Prevention +monitors/blocks. + +![Policy - Event Type tab](/img/product_docs/threatprevention/7.5/admin/policies/eventtype/eventtypetab.webp) + +Each event type represents what is monitored or blocked. Event filters are used to either narrow or +broaden the scope of the monitoring/blocking as desired. Click **Add** (+) to open the Event +Selection window. Your licensed modules determine what event types are available. Event types that +are not available or not licensed are grayed-out but visible in the Event Selection window. See the +[License Manager Window](/docs/threatprevention/7.5/admin/navigation/licensemanager.md) topic for additional information. + +## Event Selection Window + +![Event Type tab - Event Selection window](/img/product_docs/threatprevention/7.5/admin/policies/eventtype/eventselection.webp) + +Check the box for the desired event type and click **OK**. The corresponding event filters show at +the bottom of the Event Type tab. Multiple event types can be assigned to a policy. + +**_RECOMMENDED:_** Create different policies for different event types for reporting purposes. +Otherwise, one report will have a mix of different types of data. There are a few exceptions to this +feature. + +Once the event type to be monitored by the policy is selected, use the filters to scope the policy. + +Each filter tab acts like an "AND" statement for the filter. Any filter tab left blank is treated +like an "ALL" for that filter set. + +Save all changes made to a policy or a template before leaving the configuration interface. + +See the following topics for additional details: + +- [Active Directory Changes Event Type](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/activedirectorychanges.md) +- [Active Directory Lockdown Event Type](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/activedirectorylockdown.md) +- [Active Directory Read Monitoring Event Type](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/activedirectoryreadmonitoring.md) +- [AD Replication Monitoring Event Type](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/adreplicationmonitoring.md) +- [AD Replication Lockdown Event Type](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/adreplicationlockdown.md) +- [Authentication Monitoring Event Type](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/authenticationmonitoring.md) +- [Authentication Lockdown Event Type](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/authenticationlockdown.md) +- [Effective Group Membership Event Type](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/effectivegroupmembership.md) +- [Exchange Changes Event Type](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/exchangechanges.md) +- [Exchange Lockdown Event Type](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/exchangelockdown.md) +- [File System Changes Event Type](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/filesystemchanges/filesystemchanges.md) +- [File System Lockdown Event Type](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/filesystemlockdown.md) +- [File System Enterprise Auditor Event Type](/docs/threatprevention/7.5/admin/policies/eventtype/filesystemaccessanalyzer.md) +- [FSMO Role Monitoring Event Type](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/fsmorolemonitoring.md) +- [GPO Setting Changes Event Type](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/gposettingchanges.md) +- [GPO Setting Lockdown Event Type](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/gposettinglockdown.md) +- [LSASS Guardian – Monitor Event Type](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/lsassguardianmonitor.md) +- [LSASS Guardian – Protect Event Type](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/lsassguardianprotect.md) +- [Password Enforcement Event Type](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/passwordenforcement/passwordenforcement.md) +- [LDAP Monitoring Event Type](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/ldapmonitoring/ldapmonitoring.md) +- [LDAP Lockdown Event Type](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/ldaplockdown.md) +- [LDAP Bind Monitoring Event Type](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/ldapbindmonitoring.md) + +## Event Filters Overview + +Policies are scoped using the Event Filters tabs ascribed to the policy on the basis of the event +type selected on the Event Selection Window. + +The filters appear on the Event Type tab when an event type is selected. + +Several filters allow for both an Include and an Exclude list to be set together. The Exclude list +takes precedence over the Include list. If an item is part of both lists, then when an event comes +through with that item, it is excluded. + +When using a Lockdown Event Type, it is necessary to decide between Block or Allow for the filter. + +- Block – Blocks all items added to the list, or if the list is left blank, it blocks all items for + that filter category +- Allow – Only allows items added to the list and blocks all others. If the list is left blank, it + allows all items for that filter category. diff --git a/docs/threatprevention/7.5/admin/policies/configuration/eventtype/passwordenforcement/_category_.json b/docs/threatprevention/7.5/admin/policies/configuration/eventtype/passwordenforcement/_category_.json new file mode 100644 index 0000000000..9b94b8a5f6 --- /dev/null +++ b/docs/threatprevention/7.5/admin/policies/configuration/eventtype/passwordenforcement/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Password Enforcement Event Type", + "position": 210, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "passwordenforcement" + } +} \ No newline at end of file diff --git a/docs/threatprevention/7.5/admin/policies/eventtype/usecase/monitorweakpasswords.md b/docs/threatprevention/7.5/admin/policies/configuration/eventtype/passwordenforcement/monitorweakpasswords.md similarity index 91% rename from docs/threatprevention/7.5/admin/policies/eventtype/usecase/monitorweakpasswords.md rename to docs/threatprevention/7.5/admin/policies/configuration/eventtype/passwordenforcement/monitorweakpasswords.md index 6eeb89e370..ca83c2a7bd 100644 --- a/docs/threatprevention/7.5/admin/policies/eventtype/usecase/monitorweakpasswords.md +++ b/docs/threatprevention/7.5/admin/policies/configuration/eventtype/passwordenforcement/monitorweakpasswords.md @@ -1,11 +1,17 @@ +--- +title: "Monitor Weak Passwords Use Case" +description: "Monitor Weak Passwords Use Case" +sidebar_position: 10 +--- + # Monitor Weak Passwords Use Case Any Threat Prevention license can use the Password Enforcement Event type to monitor for the creation of weak passwords in your environment. -**NOTE:** See the [Prevent Weak Passwords Use Case](/docs/threatprevention/7.5/admin/policies/eventtype/usecase/preventweakpasswords.md) topic for instructions +**NOTE:** See the [Prevent Weak Passwords Use Case](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/passwordenforcement/preventweakpasswords.md) topic for instructions on creating a policy to block weak passwords, which requires the Threat Prevention -for[ Enterprise Password Enforcer](/docs/threatprevention/7.5/solutions/epe.md) solution. +for[ Enterprise Password Enforcer](/docs/threatprevention/7.5/overview/solutions/epe.md) solution. Follow the steps to configure a policy to monitor the creation of weak passwords. @@ -35,7 +41,7 @@ environment. description, e.g. This policy monitors the creation of weak passwords according to the global EPE settings. - On the Event Type tab, click the **Add** (+) button and select Password Enforcement on the - [Event Selection Window](/docs/threatprevention/7.5/admin/policies/eventtype/overview.md#event-selection-window). + [Event Selection Window](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/overview.md#event-selection-window). ![Policy - Event Type tab with the Password Enforcement event selected](/img/product_docs/threatprevention/7.5/admin/policies/eventtype/usecase/passwordrulesmonitor.webp) @@ -74,7 +80,7 @@ methods for viewing monitored weak password events: ![Recent Events Tab for weak password monitoring](/img/product_docs/threatprevention/7.5/admin/policies/eventtype/usecase/recenteventsmonitor.webp) On the Recent Events tab of the policy, set the Show options as desired and click the Refresh button -to view monitored events. See the [Recent Events Tab](/docs/threatprevention/7.5/admin/policies/recentevents/overview.md) topic for +to view monitored events. See the [Recent Events Tab](/docs/threatprevention/7.5/admin/policies/configuration/recentevents/overview.md) topic for additional information. ## View Events in Investigate Interface diff --git a/docs/threatprevention/7.5/admin/policies/eventtype/passwordenforcement.md b/docs/threatprevention/7.5/admin/policies/configuration/eventtype/passwordenforcement/passwordenforcement.md similarity index 96% rename from docs/threatprevention/7.5/admin/policies/eventtype/passwordenforcement.md rename to docs/threatprevention/7.5/admin/policies/configuration/eventtype/passwordenforcement/passwordenforcement.md index 9bfeccfbef..be9dd2f792 100644 --- a/docs/threatprevention/7.5/admin/policies/eventtype/passwordenforcement.md +++ b/docs/threatprevention/7.5/admin/policies/configuration/eventtype/passwordenforcement/passwordenforcement.md @@ -1,3 +1,9 @@ +--- +title: "Password Enforcement Event Type" +description: "Password Enforcement Event Type" +sidebar_position: 210 +--- + # Password Enforcement Event Type The Password Enforcement event type prevents changing a password if the supplied password string @@ -80,7 +86,7 @@ to exclude specific domains and/or servers. Use the buttons in the Include and Exclude areas to edit the lists. -- The Add (+) buttons open the [Select Domains and Servers Window](/docs/threatprevention/7.5/admin/policies/eventtype/window/selectdomainsservers.md). +- The Add (+) buttons open the [Select Domains and Servers Window](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/selectdomainsservers.md). - The Collection button opens the [List of Collections Window](/docs/threatprevention/7.5/admin/configuration/collectionmanager/listcollections.md) to the appropriate Collection category. @@ -109,15 +115,15 @@ Use the buttons in the Accounts, Account Collections, Containers, and Groups are lists. The following windows are displayed when you click the Add (+) button: - Accounts – The Accounts Add (+) button opens the - [Select Active Directory Perpetrators Window](/docs/threatprevention/7.5/admin/policies/eventtype/window/selectactivedirectory/perpetrators.md). + [Select Active Directory Perpetrators Window](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/perpetrators.md). - Account Collections – The Collection button opens the [List of Collections Window](/docs/threatprevention/7.5/admin/configuration/collectionmanager/listcollections.md) to the appropriate Collection category. - Containers – The Containers Add (+) button opens the - [Select Active Directory Contexts Window](/docs/threatprevention/7.5/admin/policies/eventtype/window/selectactivedirectory/context.md). All user + [Select Active Directory Contexts Window](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/context.md). All user objects in the selected organizational unit(s) are subject to the applied rule. - Groups – The Groups Add (+) button opens the - [Select AD Groups Window](/docs/threatprevention/7.5/admin/policies/eventtype/window/selectactivedirectory/groups.md). + [Select AD Groups Window](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/groups.md). The Remove (x) button deletes the selected item(s) from that box. @@ -159,7 +165,7 @@ policy will validate the new passwords for the accounts listed here. Use the buttons in the Perpetrators and Collections of Perpetrators areas to edit the lists. - Perpetrators area – The Add (+) button opens the - [Select Active Directory Perpetrators Window](/docs/threatprevention/7.5/admin/policies/eventtype/window/selectactivedirectory/perpetrators.md). + [Select Active Directory Perpetrators Window](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/perpetrators.md). - Collections of Perpetrators area - The Collection button opens the [List of Collections Window](/docs/threatprevention/7.5/admin/configuration/collectionmanager/listcollections.md) to the appropriate Collection category. @@ -181,12 +187,12 @@ Select the **Block** or **Allow** option button and then edit the list. - For the Password Enforcement Event Type, selecting **Allow** means that this policy will not validate the new passwords for the accounts listed here. Selecting **Block** means that this policy will validate the new passwords for the accounts listed here. -- For the [Authentication Lockdown Event Type](/docs/threatprevention/7.5/admin/policies/eventtype/authenticationlockdown.md), this filter blocks or +- For the [Authentication Lockdown Event Type](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/authenticationlockdown.md), this filter blocks or only allows authentication from the identified host(s). Use the buttons in the Include Hosts area to edit the list. -- The Hosts Add (+) button opens the [Select Computer Window](/docs/threatprevention/7.5/admin/policies/eventtype/window/selectcomputers.md). +- The Hosts Add (+) button opens the [Select Computer Window](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/selectcomputers.md). - The Remove (x) button deletes the selected item(s) from that box. ## Password Rules Filter @@ -238,7 +244,7 @@ any of the checked criteria of the Password Rules filter. - Blocking – Blocks the failed password from being used **_RECOMMENDED:_** Use the Test Password Rules button to open the -[Test Passwords Window](/docs/threatprevention/7.5/admin/policies/eventtype/window/testpasswords.md), where you can test your set of rules. +[Test Passwords Window](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/testpasswords.md), where you can test your set of rules. Passwords Section diff --git a/docs/threatprevention/7.5/admin/policies/eventtype/usecase/preventweakpasswords.md b/docs/threatprevention/7.5/admin/policies/configuration/eventtype/passwordenforcement/preventweakpasswords.md similarity index 92% rename from docs/threatprevention/7.5/admin/policies/eventtype/usecase/preventweakpasswords.md rename to docs/threatprevention/7.5/admin/policies/configuration/eventtype/passwordenforcement/preventweakpasswords.md index 42a8628cc5..d9b2f1293e 100644 --- a/docs/threatprevention/7.5/admin/policies/eventtype/usecase/preventweakpasswords.md +++ b/docs/threatprevention/7.5/admin/policies/configuration/eventtype/passwordenforcement/preventweakpasswords.md @@ -1,10 +1,16 @@ +--- +title: "Prevent Weak Passwords Use Case" +description: "Prevent Weak Passwords Use Case" +sidebar_position: 20 +--- + # Prevent Weak Passwords Use Case Any Threat Prevention license can use the Password Enforcement Event type to prevent the creation of weak passwords in your environment. **NOTE:** The Threat Prevention Enterprise Password Enforcement solution includes an EPE User -Feedback module. See the [ Enterprise Password Enforcer](/docs/threatprevention/7.5/solutions/epe.md) topic for +Feedback module. See the [ Enterprise Password Enforcer](/docs/threatprevention/7.5/overview/solutions/epe.md) topic for additional information. Follow the steps to configure a policy to block the creation of weak passwords. @@ -12,7 +18,7 @@ Follow the steps to configure a policy to block the creation of weak passwords. ![EPE Settings window](/img/product_docs/threatprevention/7.5/admin/configuration/epesettings.webp) **NOTE:** It is a best practice to create and enable a monitoring policy prior to creating and -enabling a blocking policy. See the [Monitor Weak Passwords Use Case](/docs/threatprevention/7.5/admin/policies/eventtype/usecase/monitorweakpasswords.md) topic +enabling a blocking policy. See the [Monitor Weak Passwords Use Case](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/passwordenforcement/monitorweakpasswords.md) topic for additional information. **Step 1 –** (Must be completed by an administrator) Configure the global EPE settings for your @@ -39,7 +45,7 @@ environment. description, e.g. This policy blocks the creation of weak passwords according to the global EPE settings. - On the Event Type tab, click the **Add** (+) button and select Password Enforcement on the - [Event Selection Window](/docs/threatprevention/7.5/admin/policies/eventtype/overview.md#event-selection-window). + [Event Selection Window](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/overview.md#event-selection-window). ![Policy - Event Type tab with the Password Enforcement event selected](/img/product_docs/threatprevention/7.5/admin/policies/eventtype/usecase/passwordrulesblock.webp) @@ -76,7 +82,7 @@ methods for viewing prevented weak password events: ## View Events in Recent Events Tab On the Recent Events tab of the blocking policy, set the Show options as desired and click the -Refresh button to view blocked events. See the [Recent Events Tab](/docs/threatprevention/7.5/admin/policies/recentevents/overview.md) +Refresh button to view blocked events. See the [Recent Events Tab](/docs/threatprevention/7.5/admin/policies/configuration/recentevents/overview.md) topic for additional information. ![Recent Events Tab for weak password prevent](/img/product_docs/threatprevention/7.5/admin/policies/eventtype/usecase/recenteventsprevent.webp) diff --git a/docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/_category_.json b/docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/_category_.json new file mode 100644 index 0000000000..144dadfbf2 --- /dev/null +++ b/docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Selection Windows", + "position": 220, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/threatprevention/7.5/admin/policies/eventtype/window/addipaddress.md b/docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/addipaddress.md similarity index 81% rename from docs/threatprevention/7.5/admin/policies/eventtype/window/addipaddress.md rename to docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/addipaddress.md index 99cb731e74..5b6e121ba4 100644 --- a/docs/threatprevention/7.5/admin/policies/eventtype/window/addipaddress.md +++ b/docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/addipaddress.md @@ -1,3 +1,9 @@ +--- +title: "Add IP Address Window" +description: "Add IP Address Window" +sidebar_position: 10 +--- + # Add IP Address Window The Add IP Address window provides a textbox to enter the IP address to be included or excluded. diff --git a/docs/threatprevention/7.5/admin/policies/eventtype/window/attributelist.md b/docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/attributelist.md similarity index 89% rename from docs/threatprevention/7.5/admin/policies/eventtype/window/attributelist.md rename to docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/attributelist.md index 74d69bd6c1..c926cd223b 100644 --- a/docs/threatprevention/7.5/admin/policies/eventtype/window/attributelist.md +++ b/docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/attributelist.md @@ -1,3 +1,9 @@ +--- +title: "Attribute List Window" +description: "Attribute List Window" +sidebar_position: 20 +--- + # Attribute List Window The Attribute List window provides a list of available Active Directory attributes to either include diff --git a/docs/threatprevention/7.5/admin/policies/eventtype/window/classlist.md b/docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/classlist.md similarity index 87% rename from docs/threatprevention/7.5/admin/policies/eventtype/window/classlist.md rename to docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/classlist.md index 21461d38e1..2549579fdb 100644 --- a/docs/threatprevention/7.5/admin/policies/eventtype/window/classlist.md +++ b/docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/classlist.md @@ -1,3 +1,9 @@ +--- +title: "Class List Window" +description: "Class List Window" +sidebar_position: 30 +--- + # Class List Window The Class List window provides a list of available classes to either include or exclude. Selected diff --git a/docs/threatprevention/7.5/admin/policies/eventtype/window/selectactivedirectory/context.md b/docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/context.md similarity index 79% rename from docs/threatprevention/7.5/admin/policies/eventtype/window/selectactivedirectory/context.md rename to docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/context.md index 81508732ae..cf82a4cac3 100644 --- a/docs/threatprevention/7.5/admin/policies/eventtype/window/selectactivedirectory/context.md +++ b/docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/context.md @@ -1,3 +1,9 @@ +--- +title: "Select Active Directory Contexts Window" +description: "Select Active Directory Contexts Window" +sidebar_position: 40 +--- + # Select Active Directory Contexts Window The Select Active Directory Contexts window provides a list of available contexts to either include @@ -13,7 +19,7 @@ to open this window. right. - Then click **OK** to close the window. -See the [Selection Windows](/docs/threatprevention/7.5/admin/policies/eventtype/window/overview.md) topic for additional information. +See the [Selection Windows](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/overview.md) topic for additional information. The selection is displayed in the appropriate box of the AD Account filter, the AD Context filter, or the AD Objects and Containers filter. diff --git a/docs/threatprevention/7.5/admin/policies/eventtype/window/selectactivedirectory/exchangeobjects.md b/docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/exchangeobjects.md similarity index 78% rename from docs/threatprevention/7.5/admin/policies/eventtype/window/selectactivedirectory/exchangeobjects.md rename to docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/exchangeobjects.md index c5c3ea5fab..8d364e2300 100644 --- a/docs/threatprevention/7.5/admin/policies/eventtype/window/selectactivedirectory/exchangeobjects.md +++ b/docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/exchangeobjects.md @@ -1,3 +1,9 @@ +--- +title: "Select Exchange Objects from Active Directory Window" +description: "Select Exchange Objects from Active Directory Window" +sidebar_position: 120 +--- + # Select Exchange Objects from Active Directory Window The Select Exchange Objects from Active Directory window provides a list of Active Directory users @@ -11,7 +17,7 @@ filter from where you clicked the **Add** (+) button to open this window. right. - Then click **OK** to close the window. -See the [Selection Windows](/docs/threatprevention/7.5/admin/policies/eventtype/window/overview.md) topic for additional information. +See the [Selection Windows](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/overview.md) topic for additional information. The selection is displayed in the appropriate box of the Exchange Mailbox Objects and Containers filter. diff --git a/docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/grouppolicyobjects.md b/docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/grouppolicyobjects.md new file mode 100644 index 0000000000..0313b7746f --- /dev/null +++ b/docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/grouppolicyobjects.md @@ -0,0 +1,22 @@ +--- +title: "Select Active Directory Group Policy Objects Window" +description: "Select Active Directory Group Policy Objects Window" +sidebar_position: 50 +--- + +# Select Active Directory Group Policy Objects Window + +The Select Active Directory Group Policy Objects window provides a list of available GPOs. Selected +objects are added to the filter from where you clicked the **Add** (+) button to open this window. + +![Select Active Directory Group Policy Objects Window](/img/product_docs/threatprevention/7.5/admin/policies/eventtype/window/selectactivedirectory/adgpo.webp) + +- Select an Agent from the drop-down menu and click **Connect**. +- Navigate through the domain tree and check the desired item(s) in the **Results** pane on the + right. +- Then click **OK** to close the window. + +See the [Selection Windows](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/overview.md) topic for additional information. + +The selection is displayed in the appropriate box of the AD Group Policy Object filter or the AD +Group Policy Object Changes filter. diff --git a/docs/threatprevention/7.5/admin/policies/eventtype/window/selectactivedirectory/groups.md b/docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/groups.md similarity index 80% rename from docs/threatprevention/7.5/admin/policies/eventtype/window/selectactivedirectory/groups.md rename to docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/groups.md index 0a06ab7b58..672670b4a0 100644 --- a/docs/threatprevention/7.5/admin/policies/eventtype/window/selectactivedirectory/groups.md +++ b/docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/groups.md @@ -1,3 +1,9 @@ +--- +title: "Select AD Groups Window" +description: "Select AD Groups Window" +sidebar_position: 90 +--- + # Select AD Groups Window The Select AD Groups window provides a list of available Active Directory groups. Selected objects @@ -12,6 +18,6 @@ are added to the filter from where you clicked the **Add** (+) button to open th right. - Then click **OK** to close the window. -See the [Selection Windows](/docs/threatprevention/7.5/admin/policies/eventtype/window/overview.md) topic for additional information. +See the [Selection Windows](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/overview.md) topic for additional information. The selection is displayed in the appropriate box of the AD Account filter or the AD Groups filter. diff --git a/docs/threatprevention/7.5/admin/policies/eventtype/window/selectactivedirectory/objects.md b/docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/objects.md similarity index 79% rename from docs/threatprevention/7.5/admin/policies/eventtype/window/selectactivedirectory/objects.md rename to docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/objects.md index a11fdc92a8..4aab4fd68c 100644 --- a/docs/threatprevention/7.5/admin/policies/eventtype/window/selectactivedirectory/objects.md +++ b/docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/objects.md @@ -1,3 +1,9 @@ +--- +title: "Select Active Directory Objects Window" +description: "Select Active Directory Objects Window" +sidebar_position: 60 +--- + # Select Active Directory Objects Window The Select Active Directory Objects window provides a list of available AD objects. Selected objects @@ -12,7 +18,7 @@ are added to the filter from where you clicked the **Add** (+) button to open th right. - Then click **OK** to close the window. -See the [Selection Windows](/docs/threatprevention/7.5/admin/policies/eventtype/window/overview.md) topic for additional information. +See the [Selection Windows](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/overview.md) topic for additional information. The selection is displayed in the appropriate box of the AD Objects filter, the LDAP Query filter, or the LDAP Result filter. diff --git a/docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/overview.md b/docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/overview.md new file mode 100644 index 0000000000..9cee8d9ace --- /dev/null +++ b/docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/overview.md @@ -0,0 +1,72 @@ +--- +title: "Selection Windows" +description: "Selection Windows" +sidebar_position: 220 +--- + +# Selection Windows + +Many event type filters have selections windows for populating filter values. It may be necessary to +select a specific Agent to populate values in the selection window. Some selection windows also +include an option to switch between a Browse Mode and a Search Mode for locating Active Directory +filter values. + +## Select an Agent + +On several Select… windows, you must select a server where the Agent has been deployed, as these +windows present live information provided by the Agent. If no Agent is found, the window does not +open. + +![Selection Window - Connect to Agent/Server option](/img/product_docs/threatprevention/7.5/admin/policies/eventtype/window/selectagent.webp) + +The following rules can aid in selecting the correct Agent for the Select… window when configuring +solution related policies: + +- Active Directory – Select any Agent on any domain controller within the domain of interest +- Exchange – Select any Agent on any Exchange server +- Windows File System – Select the Agent on the target machine where the files to be monitored + reside +- NAS File System – Select the Agent on the Windows server acting as a proxy server for NAS activity + +## Browse Mode + +Select a server/Agent from the drop-down menu and click **Connect**. + +![Selection Window - Browse mode](/img/product_docs/threatprevention/7.5/admin/policies/eventtype/window/adperpetrators.webp) + +- Select the option button for **Browse Mode**. +- Expand the domain tree in the Navigation pane to select a container. The Results pane populates + with the available items. +- Check the desired item(s) in the Results pane on the right and click **OK**. + +The selection(s) are displayed in the appropriate box of the filter tab from where you opened the +Select… window. + +## Search Mode + +Select a server/Agent from the drop-down menu and click **Connect**. + +![Selection Window - Search Mode](/img/product_docs/threatprevention/7.5/admin/policies/eventtype/window/searchmode.webp) + +- Select the option button for **Search Mode**. +- Expand the domain tree in the Navigation pane to select the starting point for the search, which + auto-populates the Start in field. Use the following scoping options: + + - Scope all – Includes all sub-containers in the search + - Attribute – Scope to the ‘objectClass’, name, or SAMAccountName attribute + - Condition – Set the scoping condition to: + + - Starts with + - Contains + - Exact Match (this is the only condition available for objectClass) + + - Value – Search string + +- After selecting the desired options, click **Search Now**. The Results pane begins to populate + with matching results. +- Choose between **Show [number] AD objects** and specify a value or **Show all**. Already selected + objects for this filter that match the search are visible but grayed-out. +- Check the desired item(s) in the Results pane on the right and click **OK**. + +The selection(s) are displayed in the appropriate box of the filter tab from where you opened the +Select… window. diff --git a/docs/threatprevention/7.5/admin/policies/eventtype/window/selectactivedirectory/perpetrators.md b/docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/perpetrators.md similarity index 82% rename from docs/threatprevention/7.5/admin/policies/eventtype/window/selectactivedirectory/perpetrators.md rename to docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/perpetrators.md index ea0862525d..07f51c5fc6 100644 --- a/docs/threatprevention/7.5/admin/policies/eventtype/window/selectactivedirectory/perpetrators.md +++ b/docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/perpetrators.md @@ -1,3 +1,9 @@ +--- +title: "Select Active Directory Perpetrators Window" +description: "Select Active Directory Perpetrators Window" +sidebar_position: 70 +--- + # Select Active Directory Perpetrators Window The Select Active Directory Perpetrators window provides a list of available AD users and groups. @@ -13,7 +19,7 @@ window. right. - Then click **OK** to close the window. -See the [Selection Windows](/docs/threatprevention/7.5/admin/policies/eventtype/window/overview.md) topic for additional information. +See the [Selection Windows](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/overview.md) topic for additional information. The selection is displayed in the appropriate box of the AD Account filter, the AD Perpetrator filter, the Exchange Perpetrators filter, or the Perpetrators to Exclude filter. diff --git a/docs/threatprevention/7.5/admin/policies/eventtype/window/selectcomputers.md b/docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/selectcomputers.md similarity index 85% rename from docs/threatprevention/7.5/admin/policies/eventtype/window/selectcomputers.md rename to docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/selectcomputers.md index 46e978ee90..41a4c42ac9 100644 --- a/docs/threatprevention/7.5/admin/policies/eventtype/window/selectcomputers.md +++ b/docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/selectcomputers.md @@ -1,3 +1,9 @@ +--- +title: "Select Computer Window" +description: "Select Computer Window" +sidebar_position: 100 +--- + # Select Computer Window The Select Computer window provides a list of available computers. Selected objects are added to the @@ -12,7 +18,7 @@ filter from where you clicked the **Add** (+) button to open this window. right. - Then click **OK** to close the window. -See the [Selection Windows](/docs/threatprevention/7.5/admin/policies/eventtype/window/overview.md) topic for additional information. +See the [Selection Windows](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/overview.md) topic for additional information. The selection is displayed in the appropriate box of the Hosts (from) filter or the Hosts (to) filter. diff --git a/docs/threatprevention/7.5/admin/policies/eventtype/window/selectdomainsservers.md b/docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/selectdomainsservers.md similarity index 88% rename from docs/threatprevention/7.5/admin/policies/eventtype/window/selectdomainsservers.md rename to docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/selectdomainsservers.md index 070316cda5..0174acd4d0 100644 --- a/docs/threatprevention/7.5/admin/policies/eventtype/window/selectdomainsservers.md +++ b/docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/selectdomainsservers.md @@ -1,3 +1,9 @@ +--- +title: "Select Domains and Servers Window" +description: "Select Domains and Servers Window" +sidebar_position: 110 +--- + # Select Domains and Servers Window The Select Domains And Servers window provides a list of available domains and servers to either diff --git a/docs/threatprevention/7.5/admin/policies/eventtype/window/selectfilesystemobjects.md b/docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/selectfilesystemobjects.md similarity index 88% rename from docs/threatprevention/7.5/admin/policies/eventtype/window/selectfilesystemobjects.md rename to docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/selectfilesystemobjects.md index b80fed9357..7eaa2bdeac 100644 --- a/docs/threatprevention/7.5/admin/policies/eventtype/window/selectfilesystemobjects.md +++ b/docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/selectfilesystemobjects.md @@ -1,3 +1,9 @@ +--- +title: "Select File System Objects Window" +description: "Select File System Objects Window" +sidebar_position: 130 +--- + # Select File System Objects Window The Select File System Objects window provides a list of available file system paths. Paths to @@ -11,7 +17,7 @@ window. right. - Then click **OK** to close the window. -See the [Selection Windows](/docs/threatprevention/7.5/admin/policies/eventtype/window/overview.md) topic for additional information. +See the [Selection Windows](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/overview.md) topic for additional information. The selection is displayed in the appropriate box of the File System filter, File System Paths filter, or the File System Enterprise Auditor filter. diff --git a/docs/threatprevention/7.5/admin/policies/eventtype/window/testpasswords.md b/docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/testpasswords.md similarity index 85% rename from docs/threatprevention/7.5/admin/policies/eventtype/window/testpasswords.md rename to docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/testpasswords.md index 27efab4f6b..fb8eb19f4b 100644 --- a/docs/threatprevention/7.5/admin/policies/eventtype/window/testpasswords.md +++ b/docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/testpasswords.md @@ -1,7 +1,13 @@ +--- +title: "Test Passwords Window" +description: "Test Passwords Window" +sidebar_position: 140 +--- + # Test Passwords Window The Test Password window enables users to test the password complexity requirements set in the -[Password Rules Filter](/docs/threatprevention/7.5/admin/policies/eventtype/passwordenforcement.md#password-rules-filter) against a pending password. +[Password Rules Filter](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/passwordenforcement/passwordenforcement.md#password-rules-filter) against a pending password. This window does not change a user’s password but allows pending user passwords to be tested in the domain. diff --git a/docs/threatprevention/7.5/admin/policies/eventtype/window/selectactivedirectory/trustees.md b/docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/trustees.md similarity index 83% rename from docs/threatprevention/7.5/admin/policies/eventtype/window/selectactivedirectory/trustees.md rename to docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/trustees.md index ce78ac5133..0de6ddd14b 100644 --- a/docs/threatprevention/7.5/admin/policies/eventtype/window/selectactivedirectory/trustees.md +++ b/docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/trustees.md @@ -1,3 +1,9 @@ +--- +title: "Select Active Directory Trustees Window" +description: "Select Active Directory Trustees Window" +sidebar_position: 80 +--- + # Select Active Directory Trustees Window The Select Active Directory Trustees window provides a list of available Exchange trustees to either @@ -16,7 +22,7 @@ distribution lists. right. - Then click **OK** to close the window. -See the [Selection Windows](/docs/threatprevention/7.5/admin/policies/eventtype/window/overview.md) topic for additional information. +See the [Selection Windows](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/overview.md) topic for additional information. The selection is displayed in the appropriate box of the Exchange Trustees filter. diff --git a/docs/threatprevention/7.5/admin/policies/eventtype/window/useraccountcontrol.md b/docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/useraccountcontrol.md similarity index 90% rename from docs/threatprevention/7.5/admin/policies/eventtype/window/useraccountcontrol.md rename to docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/useraccountcontrol.md index 7c22bf6321..c6cd7ab491 100644 --- a/docs/threatprevention/7.5/admin/policies/eventtype/window/useraccountcontrol.md +++ b/docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/useraccountcontrol.md @@ -1,3 +1,9 @@ +--- +title: "User Account Control Window" +description: "User Account Control Window" +sidebar_position: 150 +--- + # User Account Control Window The User Account Control (UAC) window enables you to select specific UAC settings to be monitored by diff --git a/docs/threatprevention/7.5/admin/policies/configuration/general.md b/docs/threatprevention/7.5/admin/policies/configuration/general.md new file mode 100644 index 0000000000..4bc8e84c55 --- /dev/null +++ b/docs/threatprevention/7.5/admin/policies/configuration/general.md @@ -0,0 +1,81 @@ +--- +title: "General Tab" +description: "General Tab" +sidebar_position: 10 +--- + +# General Tab + +The General tab is for editing the basic attributes of the policy. + +![Policy - General tab](/img/product_docs/threatprevention/7.5/admin/policies/generaltab.webp) + +Policy Status + +It indicates whether or not the policy is enabled. Click the toggle button at the top to enable or +disable the policy. On the [Policies Interface](/docs/threatprevention/7.5/admin/policies/overview.md), an enabled policy is represented with +a green dot and a disabled policy is represented with a gray dot. + +Name + +The name should be unique and descriptive. This name is displayed for a policy in the list on the +[Policies Interface](/docs/threatprevention/7.5/admin/policies/overview.md). Event data can be filtered by policy; therefore, a descriptive +name can be very useful to users of the Netwrix Threat Manager Reporting Module. + +Description + +The description is optional but recommended. Since each policy can be configured to be as broad or +narrow as desired, the name combined with the description should clearly explain what objects and +events it monitors/blocks, where in the network it looks, and when it is active. This description is +displayed for a policy in the list on the [Policies Interface](/docs/threatprevention/7.5/admin/policies/overview.md). + +Save all changes made to a policy or a template before leaving the configuration interface. + +## History + +History details in the center of the General tab are automatically populated on creation or +modification. + +![Policy - General tab > History section](/img/product_docs/threatprevention/7.5/admin/policies/history.webp) + +It contains read-only information on who created the policy (Added by), when the policy was created +(Added on), who made the latest modification (Modified by), and when the latest modification +occurred (Modified on). + +## Schedule + +The schedule is for setting the time period for an enabled policy to monitor or block events. + +| Icon | Label | Represents | +| ------------------------------------------------------------------------------------------------------------------- | ------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| ![alwaysactivebutton](/img/product_docs/threatprevention/7.5/admin/policies/alwaysactivebutton.webp) | Always Active | Indicates the policy will be active at all times when enabled. This is the default setting | +| ![specifictimesbutton](/img/product_docs/threatprevention/7.5/admin/policies/specifictimesbutton.webp) | Active at Specified Times | Indicates the policy will be active only at the specified times when enabled. There are two options for setting the specified times: - Local Server Time – Schedule is set according to the local server’s time - UTC Time – Schedule is set according to the Universal Time (UTC) | + +Any new policy created from a template automatically applies the template’s setting, which can then +be modified as desired. Schedule details are displayed for a policy in the list on the +[Policies Interface](/docs/threatprevention/7.5/admin/policies/overview.md). Active at Specified Times is represented by a clock icon, and +Always Active is represented with no icon, or blank. + +Weekly Calendar + +The weekly calendar at the bottom of the schedule section is where the schedule is set. + +![Schedule section in a policy set to Always Active](/img/product_docs/threatprevention/7.5/admin/policies/schedule.webp) + +When the schedule is set to Always Active, the weekly calendar is grayed-out. + +![Schedule section in a policy set to Active at Specific Times](/img/product_docs/threatprevention/7.5/admin/policies/schedulespecifictimes.webp) + +When the schedule is set to Active at Specified Times, the weekly calendar is enabled. Each block of +time on the calendar represents a 30-minute period. + +- Blue blocks – Active times for the enabled policy +- White blocks– Inactive times for the enabled policy + +The schedule can be set or modified in one of the following ways: + +- Click an individual time-block to toggle between active and inactive for a single 30-minute + period. +- Click a time-block in the All row to toggle between active and inactive for an entire column (for + all days of the week). +- Click the name of a day to toggle between active and inactive for an entire row (for a full day). diff --git a/docs/threatprevention/7.5/admin/policies/configuration/recentevents/_category_.json b/docs/threatprevention/7.5/admin/policies/configuration/recentevents/_category_.json new file mode 100644 index 0000000000..723c64625e --- /dev/null +++ b/docs/threatprevention/7.5/admin/policies/configuration/recentevents/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Recent Events Tab", + "position": 40, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/threatprevention/7.5/admin/policies/recentevents/eventtracker.md b/docs/threatprevention/7.5/admin/policies/configuration/recentevents/eventtracker.md similarity index 91% rename from docs/threatprevention/7.5/admin/policies/recentevents/eventtracker.md rename to docs/threatprevention/7.5/admin/policies/configuration/recentevents/eventtracker.md index 836e4e0591..bc7957a3f2 100644 --- a/docs/threatprevention/7.5/admin/policies/recentevents/eventtracker.md +++ b/docs/threatprevention/7.5/admin/policies/configuration/recentevents/eventtracker.md @@ -1,3 +1,9 @@ +--- +title: "Event Tracker Window" +description: "Event Tracker Window" +sidebar_position: 20 +--- + # Event Tracker Window The Event Tracker window, accessible through the right-click menu on a data row, allows you to diff --git a/docs/threatprevention/7.5/admin/policies/recentevents/eventviewer.md b/docs/threatprevention/7.5/admin/policies/configuration/recentevents/eventviewer.md similarity index 85% rename from docs/threatprevention/7.5/admin/policies/recentevents/eventviewer.md rename to docs/threatprevention/7.5/admin/policies/configuration/recentevents/eventviewer.md index b234420ba8..1293bed05a 100644 --- a/docs/threatprevention/7.5/admin/policies/recentevents/eventviewer.md +++ b/docs/threatprevention/7.5/admin/policies/configuration/recentevents/eventviewer.md @@ -1,3 +1,9 @@ +--- +title: "Event Viewer Window" +description: "Event Viewer Window" +sidebar_position: 10 +--- + # Event Viewer Window The Event Viewer window, accessible through the right-click menu on a data row or by double-clicking diff --git a/docs/threatprevention/7.5/admin/policies/recentevents/executepsscript.md b/docs/threatprevention/7.5/admin/policies/configuration/recentevents/executepsscript.md similarity index 84% rename from docs/threatprevention/7.5/admin/policies/recentevents/executepsscript.md rename to docs/threatprevention/7.5/admin/policies/configuration/recentevents/executepsscript.md index 22a366b6d3..189b69b3e5 100644 --- a/docs/threatprevention/7.5/admin/policies/recentevents/executepsscript.md +++ b/docs/threatprevention/7.5/admin/policies/configuration/recentevents/executepsscript.md @@ -1,3 +1,9 @@ +--- +title: "Execute PS Script" +description: "Execute PS Script" +sidebar_position: 30 +--- + # Execute PS Script The Execute PS script right-click option in the Recent Events tab of a policy opens a Windows @@ -19,5 +25,5 @@ _$helper.[class]_ with the data parameter. This is Threat Prevention specific. F $sw.WriteLine(("EventName: " + $helper.EventName)) ``` -See the [Default PowerShell 4.0 Script](/docs/threatprevention/7.5/admin/policies/actions/powershell.md#default-powershell-40-script) topic +See the [Default PowerShell 4.0 Script](/docs/threatprevention/7.5/admin/policies/configuration/actions/powershell.md#default-powershell-40-script) topic for the full example script. diff --git a/docs/threatprevention/7.5/admin/policies/configuration/recentevents/overview.md b/docs/threatprevention/7.5/admin/policies/configuration/recentevents/overview.md new file mode 100644 index 0000000000..c90910b3cf --- /dev/null +++ b/docs/threatprevention/7.5/admin/policies/configuration/recentevents/overview.md @@ -0,0 +1,137 @@ +--- +title: "Recent Events Tab" +description: "Recent Events Tab" +sidebar_position: 40 +--- + +# Recent Events Tab + +The Recent Events tab provides information on the events that have been recently monitored or +blocked by the selected policy. See the [Investigate Interface](/docs/threatprevention/7.5/admin/investigate/overview.md) for +recent events monitored or blocked by all policies. You can also view event data configured to be +sent to syslog (SIEM) on the [SIEM Output Viewer](/docs/threatprevention/7.5/admin/configuration/siemoutputviewer.md) window. + +![Policy - Recent Events tab](/img/product_docs/threatprevention/7.5/admin/policies/recentevents/recenteventstab.webp) + +The Recent Events tab has the following options on the toolbar: + +- Recent [number] Events – Populates the data grid with the most recent events from the active + policy. Use the textbox to change the default number, i.e., 100. +- Events for Last [number] Hours –  Populates the data grid with hourly events. Use the textbox to + change the default number of hours, i.e., 3. +- Range From/To – Displays the events that occurred within the given timeframe +- Refresh button – Updates the grid with any new events +- Show All Columns – Resets hidden columns to their default location on the data grid +- Export Data– Opens the Export Data window with export actions and options. See the + [Export Data](/docs/threatprevention/7.5/admin/navigation/datagrid.md#export-data) topic for additional information. + +Example for the Events for Last [number] Hours Option + +Below is an example of how to use the Events for Last [number] Hours option: + +The number of hours set is based on UTC and is adjusted for the time zones of the Administration +Console server and the Agent that is monitoring the events. Let's assume the following: + +- The Administration Console server is in New York, USA (UTC -5) +- The option is set to display events for Last 4 Hours +- The Agent that is monitoring the events is in London, UK (UTC +0) + +If you click the Refresh button at noon New York time, then the events displayed would have been +generated between 8 A.M. and 12 P.M. New York time, or between 1 P.M. and 5 P.M. London time. + +The data grid can be filtered according to the Event Tracker Status: + +- All +- New +- Reviewed + +See the [Event Tracker Window](/docs/threatprevention/7.5/admin/policies/configuration/recentevents/eventtracker.md) topic for additional information. + +## Recent Events Data Grid + +The data grid on the Recent Events tab includes the following information for each event, listed +below in the default order of the data grid columns: + +- Event: Time Logged – Timestamp for when the event was monitored/blocked. The specified time is the + local time for the server where the Agent is deployed. Hover over the data in this column to view + the local time (of the Enterprise Manager) and UTC time simultaneously. +- Event: UTC Time Logged – UTC Timestamp for when the event was monitored/blocked by the Agent. + Hover over the data in this column to view the local time (of the Enterprise Manager) and UTC time + simultaneously. +- Affected Object: Path – Name of the affected object according to the type of monitoring/blocking + + - Active Directory monitoring/blocking – Active Directory distinguished name for the affected + object + - Effective Group Membership monitoring – Active Directory distinguished name for the affected + group. A double asterisk (\*\*) at the beginning indicates that the path is to the nested + group where the actual membership change occurred. + - Exchange monitoring/blocking – Name of the affected Exchange mailbox + - File System monitoring/blocking – Original path of the affected file or folder + - Authenticate – DN of the user object making the request + + **NOTE:** For LDAP bind/monitoring/blocking, Affected Object Path is not used + +- Agent: Domain – Active Directory domain where the Agent that monitored/blocked the event is + deployed +- Affected Object: Class – Active Directory class of the affected object +- Event: Type – Identifies the type of monitoring/blocking, e.g. Active Directory, File System, + Exchange +- Event: Raw Name – Short description of the monitored operation +- Perpetrator: DN – Distinguished name for the perpetrator account +- Agent: Computer – Server where the Agent is deployed +- Agent: IP Address – IP address of the server where the Agent is deployed +- Perpetrator: Access URL – Process name that is modifying or attempting to modify LSASS + + - LSASS Guardian monitoring/blocking – Security principal of the account affected by the event + +- Event: Success – Indicates the event completed successfully +- Event: Blocked – Indicates the Agent blocked the event from occurring +- Affected Object: SID – Security Identifier of the object/account affected by the event +- Affected Object: Account Name – Security principal of the account affected by the event +- Affected Object: GUID – The globally unique identifier of the object affected by the event +- Event: Name – Type of event monitored/blocked +- Perpetrator: Name – Security principal of the account that triggered the event +- Perpetrator: SID – Security Identifier of the account used in the event +- Perpetrator: Protocol – Protocol used for the monitored operation + + - File System monitoring/blocking – Name of the share where the operation was monitored/blocked. + It will be blank if the affected host has an operating system older than Windows Server 2008 + R2. + +- Perpetrator: IP Address –IP address of the originating host + + - File System monitoring/blocking – It will be blank if the affected host has an operating + system older than Windows Server 2008 R2. + +- Perpetrator: MAC Address – Network adapter identifier +- Perpetrator: Host – Name of the originating host +- Affected Object: IP Address – IP address of the host where the affected object resides +- Affected Object: Host – Name of the host the security principal is trying to access +- Event: Message – Result of the attempted operation +- Event: Count – Number of identical events that occurred in one minute + +Select an event to view additional information about it. + +![Recent Events tab - Additional Information for an event](/img/product_docs/threatprevention/7.5/admin/policies/recentevents/recenteventdetails.webp) + +The following information (as applicable to the event) is displayed: + +- Attribute Name – The name of the object attribute that is affected +- Operation – The operation performed on the attribute +- Old Value – Value prior to the monitored change +- New Value – Value after the monitored change + +This data grid employs features for sorting, filtering, searching, and more. See the +[ Data Grid Functionality](/docs/threatprevention/7.5/admin/navigation/datagrid.md) topic for additional information. + +## Recent Events Right-Click Menu + +Right-click on a row in the data grid to open the right-click menu. + +![Recent Events tab - Right-Click menu](/img/product_docs/threatprevention/7.5/admin/policies/recentevents/rightclickmenu.webp) + +- Copy – Copies the selected data cell to clipboard +- Event Viewer – Opens the [Event Viewer Window](/docs/threatprevention/7.5/admin/policies/configuration/recentevents/eventviewer.md) for the selected event/data row +- Event Tracker – Opens the [Event Tracker Window](/docs/threatprevention/7.5/admin/policies/configuration/recentevents/eventtracker.md) for the selected event/data row +- [Execute PS Script](/docs/threatprevention/7.5/admin/policies/configuration/recentevents/executepsscript.md) – Opens a Windows Explorer window to the scripts folder. + Enables users to run a PowerShell script for the selected event/data row. diff --git a/docs/threatprevention/7.5/admin/policies/dataprotection.md b/docs/threatprevention/7.5/admin/policies/dataprotection.md index 35d3034c7e..c6a7057bf0 100644 --- a/docs/threatprevention/7.5/admin/policies/dataprotection.md +++ b/docs/threatprevention/7.5/admin/policies/dataprotection.md @@ -1,3 +1,9 @@ +--- +title: "Data Protection" +description: "Data Protection" +sidebar_position: 10 +--- + # Data Protection Under the Policies node, you can protect collected event data at the folder level. @@ -9,7 +15,7 @@ it: the selected folder. - View Data checkbox – Affects the ability to see events data for these policies in the policy’s - [Recent Events Tab](/docs/threatprevention/7.5/admin/policies/recentevents/overview.md) and the + [Recent Events Tab](/docs/threatprevention/7.5/admin/policies/configuration/recentevents/overview.md) and the [Investigate Interface](/docs/threatprevention/7.5/admin/investigate/overview.md). Only users granted the View Data permission on the folder where the object has been @@ -20,13 +26,13 @@ it: the Protect Policiessection for instructions on protecting policies or objects. - Protected Objects – Monitors the selected - [Select Active Directory Contexts Window](/docs/threatprevention/7.5/admin/policies/eventtype/window/selectactivedirectory/context.md) + [Select Active Directory Contexts Window](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/context.md) within the policy folder Protected objects are hidden from the following types of data no matter what policy monitored/blocked it: - - [Recent Events Tab](/docs/threatprevention/7.5/admin/policies/recentevents/overview.md) data + - [Recent Events Tab](/docs/threatprevention/7.5/admin/policies/configuration/recentevents/overview.md) data - [Investigate Interface](/docs/threatprevention/7.5/admin/investigate/overview.md) data **NOTE:** These protections only apply to viewing event data within the Administration Console, and @@ -88,7 +94,7 @@ is displayed. **Step 8 –** On the Select Active Directory Contexts window, select an Agent from the drop-down menu and click **Connect**. Expand the domain tree in the Navigation pane. Select an item in the Results -pane on the right and click **OK**. See the [Selection Windows](/docs/threatprevention/7.5/admin/policies/eventtype/window/overview.md) topic +pane on the right and click **OK**. See the [Selection Windows](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/overview.md) topic for additional information. **Step 9 –** The window closes and the object is displayed in the Protected Objects list. Only those diff --git a/docs/threatprevention/7.5/admin/policies/eventtype/activedirectorychanges.md b/docs/threatprevention/7.5/admin/policies/eventtype/activedirectorychanges.md deleted file mode 100644 index d32a885389..0000000000 --- a/docs/threatprevention/7.5/admin/policies/eventtype/activedirectorychanges.md +++ /dev/null @@ -1,382 +0,0 @@ -# Active Directory Changes Event Type - -The Active Directory Changes event type can be configured to generate an event when an Active -Directory object or attribute is changed (add, delete, modify, move, rename). - -The event filters for the Active Directory Changes event type are: - -- AD Event -- Domains/Servers -- AD Context -- AD Classes -- AD Attributes -- AD Objects -- AD Perpetrator -- IP Addresses (from) -- Hosts (from) -- Success -- Advanced Filter - -![Policy window - Active Directory Changes Event Type](/img/product_docs/threatprevention/7.5/admin/policies/eventtype/adchanges.webp) - -Each filter tab acts like an "AND" statement for the filter. Any filter tab left blank is treated -like an "ALL" for that filter set. - -## AD Event Filter - -Use the AD Event filter to select Active Directory events to be monitored or locked down by the -policy. - -![Policy window - AD Event filter](/img/product_docs/threatprevention/7.5/admin/policies/eventtype/adevent.webp) - -Check the **All** box to monitor or lockdown all operations, or select specific operations: - -- Object Added – The policy monitors for objects being added to Active Directory -- Object Deleted – The policy monitors for objects being deleted from Active Directory -- Object Modified – The policy monitors for Active Directory objects being modified -- Object Moved or Renamed – The policy monitors for Active Directory objects being moved or renamed - -If applied to a Lockdown Event Type, the policy both monitors and lockdowns the objects based on the -selection. - -## Domains/Servers Filter - -Use the Domains/Servers filter to set the scope of the policy to specific domains and/or servers or -to exclude specific domains and/or servers. - -![Event Type - Domains/Servers Monitoring filter](/img/product_docs/threatprevention/7.5/admin/policies/eventtype/domainsserversmonitoring.webp) - -Use the buttons in the Include and Exclude areas to edit the lists. - -- The Add (+) buttons open the [Select Domains and Servers Window](/docs/threatprevention/7.5/admin/policies/eventtype/window/selectdomainsservers.md). -- The Collection button opens the - [List of Collections Window](/docs/threatprevention/7.5/admin/configuration/collectionmanager/listcollections.md) to the - appropriate Collection category. -- The Remove (x) button deletes the selected item(s) from that box. - -**NOTE:** To enable a Dynamic Policy, use the Collection button to select the desired Dynamic -Collection. See the [Dynamic Collections](/docs/threatprevention/7.5/admin/configuration/collectionmanager/dynamic.md) topic -for additional information. - -## AD Context Filter - -Use the AD Context filter to set the scope of the policy to only monitor specific contexts (e.g. -containers and organizational units) in Active Directory or to exclude specific contexts from being -monitored. - -![Policy window - AD Context filter](/img/product_docs/threatprevention/7.5/admin/policies/eventtype/adcontext.webp) - -Use the buttons in the Include Contexts, Include Collections, Exclude Contexts, and Exclude -Collections areas to edit the lists. - -- The Context Add (+) button opens the - [Select Active Directory Contexts Window](/docs/threatprevention/7.5/admin/policies/eventtype/window/selectactivedirectory/context.md). -- The Collection button opens the - [List of Collections Window](/docs/threatprevention/7.5/admin/configuration/collectionmanager/listcollections.md) to the - appropriate Collection category. -- The Remove (x) button deletes the selected item(s) from that box. - -Sub Tree - -![Sub-Tree option in event type filters](/img/product_docs/threatprevention/7.5/admin/policies/eventtype/subtree.webp) - -When contexts are added, a Sub-Tree checkbox displays. Check it to apply the filter to the parent -and all child contexts. Uncheck it to apply the filter to the listed context only. - -## AD Classes Filter - -Use the AD Classes filter to set the scope of the policy to only monitor specific classes within -Active Directory or to exclude specific classes from being monitored. - -![Policy window - AD Classes filter](/img/product_docs/threatprevention/7.5/admin/policies/eventtype/adclasses.webp) - -Use the buttons in the Include and Exclude areas to edit the lists. - -- The Add (+) buttons open the [Class List Window](/docs/threatprevention/7.5/admin/policies/eventtype/window/classlist.md). -- The Collection button opens the - [List of Collections Window](/docs/threatprevention/7.5/admin/configuration/collectionmanager/listcollections.md) to the - appropriate Collection category. -- The Remove (x) button deletes the selected item(s) from that box. - -## AD Attributes Filter - -Use the AD Attributes filter to set the scope of the policy to only monitor specific Active -Directory attributes or to exclude specific attributes from being monitored. - -![Policy window - AD Attributes filter](/img/product_docs/threatprevention/7.5/admin/policies/eventtype/adattributes.webp) - -Use the buttons in the Include Attributes, Include Collections, Exclude Attributes, and Exclude -Collections areas to edit the lists. - -- The Attributes Add (+) button opens the [Attribute List Window](/docs/threatprevention/7.5/admin/policies/eventtype/window/attributelist.md). -- The Collection button opens the - [List of Collections Window](/docs/threatprevention/7.5/admin/configuration/collectionmanager/listcollections.md) to the - appropriate Collection category. -- The Remove (x) button deletes the selected item(s) from that box. - -Attribute, Operator and Value - -When an attribute is selected, it is added to the filter and a drop-down menu is displayed in the -Operation column with **Any Value** selected. You can further scope the attributes to enable the -policy to only capture events based on the new value. Use the Operation and Value columns of the -Include Attributes and Exclude Attributes boxes to achieve this. - -The Operation drop-down menu has the following options: - -- Any Value – No scoping applied for this attribute -- (empty value) – Blank attribute values -- Equal – Attribute values that are identical to the Value field -- Not Equal – Attribute values that do not match the Value field -- Less Than – Attribute values below the numeric value or before the alphabetical value supplied in - the Value field -- Greater Than – Attribute values above the numeric value or after the alphabetical value supplied - in the Value field -- Contains – Attribute value includes the user supplied string (numbers are treated as strings) in - the Value field -- Not Contain – Attribute values do not include the user supplied string (numbers are treated as - strings) in the Value field -- Starts with – Attribute values start with the user supplied string in the Value field - -Select an **Operation** and type a value in the textbox. The value may include alphanumeric -characters, string type, or dates. Only one value is supported; do not specify multiple values for -the attribute. Also the Value field is not case sensitive. - -When you select another attribute, a new row is added, where you can specify an operator and a value -for that attribute. Each row is treated as an “OR” statement. If any event matches any of the -attribute filters, then the event data includes all attributes in the list. - -**NOTE:** You cannot specify more than one value for an attribute and you cannot select the same -attribute twice. To use the same attribute again, you have to add the same event type again to the -policy, select that event type and then select a previously used attribute to include in the Add -Attributes filter. - -When the userAccountControl attribute is included or excluded in the filter, selecting the Any Value -dropdown opens the [User Account Control Window](/docs/threatprevention/7.5/admin/policies/eventtype/window/useraccountcontrol.md) with additional UAC -flags to add to the filter. - -## AD Objects Filter - -Use the AD Objects filter to set the scope of the policy to only monitor specific objects in Active -Directory or to exclude specific objects from being monitored. - -![Policy window - AD Objects filter](/img/product_docs/threatprevention/7.5/admin/policies/eventtype/adobjects.webp) - -Use the buttons in the Include and Exclude areas to edit the lists. - -- The Add (+) buttons open the - [Select Active Directory Objects Window](/docs/threatprevention/7.5/admin/policies/eventtype/window/selectactivedirectory/objects.md). -- The Collection button opens the - [List of Collections Window](/docs/threatprevention/7.5/admin/configuration/collectionmanager/listcollections.md) to the - appropriate Collection category. -- The Remove (x) button deletes the selected item(s) from that box. - -**NOTE:** To enable a Dynamic Policy, use the Collection button to select the desired Dynamic -Collection. See the [Dynamic Collections](/docs/threatprevention/7.5/admin/configuration/collectionmanager/dynamic.md) topic -for additional information. - -## AD Perpetrator Filter - -Use the AD Perpetrator filter for monitoring to set the scope of the policy to only monitor specific -security principals committing changes or to exclude specific security principals committing changes -from being monitored. - -![Event Type - AD Perpetrator Monitoring filter](/img/product_docs/threatprevention/7.5/admin/policies/eventtype/adperpetratormonitoring.webp) - -Use the buttons in the Include Perpetrators, Include Collections, Exclude Perpetrators, and Exclude -Collections areas to edit the lists. - -- The Perpetrators Add (+) button opens the - [Select Active Directory Perpetrators Window](/docs/threatprevention/7.5/admin/policies/eventtype/window/selectactivedirectory/perpetrators.md). -- The Collection button opens the - [List of Collections Window](/docs/threatprevention/7.5/admin/configuration/collectionmanager/listcollections.md) to the - appropriate Collection category. -- The Remove (x) button deletes the selected item(s) from that box. - -**NOTE:** To enable a Dynamic Policy, use the Collection button to select the desired Dynamic -Collection. See the [Dynamic Collections](/docs/threatprevention/7.5/admin/configuration/collectionmanager/dynamic.md) topic -for additional information. - -Sub Tree - -![Sub-Tree option in event type filters](/img/product_docs/threatprevention/7.5/admin/policies/eventtype/subtree.webp) - -When contexts are added, a Sub-Tree checkbox displays. Check it to apply the filter to the parent -and all child contexts. Uncheck it to apply the filter to the listed context only. - -## IP Addresses (from) Filter - -Use the IP Addresses (from) filter to set the scope of the policy to specific IP addresses as -originators of an event or to exclude specific IP addresses. - -![Event Type – IP Addresses (from) filter](/img/product_docs/threatprevention/7.5/admin/policies/eventtype/ipaddressesfrom.webp) - -Use the buttons in the Include IP Addresses, Include Collections, Exclude IP Addresses, and Exclude -Collections areas to edit the lists. - -- The IP Addresses Add (+) button opens the [Add IP Address Window](/docs/threatprevention/7.5/admin/policies/eventtype/window/addipaddress.md). -- The Collection button opens the - [List of Collections Window](/docs/threatprevention/7.5/admin/configuration/collectionmanager/listcollections.md) to the - appropriate Collection category. -- The Remove (x) button deletes the selected item(s) from that box. - -**NOTE:** To enable a Dynamic Policy, use the Collection button to select the desired Dynamic -Collection. See the [Dynamic Collections](/docs/threatprevention/7.5/admin/configuration/collectionmanager/dynamic.md) topic -for additional information. - -## Hosts (from) Filter - -Use the Hosts (from) filter for monitoring to set the scope of the policy to only monitor specific -hosts as originators of an event or to exclude specific hosts from being monitored. - -![Event Type – Hosts (from) filter](/img/product_docs/threatprevention/7.5/admin/policies/eventtype/hostsfrom.webp) - -Use the buttons in the Include Hosts, Include Collections, Exclude Hosts, and Exclude Collections -areas to edit the lists. - -- The Hosts Add (+) button opens the [Select Computer Window](/docs/threatprevention/7.5/admin/policies/eventtype/window/selectcomputers.md). -- The Collection button opens the - [List of Collections Window](/docs/threatprevention/7.5/admin/configuration/collectionmanager/listcollections.md) to the - appropriate Collection category. -- The Remove (x) button deletes the selected item(s) from that box. - -**NOTE:** To enable a Dynamic Policy, use the Collection button to select the desired Dynamic -Collection. See the [Dynamic Collections](/docs/threatprevention/7.5/admin/configuration/collectionmanager/dynamic.md) topic -for additional information. - -## Success Filter - -The Success filter is where the policy is set to only monitor successful events, failed events, or -both. - -![Event Type – Success filter](/img/product_docs/threatprevention/7.5/admin/policies/eventtype/success.webp) - -Select the radio button for the desired monitoring filter: - -- Success – Only monitors successful events -- Failure – Only monitors failed events -- Both Success and Failure – Monitors all events that are within the scope of the respective filters - for the event type - -## Advanced Filter - -Use the Advanced Filter to include or exclude attribute conditions for monitoring Active Directory -changes. - -![AD Changes event type - Advanced Filter](/img/product_docs/threatprevention/7.5/admin/policies/eventtype/advancedadchanges.webp) - -You can define a criteria (filter statements) to monitor event data based on event data values or -event attribute values or both. - -Filter statements can be added to the Include condition and Exclude condition boxes. The filter uses -pre-defined logical and comparison operators to create filter criteria for the scan. You can add -conditions to a filter statement. Conditions can be singular or grouped by a logical operator. - -In the screenshot above, the Exclude condition box displays singular conditions while the Include -condition box displays conditions grouped by logical operators. - -Logical Operator - -The logical operator is displayed as left aligned red text. To change the logical operator, click on -it to open a menu with the following options: - -- And -- Or -- Not And -- Not Or - -Add icon (+) - -To add a filter (condition) to the filter statement or to start a new group of filters, click the -**Add** (+) icon. Then select: - -- Add Condition – Adds a conditions to the filter statement -- Add Group – Adds a group with a conditions and a logical operator to the filter statement - -A new row is inserted that displays an event data drop-down menu, a comparison operator, and a Value -box. - -Event Data Selection - -The Event Data drop-down menu is displayed in orange. it contains a list of all the fields that can -be part of an event. Click it to select an event name. Your selection is displayed in orange text in -the box below. - -The “Attributes: New” and “Attributes: Old” options are special cases discussed below in detail. - -Comparison Operator - -The comparison operator drop-down menu is displayed in blue. To change it, click on it to open a -menu with options that associate with the selected event data field. - -If you have selected the “Attributes: New” or “Attributes: Old” option in the Event Data drop-down -menu, then only the following comparison operators are available: - -- ContainsValue -- DoesNotContainValue -- EqualsValue -- StartsWithValue -- EndsWithValue - -Your selected comparison operator is displayed in blue text in the box below. - -Value - -The value box is displayed in green. Click in it to type a value, then press Enter. The value is -displayed in green text in the box below. - -**NOTE:** The Value box only accepts a single string except when the “Attributes: New” or -“Attributes: Old” option is selected in the Event Data drop-down menu. - -In case of “Attributes: New” and “Attributes: Old”, type three comma separated values (parameters) -in the Value box in the following format: - -%name%,%suboperation%,%value% -(White space is not allowed between the comma and the argument, unless white space is part of the -argument.) - -where: - -- %name% – The attribute name, for example 'member' (case insensitive) -- %suboperation% – Attribute sub-operation, which can be Add Attribute, Add Value, Remove Attribute, - Remove Value, or Change Attribute (case insensitive) -- %value% – The attribute value (case insensitive) - -All the parameters are optional and only evaluated if non-empty. This means that you can select -attributes either only by %name% or %suboperation% or %value% or by combination of -%name%/%suboperation%/%value%. - -If %value% is not specified, all the functions behave in the same way because they implement the -same logic for %name% / %suboperation% comparison. The difference is applicable only when %value% is -specified. - -Following is how the comparison operator (displayed in blue) works with %value%: - -- ContainsValue – matches if an attribute has any value containing %value% -- DoesNotContainValue – matches if an attribute does not have any value containing %value% -- EqualsValue – matches if an attribute has any value equal to %value% -- StartsWithValue – matches if an attribute has any value starting with %value% -- EndsWithValue – matches if an attribute has any value ending with %value% - -Examples of how the comparison operator (displayed in blue) works with Value - -| Comparison Operator | Value (%name%,%suboperation%,%value%) | Outcome | -| ------------------- | ------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------- | -| ContainsValue | description,Change Attribute,testdescription | Matches any attribute where: - name is 'description' - operation is 'Change Attribute' - value contains 'testdescription' | -| ContainsValue | ,Change Attribute,testdescription | Matches any attribute where: - operation is 'Change Attribute' - value contains 'testdescription' | -| ContainsValue | description,,testdescription | Matches any attribute where: - name is 'description' - value contains 'testdescription' | -| ContainsValue | ,,testdescription | Matches any attribute where: - value contains 'testdescription' | -| ContainsValue | description OR description, OR description,, | Matches any attribute where: - name is 'description' | -| ContainsValue | description,Change Attribute OR description,Change Attribute, | Matches any attribute where: - name is 'description' - operation is 'Change Attribute' | - -Example of a filter statement with "Attribute New" - -Following is an example of a filter statement defined in the Include condition box with the -"Attribute New" option. - -![Example of an advanced filter](/img/product_docs/threatprevention/7.5/admin/policies/eventtype/filterstatement.webp) - -````And -[Attributes: New] [StartsWithValue] [telephoneNumber, change attribute, (555)]``` - -This filter statement would only generate an event if an object's telephoneNumber attribute is changed and the new value starts with (555), rather than generating an event every time the telephone number is changed. -```` diff --git a/docs/threatprevention/7.5/admin/policies/eventtype/filesystemaccessanalyzer.md b/docs/threatprevention/7.5/admin/policies/eventtype/filesystemaccessanalyzer.md index 4fd4969272..3c3b29cc6a 100644 --- a/docs/threatprevention/7.5/admin/policies/eventtype/filesystemaccessanalyzer.md +++ b/docs/threatprevention/7.5/admin/policies/eventtype/filesystemaccessanalyzer.md @@ -24,8 +24,8 @@ that can be read by the File System collection. See the File System Solution top information on this collection component. Event data collected by the policies with either the -[File System Changes Event Type](/docs/threatprevention/7.5/admin/policies/eventtype/filesystemchanges.md) or the -[File System Lockdown Event Type](/docs/threatprevention/7.5/admin/policies/eventtype/filesystemlockdown.md) are also available for consumption by +[File System Changes Event Type](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/filesystemchanges/filesystemchanges.md) or the +[File System Lockdown Event Type](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/filesystemlockdown.md) are also available for consumption by Netwrix Access Analyzer (formerly Enterprise Auditor) if the File System Enterprise Auditor event type is used by the same policy. @@ -45,7 +45,7 @@ Use the buttons in the Include Paths, Include Collections, Exclude Paths, and Ex areas to edit the lists. - The Path **Add** (+) button opens the - [Select File System Objects Window](/docs/threatprevention/7.5/admin/policies/eventtype/window/selectfilesystemobjects.md). + [Select File System Objects Window](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/selectfilesystemobjects.md). - The Collection button opens the [List of Collections Window](/docs/threatprevention/7.5/admin/configuration/collectionmanager/listcollections.md) to the appropriate Collection category. @@ -115,7 +115,7 @@ from being monitored. Use the buttons above the Exclude Perpetrators and Exclude Collections areas to edit the lists. - The Perpetrators Add (+) button opens the - [Select Active Directory Perpetrators Window](/docs/threatprevention/7.5/admin/policies/eventtype/window/selectactivedirectory/perpetrators.md). + [Select Active Directory Perpetrators Window](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/window/perpetrators.md). - The Collection button opens the [List of Collections Window](/docs/threatprevention/7.5/admin/configuration/collectionmanager/listcollections.md) to the appropriate Collection category. diff --git a/docs/threatprevention/7.5/admin/policies/eventtype/overview.md b/docs/threatprevention/7.5/admin/policies/eventtype/overview.md deleted file mode 100644 index ce5a9ac52f..0000000000 --- a/docs/threatprevention/7.5/admin/policies/eventtype/overview.md +++ /dev/null @@ -1,73 +0,0 @@ -# Event Type Tab - -The Event Type tab enables you to define the objects and events that Threat Prevention -monitors/blocks. - -![Policy - Event Type tab](/img/product_docs/threatprevention/7.5/admin/policies/eventtype/eventtypetab.webp) - -Each event type represents what is monitored or blocked. Event filters are used to either narrow or -broaden the scope of the monitoring/blocking as desired. Click **Add** (+) to open the Event -Selection window. Your licensed modules determine what event types are available. Event types that -are not available or not licensed are grayed-out but visible in the Event Selection window. See the -[License Manager Window](/docs/threatprevention/7.5/admin/navigation/licensemanager.md) topic for additional information. - -## Event Selection Window - -![Event Type tab - Event Selection window](/img/product_docs/threatprevention/7.5/admin/policies/eventtype/eventselection.webp) - -Check the box for the desired event type and click **OK**. The corresponding event filters show at -the bottom of the Event Type tab. Multiple event types can be assigned to a policy. - -**_RECOMMENDED:_** Create different policies for different event types for reporting purposes. -Otherwise, one report will have a mix of different types of data. There are a few exceptions to this -feature. - -Once the event type to be monitored by the policy is selected, use the filters to scope the policy. - -Each filter tab acts like an "AND" statement for the filter. Any filter tab left blank is treated -like an "ALL" for that filter set. - -Save all changes made to a policy or a template before leaving the configuration interface. - -See the following topics for additional details: - -- [Active Directory Changes Event Type](/docs/threatprevention/7.5/admin/policies/eventtype/activedirectorychanges.md) -- [Active Directory Lockdown Event Type](/docs/threatprevention/7.5/admin/policies/eventtype/activedirectorylockdown.md) -- [Active Directory Read Monitoring Event Type](/docs/threatprevention/7.5/admin/policies/eventtype/activedirectoryreadmonitoring.md) -- [AD Replication Monitoring Event Type](/docs/threatprevention/7.5/admin/policies/eventtype/adreplicationmonitoring.md) -- [AD Replication Lockdown Event Type](/docs/threatprevention/7.5/admin/policies/eventtype/adreplicationlockdown.md) -- [Authentication Monitoring Event Type](/docs/threatprevention/7.5/admin/policies/eventtype/authenticationmonitoring.md) -- [Authentication Lockdown Event Type](/docs/threatprevention/7.5/admin/policies/eventtype/authenticationlockdown.md) -- [Effective Group Membership Event Type](/docs/threatprevention/7.5/admin/policies/eventtype/effectivegroupmembership.md) -- [Exchange Changes Event Type](/docs/threatprevention/7.5/admin/policies/eventtype/exchangechanges.md) -- [Exchange Lockdown Event Type](/docs/threatprevention/7.5/admin/policies/eventtype/exchangelockdown.md) -- [File System Changes Event Type](/docs/threatprevention/7.5/admin/policies/eventtype/filesystemchanges.md) -- [File System Lockdown Event Type](/docs/threatprevention/7.5/admin/policies/eventtype/filesystemlockdown.md) -- [File System Enterprise Auditor Event Type](/docs/threatprevention/7.5/admin/policies/eventtype/filesystemaccessanalyzer.md) -- [FSMO Role Monitoring Event Type](/docs/threatprevention/7.5/admin/policies/eventtype/fsmorolemonitoring.md) -- [GPO Setting Changes Event Type](/docs/threatprevention/7.5/admin/policies/eventtype/gposettingchanges.md) -- [GPO Setting Lockdown Event Type](/docs/threatprevention/7.5/admin/policies/eventtype/gposettinglockdown.md) -- [LSASS Guardian – Monitor Event Type](/docs/threatprevention/7.5/admin/policies/eventtype/lsassguardianmonitor.md) -- [LSASS Guardian – Protect Event Type](/docs/threatprevention/7.5/admin/policies/eventtype/lsassguardianprotect.md) -- [Password Enforcement Event Type](/docs/threatprevention/7.5/admin/policies/eventtype/passwordenforcement.md) -- [LDAP Monitoring Event Type](/docs/threatprevention/7.5/admin/policies/eventtype/ldapmonitoring.md) -- [LDAP Lockdown Event Type](/docs/threatprevention/7.5/admin/policies/eventtype/ldaplockdown.md) -- [LDAP Bind Monitoring Event Type](/docs/threatprevention/7.5/admin/policies/eventtype/ldapbindmonitoring.md) - -## Event Filters Overview - -Policies are scoped using the Event Filters tabs ascribed to the policy on the basis of the event -type selected on the Event Selection Window. - -The filters appear on the Event Type tab when an event type is selected. - -Several filters allow for both an Include and an Exclude list to be set together. The Exclude list -takes precedence over the Include list. If an item is part of both lists, then when an event comes -through with that item, it is excluded. - -When using a Lockdown Event Type, it is necessary to decide between Block or Allow for the filter. - -- Block – Blocks all items added to the list, or if the list is left blank, it blocks all items for - that filter category -- Allow – Only allows items added to the list and blocks all others. If the list is left blank, it - allows all items for that filter category. diff --git a/docs/threatprevention/7.5/admin/policies/eventtype/window/overview.md b/docs/threatprevention/7.5/admin/policies/eventtype/window/overview.md deleted file mode 100644 index f2a372d4f3..0000000000 --- a/docs/threatprevention/7.5/admin/policies/eventtype/window/overview.md +++ /dev/null @@ -1,66 +0,0 @@ -# Selection Windows - -Many event type filters have selections windows for populating filter values. It may be necessary to -select a specific Agent to populate values in the selection window. Some selection windows also -include an option to switch between a Browse Mode and a Search Mode for locating Active Directory -filter values. - -## Select an Agent - -On several Select… windows, you must select a server where the Agent has been deployed, as these -windows present live information provided by the Agent. If no Agent is found, the window does not -open. - -![Selection Window - Connect to Agent/Server option](/img/product_docs/threatprevention/7.5/admin/policies/eventtype/window/selectagent.webp) - -The following rules can aid in selecting the correct Agent for the Select… window when configuring -solution related policies: - -- Active Directory – Select any Agent on any domain controller within the domain of interest -- Exchange – Select any Agent on any Exchange server -- Windows File System – Select the Agent on the target machine where the files to be monitored - reside -- NAS File System – Select the Agent on the Windows server acting as a proxy server for NAS activity - -## Browse Mode - -Select a server/Agent from the drop-down menu and click **Connect**. - -![Selection Window - Browse mode](/img/product_docs/threatprevention/7.5/admin/policies/eventtype/window/adperpetrators.webp) - -- Select the option button for **Browse Mode**. -- Expand the domain tree in the Navigation pane to select a container. The Results pane populates - with the available items. -- Check the desired item(s) in the Results pane on the right and click **OK**. - -The selection(s) are displayed in the appropriate box of the filter tab from where you opened the -Select… window. - -## Search Mode - -Select a server/Agent from the drop-down menu and click **Connect**. - -![Selection Window - Search Mode](/img/product_docs/threatprevention/7.5/admin/policies/eventtype/window/searchmode.webp) - -- Select the option button for **Search Mode**. -- Expand the domain tree in the Navigation pane to select the starting point for the search, which - auto-populates the Start in field. Use the following scoping options: - - - Scope all – Includes all sub-containers in the search - - Attribute – Scope to the ‘objectClass’, name, or SAMAccountName attribute - - Condition – Set the scoping condition to: - - - Starts with - - Contains - - Exact Match (this is the only condition available for objectClass) - - - Value – Search string - -- After selecting the desired options, click **Search Now**. The Results pane begins to populate - with matching results. -- Choose between **Show [number] AD objects** and specify a value or **Show all**. Already selected - objects for this filter that match the search are visible but grayed-out. -- Check the desired item(s) in the Results pane on the right and click **OK**. - -The selection(s) are displayed in the appropriate box of the filter tab from where you opened the -Select… window. diff --git a/docs/threatprevention/7.5/admin/policies/eventtype/window/selectactivedirectory/grouppolicyobjects.md b/docs/threatprevention/7.5/admin/policies/eventtype/window/selectactivedirectory/grouppolicyobjects.md deleted file mode 100644 index 50aeea7b4b..0000000000 --- a/docs/threatprevention/7.5/admin/policies/eventtype/window/selectactivedirectory/grouppolicyobjects.md +++ /dev/null @@ -1,16 +0,0 @@ -# Select Active Directory Group Policy Objects Window - -The Select Active Directory Group Policy Objects window provides a list of available GPOs. Selected -objects are added to the filter from where you clicked the **Add** (+) button to open this window. - -![Select Active Directory Group Policy Objects Window](/img/product_docs/threatprevention/7.5/admin/policies/eventtype/window/selectactivedirectory/adgpo.webp) - -- Select an Agent from the drop-down menu and click **Connect**. -- Navigate through the domain tree and check the desired item(s) in the **Results** pane on the - right. -- Then click **OK** to close the window. - -See the [Selection Windows](/docs/threatprevention/7.5/admin/policies/eventtype/window/overview.md) topic for additional information. - -The selection is displayed in the appropriate box of the AD Group Policy Object filter or the AD -Group Policy Object Changes filter. diff --git a/docs/threatprevention/7.5/admin/policies/exportpoliciestemplates.md b/docs/threatprevention/7.5/admin/policies/exportpoliciestemplates.md index 79f30f2bee..a9a11a2971 100644 --- a/docs/threatprevention/7.5/admin/policies/exportpoliciestemplates.md +++ b/docs/threatprevention/7.5/admin/policies/exportpoliciestemplates.md @@ -1,3 +1,9 @@ +--- +title: "Export Policies and Templates Window" +description: "Export Policies and Templates Window" +sidebar_position: 30 +--- + # Export Policies and Templates Window The Export Policies and Templates window, opened from the Policies interface and the Templates diff --git a/docs/threatprevention/7.5/admin/policies/general.md b/docs/threatprevention/7.5/admin/policies/general.md deleted file mode 100644 index 15c12e2964..0000000000 --- a/docs/threatprevention/7.5/admin/policies/general.md +++ /dev/null @@ -1,75 +0,0 @@ -# General Tab - -The General tab is for editing the basic attributes of the policy. - -![Policy - General tab](/img/product_docs/threatprevention/7.5/admin/policies/generaltab.webp) - -Policy Status - -It indicates whether or not the policy is enabled. Click the toggle button at the top to enable or -disable the policy. On the [Policies Interface](/docs/threatprevention/7.5/admin/policies/overview.md), an enabled policy is represented with -a green dot and a disabled policy is represented with a gray dot. - -Name - -The name should be unique and descriptive. This name is displayed for a policy in the list on the -[Policies Interface](/docs/threatprevention/7.5/admin/policies/overview.md). Event data can be filtered by policy; therefore, a descriptive -name can be very useful to users of the Netwrix Threat Manager Reporting Module. - -Description - -The description is optional but recommended. Since each policy can be configured to be as broad or -narrow as desired, the name combined with the description should clearly explain what objects and -events it monitors/blocks, where in the network it looks, and when it is active. This description is -displayed for a policy in the list on the [Policies Interface](/docs/threatprevention/7.5/admin/policies/overview.md). - -Save all changes made to a policy or a template before leaving the configuration interface. - -## History - -History details in the center of the General tab are automatically populated on creation or -modification. - -![Policy - General tab > History section](/img/product_docs/threatprevention/7.5/admin/policies/history.webp) - -It contains read-only information on who created the policy (Added by), when the policy was created -(Added on), who made the latest modification (Modified by), and when the latest modification -occurred (Modified on). - -## Schedule - -The schedule is for setting the time period for an enabled policy to monitor or block events. - -| Icon | Label | Represents | -| ------------------------------------------------------------------------------------------------------------------- | ------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| ![alwaysactivebutton](/img/product_docs/threatprevention/7.5/admin/policies/alwaysactivebutton.webp) | Always Active | Indicates the policy will be active at all times when enabled. This is the default setting | -| ![specifictimesbutton](/img/product_docs/threatprevention/7.5/admin/policies/specifictimesbutton.webp) | Active at Specified Times | Indicates the policy will be active only at the specified times when enabled. There are two options for setting the specified times: - Local Server Time – Schedule is set according to the local server’s time - UTC Time – Schedule is set according to the Universal Time (UTC) | - -Any new policy created from a template automatically applies the template’s setting, which can then -be modified as desired. Schedule details are displayed for a policy in the list on the -[Policies Interface](/docs/threatprevention/7.5/admin/policies/overview.md). Active at Specified Times is represented by a clock icon, and -Always Active is represented with no icon, or blank. - -Weekly Calendar - -The weekly calendar at the bottom of the schedule section is where the schedule is set. - -![Schedule section in a policy set to Always Active](/img/product_docs/threatprevention/7.5/admin/policies/schedule.webp) - -When the schedule is set to Always Active, the weekly calendar is grayed-out. - -![Schedule section in a policy set to Active at Specific Times](/img/product_docs/threatprevention/7.5/admin/policies/schedulespecifictimes.webp) - -When the schedule is set to Active at Specified Times, the weekly calendar is enabled. Each block of -time on the calendar represents a 30-minute period. - -- Blue blocks – Active times for the enabled policy -- White blocks– Inactive times for the enabled policy - -The schedule can be set or modified in one of the following ways: - -- Click an individual time-block to toggle between active and inactive for a single 30-minute - period. -- Click a time-block in the All row to toggle between active and inactive for an entire column (for - all days of the week). -- Click the name of a day to toggle between active and inactive for an entire row (for a full day). diff --git a/docs/threatprevention/7.5/admin/policies/overview.md b/docs/threatprevention/7.5/admin/policies/overview.md index 2283be575b..95c9655975 100644 --- a/docs/threatprevention/7.5/admin/policies/overview.md +++ b/docs/threatprevention/7.5/admin/policies/overview.md @@ -1,3 +1,9 @@ +--- +title: "Policies Interface" +description: "Policies Interface" +sidebar_position: 80 +--- + # Policies Interface The Policies interface lists all policies that you have defined in Threat Prevention. @@ -38,7 +44,7 @@ organizing policies. A user with administrator rights can apply protection on a ![Enabled and Disabled Policies in the Navogation pane](/img/product_docs/threatprevention/7.5/admin/policies/enableddisabledpolicies.webp) -See the [Policy Configuration](/docs/threatprevention/7.5/admin/policies/configuration.md) topic for additional information on creating +See the [Policy Configuration](/docs/threatprevention/7.5/admin/policies/configuration/configuration.md) topic for additional information on creating policies. ## Right-Click Menu diff --git a/docs/threatprevention/7.5/admin/policies/recentevents/overview.md b/docs/threatprevention/7.5/admin/policies/recentevents/overview.md deleted file mode 100644 index dfd5317714..0000000000 --- a/docs/threatprevention/7.5/admin/policies/recentevents/overview.md +++ /dev/null @@ -1,131 +0,0 @@ -# Recent Events Tab - -The Recent Events tab provides information on the events that have been recently monitored or -blocked by the selected policy. See the [Investigate Interface](/docs/threatprevention/7.5/admin/investigate/overview.md) for -recent events monitored or blocked by all policies. You can also view event data configured to be -sent to syslog (SIEM) on the [SIEM Output Viewer](/docs/threatprevention/7.5/admin/configuration/siemoutputviewer.md) window. - -![Policy - Recent Events tab](/img/product_docs/threatprevention/7.5/admin/policies/recentevents/recenteventstab.webp) - -The Recent Events tab has the following options on the toolbar: - -- Recent [number] Events – Populates the data grid with the most recent events from the active - policy. Use the textbox to change the default number, i.e., 100. -- Events for Last [number] Hours –  Populates the data grid with hourly events. Use the textbox to - change the default number of hours, i.e., 3. -- Range From/To – Displays the events that occurred within the given timeframe -- Refresh button – Updates the grid with any new events -- Show All Columns – Resets hidden columns to their default location on the data grid -- Export Data– Opens the Export Data window with export actions and options. See the - [Export Data](/docs/threatprevention/7.5/admin/navigation/datagrid.md#export-data) topic for additional information. - -Example for the Events for Last [number] Hours Option - -Below is an example of how to use the Events for Last [number] Hours option: - -The number of hours set is based on UTC and is adjusted for the time zones of the Administration -Console server and the Agent that is monitoring the events. Let's assume the following: - -- The Administration Console server is in New York, USA (UTC -5) -- The option is set to display events for Last 4 Hours -- The Agent that is monitoring the events is in London, UK (UTC +0) - -If you click the Refresh button at noon New York time, then the events displayed would have been -generated between 8 A.M. and 12 P.M. New York time, or between 1 P.M. and 5 P.M. London time. - -The data grid can be filtered according to the Event Tracker Status: - -- All -- New -- Reviewed - -See the [Event Tracker Window](/docs/threatprevention/7.5/admin/policies/recentevents/eventtracker.md) topic for additional information. - -## Recent Events Data Grid - -The data grid on the Recent Events tab includes the following information for each event, listed -below in the default order of the data grid columns: - -- Event: Time Logged – Timestamp for when the event was monitored/blocked. The specified time is the - local time for the server where the Agent is deployed. Hover over the data in this column to view - the local time (of the Enterprise Manager) and UTC time simultaneously. -- Event: UTC Time Logged – UTC Timestamp for when the event was monitored/blocked by the Agent. - Hover over the data in this column to view the local time (of the Enterprise Manager) and UTC time - simultaneously. -- Affected Object: Path – Name of the affected object according to the type of monitoring/blocking - - - Active Directory monitoring/blocking – Active Directory distinguished name for the affected - object - - Effective Group Membership monitoring – Active Directory distinguished name for the affected - group. A double asterisk (\*\*) at the beginning indicates that the path is to the nested - group where the actual membership change occurred. - - Exchange monitoring/blocking – Name of the affected Exchange mailbox - - File System monitoring/blocking – Original path of the affected file or folder - - Authenticate – DN of the user object making the request - - **NOTE:** For LDAP bind/monitoring/blocking, Affected Object Path is not used - -- Agent: Domain – Active Directory domain where the Agent that monitored/blocked the event is - deployed -- Affected Object: Class – Active Directory class of the affected object -- Event: Type – Identifies the type of monitoring/blocking, e.g. Active Directory, File System, - Exchange -- Event: Raw Name – Short description of the monitored operation -- Perpetrator: DN – Distinguished name for the perpetrator account -- Agent: Computer – Server where the Agent is deployed -- Agent: IP Address – IP address of the server where the Agent is deployed -- Perpetrator: Access URL – Process name that is modifying or attempting to modify LSASS - - - LSASS Guardian monitoring/blocking – Security principal of the account affected by the event - -- Event: Success – Indicates the event completed successfully -- Event: Blocked – Indicates the Agent blocked the event from occurring -- Affected Object: SID – Security Identifier of the object/account affected by the event -- Affected Object: Account Name – Security principal of the account affected by the event -- Affected Object: GUID – The globally unique identifier of the object affected by the event -- Event: Name – Type of event monitored/blocked -- Perpetrator: Name – Security principal of the account that triggered the event -- Perpetrator: SID – Security Identifier of the account used in the event -- Perpetrator: Protocol – Protocol used for the monitored operation - - - File System monitoring/blocking – Name of the share where the operation was monitored/blocked. - It will be blank if the affected host has an operating system older than Windows Server 2008 - R2. - -- Perpetrator: IP Address –IP address of the originating host - - - File System monitoring/blocking – It will be blank if the affected host has an operating - system older than Windows Server 2008 R2. - -- Perpetrator: MAC Address – Network adapter identifier -- Perpetrator: Host – Name of the originating host -- Affected Object: IP Address – IP address of the host where the affected object resides -- Affected Object: Host – Name of the host the security principal is trying to access -- Event: Message – Result of the attempted operation -- Event: Count – Number of identical events that occurred in one minute - -Select an event to view additional information about it. - -![Recent Events tab - Additional Information for an event](/img/product_docs/threatprevention/7.5/admin/policies/recentevents/recenteventdetails.webp) - -The following information (as applicable to the event) is displayed: - -- Attribute Name – The name of the object attribute that is affected -- Operation – The operation performed on the attribute -- Old Value – Value prior to the monitored change -- New Value – Value after the monitored change - -This data grid employs features for sorting, filtering, searching, and more. See the -[ Data Grid Functionality](/docs/threatprevention/7.5/admin/navigation/datagrid.md) topic for additional information. - -## Recent Events Right-Click Menu - -Right-click on a row in the data grid to open the right-click menu. - -![Recent Events tab - Right-Click menu](/img/product_docs/threatprevention/7.5/admin/policies/recentevents/rightclickmenu.webp) - -- Copy – Copies the selected data cell to clipboard -- Event Viewer – Opens the [Event Viewer Window](/docs/threatprevention/7.5/admin/policies/recentevents/eventviewer.md) for the selected event/data row -- Event Tracker – Opens the [Event Tracker Window](/docs/threatprevention/7.5/admin/policies/recentevents/eventtracker.md) for the selected event/data row -- [Execute PS Script](/docs/threatprevention/7.5/admin/policies/recentevents/executepsscript.md) – Opens a Windows Explorer window to the scripts folder. - Enables users to run a PowerShell script for the selected event/data row. diff --git a/docs/threatprevention/7.5/admin/tags/overview.md b/docs/threatprevention/7.5/admin/tags/overview.md deleted file mode 100644 index cc4528de00..0000000000 --- a/docs/threatprevention/7.5/admin/tags/overview.md +++ /dev/null @@ -1,14 +0,0 @@ -# Tags Node - -Tags can be added to templates as an organizational tool. Tags are displaed as folders under the -TAGS node. Several preconfigured templates include tags, which are displayed after those templates -have been imported into the Administration Console. A template can have multiple tags added, and the -template is displayed in the folder for each tag. If a new tag is added, Refresh the TAGS node to -view its folder. - -![Tags node](/img/product_docs/threatprevention/7.5/admin/tags/tags.webp) - -Adding tags to a template does not create a duplicate template, but rather multiple places to access -the template from. A modification made to a template within a folder under the TAGS node is a -modification to that template no matter where it is accessed after that, i.e. from under the -Templates node or from another folder under the TAGS node. diff --git a/docs/threatprevention/7.5/admin/templates/_category_.json b/docs/threatprevention/7.5/admin/templates/_category_.json new file mode 100644 index 0000000000..8741403345 --- /dev/null +++ b/docs/threatprevention/7.5/admin/templates/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Templates Interface", + "position": 90, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/threatprevention/7.5/admin/templates/actions.md b/docs/threatprevention/7.5/admin/templates/actions.md deleted file mode 100644 index 04baacd852..0000000000 --- a/docs/threatprevention/7.5/admin/templates/actions.md +++ /dev/null @@ -1,143 +0,0 @@ -# Actions Tab - -The Actions tab is for configuring various responses, or event consumers, to the event data a policy -captures. - -![Template – Actions tab](/img/product_docs/threatprevention/7.5/admin/templates/actionstab.webp) - -The following types of actions are available: - -- Send to Events DB – Logs events to the event database for reporting, using the built-in database - event consumer -- Send to SIEM – Sends formatted messages to a SIEM server as configured in a profile -- Send to Netwrix Threat Manager – Sends data for this policy to Netwrix Threat Manager, formerly - StealthDEFEND -- Email Notifications – Sends formatted email notifications to the selected message profile -- Add Custom Scripts - - - File Actions – Records the events to a log (text) file in XML or Comma Delimited (CSV) format - - .NET Script Actions – Runs a user‐supplied script that implements an automated action in - response to the event. Scripts can be written in Visual Basic or C# - - PowerShell 4.0 Actions – Runs a user-supplied PowerShell script that implements an automated - action in response to the event - -Multiple event consumers can be configured for a single policy, even multiple event consumers of the -same type. However, only one database event consumer can be added per policy. - -Actions are configured to run on a separate thread from the policy’s event processing thread. -Incoming events have a dedicated thread/queue for processing. Email notification has a dedicated -thread/queue for processing. Custom Script actions has a dedicated thread/queue for processing. This -allows the action to process without blocking new events from going into the database while the -action completes. - -You can enable or disable an action in any of the following ways: - -- Check or uncheck the Enabled checkbox for an action in the Action Configurations list -- On selecting an action in the Action Configurations list, its details are displayed on the Actions - tab. You can check or uncheck the Enabled checkbox for the action here. - -Save all changes made to a policy or a template before leaving the configuration interface. - -## Send to Events DB - -This is the primary action and is enabled by default in new policies. It saves the event data a -policy monitors and captures to the NVMonitorData database. Typically this option is only unchecked -by Netwrix Support during a troubleshooting session or when the only desired output is a file for an -alert. Reporting uses the events database. - -## Send to SIEM - -This action is added by selecting the desired SIEM profile to be the recipient of the SIEM -notifications from the drop-down menu. Only SIEM profiles previously created are available for -selection. This action can also be assigned on the -[SIEM Tab](/docs/threatprevention/7.5/admin/configuration/systemalerting/siem.md) of the System Alerting Window. - -All notifications sent to SIEM are also displayed on the -[SIEM Output Viewer](/docs/threatprevention/7.5/admin/configuration/siemoutputviewer.md) window. - -**NOTE:** To enable this feature, a Threat Prevention administrator must first establish a -connection with the SIEM server and configure the mapping file through the -[System Alerting Window](/docs/threatprevention/7.5/admin/configuration/systemalerting/overview.md). - -## Send to Netwrix Threat Manager - -This action can be checked to send event data for the policy to Netwrix Threat Manager. This is -specific to integration with a full version deployment of Netwrix Threat Manager. The Netwrix Threat -Manager Reporting Module uses the NVMonitorData database (Send to Events DB option) for reporting -purposes. - -**NOTE:** To enable this feature, the Web Request Action Module (Netwrix Threat Manager URI) must be -created and configured by a Threat Prevention administrator through the -[Event Sink Tab](/docs/threatprevention/7.5/admin/configuration/threatmanagerconfiguration.md#event-sink-tab) on the Netwrix -Threat Manager Configuration window. - -## Email Notifications - -**CAUTION:** Email notifications should not be used on highly active policies. Please reserve this -feature for policies where immediate notification of an event is needed. - -To enable email notifications, select the desired message profile to be recipient of the email -notifications from the drop-down menu. Only message profiles previously created are available for -selection. This action can also be assigned on the -[System Alerting Window](/docs/threatprevention/7.5/admin/configuration/systemalerting/overview.md). - -![Actions tab - Email Notifications section](/img/product_docs/threatprevention/7.5/admin/policies/actions/emailnotificationssetup.webp) - -Enable the Email Notifications checkbox, select a message profile and then choose to enable the -**Prevent Repeat Emails by** option. If enabled: - -- Select the radio button for either Policy or Subject: - - - Policy – Threat Prevention will send an email notification for the first event only, and skip - notifications for any other events captured by the same policy during the duration you specify - in the boxes below. - - Subject – Threat Prevention will send an email notification (say, Notification1) for the first - event only, and skip notifications for any other events whose email notification will have the - same subject line as Notification1. It will skip sending notifications for the duration you - specify in the boxes below. Note that the subject line is configured within the message - profile. - -- Set the duration (in minutes or hours) for which emails notifications are skipped after an email - is sent for a policy/subject line. - -Example: - -In the following example, let’s assume you have the following settings for Prevent Repeat Emails by: - -- Option selected: Policy -- Duration set: 5 minutes - -In a situation where Threat Prevention captures 15 events in 5 minutes against a policy, an email -notification will be sent in real time for the first event only. The remaining events will be logged -in the application but email notifications will not be generated. - -Two hours later, when another event is captured against that same policy, Threat Prevention will -send an email notification for it. If more events are captured within the next five minutes, email -notifications will not be generated. - -**NOTE:** To enable email notifications, the SMTP gateway must first be configured and message -profiles created by a Threat Prevention  administrator, which is done through the -[System Alerting Window](/docs/threatprevention/7.5/admin/configuration/systemalerting/overview.md). - -## Custom Scripts - -In the Actions Configurations area at the top of the tab, assigned File, .NET Script, or PowerShell -4.0 actions are listed with their name, type, description, and whether they are enabled or disabled. - -- Click **Add** (+) to open the Add Action window. Choose the type of action and configure the - script. -- Use the Remove (x) button to delete a custom script action from a policy. - -See the following topics for additional information: - -- [File Actions](/docs/threatprevention/7.5/admin/policies/actions/file.md) -- [.NET Script Actions](/docs/threatprevention/7.5/admin/policies/actions/netscript.md) - - - Optionally, custom scripts can be provided through a Netwrix Statement of Work. - -- [PowerShell 4.0 Actions](/docs/threatprevention/7.5/admin/policies/actions/powershell.md) - - - Optionally, custom scripts can be provided through a Netwrix Statement of Work. - -**NOTE:** There are custom scripts created by Netwrix Engineers that execute the notification -emails. See the [Custom Scripts](/docs/threatprevention/7.5/admin/templates/folder/actions.md#custom-scripts) topic for additional information. diff --git a/docs/threatprevention/7.5/admin/templates/configuration.md b/docs/threatprevention/7.5/admin/templates/configuration.md deleted file mode 100644 index b20cb90af7..0000000000 --- a/docs/threatprevention/7.5/admin/templates/configuration.md +++ /dev/null @@ -1,12 +0,0 @@ -# Template Configuration - -A Threat Prevention template has many elements that define the objects and events it monitors or -blocks, where it looks in networks, and when it is active. These policy attributes are organized -into the following major components: - -- [General Tab](/docs/threatprevention/7.5/admin/templates/general.md) -- [Event Type Tab](/docs/threatprevention/7.5/admin/templates/eventtype.md) -- [Actions Tab](/docs/threatprevention/7.5/admin/templates/actions.md) (Event Consumers) - -Each major component has its own tabbed view. A policy requires at least the General tab and Event -Type tab to be configured before it properly functions. The Actions tab is optional. diff --git a/docs/threatprevention/7.5/admin/templates/configuration/_category_.json b/docs/threatprevention/7.5/admin/templates/configuration/_category_.json new file mode 100644 index 0000000000..1ccf7e97af --- /dev/null +++ b/docs/threatprevention/7.5/admin/templates/configuration/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Template Configuration", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "configuration" + } +} \ No newline at end of file diff --git a/docs/threatprevention/7.5/admin/templates/configuration/actions.md b/docs/threatprevention/7.5/admin/templates/configuration/actions.md new file mode 100644 index 0000000000..dd3e4ba107 --- /dev/null +++ b/docs/threatprevention/7.5/admin/templates/configuration/actions.md @@ -0,0 +1,149 @@ +--- +title: "Actions Tab" +description: "Actions Tab" +sidebar_position: 30 +--- + +# Actions Tab + +The Actions tab is for configuring various responses, or event consumers, to the event data a policy +captures. + +![Template – Actions tab](/img/product_docs/threatprevention/7.5/admin/templates/actionstab.webp) + +The following types of actions are available: + +- Send to Events DB – Logs events to the event database for reporting, using the built-in database + event consumer +- Send to SIEM – Sends formatted messages to a SIEM server as configured in a profile +- Send to Netwrix Threat Manager – Sends data for this policy to Netwrix Threat Manager, formerly + StealthDEFEND +- Email Notifications – Sends formatted email notifications to the selected message profile +- Add Custom Scripts + + - File Actions – Records the events to a log (text) file in XML or Comma Delimited (CSV) format + - .NET Script Actions – Runs a user‐supplied script that implements an automated action in + response to the event. Scripts can be written in Visual Basic or C# + - PowerShell 4.0 Actions – Runs a user-supplied PowerShell script that implements an automated + action in response to the event + +Multiple event consumers can be configured for a single policy, even multiple event consumers of the +same type. However, only one database event consumer can be added per policy. + +Actions are configured to run on a separate thread from the policy’s event processing thread. +Incoming events have a dedicated thread/queue for processing. Email notification has a dedicated +thread/queue for processing. Custom Script actions has a dedicated thread/queue for processing. This +allows the action to process without blocking new events from going into the database while the +action completes. + +You can enable or disable an action in any of the following ways: + +- Check or uncheck the Enabled checkbox for an action in the Action Configurations list +- On selecting an action in the Action Configurations list, its details are displayed on the Actions + tab. You can check or uncheck the Enabled checkbox for the action here. + +Save all changes made to a policy or a template before leaving the configuration interface. + +## Send to Events DB + +This is the primary action and is enabled by default in new policies. It saves the event data a +policy monitors and captures to the NVMonitorData database. Typically this option is only unchecked +by Netwrix Support during a troubleshooting session or when the only desired output is a file for an +alert. Reporting uses the events database. + +## Send to SIEM + +This action is added by selecting the desired SIEM profile to be the recipient of the SIEM +notifications from the drop-down menu. Only SIEM profiles previously created are available for +selection. This action can also be assigned on the +[SIEM Tab](/docs/threatprevention/7.5/admin/configuration/systemalerting/siem.md) of the System Alerting Window. + +All notifications sent to SIEM are also displayed on the +[SIEM Output Viewer](/docs/threatprevention/7.5/admin/configuration/siemoutputviewer.md) window. + +**NOTE:** To enable this feature, a Threat Prevention administrator must first establish a +connection with the SIEM server and configure the mapping file through the +[System Alerting Window](/docs/threatprevention/7.5/admin/configuration/systemalerting/overview.md). + +## Send to Netwrix Threat Manager + +This action can be checked to send event data for the policy to Netwrix Threat Manager. This is +specific to integration with a full version deployment of Netwrix Threat Manager. The Netwrix Threat +Manager Reporting Module uses the NVMonitorData database (Send to Events DB option) for reporting +purposes. + +**NOTE:** To enable this feature, the Web Request Action Module (Netwrix Threat Manager URI) must be +created and configured by a Threat Prevention administrator through the +[Event Sink Tab](/docs/threatprevention/7.5/admin/configuration/threatmanagerconfiguration.md#event-sink-tab) on the Netwrix +Threat Manager Configuration window. + +## Email Notifications + +**CAUTION:** Email notifications should not be used on highly active policies. Please reserve this +feature for policies where immediate notification of an event is needed. + +To enable email notifications, select the desired message profile to be recipient of the email +notifications from the drop-down menu. Only message profiles previously created are available for +selection. This action can also be assigned on the +[System Alerting Window](/docs/threatprevention/7.5/admin/configuration/systemalerting/overview.md). + +![Actions tab - Email Notifications section](/img/product_docs/threatprevention/7.5/admin/policies/actions/emailnotificationssetup.webp) + +Enable the Email Notifications checkbox, select a message profile and then choose to enable the +**Prevent Repeat Emails by** option. If enabled: + +- Select the radio button for either Policy or Subject: + + - Policy – Threat Prevention will send an email notification for the first event only, and skip + notifications for any other events captured by the same policy during the duration you specify + in the boxes below. + - Subject – Threat Prevention will send an email notification (say, Notification1) for the first + event only, and skip notifications for any other events whose email notification will have the + same subject line as Notification1. It will skip sending notifications for the duration you + specify in the boxes below. Note that the subject line is configured within the message + profile. + +- Set the duration (in minutes or hours) for which emails notifications are skipped after an email + is sent for a policy/subject line. + +Example: + +In the following example, let’s assume you have the following settings for Prevent Repeat Emails by: + +- Option selected: Policy +- Duration set: 5 minutes + +In a situation where Threat Prevention captures 15 events in 5 minutes against a policy, an email +notification will be sent in real time for the first event only. The remaining events will be logged +in the application but email notifications will not be generated. + +Two hours later, when another event is captured against that same policy, Threat Prevention will +send an email notification for it. If more events are captured within the next five minutes, email +notifications will not be generated. + +**NOTE:** To enable email notifications, the SMTP gateway must first be configured and message +profiles created by a Threat Prevention  administrator, which is done through the +[System Alerting Window](/docs/threatprevention/7.5/admin/configuration/systemalerting/overview.md). + +## Custom Scripts + +In the Actions Configurations area at the top of the tab, assigned File, .NET Script, or PowerShell +4.0 actions are listed with their name, type, description, and whether they are enabled or disabled. + +- Click **Add** (+) to open the Add Action window. Choose the type of action and configure the + script. +- Use the Remove (x) button to delete a custom script action from a policy. + +See the following topics for additional information: + +- [File Actions](/docs/threatprevention/7.5/admin/policies/configuration/actions/file.md) +- [.NET Script Actions](/docs/threatprevention/7.5/admin/policies/configuration/actions/netscript.md) + + - Optionally, custom scripts can be provided through a Netwrix Statement of Work. + +- [PowerShell 4.0 Actions](/docs/threatprevention/7.5/admin/policies/configuration/actions/powershell.md) + + - Optionally, custom scripts can be provided through a Netwrix Statement of Work. + +**NOTE:** There are custom scripts created by Netwrix Engineers that execute the notification +emails. See the [Custom Scripts](/docs/threatprevention/7.5/admin/templates/folder/actions/actions.md#custom-scripts) topic for additional information. diff --git a/docs/threatprevention/7.5/admin/templates/configuration/configuration.md b/docs/threatprevention/7.5/admin/templates/configuration/configuration.md new file mode 100644 index 0000000000..fc367f1b7c --- /dev/null +++ b/docs/threatprevention/7.5/admin/templates/configuration/configuration.md @@ -0,0 +1,18 @@ +--- +title: "Template Configuration" +description: "Template Configuration" +sidebar_position: 10 +--- + +# Template Configuration + +A Threat Prevention template has many elements that define the objects and events it monitors or +blocks, where it looks in networks, and when it is active. These policy attributes are organized +into the following major components: + +- [General Tab](/docs/threatprevention/7.5/admin/templates/configuration/general.md) +- [Event Type Tab](/docs/threatprevention/7.5/admin/templates/configuration/eventtype.md) +- [Actions Tab](/docs/threatprevention/7.5/admin/templates/configuration/actions.md) (Event Consumers) + +Each major component has its own tabbed view. A policy requires at least the General tab and Event +Type tab to be configured before it properly functions. The Actions tab is optional. diff --git a/docs/threatprevention/7.5/admin/templates/configuration/eventtype.md b/docs/threatprevention/7.5/admin/templates/configuration/eventtype.md new file mode 100644 index 0000000000..e9a4f65877 --- /dev/null +++ b/docs/threatprevention/7.5/admin/templates/configuration/eventtype.md @@ -0,0 +1,79 @@ +--- +title: "Event Type Tab" +description: "Event Type Tab" +sidebar_position: 20 +--- + +# Event Type Tab + +The Event Type tab enables you to define the objects and events that Threat Prevention +monitors/blocks. + +![Template – Event Type Tab](/img/product_docs/threatprevention/7.5/admin/templates/eventtypetab.webp) + +Each event type represents what is monitored or blocked. Event filters are used to either narrow or +broaden the scope of the monitoring/blocking as desired. Click **Add** (+) to open the Event +Selection window. Your licensed modules determine what event types are available. Event types that +are not available or not licensed are grayed-out but visible in the Event Selection window. See the +[License Manager Window](/docs/threatprevention/7.5/admin/navigation/licensemanager.md) topic for information. + +## Event Selection Window + +![Event Type tab - Event Selection window](/img/product_docs/threatprevention/7.5/admin/policies/eventtype/eventselection.webp) + +Check the box for the desired event type and click **OK**. The corresponding event filters show at +the bottom of the Event Type tab. Multiple event types can be assigned to a policy. + +**_RECOMMENDED:_** Create different policies for different event types for reporting purposes. +Otherwise, one report will have a mix of different types of data. There are a few exceptions to this +feature. + +Once the event type to be monitored by the policy is selected, use the filters to scope the policy. + +Each filter tab acts like an "AND" statement for the filter. Any filter tab left blank is treated +like an "ALL" for that filter set. + +Save all changes made to a policy or a template before leaving the configuration interface. + +See the following topics for additional details: + +- [Active Directory Changes Event Type](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/activedirectorychanges.md) +- [Active Directory Lockdown Event Type](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/activedirectorylockdown.md) +- [Active Directory Read Monitoring Event Type](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/activedirectoryreadmonitoring.md) +- [AD Replication Monitoring Event Type](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/adreplicationmonitoring.md) +- [AD Replication Lockdown Event Type](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/adreplicationlockdown.md) +- [Authentication Monitoring Event Type](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/authenticationmonitoring.md) +- [Authentication Lockdown Event Type](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/authenticationlockdown.md) +- [Effective Group Membership Event Type](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/effectivegroupmembership.md) +- [Exchange Changes Event Type](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/exchangechanges.md) +- [Exchange Lockdown Event Type](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/exchangelockdown.md) +- [File System Changes Event Type](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/filesystemchanges/filesystemchanges.md) +- [File System Lockdown Event Type](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/filesystemlockdown.md) +- [File System Enterprise Auditor Event Type](/docs/threatprevention/7.5/admin/policies/eventtype/filesystemaccessanalyzer.md) +- [FSMO Role Monitoring Event Type](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/fsmorolemonitoring.md) +- [GPO Setting Changes Event Type](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/gposettingchanges.md) +- [GPO Setting Lockdown Event Type](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/gposettinglockdown.md) +- [LSASS Guardian – Monitor Event Type](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/lsassguardianmonitor.md) +- [LSASS Guardian – Protect Event Type](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/lsassguardianprotect.md) +- [Password Enforcement Event Type](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/passwordenforcement/passwordenforcement.md) +- [LDAP Monitoring Event Type](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/ldapmonitoring/ldapmonitoring.md) +- [LDAP Lockdown Event Type](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/ldaplockdown.md) +- [LDAP Bind Monitoring Event Type](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/ldapbindmonitoring.md) + +## Event Filters Overview + +Policies are scoped using the Event Filters tabs ascribed to the policy on the basis of the event +type selected on the Event Selection Window. + +The filters appear on the Event Type tab when an event type is selected. + +Several filters allow for both an Include and an Exclude list to be set together. The Exclude list +takes precedence over the Include list. If an item is part of both lists, then when an event comes +through with that item, it is excluded. + +When using a Lockdown Event Type, it is necessary to decide between Block or Allow for the filter. + +- Block – Blocks all items added to the list, or if the list is left blank, it blocks all items for + that filter category +- Allow – Only allows items added to the list and blocks all others. If the list is left blank, it + allows all items for that filter category. diff --git a/docs/threatprevention/7.5/admin/templates/configuration/general.md b/docs/threatprevention/7.5/admin/templates/configuration/general.md new file mode 100644 index 0000000000..1367f3bceb --- /dev/null +++ b/docs/threatprevention/7.5/admin/templates/configuration/general.md @@ -0,0 +1,84 @@ +--- +title: "General Tab" +description: "General Tab" +sidebar_position: 10 +--- + +# General Tab + +The General tab is for editing the basic attributes of the template. + +![Template – General Tab](/img/product_docs/threatprevention/7.5/admin/templates/generaltab.webp) + +Name + +The name should be unique and descriptive. It is displayed for a template in the list on the +[Templates Interface](/docs/threatprevention/7.5/admin/templates/overview.md). + +Description + +The description is optional but recommended. Since each policy can be configured to be as broad or +narrow as desired, the name combined with the description should clearly explain what objects and +events it monitors/blocks, where in the network it looks, and when it is active. The description is +displayed for a template in the list on the [Templates Interface](/docs/threatprevention/7.5/admin/templates/overview.md). + +All changes made to a template must be saved before leaving the configuration interface. + +## Tags + +Tags are enabled as an organizational tool for templates only. Many preconfigured templates have +tags that enable users to quickly find a desired template through various groupings. Tags do not +create a duplicate template, but rather display the template in different folders under the TAGS +node. Multiple tags can be identified for a template with a comma-separated list. New tags can be +created, which create a new folder under the TAGS node. Use the right-click Refresh option on the +TAGS node in the Navigation pane to display new tags and/or display template-tag modifications. See +the [Tags Node](/docs/threatprevention/7.5/admin/overview_1.md) topic for additional information. + +## History + +History details in the center of the General tab are automatically populated on creation or +modification. + +![Policy - General tab > History section](/img/product_docs/threatprevention/7.5/admin/policies/history.webp) + +It contains read-only information on who created the template (Added by), when the template was +created (Added on), who made the latest modification (Modified by), and when the latest modification +occurred (Modified on). + +## Schedule + +The schedule is for setting the time period for an enabled policy to monitor or block events. + +| Icon | Label | Represents | +| ------------------------------------------------------------------------------------------------------------------- | ------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| ![alwaysactivebutton](/img/product_docs/threatprevention/7.5/admin/policies/alwaysactivebutton.webp) | Always Active | Indicates the policy will be active at all times when enabled. This is the default setting | +| ![specifictimesbutton](/img/product_docs/threatprevention/7.5/admin/policies/specifictimesbutton.webp) | Active at Specified Times | Indicates the policy will be active only at the specified times when enabled. There are two options for setting the specified times: - Local Server Time – Schedule is set according to the local server’s time - UTC Time – Schedule is set according to the Universal Time (UTC) | + +Any new policy created from a template automatically applies the template’s setting, which can then +be modified as desired. Schedule details are displayed for a template in the list on the +[Templates Interface](/docs/threatprevention/7.5/admin/templates/overview.md). Active at Specified Times is represented by a clock icon, and +Always Active is represented with no icon, or blank. + +Weekly Calendar + +The weekly calendar at the bottom of the schedule section is where the schedule is set. + +![Schedule section in a policy set to Always Active](/img/product_docs/threatprevention/7.5/admin/configuration/databasemaintenance/schedule.webp) + +When the schedule is set to Always Active, the weekly calendar is grayed-out. + +![Schedule section in a policy set to Active at Specific Times](/img/product_docs/threatprevention/7.5/admin/policies/schedulespecifictimes.webp) + +When the schedule is set to Active at Specified Times, the weekly calendar is enabled. Each block of +time on the calendar represents a 30-minute period. + +- Blue blocks – Active times for the enabled policy +- White blocks– Inactive times for the enabled policy + +The schedule can be set or modified in one of the following ways: + +- Click an individual time-block to toggle between active and inactive for a single 30-minute + period. +- Click a time-block in the All row to toggle between active and inactive for an entire column (for + all days of the week). +- Click the name of a day to toggle between active and inactive for an entire row (for a full day). diff --git a/docs/threatprevention/7.5/admin/templates/createpolicy.md b/docs/threatprevention/7.5/admin/templates/createpolicy.md index 23737cbfe9..533b973364 100644 --- a/docs/threatprevention/7.5/admin/templates/createpolicy.md +++ b/docs/threatprevention/7.5/admin/templates/createpolicy.md @@ -1,3 +1,9 @@ +--- +title: "Use a Template to Create a Policy" +description: "Use a Template to Create a Policy" +sidebar_position: 30 +--- + # Use a Template to Create a Policy You can use a policy template to create a policy. All settings in the template are copied to the @@ -21,22 +27,22 @@ Follow the steps to customize a policy that was created from a template. **Step 1 –** Click Policies in the Navigation pane and open the policy you created from a template. -**Step 2 –** If desired, on the [General Tab](/docs/threatprevention/7.5/admin/policies/general.md) select the Active At Specified +**Step 2 –** If desired, on the [General Tab](/docs/threatprevention/7.5/admin/policies/configuration/general.md) select the Active At Specified Times option and then set the schedule. **CAUTION:** Use cation with _all Lockdown/Blocking Templates_! Blank filters result in _everything_ being locked down or blocked. -**Step 3 –** On the [Event Type Tab](/docs/threatprevention/7.5/admin/policies/eventtype/overview.md), configure the Event Filters +**Step 3 –** On the [Event Type Tab](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/overview.md), configure the Event Filters that are specific to each environment. _Remember,_ Each filter tab acts like an "AND" statement for the filter. Any filter tab left blank is treated like an "ALL" for that filter set. -**Step 4 –** If desired, on the [Actions Tab](/docs/threatprevention/7.5/admin/policies/actions/overview.md) assign any actions to +**Step 4 –** If desired, on the [Actions Tab](/docs/threatprevention/7.5/admin/policies/configuration/actions/overview.md) assign any actions to be a part of this policy. -**Step 5 –** Return to the [General Tab](/docs/threatprevention/7.5/admin/policies/general.md) and check the **Enabled** box to +**Step 5 –** Return to the [General Tab](/docs/threatprevention/7.5/admin/policies/configuration/general.md) and check the **Enabled** box to activate the policy. Click **Save**. When the last step is completed, this policy is sent, real-time, to the individual Agents and diff --git a/docs/threatprevention/7.5/admin/templates/eventtype.md b/docs/threatprevention/7.5/admin/templates/eventtype.md deleted file mode 100644 index a3a838bade..0000000000 --- a/docs/threatprevention/7.5/admin/templates/eventtype.md +++ /dev/null @@ -1,73 +0,0 @@ -# Event Type Tab - -The Event Type tab enables you to define the objects and events that Threat Prevention -monitors/blocks. - -![Template – Event Type Tab](/img/product_docs/threatprevention/7.5/admin/templates/eventtypetab.webp) - -Each event type represents what is monitored or blocked. Event filters are used to either narrow or -broaden the scope of the monitoring/blocking as desired. Click **Add** (+) to open the Event -Selection window. Your licensed modules determine what event types are available. Event types that -are not available or not licensed are grayed-out but visible in the Event Selection window. See the -[License Manager Window](/docs/threatprevention/7.5/admin/navigation/licensemanager.md) topic for information. - -## Event Selection Window - -![Event Type tab - Event Selection window](/img/product_docs/threatprevention/7.5/admin/policies/eventtype/eventselection.webp) - -Check the box for the desired event type and click **OK**. The corresponding event filters show at -the bottom of the Event Type tab. Multiple event types can be assigned to a policy. - -**_RECOMMENDED:_** Create different policies for different event types for reporting purposes. -Otherwise, one report will have a mix of different types of data. There are a few exceptions to this -feature. - -Once the event type to be monitored by the policy is selected, use the filters to scope the policy. - -Each filter tab acts like an "AND" statement for the filter. Any filter tab left blank is treated -like an "ALL" for that filter set. - -Save all changes made to a policy or a template before leaving the configuration interface. - -See the following topics for additional details: - -- [Active Directory Changes Event Type](/docs/threatprevention/7.5/admin/policies/eventtype/activedirectorychanges.md) -- [Active Directory Lockdown Event Type](/docs/threatprevention/7.5/admin/policies/eventtype/activedirectorylockdown.md) -- [Active Directory Read Monitoring Event Type](/docs/threatprevention/7.5/admin/policies/eventtype/activedirectoryreadmonitoring.md) -- [AD Replication Monitoring Event Type](/docs/threatprevention/7.5/admin/policies/eventtype/adreplicationmonitoring.md) -- [AD Replication Lockdown Event Type](/docs/threatprevention/7.5/admin/policies/eventtype/adreplicationlockdown.md) -- [Authentication Monitoring Event Type](/docs/threatprevention/7.5/admin/policies/eventtype/authenticationmonitoring.md) -- [Authentication Lockdown Event Type](/docs/threatprevention/7.5/admin/policies/eventtype/authenticationlockdown.md) -- [Effective Group Membership Event Type](/docs/threatprevention/7.5/admin/policies/eventtype/effectivegroupmembership.md) -- [Exchange Changes Event Type](/docs/threatprevention/7.5/admin/policies/eventtype/exchangechanges.md) -- [Exchange Lockdown Event Type](/docs/threatprevention/7.5/admin/policies/eventtype/exchangelockdown.md) -- [File System Changes Event Type](/docs/threatprevention/7.5/admin/policies/eventtype/filesystemchanges.md) -- [File System Lockdown Event Type](/docs/threatprevention/7.5/admin/policies/eventtype/filesystemlockdown.md) -- [File System Enterprise Auditor Event Type](/docs/threatprevention/7.5/admin/policies/eventtype/filesystemaccessanalyzer.md) -- [FSMO Role Monitoring Event Type](/docs/threatprevention/7.5/admin/policies/eventtype/fsmorolemonitoring.md) -- [GPO Setting Changes Event Type](/docs/threatprevention/7.5/admin/policies/eventtype/gposettingchanges.md) -- [GPO Setting Lockdown Event Type](/docs/threatprevention/7.5/admin/policies/eventtype/gposettinglockdown.md) -- [LSASS Guardian – Monitor Event Type](/docs/threatprevention/7.5/admin/policies/eventtype/lsassguardianmonitor.md) -- [LSASS Guardian – Protect Event Type](/docs/threatprevention/7.5/admin/policies/eventtype/lsassguardianprotect.md) -- [Password Enforcement Event Type](/docs/threatprevention/7.5/admin/policies/eventtype/passwordenforcement.md) -- [LDAP Monitoring Event Type](/docs/threatprevention/7.5/admin/policies/eventtype/ldapmonitoring.md) -- [LDAP Lockdown Event Type](/docs/threatprevention/7.5/admin/policies/eventtype/ldaplockdown.md) -- [LDAP Bind Monitoring Event Type](/docs/threatprevention/7.5/admin/policies/eventtype/ldapbindmonitoring.md) - -## Event Filters Overview - -Policies are scoped using the Event Filters tabs ascribed to the policy on the basis of the event -type selected on the Event Selection Window. - -The filters appear on the Event Type tab when an event type is selected. - -Several filters allow for both an Include and an Exclude list to be set together. The Exclude list -takes precedence over the Include list. If an item is part of both lists, then when an event comes -through with that item, it is excluded. - -When using a Lockdown Event Type, it is necessary to decide between Block or Allow for the filter. - -- Block – Blocks all items added to the list, or if the list is left blank, it blocks all items for - that filter category -- Allow – Only allows items added to the list and blocks all others. If the list is left blank, it - allows all items for that filter category. diff --git a/docs/threatprevention/7.5/admin/templates/folder/_category_.json b/docs/threatprevention/7.5/admin/templates/folder/_category_.json new file mode 100644 index 0000000000..31e4141364 --- /dev/null +++ b/docs/threatprevention/7.5/admin/templates/folder/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Pre-Created Templates", + "position": 20, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/threatprevention/7.5/admin/templates/folder/actions.md b/docs/threatprevention/7.5/admin/templates/folder/actions.md deleted file mode 100644 index 5c51aff7e7..0000000000 --- a/docs/threatprevention/7.5/admin/templates/folder/actions.md +++ /dev/null @@ -1,29 +0,0 @@ -# Action Folder Templates - -The Actions folder contains the following templates: - -| Template | Description | TAGS | -| ---------------------------------------------------------------------------------------- | ------------------------------------------------------------------- | ----------------- | -| AD Changes: Notify Admin about sensitive group membership changes for sensitive accounts | Notify Admin about group membership changes for sensitive accounts. | NEW 6.0 TEMPLATES | -| AD Changes: Notify Admin about sensitive group membership changes | Notify Admin about sensitive group membership changes | NEW 6.0 TEMPLATES | -| AD Changes: Notify Admin that account is now enabled | Notify Admin that account is now enabled | NEW 5.2 TEMPLATES | -| AD Changes: Notify Admin that account now has Password Never Expires | Notify Admin that account now has Password Never Expires | NEW 5.2 TEMPLATES | -| AD Changes: Notify user about his group membership changes | Notify user about his group membership changes | NEW 6.0 TEMPLATES | -| AD Changes: Notify user that his account was locked/unlocked | Notify user that his account was locked/unlocked | NEW 5.2 TEMPLATES | -| AD Changes: Notify User that his password changed | Notify User that his password changed | NEW 5.2 TEMPLATES | -| EPE: Notify Perpetrator that password was rejected | Notify Perpetrator that password was rejected by EPE policy | NEW 5.2 TEMPLATES | - -See Appendix E for the full scripts used in these templates. - -## Custom Scripts - -These are custom scripts created by Netwrix Engineers that execute the following notification -emails: - -- [Account Enablement Custom Script](/docs/threatprevention/7.5/admin/templates/folder/scripts/accountenablement.md) -- [Password Never Expires Custom Script](/docs/threatprevention/7.5/admin/templates/folder/scripts/passwordneverexpires.md) -- [Lock and/or Unlock Account Custom Script](/docs/threatprevention/7.5/admin/templates/folder/scripts/lockunlockaccount.md) -- [Password Changes Custom Script](/docs/threatprevention/7.5/admin/templates/folder/scripts/passwordchanges.md) -- [Password Rejection Custom Script](/docs/threatprevention/7.5/admin/templates/folder/scripts/passwordrejection.md) - -All of the actions above are used in templates found within the Actions Policy Templates folder. diff --git a/docs/threatprevention/7.5/admin/templates/folder/actions/_category_.json b/docs/threatprevention/7.5/admin/templates/folder/actions/_category_.json new file mode 100644 index 0000000000..45c61dbc92 --- /dev/null +++ b/docs/threatprevention/7.5/admin/templates/folder/actions/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Action Folder Templates", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "actions" + } +} \ No newline at end of file diff --git a/docs/threatprevention/7.5/admin/templates/folder/scripts/accountenablement.md b/docs/threatprevention/7.5/admin/templates/folder/actions/accountenablement.md similarity index 96% rename from docs/threatprevention/7.5/admin/templates/folder/scripts/accountenablement.md rename to docs/threatprevention/7.5/admin/templates/folder/actions/accountenablement.md index d0503ac833..db4c4a64fe 100644 --- a/docs/threatprevention/7.5/admin/templates/folder/scripts/accountenablement.md +++ b/docs/threatprevention/7.5/admin/templates/folder/actions/accountenablement.md @@ -1,3 +1,9 @@ +--- +title: "Account Enablement Custom Script" +description: "Account Enablement Custom Script" +sidebar_position: 10 +--- + # Account Enablement Custom Script The following C# script sends an email notification to the specified administrator when an Active diff --git a/docs/threatprevention/7.5/admin/templates/folder/actions/actions.md b/docs/threatprevention/7.5/admin/templates/folder/actions/actions.md new file mode 100644 index 0000000000..080b8a3edd --- /dev/null +++ b/docs/threatprevention/7.5/admin/templates/folder/actions/actions.md @@ -0,0 +1,35 @@ +--- +title: "Action Folder Templates" +description: "Action Folder Templates" +sidebar_position: 10 +--- + +# Action Folder Templates + +The Actions folder contains the following templates: + +| Template | Description | TAGS | +| ---------------------------------------------------------------------------------------- | ------------------------------------------------------------------- | ----------------- | +| AD Changes: Notify Admin about sensitive group membership changes for sensitive accounts | Notify Admin about group membership changes for sensitive accounts. | NEW 6.0 TEMPLATES | +| AD Changes: Notify Admin about sensitive group membership changes | Notify Admin about sensitive group membership changes | NEW 6.0 TEMPLATES | +| AD Changes: Notify Admin that account is now enabled | Notify Admin that account is now enabled | NEW 5.2 TEMPLATES | +| AD Changes: Notify Admin that account now has Password Never Expires | Notify Admin that account now has Password Never Expires | NEW 5.2 TEMPLATES | +| AD Changes: Notify user about his group membership changes | Notify user about his group membership changes | NEW 6.0 TEMPLATES | +| AD Changes: Notify user that his account was locked/unlocked | Notify user that his account was locked/unlocked | NEW 5.2 TEMPLATES | +| AD Changes: Notify User that his password changed | Notify User that his password changed | NEW 5.2 TEMPLATES | +| EPE: Notify Perpetrator that password was rejected | Notify Perpetrator that password was rejected by EPE policy | NEW 5.2 TEMPLATES | + +See Appendix E for the full scripts used in these templates. + +## Custom Scripts + +These are custom scripts created by Netwrix Engineers that execute the following notification +emails: + +- [Account Enablement Custom Script](/docs/threatprevention/7.5/admin/templates/folder/actions/accountenablement.md) +- [Password Never Expires Custom Script](/docs/threatprevention/7.5/admin/templates/folder/actions/passwordneverexpires.md) +- [Lock and/or Unlock Account Custom Script](/docs/threatprevention/7.5/admin/templates/folder/actions/lockunlockaccount.md) +- [Password Changes Custom Script](/docs/threatprevention/7.5/admin/templates/folder/actions/passwordchanges.md) +- [Password Rejection Custom Script](/docs/threatprevention/7.5/admin/templates/folder/actions/passwordrejection.md) + +All of the actions above are used in templates found within the Actions Policy Templates folder. diff --git a/docs/threatprevention/7.5/admin/templates/folder/scripts/lockunlockaccount.md b/docs/threatprevention/7.5/admin/templates/folder/actions/lockunlockaccount.md similarity index 96% rename from docs/threatprevention/7.5/admin/templates/folder/scripts/lockunlockaccount.md rename to docs/threatprevention/7.5/admin/templates/folder/actions/lockunlockaccount.md index 407496a19f..7f61ab29fd 100644 --- a/docs/threatprevention/7.5/admin/templates/folder/scripts/lockunlockaccount.md +++ b/docs/threatprevention/7.5/admin/templates/folder/actions/lockunlockaccount.md @@ -1,3 +1,9 @@ +--- +title: "Lock and/or Unlock Account Custom Script" +description: "Lock and/or Unlock Account Custom Script" +sidebar_position: 30 +--- + # Lock and/or Unlock Account Custom Script The following C# script sends an email notification to the specified user when an Active Directory diff --git a/docs/threatprevention/7.5/admin/templates/folder/scripts/passwordchanges.md b/docs/threatprevention/7.5/admin/templates/folder/actions/passwordchanges.md similarity index 97% rename from docs/threatprevention/7.5/admin/templates/folder/scripts/passwordchanges.md rename to docs/threatprevention/7.5/admin/templates/folder/actions/passwordchanges.md index 6b7e4e20c8..92be803455 100644 --- a/docs/threatprevention/7.5/admin/templates/folder/scripts/passwordchanges.md +++ b/docs/threatprevention/7.5/admin/templates/folder/actions/passwordchanges.md @@ -1,3 +1,9 @@ +--- +title: "Password Changes Custom Script" +description: "Password Changes Custom Script" +sidebar_position: 40 +--- + # Password Changes Custom Script The following C# script sends an email notification to the specified user when their Active diff --git a/docs/threatprevention/7.5/admin/templates/folder/scripts/passwordneverexpires.md b/docs/threatprevention/7.5/admin/templates/folder/actions/passwordneverexpires.md similarity index 97% rename from docs/threatprevention/7.5/admin/templates/folder/scripts/passwordneverexpires.md rename to docs/threatprevention/7.5/admin/templates/folder/actions/passwordneverexpires.md index 706fad120e..dc054d0187 100644 --- a/docs/threatprevention/7.5/admin/templates/folder/scripts/passwordneverexpires.md +++ b/docs/threatprevention/7.5/admin/templates/folder/actions/passwordneverexpires.md @@ -1,3 +1,9 @@ +--- +title: "Password Never Expires Custom Script" +description: "Password Never Expires Custom Script" +sidebar_position: 20 +--- + # Password Never Expires Custom Script The following C# script sends an email notification to the specified administrator when an Active diff --git a/docs/threatprevention/7.5/admin/templates/folder/scripts/passwordrejection.md b/docs/threatprevention/7.5/admin/templates/folder/actions/passwordrejection.md similarity index 94% rename from docs/threatprevention/7.5/admin/templates/folder/scripts/passwordrejection.md rename to docs/threatprevention/7.5/admin/templates/folder/actions/passwordrejection.md index dae98f6a73..156eca4ba5 100644 --- a/docs/threatprevention/7.5/admin/templates/folder/scripts/passwordrejection.md +++ b/docs/threatprevention/7.5/admin/templates/folder/actions/passwordrejection.md @@ -1,8 +1,14 @@ +--- +title: "Password Rejection Custom Script" +description: "Password Rejection Custom Script" +sidebar_position: 50 +--- + # Password Rejection Custom Script The following C# script sends an email notification to the specified perpetrator when their Active Directory password is rejected by the active -[Password Rules Filter](/docs/threatprevention/7.5/admin/policies/eventtype/passwordenforcement.md#password-rules-filter) +[Password Rules Filter](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/passwordenforcement/passwordenforcement.md#password-rules-filter) criteria. The following environmental variables must be added to the script prior to execution: diff --git a/docs/threatprevention/7.5/admin/templates/folder/activedirectory.md b/docs/threatprevention/7.5/admin/templates/folder/activedirectory.md new file mode 100644 index 0000000000..7c7edc782a --- /dev/null +++ b/docs/threatprevention/7.5/admin/templates/folder/activedirectory.md @@ -0,0 +1,112 @@ +--- +title: "Active Directory Folder Templates" +description: "Active Directory Folder Templates" +sidebar_position: 40 +--- + +# Active Directory Folder Templates + +The **Templates** > **Microsoft** > **Active Directory** folder in the Navigation pane contains the +following templates: + +Authentication Folder + +| Subfolder | Template | Description | TAGS | +| ----------------------- | ---------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---- | +| | AD: Failed Account Authentications | Gathers Failed AD Authentications. Utilizes built-In “Failed Authentications” – Include Perpetrators Collection to define which accounts will be monitored for failed authentications. Add accounts to be monitored to this collection. | None | +| | AD: Successful Account Authentications | Gathers Successful AD Authentications. Utilizes built-In “Successful Authentications” – Include Perpetrators Collection to define which accounts will be monitored for successful authentications. Add accounts to be monitored to this collection. | None | +| | AD: Successful Account Logons | No customizations required. Most common modification: specify a list of users (AD Objects) to be included or excluded. Make sure the Exclude 'Noise' Events option on the [Event Filtering Configuration Window](/docs/threatprevention/7.5/admin/configuration/eventfilteringconfiguration.md) is Off for this policy.Make sure the Exclude 'Noise' Events option on the [Event Filtering Configuration Window](/docs/threatprevention/7.5/admin/configuration/eventfilteringconfiguration.md) is _Off_ for this policy. | None | +| Administrative Accounts | AD: Domain Administrators Logons to Non Domain Controllers | Gathers logon events of Domain Administrator accounts to non-domain controller computes. Utilizes built-In “Domain Administrators” – Include Perpetrators Collection to define which accounts will be monitored for logons. Add accounts which have domain administrator rights to be monitored to this collection. Also utilizes built-In “Domain Controllers” – Hosts Collection to define which hosts will NOT be monitored for logons. Add domain controllers to be ignored to this collection. | None | +| Administrative Accounts | AD: Failed Administrator Account Authentications | Gathers AD: Failed Administrator Account Authentications. Utilizes built-In “Administrative Accounts” – Include Perpetrators Collection to define which administrative accounts will be monitored for failed authentications. | None | +| Administrative Accounts | AD: Successful Administrator Account Authentications | Gathers Successful AD Authentications for Administrators. Utilizes built-In “Administrative Accounts” – Include Perpetrators Collection to define which administrative accounts will be monitored for successful authentications. Add accounts with administrative rights to be monitored to this collection. | None | +| Administrative Accounts | AD: Successful Administrator Account Logons | Utilizes built-in “Administrator Accounts” – Objects Collection. Add accounts with administrator rights to be monitored to this collection Make sure the Exclude 'Noise' Events option on the [Event Filtering Configuration Window](/docs/threatprevention/7.5/admin/configuration/eventfilteringconfiguration.md) is Off for this policy | None | +| Service Accounts | AD: Failed Service Account Authentications | Gathers Failed AD Authentications for service accounts. Utilizes built-In “Service Accounts” – Include Perpetrators Collection to define which service accounts will be monitored for failed authentications. Add service accounts to be monitored to this collection | None | +| Service Accounts | AD: Successful Service Account Authentications | Gathers Successful AD Authentications for service accounts. Utilizes built-In “Service Accounts” – Include Perpetrators Collection to define which service accounts will be monitored for successful authentications. Add service accounts to be monitored to this collection | None | +| Service Accounts | AD: Successful Service Account Logons | Utilizes built-in "Service Accounts" – Objects Collection. Add service accounts to be monitored to this collection Make sure the Exclude 'Noise' Events option on the [Event Filtering Configuration Window](/docs/threatprevention/7.5/admin/configuration/eventfilteringconfiguration.md) is Off for this policy. | None | + +Groups Folder + +| Subfolder | Template | Description | TAGS | +| ----------------------- | ---------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------ | ---- | +| | AD Group Creations | No customizations required. Most common modifications: specify AD Perpetrator to be included or excluded | None | +| | AD Group Deletions | No customizations required. Most common modifications: specify AD Perpetrator to be included or excluded | None | +| | AD: Group Membership Changes | No customizations required. Most common modifications: specify AD Objects and/or AD Perpetrator to be included or excluded | None | +| | AD: Group Moves or Renames | No customizations required. Most common modifications: specify AD Perpetrator to be included or excluded | None | +| | AD Group Type Modifications | No customizations required. Most common modifications: specify AD Objects and/or AD Perpetrator to be included or excluded | | +| Administrative Accounts | AD: Group Deletions by Administrators | Utilizes built-in "Administrative Accounts" – Perpetrator Collection. Add accounts with administrative rights to be monitored to this collection | None | +| Administrative Accounts | AD: Group Deletions by Non-Administrators | Utilizes built-in “Administrative Accounts” – Perpetrator Collection. Add accounts with administrative account to NOT be monitored to this collection | None | +| Administrative Accounts | AD: Group Membership Changes by Administrators | Utilizes built-in "Administrative Accounts" – Perpetrator Collection. Add accounts with administrative rights to be monitored to this collection | None | +| Administrative Accounts | AD Group Membership Changes by Non-Administrators | Utilizes built-in “Administrative Accounts” – Perpetrator Collection. Add accounts with administrative account to NOT be monitored to this collection | None | +| Administrative Accounts | AD: Group Moves or Renames by Administrators | Utilizes built-in "Administrative Accounts" – Perpetrator Collection. Add accounts with administrative rights to be monitored to this collection | None | +| Administrative Accounts | AD: Group Moves or Renames by Non-Administrators | Utilizes built-in “Administrative Accounts” – Perpetrator Collection. Add accounts with administrative account to NOT be monitored to this collection. | None | +| Administrative Groups | AD: Deletions of Administrator Groups | Utilizes the built-in “Administrator Groups” – Objects Collection. Add administrator groups to be monitored to this collection | None | +| Administrative Groups | AD: Group Membership Changes to Administrator Groups | Utilizes the built-in “Administrator Groups” – Objects Collection. Add administrator groups to be monitored to this collection | None | +| Administrative Groups | AD: Moves or Renames of Administrator Groups | Utilizes the built-in “Administrator Groups” – Objects Collection. Add administrator groups to be monitored to this collection | None | + +Lockdown Folder + +**CAUTION:** Use cation with _all Lockdown/Blocking Templates_! Blank filters result in _everything_ +being locked down or blocked. + +| Template | Description | TAGS | +| --------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---- | +| AD Generic Lockdown | Set the appropriate AD event type(s) to be blocked. Then select the desired AD Objects and Containers, AD Classes and Attributes, and AD Perpetrators to be allowed or denied | None | +| Auth Generic Lockdown | Set the appropriate AD Perpetrator(s) and/or Host(s) to be blocked | None | + +Organizational Unit Folder + +| Template | Description | TAGS | +| ---------------------------- | -------------------------------------------------------------------------------------------------------- | ---- | +| AD OU Creations | No customizations required. Most common modifications: specify AD Perpetrator to be included or excluded | None | +| AD OU Deletions | No customizations required. Most common modifications: specify AD Perpetrator to be included or excluded | None | +| AD OU Modifications | No customizations required. Most common modifications: specify AD Perpetrator to be included or excluded | None | +| AD OU Moves or Renames | No customizations required. Most common modifications: specify AD Perpetrator to be included or excluded | None | +| AD OU Security Modifications | No customizations required. Most common modifications: specify AD Perpetrator to be included or excluded | None | + +Password Enforcement Folder + +| Template | Description | TAGS | +| ------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------- | ---- | +| Password Enforcement Monitoring | No customizations required. Prevents users from changing a password to any value in the Threat Prevention dictionary of known compromised passwords | None | + +Replication Folder + +| Template | Description | TAGS | +| ------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---- | +| AD Replication Lockdown | USE CAUTION WITH ALL LOCKDOWN TEMPLATES Prevents Active Directory data synchronization requests from non-domain controllers using RPC call IDL_DRSGetNCChanges. Add legitimate domain controllers to be inored in one of the following ways to prevent them from being blocked: - Allow Perpetrators List – Add the Users OU > Domain Controllers group and any other groups with domain controllers for a dynamic list of domain controllers - Exclude Domains/Servers – Add specific domain controllers for a static list of domain controllers See the [AD Replication Lockdown Event Type](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/adreplicationlockdown.md) topic for additional information. | None | +| AD Replication Monitoring | Utilizes the built-in “Domain Controllers” – Hosts Collection. Add domain controllers to not be monitored. Alternatively, add legitimate domain controllers to be ignored in one of the following ways: - Exclude Perpetrators List – Add the Users OU > Domain Controllers group and any other groups with domain controllers for a dynamic list of domain controllers - Exclude Domains/Servers – Add specific domain controllers for a static list of domain controllers See the [AD Replication Monitoring Event Type](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/adreplicationmonitoring.md) topic for additional information. | None | + +Server-Workstation Folder + +| Template | Description | TAGS | +| ---------------------------------- | -------------------------------------------------------------------------------------------------------- | ---- | +| AD: Computer Account Creations | No customizations required. Most common modifications: specify AD Perpetrator to be included or excluded | None | +| AD: Computer Account Deletions | No customizations required. Most common modifications: specify AD Perpetrator to be included or excluded | None | +| AD: Computer Account Modifications | No customizations required. Most common modifications: specify AD Perpetrator to be included or excluded | None | + +Users Folder + +| Subfolder | Template | Description | TAGS | +| ----------------------- | ------------------------------------------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------- | ---- | +| | AD: User Account Creations | No customizations required. Most common modifications: specify AD Perpetrator to be included or excluded | None | +| | AD: User Account Deletions | No customizations required. Most common modifications: specify AD Objects and/or AD Perpetrator to be included or excluded | None | +| | AD: User Account Lockouts | No customizations required. Most common modifications: specify AD Objects to be included or excluded | None | +| | AD: User Account Modifications | No customizations required. Most common modifications: specify AD Objects and/or AD Perpetrator to be included or excluded | None | +| | AD: User Account Moves and Renames | No customizations required. Most common modifications: specify AD Objects and/or AD Perpetrator to be included or excluded | None | +| | AD: User Account Password Set | No customizations required. Most common modifications: specify AD Objects and/or AD Perpetrator to be included or excluded | None | +| Administrative Accounts | AD: Deletions of Administrator Accounts | Utilizes built-in “Administrator Accounts” – Objects Collection. Add accounts with administrator rights to be monitored to this collection | None | +| Administrative Accounts | AD: Modifications of Administrator Accounts | Utilizes built-in “Administrator Accounts” – Objects Collection. Add accounts with administrator rights to be monitored to this collection | None | +| Administrative Accounts | AD: Moves and Renames of Administrator Accounts | Utilizes built-in “Administrator Accounts” – Objects Collection. Add accounts with administrator rights to be monitored to this collection | None | +| Administrative Accounts | AD: Password Set on Administrator Accounts | Utilizes built-in “Administrator Accounts” – Objects Collection. Add accounts with administrator rights to be monitored to this collection | None | +| Administrative Accounts | AD: User Creations by Administrators | Utilizes built-in "Administrative Accounts" – Perpetrator Collection. Add accounts with administrative rights to be monitored to this collection | None | +| Administrative Accounts | AD: User Creations NOT by Administrators | Utilizes the built-in “Administrative Accounts” – Perpetrator Collection. Add accounts with administrative rights to NOT be monitored to this collection | None | +| Administrative Accounts | AD: User Deletions by Administrators | Utilizes built-in "Administrative Accounts" – Perpetrator Collection. Add accounts with administrative rights to be monitored to this collection | None | +| Administrative Accounts | AD: User Deletions NOT by Administrators | Utilizes the built-in “Administrative Accounts” – Perpetrator Collection. Add accounts with administrative rights to NOT be monitored to this collection | None | +| Administrative Accounts | AD: User Modifications by Administrators | Utilizes built-in "Administrative Accounts" – Perpetrator Collection. Add accounts with administrative rights to be monitored to this collection | None | +| Administrative Accounts | AD: User Modifications NOT by Administrators | Utilizes the built-in “Administrative Accounts” – Perpetrator Collection. Add accounts with administrative rights to NOT be monitored to this collection | None | +| Administrative Accounts | AD: User Moves and Renames by Administrators | Utilizes built-in "Administrative Accounts" – Perpetrator Collection. Add accounts with administrative rights to be monitored to this collection | None | +| Administrative Accounts | AD: User Moves and Renames NOT by Administrators | Utilizes the built-in “Administrative Accounts” – Perpetrator Collection. Add accounts with administrative rights to NOT be monitored to this collection | None | +| Service Accounts | AD: Deletions of Service Accounts | Utilizes built-in "Service Accounts" – Objects Collection. Add service accounts to be monitored to this collection | None | +| Service Accounts | AD: Modifications of Service Accounts | Utilizes built-in "Service Accounts" – Objects Collection. Add service accounts to be monitored to this collection | None | +| Service Accounts | AD: Moves and Renames of Service Accounts | Utilizes built-in "Service Accounts" – Objects Collection. Add service accounts to be monitored to this collection | None | +| Service Accounts | AD: Password Set on Service Accounts | Utilizes built-in "Service Accounts" – Objects Collection. Add service accounts to be monitored to this collection | None | diff --git a/docs/threatprevention/7.5/admin/templates/folder/bestpractices.md b/docs/threatprevention/7.5/admin/templates/folder/bestpractices.md index ae0cbcbc4f..4a18cf5013 100644 --- a/docs/threatprevention/7.5/admin/templates/folder/bestpractices.md +++ b/docs/threatprevention/7.5/admin/templates/folder/bestpractices.md @@ -1,3 +1,9 @@ +--- +title: "Best Practices Folder Templates" +description: "Best Practices Folder Templates" +sidebar_position: 20 +--- + # Best Practices Folder Templates The Best Practices folder contains the following templates: diff --git a/docs/threatprevention/7.5/admin/templates/folder/exchange.md b/docs/threatprevention/7.5/admin/templates/folder/exchange.md new file mode 100644 index 0000000000..2891ab20f4 --- /dev/null +++ b/docs/threatprevention/7.5/admin/templates/folder/exchange.md @@ -0,0 +1,65 @@ +--- +title: "Exchange Folder Templates" +description: "Exchange Folder Templates" +sidebar_position: 50 +--- + +# Exchange Folder Templates + +The **Templates** > **Microsoft** > **Exchange** folder in the Navigation pane contains the +following templates: + +Managed Folders Folder + +| Template | Description | TAGS | +| --------------------------------------------------------- | -------------------------- | ---- | +| EX: Managed Content Settings Configuration Changes | No customizations required | None | +| EX: Managed Folder Configuration Changes | No customizations required | None | +| EX: Managed Folder Mailbox Policies Configuration Changes | No customizations required | None | + +Organization Folder + +| Subfolder | Template | Description | TAGS | +| ------------- | ---------------------------------------------------- | -------------------------- | ---- | +| Client Access | EX: ActiveSync Mailbox Policy Configuration Changes | No customizations required | None | +| Hub Transport | EX: Accepted Domain Configuration Changes | No customizations required | None | +| Hub Transport | EX: Email Address Policy Configuration Changes | No customizations required | None | +| Hub Transport | EX: Remote Domain Configuration Changes | No customizations required | None | +| Hub Transport | EX: Send Connector Configuration Changes | No customizations required | None | +| Hub Transport | EX: Transport and Journal Rule Configuration Changes | No customizations required | None | +| Hub Transport | EX: Transport Settings Configuration Changes | No customizations required | None | +| Mailbox | EX: Address List Configuration Changes | No customizations required | None | +| Mailbox | EX: Database Availability Group Changes | No customizations required | None | +| Mailbox | EX: Database Management Changes | No customizations required | None | +| Mailbox | EX: Offline Address Book Configuration Changes | No customizations required | None | +| Mailbox | EX: Retention Policy Tag Changes | No customizations required | None | +| Mailbox | EX: Sharing Policy Changes | No customizations required | None | + +Recipient Folder + +| Subfolder | Template | Description | TAGS | +| ------------------ | ---------------------------------------------------- | -------------------------- | ---- | +| Distribution Group | EX: Distribution Group Configuration Changes | No customizations required | None | +| Distribution Group | EX: Dynamic Distribution Group Configuration Changes | No customizations required | None | +| Mail Contact | EX: Mail Contact Configuration Changes | No customizations required | None | +| Mail Contact | EX: Mail User Configuration Changes | No customizations required | None | +| Mailbox | EX: Mailbox Configuration Changes | No customizations required | None | + +Role Based Access Control Folder + +| Template | Description | TAGS | +| --------------------------------------------- | -------------------------- | ---- | +| EX: Administrative Role Configuration Changes | No customizations required | None | + +Server Folder + +| Subfolder | Template | Description | TAGS | +| ------------- | ----------------------------------------------------------- | -------------------------- | ---- | +| | EX: Outlook Anywhere Configuration Changes | No customizations required | None | +| | EX: Server Property Changes | No customizations required | None | +| Client Access | EX: ActiveSync Configuration Changes | No customizations required | None | +| Client Access | EX: Exchange Control Panel Changes | No customizations required | None | +| Client Access | EX: Offline Address Book Distribution Configuration Changes | No customizations required | None | +| Client Access | EX: Outlook Web Access Configuration Changes | No customizations required | None | +| Client Access | EX: POP3 and IMAP4 Configuration Changes | No customizations required | None | +| Hub Transport | EX: Receive Connector Configuration Changes | No customizations required | None | diff --git a/docs/threatprevention/7.5/admin/templates/folder/filesystem.md b/docs/threatprevention/7.5/admin/templates/folder/filesystem.md new file mode 100644 index 0000000000..817f6c5289 --- /dev/null +++ b/docs/threatprevention/7.5/admin/templates/folder/filesystem.md @@ -0,0 +1,34 @@ +--- +title: "File System Folder Templates" +description: "File System Folder Templates" +sidebar_position: 60 +--- + +# File System Folder Templates + +The **Templates** > **Microsoft** > **File System** folder in the Navigation pane contains the +following templates: + +**CAUTION:** ‘Reads’ are left out due to the potential high volume of data that could be gathered; +recommended only for highly sensitive content. + +| Subfolder | Template | Description | TAGS | +| ---------- | ----------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ---- | +| | WinFS: BitTorrent File Access | Specify the files and/or folders to be monitored. Optionally, add any AD Perpetrators to be included or excluded | None | +| | WinFS: Executable File Access | Specify the files and/or folders to be monitored. Optionally, add any AD Perpetrators to be included or excluded | None | +| | WinFS: File and Folder Access | Specify the files and/or folders to be monitored. Optionally, add any ‘Wildcards’ and/or AD Perpetrators to be included or excluded | None | +| | WinFS: File and Folder Access and Property Monitoring | Specify the files and/or folders to be monitored. Optionally, add any ‘Wildcards’ and/or AD Perpetrators to be included or excluded | None | +| | WinFS: File and Folder Property Modifications | Specify the files and/or folders to be monitored. Optionally, add any ‘Wildcards’ and/or AD Perpetrators to be included or excluded | None | +| | WinFS: Graphic File Access | Specify the files and/or folders to be monitored. Optionally, add any AD Perpetrators to be included or excluded | None | +| | WinFS: Music File Access | Specify the files and/or folders to be monitored. Optionally, add any AD Perpetrators to be included or excluded | None | +| | WinFS: Setting and Configuration File Access | Specify the files and/or folders to be monitored. Optionally, add any AD Perpetrators to be included or excluded | None | +| | WinFS: Video File Access | Specify the files and/or folders to be monitored. Optionally, add any AD Perpetrators to be included or excluded | None | +| Access | WinFS Access: Creates | Specify the files and/or folders to be monitored. Optionally, add any ‘Wildcards’ and/or AD Perpetrators to be included or excluded | None | +| Access | WinFS Access: Deletes | Specify the files and/or folders to be monitored. Optionally, add any ‘Wildcards’ and/or AD Perpetrators to be included or excluded | None | +| Access | WinFS Access: Reads | USE CAUTION WITH THIS TEMPLATE Specify the files and/or folders to be monitored. Optionally, add any ‘Wildcards’ and/or AD Perpetrators to be included or excluded | None | +| Access | WinFS Access: Renames | Specify the files and/or folders to be monitored. Optionally, add any ‘Wildcards’ and/or AD Perpetrators to be included or excluded | None | +| Access | WinFS Access: Writes | Specify the files and/or folders to be monitored. Optionally, add any ‘Wildcards’ and/or AD Perpetrators to be included or excluded | None | +| Properties | WinFS Property: Attribute Modifications | Specify the files and/or folders to be monitored. Optionally, add any ‘Wildcards’ and/or AD Perpetrators to be included or excluded | None | +| Properties | WinFS Property: Audit Modifications | Specify the files and/or folders to be monitored. Optionally, add any ‘Wildcards’ and/or AD Perpetrators to be included or excluded | None | +| Properties | WinFS Property: Owner Modifications | Specify the files and/or folders to be monitored. Optionally, add any ‘Wildcards’ and/or AD Perpetrators to be included or excluded | None | +| Properties | WinFS Property: Permission Modifications | Specify the files and/or folders to be monitored. Optionally, add any ‘Wildcards’ and/or AD Perpetrators to be included or excluded | None | diff --git a/docs/threatprevention/7.5/admin/templates/folder/grouppolicyobjects.md b/docs/threatprevention/7.5/admin/templates/folder/grouppolicyobjects.md new file mode 100644 index 0000000000..bded80e6db --- /dev/null +++ b/docs/threatprevention/7.5/admin/templates/folder/grouppolicyobjects.md @@ -0,0 +1,22 @@ +--- +title: "Group Policy Objects Folder Templates" +description: "Group Policy Objects Folder Templates" +sidebar_position: 70 +--- + +# Group Policy Objects Folder Templates + +The **Templates** > **Microsoft** > **Group Policy Objects** folder in the Navigation pane contains +the following templates: + +**CAUTION:** Use cation with _all Lockdown/Blocking Templates_! Blank filters result in _everything_ +being locked down or blocked. + +| Subfolder | Template | Description | TAGS | +| --------- | ------------------------------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---- | +| Lockdown | GPO: Lockdown | Specify the list of AD Group Policy Objects to be protected and AD Events to be locked down. Optionally, add any AD Attributes and/or AD Perpetrators to be allowed or denied | None | +| Settings | GPO: Setting Changes | Specify the list of AD Group Policy Objects to be monitored. Optionally, add any AD Perpetrators to be included or excluded | None | +| Usage | GPO: Creations | No customizations required. Most common modifications: specify AD Perpetrator to be included or excluded | None | +| Usage | GPO: Deletions | No customizations required. Most common modifications: specify AD Perpetrator to be included or excluded | None | +| Usage | GPO: Link Changes | No customizations required. Most common modifications: specify AD Context and/or AD Perpetrator to be included or excluded | None | +| Usage | GPO: Monitoring Applications of GPOs | No customizations required. Most common modifications: specify AD Context and/or AD Perpetrator to be included or excluded | None | diff --git a/docs/threatprevention/7.5/admin/templates/folder/hipaa.md b/docs/threatprevention/7.5/admin/templates/folder/hipaa.md index f465ac59c1..2a07d26fee 100644 --- a/docs/threatprevention/7.5/admin/templates/folder/hipaa.md +++ b/docs/threatprevention/7.5/admin/templates/folder/hipaa.md @@ -1,3 +1,9 @@ +--- +title: "HIPAA Folder Templates" +description: "HIPAA Folder Templates" +sidebar_position: 30 +--- + # HIPAA Folder Templates The HIPAA folder contains the following templates: diff --git a/docs/threatprevention/7.5/admin/templates/folder/microsoft/activedirectory.md b/docs/threatprevention/7.5/admin/templates/folder/microsoft/activedirectory.md deleted file mode 100644 index 93a1ba995d..0000000000 --- a/docs/threatprevention/7.5/admin/templates/folder/microsoft/activedirectory.md +++ /dev/null @@ -1,106 +0,0 @@ -# Active Directory Folder Templates - -The **Templates** > **Microsoft** > **Active Directory** folder in the Navigation pane contains the -following templates: - -Authentication Folder - -| Subfolder | Template | Description | TAGS | -| ----------------------- | ---------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---- | -| | AD: Failed Account Authentications | Gathers Failed AD Authentications. Utilizes built-In “Failed Authentications” – Include Perpetrators Collection to define which accounts will be monitored for failed authentications. Add accounts to be monitored to this collection. | None | -| | AD: Successful Account Authentications | Gathers Successful AD Authentications. Utilizes built-In “Successful Authentications” – Include Perpetrators Collection to define which accounts will be monitored for successful authentications. Add accounts to be monitored to this collection. | None | -| | AD: Successful Account Logons | No customizations required. Most common modification: specify a list of users (AD Objects) to be included or excluded. Make sure the Exclude 'Noise' Events option on the [Event Filtering Configuration Window](/docs/threatprevention/7.5/admin/configuration/eventfilteringconfiguration.md) is Off for this policy.Make sure the Exclude 'Noise' Events option on the [Event Filtering Configuration Window](/docs/threatprevention/7.5/admin/configuration/eventfilteringconfiguration.md) is _Off_ for this policy. | None | -| Administrative Accounts | AD: Domain Administrators Logons to Non Domain Controllers | Gathers logon events of Domain Administrator accounts to non-domain controller computes. Utilizes built-In “Domain Administrators” – Include Perpetrators Collection to define which accounts will be monitored for logons. Add accounts which have domain administrator rights to be monitored to this collection. Also utilizes built-In “Domain Controllers” – Hosts Collection to define which hosts will NOT be monitored for logons. Add domain controllers to be ignored to this collection. | None | -| Administrative Accounts | AD: Failed Administrator Account Authentications | Gathers AD: Failed Administrator Account Authentications. Utilizes built-In “Administrative Accounts” – Include Perpetrators Collection to define which administrative accounts will be monitored for failed authentications. | None | -| Administrative Accounts | AD: Successful Administrator Account Authentications | Gathers Successful AD Authentications for Administrators. Utilizes built-In “Administrative Accounts” – Include Perpetrators Collection to define which administrative accounts will be monitored for successful authentications. Add accounts with administrative rights to be monitored to this collection. | None | -| Administrative Accounts | AD: Successful Administrator Account Logons | Utilizes built-in “Administrator Accounts” – Objects Collection. Add accounts with administrator rights to be monitored to this collection Make sure the Exclude 'Noise' Events option on the [Event Filtering Configuration Window](/docs/threatprevention/7.5/admin/configuration/eventfilteringconfiguration.md) is Off for this policy | None | -| Service Accounts | AD: Failed Service Account Authentications | Gathers Failed AD Authentications for service accounts. Utilizes built-In “Service Accounts” – Include Perpetrators Collection to define which service accounts will be monitored for failed authentications. Add service accounts to be monitored to this collection | None | -| Service Accounts | AD: Successful Service Account Authentications | Gathers Successful AD Authentications for service accounts. Utilizes built-In “Service Accounts” – Include Perpetrators Collection to define which service accounts will be monitored for successful authentications. Add service accounts to be monitored to this collection | None | -| Service Accounts | AD: Successful Service Account Logons | Utilizes built-in "Service Accounts" – Objects Collection. Add service accounts to be monitored to this collection Make sure the Exclude 'Noise' Events option on the [Event Filtering Configuration Window](/docs/threatprevention/7.5/admin/configuration/eventfilteringconfiguration.md) is Off for this policy. | None | - -Groups Folder - -| Subfolder | Template | Description | TAGS | -| ----------------------- | ---------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------ | ---- | -| | AD Group Creations | No customizations required. Most common modifications: specify AD Perpetrator to be included or excluded | None | -| | AD Group Deletions | No customizations required. Most common modifications: specify AD Perpetrator to be included or excluded | None | -| | AD: Group Membership Changes | No customizations required. Most common modifications: specify AD Objects and/or AD Perpetrator to be included or excluded | None | -| | AD: Group Moves or Renames | No customizations required. Most common modifications: specify AD Perpetrator to be included or excluded | None | -| | AD Group Type Modifications | No customizations required. Most common modifications: specify AD Objects and/or AD Perpetrator to be included or excluded | | -| Administrative Accounts | AD: Group Deletions by Administrators | Utilizes built-in "Administrative Accounts" – Perpetrator Collection. Add accounts with administrative rights to be monitored to this collection | None | -| Administrative Accounts | AD: Group Deletions by Non-Administrators | Utilizes built-in “Administrative Accounts” – Perpetrator Collection. Add accounts with administrative account to NOT be monitored to this collection | None | -| Administrative Accounts | AD: Group Membership Changes by Administrators | Utilizes built-in "Administrative Accounts" – Perpetrator Collection. Add accounts with administrative rights to be monitored to this collection | None | -| Administrative Accounts | AD Group Membership Changes by Non-Administrators | Utilizes built-in “Administrative Accounts” – Perpetrator Collection. Add accounts with administrative account to NOT be monitored to this collection | None | -| Administrative Accounts | AD: Group Moves or Renames by Administrators | Utilizes built-in "Administrative Accounts" – Perpetrator Collection. Add accounts with administrative rights to be monitored to this collection | None | -| Administrative Accounts | AD: Group Moves or Renames by Non-Administrators | Utilizes built-in “Administrative Accounts” – Perpetrator Collection. Add accounts with administrative account to NOT be monitored to this collection. | None | -| Administrative Groups | AD: Deletions of Administrator Groups | Utilizes the built-in “Administrator Groups” – Objects Collection. Add administrator groups to be monitored to this collection | None | -| Administrative Groups | AD: Group Membership Changes to Administrator Groups | Utilizes the built-in “Administrator Groups” – Objects Collection. Add administrator groups to be monitored to this collection | None | -| Administrative Groups | AD: Moves or Renames of Administrator Groups | Utilizes the built-in “Administrator Groups” – Objects Collection. Add administrator groups to be monitored to this collection | None | - -Lockdown Folder - -**CAUTION:** Use cation with _all Lockdown/Blocking Templates_! Blank filters result in _everything_ -being locked down or blocked. - -| Template | Description | TAGS | -| --------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---- | -| AD Generic Lockdown | Set the appropriate AD event type(s) to be blocked. Then select the desired AD Objects and Containers, AD Classes and Attributes, and AD Perpetrators to be allowed or denied | None | -| Auth Generic Lockdown | Set the appropriate AD Perpetrator(s) and/or Host(s) to be blocked | None | - -Organizational Unit Folder - -| Template | Description | TAGS | -| ---------------------------- | -------------------------------------------------------------------------------------------------------- | ---- | -| AD OU Creations | No customizations required. Most common modifications: specify AD Perpetrator to be included or excluded | None | -| AD OU Deletions | No customizations required. Most common modifications: specify AD Perpetrator to be included or excluded | None | -| AD OU Modifications | No customizations required. Most common modifications: specify AD Perpetrator to be included or excluded | None | -| AD OU Moves or Renames | No customizations required. Most common modifications: specify AD Perpetrator to be included or excluded | None | -| AD OU Security Modifications | No customizations required. Most common modifications: specify AD Perpetrator to be included or excluded | None | - -Password Enforcement Folder - -| Template | Description | TAGS | -| ------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------- | ---- | -| Password Enforcement Monitoring | No customizations required. Prevents users from changing a password to any value in the Threat Prevention dictionary of known compromised passwords | None | - -Replication Folder - -| Template | Description | TAGS | -| ------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---- | -| AD Replication Lockdown | USE CAUTION WITH ALL LOCKDOWN TEMPLATES Prevents Active Directory data synchronization requests from non-domain controllers using RPC call IDL_DRSGetNCChanges. Add legitimate domain controllers to be inored in one of the following ways to prevent them from being blocked: - Allow Perpetrators List – Add the Users OU > Domain Controllers group and any other groups with domain controllers for a dynamic list of domain controllers - Exclude Domains/Servers – Add specific domain controllers for a static list of domain controllers See the [AD Replication Lockdown Event Type](/docs/threatprevention/7.5/admin/policies/eventtype/adreplicationlockdown.md) topic for additional information. | None | -| AD Replication Monitoring | Utilizes the built-in “Domain Controllers” – Hosts Collection. Add domain controllers to not be monitored. Alternatively, add legitimate domain controllers to be ignored in one of the following ways: - Exclude Perpetrators List – Add the Users OU > Domain Controllers group and any other groups with domain controllers for a dynamic list of domain controllers - Exclude Domains/Servers – Add specific domain controllers for a static list of domain controllers See the [AD Replication Monitoring Event Type](/docs/threatprevention/7.5/admin/policies/eventtype/adreplicationmonitoring.md) topic for additional information. | None | - -Server-Workstation Folder - -| Template | Description | TAGS | -| ---------------------------------- | -------------------------------------------------------------------------------------------------------- | ---- | -| AD: Computer Account Creations | No customizations required. Most common modifications: specify AD Perpetrator to be included or excluded | None | -| AD: Computer Account Deletions | No customizations required. Most common modifications: specify AD Perpetrator to be included or excluded | None | -| AD: Computer Account Modifications | No customizations required. Most common modifications: specify AD Perpetrator to be included or excluded | None | - -Users Folder - -| Subfolder | Template | Description | TAGS | -| ----------------------- | ------------------------------------------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------- | ---- | -| | AD: User Account Creations | No customizations required. Most common modifications: specify AD Perpetrator to be included or excluded | None | -| | AD: User Account Deletions | No customizations required. Most common modifications: specify AD Objects and/or AD Perpetrator to be included or excluded | None | -| | AD: User Account Lockouts | No customizations required. Most common modifications: specify AD Objects to be included or excluded | None | -| | AD: User Account Modifications | No customizations required. Most common modifications: specify AD Objects and/or AD Perpetrator to be included or excluded | None | -| | AD: User Account Moves and Renames | No customizations required. Most common modifications: specify AD Objects and/or AD Perpetrator to be included or excluded | None | -| | AD: User Account Password Set | No customizations required. Most common modifications: specify AD Objects and/or AD Perpetrator to be included or excluded | None | -| Administrative Accounts | AD: Deletions of Administrator Accounts | Utilizes built-in “Administrator Accounts” – Objects Collection. Add accounts with administrator rights to be monitored to this collection | None | -| Administrative Accounts | AD: Modifications of Administrator Accounts | Utilizes built-in “Administrator Accounts” – Objects Collection. Add accounts with administrator rights to be monitored to this collection | None | -| Administrative Accounts | AD: Moves and Renames of Administrator Accounts | Utilizes built-in “Administrator Accounts” – Objects Collection. Add accounts with administrator rights to be monitored to this collection | None | -| Administrative Accounts | AD: Password Set on Administrator Accounts | Utilizes built-in “Administrator Accounts” – Objects Collection. Add accounts with administrator rights to be monitored to this collection | None | -| Administrative Accounts | AD: User Creations by Administrators | Utilizes built-in "Administrative Accounts" – Perpetrator Collection. Add accounts with administrative rights to be monitored to this collection | None | -| Administrative Accounts | AD: User Creations NOT by Administrators | Utilizes the built-in “Administrative Accounts” – Perpetrator Collection. Add accounts with administrative rights to NOT be monitored to this collection | None | -| Administrative Accounts | AD: User Deletions by Administrators | Utilizes built-in "Administrative Accounts" – Perpetrator Collection. Add accounts with administrative rights to be monitored to this collection | None | -| Administrative Accounts | AD: User Deletions NOT by Administrators | Utilizes the built-in “Administrative Accounts” – Perpetrator Collection. Add accounts with administrative rights to NOT be monitored to this collection | None | -| Administrative Accounts | AD: User Modifications by Administrators | Utilizes built-in "Administrative Accounts" – Perpetrator Collection. Add accounts with administrative rights to be monitored to this collection | None | -| Administrative Accounts | AD: User Modifications NOT by Administrators | Utilizes the built-in “Administrative Accounts” – Perpetrator Collection. Add accounts with administrative rights to NOT be monitored to this collection | None | -| Administrative Accounts | AD: User Moves and Renames by Administrators | Utilizes built-in "Administrative Accounts" – Perpetrator Collection. Add accounts with administrative rights to be monitored to this collection | None | -| Administrative Accounts | AD: User Moves and Renames NOT by Administrators | Utilizes the built-in “Administrative Accounts” – Perpetrator Collection. Add accounts with administrative rights to NOT be monitored to this collection | None | -| Service Accounts | AD: Deletions of Service Accounts | Utilizes built-in "Service Accounts" – Objects Collection. Add service accounts to be monitored to this collection | None | -| Service Accounts | AD: Modifications of Service Accounts | Utilizes built-in "Service Accounts" – Objects Collection. Add service accounts to be monitored to this collection | None | -| Service Accounts | AD: Moves and Renames of Service Accounts | Utilizes built-in "Service Accounts" – Objects Collection. Add service accounts to be monitored to this collection | None | -| Service Accounts | AD: Password Set on Service Accounts | Utilizes built-in "Service Accounts" – Objects Collection. Add service accounts to be monitored to this collection | None | diff --git a/docs/threatprevention/7.5/admin/templates/folder/microsoft/exchange.md b/docs/threatprevention/7.5/admin/templates/folder/microsoft/exchange.md deleted file mode 100644 index 7837f1df10..0000000000 --- a/docs/threatprevention/7.5/admin/templates/folder/microsoft/exchange.md +++ /dev/null @@ -1,59 +0,0 @@ -# Exchange Folder Templates - -The **Templates** > **Microsoft** > **Exchange** folder in the Navigation pane contains the -following templates: - -Managed Folders Folder - -| Template | Description | TAGS | -| --------------------------------------------------------- | -------------------------- | ---- | -| EX: Managed Content Settings Configuration Changes | No customizations required | None | -| EX: Managed Folder Configuration Changes | No customizations required | None | -| EX: Managed Folder Mailbox Policies Configuration Changes | No customizations required | None | - -Organization Folder - -| Subfolder | Template | Description | TAGS | -| ------------- | ---------------------------------------------------- | -------------------------- | ---- | -| Client Access | EX: ActiveSync Mailbox Policy Configuration Changes | No customizations required | None | -| Hub Transport | EX: Accepted Domain Configuration Changes | No customizations required | None | -| Hub Transport | EX: Email Address Policy Configuration Changes | No customizations required | None | -| Hub Transport | EX: Remote Domain Configuration Changes | No customizations required | None | -| Hub Transport | EX: Send Connector Configuration Changes | No customizations required | None | -| Hub Transport | EX: Transport and Journal Rule Configuration Changes | No customizations required | None | -| Hub Transport | EX: Transport Settings Configuration Changes | No customizations required | None | -| Mailbox | EX: Address List Configuration Changes | No customizations required | None | -| Mailbox | EX: Database Availability Group Changes | No customizations required | None | -| Mailbox | EX: Database Management Changes | No customizations required | None | -| Mailbox | EX: Offline Address Book Configuration Changes | No customizations required | None | -| Mailbox | EX: Retention Policy Tag Changes | No customizations required | None | -| Mailbox | EX: Sharing Policy Changes | No customizations required | None | - -Recipient Folder - -| Subfolder | Template | Description | TAGS | -| ------------------ | ---------------------------------------------------- | -------------------------- | ---- | -| Distribution Group | EX: Distribution Group Configuration Changes | No customizations required | None | -| Distribution Group | EX: Dynamic Distribution Group Configuration Changes | No customizations required | None | -| Mail Contact | EX: Mail Contact Configuration Changes | No customizations required | None | -| Mail Contact | EX: Mail User Configuration Changes | No customizations required | None | -| Mailbox | EX: Mailbox Configuration Changes | No customizations required | None | - -Role Based Access Control Folder - -| Template | Description | TAGS | -| --------------------------------------------- | -------------------------- | ---- | -| EX: Administrative Role Configuration Changes | No customizations required | None | - -Server Folder - -| Subfolder | Template | Description | TAGS | -| ------------- | ----------------------------------------------------------- | -------------------------- | ---- | -| | EX: Outlook Anywhere Configuration Changes | No customizations required | None | -| | EX: Server Property Changes | No customizations required | None | -| Client Access | EX: ActiveSync Configuration Changes | No customizations required | None | -| Client Access | EX: Exchange Control Panel Changes | No customizations required | None | -| Client Access | EX: Offline Address Book Distribution Configuration Changes | No customizations required | None | -| Client Access | EX: Outlook Web Access Configuration Changes | No customizations required | None | -| Client Access | EX: POP3 and IMAP4 Configuration Changes | No customizations required | None | -| Hub Transport | EX: Receive Connector Configuration Changes | No customizations required | None | diff --git a/docs/threatprevention/7.5/admin/templates/folder/microsoft/filesystem.md b/docs/threatprevention/7.5/admin/templates/folder/microsoft/filesystem.md deleted file mode 100644 index 62c3b93377..0000000000 --- a/docs/threatprevention/7.5/admin/templates/folder/microsoft/filesystem.md +++ /dev/null @@ -1,28 +0,0 @@ -# File System Folder Templates - -The **Templates** > **Microsoft** > **File System** folder in the Navigation pane contains the -following templates: - -**CAUTION:** ‘Reads’ are left out due to the potential high volume of data that could be gathered; -recommended only for highly sensitive content. - -| Subfolder | Template | Description | TAGS | -| ---------- | ----------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ---- | -| | WinFS: BitTorrent File Access | Specify the files and/or folders to be monitored. Optionally, add any AD Perpetrators to be included or excluded | None | -| | WinFS: Executable File Access | Specify the files and/or folders to be monitored. Optionally, add any AD Perpetrators to be included or excluded | None | -| | WinFS: File and Folder Access | Specify the files and/or folders to be monitored. Optionally, add any ‘Wildcards’ and/or AD Perpetrators to be included or excluded | None | -| | WinFS: File and Folder Access and Property Monitoring | Specify the files and/or folders to be monitored. Optionally, add any ‘Wildcards’ and/or AD Perpetrators to be included or excluded | None | -| | WinFS: File and Folder Property Modifications | Specify the files and/or folders to be monitored. Optionally, add any ‘Wildcards’ and/or AD Perpetrators to be included or excluded | None | -| | WinFS: Graphic File Access | Specify the files and/or folders to be monitored. Optionally, add any AD Perpetrators to be included or excluded | None | -| | WinFS: Music File Access | Specify the files and/or folders to be monitored. Optionally, add any AD Perpetrators to be included or excluded | None | -| | WinFS: Setting and Configuration File Access | Specify the files and/or folders to be monitored. Optionally, add any AD Perpetrators to be included or excluded | None | -| | WinFS: Video File Access | Specify the files and/or folders to be monitored. Optionally, add any AD Perpetrators to be included or excluded | None | -| Access | WinFS Access: Creates | Specify the files and/or folders to be monitored. Optionally, add any ‘Wildcards’ and/or AD Perpetrators to be included or excluded | None | -| Access | WinFS Access: Deletes | Specify the files and/or folders to be monitored. Optionally, add any ‘Wildcards’ and/or AD Perpetrators to be included or excluded | None | -| Access | WinFS Access: Reads | USE CAUTION WITH THIS TEMPLATE Specify the files and/or folders to be monitored. Optionally, add any ‘Wildcards’ and/or AD Perpetrators to be included or excluded | None | -| Access | WinFS Access: Renames | Specify the files and/or folders to be monitored. Optionally, add any ‘Wildcards’ and/or AD Perpetrators to be included or excluded | None | -| Access | WinFS Access: Writes | Specify the files and/or folders to be monitored. Optionally, add any ‘Wildcards’ and/or AD Perpetrators to be included or excluded | None | -| Properties | WinFS Property: Attribute Modifications | Specify the files and/or folders to be monitored. Optionally, add any ‘Wildcards’ and/or AD Perpetrators to be included or excluded | None | -| Properties | WinFS Property: Audit Modifications | Specify the files and/or folders to be monitored. Optionally, add any ‘Wildcards’ and/or AD Perpetrators to be included or excluded | None | -| Properties | WinFS Property: Owner Modifications | Specify the files and/or folders to be monitored. Optionally, add any ‘Wildcards’ and/or AD Perpetrators to be included or excluded | None | -| Properties | WinFS Property: Permission Modifications | Specify the files and/or folders to be monitored. Optionally, add any ‘Wildcards’ and/or AD Perpetrators to be included or excluded | None | diff --git a/docs/threatprevention/7.5/admin/templates/folder/microsoft/grouppolicyobjects.md b/docs/threatprevention/7.5/admin/templates/folder/microsoft/grouppolicyobjects.md deleted file mode 100644 index c8937d286e..0000000000 --- a/docs/threatprevention/7.5/admin/templates/folder/microsoft/grouppolicyobjects.md +++ /dev/null @@ -1,16 +0,0 @@ -# Group Policy Objects Folder Templates - -The **Templates** > **Microsoft** > **Group Policy Objects** folder in the Navigation pane contains -the following templates: - -**CAUTION:** Use cation with _all Lockdown/Blocking Templates_! Blank filters result in _everything_ -being locked down or blocked. - -| Subfolder | Template | Description | TAGS | -| --------- | ------------------------------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---- | -| Lockdown | GPO: Lockdown | Specify the list of AD Group Policy Objects to be protected and AD Events to be locked down. Optionally, add any AD Attributes and/or AD Perpetrators to be allowed or denied | None | -| Settings | GPO: Setting Changes | Specify the list of AD Group Policy Objects to be monitored. Optionally, add any AD Perpetrators to be included or excluded | None | -| Usage | GPO: Creations | No customizations required. Most common modifications: specify AD Perpetrator to be included or excluded | None | -| Usage | GPO: Deletions | No customizations required. Most common modifications: specify AD Perpetrator to be included or excluded | None | -| Usage | GPO: Link Changes | No customizations required. Most common modifications: specify AD Context and/or AD Perpetrator to be included or excluded | None | -| Usage | GPO: Monitoring Applications of GPOs | No customizations required. Most common modifications: specify AD Context and/or AD Perpetrator to be included or excluded | None | diff --git a/docs/threatprevention/7.5/admin/templates/folder/overview.md b/docs/threatprevention/7.5/admin/templates/folder/overview.md index 467234c91b..464266a9d3 100644 --- a/docs/threatprevention/7.5/admin/templates/folder/overview.md +++ b/docs/threatprevention/7.5/admin/templates/folder/overview.md @@ -1,3 +1,9 @@ +--- +title: "Pre-Created Templates" +description: "Pre-Created Templates" +sidebar_position: 20 +--- + # Pre-Created Templates Threat Prevention comes with several policy templates that cover a wide range of event monitoring diff --git a/docs/threatprevention/7.5/admin/templates/folder/reconnaissance.md b/docs/threatprevention/7.5/admin/templates/folder/reconnaissance.md index eb4070d84b..1ce57a02fe 100644 --- a/docs/threatprevention/7.5/admin/templates/folder/reconnaissance.md +++ b/docs/threatprevention/7.5/admin/templates/folder/reconnaissance.md @@ -1,3 +1,9 @@ +--- +title: "Reconnaissance Folder Templates" +description: "Reconnaissance Folder Templates" +sidebar_position: 80 +--- + # Reconnaissance Folder Templates The Reconnaissance folder contains the following templates: diff --git a/docs/threatprevention/7.5/admin/templates/folder/schemaconfiguration.md b/docs/threatprevention/7.5/admin/templates/folder/schemaconfiguration.md index cf7e8a7604..a7fca62bef 100644 --- a/docs/threatprevention/7.5/admin/templates/folder/schemaconfiguration.md +++ b/docs/threatprevention/7.5/admin/templates/folder/schemaconfiguration.md @@ -1,3 +1,9 @@ +--- +title: "Schema and Configuration Folder Templates" +description: "Schema and Configuration Folder Templates" +sidebar_position: 90 +--- + # Schema and Configuration Folder Templates The Schema and Configuration folder contains the following templates: diff --git a/docs/threatprevention/7.5/admin/templates/folder/siem.md b/docs/threatprevention/7.5/admin/templates/folder/siem.md index b63729bc4f..b2d3e44cf7 100644 --- a/docs/threatprevention/7.5/admin/templates/folder/siem.md +++ b/docs/threatprevention/7.5/admin/templates/folder/siem.md @@ -1,3 +1,9 @@ +--- +title: "SIEM Folder Templates" +description: "SIEM Folder Templates" +sidebar_position: 100 +--- + # SIEM Folder Templates The SIEM folder contains the following templates: diff --git a/docs/threatprevention/7.5/admin/templates/general.md b/docs/threatprevention/7.5/admin/templates/general.md deleted file mode 100644 index 9fff44cf12..0000000000 --- a/docs/threatprevention/7.5/admin/templates/general.md +++ /dev/null @@ -1,78 +0,0 @@ -# General Tab - -The General tab is for editing the basic attributes of the template. - -![Template – General Tab](/img/product_docs/threatprevention/7.5/admin/templates/generaltab.webp) - -Name - -The name should be unique and descriptive. It is displayed for a template in the list on the -[Templates Interface](/docs/threatprevention/7.5/admin/templates/overview.md). - -Description - -The description is optional but recommended. Since each policy can be configured to be as broad or -narrow as desired, the name combined with the description should clearly explain what objects and -events it monitors/blocks, where in the network it looks, and when it is active. The description is -displayed for a template in the list on the [Templates Interface](/docs/threatprevention/7.5/admin/templates/overview.md). - -All changes made to a template must be saved before leaving the configuration interface. - -## Tags - -Tags are enabled as an organizational tool for templates only. Many preconfigured templates have -tags that enable users to quickly find a desired template through various groupings. Tags do not -create a duplicate template, but rather display the template in different folders under the TAGS -node. Multiple tags can be identified for a template with a comma-separated list. New tags can be -created, which create a new folder under the TAGS node. Use the right-click Refresh option on the -TAGS node in the Navigation pane to display new tags and/or display template-tag modifications. See -the [Tags Node](/docs/threatprevention/7.5/admin/tags/overview.md) topic for additional information. - -## History - -History details in the center of the General tab are automatically populated on creation or -modification. - -![Policy - General tab > History section](/img/product_docs/threatprevention/7.5/admin/policies/history.webp) - -It contains read-only information on who created the template (Added by), when the template was -created (Added on), who made the latest modification (Modified by), and when the latest modification -occurred (Modified on). - -## Schedule - -The schedule is for setting the time period for an enabled policy to monitor or block events. - -| Icon | Label | Represents | -| ------------------------------------------------------------------------------------------------------------------- | ------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| ![alwaysactivebutton](/img/product_docs/threatprevention/7.5/admin/policies/alwaysactivebutton.webp) | Always Active | Indicates the policy will be active at all times when enabled. This is the default setting | -| ![specifictimesbutton](/img/product_docs/threatprevention/7.5/admin/policies/specifictimesbutton.webp) | Active at Specified Times | Indicates the policy will be active only at the specified times when enabled. There are two options for setting the specified times: - Local Server Time – Schedule is set according to the local server’s time - UTC Time – Schedule is set according to the Universal Time (UTC) | - -Any new policy created from a template automatically applies the template’s setting, which can then -be modified as desired. Schedule details are displayed for a template in the list on the -[Templates Interface](/docs/threatprevention/7.5/admin/templates/overview.md). Active at Specified Times is represented by a clock icon, and -Always Active is represented with no icon, or blank. - -Weekly Calendar - -The weekly calendar at the bottom of the schedule section is where the schedule is set. - -![Schedule section in a policy set to Always Active](/img/product_docs/threatprevention/7.5/admin/configuration/databasemaintenance/schedule.webp) - -When the schedule is set to Always Active, the weekly calendar is grayed-out. - -![Schedule section in a policy set to Active at Specific Times](/img/product_docs/threatprevention/7.5/admin/policies/schedulespecifictimes.webp) - -When the schedule is set to Active at Specified Times, the weekly calendar is enabled. Each block of -time on the calendar represents a 30-minute period. - -- Blue blocks – Active times for the enabled policy -- White blocks– Inactive times for the enabled policy - -The schedule can be set or modified in one of the following ways: - -- Click an individual time-block to toggle between active and inactive for a single 30-minute - period. -- Click a time-block in the All row to toggle between active and inactive for an entire column (for - all days of the week). -- Click the name of a day to toggle between active and inactive for an entire row (for a full day). diff --git a/docs/threatprevention/7.5/admin/templates/overview.md b/docs/threatprevention/7.5/admin/templates/overview.md index ebf22733d2..554206428a 100644 --- a/docs/threatprevention/7.5/admin/templates/overview.md +++ b/docs/threatprevention/7.5/admin/templates/overview.md @@ -1,3 +1,9 @@ +--- +title: "Templates Interface" +description: "Templates Interface" +sidebar_position: 90 +--- + # Templates Interface The Templates interface provides a list of all the pre-created policy templates in Threat @@ -23,7 +29,7 @@ for organizing templates. The pre-created templates are organized into multiple [Pre-Created Templates](/docs/threatprevention/7.5/admin/templates/folder/overview.md) topic for additional information. - Click a template to open it and view its configurations. See the - [Template Configuration](/docs/threatprevention/7.5/admin/templates/configuration.md) topic for additional information. + [Template Configuration](/docs/threatprevention/7.5/admin/templates/configuration/configuration.md) topic for additional information. - You can move a templates from one folder to another by dragging-and-dropping. This is a Move action. - You can also drag a template into a folder under the Policies node. This would be a Copy action, diff --git a/docs/threatprevention/7.5/admin/tools/_category_.json b/docs/threatprevention/7.5/admin/tools/_category_.json new file mode 100644 index 0000000000..aba68b9ae8 --- /dev/null +++ b/docs/threatprevention/7.5/admin/tools/_category_.json @@ -0,0 +1,6 @@ +{ + "label": "Tools", + "position": 20, + "collapsed": true, + "collapsible": true +} \ No newline at end of file diff --git a/docs/threatprevention/7.5/admin/tools/exportpoliciestemplates.md b/docs/threatprevention/7.5/admin/tools/exportpoliciestemplates.md index 04be76eea2..61bceb37cb 100644 --- a/docs/threatprevention/7.5/admin/tools/exportpoliciestemplates.md +++ b/docs/threatprevention/7.5/admin/tools/exportpoliciestemplates.md @@ -1,3 +1,9 @@ +--- +title: "Export Policies and Templates Window" +description: "Export Policies and Templates Window" +sidebar_position: 10 +--- + # Export Policies and Templates Window You may need to export collections, policies, and templates from the Administration Console and them @@ -29,7 +35,7 @@ Follow the steps to export policies and templates: - Export All Event Consumers and Alerts – Exports all event consumers (actions) and alerts - Export Only Event Consumers and Alerts Used in Policies and Templates – Exports only event consumers (actions) and alerts configured on the - [Actions Tab](/docs/threatprevention/7.5/admin/policies/actions/overview.md) of enabled policies + [Actions Tab](/docs/threatprevention/7.5/admin/policies/configuration/actions/overview.md) of enabled policies - Options: - Notes – Enter any information to be saved with the XML file - Encrypt Sensitive Fields – When this checkbox is checked, it enables the Password and Verify diff --git a/docs/threatprevention/7.5/admin/tools/import.md b/docs/threatprevention/7.5/admin/tools/import.md index 59e414425b..2a359f70b9 100644 --- a/docs/threatprevention/7.5/admin/tools/import.md +++ b/docs/threatprevention/7.5/admin/tools/import.md @@ -1,3 +1,9 @@ +--- +title: "Import Window" +description: "Import Window" +sidebar_position: 20 +--- + # Import Window You may need to export collections, policies, and templates from the Administration Console and them diff --git a/docs/threatprevention/7.5/api/_category_.json b/docs/threatprevention/7.5/api/_category_.json new file mode 100644 index 0000000000..6c85eac67a --- /dev/null +++ b/docs/threatprevention/7.5/api/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "PowerShell API Integration", + "position": 50, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/threatprevention/7.5/api/collections.md b/docs/threatprevention/7.5/api/collections.md index 61c5c9c761..909109011a 100644 --- a/docs/threatprevention/7.5/api/collections.md +++ b/docs/threatprevention/7.5/api/collections.md @@ -1,9 +1,15 @@ +--- +title: "Collection APIs" +description: "Collection APIs" +sidebar_position: 30 +--- + # Collection APIs Collections are reusable lists of policy filter settings that help streamline the task of associating filters with event types on the Event Type tab during -[Policy Configuration](/docs/threatprevention/7.5/admin/policies/configuration.md) or -[Template Configuration](/docs/threatprevention/7.5/admin/templates/configuration.md). +[Policy Configuration](/docs/threatprevention/7.5/admin/policies/configuration/configuration.md) or +[Template Configuration](/docs/threatprevention/7.5/admin/templates/configuration/configuration.md). You can use APIs to perform the following functions: diff --git a/docs/threatprevention/7.5/api/epe.md b/docs/threatprevention/7.5/api/epe.md index 2b23660b0e..0cc9f9132a 100644 --- a/docs/threatprevention/7.5/api/epe.md +++ b/docs/threatprevention/7.5/api/epe.md @@ -1,9 +1,15 @@ +--- +title: "Enterprise Password Enforcer (EPE) APIs" +description: "Enterprise Password Enforcer (EPE) APIs" +sidebar_position: 40 +--- + # Enterprise Password Enforcer (EPE) APIs You can use APIs to perform functions related to Threat Prevention's Enterprise Password Enforcer (EPE) solution. These functions pertain to the [EPE Settings Window](/docs/threatprevention/7.5/admin/configuration/epesettings.md) and the -[Password Rules Filter](/docs/threatprevention/7.5/admin/policies/eventtype/passwordenforcement.md#password-rules-filter) of +[Password Rules Filter](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/passwordenforcement/passwordenforcement.md#password-rules-filter) of the Password Enforcement event type. - Password Validation Test Against EPE Rules diff --git a/docs/threatprevention/7.5/api/loadmodule.md b/docs/threatprevention/7.5/api/loadmodule.md index 8d4a2756e6..0224a2819a 100644 --- a/docs/threatprevention/7.5/api/loadmodule.md +++ b/docs/threatprevention/7.5/api/loadmodule.md @@ -1,3 +1,9 @@ +--- +title: "Load the PowerShell Module" +description: "Load the PowerShell Module" +sidebar_position: 10 +--- + # Load the PowerShell Module The following steps are provided to load the Threat Prevention PowerShell module. These steps are diff --git a/docs/threatprevention/7.5/api/overview.md b/docs/threatprevention/7.5/api/overview.md index ac3658d766..afbec5c442 100644 --- a/docs/threatprevention/7.5/api/overview.md +++ b/docs/threatprevention/7.5/api/overview.md @@ -1,3 +1,9 @@ +--- +title: "PowerShell API Integration" +description: "PowerShell API Integration" +sidebar_position: 50 +--- + # PowerShell API Integration Using PowerShell, you can obtain information on or manipulate specific policy, collection, and diff --git a/docs/threatprevention/7.5/api/policy.md b/docs/threatprevention/7.5/api/policy.md index 72c0efbfed..2cb8a3c99e 100644 --- a/docs/threatprevention/7.5/api/policy.md +++ b/docs/threatprevention/7.5/api/policy.md @@ -1,3 +1,9 @@ +--- +title: "Policy APIs" +description: "Policy APIs" +sidebar_position: 20 +--- + # Policy APIs Policies are used in Threat Prevention to define the objects and events to be monitored or blocked diff --git a/docs/threatprevention/7.5/api/threatmanager.md b/docs/threatprevention/7.5/api/threatmanager.md index 2c7d06ba46..2a6997bd5c 100644 --- a/docs/threatprevention/7.5/api/threatmanager.md +++ b/docs/threatprevention/7.5/api/threatmanager.md @@ -1,3 +1,9 @@ +--- +title: "Netwrix Threat Manager APIs" +description: "Netwrix Threat Manager APIs" +sidebar_position: 50 +--- + # Netwrix Threat Manager APIs The following APIs are related to where Threat Prevention sends the event data to, and how to diff --git a/docs/threatprevention/7.5/config/activedirectory/threatprevention.md b/docs/threatprevention/7.5/config/activedirectory/threatprevention.md deleted file mode 100644 index e261bd909b..0000000000 --- a/docs/threatprevention/7.5/config/activedirectory/threatprevention.md +++ /dev/null @@ -1,40 +0,0 @@ -# Send Active Directory Event Data from Netwrix Threat Prevention to Netwrix Access Analyzer - -When Netwrix Threat Prevention is configured to monitor a domain, the event data collected by the -policies can be provided to Netwrix Access Analyzer (formerly Enterprise Auditor) for auditing and -analysis. This is accomplished by configuring Threat Prevention to send data to Netwrix Activity -Monitor, which in turn creates the activity log files that Access Analyzer collects. - -**NOTE:** Threat Prevention can only be configured to send event data to one Netwrix application, -either Netwrix Activity Monitor or Netwrix Threat Manager but not both. However, the Activity -Monitor can be configured with outputs for Access Analyzer and Threat Manager. - -Follow the steps to configure this integration. - -**_RECOMMENDED:_** It is a best practice to use the API Server option of the Activity Monitor for -this integration between Threat Prevention and Access Analyzer. - -**Step 1 –** In the Threat Prevention Administration Console, click **Configuration** > **Netwrix -Threat Manager Configuration** on the menu. The Netwrix Threat Manager Configuration window opens. - -**Step 2 –** On the Event Sink tab, configure the following: - -- Netwrix Threat Manager URI – Enter the name of the Activity Monitor agent host and port, which is - 4499 by default, in the following format: - - `amqp://localhost:4499` - - You must use localhost, even if Activity Monitor and Threat Prevention are installed on - different servers. - -- App Token – Leave this field blank for integration with Activity Monitor -- Policies – The table displays all policies created in Threat Prevention along with a State icon - indicating if the policy is active. Check the **Send** box for the desired policies monitoring the - target domain activity. - -**Step 3 –** Click **Save**. - -All real-time event data from the selected policies is now sent to Activity Monitor. Additional -policies can be added to this data stream through the Netwrix Threat Manager Configuration window or -by selecting the **Send to Netwrix Threat Manager** option on the Actions tab of the respective -policy. diff --git a/docs/threatprevention/7.5/eperestsite/_category_.json b/docs/threatprevention/7.5/eperestsite/_category_.json new file mode 100644 index 0000000000..de29135bf6 --- /dev/null +++ b/docs/threatprevention/7.5/eperestsite/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "EPE Rest Site", + "position": 80, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/threatprevention/7.5/eperestsite/accountmanagement.md b/docs/threatprevention/7.5/eperestsite/accountmanagement.md index 6b70093fd2..6112ce2b9c 100644 --- a/docs/threatprevention/7.5/eperestsite/accountmanagement.md +++ b/docs/threatprevention/7.5/eperestsite/accountmanagement.md @@ -1,3 +1,9 @@ +--- +title: "Site Account Management APIs" +description: "Site Account Management APIs" +sidebar_position: 10 +--- + # Site Account Management APIs You can use APIs to perform the following functions for user accounts that can access the EPE Rest diff --git a/docs/threatprevention/7.5/eperestsite/checkpassword.md b/docs/threatprevention/7.5/eperestsite/checkpassword.md index d229a86caf..2f1a396388 100644 --- a/docs/threatprevention/7.5/eperestsite/checkpassword.md +++ b/docs/threatprevention/7.5/eperestsite/checkpassword.md @@ -1,3 +1,9 @@ +--- +title: "Check Password APIs" +description: "Check Password APIs" +sidebar_position: 30 +--- + # Check Password APIs You can use APIs to check a candidate password against the EPE rules defined on the diff --git a/docs/threatprevention/7.5/eperestsite/login.md b/docs/threatprevention/7.5/eperestsite/login.md index 5a0b5a9e89..9f1b364fda 100644 --- a/docs/threatprevention/7.5/eperestsite/login.md +++ b/docs/threatprevention/7.5/eperestsite/login.md @@ -1,3 +1,9 @@ +--- +title: "Login to EPE REST Service APIs" +description: "Login to EPE REST Service APIs" +sidebar_position: 20 +--- + # Login to EPE REST Service APIs You can use APIs to login to the EPE REST Service: diff --git a/docs/threatprevention/7.5/eperestsite/overview.md b/docs/threatprevention/7.5/eperestsite/overview.md index 95480bd55b..52661f8ee3 100644 --- a/docs/threatprevention/7.5/eperestsite/overview.md +++ b/docs/threatprevention/7.5/eperestsite/overview.md @@ -1,3 +1,9 @@ +--- +title: "EPE Rest Site" +description: "EPE Rest Site" +sidebar_position: 80 +--- + # EPE Rest Site The EPE Rest Site is an optional web server that third parties can use to integrate with the Threat diff --git a/docs/threatprevention/7.5/gettingstarted.md b/docs/threatprevention/7.5/gettingstarted.md deleted file mode 100644 index 6cebc79ec2..0000000000 --- a/docs/threatprevention/7.5/gettingstarted.md +++ /dev/null @@ -1,124 +0,0 @@ -# Getting Started - -After launching the Threat Prevention Administration Console, the administrator must configure some -initial settings to start monitoring the organization's environment: - -- In the Administration Console, configure users, alerts, collections, policies, and database - maintenance. -- Install and configure the Netwrix Threat Manager Reporting Module to view event data. - -## Configure Additional Users - -From installation to first launch, a single Threat Prevention administrator is the only user who can -access the Administration Console. This user must create additional users and assign them roles that -control what they have access to. See the -[Users and Roles Window](/docs/threatprevention/7.5/admin/configuration/userroles/overview.md) topic to configure users. - -## Configure Alerts - -The administrator must configure email and SIEM alerts before they can be enabled. See the -[System Alerting Window](/docs/threatprevention/7.5/admin/configuration/systemalerting/overview.md) topic to enable alerts and -to select your desired events for sending notifications. - -## Configure Collections - -Collections are reusable lists of policy filter settings. To create new policies using policy -templates, Collections must be configured. Several templates are configured using Collections as a -policy filter. See the -[Collection Manager Window](/docs/threatprevention/7.5/admin/configuration/collectionmanager/overview.md) topic to configure -Collections. - -## Create, Configure, and Enable Policies - -After deploying Agents and completing initial configuration, it is time to create, configure, and -enable policies to begin monitoring your organization’s environment. Do either of the following: - -- Use a policy template to create a policy. See the - [Pre-Created Templates](/docs/threatprevention/7.5/admin/templates/folder/overview.md) topic for additional information. -- Create a new policy and template configuration. See the - [Policy Configuration](/docs/threatprevention/7.5/admin/policies/configuration.md) and - [Template Configuration](/docs/threatprevention/7.5/admin/templates/configuration.md) topics for additional information. - -On enabling and saving a policy configuration, the Agent is automatically sent the necessary -information to begin monitoring. - -**CAUTION:** Use extreme caution when enabling lockdown policies to ensure that the required events -do not unintentionally get blocked. - -**_RECOMMENDED:_** Start with monitoring the environment before enabling lockdown policies. For -example, first configure a monitoring policy for the events to be blocked. Watch the captured events -to ensure the filters are returning the expected events. Once assured, create the lockdown policy to -block those events. - -**_RECOMMENDED:_** After configuring a new policy, navigate to either the -[Recent Events Tab](/docs/threatprevention/7.5/admin/policies/recentevents/overview.md) in the policy's configuration or to the -[Investigate Interface](/docs/threatprevention/7.5/admin/investigate/overview.md) to confirm that the intended events being -monitored are intended. Refresh the data to view the recent events. - -### View Event Data - -You can view event data using any of the following: - -- Administration Console – Navigate to either the Recent Events tab in the policy's configuration or - to the Investigate interface to view data for the events being monitored. See the - [Recent Events Tab](/docs/threatprevention/7.5/admin/policies/recentevents/overview.md) and - [Investigate Interface](/docs/threatprevention/7.5/admin/investigate/overview.md) topics for details. Event data configured - to be sent to syslog (SIEM) can also be viewed on the - [SIEM Output Viewer](/docs/threatprevention/7.5/admin/configuration/siemoutputviewer.md) window. -- Netwrix Threat Manager Reporting Module – Use this application to run investigations and generate - reports. See the Set Up the Threat Manager Reporting Module topic to install and launch the - application. - -## Configure Database Maintenance - -Database maintenance is essential to manage the size of the event database. The size should be based -on your data retention needs for various types of event data. See the -[Database Maintenance Window](/docs/threatprevention/7.5/admin/configuration/databasemaintenance/overview.md) topic for -additional information. - -## Set Up the Threat Manager Reporting Module - -Prerequisites - -- See the [Reporting Module Server Requirements](/docs/threatprevention/7.5/requirements/reportingserver.md) topic for details - on prerequisites. -- See the - [Netwrix Threat Manager Reporting Module Ports](/docs/threatprevention/7.5/requirements/ports.md#netwrix-threat-manager-reporting-module-ports) - topic for a list of firewall ports used. - -Installation - -Install the Netwrix Threat Manager Reporting Module application. Typically, this is done on the same -server where Threat Prevention resides, but it can be on any server within the same environment. -This application needs access to the Threat Prevention database. See the -[Reporting Module Installation](/docs/threatprevention/7.5/install/reportingmodule/overview.md) topic for additional -information. - -First Launch - -On launching Netwrix Threat Manager Reporting Module for the first time, you will set the password -for the builtin Administrator account, and optionally enable MFA for that account. See the -[First Launch](/docs/threatprevention/7.5/install/reportingmodule/firstlaunch.md) topic for additional information. - -Initial Configuration - -Configure the following: - -- Credential Profile – See the - [Credential Profile Page](/docs/threatprevention/7.5/reportingmodule/configuration/integrations/credentialprofile.md) topic - for additional information. - - - Configure one Credential Profile for Active Directory Sync - - Configure one Credential Profile for connection to the Threat Prevention database - -- Active Directory Sync – Configure the application to sync with Active Directory. See the - [Active Directory Sync Page](/docs/threatprevention/7.5/reportingmodule/configuration/integrations/activedirectorysync.md) - topic for additional information. -- Netwrix Integration – Configure connection to the Netwrix Threat Manager Reporting Module - database. See the - [Netwrix Integrations Page](/docs/threatprevention/7.5/reportingmodule/configuration/integrations/netwrixintegrations.md) - topic for additional information. -- Configure Console Access through Role Assignment – Grant access to Administrators, Report - Reviewers, Responders, Reviewers, Response Managers, and Report Administrators. See the - [User Access Page](/docs/threatprevention/7.5/reportingmodule/configuration/systemsettings/useraccess.md) topic for - additional information. diff --git a/docs/threatprevention/7.5/install/_category_.json b/docs/threatprevention/7.5/install/_category_.json new file mode 100644 index 0000000000..f87e537fff --- /dev/null +++ b/docs/threatprevention/7.5/install/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Installation", + "position": 30, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/threatprevention/7.5/install/adminconsole.md b/docs/threatprevention/7.5/install/adminconsole.md index 8736344c91..dddc011821 100644 --- a/docs/threatprevention/7.5/install/adminconsole.md +++ b/docs/threatprevention/7.5/install/adminconsole.md @@ -1,3 +1,9 @@ +--- +title: "Administration Console Remote Install" +description: "Administration Console Remote Install" +sidebar_position: 50 +--- + # Administration Console Remote Install Threat Prevention supports the deployment of remote Administration Console, enabling you to install diff --git a/docs/threatprevention/7.5/install/agent/_category_.json b/docs/threatprevention/7.5/install/agent/_category_.json new file mode 100644 index 0000000000..dc2ae208a1 --- /dev/null +++ b/docs/threatprevention/7.5/install/agent/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Agent Information", + "position": 30, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/threatprevention/7.5/install/agent/manual/_category_.json b/docs/threatprevention/7.5/install/agent/manual/_category_.json new file mode 100644 index 0000000000..6ead0f6f6e --- /dev/null +++ b/docs/threatprevention/7.5/install/agent/manual/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Manual Agent Deployment", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "manual" + } +} \ No newline at end of file diff --git a/docs/threatprevention/7.5/install/agent/customcert.md b/docs/threatprevention/7.5/install/agent/manual/customcert.md similarity index 92% rename from docs/threatprevention/7.5/install/agent/customcert.md rename to docs/threatprevention/7.5/install/agent/manual/customcert.md index 96f712f13a..11060c6004 100644 --- a/docs/threatprevention/7.5/install/agent/customcert.md +++ b/docs/threatprevention/7.5/install/agent/manual/customcert.md @@ -1,7 +1,13 @@ +--- +title: "Create Custom Managed Certificates for Each Agent" +description: "Create Custom Managed Certificates for Each Agent" +sidebar_position: 10 +--- + # Create Custom Managed Certificates for Each Agent If "custom-managed" is selected for the CA certificate configuration during -[Manual Agent Deployment](/docs/threatprevention/7.5/install/agent/manual.md), use the `SIAgentCert.exe` command line utility to facilitate +[Manual Agent Deployment](/docs/threatprevention/7.5/install/agent/manual/manual.md), use the `SIAgentCert.exe` command line utility to facilitate the creation of certificates for each Agent. **NOTE:** As a requirement for using custom managed certificates, you must provide the Enterprise diff --git a/docs/threatprevention/7.5/install/agent/manual.md b/docs/threatprevention/7.5/install/agent/manual/manual.md similarity index 96% rename from docs/threatprevention/7.5/install/agent/manual.md rename to docs/threatprevention/7.5/install/agent/manual/manual.md index ca7e2db423..30e499b69b 100644 --- a/docs/threatprevention/7.5/install/agent/manual.md +++ b/docs/threatprevention/7.5/install/agent/manual/manual.md @@ -1,3 +1,9 @@ +--- +title: "Manual Agent Deployment" +description: "Manual Agent Deployment" +sidebar_position: 10 +--- + # Manual Agent Deployment The Threat PreventionAgent must be installed to the appropriate systems for monitoring. See the @@ -23,7 +29,7 @@ hour) password generated by the Enterprise Manager. The Agent Installer uses it Agent is connected to a legitimate Enterprise Manager. Prior to launching the Threat Prevention Windows Agent Setup wizard, note the values for the enrollment secret and the EM certificate. See the -[Enrollment Secret Configuration Window](/docs/threatprevention/7.5/admin/agents/window/enrollmentsecretconfiguration.md) +[Enrollment Secret Configuration Window](/docs/threatprevention/7.5/admin/agents/agents-windows/enrollmentsecretconfiguration.md) topic for additional information. **Step 1 –** From the Threat Prevention server, copy the Agent executable ( @@ -134,7 +140,7 @@ When the settings are configured, click **Next**. **Step 8 –** On the Certificates page, confirm the EM certificate hash by verifying that it contains the same value displayed in the -[Enrollment Secret Configuration Window](/docs/threatprevention/7.5/admin/agents/window/enrollmentsecretconfiguration.md) +[Enrollment Secret Configuration Window](/docs/threatprevention/7.5/admin/agents/agents-windows/enrollmentsecretconfiguration.md) in the Administration Console. **NOTE:** This page is not displayed when "Custom-managed" is selected on the CA Certificate @@ -144,7 +150,7 @@ The Certsinfo folder is located at: …\Netwrix\Netwrix Threat Prevention\SIWind - Approve certificates – Select this checkbox to approve the thumbprint, which will then enable the Enrollment Secret box. Enter the enrollment secret obtained from the - [Enrollment Secret Configuration Window](/docs/threatprevention/7.5/admin/agents/window/enrollmentsecretconfiguration.md). + [Enrollment Secret Configuration Window](/docs/threatprevention/7.5/admin/agents/agents-windows/enrollmentsecretconfiguration.md). **NOTE:** If the enrollment secret has expired, you can generate a new one. @@ -185,4 +191,4 @@ Successful page is displayed. If the certificates are managed by Threat Prevention, Agent deployment is completed. If the custom-managed certificate option was selected, see the -[Create Custom Managed Certificates for Each Agent](/docs/threatprevention/7.5/install/agent/customcert.md) topic for additional information. +[Create Custom Managed Certificates for Each Agent](/docs/threatprevention/7.5/install/agent/manual/customcert.md) topic for additional information. diff --git a/docs/threatprevention/7.5/install/agent/overview.md b/docs/threatprevention/7.5/install/agent/overview.md index 009664db35..c873ba8047 100644 --- a/docs/threatprevention/7.5/install/agent/overview.md +++ b/docs/threatprevention/7.5/install/agent/overview.md @@ -1,3 +1,9 @@ +--- +title: "Agent Information" +description: "Agent Information" +sidebar_position: 30 +--- + # Agent Information The Threat Prevention Agent performs real-time monitoring of the events occurring across supported @@ -49,9 +55,9 @@ registry on the target Agent machine(s) to understand where the Agent configurat located (install path). Next, WMI is used to stop the Agent service, modify the configuration files, and restart the Agent. -Remember to check [Agent Server Requirements](/docs/threatprevention/7.5/requirements/agent.md) before deploying an +Remember to check [Agent Server Requirements](/docs/threatprevention/7.5/requirements/agent/agent.md) before deploying an Agent, including the -[Agent Compatibility with Non-Netwrix Security Products](/docs/threatprevention/7.5/requirements/agent.md#agent-compatibility-with-non-netwrix-security-products) +[Agent Compatibility with Non-Netwrix Security Products](/docs/threatprevention/7.5/requirements/agent/agent.md#agent-compatibility-with-non-netwrix-security-products) list. ## Domain Controllers @@ -77,7 +83,7 @@ control the configuration for that monitored host. However, Activity Monitor can provide multiple outputs for a host, e.g. for Netwrix Access Analyzer (formerly Enterprise Auditor), Netwrix Threat Manager, or SIEM products. Add a new output for the same host to the Monitored Host tab in the Activity Monitor console to be used by the other product. See the -[Send Active Directory Event Data from Netwrix Threat Prevention to Netwrix Access Analyzer](/docs/threatprevention/7.5/config/activedirectory/threatprevention.md) +[Send Active Directory Event Data from Netwrix Threat Prevention to Netwrix Access Analyzer](/docs/threatprevention/7.5/admin/configuration/threatprevention.md) topic for additional information. ## Exchange Servers @@ -118,5 +124,5 @@ control the configuration for that monitored host. However, Activity Monitor can provide multiple outputs for a host, e.g. for Netwrix Access Analyzer (formerly Enterprise Auditor), Netwrix Threat Manager, or SIEM products. Add a new output for the same host to the Monitored Host tab in the Activity Monitor console to be used by the other product. See the -[Send Active Directory Event Data from Netwrix Threat Prevention to Netwrix Access Analyzer](/docs/threatprevention/7.5/config/activedirectory/threatprevention.md) +[Send Active Directory Event Data from Netwrix Threat Prevention to Netwrix Access Analyzer](/docs/threatprevention/7.5/admin/configuration/threatprevention.md) topic for additional information. diff --git a/docs/threatprevention/7.5/install/agent/silent.md b/docs/threatprevention/7.5/install/agent/silent.md index 9e93c9f310..2d1c6b83ad 100644 --- a/docs/threatprevention/7.5/install/agent/silent.md +++ b/docs/threatprevention/7.5/install/agent/silent.md @@ -1,3 +1,9 @@ +--- +title: "Agent Silent Install Option" +description: "Agent Silent Install Option" +sidebar_position: 20 +--- + # Agent Silent Install Option You can use command line options to install the Agent silently. These options can be leveraged to @@ -27,8 +33,8 @@ command line. | Property Name | Description | Default Value | | ----------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | CUSTOM_CA | If this property is set to True, then the custom-managed certificate mode is enabled. This mode uses certificates that are signed by the customer's external certificate authority. In this mode, the installer will not generate certificates and will not start the Agent Service at the end of the installation. | FALSE | -| EMCERTIFICATE | Enterprise Manager Certificate Thumbprint | This value can be found in the [Agents Interface](/docs/threatprevention/7.5/admin/agents/overview.md) by clicking the Agent Enrollment Secret icon to open the [Enrollment Secret Configuration Window](/docs/threatprevention/7.5/admin/agents/window/enrollmentsecretconfiguration.md). This value is not used for high security mode. | -| ENROLLMENTSECRET **Required for enrolling new Agent** | Agent Enrollment Secret | This value can be found in the [Agents Interface](/docs/threatprevention/7.5/admin/agents/overview.md) by clicking the Agent Enrollment Secret icon to open the [Enrollment Secret Configuration Window](/docs/threatprevention/7.5/admin/agents/window/enrollmentsecretconfiguration.md). This is a required field if using auto security mode. It is not used for high security mode. | +| EMCERTIFICATE | Enterprise Manager Certificate Thumbprint | This value can be found in the [Agents Interface](/docs/threatprevention/7.5/admin/agents/overview.md) by clicking the Agent Enrollment Secret icon to open the [Enrollment Secret Configuration Window](/docs/threatprevention/7.5/admin/agents/agents-windows/enrollmentsecretconfiguration.md). This value is not used for high security mode. | +| ENROLLMENTSECRET **Required for enrolling new Agent** | Agent Enrollment Secret | This value can be found in the [Agents Interface](/docs/threatprevention/7.5/admin/agents/overview.md) by clicking the Agent Enrollment Secret icon to open the [Enrollment Secret Configuration Window](/docs/threatprevention/7.5/admin/agents/agents-windows/enrollmentsecretconfiguration.md). This is a required field if using auto security mode. It is not used for high security mode. | | SAFEMODE | Start Agent Service in safe mode | FALSE | | STARTAGENTSERVICE | Start Agent Service on successful installation | FALSE | | ADDFWRULES | Create firewall rules for the Agent Service | TRUE | diff --git a/docs/threatprevention/7.5/install/application.md b/docs/threatprevention/7.5/install/application.md index e5628c0b7c..884ee16b4b 100644 --- a/docs/threatprevention/7.5/install/application.md +++ b/docs/threatprevention/7.5/install/application.md @@ -1,3 +1,9 @@ +--- +title: "Application Server Install" +description: "Application Server Install" +sidebar_position: 10 +--- + # Application Server Install Follow the steps to install Threat Prevention. @@ -168,4 +174,4 @@ installation is complete, click **Finish**. ![Threat Prevention Admin Console desktop icon](/img/product_docs/threatprevention/7.5/install/desktopicon.webp) The selected components have been installed, and the Threat Prevention Console icon is now on the -desktop. See the [First Launch](/docs/threatprevention/7.5/install/firstlaunch.md) topic for the next steps. +desktop. See the [First Launch](/docs/threatprevention/7.5/install/firstlaunch/firstlaunch.md) topic for the next steps. diff --git a/docs/threatprevention/7.5/install/certificatemanagementwizard.md b/docs/threatprevention/7.5/install/certificatemanagementwizard.md index b5f03cdf95..9c6ff02142 100644 --- a/docs/threatprevention/7.5/install/certificatemanagementwizard.md +++ b/docs/threatprevention/7.5/install/certificatemanagementwizard.md @@ -1,3 +1,9 @@ +--- +title: "Certificate Management Wizard" +description: "Certificate Management Wizard" +sidebar_position: 80 +--- + # Certificate Management Wizard The Certificate Management Wizard is a standalone component used to configure Threat Prevention diff --git a/docs/threatprevention/7.5/install/dbconnectionmanager.md b/docs/threatprevention/7.5/install/dbconnectionmanager.md index 0e21920ff2..ae533ca96d 100644 --- a/docs/threatprevention/7.5/install/dbconnectionmanager.md +++ b/docs/threatprevention/7.5/install/dbconnectionmanager.md @@ -1,3 +1,9 @@ +--- +title: "DB Connection Manager Wizard" +description: "DB Connection Manager Wizard" +sidebar_position: 90 +--- + # DB Connection Manager Wizard The Database Connection Manager (SIDBConfigMgr.exe) allows you to update the connection options for diff --git a/docs/threatprevention/7.5/install/eperestsite.md b/docs/threatprevention/7.5/install/eperestsite.md index 07363e1f3a..b955e4a9e3 100644 --- a/docs/threatprevention/7.5/install/eperestsite.md +++ b/docs/threatprevention/7.5/install/eperestsite.md @@ -1,3 +1,9 @@ +--- +title: "EPE Rest Site Install" +description: "EPE Rest Site Install" +sidebar_position: 70 +--- + # EPE Rest Site Install The EPE Rest Site is an optional web server that third parties can use to integrate with the Threat diff --git a/docs/threatprevention/7.5/install/epeuserfeedback.md b/docs/threatprevention/7.5/install/epeuserfeedback.md index 0903dd58a9..5b70b6390e 100644 --- a/docs/threatprevention/7.5/install/epeuserfeedback.md +++ b/docs/threatprevention/7.5/install/epeuserfeedback.md @@ -1,3 +1,9 @@ +--- +title: "EPE User Feedback Module" +description: "EPE User Feedback Module" +sidebar_position: 60 +--- + # EPE User Feedback Module You can choose to install the optional Enterprise Password Enforcer (EPE) User Feedback module for diff --git a/docs/threatprevention/7.5/install/firstlaunch.md b/docs/threatprevention/7.5/install/firstlaunch.md deleted file mode 100644 index 59fddc0079..0000000000 --- a/docs/threatprevention/7.5/install/firstlaunch.md +++ /dev/null @@ -1,50 +0,0 @@ -# First Launch - -Once Threat Prevention is installed, the Administration Console administrator is the only user who -can launch it for the first time. - -Follow the steps to launch Threat Prevention for the first time. - -**Step 1 –** On first launch, the Netwrix Threat Prevention Licensing Configuration window is -displayed to the first Administration Console administrator, showing a license key warning: - -- Product license will expire in `` days. Please contact your Netwrix representative for a - new license. - -This warning always displays when the organization’s license is within 14 days of expiring. Click -**OK**. See the [Import the License](/docs/threatprevention/7.5/install/licenseimport.md) topic for licensing the product. - -![Import Templates dialog box](/img/product_docs/threatprevention/7.5/install/importtemplates.webp) - -**Step 2 –** On the Import Templates dialog box, you can choose to import policy templates now or -later. - -In Threat Prevention, many policy templates are pre-configured for the most common policy types, so -that you can quickly configure a policy. See the -[Templates Interface](/docs/threatprevention/7.5/admin/templates/overview.md) topic for details. - -- Click **Yes** on the Import Templates dialog box to import all the templates into the - Administration Console now. Once complete, the templates are available to all Administration - Console users. -- On clicking **No**, the Import Templates dialog box appears asking, “Do you want to be prompted - again next time this application loads?” - -You can import the policy templates any time later. See the -[Import Templates](/docs/threatprevention/7.5/admin/templates/folder/overview.md#import-templates) topic for additional -information. - -![Install Agent dialog box](/img/product_docs/threatprevention/7.5/install/installagent.webp) - -**Step 3 –** On the Install Agents dialog box, you can choose to install the Agent on servers now or -later. - -The Agent is responsible for monitoring the events as configured in policies. The Agent must be -deployed on all the servers where these events occur. Use the Administration Console to deploy and -manage the Agent. - -- Click **Yes** on the Install Agents dialog box to launch the **Deploy Agents** wizard. See the - [Deploy Agents](/docs/threatprevention/7.5/admin/agents/deploy/overview.md) topic for additional information. -- Click **No** if you do not want to install the Agents now. To install Agents later, see the - [Agents Interface](/docs/threatprevention/7.5/admin/agents/overview.md) topic. - -See the [Getting Started ](/docs/threatprevention/7.5/gettingstarted.md)topic for the next steps. diff --git a/docs/threatprevention/7.5/install/firstlaunch/_category_.json b/docs/threatprevention/7.5/install/firstlaunch/_category_.json new file mode 100644 index 0000000000..e543b7a540 --- /dev/null +++ b/docs/threatprevention/7.5/install/firstlaunch/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "First Launch", + "position": 20, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "firstlaunch" + } +} \ No newline at end of file diff --git a/docs/threatprevention/7.5/install/firstlaunch/firstlaunch.md b/docs/threatprevention/7.5/install/firstlaunch/firstlaunch.md new file mode 100644 index 0000000000..c0e06cdb29 --- /dev/null +++ b/docs/threatprevention/7.5/install/firstlaunch/firstlaunch.md @@ -0,0 +1,56 @@ +--- +title: "First Launch" +description: "First Launch" +sidebar_position: 20 +--- + +# First Launch + +Once Threat Prevention is installed, the Administration Console administrator is the only user who +can launch it for the first time. + +Follow the steps to launch Threat Prevention for the first time. + +**Step 1 –** On first launch, the Netwrix Threat Prevention Licensing Configuration window is +displayed to the first Administration Console administrator, showing a license key warning: + +- Product license will expire in `` days. Please contact your Netwrix representative for a + new license. + +This warning always displays when the organization’s license is within 14 days of expiring. Click +**OK**. See the [Import the License](/docs/threatprevention/7.5/install/firstlaunch/licenseimport.md) topic for licensing the product. + +![Import Templates dialog box](/img/product_docs/threatprevention/7.5/install/importtemplates.webp) + +**Step 2 –** On the Import Templates dialog box, you can choose to import policy templates now or +later. + +In Threat Prevention, many policy templates are pre-configured for the most common policy types, so +that you can quickly configure a policy. See the +[Templates Interface](/docs/threatprevention/7.5/admin/templates/overview.md) topic for details. + +- Click **Yes** on the Import Templates dialog box to import all the templates into the + Administration Console now. Once complete, the templates are available to all Administration + Console users. +- On clicking **No**, the Import Templates dialog box appears asking, “Do you want to be prompted + again next time this application loads?” + +You can import the policy templates any time later. See the +[Import Templates](/docs/threatprevention/7.5/admin/templates/folder/overview.md#import-templates) topic for additional +information. + +![Install Agent dialog box](/img/product_docs/threatprevention/7.5/install/installagent.webp) + +**Step 3 –** On the Install Agents dialog box, you can choose to install the Agent on servers now or +later. + +The Agent is responsible for monitoring the events as configured in policies. The Agent must be +deployed on all the servers where these events occur. Use the Administration Console to deploy and +manage the Agent. + +- Click **Yes** on the Install Agents dialog box to launch the **Deploy Agents** wizard. See the + [Deploy Agents](/docs/threatprevention/7.5/admin/agents/deploy/overview.md) topic for additional information. +- Click **No** if you do not want to install the Agents now. To install Agents later, see the + [Agents Interface](/docs/threatprevention/7.5/admin/agents/overview.md) topic. + +See the [Getting Started ](/docs/threatprevention/7.5/overview/gettingstarted.md)topic for the next steps. diff --git a/docs/threatprevention/7.5/install/licenseimport.md b/docs/threatprevention/7.5/install/firstlaunch/licenseimport.md similarity index 92% rename from docs/threatprevention/7.5/install/licenseimport.md rename to docs/threatprevention/7.5/install/firstlaunch/licenseimport.md index b503b658cf..d13cab84a0 100644 --- a/docs/threatprevention/7.5/install/licenseimport.md +++ b/docs/threatprevention/7.5/install/firstlaunch/licenseimport.md @@ -1,3 +1,9 @@ +--- +title: "Import the License" +description: "Import the License" +sidebar_position: 10 +--- + # Import the License Threat Prevention comes with a temporary 6-day license. diff --git a/docs/threatprevention/7.5/install/migrateemserver.md b/docs/threatprevention/7.5/install/migrateemserver.md index 3fa4eb7a0a..514c3fe1b0 100644 --- a/docs/threatprevention/7.5/install/migrateemserver.md +++ b/docs/threatprevention/7.5/install/migrateemserver.md @@ -1,3 +1,9 @@ +--- +title: "Migrate the Enterprise Manager Server" +description: "Migrate the Enterprise Manager Server" +sidebar_position: 100 +--- + # Migrate the Enterprise Manager Server Follow the steps to move the Threat Prevention7.5 Enterprise Manager to a different server when @@ -77,5 +83,5 @@ Netwrix Threat Prevention server. recommended that you uninstall, then re-enroll and re-install all Agents with new certificates. This is because customer supplied certificates usually have the FQDN info of the Enterprise Manager and the new Enterprise Manager machine would typically have a different DNS name. See the -[Create Custom Managed Certificates for Each Agent](/docs/threatprevention/7.5/install/agent/customcert.md) topic for additional +[Create Custom Managed Certificates for Each Agent](/docs/threatprevention/7.5/install/agent/manual/customcert.md) topic for additional information. diff --git a/docs/threatprevention/7.5/install/overview.md b/docs/threatprevention/7.5/install/overview.md index 21f5dbcfca..8d60f4ef26 100644 --- a/docs/threatprevention/7.5/install/overview.md +++ b/docs/threatprevention/7.5/install/overview.md @@ -1,3 +1,9 @@ +--- +title: "Installation" +description: "Installation" +sidebar_position: 30 +--- + # Installation Threat Prevention consists of a number of components that work together to monitor activity in diff --git a/docs/threatprevention/7.5/install/reportingmodule/_category_.json b/docs/threatprevention/7.5/install/reportingmodule/_category_.json new file mode 100644 index 0000000000..394d55029f --- /dev/null +++ b/docs/threatprevention/7.5/install/reportingmodule/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Reporting Module Installation", + "position": 40, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/threatprevention/7.5/install/reportingmodule/application.md b/docs/threatprevention/7.5/install/reportingmodule/application.md index 28a86cebcf..03b980ed3f 100644 --- a/docs/threatprevention/7.5/install/reportingmodule/application.md +++ b/docs/threatprevention/7.5/install/reportingmodule/application.md @@ -1,3 +1,9 @@ +--- +title: "Install the Netwrix Threat Manager Reporting Module" +description: "Install the Netwrix Threat Manager Reporting Module" +sidebar_position: 20 +--- + # Install the Netwrix Threat Manager Reporting Module The application can be installed on the same server as the PostgreSQL databases or a different diff --git a/docs/threatprevention/7.5/install/reportingmodule/database.md b/docs/threatprevention/7.5/install/reportingmodule/database.md index ada450f28c..d882a1ff56 100644 --- a/docs/threatprevention/7.5/install/reportingmodule/database.md +++ b/docs/threatprevention/7.5/install/reportingmodule/database.md @@ -1,3 +1,9 @@ +--- +title: "Install the PostgreSQL Database Application" +description: "Install the PostgreSQL Database Application" +sidebar_position: 10 +--- + # Install the PostgreSQL Database Application The PostgreSQL database application can be installed on the same server as the application or a diff --git a/docs/threatprevention/7.5/install/reportingmodule/firstlaunch.md b/docs/threatprevention/7.5/install/reportingmodule/firstlaunch.md index a0264621e1..e8823b3ae0 100644 --- a/docs/threatprevention/7.5/install/reportingmodule/firstlaunch.md +++ b/docs/threatprevention/7.5/install/reportingmodule/firstlaunch.md @@ -1,3 +1,9 @@ +--- +title: "First Launch" +description: "First Launch" +sidebar_position: 40 +--- + # First Launch On installing the Netwrix Threat Manager Reporting Module, the following icon appears on the @@ -34,7 +40,7 @@ The built-in ADMIN account password is now set. If the Enable MFA option is set to OFF, no additional configuration is required and the Netwrix Threat Manager Reporting Module Console opens. See the -[Set Up the Threat Manager Reporting Module](/docs/threatprevention/7.5/gettingstarted.md#set-up-the-threat-manager-reporting-module) +[Set Up the Threat Manager Reporting Module](/docs/threatprevention/7.5/overview/gettingstarted.md#set-up-the-threat-manager-reporting-module) topic for initial configuration information. If the Enable MFA option is set to ON, registration of an MFA authenticator is required. Proceed to @@ -61,5 +67,5 @@ of codes to access for account recovery, if needed. Once MFA is configured for this account, the Netwrix Threat Manager Reporting Module console opens. See the -[Set Up the Threat Manager Reporting Module](/docs/threatprevention/7.5/gettingstarted.md#set-up-the-threat-manager-reporting-module) +[Set Up the Threat Manager Reporting Module](/docs/threatprevention/7.5/overview/gettingstarted.md#set-up-the-threat-manager-reporting-module) topic for the next steps. diff --git a/docs/threatprevention/7.5/install/reportingmodule/overview.md b/docs/threatprevention/7.5/install/reportingmodule/overview.md index 91c2033124..9751a33084 100644 --- a/docs/threatprevention/7.5/install/reportingmodule/overview.md +++ b/docs/threatprevention/7.5/install/reportingmodule/overview.md @@ -1,3 +1,9 @@ +--- +title: "Reporting Module Installation" +description: "Reporting Module Installation" +sidebar_position: 40 +--- + # Reporting Module Installation Prior to installing Netwrix Threat Manager Reporting Module 3.0, make sure that all the @@ -86,5 +92,5 @@ launcher opens. You can now install the following components on the same server: for additional information. After completing the first launch, it is time to complete the initial configuration. See the -[Set Up the Threat Manager Reporting Module](/docs/threatprevention/7.5/gettingstarted.md#set-up-the-threat-manager-reporting-module) +[Set Up the Threat Manager Reporting Module](/docs/threatprevention/7.5/overview/gettingstarted.md#set-up-the-threat-manager-reporting-module) topic for additional information. diff --git a/docs/threatprevention/7.5/install/reportingmodule/secure.md b/docs/threatprevention/7.5/install/reportingmodule/secure.md index e8d764b35e..6124541b65 100644 --- a/docs/threatprevention/7.5/install/reportingmodule/secure.md +++ b/docs/threatprevention/7.5/install/reportingmodule/secure.md @@ -1,3 +1,9 @@ +--- +title: "Secure the Reporting Module Console" +description: "Secure the Reporting Module Console" +sidebar_position: 30 +--- + # Secure the Reporting Module Console To support HTTPS, do the following: diff --git a/docs/threatprevention/7.5/install/upgrade/_category_.json b/docs/threatprevention/7.5/install/upgrade/_category_.json new file mode 100644 index 0000000000..e0928068ee --- /dev/null +++ b/docs/threatprevention/7.5/install/upgrade/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Upgrade Procedure", + "position": 110, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/threatprevention/7.5/install/upgrade/agent.md b/docs/threatprevention/7.5/install/upgrade/agent.md index ecd4dd6d25..d0fb2b3a96 100644 --- a/docs/threatprevention/7.5/install/upgrade/agent.md +++ b/docs/threatprevention/7.5/install/upgrade/agent.md @@ -1,3 +1,9 @@ +--- +title: "Upgrade Agent" +description: "Upgrade Agent" +sidebar_position: 20 +--- + # Upgrade Agent The Threat Prevention Agent is updated from the Agents interface. @@ -20,7 +26,7 @@ Follow the steps to upgrade a deployed Agent. **Step 2 –** On the [Agents Interface](/docs/threatprevention/7.5/admin/agents/overview.md), select the desired server/Agent in the grid and on the top toolbar, select **Update Agent Installer**. The -[Agent Installer Update Window](/docs/threatprevention/7.5/admin/agents/window/agentinstallerupdate.md) opens. +[Agent Installer Update Window](/docs/threatprevention/7.5/admin/agents/agents-windows/agentinstallerupdate.md) opens. **Step 3 –** On the Agent Installer Update window, click **Check for Newer Version of the Netwrix Threat Prevention Agent**. The green bar indicates the progress of checking the Agent for a newer diff --git a/docs/threatprevention/7.5/install/upgrade/overview.md b/docs/threatprevention/7.5/install/upgrade/overview.md index 6f7fe36c09..0bd72ebdfe 100644 --- a/docs/threatprevention/7.5/install/upgrade/overview.md +++ b/docs/threatprevention/7.5/install/upgrade/overview.md @@ -1,3 +1,9 @@ +--- +title: "Upgrade Procedure" +description: "Upgrade Procedure" +sidebar_position: 110 +--- + # Upgrade Procedure This topic provides the basic steps needed to upgrade the following on the same machine: @@ -34,7 +40,7 @@ upgrade. For NAS file system monitoring, Threat Prevention works in conjunction with the Activity Monitor. Hence, the agent versions for the two products must be compatible. See the -[NAS Device Support](/docs/threatprevention/7.5/requirements/agentnas.md) topic for information on version compatibility. +[NAS Device Support](/docs/threatprevention/7.5/requirements/agent/agentnas.md) topic for information on version compatibility. ## Infrastructure Upgrade Procedure for 7.5.x to 7.5.y diff --git a/docs/threatprevention/7.5/install/upgrade/policytemplates.md b/docs/threatprevention/7.5/install/upgrade/policytemplates.md index e5d96ff185..cd86083946 100644 --- a/docs/threatprevention/7.5/install/upgrade/policytemplates.md +++ b/docs/threatprevention/7.5/install/upgrade/policytemplates.md @@ -1,3 +1,9 @@ +--- +title: "Upgrade Policy Templates" +description: "Upgrade Policy Templates" +sidebar_position: 10 +--- + # Upgrade Policy Templates When new or updated policy templates are available with a Threat Prevention upgrade, they are not diff --git a/docs/threatprevention/7.5/install/upgrade/reportingmodule.md b/docs/threatprevention/7.5/install/upgrade/reportingmodule.md index 2773f52f72..56a46163f1 100644 --- a/docs/threatprevention/7.5/install/upgrade/reportingmodule.md +++ b/docs/threatprevention/7.5/install/upgrade/reportingmodule.md @@ -1,3 +1,9 @@ +--- +title: "Upgrade the Reporting Module" +description: "Upgrade the Reporting Module" +sidebar_position: 40 +--- + # Upgrade the Reporting Module This topic provides the steps needed to upgrade the Netwrix Threat Manager Reporting Module from diff --git a/docs/threatprevention/7.5/install/upgrade/uninstallagent.md b/docs/threatprevention/7.5/install/upgrade/uninstallagent.md index dc83d66944..18d133bbd7 100644 --- a/docs/threatprevention/7.5/install/upgrade/uninstallagent.md +++ b/docs/threatprevention/7.5/install/upgrade/uninstallagent.md @@ -1,3 +1,9 @@ +--- +title: "Uninstall Agent" +description: "Uninstall Agent" +sidebar_position: 30 +--- + # Uninstall Agent When a newer version of the Agent is available, the Agents need to be uninstalled before the latest diff --git a/docs/threatprevention/7.5/overview.md b/docs/threatprevention/7.5/overview.md deleted file mode 100644 index 1e39c0f186..0000000000 --- a/docs/threatprevention/7.5/overview.md +++ /dev/null @@ -1,34 +0,0 @@ -# Netwrix Threat Prevention v7.5 Documentation - -Netwrix Threat Prevention strengthens an organization’s defense against internal and external -threats by acting as a real-time protective layer around critical systems, including Active -Directory, Exchange, and file systems. Unlike native Windows logging, it intercepts and blocks risky -activity at the source - before damage occurs - offering greater visibility, control, and response -capabilities. - -- Active Monitoring — Threat Prevention continuously monitors changes, authentications, and access - attempts without relying on native logs. It inspects all critical activities at the point of - origin, alerting security teams to policy violations and potentially malicious behavior in real - time. -- Proactive Blocking — Beyond detection, Threat Prevention can automatically block unauthorized or - suspicious actions, such as group membership changes, GPO modifications, or logon attempts from - compromised accounts. This stops threats like ransomware and privilege escalation before they - impact business systems. -- Real-Time Alerts and Enforcement — It enforces custom security policies with immediate alerts and - automated responses, enabling fast remediation and minimizing potential damage or downtime. -- Comprehensive Audit Trail — Threat Prevention records rich, contextual event details, including - pre- and post-change values, helping auditors and admins understand what happened, when, and by - whom, without the noise or delay of native logs. -- Seamless Third-Party Integration — It feeds enriched, real-time data to SIEM platforms and other - tools, ensuring security teams receive actionable intelligence instantly, with no need to parse - Windows event logs. -- Modern, Secure Architecture — Built for the evolving security landscape, Threat Prevention uses a - FIPS 140-2 compliant architecture to meet modern security and compliance requirements. - -Organizations can use Threat Prevention to: - -- Detect and investigate suspicious authentication behavior -- Proactively prevent unauthorized changes to critical systems -- Automatically block the riskiest actions before damage occurs -- Speed up investigations and reduce response time -- Strengthen overall security posture and streamline compliance diff --git a/docs/threatprevention/7.5/overview/_category_.json b/docs/threatprevention/7.5/overview/_category_.json new file mode 100644 index 0000000000..af367198e5 --- /dev/null +++ b/docs/threatprevention/7.5/overview/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Netwrix Threat Prevention v7.5 Documentation", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/threatprevention/7.5/overview/gettingstarted.md b/docs/threatprevention/7.5/overview/gettingstarted.md new file mode 100644 index 0000000000..6be6c9a07c --- /dev/null +++ b/docs/threatprevention/7.5/overview/gettingstarted.md @@ -0,0 +1,130 @@ +--- +title: "Getting Started" +description: "Getting Started" +sidebar_position: 10 +--- + +# Getting Started + +After launching the Threat Prevention Administration Console, the administrator must configure some +initial settings to start monitoring the organization's environment: + +- In the Administration Console, configure users, alerts, collections, policies, and database + maintenance. +- Install and configure the Netwrix Threat Manager Reporting Module to view event data. + +## Configure Additional Users + +From installation to first launch, a single Threat Prevention administrator is the only user who can +access the Administration Console. This user must create additional users and assign them roles that +control what they have access to. See the +[Users and Roles Window](/docs/threatprevention/7.5/admin/configuration/userroles/overview.md) topic to configure users. + +## Configure Alerts + +The administrator must configure email and SIEM alerts before they can be enabled. See the +[System Alerting Window](/docs/threatprevention/7.5/admin/configuration/systemalerting/overview.md) topic to enable alerts and +to select your desired events for sending notifications. + +## Configure Collections + +Collections are reusable lists of policy filter settings. To create new policies using policy +templates, Collections must be configured. Several templates are configured using Collections as a +policy filter. See the +[Collection Manager Window](/docs/threatprevention/7.5/admin/configuration/collectionmanager/overview.md) topic to configure +Collections. + +## Create, Configure, and Enable Policies + +After deploying Agents and completing initial configuration, it is time to create, configure, and +enable policies to begin monitoring your organization’s environment. Do either of the following: + +- Use a policy template to create a policy. See the + [Pre-Created Templates](/docs/threatprevention/7.5/admin/templates/folder/overview.md) topic for additional information. +- Create a new policy and template configuration. See the + [Policy Configuration](/docs/threatprevention/7.5/admin/policies/configuration/configuration.md) and + [Template Configuration](/docs/threatprevention/7.5/admin/templates/configuration/configuration.md) topics for additional information. + +On enabling and saving a policy configuration, the Agent is automatically sent the necessary +information to begin monitoring. + +**CAUTION:** Use extreme caution when enabling lockdown policies to ensure that the required events +do not unintentionally get blocked. + +**_RECOMMENDED:_** Start with monitoring the environment before enabling lockdown policies. For +example, first configure a monitoring policy for the events to be blocked. Watch the captured events +to ensure the filters are returning the expected events. Once assured, create the lockdown policy to +block those events. + +**_RECOMMENDED:_** After configuring a new policy, navigate to either the +[Recent Events Tab](/docs/threatprevention/7.5/admin/policies/configuration/recentevents/overview.md) in the policy's configuration or to the +[Investigate Interface](/docs/threatprevention/7.5/admin/investigate/overview.md) to confirm that the intended events being +monitored are intended. Refresh the data to view the recent events. + +### View Event Data + +You can view event data using any of the following: + +- Administration Console – Navigate to either the Recent Events tab in the policy's configuration or + to the Investigate interface to view data for the events being monitored. See the + [Recent Events Tab](/docs/threatprevention/7.5/admin/policies/configuration/recentevents/overview.md) and + [Investigate Interface](/docs/threatprevention/7.5/admin/investigate/overview.md) topics for details. Event data configured + to be sent to syslog (SIEM) can also be viewed on the + [SIEM Output Viewer](/docs/threatprevention/7.5/admin/configuration/siemoutputviewer.md) window. +- Netwrix Threat Manager Reporting Module – Use this application to run investigations and generate + reports. See the Set Up the Threat Manager Reporting Module topic to install and launch the + application. + +## Configure Database Maintenance + +Database maintenance is essential to manage the size of the event database. The size should be based +on your data retention needs for various types of event data. See the +[Database Maintenance Window](/docs/threatprevention/7.5/admin/configuration/databasemaintenance/overview.md) topic for +additional information. + +## Set Up the Threat Manager Reporting Module + +Prerequisites + +- See the [Reporting Module Server Requirements](/docs/threatprevention/7.5/requirements/reportingserver.md) topic for details + on prerequisites. +- See the + [Netwrix Threat Manager Reporting Module Ports](/docs/threatprevention/7.5/requirements/ports.md#netwrix-threat-manager-reporting-module-ports) + topic for a list of firewall ports used. + +Installation + +Install the Netwrix Threat Manager Reporting Module application. Typically, this is done on the same +server where Threat Prevention resides, but it can be on any server within the same environment. +This application needs access to the Threat Prevention database. See the +[Reporting Module Installation](/docs/threatprevention/7.5/install/reportingmodule/overview.md) topic for additional +information. + +First Launch + +On launching Netwrix Threat Manager Reporting Module for the first time, you will set the password +for the builtin Administrator account, and optionally enable MFA for that account. See the +[First Launch](/docs/threatprevention/7.5/install/reportingmodule/firstlaunch.md) topic for additional information. + +Initial Configuration + +Configure the following: + +- Credential Profile – See the + [Credential Profile Page](/docs/threatprevention/7.5/reportingmodule/configuration/integrations/credentialprofile.md) topic + for additional information. + + - Configure one Credential Profile for Active Directory Sync + - Configure one Credential Profile for connection to the Threat Prevention database + +- Active Directory Sync – Configure the application to sync with Active Directory. See the + [Active Directory Sync Page](/docs/threatprevention/7.5/reportingmodule/configuration/integrations/activedirectorysync.md) + topic for additional information. +- Netwrix Integration – Configure connection to the Netwrix Threat Manager Reporting Module + database. See the + [Netwrix Integrations Page](/docs/threatprevention/7.5/reportingmodule/configuration/integrations/netwrixintegrations.md) + topic for additional information. +- Configure Console Access through Role Assignment – Grant access to Administrators, Report + Reviewers, Responders, Reviewers, Response Managers, and Report Administrators. See the + [User Access Page](/docs/threatprevention/7.5/reportingmodule/configuration/interface/useraccess.md) topic for + additional information. diff --git a/docs/threatprevention/7.5/overview/overview.md b/docs/threatprevention/7.5/overview/overview.md new file mode 100644 index 0000000000..418415d025 --- /dev/null +++ b/docs/threatprevention/7.5/overview/overview.md @@ -0,0 +1,40 @@ +--- +title: "Netwrix Threat Prevention v7.5 Documentation" +description: "Netwrix Threat Prevention v7.5 Documentation" +sidebar_position: 10 +--- + +# Netwrix Threat Prevention v7.5 Documentation + +Netwrix Threat Prevention strengthens an organization’s defense against internal and external +threats by acting as a real-time protective layer around critical systems, including Active +Directory, Exchange, and file systems. Unlike native Windows logging, it intercepts and blocks risky +activity at the source - before damage occurs - offering greater visibility, control, and response +capabilities. + +- Active Monitoring — Threat Prevention continuously monitors changes, authentications, and access + attempts without relying on native logs. It inspects all critical activities at the point of + origin, alerting security teams to policy violations and potentially malicious behavior in real + time. +- Proactive Blocking — Beyond detection, Threat Prevention can automatically block unauthorized or + suspicious actions, such as group membership changes, GPO modifications, or logon attempts from + compromised accounts. This stops threats like ransomware and privilege escalation before they + impact business systems. +- Real-Time Alerts and Enforcement — It enforces custom security policies with immediate alerts and + automated responses, enabling fast remediation and minimizing potential damage or downtime. +- Comprehensive Audit Trail — Threat Prevention records rich, contextual event details, including + pre- and post-change values, helping auditors and admins understand what happened, when, and by + whom, without the noise or delay of native logs. +- Seamless Third-Party Integration — It feeds enriched, real-time data to SIEM platforms and other + tools, ensuring security teams receive actionable intelligence instantly, with no need to parse + Windows event logs. +- Modern, Secure Architecture — Built for the evolving security landscape, Threat Prevention uses a + FIPS 140-2 compliant architecture to meet modern security and compliance requirements. + +Organizations can use Threat Prevention to: + +- Detect and investigate suspicious authentication behavior +- Proactively prevent unauthorized changes to critical systems +- Automatically block the riskiest actions before damage occurs +- Speed up investigations and reduce response time +- Strengthen overall security posture and streamline compliance diff --git a/docs/threatprevention/7.5/overview/solutions/_category_.json b/docs/threatprevention/7.5/overview/solutions/_category_.json new file mode 100644 index 0000000000..61e3258ec2 --- /dev/null +++ b/docs/threatprevention/7.5/overview/solutions/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Solutions", + "position": 30, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/threatprevention/7.5/overview/solutions/activedirectory.md b/docs/threatprevention/7.5/overview/solutions/activedirectory.md new file mode 100644 index 0000000000..1ad533cfcf --- /dev/null +++ b/docs/threatprevention/7.5/overview/solutions/activedirectory.md @@ -0,0 +1,68 @@ +--- +title: "Active Directory" +description: "Active Directory" +sidebar_position: 10 +--- + +# Active Directory + +Threat Prevention for Active Directory is a real-time change and access monitoring solution designed +to detect, block, and alert on unauthorized or high-risk activity within Active Directory +environments - without relying on native Windows logging mechanisms. It captures and inspects all +authentication, access, and modification activity at the domain controller level, providing full +visibility into changes across individual Active Directory objects, attributes, group memberships, +and Group Policy Objects (GPOs). All actions are recorded in a detailed audit trail that includes +pre- and post-change values with actor context. + +Key aspects of the Active Directory solution are: + +- Proactive Enforcement — Blocks unauthorized or policy-violating changes (for example, group + membership or GPO edits) before they are applied, strengthening native Active Directory controls +- Real-Time Authentication Monitoring — Captures and logs all authentication requests, including + Kerberos and NTLM logons, providing visibility into authentication events across the environment +- Granular Change Monitoring — Provides detailed monitoring of all changes within Active Directory, + including object-level modifications, access permissions, and group memberships, ensuring complete + visibility into any action that could impact security or compliance +- Customizable Security Policies — Allows administrators to define custom rules for blocking and + alerting on specific types of changes or access attempts, offering tailored security enforcement + based on organizational needs + +Some important events Threat Prevention captures are: + +- Changes +- Account Lockouts +- Password Resets +- Comprised and Weak Password Use +- Group Policy Object (GPO) Modifications +- Object Moves/Adds/Deletes +- Permission Modifications +- Groups Membership +- DNS Changes +- LSASS Modifications +- AD Replication +- Replication Impersonations +- Active Directory Read Monitoring +- Authentication (Kerberos & NTLM) + + - Authentication-based Attacks (e.g. Horizontal/Lateral Movement, Brute Force Attacks, User + Account Hacking, Breached Passwords, Golden Tickets, and more) + - Privileged Account Authentications + +## Active Directory Event Types + +The following event types are available for Active Directory: + +- [Active Directory Changes Event Type](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/activedirectorychanges.md) +- [Active Directory Lockdown Event Type](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/activedirectorylockdown.md) +- [Active Directory Read Monitoring Event Type](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/activedirectoryreadmonitoring.md) +- [AD Replication Lockdown Event Type](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/adreplicationlockdown.md) +- [AD Replication Monitoring Event Type](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/adreplicationmonitoring.md) +- [Authentication Lockdown Event Type](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/authenticationlockdown.md) +- [Authentication Monitoring Event Type](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/authenticationmonitoring.md) +- [Effective Group Membership Event Type](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/effectivegroupmembership.md) +- [FSMO Role Monitoring Event Type](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/fsmorolemonitoring.md) +- [GPO Setting Changes Event Type](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/gposettingchanges.md) +- [GPO Setting Lockdown Event Type](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/gposettinglockdown.md) +- [LSASS Guardian – Monitor Event Type](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/lsassguardianmonitor.md) +- [LSASS Guardian – Protect Event Type](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/lsassguardianprotect.md) +- [Password Enforcement Event Type](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/passwordenforcement/passwordenforcement.md) diff --git a/docs/threatprevention/7.5/solutions/epe.md b/docs/threatprevention/7.5/overview/solutions/epe.md similarity index 91% rename from docs/threatprevention/7.5/solutions/epe.md rename to docs/threatprevention/7.5/overview/solutions/epe.md index 5a4b09b292..d0ab053d0c 100644 --- a/docs/threatprevention/7.5/solutions/epe.md +++ b/docs/threatprevention/7.5/overview/solutions/epe.md @@ -1,3 +1,9 @@ +--- +title: "Enterprise Password Enforcer" +description: "Enterprise Password Enforcer" +sidebar_position: 20 +--- + # Enterprise Password Enforcer @@ -11,7 +17,7 @@ An optional module, EPE User Feedback, is packaged with the zip file for Threat installation. It provides feedback to end users on the Windows login screen for why their pending password change was rejected. It lists the failed complexity requirements set up in the Password Rules policy (see the -[Password Rules Filter](/docs/threatprevention/7.5/admin/policies/eventtype/passwordenforcement.md#password-rules-filter) of +[Password Rules Filter](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/passwordenforcement/passwordenforcement.md#password-rules-filter) of the Password Enforcement event type). The user can use this information to create a new password that passes the complexity requirements of the organization. @@ -27,7 +33,7 @@ passwords. The following event type is available for Enterprise Password Enforcer: -- [Password Enforcement Event Type](/docs/threatprevention/7.5/admin/policies/eventtype/passwordenforcement.md) +- [Password Enforcement Event Type](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/passwordenforcement/passwordenforcement.md) ## Enforce Password Reset with Microsoft Entra ID Password Writeback diff --git a/docs/threatprevention/7.5/overview/solutions/exchange.md b/docs/threatprevention/7.5/overview/solutions/exchange.md new file mode 100644 index 0000000000..5cb08ea44f --- /dev/null +++ b/docs/threatprevention/7.5/overview/solutions/exchange.md @@ -0,0 +1,43 @@ +--- +title: "Exchange" +description: "Exchange" +sidebar_position: 30 +--- + +# Exchange + +Threat Prevention for Exchange provides increased security, regulatory compliance fulfillment, and +reduced risk of downtime by significantly enhancing Microsoft Exchange native security. + +- Threat Prevention for Exchange owners reduce outage risk caused by bad configuration changes and + achieve compliance through enhanced security and detailed auditing. +- For business owners, enhanced mailbox security capabilities ensure their most sensitive mailboxes + are protected against rogue administrator or compromised account access. + +Understand who accessed a mailbox and what occurred once in the mailbox. Was a sensitive email read, +modified, deleted, or forwarded? All are critical to achieving a compliant Exchange infrastructure. + +Some important events Threat Prevention captures are: + +- Non-Owner Mailbox Access Events +- Access Rights Changes + + - Mailbox + - Folder + +- Manipulated Attachments +- Message Item Level Auditing + + - Creation + - Deletion + - Modification + - Read + - Send/Forward + - Open + +## Exchange Event Types + +The following event types are available for Exchange: + +- [Exchange Changes Event Type](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/exchangechanges.md) +- [Exchange Lockdown Event Type](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/exchangelockdown.md) diff --git a/docs/threatprevention/7.5/overview/solutions/filesystem.md b/docs/threatprevention/7.5/overview/solutions/filesystem.md new file mode 100644 index 0000000000..4e48e74970 --- /dev/null +++ b/docs/threatprevention/7.5/overview/solutions/filesystem.md @@ -0,0 +1,43 @@ +--- +title: "File System" +description: "File System" +sidebar_position: 40 +--- + +# File System + +Threat Prevention for File System provides organizations with real-time visibility into and control +over changes and access activities occurring within Windows file systems. It also provides real-time +visibility into file access and change activities occurring on NAS devices. + +- Threat Prevention authoritatively records a complete audit trail of events for security, + compliance, and forensic investigation, and alerts on critical activities in real-time without + reliance on native logging facilities or impacting system performance. +- Threat Prevention also optionally blocks change and access events from occurring at the share, + folder, or file level on Windows file systems, enabling complete control over critical data + regardless of natively supplied access rights. + +Some important events Threat Prevention captures within a Windows file system are: + +- File Access Events (Create, Read, Write, Move, Copy, Delete, Rename) +- Permission Changes +- Attribute Changes +- Audit Changes +- Owner Changes +- Share Events (Add, Delete, Update, Permission Change) +- I/O Type Events (Native File System, Shadow Copy) + +Some important events Threat Prevention captures within a NAS file system are: + +- File Access Events (Create, Copy, Delete, Rename, Read, Update) +- Permission Changes + +**NOTE:** For NAS monitoring, Threat Prevention employs the Netwrix Activity Monitor component. + +## File System Event Types + +The following event types are available for File System: + +- [File System Changes Event Type](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/filesystemchanges/filesystemchanges.md) +- [File System Lockdown Event Type](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/filesystemlockdown.md) +- [File System Enterprise Auditor Event Type](/docs/threatprevention/7.5/admin/policies/eventtype/filesystemaccessanalyzer.md) diff --git a/docs/threatprevention/7.5/overview/solutions/ldap.md b/docs/threatprevention/7.5/overview/solutions/ldap.md new file mode 100644 index 0000000000..233e3594f7 --- /dev/null +++ b/docs/threatprevention/7.5/overview/solutions/ldap.md @@ -0,0 +1,25 @@ +--- +title: "LDAP" +description: "LDAP" +sidebar_position: 50 +--- + +# LDAP + +Threat Prevention for LDAP provides real-time monitoring of Active Directory LDAP queries without +any reliance on native logging. From individual objects to specific query requests or results, +Threat Prevention for LDAP produces a complete audit trail of specific queries executed against +Active Directory that could indicate potential security issues or operational inefficiencies. + +In addition to LDAP query activity monitoring, you can also use the LDAP Bind event type to generate +an event whenever a security principal connects (binds) to LDAP, which is a required step before +generating queries. Bind events include information about the user, source machine, and type of +security used for the session. + +## LDAP Event Types + +The following event types are available for LDAP: + +- [LDAP Lockdown Event Type](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/ldaplockdown.md) +- [LDAP Monitoring Event Type](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/ldapmonitoring/ldapmonitoring.md) +- [LDAP Bind Monitoring Event Type](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/ldapbindmonitoring.md) diff --git a/docs/threatprevention/7.5/overview/solutions/overview.md b/docs/threatprevention/7.5/overview/solutions/overview.md new file mode 100644 index 0000000000..495f20175e --- /dev/null +++ b/docs/threatprevention/7.5/overview/solutions/overview.md @@ -0,0 +1,58 @@ +--- +title: "Solutions" +description: "Solutions" +sidebar_position: 30 +--- + +# Solutions + +Threat Prevention offers the following pre-defined solutions for protecting your IT environment. The +solutions and associated licensed modules are: + +[Active Directory](/docs/threatprevention/7.5/overview/solutions/activedirectory.md) + +- Active Directory Changes + + - Includes AD Replication Monitoring + - Includes Authentication Monitoring + - Includes Effective Group Membership + - Includes LSASS Guardian –Monitor + +- Active Directory Lockdown + + - Includes AD Replication Lockdown + - Includes Authentication Lockdown + - Includes LSASS Guardian – Protect + +- Active Directory Read Monitoring +- FSMO Role Monitoring +- GPO Lockdown +- GPO Setting Changes + +[ Enterprise Password Enforcer](/docs/threatprevention/7.5/overview/solutions/epe.md) + +- Password Enforcement + +[Exchange](/docs/threatprevention/7.5/overview/solutions/exchange.md) + +- Exchange Events +- Exchange Lockdown + +[File System](/docs/threatprevention/7.5/overview/solutions/filesystem.md) + +- File System + + - Includes both Monitoring and Lockdown for Windows file system + - Includes Monitoring for supported NAS devices + - Includes Monitoring file system for integration with Access Analyzer + +[LDAP](/docs/threatprevention/7.5/overview/solutions/ldap.md) + +- LDAP Monitoring + + - Includes both Monitoring and Lockdown for LDAP events + - Includes Monitoring of user connections made to LDAP (Bind), which occur before queries are + submitted to LDAP + +In the Administration Console, all solutions use the same base software. The difference is in the +Policy Event Types available for use with different solutions. diff --git a/docs/threatprevention/7.5/overview/whatsnew.md b/docs/threatprevention/7.5/overview/whatsnew.md new file mode 100644 index 0000000000..26c40dcc75 --- /dev/null +++ b/docs/threatprevention/7.5/overview/whatsnew.md @@ -0,0 +1,13 @@ +--- +title: "What's New" +description: "What's New" +sidebar_position: 20 +--- + +# What's New + +## New Netwrix Community! + +All Netwrix product announcements have moved to the new Netwrix Community. See announcements for +Netwrix Threat Prevention in the [Threat Prevention](https://community.netwrix.com/c/160) area of +our new community. diff --git a/docs/threatprevention/7.5/reportingmodule/_category_.json b/docs/threatprevention/7.5/reportingmodule/_category_.json new file mode 100644 index 0000000000..4f47d94842 --- /dev/null +++ b/docs/threatprevention/7.5/reportingmodule/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Reporting Module", + "position": 70, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/threatprevention/7.5/reportingmodule/configuration/_category_.json b/docs/threatprevention/7.5/reportingmodule/configuration/_category_.json new file mode 100644 index 0000000000..5038644bb0 --- /dev/null +++ b/docs/threatprevention/7.5/reportingmodule/configuration/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Configuration Menu", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/threatprevention/7.5/reportingmodule/configuration/integrations/_category_.json b/docs/threatprevention/7.5/reportingmodule/configuration/integrations/_category_.json new file mode 100644 index 0000000000..5b114afdf2 --- /dev/null +++ b/docs/threatprevention/7.5/reportingmodule/configuration/integrations/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Integrations Interface", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/threatprevention/7.5/reportingmodule/configuration/integrations/activedirectorysync.md b/docs/threatprevention/7.5/reportingmodule/configuration/integrations/activedirectorysync.md index 6858f601d9..fad7cc9eea 100644 --- a/docs/threatprevention/7.5/reportingmodule/configuration/integrations/activedirectorysync.md +++ b/docs/threatprevention/7.5/reportingmodule/configuration/integrations/activedirectorysync.md @@ -1,3 +1,9 @@ +--- +title: "Active Directory Sync Page" +description: "Active Directory Sync Page" +sidebar_position: 10 +--- + # Active Directory Sync Page The Active Directory Sync page within the Integrations interface lists the domains that are synced diff --git a/docs/threatprevention/7.5/reportingmodule/configuration/integrations/authenticationprovider/openid.md b/docs/threatprevention/7.5/reportingmodule/configuration/integrations/authenticationprovider/openid.md deleted file mode 100644 index 642026b80b..0000000000 --- a/docs/threatprevention/7.5/reportingmodule/configuration/integrations/authenticationprovider/openid.md +++ /dev/null @@ -1,76 +0,0 @@ -# OpenID Authentication Provider - -OpenID is an open standard for authentication that allows users to log into multiple websites using -a single set of credentials, eliminating the need for multiple usernames and passwords. Unlike -traditional authentication methods, OpenID delegates authentication to a third-party provider, -allowing users to authenticate with their chosen identity provider. - -Once you have added an authentication provider, as discussed in the -[Add an Authentication Provider](/docs/threatprevention/7.5/reportingmodule/configuration/integrations/authenticationprovider/page.md#add-an-authentication-provider)topic, the next step is to -configure the provider for use with a supported authentication provider type, i.e., OpenID, RADIUS, -or SAML. - -Use the gear icon in the upper right corner of the console to open the Configuration menu. Then -select **Integrations** to open the Integrations interface. - -On the Integrations interface, select an authentication provider under the Authentication Provider -node in the navigation pane or from the table to configure, view, or modify its details. - -![Integrations interface displaying the details for an OpenID authneication provider](/img/product_docs/threatprevention/7.5/reportingmodule/configuration/integrations/authenticationprovider/openid.webp) - -The details page for an OpenID authentication provider has two tabs: - -- Configuration -- Users/Groups - -## Configuration Tab - -Configure the following settings for an OpenID provider on the Configuration tab: - -![Configuration tab for an OpenID authneication provider](/img/product_docs/threatprevention/7.5/reportingmodule/configuration/integrations/authenticationprovider/configurationopenid.webp) - -- Default – The default profile applied when a user is assigned multiple authentication profiles. - When off, the profile will be determined in alphabetical order of the profile name. Toggle off and - on as desired. -- Authority – The OpenId Connect provider authority URI. Out-going redirection requires the correct - Authority path to be set. Incorrect settings will generally result in a 404 error. -- Client Id – The ID assigned to an application that allows it to request authentication and - interact with the identity provider -- Login Type – The login type to use to log into the account. Use the drop-down menu to select one - of the following: Sam Account Name, User Principal Name, Email Address, or Sid -- User Source – The source type to use to validate the user from the token. Use the drop-down menu - to select one of the following: Introspection, User Info, Token Parse, or Id Token Parse -- User Source Field – The field in the token to use for validating the user - -Click Save to commit the configuration settings. - -## Users/Groups Tab - -The Users/Groups tab displays users and groups that are currently assigned to this authentication -profile. To give access to the application to new users, click the New Access button, which opens -the Add Console Access window. To assign this authentication provider to existing users, go to -System Settings > User Access Page. - -![UserGroups tab for an authneication provider](/img/product_docs/threatprevention/7.5/reportingmodule/configuration/integrations/authenticationprovider/usersgroupstab.webp) - -The table displays the following information: - -- Access rule type – Indicates the access type as _Allow_, which enables console access, or _Deny_, - which disables console access -- Login name – The NTStyle domain name for the user or group account -- Display name – The display name for the user or group account -- Domain name – Name of the domain. This may be either the domain DNS name or domain controller - hostname. -- Role – The role assigned to the user or group for accessing this application -- Authentication Type – Type of MFA authentication assigned to the user or group -- Action – This column has the following icons for conducting actions on the user or group: - - - Edit icon – Allows you to edit the columns in the selected row by enabling drop-down menus. - The edit icon changes to a save icon while in edit mode. - - Trash icon – Opens a Warning window to confirm the action of deleting the user or group. - Removing a user or group removes console access for it. - - Reset MFA button – Forces the user or every user in the group to reconfigure MFA on the next - login. This option is only available if an MFA authentication type is applied to the user or - group. - -See the [User Access Page](/docs/threatprevention/7.5/reportingmodule/configuration/systemsettings/useraccess.md) topic for additional information. diff --git a/docs/threatprevention/7.5/reportingmodule/configuration/integrations/authenticationprovider/page.md b/docs/threatprevention/7.5/reportingmodule/configuration/integrations/authenticationprovider/page.md deleted file mode 100644 index 45ca49049c..0000000000 --- a/docs/threatprevention/7.5/reportingmodule/configuration/integrations/authenticationprovider/page.md +++ /dev/null @@ -1,49 +0,0 @@ -# Authentication Provider Page - -The Authentication Provider page provides configuration settings for third-party authentication -providers using RADIUS, OpenID, and SAML integrations. - -Use the gear icon in the upper right corner of the console to open the Configuration menu. Then -select **Integrations** to open the Integrations interface. - -![Integrations interface on the Authentication Provider page](/img/product_docs/threatprevention/7.5/reportingmodule/configuration/integrations/authenticationprovider/page.webp) - -Click **Authentication Provider** in the navigation pane to view a list of already configured -authentication providers, if any. - -The table displays the provider name, as supplied during configuration, and an icon indicating if -the integration is enabled. To view provider details or make modifications, select a provider from -the table or select it from the Credential Profile drop-down in the navigation pane. - -## Add an Authentication Provider - -Follow the steps to add an authentication provider. - -**Step 1 –** On the Integrations interface, click Add New Integration in the navigation pane. The -Add New Integration window opens. - -![Add New Integration window with Authentication Provider type selected](/img/product_docs/threatprevention/7.5/reportingmodule/configuration/integrations/authenticationprovider/authenticationprovider.webp) - -**Step 2 –** In the Type drop-down list, select Authentication Provider. - -**Step 3 –** Provide a unique name and description for the authentication provider. - -**Step 4 –** Click Add. The Add New Integration window closes. - -The authentication provider is listed in the Integrations navigation pane and the configuration -window for the provider opens. You must configure the provider for use with a supported -authentication provider type, i.e., OpenID, RADIUS, or SAML. - -## Supported Types of Authentication Providers - -On the Integrations interface, select an authentication provider under the Authentication Provider -node in the navigation pane or from the table to configure, view, or modify its details. - -![Integrations interface displaying the details for an Authentication Provider with the type drop-down menu open](/img/product_docs/threatprevention/7.5/reportingmodule/configuration/integrations/authenticationprovider/type.webp) - -The following authentication provider types are supported; you can configure an authentication -provider for any of these: - -- RADIUS – See the [RADIUS Authentication Provider](/docs/threatprevention/7.5/reportingmodule/configuration/integrations/authenticationprovider/radius.md) topic for additional information. -- OpenID – See the [OpenID Authentication Provider](/docs/threatprevention/7.5/reportingmodule/configuration/integrations/authenticationprovider/openid.md) topic for additional information. -- SAML – See the [SAML Authentication Provider](/docs/threatprevention/7.5/reportingmodule/configuration/integrations/authenticationprovider/saml.md) topic for additional information. diff --git a/docs/threatprevention/7.5/reportingmodule/configuration/integrations/authenticationprovider/radius.md b/docs/threatprevention/7.5/reportingmodule/configuration/integrations/authenticationprovider/radius.md deleted file mode 100644 index fae9a4a889..0000000000 --- a/docs/threatprevention/7.5/reportingmodule/configuration/integrations/authenticationprovider/radius.md +++ /dev/null @@ -1,125 +0,0 @@ -# RADIUS Authentication Provider - -The Remote Authentication Dial-In User Service (RADIUS) is a networking protocol that provides -centralized authentication, authorization, and accounting management for users connecting to a -network service. - -Once you have added an authentication provider, as discussed in the -[Add an Authentication Provider](/docs/threatprevention/7.5/reportingmodule/configuration/integrations/authenticationprovider/page.md#add-an-authentication-provider)topic, the next step is to -configure the provider for use with a supported authentication provider type, i.e., OpenID, RADIUS, -or SAML. - -Use the gear icon in the upper right corner of the console to open the Configuration menu. Then -select **Integrations** to open the Integrations interface. - -On the Integrations interface, select an authentication provider under the Authentication Provider -node in the navigation pane or from the table to configure, view, or modify its details. - -![Integrations interface displaying the details for a Radius authneication provider](/img/product_docs/threatprevention/7.5/reportingmodule/configuration/integrations/authenticationprovider/radius.webp) - -The details page for a RADIUS authentication provider has three tabs: - -- Configuration -- Customization -- Users/Groups - -## Configuration Tab - -Configure the following settings for a RADIUS provider on the Configuration tab: - -![Configuration tab for a RADIUS authneication provider](/img/product_docs/threatprevention/7.5/reportingmodule/configuration/integrations/authenticationprovider/configurationradius.webp) - -- Default – The default profile applied when a user is assigned multiple authentication profiles. - When off, the profile will be determined in alphabetical order of the profile name. Toggle off and - on as desired. -- Server FQDN/IP – The address of the RADIUS proxy -- Port – The port for the RADIUS proxy -- Auth Type – The security protocol used by the RADIUS proxy. Use the drop-down menu to select - either MSCHAPv2 or PAP. -- Shared Secret – A secret shared between the application server and the RADIUS proxy -- User Name Format Type – Active Directory attribute or attributes that will be sent to the RADIUS - authentication provider to identify the user. Some common identification attributes are available - in the drop-down list. If necessary, a custom option is also provided. This option instructs the - application to send a custom value to the RADIUS provider based on the user's Active Directory - attribute, supplied in the Custom Name Format field. -- Custom Name Format – This field appears when the Custom User Name Format Type is selected. It has - a unique syntax as follows: - - - Active Directory Attribute: `{attributename}` - - - Example – `{firstname}_{lastname}` - - - First Character(s) of an Active Directory Attribute: `{3:AttributeName}` – Where "3" is the - number of characters to select - - - Example – `{1:firstname}_{lastname}` - - - Last Character(s) of an Active Directory Attribute: `{AttributeName:3}` – Where "3" is the - number of characters to select - - - Example – `{firstname}_{telephoneNumber:4}` - - - Text values can be hard coded to send a static text value for each user: - - - Example – `MyCompany_{lastname}` - -- Max Retries – The maximum number of times to attempt reconnecting to the RADIUS proxy if unable to - connect -- Timeouts (in seconds) – The default timeout value for RADIUS connection and authentication - requests. The default value is 60 seconds. - -Click Save to commit the configuration settings. - -## Customization Tab - -The Customization tab is unique to RADIUS authentication providers. It contains the following -settings that need to be configured: - -![Customization tab for a Radius authneication provider](/img/product_docs/threatprevention/7.5/reportingmodule/configuration/integrations/authenticationprovider/customizationtab.webp) - -- Title for MFA Authentication dialog – The title that is displayed to the user when prompted for - MFA -- Text for MFA Authentication dialog – The text description that is displayed to the user when - prompted for MFA -- Send Initial Text – If On, the value in the Initial Auto Response Text is automatically sent to - the RADIUS proxy without user action. Toggle On or Off as desired. -- Initial Auto Response Text – This value is sent to the RADIUS server automatically if the Send - Initial Text option is enabled. For example, this might be “push” to immediately have the user’s - phone app prompt for authorization. -- Prefix for Response Text – This value is added to the start of the responses. The value will vary - according to server. -- Send NAS Identifier – When On, NAS identifiers are transmitted to the RADIUS proxy. This is needed - for certain RADIUS proxy implementations that require it. Toggle On or Off as desired. - -Click Save to save the configuration settings. - -### Users/Groups Tab - -The Users/Groups tab displays users and groups that are currently assigned to this authentication -profile. To give access to the application to new users, click the New Access button, which opens -the Add Console Access window. To assign this authentication provider to existing users, go to -System Settings > User Access Page. - -![UserGroups tab for an authneication provider](/img/product_docs/threatprevention/7.5/reportingmodule/configuration/integrations/authenticationprovider/usersgroupstab.webp) - -The table displays the following information: - -- Access rule type – Indicates the access type as _Allow_, which enables console access, or _Deny_, - which disables console access -- Login name – The NTStyle domain name for the user or group account -- Display name – The display name for the user or group account -- Domain name – Name of the domain. This may be either the domain DNS name or domain controller - hostname. -- Role – The role assigned to the user or group for accessing this application -- Authentication Type – Type of MFA authentication assigned to the user or group -- Action – This column has the following icons for conducting actions on the user or group: - - - Edit icon – Allows you to edit the columns in the selected row by enabling drop-down menus. - The edit icon changes to a save icon while in edit mode. - - Trash icon – Opens a Warning window to confirm the action of deleting the user or group. - Removing a user or group removes console access for it. - - Reset MFA button – Forces the user or every user in the group to reconfigure MFA on the next - login. This option is only available if an MFA authentication type is applied to the user or - group. - -See the [User Access Page](/docs/threatprevention/7.5/reportingmodule/configuration/systemsettings/useraccess.md) topic for additional information. diff --git a/docs/threatprevention/7.5/reportingmodule/configuration/integrations/authenticationprovider/saml.md b/docs/threatprevention/7.5/reportingmodule/configuration/integrations/authenticationprovider/saml.md deleted file mode 100644 index 0351dcfc6d..0000000000 --- a/docs/threatprevention/7.5/reportingmodule/configuration/integrations/authenticationprovider/saml.md +++ /dev/null @@ -1,85 +0,0 @@ -# SAML Authentication Provider - -The Security Assertion Markup Language (SAML) is an XML framework for exchanging authentication and -authorization information. It provides functions to describe and transmit security-related -information. This means that you can use one set of credentials to log in to many different -websites. It is much easier to manage one login per user than separate logins for email, Customer -Relationship Management (CRM) software, Active Directory, and more. - -Once you have added an authentication provider, as discussed in the -[Add an Authentication Provider](/docs/threatprevention/7.5/reportingmodule/configuration/integrations/authenticationprovider/page.md#add-an-authentication-provider)topic, the next step is to -configure the provider for use with a supported authentication provider type, i.e., OpenID, RADIUS, -or SAML. - -Use the gear icon in the upper right corner of the console to open the Configuration menu. Then -select **Integrations** to open the Integrations interface. - -On the Integrations interface, select an authentication provider under the Authentication Provider -node in the navigation pane or from the table to configure, view, or modify its details. - -![Integrations interface displaying the details for a SAML authneication provider](/img/product_docs/threatprevention/7.5/reportingmodule/configuration/integrations/authenticationprovider/saml.webp) - -The details page for a SAML authentication provider has two tabs: - -- Configuration -- Users/Groups - -Prerequisites - -For users to be able to use SAML, "SMTP" must be set up and an email address must be stored with the -respective users. - -## Configuration Tab - -Configure the following settings for a SAML provider on the Configuration tab: - -![Configuration tab for a SAML authneication provider](/img/product_docs/threatprevention/7.5/reportingmodule/configuration/integrations/authenticationprovider/configurationsaml.webp) - -- Default – The default profile applied when a user is assigned multiple authentication profiles. - When off, the profile will be determined in alphabetical order of the profile name. Toggle off and - on as desired. -- Login URI – Login URI is a specific web address where users can authenticate themselves to access - a web application or service -- Logout Uri – A logout URI is a specific web address where users are directed to terminate their - authenticated session in a web application or service -- Login Type – The login type to use to log into the account. Use the drop-down menu to select one - of the following: Sam Account Name, User Principal Name, Email Address, or Sid -- User Claim – A user claim is an assertion made by the identity provider about a user, such as - their name, role, or email, that the service provider can use for authorization decisions -- Check Certificate – If enabled, this validates the response certificate to the certificate - provided in the Certificate field. Use the toggle button to enable and disable this setting. -- Certificate – A certificate is a digital credential used to validate the identity of parties and - secure communications between an Identity Provider (IdP) and a Service Provider (SP) - -Click Save to commit the configuration settings. - -## Users/Groups Tab - -The Users/Groups tab displays users and groups that are currently assigned to this authentication -profile. To give access to the application to new users, click the New Access button, which opens -the Add Console Access window. To assign this authentication provider to existing users, go to -System Settings > User Access Page. - -![UserGroups tab for an authneication provider](/img/product_docs/threatprevention/7.5/reportingmodule/configuration/integrations/authenticationprovider/usersgroupstab.webp) - -The table displays the following information: - -- Access rule type – Indicates the access type as _Allow_, which enables console access, or _Deny_, - which disables console access -- Login name – The NTStyle domain name for the user or group account -- Display name – The display name for the user or group account -- Domain name – Name of the domain. This may be either the domain DNS name or domain controller - hostname. -- Role – The role assigned to the user or group for accessing this application -- Authentication Type – Type of MFA authentication assigned to the user or group -- Action – This column has the following icons for conducting actions on the user or group: - - - Edit icon – Allows you to edit the columns in the selected row by enabling drop-down menus. - The edit icon changes to a save icon while in edit mode. - - Trash icon – Opens a Warning window to confirm the action of deleting the user or group. - Removing a user or group removes console access for it. - - Reset MFA button – Forces the user or every user in the group to reconfigure MFA on the next - login. This option is only available if an MFA authentication type is applied to the user or - group. - -See the [User Access Page](/docs/threatprevention/7.5/reportingmodule/configuration/systemsettings/useraccess.md) topic for additional information. diff --git a/docs/threatprevention/7.5/reportingmodule/configuration/integrations/credentialprofile.md b/docs/threatprevention/7.5/reportingmodule/configuration/integrations/credentialprofile.md index 03c7ae18a4..47c728de7c 100644 --- a/docs/threatprevention/7.5/reportingmodule/configuration/integrations/credentialprofile.md +++ b/docs/threatprevention/7.5/reportingmodule/configuration/integrations/credentialprofile.md @@ -1,3 +1,9 @@ +--- +title: "Credential Profile Page" +description: "Credential Profile Page" +sidebar_position: 30 +--- + # Credential Profile Page The Credential Profile page within the Integrations interface lists all of the credentials used by diff --git a/docs/threatprevention/7.5/reportingmodule/configuration/integrations/email.md b/docs/threatprevention/7.5/reportingmodule/configuration/integrations/email.md index c9cd7b7861..a88cea7a79 100644 --- a/docs/threatprevention/7.5/reportingmodule/configuration/integrations/email.md +++ b/docs/threatprevention/7.5/reportingmodule/configuration/integrations/email.md @@ -1,3 +1,9 @@ +--- +title: "Email Page" +description: "Email Page" +sidebar_position: 40 +--- + # Email Page The Email page within the Integrations interface allows users to configure the application to send diff --git a/docs/threatprevention/7.5/reportingmodule/configuration/integrations/foldersettings.md b/docs/threatprevention/7.5/reportingmodule/configuration/integrations/foldersettings.md index a5c7686dee..d1ca1203ad 100644 --- a/docs/threatprevention/7.5/reportingmodule/configuration/integrations/foldersettings.md +++ b/docs/threatprevention/7.5/reportingmodule/configuration/integrations/foldersettings.md @@ -1,3 +1,9 @@ +--- +title: "Folder Settings Page" +description: "Folder Settings Page" +sidebar_position: 50 +--- + # Folder Settings Page The Folder Settings page within the Integrations interface allows users to designate the diff --git a/docs/threatprevention/7.5/reportingmodule/configuration/integrations/netwrixintegrations.md b/docs/threatprevention/7.5/reportingmodule/configuration/integrations/netwrixintegrations.md index 88fbb5822e..3606dcc29e 100644 --- a/docs/threatprevention/7.5/reportingmodule/configuration/integrations/netwrixintegrations.md +++ b/docs/threatprevention/7.5/reportingmodule/configuration/integrations/netwrixintegrations.md @@ -1,3 +1,9 @@ +--- +title: "Netwrix Integrations Page" +description: "Netwrix Integrations Page" +sidebar_position: 60 +--- + # Netwrix Integrations Page The Netwrix Integrations page within the Integrations interface lists the products for which the diff --git a/docs/threatprevention/7.5/reportingmodule/configuration/integrations/overview.md b/docs/threatprevention/7.5/reportingmodule/configuration/integrations/overview.md index cab0628e7e..9168889db2 100644 --- a/docs/threatprevention/7.5/reportingmodule/configuration/integrations/overview.md +++ b/docs/threatprevention/7.5/reportingmodule/configuration/integrations/overview.md @@ -1,3 +1,9 @@ +--- +title: "Integrations Interface" +description: "Integrations Interface" +sidebar_position: 10 +--- + # Integrations Interface The Integrations interface allows you to configure integrations with a variety of Netwrix products @@ -11,7 +17,7 @@ select **Integrations** to open the Integrations interface. It contains the following integration pages: - [Active Directory Sync Page](/docs/threatprevention/7.5/reportingmodule/configuration/integrations/activedirectorysync.md) -- [Authentication Provider Page](/docs/threatprevention/7.5/reportingmodule/configuration/integrations/authenticationprovider/page.md) +- [Authentication Provider Page](/docs/threatprevention/7.5/reportingmodule/configuration/integrations/page/page.md) - [Credential Profile Page](/docs/threatprevention/7.5/reportingmodule/configuration/integrations/credentialprofile.md) - [Email Page](/docs/threatprevention/7.5/reportingmodule/configuration/integrations/email.md) - [Folder Settings Page](/docs/threatprevention/7.5/reportingmodule/configuration/integrations/foldersettings.md) diff --git a/docs/threatprevention/7.5/reportingmodule/configuration/integrations/page/_category_.json b/docs/threatprevention/7.5/reportingmodule/configuration/integrations/page/_category_.json new file mode 100644 index 0000000000..caf608101a --- /dev/null +++ b/docs/threatprevention/7.5/reportingmodule/configuration/integrations/page/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Authentication Provider Page", + "position": 20, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "page" + } +} \ No newline at end of file diff --git a/docs/threatprevention/7.5/reportingmodule/configuration/integrations/page/openid.md b/docs/threatprevention/7.5/reportingmodule/configuration/integrations/page/openid.md new file mode 100644 index 0000000000..8458f7dbf9 --- /dev/null +++ b/docs/threatprevention/7.5/reportingmodule/configuration/integrations/page/openid.md @@ -0,0 +1,82 @@ +--- +title: "OpenID Authentication Provider" +description: "OpenID Authentication Provider" +sidebar_position: 20 +--- + +# OpenID Authentication Provider + +OpenID is an open standard for authentication that allows users to log into multiple websites using +a single set of credentials, eliminating the need for multiple usernames and passwords. Unlike +traditional authentication methods, OpenID delegates authentication to a third-party provider, +allowing users to authenticate with their chosen identity provider. + +Once you have added an authentication provider, as discussed in the +[Add an Authentication Provider](/docs/threatprevention/7.5/reportingmodule/configuration/integrations/page/page.md#add-an-authentication-provider)topic, the next step is to +configure the provider for use with a supported authentication provider type, i.e., OpenID, RADIUS, +or SAML. + +Use the gear icon in the upper right corner of the console to open the Configuration menu. Then +select **Integrations** to open the Integrations interface. + +On the Integrations interface, select an authentication provider under the Authentication Provider +node in the navigation pane or from the table to configure, view, or modify its details. + +![Integrations interface displaying the details for an OpenID authneication provider](/img/product_docs/threatprevention/7.5/reportingmodule/configuration/integrations/authenticationprovider/openid.webp) + +The details page for an OpenID authentication provider has two tabs: + +- Configuration +- Users/Groups + +## Configuration Tab + +Configure the following settings for an OpenID provider on the Configuration tab: + +![Configuration tab for an OpenID authneication provider](/img/product_docs/threatprevention/7.5/reportingmodule/configuration/integrations/authenticationprovider/configurationopenid.webp) + +- Default – The default profile applied when a user is assigned multiple authentication profiles. + When off, the profile will be determined in alphabetical order of the profile name. Toggle off and + on as desired. +- Authority – The OpenId Connect provider authority URI. Out-going redirection requires the correct + Authority path to be set. Incorrect settings will generally result in a 404 error. +- Client Id – The ID assigned to an application that allows it to request authentication and + interact with the identity provider +- Login Type – The login type to use to log into the account. Use the drop-down menu to select one + of the following: Sam Account Name, User Principal Name, Email Address, or Sid +- User Source – The source type to use to validate the user from the token. Use the drop-down menu + to select one of the following: Introspection, User Info, Token Parse, or Id Token Parse +- User Source Field – The field in the token to use for validating the user + +Click Save to commit the configuration settings. + +## Users/Groups Tab + +The Users/Groups tab displays users and groups that are currently assigned to this authentication +profile. To give access to the application to new users, click the New Access button, which opens +the Add Console Access window. To assign this authentication provider to existing users, go to +System Settings > User Access Page. + +![UserGroups tab for an authneication provider](/img/product_docs/threatprevention/7.5/reportingmodule/configuration/integrations/authenticationprovider/usersgroupstab.webp) + +The table displays the following information: + +- Access rule type – Indicates the access type as _Allow_, which enables console access, or _Deny_, + which disables console access +- Login name – The NTStyle domain name for the user or group account +- Display name – The display name for the user or group account +- Domain name – Name of the domain. This may be either the domain DNS name or domain controller + hostname. +- Role – The role assigned to the user or group for accessing this application +- Authentication Type – Type of MFA authentication assigned to the user or group +- Action – This column has the following icons for conducting actions on the user or group: + + - Edit icon – Allows you to edit the columns in the selected row by enabling drop-down menus. + The edit icon changes to a save icon while in edit mode. + - Trash icon – Opens a Warning window to confirm the action of deleting the user or group. + Removing a user or group removes console access for it. + - Reset MFA button – Forces the user or every user in the group to reconfigure MFA on the next + login. This option is only available if an MFA authentication type is applied to the user or + group. + +See the [User Access Page](/docs/threatprevention/7.5/reportingmodule/configuration/interface/useraccess.md) topic for additional information. diff --git a/docs/threatprevention/7.5/reportingmodule/configuration/integrations/page/page.md b/docs/threatprevention/7.5/reportingmodule/configuration/integrations/page/page.md new file mode 100644 index 0000000000..9239c39771 --- /dev/null +++ b/docs/threatprevention/7.5/reportingmodule/configuration/integrations/page/page.md @@ -0,0 +1,55 @@ +--- +title: "Authentication Provider Page" +description: "Authentication Provider Page" +sidebar_position: 20 +--- + +# Authentication Provider Page + +The Authentication Provider page provides configuration settings for third-party authentication +providers using RADIUS, OpenID, and SAML integrations. + +Use the gear icon in the upper right corner of the console to open the Configuration menu. Then +select **Integrations** to open the Integrations interface. + +![Integrations interface on the Authentication Provider page](/img/product_docs/threatprevention/7.5/reportingmodule/configuration/integrations/authenticationprovider/page.webp) + +Click **Authentication Provider** in the navigation pane to view a list of already configured +authentication providers, if any. + +The table displays the provider name, as supplied during configuration, and an icon indicating if +the integration is enabled. To view provider details or make modifications, select a provider from +the table or select it from the Credential Profile drop-down in the navigation pane. + +## Add an Authentication Provider + +Follow the steps to add an authentication provider. + +**Step 1 –** On the Integrations interface, click Add New Integration in the navigation pane. The +Add New Integration window opens. + +![Add New Integration window with Authentication Provider type selected](/img/product_docs/threatprevention/7.5/reportingmodule/configuration/integrations/authenticationprovider/authenticationprovider.webp) + +**Step 2 –** In the Type drop-down list, select Authentication Provider. + +**Step 3 –** Provide a unique name and description for the authentication provider. + +**Step 4 –** Click Add. The Add New Integration window closes. + +The authentication provider is listed in the Integrations navigation pane and the configuration +window for the provider opens. You must configure the provider for use with a supported +authentication provider type, i.e., OpenID, RADIUS, or SAML. + +## Supported Types of Authentication Providers + +On the Integrations interface, select an authentication provider under the Authentication Provider +node in the navigation pane or from the table to configure, view, or modify its details. + +![Integrations interface displaying the details for an Authentication Provider with the type drop-down menu open](/img/product_docs/threatprevention/7.5/reportingmodule/configuration/integrations/authenticationprovider/type.webp) + +The following authentication provider types are supported; you can configure an authentication +provider for any of these: + +- RADIUS – See the [RADIUS Authentication Provider](/docs/threatprevention/7.5/reportingmodule/configuration/integrations/page/radius.md) topic for additional information. +- OpenID – See the [OpenID Authentication Provider](/docs/threatprevention/7.5/reportingmodule/configuration/integrations/page/openid.md) topic for additional information. +- SAML – See the [SAML Authentication Provider](/docs/threatprevention/7.5/reportingmodule/configuration/integrations/page/saml.md) topic for additional information. diff --git a/docs/threatprevention/7.5/reportingmodule/configuration/integrations/page/radius.md b/docs/threatprevention/7.5/reportingmodule/configuration/integrations/page/radius.md new file mode 100644 index 0000000000..5d432fedf2 --- /dev/null +++ b/docs/threatprevention/7.5/reportingmodule/configuration/integrations/page/radius.md @@ -0,0 +1,131 @@ +--- +title: "RADIUS Authentication Provider" +description: "RADIUS Authentication Provider" +sidebar_position: 10 +--- + +# RADIUS Authentication Provider + +The Remote Authentication Dial-In User Service (RADIUS) is a networking protocol that provides +centralized authentication, authorization, and accounting management for users connecting to a +network service. + +Once you have added an authentication provider, as discussed in the +[Add an Authentication Provider](/docs/threatprevention/7.5/reportingmodule/configuration/integrations/page/page.md#add-an-authentication-provider)topic, the next step is to +configure the provider for use with a supported authentication provider type, i.e., OpenID, RADIUS, +or SAML. + +Use the gear icon in the upper right corner of the console to open the Configuration menu. Then +select **Integrations** to open the Integrations interface. + +On the Integrations interface, select an authentication provider under the Authentication Provider +node in the navigation pane or from the table to configure, view, or modify its details. + +![Integrations interface displaying the details for a Radius authneication provider](/img/product_docs/threatprevention/7.5/reportingmodule/configuration/integrations/authenticationprovider/radius.webp) + +The details page for a RADIUS authentication provider has three tabs: + +- Configuration +- Customization +- Users/Groups + +## Configuration Tab + +Configure the following settings for a RADIUS provider on the Configuration tab: + +![Configuration tab for a RADIUS authneication provider](/img/product_docs/threatprevention/7.5/reportingmodule/configuration/integrations/authenticationprovider/configurationradius.webp) + +- Default – The default profile applied when a user is assigned multiple authentication profiles. + When off, the profile will be determined in alphabetical order of the profile name. Toggle off and + on as desired. +- Server FQDN/IP – The address of the RADIUS proxy +- Port – The port for the RADIUS proxy +- Auth Type – The security protocol used by the RADIUS proxy. Use the drop-down menu to select + either MSCHAPv2 or PAP. +- Shared Secret – A secret shared between the application server and the RADIUS proxy +- User Name Format Type – Active Directory attribute or attributes that will be sent to the RADIUS + authentication provider to identify the user. Some common identification attributes are available + in the drop-down list. If necessary, a custom option is also provided. This option instructs the + application to send a custom value to the RADIUS provider based on the user's Active Directory + attribute, supplied in the Custom Name Format field. +- Custom Name Format – This field appears when the Custom User Name Format Type is selected. It has + a unique syntax as follows: + + - Active Directory Attribute: `{attributename}` + + - Example – `{firstname}_{lastname}` + + - First Character(s) of an Active Directory Attribute: `{3:AttributeName}` – Where "3" is the + number of characters to select + + - Example – `{1:firstname}_{lastname}` + + - Last Character(s) of an Active Directory Attribute: `{AttributeName:3}` – Where "3" is the + number of characters to select + + - Example – `{firstname}_{telephoneNumber:4}` + + - Text values can be hard coded to send a static text value for each user: + + - Example – `MyCompany_{lastname}` + +- Max Retries – The maximum number of times to attempt reconnecting to the RADIUS proxy if unable to + connect +- Timeouts (in seconds) – The default timeout value for RADIUS connection and authentication + requests. The default value is 60 seconds. + +Click Save to commit the configuration settings. + +## Customization Tab + +The Customization tab is unique to RADIUS authentication providers. It contains the following +settings that need to be configured: + +![Customization tab for a Radius authneication provider](/img/product_docs/threatprevention/7.5/reportingmodule/configuration/integrations/authenticationprovider/customizationtab.webp) + +- Title for MFA Authentication dialog – The title that is displayed to the user when prompted for + MFA +- Text for MFA Authentication dialog – The text description that is displayed to the user when + prompted for MFA +- Send Initial Text – If On, the value in the Initial Auto Response Text is automatically sent to + the RADIUS proxy without user action. Toggle On or Off as desired. +- Initial Auto Response Text – This value is sent to the RADIUS server automatically if the Send + Initial Text option is enabled. For example, this might be “push” to immediately have the user’s + phone app prompt for authorization. +- Prefix for Response Text – This value is added to the start of the responses. The value will vary + according to server. +- Send NAS Identifier – When On, NAS identifiers are transmitted to the RADIUS proxy. This is needed + for certain RADIUS proxy implementations that require it. Toggle On or Off as desired. + +Click Save to save the configuration settings. + +### Users/Groups Tab + +The Users/Groups tab displays users and groups that are currently assigned to this authentication +profile. To give access to the application to new users, click the New Access button, which opens +the Add Console Access window. To assign this authentication provider to existing users, go to +System Settings > User Access Page. + +![UserGroups tab for an authneication provider](/img/product_docs/threatprevention/7.5/reportingmodule/configuration/integrations/authenticationprovider/usersgroupstab.webp) + +The table displays the following information: + +- Access rule type – Indicates the access type as _Allow_, which enables console access, or _Deny_, + which disables console access +- Login name – The NTStyle domain name for the user or group account +- Display name – The display name for the user or group account +- Domain name – Name of the domain. This may be either the domain DNS name or domain controller + hostname. +- Role – The role assigned to the user or group for accessing this application +- Authentication Type – Type of MFA authentication assigned to the user or group +- Action – This column has the following icons for conducting actions on the user or group: + + - Edit icon – Allows you to edit the columns in the selected row by enabling drop-down menus. + The edit icon changes to a save icon while in edit mode. + - Trash icon – Opens a Warning window to confirm the action of deleting the user or group. + Removing a user or group removes console access for it. + - Reset MFA button – Forces the user or every user in the group to reconfigure MFA on the next + login. This option is only available if an MFA authentication type is applied to the user or + group. + +See the [User Access Page](/docs/threatprevention/7.5/reportingmodule/configuration/interface/useraccess.md) topic for additional information. diff --git a/docs/threatprevention/7.5/reportingmodule/configuration/integrations/page/saml.md b/docs/threatprevention/7.5/reportingmodule/configuration/integrations/page/saml.md new file mode 100644 index 0000000000..ca72a1f569 --- /dev/null +++ b/docs/threatprevention/7.5/reportingmodule/configuration/integrations/page/saml.md @@ -0,0 +1,91 @@ +--- +title: "SAML Authentication Provider" +description: "SAML Authentication Provider" +sidebar_position: 30 +--- + +# SAML Authentication Provider + +The Security Assertion Markup Language (SAML) is an XML framework for exchanging authentication and +authorization information. It provides functions to describe and transmit security-related +information. This means that you can use one set of credentials to log in to many different +websites. It is much easier to manage one login per user than separate logins for email, Customer +Relationship Management (CRM) software, Active Directory, and more. + +Once you have added an authentication provider, as discussed in the +[Add an Authentication Provider](/docs/threatprevention/7.5/reportingmodule/configuration/integrations/page/page.md#add-an-authentication-provider)topic, the next step is to +configure the provider for use with a supported authentication provider type, i.e., OpenID, RADIUS, +or SAML. + +Use the gear icon in the upper right corner of the console to open the Configuration menu. Then +select **Integrations** to open the Integrations interface. + +On the Integrations interface, select an authentication provider under the Authentication Provider +node in the navigation pane or from the table to configure, view, or modify its details. + +![Integrations interface displaying the details for a SAML authneication provider](/img/product_docs/threatprevention/7.5/reportingmodule/configuration/integrations/authenticationprovider/saml.webp) + +The details page for a SAML authentication provider has two tabs: + +- Configuration +- Users/Groups + +Prerequisites + +For users to be able to use SAML, "SMTP" must be set up and an email address must be stored with the +respective users. + +## Configuration Tab + +Configure the following settings for a SAML provider on the Configuration tab: + +![Configuration tab for a SAML authneication provider](/img/product_docs/threatprevention/7.5/reportingmodule/configuration/integrations/authenticationprovider/configurationsaml.webp) + +- Default – The default profile applied when a user is assigned multiple authentication profiles. + When off, the profile will be determined in alphabetical order of the profile name. Toggle off and + on as desired. +- Login URI – Login URI is a specific web address where users can authenticate themselves to access + a web application or service +- Logout Uri – A logout URI is a specific web address where users are directed to terminate their + authenticated session in a web application or service +- Login Type – The login type to use to log into the account. Use the drop-down menu to select one + of the following: Sam Account Name, User Principal Name, Email Address, or Sid +- User Claim – A user claim is an assertion made by the identity provider about a user, such as + their name, role, or email, that the service provider can use for authorization decisions +- Check Certificate – If enabled, this validates the response certificate to the certificate + provided in the Certificate field. Use the toggle button to enable and disable this setting. +- Certificate – A certificate is a digital credential used to validate the identity of parties and + secure communications between an Identity Provider (IdP) and a Service Provider (SP) + +Click Save to commit the configuration settings. + +## Users/Groups Tab + +The Users/Groups tab displays users and groups that are currently assigned to this authentication +profile. To give access to the application to new users, click the New Access button, which opens +the Add Console Access window. To assign this authentication provider to existing users, go to +System Settings > User Access Page. + +![UserGroups tab for an authneication provider](/img/product_docs/threatprevention/7.5/reportingmodule/configuration/integrations/authenticationprovider/usersgroupstab.webp) + +The table displays the following information: + +- Access rule type – Indicates the access type as _Allow_, which enables console access, or _Deny_, + which disables console access +- Login name – The NTStyle domain name for the user or group account +- Display name – The display name for the user or group account +- Domain name – Name of the domain. This may be either the domain DNS name or domain controller + hostname. +- Role – The role assigned to the user or group for accessing this application +- Authentication Type – Type of MFA authentication assigned to the user or group +- Action – This column has the following icons for conducting actions on the user or group: + + - Edit icon – Allows you to edit the columns in the selected row by enabling drop-down menus. + The edit icon changes to a save icon while in edit mode. + - Trash icon – Opens a Warning window to confirm the action of deleting the user or group. + Removing a user or group removes console access for it. + - Reset MFA button – Forces the user or every user in the group to reconfigure MFA on the next + login. This option is only available if an MFA authentication type is applied to the user or + group. + +See the [User Access Page](/docs/threatprevention/7.5/reportingmodule/configuration/interface/useraccess.md) topic for additional information. diff --git a/docs/threatprevention/7.5/reportingmodule/configuration/integrations/tagmanagement.md b/docs/threatprevention/7.5/reportingmodule/configuration/integrations/tagmanagement.md index ddc29888a6..4f2b14a2fa 100644 --- a/docs/threatprevention/7.5/reportingmodule/configuration/integrations/tagmanagement.md +++ b/docs/threatprevention/7.5/reportingmodule/configuration/integrations/tagmanagement.md @@ -1,3 +1,9 @@ +--- +title: "Tag Management Page" +description: "Tag Management Page" +sidebar_position: 70 +--- + # Tag Management Page The Tag Management page displays all tags that are currently managed by the application, including diff --git a/docs/threatprevention/7.5/reportingmodule/configuration/interface/_category_.json b/docs/threatprevention/7.5/reportingmodule/configuration/interface/_category_.json new file mode 100644 index 0000000000..c02be60a02 --- /dev/null +++ b/docs/threatprevention/7.5/reportingmodule/configuration/interface/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "System Settings Interface", + "position": 30, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "interface" + } +} \ No newline at end of file diff --git a/docs/threatprevention/7.5/reportingmodule/configuration/interface/about.md b/docs/threatprevention/7.5/reportingmodule/configuration/interface/about.md new file mode 100644 index 0000000000..cab6d98784 --- /dev/null +++ b/docs/threatprevention/7.5/reportingmodule/configuration/interface/about.md @@ -0,0 +1,28 @@ +--- +title: "About Threat Manager Page" +description: "About Threat Manager Page" +sidebar_position: 50 +--- + +# About Threat Manager Page + +The About Threat Manager page in the System Settings interface provides information about the +application version and third-party licenses. + +Use the gear icon in the upper right corner of the console to open the Configuration menu. Then +select **System Settings** to open the System Settings interface. + +Click **About Threat Manager** in the navigation pane. + +![System Settings interfaces on the About Threat Manager page](/img/product_docs/threatprevention/7.5/reportingmodule/configuration/systemsettings/about.webp) + +The About Threat Manager section contains application version information. It also includes the +application copyright information. + +The Third-Party Licenses section contains a list of all third-party licenses in use by the +application. Each component and its license is listed. + +- To view the details for a specific license, click the arrow icon on its left to expand the license + details. +- To view the details for all licenses, click the **Expand All** button. +- To view the third-party's license page, click the corresponding external link icon. diff --git a/docs/threatprevention/7.5/reportingmodule/configuration/systemsettings/auditing.md b/docs/threatprevention/7.5/reportingmodule/configuration/interface/auditing.md similarity index 96% rename from docs/threatprevention/7.5/reportingmodule/configuration/systemsettings/auditing.md rename to docs/threatprevention/7.5/reportingmodule/configuration/interface/auditing.md index 7d8e50cdfa..fa378d731c 100644 --- a/docs/threatprevention/7.5/reportingmodule/configuration/systemsettings/auditing.md +++ b/docs/threatprevention/7.5/reportingmodule/configuration/interface/auditing.md @@ -1,3 +1,9 @@ +--- +title: "Auditing Page" +description: "Auditing Page" +sidebar_position: 10 +--- + # Auditing Page The Auditing page within the System Settings interface contains the Audit History table with diff --git a/docs/threatprevention/7.5/reportingmodule/configuration/interface/interface.md b/docs/threatprevention/7.5/reportingmodule/configuration/interface/interface.md new file mode 100644 index 0000000000..c15769bc81 --- /dev/null +++ b/docs/threatprevention/7.5/reportingmodule/configuration/interface/interface.md @@ -0,0 +1,23 @@ +--- +title: "System Settings Interface" +description: "System Settings Interface" +sidebar_position: 30 +--- + +# System Settings Interface + +The System Settings interface provides access to system logs, user access controls, licensing, and +more. + +Use the gear icon in the upper right corner of the console to open the Configuration menu. Then +select **System Settings** to open the System Settings interface. + +![System Settings interface](/img/product_docs/threatprevention/7.5/reportingmodule/configuration/systemsettings/interface.webp) + +It contains the following pages: + +- [Auditing Page](/docs/threatprevention/7.5/reportingmodule/configuration/interface/auditing.md) +- [User Access Page](/docs/threatprevention/7.5/reportingmodule/configuration/interface/useraccess.md) +- [Licensing Page](/docs/threatprevention/7.5/reportingmodule/configuration/interface/licensing.md) +- [System Jobs Page](/docs/threatprevention/7.5/reportingmodule/configuration/interface/systemjobs.md) +- [About Threat Manager Page](/docs/threatprevention/7.5/reportingmodule/configuration/interface/about.md) diff --git a/docs/threatprevention/7.5/reportingmodule/configuration/interface/licensing.md b/docs/threatprevention/7.5/reportingmodule/configuration/interface/licensing.md new file mode 100644 index 0000000000..d4a4c243e2 --- /dev/null +++ b/docs/threatprevention/7.5/reportingmodule/configuration/interface/licensing.md @@ -0,0 +1,26 @@ +--- +title: "Licensing Page" +description: "Licensing Page" +sidebar_position: 30 +--- + +# Licensing Page + +License information is displayed on the Licensing page of the System Settings interface. + +Use the gear icon in the upper right corner of the console to open the Configuration menu. Then +select **System Settings** to open the System Settings interface. + +Click **Licensing** in the navigation pane. + +![System Settings interface on the Licensing page](/img/product_docs/threatprevention/7.5/reportingmodule/configuration/systemsettings/licensing.webp) + +The License Info section displays the following: + +- Customer Info – Name of the licensed customer +- Type – Type of license +- Expires – Expiration date + +The License section provides a method for importing a new license, which is not applicable to the +Netwrix Threat Manager Reporting Module application. The application comes with a Report Only +license that does not expire. diff --git a/docs/threatprevention/7.5/reportingmodule/configuration/systemsettings/systemjobs.md b/docs/threatprevention/7.5/reportingmodule/configuration/interface/systemjobs.md similarity index 96% rename from docs/threatprevention/7.5/reportingmodule/configuration/systemsettings/systemjobs.md rename to docs/threatprevention/7.5/reportingmodule/configuration/interface/systemjobs.md index dbd8540e7b..bfb59ee99f 100644 --- a/docs/threatprevention/7.5/reportingmodule/configuration/systemsettings/systemjobs.md +++ b/docs/threatprevention/7.5/reportingmodule/configuration/interface/systemjobs.md @@ -1,3 +1,9 @@ +--- +title: "System Jobs Page" +description: "System Jobs Page" +sidebar_position: 40 +--- + # System Jobs Page The System Jobs page within the System Settings interface contains information and configuration diff --git a/docs/threatprevention/7.5/reportingmodule/configuration/systemsettings/useraccess.md b/docs/threatprevention/7.5/reportingmodule/configuration/interface/useraccess.md similarity index 98% rename from docs/threatprevention/7.5/reportingmodule/configuration/systemsettings/useraccess.md rename to docs/threatprevention/7.5/reportingmodule/configuration/interface/useraccess.md index c7638e6e6d..33def078be 100644 --- a/docs/threatprevention/7.5/reportingmodule/configuration/systemsettings/useraccess.md +++ b/docs/threatprevention/7.5/reportingmodule/configuration/interface/useraccess.md @@ -1,3 +1,9 @@ +--- +title: "User Access Page" +description: "User Access Page" +sidebar_position: 20 +--- + # User Access Page The User Access page within the System Settings interface displays users and groups with their @@ -123,7 +129,7 @@ The following authentication types can be assigned to users and groups: third-party authentication provider. This must be configure in the Authentication Provider page of the Integrations interface in order to be available for user assignment. -See the [Authentication Provider Page](/docs/threatprevention/7.5/reportingmodule/configuration/integrations/authenticationprovider/page.md) topic for +See the [Authentication Provider Page](/docs/threatprevention/7.5/reportingmodule/configuration/integrations/page/page.md) topic for additional information. ### Add Console Access diff --git a/docs/threatprevention/7.5/reportingmodule/configuration/overview.md b/docs/threatprevention/7.5/reportingmodule/configuration/overview.md index bf0a3f8c98..f44093e220 100644 --- a/docs/threatprevention/7.5/reportingmodule/configuration/overview.md +++ b/docs/threatprevention/7.5/reportingmodule/configuration/overview.md @@ -1,3 +1,9 @@ +--- +title: "Configuration Menu" +description: "Configuration Menu" +sidebar_position: 10 +--- + # Configuration Menu Use the gear icon in the upper right corner of the console to open the Configuration menu. @@ -13,4 +19,4 @@ It contains the following options: application server. See the [System Health Interface](/docs/threatprevention/7.5/reportingmodule/configuration/systemhealth.md) topic for additional information. - System Settings – Provides access to system logs, user access controls, licensing, and more. See - the [System Settings Interface](/docs/threatprevention/7.5/reportingmodule/configuration/systemsettings/interface.md) topic for additional information. + the [System Settings Interface](/docs/threatprevention/7.5/reportingmodule/configuration/interface/interface.md) topic for additional information. diff --git a/docs/threatprevention/7.5/reportingmodule/configuration/systemhealth.md b/docs/threatprevention/7.5/reportingmodule/configuration/systemhealth.md index 222f63afbe..2a98cace69 100644 --- a/docs/threatprevention/7.5/reportingmodule/configuration/systemhealth.md +++ b/docs/threatprevention/7.5/reportingmodule/configuration/systemhealth.md @@ -1,3 +1,9 @@ +--- +title: "System Health Interface" +description: "System Health Interface" +sidebar_position: 20 +--- + # System Health Interface The System Health interface has one page, Services, that displays the services associated with the diff --git a/docs/threatprevention/7.5/reportingmodule/configuration/systemsettings/about.md b/docs/threatprevention/7.5/reportingmodule/configuration/systemsettings/about.md deleted file mode 100644 index 68fe4ba6aa..0000000000 --- a/docs/threatprevention/7.5/reportingmodule/configuration/systemsettings/about.md +++ /dev/null @@ -1,22 +0,0 @@ -# About Threat Manager Page - -The About Threat Manager page in the System Settings interface provides information about the -application version and third-party licenses. - -Use the gear icon in the upper right corner of the console to open the Configuration menu. Then -select **System Settings** to open the System Settings interface. - -Click **About Threat Manager** in the navigation pane. - -![System Settings interfaces on the About Threat Manager page](/img/product_docs/threatprevention/7.5/reportingmodule/configuration/systemsettings/about.webp) - -The About Threat Manager section contains application version information. It also includes the -application copyright information. - -The Third-Party Licenses section contains a list of all third-party licenses in use by the -application. Each component and its license is listed. - -- To view the details for a specific license, click the arrow icon on its left to expand the license - details. -- To view the details for all licenses, click the **Expand All** button. -- To view the third-party's license page, click the corresponding external link icon. diff --git a/docs/threatprevention/7.5/reportingmodule/configuration/systemsettings/interface.md b/docs/threatprevention/7.5/reportingmodule/configuration/systemsettings/interface.md deleted file mode 100644 index c05a70ecd9..0000000000 --- a/docs/threatprevention/7.5/reportingmodule/configuration/systemsettings/interface.md +++ /dev/null @@ -1,17 +0,0 @@ -# System Settings Interface - -The System Settings interface provides access to system logs, user access controls, licensing, and -more. - -Use the gear icon in the upper right corner of the console to open the Configuration menu. Then -select **System Settings** to open the System Settings interface. - -![System Settings interface](/img/product_docs/threatprevention/7.5/reportingmodule/configuration/systemsettings/interface.webp) - -It contains the following pages: - -- [Auditing Page](/docs/threatprevention/7.5/reportingmodule/configuration/systemsettings/auditing.md) -- [User Access Page](/docs/threatprevention/7.5/reportingmodule/configuration/systemsettings/useraccess.md) -- [Licensing Page](/docs/threatprevention/7.5/reportingmodule/configuration/systemsettings/licensing.md) -- [System Jobs Page](/docs/threatprevention/7.5/reportingmodule/configuration/systemsettings/systemjobs.md) -- [About Threat Manager Page](/docs/threatprevention/7.5/reportingmodule/configuration/systemsettings/about.md) diff --git a/docs/threatprevention/7.5/reportingmodule/configuration/systemsettings/licensing.md b/docs/threatprevention/7.5/reportingmodule/configuration/systemsettings/licensing.md deleted file mode 100644 index 16d1d5a40d..0000000000 --- a/docs/threatprevention/7.5/reportingmodule/configuration/systemsettings/licensing.md +++ /dev/null @@ -1,20 +0,0 @@ -# Licensing Page - -License information is displayed on the Licensing page of the System Settings interface. - -Use the gear icon in the upper right corner of the console to open the Configuration menu. Then -select **System Settings** to open the System Settings interface. - -Click **Licensing** in the navigation pane. - -![System Settings interface on the Licensing page](/img/product_docs/threatprevention/7.5/reportingmodule/configuration/systemsettings/licensing.webp) - -The License Info section displays the following: - -- Customer Info – Name of the licensed customer -- Type – Type of license -- Expires – Expiration date - -The License section provides a method for importing a new license, which is not applicable to the -Netwrix Threat Manager Reporting Module application. The application comes with a Report Only -license that does not expire. diff --git a/docs/threatprevention/7.5/reportingmodule/investigations/_category_.json b/docs/threatprevention/7.5/reportingmodule/investigations/_category_.json new file mode 100644 index 0000000000..5761d17365 --- /dev/null +++ b/docs/threatprevention/7.5/reportingmodule/investigations/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Investigations Interface", + "position": 20, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/threatprevention/7.5/reportingmodule/investigations/auditcompliance.md b/docs/threatprevention/7.5/reportingmodule/investigations/auditcompliance.md index 5d3dff3cf2..6b671a3ab9 100644 --- a/docs/threatprevention/7.5/reportingmodule/investigations/auditcompliance.md +++ b/docs/threatprevention/7.5/reportingmodule/investigations/auditcompliance.md @@ -1,3 +1,9 @@ +--- +title: "Audit and Compliance Page" +description: "Audit and Compliance Page" +sidebar_position: 50 +--- + # Audit and Compliance Page The Audit and Compliance page in the Investigations interface list of saved out-of-the-box @@ -21,7 +27,7 @@ subscription, or export the report. See the [Investigation Options](/docs/threat additional information on saved investigation options. Every report generated by an investigation query displays the same type of information. See the -[Investigation Reports](/docs/threatprevention/7.5/reportingmodule/investigations/reports.md) topic for additional information. +[Investigation Reports](/docs/threatprevention/7.5/reportingmodule/investigations/reports/reports.md) topic for additional information. By default, this folder contains the following saved investigations: diff --git a/docs/threatprevention/7.5/reportingmodule/investigations/favorites.md b/docs/threatprevention/7.5/reportingmodule/investigations/favorites.md index 6077ce89cb..9aa5639d76 100644 --- a/docs/threatprevention/7.5/reportingmodule/investigations/favorites.md +++ b/docs/threatprevention/7.5/reportingmodule/investigations/favorites.md @@ -1,3 +1,9 @@ +--- +title: "Favorites Page" +description: "Favorites Page" +sidebar_position: 40 +--- + # Favorites Page The Favorites page in the Investigations interface lists all saved investigations the logged in user diff --git a/docs/threatprevention/7.5/reportingmodule/investigations/group.md b/docs/threatprevention/7.5/reportingmodule/investigations/group.md deleted file mode 100644 index a905548f82..0000000000 --- a/docs/threatprevention/7.5/reportingmodule/investigations/group.md +++ /dev/null @@ -1,64 +0,0 @@ -# Group Details Page - -The Group Details page displays the membership details for a group. - -In an investigation report, when you click the Perpetrator (user name) link or Target (host name) -link, you land on the User Details page or the Host Details page. Click a group name here to go to -the Group Details page. - -![Group Details page - Members tab](/img/product_docs/threatprevention/7.5/reportingmodule/investigations/groupdetails.webp) - -The top of the page displays a group profile card that may contain the following information about -the group: - -- Name -- DN -- NT Name (SAM Account Name) -- Object GUID -- Object Type -- Domain -- Tags, with an option to add additional tags - -The Group Details page has the following tabs: - -- Members tab -- Group Membership tab - -## Members Tab - -On the Group Details page, the Members tab is displayed by default. - -The Members tab displays information about the members of the group. It has two sub-tabs: - -- Direct Members – Lists objects (such as users, computers, groups) who are direct members of the - group -- All Members – Lists direct and indirect members of the group. Indirect members are those who are - members of this group through nested groups - -Each sub-tab displays a table with the following columns: - -- Name – The display name of the member. Click the link to view object details. -- Domain – Name of the domain. This may be either the domain DNS name or domain controller hostname. -- Email – The email address of the member -- Title – user's title, as read from Active Directory -- Department – user's department, as read from Active Directory - -## Group Membership Tab - -Click the Group Membership tab to open it. - -![Group Membership Tab](/img/product_docs/threatprevention/7.5/reportingmodule/investigations/groupmembershiptab.webp) - -The Group Membership tab displays the groups that _the group_ is a member of. Here, 'the group' -refers to the group whose details you are viewing. - -The tab has two sub-tabs: - -- Direct Member Of – Lists groups the group is a direct member of -- Indirect Member Of – Lists groups the group is a member of via membership in a nested group - -Each sub-tab displays a table with the following columns: - -- Name - The name of the group. Click the link to view group details. -- Domain - Name of the domain. This may be either the domain DNS name or domain controller hostname. -- Tags - The tag present on the perpetrator, file, or host associated with the event diff --git a/docs/threatprevention/7.5/reportingmodule/investigations/host.md b/docs/threatprevention/7.5/reportingmodule/investigations/host.md deleted file mode 100644 index 2af6fc4fb9..0000000000 --- a/docs/threatprevention/7.5/reportingmodule/investigations/host.md +++ /dev/null @@ -1,37 +0,0 @@ -# Host Details Page - -The Host Details page displays the groups that a host is a member of. - -In an investigation report, host names appear as links under the Target column in the Event Details -and Top Resources sections (see the [Investigation Reports](/docs/threatprevention/7.5/reportingmodule/investigations/reports.md) topic). Click a link to land -on the Host Details page. - -![Host Details page](/img/product_docs/threatprevention/7.5/reportingmodule/investigations/hostdetails.webp) - -The top of the page displays a host profile card which may contain the following information about -the host: - -- Host Name -- Distinguished Name (DN) -- NT Name (SAM Account Name) -- DNG Host Name -- Operating System -- Operating System Version -- Object GUID -- Object Type -- Domain -- Tags, with an option to add additional tags - -## Group Membership Tab - -The Group Membership tab displays the groups the host is a member of. It has the following sub-tabs: - -- Direct Member Of – Lists groups the host is a direct member of -- Indirect Member Of – Lists groups the host is a member of via membership in a nested group - -Each sub-tab displays a table with the following columns: - -- Group – The name of the group. Click the link to view group details. See the - [Group Details Page](/docs/threatprevention/7.5/reportingmodule/investigations/group.md) topic for additional information. -- Domain – Name of the domain. This may be either the domain DNS name or domain controller hostname. -- Tags – The tag present on the perpetrator, file, or host associated with the event diff --git a/docs/threatprevention/7.5/reportingmodule/investigations/myinvestigations.md b/docs/threatprevention/7.5/reportingmodule/investigations/myinvestigations.md index d3014acb6c..c3c01469d5 100644 --- a/docs/threatprevention/7.5/reportingmodule/investigations/myinvestigations.md +++ b/docs/threatprevention/7.5/reportingmodule/investigations/myinvestigations.md @@ -1,3 +1,9 @@ +--- +title: "My Investigations Page" +description: "My Investigations Page" +sidebar_position: 70 +--- + # My Investigations Page The My Investigations page in the Investigations interface provides a list of saved investigations @@ -22,4 +28,4 @@ subscription, or export the report. See the [Investigation Options](/docs/threat additional information on saved investigation options. Every report generated by an investigation query displays the same type of information. See the -[Investigation Reports](/docs/threatprevention/7.5/reportingmodule/investigations/reports.md) topic for additional information. +[Investigation Reports](/docs/threatprevention/7.5/reportingmodule/investigations/reports/reports.md) topic for additional information. diff --git a/docs/threatprevention/7.5/reportingmodule/investigations/newinvestigation.md b/docs/threatprevention/7.5/reportingmodule/investigations/newinvestigation.md index debd2dd0ab..abc7641e21 100644 --- a/docs/threatprevention/7.5/reportingmodule/investigations/newinvestigation.md +++ b/docs/threatprevention/7.5/reportingmodule/investigations/newinvestigation.md @@ -1,3 +1,9 @@ +--- +title: "New Investigation Page" +description: "New Investigation Page" +sidebar_position: 30 +--- + # New Investigation Page The New Investigation page within the Investigations interface enables you to run queries on @@ -13,7 +19,7 @@ To generate a new investigation report, configure the filters as desired and set the [Filters Section](/docs/threatprevention/7.5/reportingmodule/investigations/options/filters.md) topic for additional information. Then click **Run Query**. The report data is displayed in the sections below the Filters section. -See the [Investigation Reports](/docs/threatprevention/7.5/reportingmodule/investigations/reports.md) topic for additional information. +See the [Investigation Reports](/docs/threatprevention/7.5/reportingmodule/investigations/reports/reports.md) topic for additional information. **NOTE:** If you run a query without applying filters, the report sections display all activity by all users for the designated timeframe, which is set by default to _Last Hour_. diff --git a/docs/threatprevention/7.5/reportingmodule/investigations/options/_category_.json b/docs/threatprevention/7.5/reportingmodule/investigations/options/_category_.json new file mode 100644 index 0000000000..ac363bcbf4 --- /dev/null +++ b/docs/threatprevention/7.5/reportingmodule/investigations/options/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Investigation Options", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/threatprevention/7.5/reportingmodule/investigations/options/edit.md b/docs/threatprevention/7.5/reportingmodule/investigations/options/edit.md index b32cc9b415..415ba8a9ad 100644 --- a/docs/threatprevention/7.5/reportingmodule/investigations/options/edit.md +++ b/docs/threatprevention/7.5/reportingmodule/investigations/options/edit.md @@ -1,3 +1,9 @@ +--- +title: "Edit or Duplicate an Investigation" +description: "Edit or Duplicate an Investigation" +sidebar_position: 20 +--- + # Edit or Duplicate an Investigation An investigation can be edited and even duplicated. diff --git a/docs/threatprevention/7.5/reportingmodule/investigations/options/export.md b/docs/threatprevention/7.5/reportingmodule/investigations/options/export.md index 157949e821..b16394895b 100644 --- a/docs/threatprevention/7.5/reportingmodule/investigations/options/export.md +++ b/docs/threatprevention/7.5/reportingmodule/investigations/options/export.md @@ -1,3 +1,9 @@ +--- +title: "Export Report" +description: "Export Report" +sidebar_position: 40 +--- + # Export Report The Export option provides choices for how you can export the report results for an investigation. diff --git a/docs/threatprevention/7.5/reportingmodule/investigations/options/filters.md b/docs/threatprevention/7.5/reportingmodule/investigations/options/filters.md index 26b9a27d95..93b5f90b3e 100644 --- a/docs/threatprevention/7.5/reportingmodule/investigations/options/filters.md +++ b/docs/threatprevention/7.5/reportingmodule/investigations/options/filters.md @@ -1,3 +1,9 @@ +--- +title: "Filters Section" +description: "Filters Section" +sidebar_position: 10 +--- + # Filters Section The Filters section provides options to build a filter statement by selecting the Attribute, @@ -216,4 +222,4 @@ Once the filter is set, you can generate the report ad hoc by clicking **Run Que to test if your filter statement is working as desired. Save the investigation for reuse. You can also add subscriptions or export the report data using the options above the Filters section. -See the [Investigation Reports](/docs/threatprevention/7.5/reportingmodule/investigations/reports.md) topic for additional information. +See the [Investigation Reports](/docs/threatprevention/7.5/reportingmodule/investigations/reports/reports.md) topic for additional information. diff --git a/docs/threatprevention/7.5/reportingmodule/investigations/options/overview.md b/docs/threatprevention/7.5/reportingmodule/investigations/options/overview.md index a1df678f38..c2666d66d7 100644 --- a/docs/threatprevention/7.5/reportingmodule/investigations/options/overview.md +++ b/docs/threatprevention/7.5/reportingmodule/investigations/options/overview.md @@ -1,3 +1,9 @@ +--- +title: "Investigation Options" +description: "Investigation Options" +sidebar_position: 10 +--- + # Investigation Options You can view a saved investigation. @@ -33,7 +39,7 @@ Every investigation has the following options at the top of the page: - Run Query – The Run Query button pulls available activity data that match the set filters and timeframe. The data is displayed on the Event Details, Events Over Time, and Top Resources tabs. - See the [Investigation Reports](/docs/threatprevention/7.5/reportingmodule/investigations/reports.md) topic for additional information. + See the [Investigation Reports](/docs/threatprevention/7.5/reportingmodule/investigations/reports/reports.md) topic for additional information. - Filters – The Filters section provides options to build a filter statement by selecting the Attribute, Operator, and Filter value. A time period for the report data is also configured here. If multiple data sources have been configured, there is also a Source drop-down menu. See the diff --git a/docs/threatprevention/7.5/reportingmodule/investigations/options/subscription.md b/docs/threatprevention/7.5/reportingmodule/investigations/options/subscription.md index 1d6413c907..92fcc2e960 100644 --- a/docs/threatprevention/7.5/reportingmodule/investigations/options/subscription.md +++ b/docs/threatprevention/7.5/reportingmodule/investigations/options/subscription.md @@ -1,3 +1,9 @@ +--- +title: "Add Subscription" +description: "Add Subscription" +sidebar_position: 30 +--- + # Add Subscription A subscription sends the report results for an investigation to recipients via email as an diff --git a/docs/threatprevention/7.5/reportingmodule/investigations/overview.md b/docs/threatprevention/7.5/reportingmodule/investigations/overview.md index eaeca28ea1..86065d2dc4 100644 --- a/docs/threatprevention/7.5/reportingmodule/investigations/overview.md +++ b/docs/threatprevention/7.5/reportingmodule/investigations/overview.md @@ -1,3 +1,9 @@ +--- +title: "Investigations Interface" +description: "Investigations Interface" +sidebar_position: 20 +--- + # Investigations Interface The Investigation interface allows administrators to investigate all data available to the @@ -43,7 +49,7 @@ Every investigation has the same options at the top of the page. See the [Investigation Options](/docs/threatprevention/7.5/reportingmodule/investigations/options/overview.md) topic for additional information. Every report generated by an investigation query displays the same type of information. See the -[Investigation Reports](/docs/threatprevention/7.5/reportingmodule/investigations/reports.md) topic for additional information. +[Investigation Reports](/docs/threatprevention/7.5/reportingmodule/investigations/reports/reports.md) topic for additional information. ## Search for Saved Investigations diff --git a/docs/threatprevention/7.5/reportingmodule/investigations/predefinedinvestigations.md b/docs/threatprevention/7.5/reportingmodule/investigations/predefinedinvestigations.md index 02a7c4fc12..a3d83f5ed4 100644 --- a/docs/threatprevention/7.5/reportingmodule/investigations/predefinedinvestigations.md +++ b/docs/threatprevention/7.5/reportingmodule/investigations/predefinedinvestigations.md @@ -1,3 +1,9 @@ +--- +title: "Predefined Investigations Page" +description: "Predefined Investigations Page" +sidebar_position: 60 +--- + # Predefined Investigations Page The Predefined Investigations page in the Investigations interface provides a list of saved @@ -23,7 +29,7 @@ subscription, or export the report. See the [Investigation Options](/docs/threat additional information on saved investigation options. Every report generated by an investigation query displays the same type of information. See the -[Investigation Reports](/docs/threatprevention/7.5/reportingmodule/investigations/reports.md) topic for additional information. +[Investigation Reports](/docs/threatprevention/7.5/reportingmodule/investigations/reports/reports.md) topic for additional information. By default, these investigations are grouped in subfolders. Each subfolder page has the same table as the Predefined Investigations page, scoped to the investigations within that folder. diff --git a/docs/threatprevention/7.5/reportingmodule/investigations/reports.md b/docs/threatprevention/7.5/reportingmodule/investigations/reports.md deleted file mode 100644 index c09cd15885..0000000000 --- a/docs/threatprevention/7.5/reportingmodule/investigations/reports.md +++ /dev/null @@ -1,112 +0,0 @@ -# Investigation Reports - -A report generated by an investigation query displays the following information: - -- Event Details – Provides a view of all events matching the criteria specified for the - investigation. See the Events Details Tab topic for additional information. -- Events Over Time – Provides a bar graph and pie chart for events matching the criteria specified - for the investigation. See the Events Over Time Tab topic for additional information. -- Top Resources – Provides summary statistics for perpetrators (users) and targets (hosts) - associated with the events matching the criteria specified for the investigation. See the Top - Resources Tab topic for additional information. - -**NOTE:** For an investigations to return information on user display names, groups, or email -addresses, the StealthDEFEND Active Directory Service must be running to collect Active Directory -data prior to running an investigation. See the -[Active Directory Sync Page](/docs/threatprevention/7.5/reportingmodule/configuration/integrations/activedirectorysync.md) topic for -additional information. - -Click **Investigate** in the application header bar to open the Investigations interface. Then -create a new investigation or click a folder in the navigation pane to access a saved investigation. -An investigation is located in the folder where it was saved. - -Enter information in the Filters section, which includes one or more filter statements and a -timeframe, to generate the report. - -## Events Details Tab - -The Event Details tab provides a view of all events matching the criteria specified for the -investigation. - -![Events Detaisl section of an investigation report](/img/product_docs/threatprevention/7.5/reportingmodule/investigations/eventdetails.webp) - -The table displays the following data: - -- TimeStamp – The exact date and time when the event occurred -- Target – The specific object, resource, or entity that was the focus of the event. The name is in - NT style [domain\computer name]. Click the link to view target details. -- User – The name of the user in sAMAccountName format who generated the activity. Click the link to - view user details. -- Perpetrator – The name of the user, group, or entity responsible for carrying out an action. This - name is in sAMAccountName format. Click the link to view perpetrator details. -- Successful – Indicates whether the action associated with the event was successfully completed: - - - True – The operation was successful - - False – The operation failed - -- Blocked – Indicates whether the operation was prevented by a security measure, such as a Netwrix - agent: - - - True – The operation was blocked - - False – The operation was not blocked - -- Operation – The type of activity performed -- Client – The name of the system or entity that initiates an action or request towards a server or - another system. This name is in NT style [domain\computer name]. Click the link to view client - details. -- Description – A summary of the event - -Click the arrow () in the table for a specific event to view additional details. - -See the [Host Details Page](/docs/threatprevention/7.5/reportingmodule/investigations/host.md) and [User Details Page](/docs/threatprevention/7.5/reportingmodule/investigations/user.md) topics for additional -information. - -## Events Over Time Tab - -The Events Over Time section displays a bar graph and pie chart for events matching the criteria -specified for the investigation. - -![Events Over Time section of an Investigations report](/img/product_docs/threatprevention/7.5/reportingmodule/investigations/eventsovertime.webp) - -- Hover over a time period to view the type of event and number of events logged for that timeframe. -- Hover over the pie chart to view the total number of each type of event. The total number of all - events is displayed in the middle of the pie chart. - -## Top Resources Tab - -The Top Resources tab displays summary statistics for perpetrators (users) and targets (hosts) -associated with the events matching the criteria specified for the investigation. - -![Top Resources section of an Investigations report](/img/product_docs/threatprevention/7.5/reportingmodule/investigations/topresources.webp) - -The tab contains two tables: - -- Top Perpetrators -- Top Targets - -Top Perpetrators Table - -The Top Perpetrators table displays information about the perpetrators associated with the events. - -It contains the following columns: - -- User Name – The name of the user in sAMAccountName format who generated the event -- Servers – The number of servers where the user generated events -- Actions – The number of events generated by the user - -Click the link to view perpetrator details. See the [User Details Page](/docs/threatprevention/7.5/reportingmodule/investigations/user.md) topic for -additional information. - -Top Targets Table - -The Top Targets table displays information about targets associated with the events. - -It contains the following columns: - -- Target Name – The specific object, resource, or entity that was the focus of the event. This name - is in NT style [domain\computer name]. -- Users – The number of users who generated events -- Actions – The number of events generated by all users on the target - -Click the link to view target details. See the [Host Details Page](/docs/threatprevention/7.5/reportingmodule/investigations/host.md) topic for additional -information. diff --git a/docs/threatprevention/7.5/reportingmodule/investigations/reports/_category_.json b/docs/threatprevention/7.5/reportingmodule/investigations/reports/_category_.json new file mode 100644 index 0000000000..cc81e32d34 --- /dev/null +++ b/docs/threatprevention/7.5/reportingmodule/investigations/reports/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Investigation Reports", + "position": 20, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "reports" + } +} \ No newline at end of file diff --git a/docs/threatprevention/7.5/reportingmodule/investigations/reports/group.md b/docs/threatprevention/7.5/reportingmodule/investigations/reports/group.md new file mode 100644 index 0000000000..6bf5663a90 --- /dev/null +++ b/docs/threatprevention/7.5/reportingmodule/investigations/reports/group.md @@ -0,0 +1,70 @@ +--- +title: "Group Details Page" +description: "Group Details Page" +sidebar_position: 10 +--- + +# Group Details Page + +The Group Details page displays the membership details for a group. + +In an investigation report, when you click the Perpetrator (user name) link or Target (host name) +link, you land on the User Details page or the Host Details page. Click a group name here to go to +the Group Details page. + +![Group Details page - Members tab](/img/product_docs/threatprevention/7.5/reportingmodule/investigations/groupdetails.webp) + +The top of the page displays a group profile card that may contain the following information about +the group: + +- Name +- DN +- NT Name (SAM Account Name) +- Object GUID +- Object Type +- Domain +- Tags, with an option to add additional tags + +The Group Details page has the following tabs: + +- Members tab +- Group Membership tab + +## Members Tab + +On the Group Details page, the Members tab is displayed by default. + +The Members tab displays information about the members of the group. It has two sub-tabs: + +- Direct Members – Lists objects (such as users, computers, groups) who are direct members of the + group +- All Members – Lists direct and indirect members of the group. Indirect members are those who are + members of this group through nested groups + +Each sub-tab displays a table with the following columns: + +- Name – The display name of the member. Click the link to view object details. +- Domain – Name of the domain. This may be either the domain DNS name or domain controller hostname. +- Email – The email address of the member +- Title – user's title, as read from Active Directory +- Department – user's department, as read from Active Directory + +## Group Membership Tab + +Click the Group Membership tab to open it. + +![Group Membership Tab](/img/product_docs/threatprevention/7.5/reportingmodule/investigations/groupmembershiptab.webp) + +The Group Membership tab displays the groups that _the group_ is a member of. Here, 'the group' +refers to the group whose details you are viewing. + +The tab has two sub-tabs: + +- Direct Member Of – Lists groups the group is a direct member of +- Indirect Member Of – Lists groups the group is a member of via membership in a nested group + +Each sub-tab displays a table with the following columns: + +- Name - The name of the group. Click the link to view group details. +- Domain - Name of the domain. This may be either the domain DNS name or domain controller hostname. +- Tags - The tag present on the perpetrator, file, or host associated with the event diff --git a/docs/threatprevention/7.5/reportingmodule/investigations/reports/host.md b/docs/threatprevention/7.5/reportingmodule/investigations/reports/host.md new file mode 100644 index 0000000000..e8516282f9 --- /dev/null +++ b/docs/threatprevention/7.5/reportingmodule/investigations/reports/host.md @@ -0,0 +1,43 @@ +--- +title: "Host Details Page" +description: "Host Details Page" +sidebar_position: 20 +--- + +# Host Details Page + +The Host Details page displays the groups that a host is a member of. + +In an investigation report, host names appear as links under the Target column in the Event Details +and Top Resources sections (see the [Investigation Reports](/docs/threatprevention/7.5/reportingmodule/investigations/reports/reports.md) topic). Click a link to land +on the Host Details page. + +![Host Details page](/img/product_docs/threatprevention/7.5/reportingmodule/investigations/hostdetails.webp) + +The top of the page displays a host profile card which may contain the following information about +the host: + +- Host Name +- Distinguished Name (DN) +- NT Name (SAM Account Name) +- DNG Host Name +- Operating System +- Operating System Version +- Object GUID +- Object Type +- Domain +- Tags, with an option to add additional tags + +## Group Membership Tab + +The Group Membership tab displays the groups the host is a member of. It has the following sub-tabs: + +- Direct Member Of – Lists groups the host is a direct member of +- Indirect Member Of – Lists groups the host is a member of via membership in a nested group + +Each sub-tab displays a table with the following columns: + +- Group – The name of the group. Click the link to view group details. See the + [Group Details Page](/docs/threatprevention/7.5/reportingmodule/investigations/reports/group.md) topic for additional information. +- Domain – Name of the domain. This may be either the domain DNS name or domain controller hostname. +- Tags – The tag present on the perpetrator, file, or host associated with the event diff --git a/docs/threatprevention/7.5/reportingmodule/investigations/reports/reports.md b/docs/threatprevention/7.5/reportingmodule/investigations/reports/reports.md new file mode 100644 index 0000000000..ce3bc48f50 --- /dev/null +++ b/docs/threatprevention/7.5/reportingmodule/investigations/reports/reports.md @@ -0,0 +1,118 @@ +--- +title: "Investigation Reports" +description: "Investigation Reports" +sidebar_position: 20 +--- + +# Investigation Reports + +A report generated by an investigation query displays the following information: + +- Event Details – Provides a view of all events matching the criteria specified for the + investigation. See the Events Details Tab topic for additional information. +- Events Over Time – Provides a bar graph and pie chart for events matching the criteria specified + for the investigation. See the Events Over Time Tab topic for additional information. +- Top Resources – Provides summary statistics for perpetrators (users) and targets (hosts) + associated with the events matching the criteria specified for the investigation. See the Top + Resources Tab topic for additional information. + +**NOTE:** For an investigations to return information on user display names, groups, or email +addresses, the StealthDEFEND Active Directory Service must be running to collect Active Directory +data prior to running an investigation. See the +[Active Directory Sync Page](/docs/threatprevention/7.5/reportingmodule/configuration/integrations/activedirectorysync.md) topic for +additional information. + +Click **Investigate** in the application header bar to open the Investigations interface. Then +create a new investigation or click a folder in the navigation pane to access a saved investigation. +An investigation is located in the folder where it was saved. + +Enter information in the Filters section, which includes one or more filter statements and a +timeframe, to generate the report. + +## Events Details Tab + +The Event Details tab provides a view of all events matching the criteria specified for the +investigation. + +![Events Detaisl section of an investigation report](/img/product_docs/threatprevention/7.5/reportingmodule/investigations/eventdetails.webp) + +The table displays the following data: + +- TimeStamp – The exact date and time when the event occurred +- Target – The specific object, resource, or entity that was the focus of the event. The name is in + NT style [domain\computer name]. Click the link to view target details. +- User – The name of the user in sAMAccountName format who generated the activity. Click the link to + view user details. +- Perpetrator – The name of the user, group, or entity responsible for carrying out an action. This + name is in sAMAccountName format. Click the link to view perpetrator details. +- Successful – Indicates whether the action associated with the event was successfully completed: + + - True – The operation was successful + - False – The operation failed + +- Blocked – Indicates whether the operation was prevented by a security measure, such as a Netwrix + agent: + + - True – The operation was blocked + - False – The operation was not blocked + +- Operation – The type of activity performed +- Client – The name of the system or entity that initiates an action or request towards a server or + another system. This name is in NT style [domain\computer name]. Click the link to view client + details. +- Description – A summary of the event + +Click the arrow () in the table for a specific event to view additional details. + +See the [Host Details Page](/docs/threatprevention/7.5/reportingmodule/investigations/reports/host.md) and [User Details Page](/docs/threatprevention/7.5/reportingmodule/investigations/reports/user.md) topics for additional +information. + +## Events Over Time Tab + +The Events Over Time section displays a bar graph and pie chart for events matching the criteria +specified for the investigation. + +![Events Over Time section of an Investigations report](/img/product_docs/threatprevention/7.5/reportingmodule/investigations/eventsovertime.webp) + +- Hover over a time period to view the type of event and number of events logged for that timeframe. +- Hover over the pie chart to view the total number of each type of event. The total number of all + events is displayed in the middle of the pie chart. + +## Top Resources Tab + +The Top Resources tab displays summary statistics for perpetrators (users) and targets (hosts) +associated with the events matching the criteria specified for the investigation. + +![Top Resources section of an Investigations report](/img/product_docs/threatprevention/7.5/reportingmodule/investigations/topresources.webp) + +The tab contains two tables: + +- Top Perpetrators +- Top Targets + +Top Perpetrators Table + +The Top Perpetrators table displays information about the perpetrators associated with the events. + +It contains the following columns: + +- User Name – The name of the user in sAMAccountName format who generated the event +- Servers – The number of servers where the user generated events +- Actions – The number of events generated by the user + +Click the link to view perpetrator details. See the [User Details Page](/docs/threatprevention/7.5/reportingmodule/investigations/reports/user.md) topic for +additional information. + +Top Targets Table + +The Top Targets table displays information about targets associated with the events. + +It contains the following columns: + +- Target Name – The specific object, resource, or entity that was the focus of the event. This name + is in NT style [domain\computer name]. +- Users – The number of users who generated events +- Actions – The number of events generated by all users on the target + +Click the link to view target details. See the [Host Details Page](/docs/threatprevention/7.5/reportingmodule/investigations/reports/host.md) topic for additional +information. diff --git a/docs/threatprevention/7.5/reportingmodule/investigations/reports/user.md b/docs/threatprevention/7.5/reportingmodule/investigations/reports/user.md new file mode 100644 index 0000000000..9cade26dd8 --- /dev/null +++ b/docs/threatprevention/7.5/reportingmodule/investigations/reports/user.md @@ -0,0 +1,41 @@ +--- +title: "User Details Page" +description: "User Details Page" +sidebar_position: 30 +--- + +# User Details Page + +The User Details page displays group membership details for a user. + +In an investigation report, user names appear as links under the Perpetrator column in the Event +Details and Top Resources sections (see the [Investigation Reports](/docs/threatprevention/7.5/reportingmodule/investigations/reports/reports.md) topic). Click a link +to land on the User Details page. + +![userdetails](/img/product_docs/threatprevention/7.5/reportingmodule/investigations/userdetails.webp) + +The top of the page displays a user profile card which may contain the following information about +the user: + +- Name +- DN +- NT Name (SAM Account Name) +- Email +- Object GUID +- Object Type +- Domain +- Tags, with an option to add additional tags + +## Group Membership + +The Group Membership tab displays the groups the user is a member of. It has the following sub-tabs: + +- Direct Member Of – Lists groups the user is a direct member of +- Indirect Member Of – Lists groups the user is a member of via membership in a nested group + +Each sub-tab displays a table with the following columns: + +- Name – The name of the group. Click the link to view group details. See the + [Group Details Page](/docs/threatprevention/7.5/reportingmodule/investigations/reports/group.md) topic for additional information. +- Domain – Name of the domain. This may be either the domain DNS name or domain controller hostname. +- Tags – The tag present on the perpetrator, file, or host associated with the event diff --git a/docs/threatprevention/7.5/reportingmodule/investigations/subscriptionsexports.md b/docs/threatprevention/7.5/reportingmodule/investigations/subscriptionsexports.md index a08276cd55..f89fbc5604 100644 --- a/docs/threatprevention/7.5/reportingmodule/investigations/subscriptionsexports.md +++ b/docs/threatprevention/7.5/reportingmodule/investigations/subscriptionsexports.md @@ -1,3 +1,9 @@ +--- +title: "Subscriptions and Exports Page" +description: "Subscriptions and Exports Page" +sidebar_position: 80 +--- + # Subscriptions and Exports Page A subscription sends the report results for an investigation to recipients via email as an diff --git a/docs/threatprevention/7.5/reportingmodule/investigations/user.md b/docs/threatprevention/7.5/reportingmodule/investigations/user.md deleted file mode 100644 index 65ca86a356..0000000000 --- a/docs/threatprevention/7.5/reportingmodule/investigations/user.md +++ /dev/null @@ -1,35 +0,0 @@ -# User Details Page - -The User Details page displays group membership details for a user. - -In an investigation report, user names appear as links under the Perpetrator column in the Event -Details and Top Resources sections (see the [Investigation Reports](/docs/threatprevention/7.5/reportingmodule/investigations/reports.md) topic). Click a link -to land on the User Details page. - -![userdetails](/img/product_docs/threatprevention/7.5/reportingmodule/investigations/userdetails.webp) - -The top of the page displays a user profile card which may contain the following information about -the user: - -- Name -- DN -- NT Name (SAM Account Name) -- Email -- Object GUID -- Object Type -- Domain -- Tags, with an option to add additional tags - -## Group Membership - -The Group Membership tab displays the groups the user is a member of. It has the following sub-tabs: - -- Direct Member Of – Lists groups the user is a direct member of -- Indirect Member Of – Lists groups the user is a member of via membership in a nested group - -Each sub-tab displays a table with the following columns: - -- Name – The name of the group. Click the link to view group details. See the - [Group Details Page](/docs/threatprevention/7.5/reportingmodule/investigations/group.md) topic for additional information. -- Domain – Name of the domain. This may be either the domain DNS name or domain controller hostname. -- Tags – The tag present on the perpetrator, file, or host associated with the event diff --git a/docs/threatprevention/7.5/reportingmodule/overview.md b/docs/threatprevention/7.5/reportingmodule/overview.md index eaba7a763a..d11f579044 100644 --- a/docs/threatprevention/7.5/reportingmodule/overview.md +++ b/docs/threatprevention/7.5/reportingmodule/overview.md @@ -1,3 +1,9 @@ +--- +title: "Reporting Module" +description: "Reporting Module" +sidebar_position: 70 +--- + # Reporting Module Threat Prevention leverages the user-friendly, HTML-5 based Netwrix Threat Manager Reporting Module @@ -11,7 +17,7 @@ Threat Manager Reporting Module, configure the integration, and grant access to following topics: - [Reporting Module Server Requirements](/docs/threatprevention/7.5/requirements/reportingserver.md) -- [Set Up the Threat Manager Reporting Module](/docs/threatprevention/7.5/gettingstarted.md#set-up-the-threat-manager-reporting-module) +- [Set Up the Threat Manager Reporting Module](/docs/threatprevention/7.5/overview/gettingstarted.md#set-up-the-threat-manager-reporting-module) - [Reporting Module Installation](/docs/threatprevention/7.5/install/reportingmodule/overview.md) - [Configuration Menu ](/docs/threatprevention/7.5/reportingmodule/configuration/overview.md) - [Investigations Interface](/docs/threatprevention/7.5/reportingmodule/investigations/overview.md) diff --git a/docs/threatprevention/7.5/reportingmodule/threats.md b/docs/threatprevention/7.5/reportingmodule/threats.md index 60335506d6..0c4b781b79 100644 --- a/docs/threatprevention/7.5/reportingmodule/threats.md +++ b/docs/threatprevention/7.5/reportingmodule/threats.md @@ -1,3 +1,9 @@ +--- +title: "Threats" +description: "Threats" +sidebar_position: 30 +--- + # Threats Threat data is available in the full version of Netwrix Threat Manager. diff --git a/docs/threatprevention/7.5/requirements/_category_.json b/docs/threatprevention/7.5/requirements/_category_.json new file mode 100644 index 0000000000..8a00596580 --- /dev/null +++ b/docs/threatprevention/7.5/requirements/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Requirements", + "position": 20, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/threatprevention/7.5/requirements/adminconsole.md b/docs/threatprevention/7.5/requirements/adminconsole.md index 4cf67b455a..e67352af6e 100644 --- a/docs/threatprevention/7.5/requirements/adminconsole.md +++ b/docs/threatprevention/7.5/requirements/adminconsole.md @@ -1,3 +1,9 @@ +--- +title: "Remote Administration Console Machine Requirements" +description: "Remote Administration Console Machine Requirements" +sidebar_position: 40 +--- + # Remote Administration Console Machine Requirements This topic lists the requirements for the machine where you want to install a remote instance of the diff --git a/docs/threatprevention/7.5/requirements/agent/_category_.json b/docs/threatprevention/7.5/requirements/agent/_category_.json new file mode 100644 index 0000000000..7862b00a7e --- /dev/null +++ b/docs/threatprevention/7.5/requirements/agent/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Agent Server Requirements", + "position": 30, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "agent" + } +} \ No newline at end of file diff --git a/docs/threatprevention/7.5/requirements/agent.md b/docs/threatprevention/7.5/requirements/agent/agent.md similarity index 96% rename from docs/threatprevention/7.5/requirements/agent.md rename to docs/threatprevention/7.5/requirements/agent/agent.md index 78b4843249..9f23f16418 100644 --- a/docs/threatprevention/7.5/requirements/agent.md +++ b/docs/threatprevention/7.5/requirements/agent/agent.md @@ -1,3 +1,9 @@ +--- +title: "Agent Server Requirements" +description: "Agent Server Requirements" +sidebar_position: 30 +--- + # Agent Server Requirements The Agent server can be physical or virtual. The supported operating systems are: diff --git a/docs/threatprevention/7.5/requirements/agentnas.md b/docs/threatprevention/7.5/requirements/agent/agentnas.md similarity index 93% rename from docs/threatprevention/7.5/requirements/agentnas.md rename to docs/threatprevention/7.5/requirements/agent/agentnas.md index c1b586b91a..053b1956cd 100644 --- a/docs/threatprevention/7.5/requirements/agentnas.md +++ b/docs/threatprevention/7.5/requirements/agent/agentnas.md @@ -1,3 +1,9 @@ +--- +title: "NAS Device Support" +description: "NAS Device Support" +sidebar_position: 10 +--- + # NAS Device Support For Network-Attached Storage (NAS) device support, the Threat Prevention Agent is not deployed on diff --git a/docs/threatprevention/7.5/requirements/application.md b/docs/threatprevention/7.5/requirements/application.md index d334f5378d..5bd1025401 100644 --- a/docs/threatprevention/7.5/requirements/application.md +++ b/docs/threatprevention/7.5/requirements/application.md @@ -1,3 +1,9 @@ +--- +title: "Application Server Requirements" +description: "Application Server Requirements" +sidebar_position: 10 +--- + # Application Server Requirements This topic lists the requirements for the Threat Prevention server, where Enterprise Manager has to diff --git a/docs/threatprevention/7.5/requirements/eperestsite.md b/docs/threatprevention/7.5/requirements/eperestsite.md index 672e7fce8f..fc3881f743 100644 --- a/docs/threatprevention/7.5/requirements/eperestsite.md +++ b/docs/threatprevention/7.5/requirements/eperestsite.md @@ -1,3 +1,9 @@ +--- +title: "EPE Rest Site Requirements" +description: "EPE Rest Site Requirements" +sidebar_position: 60 +--- + # EPE Rest Site Requirements Requirements for the EPE Rest Site are the same as documented for the Netwrix Threat Manager diff --git a/docs/threatprevention/7.5/requirements/overview.md b/docs/threatprevention/7.5/requirements/overview.md index 6bfaee65ce..79ae11b4d2 100644 --- a/docs/threatprevention/7.5/requirements/overview.md +++ b/docs/threatprevention/7.5/requirements/overview.md @@ -1,3 +1,9 @@ +--- +title: "Requirements" +description: "Requirements" +sidebar_position: 20 +--- + # Requirements This topic describes the recommended configuration of the servers needed to install the Threat @@ -28,8 +34,8 @@ Core Component See the following topics for additional information: - [Application Server Requirements](/docs/threatprevention/7.5/requirements/application.md) -- [SQL Server Requirements](/docs/threatprevention/7.5/requirements/sqlserver.md) -- [Agent Server Requirements](/docs/threatprevention/7.5/requirements/agent.md) +- [SQL Server Requirements](/docs/threatprevention/7.5/requirements/sqlserver/sqlserver.md) +- [Agent Server Requirements](/docs/threatprevention/7.5/requirements/agent/agent.md) - [Reporting Module Server Requirements](/docs/threatprevention/7.5/requirements/reportingserver.md) Optional Components diff --git a/docs/threatprevention/7.5/requirements/ports.md b/docs/threatprevention/7.5/requirements/ports.md index a400e40331..02d065eef2 100644 --- a/docs/threatprevention/7.5/requirements/ports.md +++ b/docs/threatprevention/7.5/requirements/ports.md @@ -1,3 +1,9 @@ +--- +title: "Firewall Ports" +description: "Firewall Ports" +sidebar_position: 70 +--- + # Firewall Ports The following default ports are required for Threat Prevention functionality unless modified as per @@ -5,7 +11,7 @@ network requirements. If choosing the Create Windows Firewall Rules option eithe [Application Server Install](/docs/threatprevention/7.5/install/application.md), in step 6 of the [Administration Console Remote Install](/docs/threatprevention/7.5/install/adminconsole.md), on the Set Options page of the [Deploy Agents Wizard](/docs/threatprevention/7.5/admin/agents/deploy/overview.md#deploy-agents-wizard), or in step 7 of a -[Manual Agent Deployment](/docs/threatprevention/7.5/install/agent/manual.md), then Threat Prevention will create the +[Manual Agent Deployment](/docs/threatprevention/7.5/install/agent/manual/manual.md), then Threat Prevention will create the necessary Windows firewall rules. If using a third party firewall, it will be necessary to manually set these. diff --git a/docs/threatprevention/7.5/requirements/reportingserver.md b/docs/threatprevention/7.5/requirements/reportingserver.md index e5543acf2c..10e5591ac6 100644 --- a/docs/threatprevention/7.5/requirements/reportingserver.md +++ b/docs/threatprevention/7.5/requirements/reportingserver.md @@ -1,3 +1,9 @@ +--- +title: "Reporting Module Server Requirements" +description: "Reporting Module Server Requirements" +sidebar_position: 50 +--- + # Reporting Module Server Requirements **CAUTION:** Netwrix Threat Manager cannot be installed on the same server as Netwrix Threat Manager diff --git a/docs/threatprevention/7.5/requirements/sqlserver/_category_.json b/docs/threatprevention/7.5/requirements/sqlserver/_category_.json new file mode 100644 index 0000000000..da55bd15e2 --- /dev/null +++ b/docs/threatprevention/7.5/requirements/sqlserver/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "SQL Server Requirements", + "position": 20, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "sqlserver" + } +} \ No newline at end of file diff --git a/docs/threatprevention/7.5/requirements/dbmaintenance.md b/docs/threatprevention/7.5/requirements/sqlserver/dbmaintenance.md similarity index 97% rename from docs/threatprevention/7.5/requirements/dbmaintenance.md rename to docs/threatprevention/7.5/requirements/sqlserver/dbmaintenance.md index f8674feb09..594dbe4efc 100644 --- a/docs/threatprevention/7.5/requirements/dbmaintenance.md +++ b/docs/threatprevention/7.5/requirements/sqlserver/dbmaintenance.md @@ -1,3 +1,9 @@ +--- +title: "Database Maintenance Feature Requirements" +description: "Database Maintenance Feature Requirements" +sidebar_position: 10 +--- + # Database Maintenance Feature Requirements All operations to configure database maintenance on the diff --git a/docs/threatprevention/7.5/requirements/sqlserver.md b/docs/threatprevention/7.5/requirements/sqlserver/sqlserver.md similarity index 96% rename from docs/threatprevention/7.5/requirements/sqlserver.md rename to docs/threatprevention/7.5/requirements/sqlserver/sqlserver.md index c971e72c63..9f258567a9 100644 --- a/docs/threatprevention/7.5/requirements/sqlserver.md +++ b/docs/threatprevention/7.5/requirements/sqlserver/sqlserver.md @@ -1,3 +1,9 @@ +--- +title: "SQL Server Requirements" +description: "SQL Server Requirements" +sidebar_position: 20 +--- + # SQL Server Requirements Threat Prevention supports the following SQL Server versions: @@ -78,5 +84,5 @@ The following permissions are required on the databases: - Provisioned to use Default Schema of ‘dbo’ Additional permissions are required for the optional Database Maintenance feature in Threat -Prevention. See the [Database Maintenance Feature Requirements](/docs/threatprevention/7.5/requirements/dbmaintenance.md) topic for +Prevention. See the [Database Maintenance Feature Requirements](/docs/threatprevention/7.5/requirements/sqlserver/dbmaintenance.md) topic for additional information. diff --git a/docs/threatprevention/7.5/siemdashboard/_category_.json b/docs/threatprevention/7.5/siemdashboard/_category_.json new file mode 100644 index 0000000000..c8572ec538 --- /dev/null +++ b/docs/threatprevention/7.5/siemdashboard/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "SIEM Dashboards", + "position": 90, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/threatprevention/7.5/siemdashboard/activedirectory/_category_.json b/docs/threatprevention/7.5/siemdashboard/activedirectory/_category_.json new file mode 100644 index 0000000000..9403d826f8 --- /dev/null +++ b/docs/threatprevention/7.5/siemdashboard/activedirectory/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Active Directory App for Splunk", + "position": 20, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/threatprevention/7.5/siemdashboard/activedirectory/navigate/_category_.json b/docs/threatprevention/7.5/siemdashboard/activedirectory/navigate/_category_.json new file mode 100644 index 0000000000..3637077311 --- /dev/null +++ b/docs/threatprevention/7.5/siemdashboard/activedirectory/navigate/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Navigate the Active Directory App for Splunk", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "navigate" + } +} \ No newline at end of file diff --git a/docs/threatprevention/7.5/siemdashboard/activedirectory/navigate/activedirectorychanges.md b/docs/threatprevention/7.5/siemdashboard/activedirectory/navigate/activedirectorychanges.md new file mode 100644 index 0000000000..3113fcc961 --- /dev/null +++ b/docs/threatprevention/7.5/siemdashboard/activedirectory/navigate/activedirectorychanges.md @@ -0,0 +1,26 @@ +--- +title: "Active Directory Changes Dashboard" +description: "Active Directory Changes Dashboard" +sidebar_position: 10 +--- + +# Active Directory Changes Dashboard + +The Active Directory Changes dashboard contains the following cards: + +![Active Directory Changes Dashboard](/img/product_docs/threatprevention/7.5/siemdashboard/splunk/activedirectory/dashboard/adchanges.webp) + +- Changes by Type – Breakdown of changes that have been recorded in the specified timeframe by event + type +- Successful/Blocked Events – Breakdown of changes that have been recorded in the specified + timeframe by successful/failed/blocked status +- Changes by Domain – Breakdown of changes that have been recorded in the specified timeframe by + domain +- Top Client IPs – Displays up to the top five (5) client IP addresses related to events that have + been recorded in the specified timeframe +- Top Perpetrators – Displays up to the top five (5) perpetrator usernames related to events that + have been recorded in the specified timeframe +- Change Events – Tabular format of all Active Directory change events that have been recorded in + the specified timeframe + +The specified timeframe is set by default to the last 24 hours, or past day. diff --git a/docs/threatprevention/7.5/siemdashboard/activedirectory/navigate/administratorauditing.md b/docs/threatprevention/7.5/siemdashboard/activedirectory/navigate/administratorauditing.md new file mode 100644 index 0000000000..565cf87b7a --- /dev/null +++ b/docs/threatprevention/7.5/siemdashboard/activedirectory/navigate/administratorauditing.md @@ -0,0 +1,27 @@ +--- +title: "Administrator Auditing Dashboard" +description: "Administrator Auditing Dashboard" +sidebar_position: 40 +--- + +# Administrator Auditing Dashboard + +The Administrator Auditing dashboard is specifically fed by a Threat Prevention policy named Domain +Admin Activity. See the [SIEM Folder Templates](/docs/threatprevention/7.5/admin/templates/folder/siem.md) topic +for information on this policy template. If this policy template is not enabled and actively +monitoring, then this dashboard will be blank. + +![Administrator Auditing Dashboard](/img/product_docs/threatprevention/7.5/siemdashboard/splunk/activedirectory/dashboard/administratorauditing.webp) + +- Top Client IPs – Displays up to the top five (5) client IP addresses related to events that have + been recorded in the specified timeframe +- Events – Breakdown of changes that have been recorded in the specified timeframe by + successful/failed/blocked status +- Most Active Administrators – Displays up to the top five (5) usernames related to change events + that have been recorded in the specified timeframe +- All Administrator Activity – eTabular format of all events that have been recorded in the + specified timeframe +- Administrator Group Changes – Tabular format of all group changes to the Domain, Schema, and + Enterprise Admin groups that have been recorded in the specified timeframe + +The specified timeframe is set by default to the last 24 hours, or past day. diff --git a/docs/threatprevention/7.5/siemdashboard/activedirectory/navigate/authenticationattacks.md b/docs/threatprevention/7.5/siemdashboard/activedirectory/navigate/authenticationattacks.md new file mode 100644 index 0000000000..589273cbac --- /dev/null +++ b/docs/threatprevention/7.5/siemdashboard/activedirectory/navigate/authenticationattacks.md @@ -0,0 +1,18 @@ +--- +title: "Authentication Attacks Dashboard" +description: "Authentication Attacks Dashboard" +sidebar_position: 20 +--- + +# Authentication Attacks Dashboard + +The Authentication Attacks dashboard contains the following cards: + +![Authentication Attacks Dashboard](/img/product_docs/threatprevention/7.5/siemdashboard/splunk/activedirectory/dashboard/authenticationattacks.webp) + +- Authentication Attacks – Timeline of all authentication attacks that started within the specified + timeframe +- Authentication Attack Details – Tabular format of all authentication attack offenses recorded in + Splunk within the specified timeframe + +The specified timeframe is set by default to the last 24 hours, or past day. diff --git a/docs/threatprevention/7.5/siemdashboard/activedirectory/navigate/gpomonitoring.md b/docs/threatprevention/7.5/siemdashboard/activedirectory/navigate/gpomonitoring.md new file mode 100644 index 0000000000..2781239095 --- /dev/null +++ b/docs/threatprevention/7.5/siemdashboard/activedirectory/navigate/gpomonitoring.md @@ -0,0 +1,22 @@ +--- +title: "GPO Monitoring Dashboard" +description: "GPO Monitoring Dashboard" +sidebar_position: 30 +--- + +# GPO Monitoring Dashboard + +The GPO Monitoring dashboard contains the following cards: + +![GPO Monitoring Dashboard](/img/product_docs/threatprevention/7.5/siemdashboard/splunk/activedirectory/dashboard/gpomonitoring.webp) + +- Top GPOs – Displays up to the top five (5) Group Policy Objects related to events that have been + recorded in the specified timeframe +- Successful/Blocked Events – Breakdown of Group Policy Object changes that have been recorded in + the specified timeframe by successful/failed/blocked status +- Changes by Domain – Breakdown of Group Policy Object changes that have been recorded in the + specified timeframe by domain +- Change Details – Tabular format of all Group Policy Object change events that have been recorded + in the specified timeframe + +The specified timeframe is set by default to the last 24 hours, or past day. diff --git a/docs/threatprevention/7.5/siemdashboard/activedirectory/navigate/ldap.md b/docs/threatprevention/7.5/siemdashboard/activedirectory/navigate/ldap.md new file mode 100644 index 0000000000..87deff3676 --- /dev/null +++ b/docs/threatprevention/7.5/siemdashboard/activedirectory/navigate/ldap.md @@ -0,0 +1,20 @@ +--- +title: "LDAP Dashboard" +description: "LDAP Dashboard" +sidebar_position: 50 +--- + +# LDAP Dashboard + +The Lightweight Directory Access Protocol (LDAP) dashboard contains the following cards: + +![LDAP Dashboard](/img/product_docs/threatprevention/7.5/siemdashboard/splunk/activedirectory/dashboard/ldap.webp) + +- Top Client IPs – Displays up to the top five (5) client IP addresses related to LDAP events that + have been recorded in the specified timeframe +- Top Perpetrators – Displays up to the top five (5) users related to LDAP events that have been + recorded in the specified timeframe +- Change Events – Tabular format of all non-trivial LDAP queries that have been recorded in the + specified timeframe + +The specified timeframe is set by default to the last 24 hours, or past day. diff --git a/docs/threatprevention/7.5/siemdashboard/activedirectory/navigate/navigate.md b/docs/threatprevention/7.5/siemdashboard/activedirectory/navigate/navigate.md new file mode 100644 index 0000000000..398e60fdbb --- /dev/null +++ b/docs/threatprevention/7.5/siemdashboard/activedirectory/navigate/navigate.md @@ -0,0 +1,24 @@ +--- +title: "Navigate the Active Directory App for Splunk" +description: "Navigate the Active Directory App for Splunk" +sidebar_position: 10 +--- + +# Navigate the Active Directory App for Splunk + +The Netwrix Active Directory App for Splunk contains several predefined dashboards: + +- Active Directory (Overview) +- Active Directory Changes +- Authentication Attacks +- GPO Monitoring +- Administrator Auditing +- LDAP +- Policy Reporting +- User Behavior Analytics + +![Active Directory App for Splunk - Top Ribbon](/img/product_docs/threatprevention/7.5/siemdashboard/splunk/activedirectory/topribbon.webp) + +The Timeframe interval is identified in the upper-left corner of each dashboard and uses the default +Splunk search features. The drop-down menu provides additional options. To search within a different +interval, choose a new option from the menu. Then click Submit to refresh the card data. diff --git a/docs/threatprevention/7.5/siemdashboard/activedirectory/navigate/policyreporting.md b/docs/threatprevention/7.5/siemdashboard/activedirectory/navigate/policyreporting.md new file mode 100644 index 0000000000..4df72b1556 --- /dev/null +++ b/docs/threatprevention/7.5/siemdashboard/activedirectory/navigate/policyreporting.md @@ -0,0 +1,34 @@ +--- +title: "Policy Reporting Dashboard" +description: "Policy Reporting Dashboard" +sidebar_position: 60 +--- + +# Policy Reporting Dashboard + +The Policy Reporting dashboard is for viewing Threat Prevention events from any enabled policy that +is sending events to Splunk. The Policy drop-down menu in the upper-left corner of the dashboard +will be populated with all the enabled Threat Prevention policies sending event data to Splunk in +alphanumeric order. On selecting a policy, the dashboard cards will load the event data from that +policy. + +The Policy Reporting dashboard contains the following cards: + +![Policy Reporting Dashboard](/img/product_docs/threatprevention/7.5/siemdashboard/splunk/activedirectory/dashboard/policyreporting.webp) + +- Activity (Successful/Blocked) – Timeline of successful/failed/blocked events related to the + selected policy that have been recorded in the specified timeframe +- Successful/Blocked Events – Breakdown of events related to the selected policy that have been + recorded in the specified timeframe by successful/failed/blocked status +- Top Perpetrators – Displays up to the top five (5) usernames related to the selected policy that + have been recorded in the specified timeframe +- Events by Domain – Breakdown of events related to the selected policy that have been recorded in + the specified timeframe by domain +- Events by Perpetrator – Tabular format of all usernames related to the selected policy for events + that have been recorded in the specified timeframe +- Events by Domain – Tabular format of all domains related to the selected policy for events that + have been recorded in the specified timeframe +- Events – Tabular format of all events related to the selected policy that have been recorded in + the specified timeframe + +The specified timeframe is set by default to the last 24 hours, or past day. diff --git a/docs/threatprevention/7.5/siemdashboard/splunk/activedirectory/dashboard/userbehavioranalytics.md b/docs/threatprevention/7.5/siemdashboard/activedirectory/navigate/userbehavioranalytics.md similarity index 90% rename from docs/threatprevention/7.5/siemdashboard/splunk/activedirectory/dashboard/userbehavioranalytics.md rename to docs/threatprevention/7.5/siemdashboard/activedirectory/navigate/userbehavioranalytics.md index 3ac04b86ee..13d880c127 100644 --- a/docs/threatprevention/7.5/siemdashboard/splunk/activedirectory/dashboard/userbehavioranalytics.md +++ b/docs/threatprevention/7.5/siemdashboard/activedirectory/navigate/userbehavioranalytics.md @@ -1,3 +1,9 @@ +--- +title: "User Behavior Analytics Dashboard" +description: "User Behavior Analytics Dashboard" +sidebar_position: 70 +--- + # User Behavior Analytics Dashboard The User Behavior Analytics dashboard uses the functionality of the Machine Learning Toolkit app to diff --git a/docs/threatprevention/7.5/siemdashboard/activedirectory/overview.md b/docs/threatprevention/7.5/siemdashboard/activedirectory/overview.md new file mode 100644 index 0000000000..cccc1f342c --- /dev/null +++ b/docs/threatprevention/7.5/siemdashboard/activedirectory/overview.md @@ -0,0 +1,79 @@ +--- +title: "Active Directory App for Splunk" +description: "Active Directory App for Splunk" +sidebar_position: 20 +--- + +# Active Directory App for Splunk + +The Netwrix Active Directory security monitoring solution enables organizations to efficiently +monitor and prevent Active Directory changes, authentications, and attacks in real-time, without any +reliance on native logging or security controls. Using the preconfigured Netwrix Active Directory +App for Splunk, you can quickly understand all Active Directory changes as a whole, patterns of +activity indicative of account compromise, and attempts to compromise security, along with the +ability to block undesired changes and access. + +Threat Prevention can be configured to monitor Active Directory events and send the monitored events +to Splunk. + +You can integrate Netwrix’ products with the Netwrix Active Directory App for Splunk. + +- Install the Active Directory App for Splunk. +- Ensure that Threat Prevention has been configured to send events to Splunk. See the + [SIEM Tab](/docs/threatprevention/7.5/admin/configuration/systemalerting/siem.md)topic for additional information. + +## App Installation in Splunk + +Download the [Stealthbits Active Directory App for Splunk](https://splunkbase.splunk.com/app/3433/) +from the [Splunkbase](https://splunkbase.splunk.com/). Then follow the +[Splunk Add-ons](http://docs.splunk.com/Documentation/AddOns/released/Overview/Installingadd-ons) +guide provided by Splunk to install the app. + +**NOTE:** In order to use the User Behavior Analytics dashboard in the app, install +[Splunk User Behavior Analytics](https://www.splunk.com/en_us/products/premium-solutions/user-behavior-analytics.html) +(any version) and the [Machine Learning Toolkit](https://splunkbase.splunk.com/app/2890/) app for +Splunk (version 2.0.0+). + +The Netwrix Active Directory tab will appear in the Splunk web interface. + +After installing the Netwrix Active Directory App for Splunk, configure it to receive data from +Threat Prevention. + +## Initial Configuration of the Active Directory App for Splunk + +Follow the steps to configure Splunk to receive data from Threat Prevention. + +_Remember,_ prior to using the Active Directory App for Splunk, the relevant Netwrix product must be +configured to send data to Splunk. + +**Step 1 –** Determine the IP address of the Splunk console. If Splunk is hosted on a UNIX machine, +run `ifconfig`. If Splunk is hosted on a Windows machine, run `ipconfig`. This IP address is +required on the [SIEM Tab](/docs/threatprevention/7.5/admin/configuration/systemalerting/siem.md), where you configure +Threat Prevention to send data to Splunk. + +**Step 2 –** Navigate to the Settings menu in the Splunk web interface and click Data Inputs. + +**Step 3 –** Select UDP. + +**Step 4 –** Click New and add a new data input with port 514. If another Splunk UDP input is +already using 514, you should be able to safely use another value (515 or higher), as long as it is +not blocked by the network. + +**Step 5 –** Click Next. + +**Step 6 –** Under Input Settings, enter the following information: + +- Source Type – Threat Prevention +- App context – Select Search and Reporting +- Host – Select IP +- Index – Select Default + +**Step 7 –** Review and save the new settings. + +**Step 8 –** To test that the configuration is working correctly, check the Search and Reporting app +inside of the web console for Splunk (search for Threat Prevention). There should be sample logs +with KEY=%VALUE% pairs in the Event column. If there are no events, use a packet sniffer to ensure +that packets are being sent correctly between the two hosts, and diagnose any possible network +issues. + +The Netwrix Active Directory App will now display activity from the Threat Prevention data. diff --git a/docs/threatprevention/7.5/siemdashboard/overview.md b/docs/threatprevention/7.5/siemdashboard/overview.md index 41f76eb1d8..c13946b896 100644 --- a/docs/threatprevention/7.5/siemdashboard/overview.md +++ b/docs/threatprevention/7.5/siemdashboard/overview.md @@ -1,3 +1,9 @@ +--- +title: "SIEM Dashboards" +description: "SIEM Dashboards" +sidebar_position: 90 +--- + # SIEM Dashboards Threat Prevention (formerly StealthINTERCEPT) can seamlessly integrate with all SIEM dashboards that diff --git a/docs/threatprevention/7.5/siemdashboard/qradar/_category_.json b/docs/threatprevention/7.5/siemdashboard/qradar/_category_.json new file mode 100644 index 0000000000..78a7665bdd --- /dev/null +++ b/docs/threatprevention/7.5/siemdashboard/qradar/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Active Directory App for QRadar", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/threatprevention/7.5/siemdashboard/qradar/dashboard/about.md b/docs/threatprevention/7.5/siemdashboard/qradar/dashboard/about.md deleted file mode 100644 index b971e4cbd9..0000000000 --- a/docs/threatprevention/7.5/siemdashboard/qradar/dashboard/about.md +++ /dev/null @@ -1,7 +0,0 @@ -# About Dashboard - -The About dashboard provides information about the application. - -![About Dashboard](/img/product_docs/threatprevention/7.5/siemdashboard/qradar/dashboard/about.webp) - -This information includes a link to where trial licenses of Netwrix software can be obtained. diff --git a/docs/threatprevention/7.5/siemdashboard/qradar/dashboard/administratorauditing.md b/docs/threatprevention/7.5/siemdashboard/qradar/dashboard/administratorauditing.md deleted file mode 100644 index 2f444d969d..0000000000 --- a/docs/threatprevention/7.5/siemdashboard/qradar/dashboard/administratorauditing.md +++ /dev/null @@ -1,35 +0,0 @@ -# Administrator Auditing Dashboard - -The Administrator Auditing dashboard is specifically fed by a Threat Prevention policy named Domain -Admin Activity. See the [SIEM Folder Templates](/docs/threatprevention/7.5/admin/templates/folder/siem.md) topic for -information on this policy template. If this policy template is not enabled and actively monitoring, -then this dashboard will be blank. - -The Administrator Auditing dashboard contains the following cards: - -![Administrator Auditing Dashboard](/img/product_docs/threatprevention/7.5/siemdashboard/qradar/dashboard/administratorauditing.webp) - -- Top Clint IPs – Displays up to the top five (5) client IP addresses related to events that have - been recorded in the specified timeframe -- Events – Breakdown of changes that have been recorded in the specified timeframe by - successful/failed/blocked status. See the - [Graph Card Features](/docs/threatprevention/7.5/siemdashboard/qradar/navigate.md#graph-card-features) topic for additional information. -- Most Active Administrators – Displays up to the top five (5) usernames related to change events - that have been recorded in the specified timeframe -- All Administrator Activity – Tabular format of all events that have been recorded in the specified - timeframe. See the [Table Card Features](/docs/threatprevention/7.5/siemdashboard/qradar/navigate.md#table-card-features) topic for additional - information. -- Administrator Offenses – Tabular format of all offenses related to Administrators. See the - [Table Card Features](/docs/threatprevention/7.5/siemdashboard/qradar/navigate.md#table-card-features) topic for additional information. -- Administrator Group Changes – Tabular format of all group changes to the Domain, Schema, and - Enterprise Admin groups that have been recorded in the specified timeframe. See the - [Table Card Features](/docs/threatprevention/7.5/siemdashboard/qradar/navigate.md#table-card-features) topic for additional information. - -The time interval is identified in the upper-right corner with the _Start_ and _End_ boxes. This is -set by default to the past three (3) hours. To search within a different interval, either manually -type the desired date and time or use the calendar buttons to set the desired date and time -interval. Then click **Search** to refresh the card data. - -When a search using a time interval longer than twelve (12) hours is instigated, the database query -is broken into multiple mini-queries. This will result in a visible reset of the dashboard display -at the end of each mini-query until all data for the selected time interval has been retrieved. diff --git a/docs/threatprevention/7.5/siemdashboard/qradar/dashboard/authenticationattacks.md b/docs/threatprevention/7.5/siemdashboard/qradar/dashboard/authenticationattacks.md deleted file mode 100644 index 2464cdd304..0000000000 --- a/docs/threatprevention/7.5/siemdashboard/qradar/dashboard/authenticationattacks.md +++ /dev/null @@ -1,18 +0,0 @@ -# Authentication Attacks Dashboard - -The Authentication Attacks dashboard contains information on triggered authentication attack -incidents within the past week. It contains the following cards: - -![Authentication Attacks Dashboard](/img/product_docs/threatprevention/7.5/siemdashboard/qradar/dashboard/authenticationattacks.webp) - -- All Attacks (past week) – Timeline of all authentication attacks that started within the last - week. See the [Graph Card Features](/docs/threatprevention/7.5/siemdashboard/qradar/navigate.md#graph-card-features) topic for additional - information. -- Breakdown by Attack Type – Breakdown of authentication attacks that started within the last week. - See the [Graph Card Features](/docs/threatprevention/7.5/siemdashboard/qradar/navigate.md#graph-card-features) topic for additional - information. -- Attack Details – Tabular format of all authentication attack offenses recorded in QRadar. See the - [Table Card Features](/docs/threatprevention/7.5/siemdashboard/qradar/navigate.md#table-card-features) topic for additional information. -- Event Search for Attack: [Searched Attack] – Tabular format of all events related to the attack. - Information is only visible after clicking Search on an offense. See the - [Table Card Features](/docs/threatprevention/7.5/siemdashboard/qradar/navigate.md#table-card-features) topic for additional information. diff --git a/docs/threatprevention/7.5/siemdashboard/qradar/dashboard/gpomonitoring.md b/docs/threatprevention/7.5/siemdashboard/qradar/dashboard/gpomonitoring.md deleted file mode 100644 index 2872203ab1..0000000000 --- a/docs/threatprevention/7.5/siemdashboard/qradar/dashboard/gpomonitoring.md +++ /dev/null @@ -1,27 +0,0 @@ -# GPO Monitoring Dashboard - -The GPO Monitoring dashboard contains the following cards: - -![GPO Monitoring Dashboard](/img/product_docs/threatprevention/7.5/siemdashboard/qradar/dashboard/gpomonitoring.webp) - -- Top GPOs – Displays up to the top five (5) Group Policy Objects related to events that have been - recorded in the specified timeframe. See the - [Graph Card Features](/docs/threatprevention/7.5/siemdashboard/qradar/navigate.md#graph-card-features) topic for additional information. -- Successful/Blocked Events – Breakdown of Group Policy Object changes that have been recorded in - the specified timeframe by successful/failed/blocked status. See the - [Graph Card Features](/docs/threatprevention/7.5/siemdashboard/qradar/navigate.md#graph-card-features) topic for additional information. -- Changes by Domain – Breakdown of Group Policy Object changes that have been recorded in the - specified timeframe by domain. See the [Graph Card Features](/docs/threatprevention/7.5/siemdashboard/qradar/navigate.md#graph-card-features) - topic for additional information. -- Change Details – Tabular format of all Group Policy Object change events that have been recorded - in the specified timeframe. See the [Table Card Features](/docs/threatprevention/7.5/siemdashboard/qradar/navigate.md#table-card-features) - topic for additional information. - -The time interval is identified in the upper-right corner with the _Start_ and _End_ boxes. This is -set by default to the past three (3) hours. To search within a different interval, either manually -type the desired date and time or use the calendar buttons to set the desired date and time -interval. Then click **Search** to refresh the card data. - -When a search using a time interval longer than twelve (12) hours is instigated, the database query -is broken into multiple mini-queries. This will result in a visible reset of the dashboard display -at the end of each mini-query until all data for the selected time interval has been retrieved. diff --git a/docs/threatprevention/7.5/siemdashboard/qradar/dashboard/ldap.md b/docs/threatprevention/7.5/siemdashboard/qradar/dashboard/ldap.md deleted file mode 100644 index fd15f54ed5..0000000000 --- a/docs/threatprevention/7.5/siemdashboard/qradar/dashboard/ldap.md +++ /dev/null @@ -1,24 +0,0 @@ -# LDAP Dashboard - -The Lightweight Directory Access Protocol (LDAP) dashboard contains the following cards: - -![LDAP Dashboard](/img/product_docs/threatprevention/7.5/siemdashboard/qradar/dashboard/ldap.webp) - -- Top Users – Displays up to the top five (5) users related to LDAP events that have been recorded - in the specified timeframe. See the [Graph Card Features](/docs/threatprevention/7.5/siemdashboard/qradar/navigate.md#graph-card-features) - topic for additional information. -- Top Source Hosts – Displays up to the top five (5) client IP addresses related to LDAP events that - have been recorded in the specified timeframe. See the - [Graph Card Features](/docs/threatprevention/7.5/siemdashboard/qradar/navigate.md#graph-card-features) topic for additional information. -- LDAP Query Details – Tabular format of all non-trivial LDAP events that have been recorded in the - specified timeframe. See the [Table Card Features](/docs/threatprevention/7.5/siemdashboard/qradar/navigate.md#table-card-features) topic for - additional information. - -The time interval is identified in the upper-right corner with the _Start_ and _End_ boxes. This is -set by default to the past three (3) hours. To search within a different interval, either manually -type the desired date and time or use the calendar buttons to set the desired date and time -interval. Then click **Search** to refresh the card data. - -When a search using a time interval longer than twelve (12) hours is instigated, the database query -is broken into multiple mini-queries. This will result in a visible reset of the dashboard display -at the end of each mini-query until all data for the selected time interval has been retrieved. diff --git a/docs/threatprevention/7.5/siemdashboard/qradar/dashboard/overview.md b/docs/threatprevention/7.5/siemdashboard/qradar/dashboard/overview.md deleted file mode 100644 index 6f5af67211..0000000000 --- a/docs/threatprevention/7.5/siemdashboard/qradar/dashboard/overview.md +++ /dev/null @@ -1,31 +0,0 @@ -# Overview Dashboard - -The Active Directory Overview dashboard contains information on monitored Active Directory events -within the past three (3) hours. It has the following cards: - -![Overview Dashboard](/img/product_docs/threatprevention/7.5/siemdashboard/qradar/dashboard/overview.webp) - -- Authentication Attacks – Number of authentication attacks that started in the specified timeframe, - i.e., last three (3) hours. The value for this card is a hyperlink to the - [Authentication Attacks Dashboard](/docs/threatprevention/7.5/siemdashboard/qradar/dashboard/authenticationattacks.md). -- AD Changes – Number of Active Directory changes recorded in the specified timeframe, i.e., last - three (3) hours. The value for this card is a hyperlink to the - [AD Changes Dashboard](/docs/threatprevention/7.5/siemdashboard/qradar/dashboard/adchanges.md). -- GPO Changes – Number of group policy object changes recorded in the specified timeframe, i.e., - last three (3) hours. The value for this card is a hyperlink to the - [GPO Monitoring Dashboard](/docs/threatprevention/7.5/siemdashboard/qradar/dashboard/gpomonitoring.md). -- Administrator Events – Number of events related to Administrators that have been recorded in the - specified timeframe, i.e., last three (3) hours. The value for this card is a hyperlink to the - [Administrator Auditing Dashboard](/docs/threatprevention/7.5/siemdashboard/qradar/dashboard/administratorauditing.md). -- Active Users – Number of distinct users who have been involved with events that have been recorded - in the specified timeframe, i.e., past three (3) hours -- Monitored Domains – Number of distinct domains involved with events that have been recorded in the - specified timeframe, i.e., past three (3) hours -- Threat Prevention Events – Timeline of all events sent by Threat Prevention to QRadar within the - last three (3) hours -- Attacks by Type – Breakdown of authentication attacks that started within the last three (3) hours - by type of attack. See the [Graph Card Features](/docs/threatprevention/7.5/siemdashboard/qradar/navigate.md#graph-card-features) topic for - additional information. -- Active Directory Changes – Breakdown of Active Directory change events recorded in the specified - timeframe, i.e., last three (3) hours. See the - [Graph Card Features](/docs/threatprevention/7.5/siemdashboard/qradar/navigate.md#graph-card-features) topic for additional information. diff --git a/docs/threatprevention/7.5/siemdashboard/qradar/dashboard/policyreporting.md b/docs/threatprevention/7.5/siemdashboard/qradar/dashboard/policyreporting.md deleted file mode 100644 index d357eaf7f7..0000000000 --- a/docs/threatprevention/7.5/siemdashboard/qradar/dashboard/policyreporting.md +++ /dev/null @@ -1,46 +0,0 @@ -# Policy Reporting Dashboard - -The Policy Reporting dashboard is for viewing Threat Prevention events from any enabled policy that -is sending events to QRadar. This dashboard requires the SEC token to be saved in the Settings -interface in order for QRadar to actively see Threat Prevention policies and associated recent -events. See the [Settings](/docs/threatprevention/7.5/siemdashboard/qradar/settings.md) topic for additional information. - -The Policies tab on the left side of the dashboard toggles the Policies panel open and close. All -the enabled Threat Prevention policies sending event data to QRadar will be listed in alphanumeric -order. On selecting a policy, the dashboard cards will load the event data from that policy and will -reset to data search of the past three (3) hours. - -The Policy Reporting dashboard contains the following cards: - -![policyreporting](/img/product_docs/threatprevention/7.5/siemdashboard/qradar/dashboard/policyreporting.webp) - -- Activity (Successful/Blocked) – Timeline of successful/failed/blocked events related to the - selected policy that have been recorded in the specified timeframe. See the - [Graph Card Features](/docs/threatprevention/7.5/siemdashboard/qradar/navigate.md#graph-card-features) topic for additional information. -- Successful/Blocked Events – Breakdown of events related to the selected policy that have been - recorded in the specified timeframe by successful/failed/blocked status. See the - [Graph Card Features](/docs/threatprevention/7.5/siemdashboard/qradar/navigate.md#graph-card-features) topic for additional information. -- Top Perpetrators – Displays up to the top five (5) usernames related to the selected policy that - have been recorded in the specified timeframe. See the - [Graph Card Features](/docs/threatprevention/7.5/siemdashboard/qradar/navigate.md#graph-card-features) topic for additional information. -- Events by Domain – Breakdown of events related to the selected policy that have been recorded in - the specified timeframe by domain. See the - [Graph Card Features](/docs/threatprevention/7.5/siemdashboard/qradar/navigate.md#graph-card-features) topic for additional information. -- Events by Perpetrator – Tabular format of all usernames related to the selected policy for events - that have been recorded in the specified timeframe. See the - [Table Card Features](/docs/threatprevention/7.5/siemdashboard/qradar/navigate.md#table-card-features) topic for additional information. -- Events by Domain – Tabular format of all domains related to the selected policy for events that - have been recorded in the specified timeframe. See the - [Table Card Features](/docs/threatprevention/7.5/siemdashboard/qradar/navigate.md#table-card-features) topic for additional information. -- Latest Events – Tabular format of all events related to the selected policy that have been - recorded in the specified timeframe. See the - [Table Card Features](/docs/threatprevention/7.5/siemdashboard/qradar/navigate.md#table-card-features) topic for additional information. - -The time interval is identified in the upper-right corner with the _Start_ and _End_ boxes. This is -set by default to the past three (3) hours. To search within a different interval, either manually -type the desired date and time or use the calendar buttons to set the desired date and time -interval. Then click **Search** to refresh the card data. - -When a search using a time interval longer than twelve (12) hours is instigated, the database query -is broken into multiple mini-queries. This will result in a visible reset of the dashboard display -at the end of each mini-query until all data for the selected time interval has been retrieved. diff --git a/docs/threatprevention/7.5/siemdashboard/qradar/navigate.md b/docs/threatprevention/7.5/siemdashboard/qradar/navigate.md deleted file mode 100644 index 1e7d080d04..0000000000 --- a/docs/threatprevention/7.5/siemdashboard/qradar/navigate.md +++ /dev/null @@ -1,62 +0,0 @@ -# Navigate the Active Directory App for QRadar - -The Netwrix Active Directory App for QRadar (Active Directory tab) contains several predefined -dashboards: - -- About -- Active Directory (Overview) -- AD Changes -- Authentication Attacks -- GPO Monitoring -- Administrator Auditing -- LDAP -- Policy Reporting -- User Investigation -- Host Investigation. - -There is also a Settings interface for configuring the QRadar SEC token. - -![Active Directory App for QRadar - Top Ribbon](/img/product_docs/threatprevention/7.5/siemdashboard/qradar/topribbon.webp) - -The User Investigation and Host Investigation dashboards only appear when a search is conducted. -This can be done by clicking a hyperlink in the Perpetrator, Affected Object (when it is a user -account), Source IP, or Destination IP columns of a table card. Alternatively, type the complete -user name or host IP address in the Search box on the right side of the navigation bar. - -## Progress Bar - -When a search using a time interval longer than twelve (12) hours is initiated, the database query -is broken into multiple mini-queries. A progress bar will appear in the bottom left of the screen -that fills up as each query is completed. The progress bar will automatically reappear if it is -clicked on. - -## Table Card Features - -Dashboards have several cards with a tabular format. Each of these cards have the following -features: - -- Only five (5) pages of data will be loaded at a time. Applying the Search or Sort features or - moving beyond the five ‘loaded’ pages will result in a “Processing” banner being temporarily - displayed over the table while the server is directly queried for the necessary data. -- Search data entries for all columns (except the Timestamp and Event Count columns) by typing in - the Search box in the upper-right corner of the card. - - - Any entries with a match will remain in the table while all non-matching entries will be - filtered out. - - Total number of entries “Showing” will adjust for the filtered total. - -- Sort can be applied to one column at a time by clicking on the desired column header. -- Show 10, 25, 100, or All entries in the table. Only visible entries can be exported. -- Result data currently visible in the table can be exported from the dashboard: - - - Copy – Copy to clipboard in order to paste to another application - - CSV – Export to a Comma Separated Value file - - Excel – Export to an Excel Workbook file - - Print – Send currently displayed table to printer - -## Graph Card Features - -Dashboards have several cards with a graphical format. Each of these cards have the following -features: - -- Graph parts can be toggled on and off by clicking on individual elements in the legend diff --git a/docs/threatprevention/7.5/siemdashboard/qradar/navigate/_category_.json b/docs/threatprevention/7.5/siemdashboard/qradar/navigate/_category_.json new file mode 100644 index 0000000000..89a93725c9 --- /dev/null +++ b/docs/threatprevention/7.5/siemdashboard/qradar/navigate/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Navigate the Active Directory App for QRadar", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "navigate" + } +} \ No newline at end of file diff --git a/docs/threatprevention/7.5/siemdashboard/qradar/navigate/about.md b/docs/threatprevention/7.5/siemdashboard/qradar/navigate/about.md new file mode 100644 index 0000000000..c4a4aeaa1c --- /dev/null +++ b/docs/threatprevention/7.5/siemdashboard/qradar/navigate/about.md @@ -0,0 +1,13 @@ +--- +title: "About Dashboard" +description: "About Dashboard" +sidebar_position: 100 +--- + +# About Dashboard + +The About dashboard provides information about the application. + +![About Dashboard](/img/product_docs/threatprevention/7.5/siemdashboard/qradar/dashboard/about.webp) + +This information includes a link to where trial licenses of Netwrix software can be obtained. diff --git a/docs/threatprevention/7.5/siemdashboard/qradar/dashboard/adchanges.md b/docs/threatprevention/7.5/siemdashboard/qradar/navigate/adchanges.md similarity index 81% rename from docs/threatprevention/7.5/siemdashboard/qradar/dashboard/adchanges.md rename to docs/threatprevention/7.5/siemdashboard/qradar/navigate/adchanges.md index 99695fcb41..1b69f3e93e 100644 --- a/docs/threatprevention/7.5/siemdashboard/qradar/dashboard/adchanges.md +++ b/docs/threatprevention/7.5/siemdashboard/qradar/navigate/adchanges.md @@ -1,3 +1,9 @@ +--- +title: "AD Changes Dashboard" +description: "AD Changes Dashboard" +sidebar_position: 20 +--- + # AD Changes Dashboard The AD Changes dashboard contains the following cards: @@ -5,20 +11,20 @@ The AD Changes dashboard contains the following cards: ![AD Changes Dashboard](/img/product_docs/threatprevention/7.5/siemdashboard/qradar/dashboard/adchanges.webp) - Changes by Type – Breakdown of changes that have been recorded in the specified timeframe by event - type. See the [Graph Card Features](/docs/threatprevention/7.5/siemdashboard/qradar/navigate.md#graph-card-features) topic for additional + type. See the [Graph Card Features](/docs/threatprevention/7.5/siemdashboard/qradar/navigate/navigate.md#graph-card-features) topic for additional information. - Successful/Blocked Events – Breakdown of changes that have been recorded in the specified timeframe by successful/failed/blocked status. See the - [Graph Card Features](/docs/threatprevention/7.5/siemdashboard/qradar/navigate.md#graph-card-features) topic for additional information. + [Graph Card Features](/docs/threatprevention/7.5/siemdashboard/qradar/navigate/navigate.md#graph-card-features) topic for additional information. - Changes by Domain – Breakdown of changes that have been recorded in the specified timeframe by - domain. See the [Graph Card Features](/docs/threatprevention/7.5/siemdashboard/qradar/navigate.md#graph-card-features) topic for additional + domain. See the [Graph Card Features](/docs/threatprevention/7.5/siemdashboard/qradar/navigate/navigate.md#graph-card-features) topic for additional information. - Top Client IPs – Displays up to the top five (5) client IP addresses related to events that have been recorded in the specified timeframe - Top Perpetrators – Displays up to the top five (5) perpetrator usernames related to events that have been recorded in the specified timeframe - Change Details – Tabular format of all Active Directory change events that have been recorded in - the specified timeframe. See the [Table Card Features](/docs/threatprevention/7.5/siemdashboard/qradar/navigate.md#table-card-features) topic + the specified timeframe. See the [Table Card Features](/docs/threatprevention/7.5/siemdashboard/qradar/navigate/navigate.md#table-card-features) topic for additional information. The time interval is identified in the upper-right corner with the _Start_ and _End_ boxes. This is diff --git a/docs/threatprevention/7.5/siemdashboard/qradar/navigate/administratorauditing.md b/docs/threatprevention/7.5/siemdashboard/qradar/navigate/administratorauditing.md new file mode 100644 index 0000000000..225ca6cace --- /dev/null +++ b/docs/threatprevention/7.5/siemdashboard/qradar/navigate/administratorauditing.md @@ -0,0 +1,41 @@ +--- +title: "Administrator Auditing Dashboard" +description: "Administrator Auditing Dashboard" +sidebar_position: 50 +--- + +# Administrator Auditing Dashboard + +The Administrator Auditing dashboard is specifically fed by a Threat Prevention policy named Domain +Admin Activity. See the [SIEM Folder Templates](/docs/threatprevention/7.5/admin/templates/folder/siem.md) topic for +information on this policy template. If this policy template is not enabled and actively monitoring, +then this dashboard will be blank. + +The Administrator Auditing dashboard contains the following cards: + +![Administrator Auditing Dashboard](/img/product_docs/threatprevention/7.5/siemdashboard/qradar/dashboard/administratorauditing.webp) + +- Top Clint IPs – Displays up to the top five (5) client IP addresses related to events that have + been recorded in the specified timeframe +- Events – Breakdown of changes that have been recorded in the specified timeframe by + successful/failed/blocked status. See the + [Graph Card Features](/docs/threatprevention/7.5/siemdashboard/qradar/navigate/navigate.md#graph-card-features) topic for additional information. +- Most Active Administrators – Displays up to the top five (5) usernames related to change events + that have been recorded in the specified timeframe +- All Administrator Activity – Tabular format of all events that have been recorded in the specified + timeframe. See the [Table Card Features](/docs/threatprevention/7.5/siemdashboard/qradar/navigate/navigate.md#table-card-features) topic for additional + information. +- Administrator Offenses – Tabular format of all offenses related to Administrators. See the + [Table Card Features](/docs/threatprevention/7.5/siemdashboard/qradar/navigate/navigate.md#table-card-features) topic for additional information. +- Administrator Group Changes – Tabular format of all group changes to the Domain, Schema, and + Enterprise Admin groups that have been recorded in the specified timeframe. See the + [Table Card Features](/docs/threatprevention/7.5/siemdashboard/qradar/navigate/navigate.md#table-card-features) topic for additional information. + +The time interval is identified in the upper-right corner with the _Start_ and _End_ boxes. This is +set by default to the past three (3) hours. To search within a different interval, either manually +type the desired date and time or use the calendar buttons to set the desired date and time +interval. Then click **Search** to refresh the card data. + +When a search using a time interval longer than twelve (12) hours is instigated, the database query +is broken into multiple mini-queries. This will result in a visible reset of the dashboard display +at the end of each mini-query until all data for the selected time interval has been retrieved. diff --git a/docs/threatprevention/7.5/siemdashboard/qradar/navigate/authenticationattacks.md b/docs/threatprevention/7.5/siemdashboard/qradar/navigate/authenticationattacks.md new file mode 100644 index 0000000000..a537734930 --- /dev/null +++ b/docs/threatprevention/7.5/siemdashboard/qradar/navigate/authenticationattacks.md @@ -0,0 +1,24 @@ +--- +title: "Authentication Attacks Dashboard" +description: "Authentication Attacks Dashboard" +sidebar_position: 30 +--- + +# Authentication Attacks Dashboard + +The Authentication Attacks dashboard contains information on triggered authentication attack +incidents within the past week. It contains the following cards: + +![Authentication Attacks Dashboard](/img/product_docs/threatprevention/7.5/siemdashboard/qradar/dashboard/authenticationattacks.webp) + +- All Attacks (past week) – Timeline of all authentication attacks that started within the last + week. See the [Graph Card Features](/docs/threatprevention/7.5/siemdashboard/qradar/navigate/navigate.md#graph-card-features) topic for additional + information. +- Breakdown by Attack Type – Breakdown of authentication attacks that started within the last week. + See the [Graph Card Features](/docs/threatprevention/7.5/siemdashboard/qradar/navigate/navigate.md#graph-card-features) topic for additional + information. +- Attack Details – Tabular format of all authentication attack offenses recorded in QRadar. See the + [Table Card Features](/docs/threatprevention/7.5/siemdashboard/qradar/navigate/navigate.md#table-card-features) topic for additional information. +- Event Search for Attack: [Searched Attack] – Tabular format of all events related to the attack. + Information is only visible after clicking Search on an offense. See the + [Table Card Features](/docs/threatprevention/7.5/siemdashboard/qradar/navigate/navigate.md#table-card-features) topic for additional information. diff --git a/docs/threatprevention/7.5/siemdashboard/qradar/navigate/gpomonitoring.md b/docs/threatprevention/7.5/siemdashboard/qradar/navigate/gpomonitoring.md new file mode 100644 index 0000000000..90aec9baf7 --- /dev/null +++ b/docs/threatprevention/7.5/siemdashboard/qradar/navigate/gpomonitoring.md @@ -0,0 +1,33 @@ +--- +title: "GPO Monitoring Dashboard" +description: "GPO Monitoring Dashboard" +sidebar_position: 40 +--- + +# GPO Monitoring Dashboard + +The GPO Monitoring dashboard contains the following cards: + +![GPO Monitoring Dashboard](/img/product_docs/threatprevention/7.5/siemdashboard/qradar/dashboard/gpomonitoring.webp) + +- Top GPOs – Displays up to the top five (5) Group Policy Objects related to events that have been + recorded in the specified timeframe. See the + [Graph Card Features](/docs/threatprevention/7.5/siemdashboard/qradar/navigate/navigate.md#graph-card-features) topic for additional information. +- Successful/Blocked Events – Breakdown of Group Policy Object changes that have been recorded in + the specified timeframe by successful/failed/blocked status. See the + [Graph Card Features](/docs/threatprevention/7.5/siemdashboard/qradar/navigate/navigate.md#graph-card-features) topic for additional information. +- Changes by Domain – Breakdown of Group Policy Object changes that have been recorded in the + specified timeframe by domain. See the [Graph Card Features](/docs/threatprevention/7.5/siemdashboard/qradar/navigate/navigate.md#graph-card-features) + topic for additional information. +- Change Details – Tabular format of all Group Policy Object change events that have been recorded + in the specified timeframe. See the [Table Card Features](/docs/threatprevention/7.5/siemdashboard/qradar/navigate/navigate.md#table-card-features) + topic for additional information. + +The time interval is identified in the upper-right corner with the _Start_ and _End_ boxes. This is +set by default to the past three (3) hours. To search within a different interval, either manually +type the desired date and time or use the calendar buttons to set the desired date and time +interval. Then click **Search** to refresh the card data. + +When a search using a time interval longer than twelve (12) hours is instigated, the database query +is broken into multiple mini-queries. This will result in a visible reset of the dashboard display +at the end of each mini-query until all data for the selected time interval has been retrieved. diff --git a/docs/threatprevention/7.5/siemdashboard/qradar/dashboard/hostinvestigation.md b/docs/threatprevention/7.5/siemdashboard/qradar/navigate/hostinvestigation.md similarity index 87% rename from docs/threatprevention/7.5/siemdashboard/qradar/dashboard/hostinvestigation.md rename to docs/threatprevention/7.5/siemdashboard/qradar/navigate/hostinvestigation.md index f7331bd226..3e56451892 100644 --- a/docs/threatprevention/7.5/siemdashboard/qradar/dashboard/hostinvestigation.md +++ b/docs/threatprevention/7.5/siemdashboard/qradar/navigate/hostinvestigation.md @@ -1,3 +1,9 @@ +--- +title: "Host Investigation Dashboard" +description: "Host Investigation Dashboard" +sidebar_position: 90 +--- + # Host Investigation Dashboard The Host Investigation dashboard only appears when a search is conducted. This can be done by @@ -17,12 +23,12 @@ The Host Investigation dashboard contains the following cards: - Top Users (Authenticating to Host) – Displays up to the top five (5) users associated with the host (as destination) over the specified time interval - Activity – Timeline of all events associated with the host over the specified time interval. See - the [Graph Card Features](/docs/threatprevention/7.5/siemdashboard/qradar/navigate.md#graph-card-features) topic for additional information. + the [Graph Card Features](/docs/threatprevention/7.5/siemdashboard/qradar/navigate/navigate.md#graph-card-features) topic for additional information. - Latest Events – Tabular format of all events associated with the host that occurred over the - specified time interval. See the [Table Card Features](/docs/threatprevention/7.5/siemdashboard/qradar/navigate.md#table-card-features) topic + specified time interval. See the [Table Card Features](/docs/threatprevention/7.5/siemdashboard/qradar/navigate/navigate.md#table-card-features) topic for additional information. - Offenses Related to Host – QRadar offenses associated with the host that occurred over the - specified time interval. See the [Table Card Features](/docs/threatprevention/7.5/siemdashboard/qradar/navigate.md#table-card-features) topic + specified time interval. See the [Table Card Features](/docs/threatprevention/7.5/siemdashboard/qradar/navigate/navigate.md#table-card-features) topic for additional information. The time interval is identified in the upper-right corner with the _Start_ and _End_ boxes. This is diff --git a/docs/threatprevention/7.5/siemdashboard/qradar/navigate/ldap.md b/docs/threatprevention/7.5/siemdashboard/qradar/navigate/ldap.md new file mode 100644 index 0000000000..41f82cba92 --- /dev/null +++ b/docs/threatprevention/7.5/siemdashboard/qradar/navigate/ldap.md @@ -0,0 +1,30 @@ +--- +title: "LDAP Dashboard" +description: "LDAP Dashboard" +sidebar_position: 60 +--- + +# LDAP Dashboard + +The Lightweight Directory Access Protocol (LDAP) dashboard contains the following cards: + +![LDAP Dashboard](/img/product_docs/threatprevention/7.5/siemdashboard/qradar/dashboard/ldap.webp) + +- Top Users – Displays up to the top five (5) users related to LDAP events that have been recorded + in the specified timeframe. See the [Graph Card Features](/docs/threatprevention/7.5/siemdashboard/qradar/navigate/navigate.md#graph-card-features) + topic for additional information. +- Top Source Hosts – Displays up to the top five (5) client IP addresses related to LDAP events that + have been recorded in the specified timeframe. See the + [Graph Card Features](/docs/threatprevention/7.5/siemdashboard/qradar/navigate/navigate.md#graph-card-features) topic for additional information. +- LDAP Query Details – Tabular format of all non-trivial LDAP events that have been recorded in the + specified timeframe. See the [Table Card Features](/docs/threatprevention/7.5/siemdashboard/qradar/navigate/navigate.md#table-card-features) topic for + additional information. + +The time interval is identified in the upper-right corner with the _Start_ and _End_ boxes. This is +set by default to the past three (3) hours. To search within a different interval, either manually +type the desired date and time or use the calendar buttons to set the desired date and time +interval. Then click **Search** to refresh the card data. + +When a search using a time interval longer than twelve (12) hours is instigated, the database query +is broken into multiple mini-queries. This will result in a visible reset of the dashboard display +at the end of each mini-query until all data for the selected time interval has been retrieved. diff --git a/docs/threatprevention/7.5/siemdashboard/qradar/navigate/navigate.md b/docs/threatprevention/7.5/siemdashboard/qradar/navigate/navigate.md new file mode 100644 index 0000000000..4acf9356c2 --- /dev/null +++ b/docs/threatprevention/7.5/siemdashboard/qradar/navigate/navigate.md @@ -0,0 +1,68 @@ +--- +title: "Navigate the Active Directory App for QRadar" +description: "Navigate the Active Directory App for QRadar" +sidebar_position: 10 +--- + +# Navigate the Active Directory App for QRadar + +The Netwrix Active Directory App for QRadar (Active Directory tab) contains several predefined +dashboards: + +- About +- Active Directory (Overview) +- AD Changes +- Authentication Attacks +- GPO Monitoring +- Administrator Auditing +- LDAP +- Policy Reporting +- User Investigation +- Host Investigation. + +There is also a Settings interface for configuring the QRadar SEC token. + +![Active Directory App for QRadar - Top Ribbon](/img/product_docs/threatprevention/7.5/siemdashboard/qradar/topribbon.webp) + +The User Investigation and Host Investigation dashboards only appear when a search is conducted. +This can be done by clicking a hyperlink in the Perpetrator, Affected Object (when it is a user +account), Source IP, or Destination IP columns of a table card. Alternatively, type the complete +user name or host IP address in the Search box on the right side of the navigation bar. + +## Progress Bar + +When a search using a time interval longer than twelve (12) hours is initiated, the database query +is broken into multiple mini-queries. A progress bar will appear in the bottom left of the screen +that fills up as each query is completed. The progress bar will automatically reappear if it is +clicked on. + +## Table Card Features + +Dashboards have several cards with a tabular format. Each of these cards have the following +features: + +- Only five (5) pages of data will be loaded at a time. Applying the Search or Sort features or + moving beyond the five ‘loaded’ pages will result in a “Processing” banner being temporarily + displayed over the table while the server is directly queried for the necessary data. +- Search data entries for all columns (except the Timestamp and Event Count columns) by typing in + the Search box in the upper-right corner of the card. + + - Any entries with a match will remain in the table while all non-matching entries will be + filtered out. + - Total number of entries “Showing” will adjust for the filtered total. + +- Sort can be applied to one column at a time by clicking on the desired column header. +- Show 10, 25, 100, or All entries in the table. Only visible entries can be exported. +- Result data currently visible in the table can be exported from the dashboard: + + - Copy – Copy to clipboard in order to paste to another application + - CSV – Export to a Comma Separated Value file + - Excel – Export to an Excel Workbook file + - Print – Send currently displayed table to printer + +## Graph Card Features + +Dashboards have several cards with a graphical format. Each of these cards have the following +features: + +- Graph parts can be toggled on and off by clicking on individual elements in the legend diff --git a/docs/threatprevention/7.5/siemdashboard/qradar/navigate/overview.md b/docs/threatprevention/7.5/siemdashboard/qradar/navigate/overview.md new file mode 100644 index 0000000000..69d3ab2844 --- /dev/null +++ b/docs/threatprevention/7.5/siemdashboard/qradar/navigate/overview.md @@ -0,0 +1,37 @@ +--- +title: "Overview Dashboard" +description: "Overview Dashboard" +sidebar_position: 10 +--- + +# Overview Dashboard + +The Active Directory Overview dashboard contains information on monitored Active Directory events +within the past three (3) hours. It has the following cards: + +![Overview Dashboard](/img/product_docs/threatprevention/7.5/siemdashboard/qradar/dashboard/overview.webp) + +- Authentication Attacks – Number of authentication attacks that started in the specified timeframe, + i.e., last three (3) hours. The value for this card is a hyperlink to the + [Authentication Attacks Dashboard](/docs/threatprevention/7.5/siemdashboard/qradar/navigate/authenticationattacks.md). +- AD Changes – Number of Active Directory changes recorded in the specified timeframe, i.e., last + three (3) hours. The value for this card is a hyperlink to the + [AD Changes Dashboard](/docs/threatprevention/7.5/siemdashboard/qradar/navigate/adchanges.md). +- GPO Changes – Number of group policy object changes recorded in the specified timeframe, i.e., + last three (3) hours. The value for this card is a hyperlink to the + [GPO Monitoring Dashboard](/docs/threatprevention/7.5/siemdashboard/qradar/navigate/gpomonitoring.md). +- Administrator Events – Number of events related to Administrators that have been recorded in the + specified timeframe, i.e., last three (3) hours. The value for this card is a hyperlink to the + [Administrator Auditing Dashboard](/docs/threatprevention/7.5/siemdashboard/qradar/navigate/administratorauditing.md). +- Active Users – Number of distinct users who have been involved with events that have been recorded + in the specified timeframe, i.e., past three (3) hours +- Monitored Domains – Number of distinct domains involved with events that have been recorded in the + specified timeframe, i.e., past three (3) hours +- Threat Prevention Events – Timeline of all events sent by Threat Prevention to QRadar within the + last three (3) hours +- Attacks by Type – Breakdown of authentication attacks that started within the last three (3) hours + by type of attack. See the [Graph Card Features](/docs/threatprevention/7.5/siemdashboard/qradar/navigate/navigate.md#graph-card-features) topic for + additional information. +- Active Directory Changes – Breakdown of Active Directory change events recorded in the specified + timeframe, i.e., last three (3) hours. See the + [Graph Card Features](/docs/threatprevention/7.5/siemdashboard/qradar/navigate/navigate.md#graph-card-features) topic for additional information. diff --git a/docs/threatprevention/7.5/siemdashboard/qradar/navigate/policyreporting.md b/docs/threatprevention/7.5/siemdashboard/qradar/navigate/policyreporting.md new file mode 100644 index 0000000000..66647af9a8 --- /dev/null +++ b/docs/threatprevention/7.5/siemdashboard/qradar/navigate/policyreporting.md @@ -0,0 +1,52 @@ +--- +title: "Policy Reporting Dashboard" +description: "Policy Reporting Dashboard" +sidebar_position: 70 +--- + +# Policy Reporting Dashboard + +The Policy Reporting dashboard is for viewing Threat Prevention events from any enabled policy that +is sending events to QRadar. This dashboard requires the SEC token to be saved in the Settings +interface in order for QRadar to actively see Threat Prevention policies and associated recent +events. See the [Settings](/docs/threatprevention/7.5/siemdashboard/qradar/navigate/settings.md) topic for additional information. + +The Policies tab on the left side of the dashboard toggles the Policies panel open and close. All +the enabled Threat Prevention policies sending event data to QRadar will be listed in alphanumeric +order. On selecting a policy, the dashboard cards will load the event data from that policy and will +reset to data search of the past three (3) hours. + +The Policy Reporting dashboard contains the following cards: + +![policyreporting](/img/product_docs/threatprevention/7.5/siemdashboard/qradar/dashboard/policyreporting.webp) + +- Activity (Successful/Blocked) – Timeline of successful/failed/blocked events related to the + selected policy that have been recorded in the specified timeframe. See the + [Graph Card Features](/docs/threatprevention/7.5/siemdashboard/qradar/navigate/navigate.md#graph-card-features) topic for additional information. +- Successful/Blocked Events – Breakdown of events related to the selected policy that have been + recorded in the specified timeframe by successful/failed/blocked status. See the + [Graph Card Features](/docs/threatprevention/7.5/siemdashboard/qradar/navigate/navigate.md#graph-card-features) topic for additional information. +- Top Perpetrators – Displays up to the top five (5) usernames related to the selected policy that + have been recorded in the specified timeframe. See the + [Graph Card Features](/docs/threatprevention/7.5/siemdashboard/qradar/navigate/navigate.md#graph-card-features) topic for additional information. +- Events by Domain – Breakdown of events related to the selected policy that have been recorded in + the specified timeframe by domain. See the + [Graph Card Features](/docs/threatprevention/7.5/siemdashboard/qradar/navigate/navigate.md#graph-card-features) topic for additional information. +- Events by Perpetrator – Tabular format of all usernames related to the selected policy for events + that have been recorded in the specified timeframe. See the + [Table Card Features](/docs/threatprevention/7.5/siemdashboard/qradar/navigate/navigate.md#table-card-features) topic for additional information. +- Events by Domain – Tabular format of all domains related to the selected policy for events that + have been recorded in the specified timeframe. See the + [Table Card Features](/docs/threatprevention/7.5/siemdashboard/qradar/navigate/navigate.md#table-card-features) topic for additional information. +- Latest Events – Tabular format of all events related to the selected policy that have been + recorded in the specified timeframe. See the + [Table Card Features](/docs/threatprevention/7.5/siemdashboard/qradar/navigate/navigate.md#table-card-features) topic for additional information. + +The time interval is identified in the upper-right corner with the _Start_ and _End_ boxes. This is +set by default to the past three (3) hours. To search within a different interval, either manually +type the desired date and time or use the calendar buttons to set the desired date and time +interval. Then click **Search** to refresh the card data. + +When a search using a time interval longer than twelve (12) hours is instigated, the database query +is broken into multiple mini-queries. This will result in a visible reset of the dashboard display +at the end of each mini-query until all data for the selected time interval has been retrieved. diff --git a/docs/threatprevention/7.5/siemdashboard/qradar/navigate/settings.md b/docs/threatprevention/7.5/siemdashboard/qradar/navigate/settings.md new file mode 100644 index 0000000000..b7fca08199 --- /dev/null +++ b/docs/threatprevention/7.5/siemdashboard/qradar/navigate/settings.md @@ -0,0 +1,29 @@ +--- +title: "Settings" +description: "Settings" +sidebar_position: 110 +--- + +# Settings + +You must save the QRadar SEC token to the Settings interface of the Active Directory App for QRadar. + +Click the gear icon next to the Search box to open the Settings interface. + +![Settings interface](/img/product_docs/threatprevention/7.5/siemdashboard/qradar/settings.webp) + +The More information link opens the IBM Knowledge Center with information on generating the QRadar +SEC token. Once the token is generated, copy and paste it here and click Save. + +Honey Accounts + +An additional feature is to add Honey Accounts to be monitored. + +- Use the Add New Account button to enter a honey account [domain\username] in the pop-up window. + There is no limit on the number of honey accounts to be monitored. +- The Remove Selected button will remove the selected account from the Honey Accounts monitored + list. +- After making changes to the list, click **Save**. + +Authentication activity by a honey account will generate an INTERCEPT: Honey Accounts Offense. See +the [INTERCEPT Offenses in QRadar](/docs/threatprevention/7.5/siemdashboard/qradar/offenses.md) topic for additional information. diff --git a/docs/threatprevention/7.5/siemdashboard/qradar/dashboard/userinvestigation.md b/docs/threatprevention/7.5/siemdashboard/qradar/navigate/userinvestigation.md similarity index 86% rename from docs/threatprevention/7.5/siemdashboard/qradar/dashboard/userinvestigation.md rename to docs/threatprevention/7.5/siemdashboard/qradar/navigate/userinvestigation.md index c58c7f4c58..37064a8bcd 100644 --- a/docs/threatprevention/7.5/siemdashboard/qradar/dashboard/userinvestigation.md +++ b/docs/threatprevention/7.5/siemdashboard/qradar/navigate/userinvestigation.md @@ -1,3 +1,9 @@ +--- +title: "User Investigation Dashboard" +description: "User Investigation Dashboard" +sidebar_position: 80 +--- + # User Investigation Dashboard The User Investigation dashboard only appears when a search is conducted. This can be done by @@ -15,12 +21,12 @@ The User Investigation dashboard contains the following cards: - Destination Hosts – Number of destination IP addresses associated with the user over the specified time interval - Activity – Timeline of all events associated with the user over the specified time interval. See - the [Graph Card Features](/docs/threatprevention/7.5/siemdashboard/qradar/navigate.md#graph-card-features) topic for additional information. + the [Graph Card Features](/docs/threatprevention/7.5/siemdashboard/qradar/navigate/navigate.md#graph-card-features) topic for additional information. - Latest Events – Tabular format of all events associated with the user over the specified time - interval. See the [Table Card Features](/docs/threatprevention/7.5/siemdashboard/qradar/navigate.md#table-card-features) topic for additional + interval. See the [Table Card Features](/docs/threatprevention/7.5/siemdashboard/qradar/navigate/navigate.md#table-card-features) topic for additional information. - Offenses Related to User – QRadar offenses associated with the user during the specified time - interval. See the [Table Card Features](/docs/threatprevention/7.5/siemdashboard/qradar/navigate.md#table-card-features) topic for additional + interval. See the [Table Card Features](/docs/threatprevention/7.5/siemdashboard/qradar/navigate/navigate.md#table-card-features) topic for additional information. The time interval is identified in the upper-right corner with the _Start_ and _End_ boxes. This is diff --git a/docs/threatprevention/7.5/siemdashboard/qradar/offenses.md b/docs/threatprevention/7.5/siemdashboard/qradar/offenses.md index 8dba831ba1..7a40f761c0 100644 --- a/docs/threatprevention/7.5/siemdashboard/qradar/offenses.md +++ b/docs/threatprevention/7.5/siemdashboard/qradar/offenses.md @@ -1,10 +1,16 @@ +--- +title: "INTERCEPT Offenses in QRadar" +description: "INTERCEPT Offenses in QRadar" +sidebar_position: 20 +--- + # INTERCEPT Offenses in QRadar The Netwrix Active Directory App for QRadar feeds several QRadar Offenses. ![INTERCEPT Offenses in QRadar](/img/product_docs/threatprevention/7.5/siemdashboard/qradar/offenses.webp) -While the [Authentication Attacks Dashboard](/docs/threatprevention/7.5/siemdashboard/qradar/dashboard/authenticationattacks.md) reports on +While the [Authentication Attacks Dashboard](/docs/threatprevention/7.5/siemdashboard/qradar/navigate/authenticationattacks.md) reports on incidents monitored by Threat Prevention Authentication Analytics, these incidents also generate offenses. diff --git a/docs/threatprevention/7.5/siemdashboard/qradar/overview.md b/docs/threatprevention/7.5/siemdashboard/qradar/overview.md index 4a89f81b26..2fb5136a1a 100644 --- a/docs/threatprevention/7.5/siemdashboard/qradar/overview.md +++ b/docs/threatprevention/7.5/siemdashboard/qradar/overview.md @@ -1,3 +1,9 @@ +--- +title: "Active Directory App for QRadar" +description: "Active Directory App for QRadar" +sidebar_position: 10 +--- + # Active Directory App for QRadar The Netwrix Active Directory security monitoring solution enables organizations to efficiently @@ -38,7 +44,7 @@ Then click Install. QRadar. The Active Directory tab will appear in QRadar. It is necessary for the QRadar SEC token to be saved -to the Settings interface of the Active Directory App. See the [Settings](/docs/threatprevention/7.5/siemdashboard/qradar/settings.md) topic for +to the Settings interface of the Active Directory App. See the [Settings](/docs/threatprevention/7.5/siemdashboard/qradar/navigate/settings.md) topic for additional information. ## Initial Configuration for the Active Directory App for QRadar diff --git a/docs/threatprevention/7.5/siemdashboard/qradar/qidmap.md b/docs/threatprevention/7.5/siemdashboard/qradar/qidmap.md index 30f8aaa830..78dcdd6844 100644 --- a/docs/threatprevention/7.5/siemdashboard/qradar/qidmap.md +++ b/docs/threatprevention/7.5/siemdashboard/qradar/qidmap.md @@ -1,3 +1,9 @@ +--- +title: "QIDmap Information for QRadar SIEM Integration" +description: "QIDmap Information for QRadar SIEM Integration" +sidebar_position: 30 +--- + # QIDmap Information for QRadar SIEM Integration Vendors have the ability to create what is called a QIDmap. The purpose of the mapping file is to diff --git a/docs/threatprevention/7.5/siemdashboard/qradar/settings.md b/docs/threatprevention/7.5/siemdashboard/qradar/settings.md deleted file mode 100644 index b9116c9d8c..0000000000 --- a/docs/threatprevention/7.5/siemdashboard/qradar/settings.md +++ /dev/null @@ -1,23 +0,0 @@ -# Settings - -You must save the QRadar SEC token to the Settings interface of the Active Directory App for QRadar. - -Click the gear icon next to the Search box to open the Settings interface. - -![Settings interface](/img/product_docs/threatprevention/7.5/siemdashboard/qradar/settings.webp) - -The More information link opens the IBM Knowledge Center with information on generating the QRadar -SEC token. Once the token is generated, copy and paste it here and click Save. - -Honey Accounts - -An additional feature is to add Honey Accounts to be monitored. - -- Use the Add New Account button to enter a honey account [domain\username] in the pop-up window. - There is no limit on the number of honey accounts to be monitored. -- The Remove Selected button will remove the selected account from the Honey Accounts monitored - list. -- After making changes to the list, click **Save**. - -Authentication activity by a honey account will generate an INTERCEPT: Honey Accounts Offense. See -the [INTERCEPT Offenses in QRadar](/docs/threatprevention/7.5/siemdashboard/qradar/offenses.md) topic for additional information. diff --git a/docs/threatprevention/7.5/siemdashboard/splunk/activedirectory/dashboard/activedirectorychanges.md b/docs/threatprevention/7.5/siemdashboard/splunk/activedirectory/dashboard/activedirectorychanges.md deleted file mode 100644 index 4d4a5dec78..0000000000 --- a/docs/threatprevention/7.5/siemdashboard/splunk/activedirectory/dashboard/activedirectorychanges.md +++ /dev/null @@ -1,20 +0,0 @@ -# Active Directory Changes Dashboard - -The Active Directory Changes dashboard contains the following cards: - -![Active Directory Changes Dashboard](/img/product_docs/threatprevention/7.5/siemdashboard/splunk/activedirectory/dashboard/adchanges.webp) - -- Changes by Type – Breakdown of changes that have been recorded in the specified timeframe by event - type -- Successful/Blocked Events – Breakdown of changes that have been recorded in the specified - timeframe by successful/failed/blocked status -- Changes by Domain – Breakdown of changes that have been recorded in the specified timeframe by - domain -- Top Client IPs – Displays up to the top five (5) client IP addresses related to events that have - been recorded in the specified timeframe -- Top Perpetrators – Displays up to the top five (5) perpetrator usernames related to events that - have been recorded in the specified timeframe -- Change Events – Tabular format of all Active Directory change events that have been recorded in - the specified timeframe - -The specified timeframe is set by default to the last 24 hours, or past day. diff --git a/docs/threatprevention/7.5/siemdashboard/splunk/activedirectory/dashboard/administratorauditing.md b/docs/threatprevention/7.5/siemdashboard/splunk/activedirectory/dashboard/administratorauditing.md deleted file mode 100644 index 332c2dfa09..0000000000 --- a/docs/threatprevention/7.5/siemdashboard/splunk/activedirectory/dashboard/administratorauditing.md +++ /dev/null @@ -1,21 +0,0 @@ -# Administrator Auditing Dashboard - -The Administrator Auditing dashboard is specifically fed by a Threat Prevention policy named Domain -Admin Activity. See the [SIEM Folder Templates](/docs/threatprevention/7.5/admin/templates/folder/siem.md) topic -for information on this policy template. If this policy template is not enabled and actively -monitoring, then this dashboard will be blank. - -![Administrator Auditing Dashboard](/img/product_docs/threatprevention/7.5/siemdashboard/splunk/activedirectory/dashboard/administratorauditing.webp) - -- Top Client IPs – Displays up to the top five (5) client IP addresses related to events that have - been recorded in the specified timeframe -- Events – Breakdown of changes that have been recorded in the specified timeframe by - successful/failed/blocked status -- Most Active Administrators – Displays up to the top five (5) usernames related to change events - that have been recorded in the specified timeframe -- All Administrator Activity – eTabular format of all events that have been recorded in the - specified timeframe -- Administrator Group Changes – Tabular format of all group changes to the Domain, Schema, and - Enterprise Admin groups that have been recorded in the specified timeframe - -The specified timeframe is set by default to the last 24 hours, or past day. diff --git a/docs/threatprevention/7.5/siemdashboard/splunk/activedirectory/dashboard/authenticationattacks.md b/docs/threatprevention/7.5/siemdashboard/splunk/activedirectory/dashboard/authenticationattacks.md deleted file mode 100644 index ca6be9068b..0000000000 --- a/docs/threatprevention/7.5/siemdashboard/splunk/activedirectory/dashboard/authenticationattacks.md +++ /dev/null @@ -1,12 +0,0 @@ -# Authentication Attacks Dashboard - -The Authentication Attacks dashboard contains the following cards: - -![Authentication Attacks Dashboard](/img/product_docs/threatprevention/7.5/siemdashboard/splunk/activedirectory/dashboard/authenticationattacks.webp) - -- Authentication Attacks – Timeline of all authentication attacks that started within the specified - timeframe -- Authentication Attack Details – Tabular format of all authentication attack offenses recorded in - Splunk within the specified timeframe - -The specified timeframe is set by default to the last 24 hours, or past day. diff --git a/docs/threatprevention/7.5/siemdashboard/splunk/activedirectory/dashboard/gpomonitoring.md b/docs/threatprevention/7.5/siemdashboard/splunk/activedirectory/dashboard/gpomonitoring.md deleted file mode 100644 index 9be89943c7..0000000000 --- a/docs/threatprevention/7.5/siemdashboard/splunk/activedirectory/dashboard/gpomonitoring.md +++ /dev/null @@ -1,16 +0,0 @@ -# GPO Monitoring Dashboard - -The GPO Monitoring dashboard contains the following cards: - -![GPO Monitoring Dashboard](/img/product_docs/threatprevention/7.5/siemdashboard/splunk/activedirectory/dashboard/gpomonitoring.webp) - -- Top GPOs – Displays up to the top five (5) Group Policy Objects related to events that have been - recorded in the specified timeframe -- Successful/Blocked Events – Breakdown of Group Policy Object changes that have been recorded in - the specified timeframe by successful/failed/blocked status -- Changes by Domain – Breakdown of Group Policy Object changes that have been recorded in the - specified timeframe by domain -- Change Details – Tabular format of all Group Policy Object change events that have been recorded - in the specified timeframe - -The specified timeframe is set by default to the last 24 hours, or past day. diff --git a/docs/threatprevention/7.5/siemdashboard/splunk/activedirectory/dashboard/ldap.md b/docs/threatprevention/7.5/siemdashboard/splunk/activedirectory/dashboard/ldap.md deleted file mode 100644 index 6eb6694e5c..0000000000 --- a/docs/threatprevention/7.5/siemdashboard/splunk/activedirectory/dashboard/ldap.md +++ /dev/null @@ -1,14 +0,0 @@ -# LDAP Dashboard - -The Lightweight Directory Access Protocol (LDAP) dashboard contains the following cards: - -![LDAP Dashboard](/img/product_docs/threatprevention/7.5/siemdashboard/splunk/activedirectory/dashboard/ldap.webp) - -- Top Client IPs – Displays up to the top five (5) client IP addresses related to LDAP events that - have been recorded in the specified timeframe -- Top Perpetrators – Displays up to the top five (5) users related to LDAP events that have been - recorded in the specified timeframe -- Change Events – Tabular format of all non-trivial LDAP queries that have been recorded in the - specified timeframe - -The specified timeframe is set by default to the last 24 hours, or past day. diff --git a/docs/threatprevention/7.5/siemdashboard/splunk/activedirectory/dashboard/policyreporting.md b/docs/threatprevention/7.5/siemdashboard/splunk/activedirectory/dashboard/policyreporting.md deleted file mode 100644 index 59edca24ec..0000000000 --- a/docs/threatprevention/7.5/siemdashboard/splunk/activedirectory/dashboard/policyreporting.md +++ /dev/null @@ -1,28 +0,0 @@ -# Policy Reporting Dashboard - -The Policy Reporting dashboard is for viewing Threat Prevention events from any enabled policy that -is sending events to Splunk. The Policy drop-down menu in the upper-left corner of the dashboard -will be populated with all the enabled Threat Prevention policies sending event data to Splunk in -alphanumeric order. On selecting a policy, the dashboard cards will load the event data from that -policy. - -The Policy Reporting dashboard contains the following cards: - -![Policy Reporting Dashboard](/img/product_docs/threatprevention/7.5/siemdashboard/splunk/activedirectory/dashboard/policyreporting.webp) - -- Activity (Successful/Blocked) – Timeline of successful/failed/blocked events related to the - selected policy that have been recorded in the specified timeframe -- Successful/Blocked Events – Breakdown of events related to the selected policy that have been - recorded in the specified timeframe by successful/failed/blocked status -- Top Perpetrators – Displays up to the top five (5) usernames related to the selected policy that - have been recorded in the specified timeframe -- Events by Domain – Breakdown of events related to the selected policy that have been recorded in - the specified timeframe by domain -- Events by Perpetrator – Tabular format of all usernames related to the selected policy for events - that have been recorded in the specified timeframe -- Events by Domain – Tabular format of all domains related to the selected policy for events that - have been recorded in the specified timeframe -- Events – Tabular format of all events related to the selected policy that have been recorded in - the specified timeframe - -The specified timeframe is set by default to the last 24 hours, or past day. diff --git a/docs/threatprevention/7.5/siemdashboard/splunk/activedirectory/navigate.md b/docs/threatprevention/7.5/siemdashboard/splunk/activedirectory/navigate.md deleted file mode 100644 index 048365f600..0000000000 --- a/docs/threatprevention/7.5/siemdashboard/splunk/activedirectory/navigate.md +++ /dev/null @@ -1,18 +0,0 @@ -# Navigate the Active Directory App for Splunk - -The Netwrix Active Directory App for Splunk contains several predefined dashboards: - -- Active Directory (Overview) -- Active Directory Changes -- Authentication Attacks -- GPO Monitoring -- Administrator Auditing -- LDAP -- Policy Reporting -- User Behavior Analytics - -![Active Directory App for Splunk - Top Ribbon](/img/product_docs/threatprevention/7.5/siemdashboard/splunk/activedirectory/topribbon.webp) - -The Timeframe interval is identified in the upper-left corner of each dashboard and uses the default -Splunk search features. The drop-down menu provides additional options. To search within a different -interval, choose a new option from the menu. Then click Submit to refresh the card data. diff --git a/docs/threatprevention/7.5/siemdashboard/splunk/activedirectory/overview.md b/docs/threatprevention/7.5/siemdashboard/splunk/activedirectory/overview.md deleted file mode 100644 index 34c739222f..0000000000 --- a/docs/threatprevention/7.5/siemdashboard/splunk/activedirectory/overview.md +++ /dev/null @@ -1,73 +0,0 @@ -# Active Directory App for Splunk - -The Netwrix Active Directory security monitoring solution enables organizations to efficiently -monitor and prevent Active Directory changes, authentications, and attacks in real-time, without any -reliance on native logging or security controls. Using the preconfigured Netwrix Active Directory -App for Splunk, you can quickly understand all Active Directory changes as a whole, patterns of -activity indicative of account compromise, and attempts to compromise security, along with the -ability to block undesired changes and access. - -Threat Prevention can be configured to monitor Active Directory events and send the monitored events -to Splunk. - -You can integrate Netwrix’ products with the Netwrix Active Directory App for Splunk. - -- Install the Active Directory App for Splunk. -- Ensure that Threat Prevention has been configured to send events to Splunk. See the - [SIEM Tab](/docs/threatprevention/7.5/admin/configuration/systemalerting/siem.md)topic for additional information. - -## App Installation in Splunk - -Download the [Stealthbits Active Directory App for Splunk](https://splunkbase.splunk.com/app/3433/) -from the [Splunkbase](https://splunkbase.splunk.com/). Then follow the -[Splunk Add-ons](http://docs.splunk.com/Documentation/AddOns/released/Overview/Installingadd-ons) -guide provided by Splunk to install the app. - -**NOTE:** In order to use the User Behavior Analytics dashboard in the app, install -[Splunk User Behavior Analytics](https://www.splunk.com/en_us/products/premium-solutions/user-behavior-analytics.html) -(any version) and the [Machine Learning Toolkit](https://splunkbase.splunk.com/app/2890/) app for -Splunk (version 2.0.0+). - -The Netwrix Active Directory tab will appear in the Splunk web interface. - -After installing the Netwrix Active Directory App for Splunk, configure it to receive data from -Threat Prevention. - -## Initial Configuration of the Active Directory App for Splunk - -Follow the steps to configure Splunk to receive data from Threat Prevention. - -_Remember,_ prior to using the Active Directory App for Splunk, the relevant Netwrix product must be -configured to send data to Splunk. - -**Step 1 –** Determine the IP address of the Splunk console. If Splunk is hosted on a UNIX machine, -run `ifconfig`. If Splunk is hosted on a Windows machine, run `ipconfig`. This IP address is -required on the [SIEM Tab](/docs/threatprevention/7.5/admin/configuration/systemalerting/siem.md), where you configure -Threat Prevention to send data to Splunk. - -**Step 2 –** Navigate to the Settings menu in the Splunk web interface and click Data Inputs. - -**Step 3 –** Select UDP. - -**Step 4 –** Click New and add a new data input with port 514. If another Splunk UDP input is -already using 514, you should be able to safely use another value (515 or higher), as long as it is -not blocked by the network. - -**Step 5 –** Click Next. - -**Step 6 –** Under Input Settings, enter the following information: - -- Source Type – Threat Prevention -- App context – Select Search and Reporting -- Host – Select IP -- Index – Select Default - -**Step 7 –** Review and save the new settings. - -**Step 8 –** To test that the configuration is working correctly, check the Search and Reporting app -inside of the web console for Splunk (search for Threat Prevention). There should be sample logs -with KEY=%VALUE% pairs in the Event column. If there are no events, use a packet sniffer to ensure -that packets are being sent correctly between the two hosts, and diagnose any possible network -issues. - -The Netwrix Active Directory App will now display activity from the Threat Prevention data. diff --git a/docs/threatprevention/7.5/siemdashboard/splunk/threathunting/navigate.md b/docs/threatprevention/7.5/siemdashboard/splunk/threathunting/navigate.md deleted file mode 100644 index 6a17587497..0000000000 --- a/docs/threatprevention/7.5/siemdashboard/splunk/threathunting/navigate.md +++ /dev/null @@ -1,27 +0,0 @@ -# Navigate the Threat Hunting App for Splunk - -The Netwrix Threat Hunting App for Splunk contains only one dashboard called Threat Hunting. - -![ribbon](/img/product_docs/threatprevention/7.5/siemdashboard/splunk/threathunting/ribbon.webp) - -- The Timeframe interval is identified in the upper-left corner of each dashboard and uses the - default Splunk search features. The drop-down menu provides additional options. To search within a - different interval, choose a new option from the menu. -- The Threat Type drop-down menu contains several predefined options: Perpetrator Hunting, Sensitive - Data Hunting, and Privilege Creep/Escalation. The textbox changes based on the selection as - follows: - - - Perpetrator Hunting – Perpetrator Name (A Perpetrator is any security principal that is making - a change) - - Sensitive Data Hunting – File Name - - Privilege Creep/Escalation – Account Name - -- The Day of Week checklist provides the option to choose which days of the week will be filtered - out when looking for threats. By default, all of the days are checked. When a day is unchecked, - Splunk will filter out events that occurred on that day. -- The Time of Day checklist provides the option to choose which times of day will be filtered out - when looking for threats. By default, all of the times of day are checked. When a day is - unchecked, Splunk will filter out events that occurred on that day. - -Click Submit to refresh the card data and reload the page with the current parameters (Timeframe, -search term, Day of Week, and Time of Day). diff --git a/docs/threatprevention/7.5/siemdashboard/splunk/threathunting/overview.md b/docs/threatprevention/7.5/siemdashboard/splunk/threathunting/overview.md deleted file mode 100644 index 3542f5fe83..0000000000 --- a/docs/threatprevention/7.5/siemdashboard/splunk/threathunting/overview.md +++ /dev/null @@ -1,82 +0,0 @@ -# Threat Hunting App for Splunk - -The Netwrix Threat Hunting solution enables organizations to target and hunt active cyber threats. -Using the preconfigured Netwrix Threat Hunting App for Splunk, analysts have a powerful incident -response tool that allows them to quickly and efficiently compile forensic evidence to investigate -the scope, impact, and root cause of an incident. The Netwrix Threat Hunting App for Splunk focuses -in on the actions of specific users, including the files they accessed and changes they made to -escalate privileges to data resources. - -You can integrate Netwrix products with the Netwrix Threat Hunting App for Splunk. Both Threat -Prevention and Netwrix File Activity Monitor can be configured to monitor Threat Hunting events and -send the monitored events to Splunk. - -- If only Netwrix File Activity Monitor is configured to send events to Splunk, only the cards that - show file system activity will display data. -- If only Threat Prevention is configured to send events to Splunk, all the cards will display data. - -After installing the Threat Hunting App for Splunk, ensure that the applicable Netwrix product(s) -have been configured to send events to Splunk. - -## App Installation in Splunk (Threat Hunting) - -Download the [Stealthbits Threat Hunting App for Splunk](https://splunkbase.splunk.com/app/3646/) -from the [Splunkbase](https://splunkbase.splunk.com/). Then follow the -[Splunk Add-ons](http://docs.splunk.com/Documentation/AddOns/released/Overview/Installingadd-ons) -guide provided by Splunk to install the app. - -The Netwrix Threat Hunting tab will appear in the Splunk web interface. - -After installing the Netwrix Threat Hunting App for Splunk, configure it to receive data from either -Threat Prevention or Netwrix File Activity Monitor. - -## Initial Configuration of the Threat Hunting App for Splunk - -Follow the steps to configure Splunk to receive data from either Threat Prevention or Netwrix -Netwrix Activity Monitor. - -_Remember,_ prior to using the Netwrix Threat Hunting App for Splunk, the relevant Netwrix product -must be configured to send data to Splunk. - -**Step 1 –** Determine the IP address of the Splunk console. If Splunk is hosted on a UNIX machine, -run `ifconfig`. If Splunk is hosted on a Windows machine, run `ipconfig`. This IP address is -required for the following: - -- To configure Threat Prevention to send data to Splunk. See the - [SIEM Tab](/docs/threatprevention/7.5/admin/configuration/systemalerting/siem.md) topic for additional information. -- To configure Netwrix File Activity Monitor to send data to Splunk. See the File Activity Monitor - App for Splunk topic in the - [Netwrix Activity Monitor Documentation](https://helpcenter.netwrix.com/category/activitymonitor) - for additional information. - -**Step 2 –** Navigate to the Settings menu in the Splunk web interface and click Data Inputs. - -**Step 3 –** Select UDP. - -**Step 4 –** Click New and add a new data input with port 514. If another Splunk UDP input is -already using 514, you should be able to safely use another value (515 or higher), as long as it is -not blocked by the network. - -**Step 5 –** Click Next. - -**Step 6 –** Under Input Settings, enter the following information: - -- Source Type – Enter one of the following options: - - - For data coming from Threat Prevention – Threat Prevention - - For data coming from the Netwrix File Activity Monitor – **SFAM** - -- App context – Select Search and Reporting -- Host – Select IP -- Index – Select Default - -**Step 7 –** Review and save the new settings. - -**Step 8 –** To test that the configuration is working correctly, check the Search and Reporting app -inside of the web console for Splunk (search for SFAM or Threat Prevention). There should be logs of -events that are generated as soon as Splunk starts receiving data. If there are no events, use a -packet sniffer to ensure that packets are being sent correctly between the two hosts, and diagnose -any possible network issues. - -The Netwrix Threat Hunting App will now display activity from either the Activity Monitor data or -the Threat Prevention data. diff --git a/docs/threatprevention/7.5/siemdashboard/threathunting/_category_.json b/docs/threatprevention/7.5/siemdashboard/threathunting/_category_.json new file mode 100644 index 0000000000..7320c419be --- /dev/null +++ b/docs/threatprevention/7.5/siemdashboard/threathunting/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Threat Hunting App for Splunk", + "position": 30, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/threatprevention/7.5/siemdashboard/threathunting/navigate/_category_.json b/docs/threatprevention/7.5/siemdashboard/threathunting/navigate/_category_.json new file mode 100644 index 0000000000..dbc655cb10 --- /dev/null +++ b/docs/threatprevention/7.5/siemdashboard/threathunting/navigate/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Navigate the Threat Hunting App for Splunk", + "position": 10, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "navigate" + } +} \ No newline at end of file diff --git a/docs/threatprevention/7.5/siemdashboard/threathunting/navigate/navigate.md b/docs/threatprevention/7.5/siemdashboard/threathunting/navigate/navigate.md new file mode 100644 index 0000000000..3d529d266b --- /dev/null +++ b/docs/threatprevention/7.5/siemdashboard/threathunting/navigate/navigate.md @@ -0,0 +1,33 @@ +--- +title: "Navigate the Threat Hunting App for Splunk" +description: "Navigate the Threat Hunting App for Splunk" +sidebar_position: 10 +--- + +# Navigate the Threat Hunting App for Splunk + +The Netwrix Threat Hunting App for Splunk contains only one dashboard called Threat Hunting. + +![ribbon](/img/product_docs/threatprevention/7.5/siemdashboard/splunk/threathunting/ribbon.webp) + +- The Timeframe interval is identified in the upper-left corner of each dashboard and uses the + default Splunk search features. The drop-down menu provides additional options. To search within a + different interval, choose a new option from the menu. +- The Threat Type drop-down menu contains several predefined options: Perpetrator Hunting, Sensitive + Data Hunting, and Privilege Creep/Escalation. The textbox changes based on the selection as + follows: + + - Perpetrator Hunting – Perpetrator Name (A Perpetrator is any security principal that is making + a change) + - Sensitive Data Hunting – File Name + - Privilege Creep/Escalation – Account Name + +- The Day of Week checklist provides the option to choose which days of the week will be filtered + out when looking for threats. By default, all of the days are checked. When a day is unchecked, + Splunk will filter out events that occurred on that day. +- The Time of Day checklist provides the option to choose which times of day will be filtered out + when looking for threats. By default, all of the times of day are checked. When a day is + unchecked, Splunk will filter out events that occurred on that day. + +Click Submit to refresh the card data and reload the page with the current parameters (Timeframe, +search term, Day of Week, and Time of Day). diff --git a/docs/threatprevention/7.5/siemdashboard/splunk/threathunting/dashboard/perpetratorhunting.md b/docs/threatprevention/7.5/siemdashboard/threathunting/navigate/perpetratorhunting.md similarity index 91% rename from docs/threatprevention/7.5/siemdashboard/splunk/threathunting/dashboard/perpetratorhunting.md rename to docs/threatprevention/7.5/siemdashboard/threathunting/navigate/perpetratorhunting.md index 73c5822a9b..947d1b634d 100644 --- a/docs/threatprevention/7.5/siemdashboard/splunk/threathunting/dashboard/perpetratorhunting.md +++ b/docs/threatprevention/7.5/siemdashboard/threathunting/navigate/perpetratorhunting.md @@ -1,3 +1,9 @@ +--- +title: "Perpetrator Hunting" +description: "Perpetrator Hunting" +sidebar_position: 10 +--- + # Perpetrator Hunting The Perpetrator Hunting option uses the Perpetrator Name field to determine which user is targeted diff --git a/docs/threatprevention/7.5/siemdashboard/splunk/threathunting/dashboard/privilegecreepescalation.md b/docs/threatprevention/7.5/siemdashboard/threathunting/navigate/privilegecreepescalation.md similarity index 89% rename from docs/threatprevention/7.5/siemdashboard/splunk/threathunting/dashboard/privilegecreepescalation.md rename to docs/threatprevention/7.5/siemdashboard/threathunting/navigate/privilegecreepescalation.md index d4538b22ae..eb5d617654 100644 --- a/docs/threatprevention/7.5/siemdashboard/splunk/threathunting/dashboard/privilegecreepescalation.md +++ b/docs/threatprevention/7.5/siemdashboard/threathunting/navigate/privilegecreepescalation.md @@ -1,3 +1,9 @@ +--- +title: "Privilege Creep/Escalation" +description: "Privilege Creep/Escalation" +sidebar_position: 30 +--- + # Privilege Creep/Escalation The Privilege Creep/Escalation option uses the Account Name field to determine which user is diff --git a/docs/threatprevention/7.5/siemdashboard/splunk/threathunting/dashboard/sensitivedatahunting.md b/docs/threatprevention/7.5/siemdashboard/threathunting/navigate/sensitivedatahunting.md similarity index 85% rename from docs/threatprevention/7.5/siemdashboard/splunk/threathunting/dashboard/sensitivedatahunting.md rename to docs/threatprevention/7.5/siemdashboard/threathunting/navigate/sensitivedatahunting.md index 175fc3fb56..02b010bd44 100644 --- a/docs/threatprevention/7.5/siemdashboard/splunk/threathunting/dashboard/sensitivedatahunting.md +++ b/docs/threatprevention/7.5/siemdashboard/threathunting/navigate/sensitivedatahunting.md @@ -1,3 +1,9 @@ +--- +title: "Sensitive Data Hunting" +description: "Sensitive Data Hunting" +sidebar_position: 20 +--- + # Sensitive Data Hunting The Sensitive Data Hunting option uses the File Name field to determine which file is targeted when diff --git a/docs/threatprevention/7.5/siemdashboard/threathunting/overview.md b/docs/threatprevention/7.5/siemdashboard/threathunting/overview.md new file mode 100644 index 0000000000..1735db6881 --- /dev/null +++ b/docs/threatprevention/7.5/siemdashboard/threathunting/overview.md @@ -0,0 +1,88 @@ +--- +title: "Threat Hunting App for Splunk" +description: "Threat Hunting App for Splunk" +sidebar_position: 30 +--- + +# Threat Hunting App for Splunk + +The Netwrix Threat Hunting solution enables organizations to target and hunt active cyber threats. +Using the preconfigured Netwrix Threat Hunting App for Splunk, analysts have a powerful incident +response tool that allows them to quickly and efficiently compile forensic evidence to investigate +the scope, impact, and root cause of an incident. The Netwrix Threat Hunting App for Splunk focuses +in on the actions of specific users, including the files they accessed and changes they made to +escalate privileges to data resources. + +You can integrate Netwrix products with the Netwrix Threat Hunting App for Splunk. Both Threat +Prevention and Netwrix File Activity Monitor can be configured to monitor Threat Hunting events and +send the monitored events to Splunk. + +- If only Netwrix File Activity Monitor is configured to send events to Splunk, only the cards that + show file system activity will display data. +- If only Threat Prevention is configured to send events to Splunk, all the cards will display data. + +After installing the Threat Hunting App for Splunk, ensure that the applicable Netwrix product(s) +have been configured to send events to Splunk. + +## App Installation in Splunk (Threat Hunting) + +Download the [Stealthbits Threat Hunting App for Splunk](https://splunkbase.splunk.com/app/3646/) +from the [Splunkbase](https://splunkbase.splunk.com/). Then follow the +[Splunk Add-ons](http://docs.splunk.com/Documentation/AddOns/released/Overview/Installingadd-ons) +guide provided by Splunk to install the app. + +The Netwrix Threat Hunting tab will appear in the Splunk web interface. + +After installing the Netwrix Threat Hunting App for Splunk, configure it to receive data from either +Threat Prevention or Netwrix File Activity Monitor. + +## Initial Configuration of the Threat Hunting App for Splunk + +Follow the steps to configure Splunk to receive data from either Threat Prevention or Netwrix +Netwrix Activity Monitor. + +_Remember,_ prior to using the Netwrix Threat Hunting App for Splunk, the relevant Netwrix product +must be configured to send data to Splunk. + +**Step 1 –** Determine the IP address of the Splunk console. If Splunk is hosted on a UNIX machine, +run `ifconfig`. If Splunk is hosted on a Windows machine, run `ipconfig`. This IP address is +required for the following: + +- To configure Threat Prevention to send data to Splunk. See the + [SIEM Tab](/docs/threatprevention/7.5/admin/configuration/systemalerting/siem.md) topic for additional information. +- To configure Netwrix File Activity Monitor to send data to Splunk. See the File Activity Monitor + App for Splunk topic in the + [Netwrix Activity Monitor Documentation](https://helpcenter.netwrix.com/category/activitymonitor) + for additional information. + +**Step 2 –** Navigate to the Settings menu in the Splunk web interface and click Data Inputs. + +**Step 3 –** Select UDP. + +**Step 4 –** Click New and add a new data input with port 514. If another Splunk UDP input is +already using 514, you should be able to safely use another value (515 or higher), as long as it is +not blocked by the network. + +**Step 5 –** Click Next. + +**Step 6 –** Under Input Settings, enter the following information: + +- Source Type – Enter one of the following options: + + - For data coming from Threat Prevention – Threat Prevention + - For data coming from the Netwrix File Activity Monitor – **SFAM** + +- App context – Select Search and Reporting +- Host – Select IP +- Index – Select Default + +**Step 7 –** Review and save the new settings. + +**Step 8 –** To test that the configuration is working correctly, check the Search and Reporting app +inside of the web console for Splunk (search for SFAM or Threat Prevention). There should be logs of +events that are generated as soon as Splunk starts receiving data. If there are no events, use a +packet sniffer to ensure that packets are being sent correctly between the two hosts, and diagnose +any possible network issues. + +The Netwrix Threat Hunting App will now display activity from either the Activity Monitor data or +the Threat Prevention data. diff --git a/docs/threatprevention/7.5/solutions/activedirectory.md b/docs/threatprevention/7.5/solutions/activedirectory.md deleted file mode 100644 index b57f89eba9..0000000000 --- a/docs/threatprevention/7.5/solutions/activedirectory.md +++ /dev/null @@ -1,62 +0,0 @@ -# Active Directory - -Threat Prevention for Active Directory is a real-time change and access monitoring solution designed -to detect, block, and alert on unauthorized or high-risk activity within Active Directory -environments - without relying on native Windows logging mechanisms. It captures and inspects all -authentication, access, and modification activity at the domain controller level, providing full -visibility into changes across individual Active Directory objects, attributes, group memberships, -and Group Policy Objects (GPOs). All actions are recorded in a detailed audit trail that includes -pre- and post-change values with actor context. - -Key aspects of the Active Directory solution are: - -- Proactive Enforcement — Blocks unauthorized or policy-violating changes (for example, group - membership or GPO edits) before they are applied, strengthening native Active Directory controls -- Real-Time Authentication Monitoring — Captures and logs all authentication requests, including - Kerberos and NTLM logons, providing visibility into authentication events across the environment -- Granular Change Monitoring — Provides detailed monitoring of all changes within Active Directory, - including object-level modifications, access permissions, and group memberships, ensuring complete - visibility into any action that could impact security or compliance -- Customizable Security Policies — Allows administrators to define custom rules for blocking and - alerting on specific types of changes or access attempts, offering tailored security enforcement - based on organizational needs - -Some important events Threat Prevention captures are: - -- Changes -- Account Lockouts -- Password Resets -- Comprised and Weak Password Use -- Group Policy Object (GPO) Modifications -- Object Moves/Adds/Deletes -- Permission Modifications -- Groups Membership -- DNS Changes -- LSASS Modifications -- AD Replication -- Replication Impersonations -- Active Directory Read Monitoring -- Authentication (Kerberos & NTLM) - - - Authentication-based Attacks (e.g. Horizontal/Lateral Movement, Brute Force Attacks, User - Account Hacking, Breached Passwords, Golden Tickets, and more) - - Privileged Account Authentications - -## Active Directory Event Types - -The following event types are available for Active Directory: - -- [Active Directory Changes Event Type](/docs/threatprevention/7.5/admin/policies/eventtype/activedirectorychanges.md) -- [Active Directory Lockdown Event Type](/docs/threatprevention/7.5/admin/policies/eventtype/activedirectorylockdown.md) -- [Active Directory Read Monitoring Event Type](/docs/threatprevention/7.5/admin/policies/eventtype/activedirectoryreadmonitoring.md) -- [AD Replication Lockdown Event Type](/docs/threatprevention/7.5/admin/policies/eventtype/adreplicationlockdown.md) -- [AD Replication Monitoring Event Type](/docs/threatprevention/7.5/admin/policies/eventtype/adreplicationmonitoring.md) -- [Authentication Lockdown Event Type](/docs/threatprevention/7.5/admin/policies/eventtype/authenticationlockdown.md) -- [Authentication Monitoring Event Type](/docs/threatprevention/7.5/admin/policies/eventtype/authenticationmonitoring.md) -- [Effective Group Membership Event Type](/docs/threatprevention/7.5/admin/policies/eventtype/effectivegroupmembership.md) -- [FSMO Role Monitoring Event Type](/docs/threatprevention/7.5/admin/policies/eventtype/fsmorolemonitoring.md) -- [GPO Setting Changes Event Type](/docs/threatprevention/7.5/admin/policies/eventtype/gposettingchanges.md) -- [GPO Setting Lockdown Event Type](/docs/threatprevention/7.5/admin/policies/eventtype/gposettinglockdown.md) -- [LSASS Guardian – Monitor Event Type](/docs/threatprevention/7.5/admin/policies/eventtype/lsassguardianmonitor.md) -- [LSASS Guardian – Protect Event Type](/docs/threatprevention/7.5/admin/policies/eventtype/lsassguardianprotect.md) -- [Password Enforcement Event Type](/docs/threatprevention/7.5/admin/policies/eventtype/passwordenforcement.md) diff --git a/docs/threatprevention/7.5/solutions/exchange.md b/docs/threatprevention/7.5/solutions/exchange.md deleted file mode 100644 index 8c7277952b..0000000000 --- a/docs/threatprevention/7.5/solutions/exchange.md +++ /dev/null @@ -1,37 +0,0 @@ -# Exchange - -Threat Prevention for Exchange provides increased security, regulatory compliance fulfillment, and -reduced risk of downtime by significantly enhancing Microsoft Exchange native security. - -- Threat Prevention for Exchange owners reduce outage risk caused by bad configuration changes and - achieve compliance through enhanced security and detailed auditing. -- For business owners, enhanced mailbox security capabilities ensure their most sensitive mailboxes - are protected against rogue administrator or compromised account access. - -Understand who accessed a mailbox and what occurred once in the mailbox. Was a sensitive email read, -modified, deleted, or forwarded? All are critical to achieving a compliant Exchange infrastructure. - -Some important events Threat Prevention captures are: - -- Non-Owner Mailbox Access Events -- Access Rights Changes - - - Mailbox - - Folder - -- Manipulated Attachments -- Message Item Level Auditing - - - Creation - - Deletion - - Modification - - Read - - Send/Forward - - Open - -## Exchange Event Types - -The following event types are available for Exchange: - -- [Exchange Changes Event Type](/docs/threatprevention/7.5/admin/policies/eventtype/exchangechanges.md) -- [Exchange Lockdown Event Type](/docs/threatprevention/7.5/admin/policies/eventtype/exchangelockdown.md) diff --git a/docs/threatprevention/7.5/solutions/filesystem.md b/docs/threatprevention/7.5/solutions/filesystem.md deleted file mode 100644 index bced13351e..0000000000 --- a/docs/threatprevention/7.5/solutions/filesystem.md +++ /dev/null @@ -1,37 +0,0 @@ -# File System - -Threat Prevention for File System provides organizations with real-time visibility into and control -over changes and access activities occurring within Windows file systems. It also provides real-time -visibility into file access and change activities occurring on NAS devices. - -- Threat Prevention authoritatively records a complete audit trail of events for security, - compliance, and forensic investigation, and alerts on critical activities in real-time without - reliance on native logging facilities or impacting system performance. -- Threat Prevention also optionally blocks change and access events from occurring at the share, - folder, or file level on Windows file systems, enabling complete control over critical data - regardless of natively supplied access rights. - -Some important events Threat Prevention captures within a Windows file system are: - -- File Access Events (Create, Read, Write, Move, Copy, Delete, Rename) -- Permission Changes -- Attribute Changes -- Audit Changes -- Owner Changes -- Share Events (Add, Delete, Update, Permission Change) -- I/O Type Events (Native File System, Shadow Copy) - -Some important events Threat Prevention captures within a NAS file system are: - -- File Access Events (Create, Copy, Delete, Rename, Read, Update) -- Permission Changes - -**NOTE:** For NAS monitoring, Threat Prevention employs the Netwrix Activity Monitor component. - -## File System Event Types - -The following event types are available for File System: - -- [File System Changes Event Type](/docs/threatprevention/7.5/admin/policies/eventtype/filesystemchanges.md) -- [File System Lockdown Event Type](/docs/threatprevention/7.5/admin/policies/eventtype/filesystemlockdown.md) -- [File System Enterprise Auditor Event Type](/docs/threatprevention/7.5/admin/policies/eventtype/filesystemaccessanalyzer.md) diff --git a/docs/threatprevention/7.5/solutions/ldap.md b/docs/threatprevention/7.5/solutions/ldap.md deleted file mode 100644 index c0ff248675..0000000000 --- a/docs/threatprevention/7.5/solutions/ldap.md +++ /dev/null @@ -1,19 +0,0 @@ -# LDAP - -Threat Prevention for LDAP provides real-time monitoring of Active Directory LDAP queries without -any reliance on native logging. From individual objects to specific query requests or results, -Threat Prevention for LDAP produces a complete audit trail of specific queries executed against -Active Directory that could indicate potential security issues or operational inefficiencies. - -In addition to LDAP query activity monitoring, you can also use the LDAP Bind event type to generate -an event whenever a security principal connects (binds) to LDAP, which is a required step before -generating queries. Bind events include information about the user, source machine, and type of -security used for the session. - -## LDAP Event Types - -The following event types are available for LDAP: - -- [LDAP Lockdown Event Type](/docs/threatprevention/7.5/admin/policies/eventtype/ldaplockdown.md) -- [LDAP Monitoring Event Type](/docs/threatprevention/7.5/admin/policies/eventtype/ldapmonitoring.md) -- [LDAP Bind Monitoring Event Type](/docs/threatprevention/7.5/admin/policies/eventtype/ldapbindmonitoring.md) diff --git a/docs/threatprevention/7.5/solutions/overview.md b/docs/threatprevention/7.5/solutions/overview.md deleted file mode 100644 index 686469a1b8..0000000000 --- a/docs/threatprevention/7.5/solutions/overview.md +++ /dev/null @@ -1,52 +0,0 @@ -# Solutions - -Threat Prevention offers the following pre-defined solutions for protecting your IT environment. The -solutions and associated licensed modules are: - -[Active Directory](/docs/threatprevention/7.5/solutions/activedirectory.md) - -- Active Directory Changes - - - Includes AD Replication Monitoring - - Includes Authentication Monitoring - - Includes Effective Group Membership - - Includes LSASS Guardian –Monitor - -- Active Directory Lockdown - - - Includes AD Replication Lockdown - - Includes Authentication Lockdown - - Includes LSASS Guardian – Protect - -- Active Directory Read Monitoring -- FSMO Role Monitoring -- GPO Lockdown -- GPO Setting Changes - -[ Enterprise Password Enforcer](/docs/threatprevention/7.5/solutions/epe.md) - -- Password Enforcement - -[Exchange](/docs/threatprevention/7.5/solutions/exchange.md) - -- Exchange Events -- Exchange Lockdown - -[File System](/docs/threatprevention/7.5/solutions/filesystem.md) - -- File System - - - Includes both Monitoring and Lockdown for Windows file system - - Includes Monitoring for supported NAS devices - - Includes Monitoring file system for integration with Access Analyzer - -[LDAP](/docs/threatprevention/7.5/solutions/ldap.md) - -- LDAP Monitoring - - - Includes both Monitoring and Lockdown for LDAP events - - Includes Monitoring of user connections made to LDAP (Bind), which occur before queries are - submitted to LDAP - -In the Administration Console, all solutions use the same base software. The difference is in the -Policy Event Types available for use with different solutions. diff --git a/docs/threatprevention/7.5/troubleshooting/_category_.json b/docs/threatprevention/7.5/troubleshooting/_category_.json new file mode 100644 index 0000000000..a5cdc13cec --- /dev/null +++ b/docs/threatprevention/7.5/troubleshooting/_category_.json @@ -0,0 +1,10 @@ +{ + "label": "Best Practices and Troubleshooting", + "position": 60, + "collapsed": true, + "collapsible": true, + "link": { + "type": "doc", + "id": "overview" + } +} \ No newline at end of file diff --git a/docs/threatprevention/7.5/troubleshooting/agentcommunication.md b/docs/threatprevention/7.5/troubleshooting/agentcommunication.md index c95b2f419c..ede1452484 100644 --- a/docs/threatprevention/7.5/troubleshooting/agentcommunication.md +++ b/docs/threatprevention/7.5/troubleshooting/agentcommunication.md @@ -1,3 +1,9 @@ +--- +title: "Agent Not Communicating with the Enterprise Manager" +description: "Agent Not Communicating with the Enterprise Manager" +sidebar_position: 10 +--- + # Agent Not Communicating with the Enterprise Manager If the Agent is not communicating with the Enterprise Manager, the following questions should be diff --git a/docs/threatprevention/7.5/troubleshooting/agentservice.md b/docs/threatprevention/7.5/troubleshooting/agentservice.md index f3e9123989..38ebf5862d 100644 --- a/docs/threatprevention/7.5/troubleshooting/agentservice.md +++ b/docs/threatprevention/7.5/troubleshooting/agentservice.md @@ -1,3 +1,9 @@ +--- +title: "Agent Service Fails to Start Due to Service Timeout" +description: "Agent Service Fails to Start Due to Service Timeout" +sidebar_position: 70 +--- + # Agent Service Fails to Start Due to Service Timeout If an Agent service fails to start due to a service timeout, setting the NT Service timeout higher diff --git a/docs/threatprevention/7.5/troubleshooting/enterprisemanagercommunication.md b/docs/threatprevention/7.5/troubleshooting/enterprisemanagercommunication.md index eadf502c87..0fe92c19e4 100644 --- a/docs/threatprevention/7.5/troubleshooting/enterprisemanagercommunication.md +++ b/docs/threatprevention/7.5/troubleshooting/enterprisemanagercommunication.md @@ -1,3 +1,9 @@ +--- +title: "Administration Console and Agent Not Communicating with the Enterprise Manager" +description: "Administration Console and Agent Not Communicating with the Enterprise Manager" +sidebar_position: 20 +--- + # Administration Console and Agent Not Communicating with the Enterprise Manager As a requirement for configuring custom managed certificates, the Threat Prevention Administration @@ -10,13 +16,13 @@ Agent, the console and Agent will fail to connect to Enterprise Manager. **NOTE:** To configure custom managed certificates for the Enterprise Manager and the Agent, see the [Certificate Management Wizard](/docs/threatprevention/7.5/install/certificatemanagementwizard.md) and -[Create Custom Managed Certificates for Each Agent](/docs/threatprevention/7.5/install/agent/customcert.md) topics +[Create Custom Managed Certificates for Each Agent](/docs/threatprevention/7.5/install/agent/manual/customcert.md) topics respectively. You must provide the Enterprise Manager server DNS name when you install the following: - Threat Prevention server (see the [Application Server Install](/docs/threatprevention/7.5/install/application.md) topic) -- Threat Prevention Agent (see the [Manual Agent Deployment](/docs/threatprevention/7.5/install/agent/manual.md) topic) +- Threat Prevention Agent (see the [Manual Agent Deployment](/docs/threatprevention/7.5/install/agent/manual/manual.md) topic) - Remote instance of the Administration Console (see the [Administration Console Remote Install](/docs/threatprevention/7.5/install/adminconsole.md) topic) diff --git a/docs/threatprevention/7.5/troubleshooting/exchangelockdown.md b/docs/threatprevention/7.5/troubleshooting/exchangelockdown.md index 01246426ae..e395eb27a0 100644 --- a/docs/threatprevention/7.5/troubleshooting/exchangelockdown.md +++ b/docs/threatprevention/7.5/troubleshooting/exchangelockdown.md @@ -1,3 +1,9 @@ +--- +title: "Exchange Lockdown Considerations" +description: "Exchange Lockdown Considerations" +sidebar_position: 40 +--- + # Exchange Lockdown Considerations When an Exchange Lockdown policy is first enabled, operations that are expected to be locked down by @@ -21,9 +27,9 @@ In Microsoft Outlook 2010, delegation through Outlook performs three operations: and responses to the delegate The first option does not use an Exchange API. Therefore, this action cannot be blocked by an -[Exchange Lockdown Event Type](/docs/threatprevention/7.5/admin/policies/eventtype/exchangelockdown.md) policy. However, it +[Exchange Lockdown Event Type](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/exchangelockdown.md) policy. However, it is possible to achieve the desired blocking effect by creating a corresponding -[Active Directory Lockdown Event Type](/docs/threatprevention/7.5/admin/policies/eventtype/activedirectorylockdown.md) +[Active Directory Lockdown Event Type](/docs/threatprevention/7.5/admin/policies/configuration/eventtype/activedirectorylockdown.md) policy to block any **Send on Behalf of** permission changes. Netwrix recommends using the following event filters on the respective Active Directory Lockdown diff --git a/docs/threatprevention/7.5/troubleshooting/lsass.md b/docs/threatprevention/7.5/troubleshooting/lsass.md index 3ae9be61e5..67a59c0aab 100644 --- a/docs/threatprevention/7.5/troubleshooting/lsass.md +++ b/docs/threatprevention/7.5/troubleshooting/lsass.md @@ -1,3 +1,9 @@ +--- +title: "LSASS Process Terminated" +description: "LSASS Process Terminated" +sidebar_position: 30 +--- + # LSASS Process Terminated To collect real-time activity data, the Agent hooks into (intercepts) specific Microsoft APIs in the diff --git a/docs/threatprevention/7.5/troubleshooting/msilogs.md b/docs/threatprevention/7.5/troubleshooting/msilogs.md index d37e3fbdfb..1b40154762 100644 --- a/docs/threatprevention/7.5/troubleshooting/msilogs.md +++ b/docs/threatprevention/7.5/troubleshooting/msilogs.md @@ -1,3 +1,9 @@ +--- +title: "MSI Installer Logs" +description: "MSI Installer Logs" +sidebar_position: 50 +--- + # MSI Installer Logs The Threat Prevention installer runs under control of Windows Installer. All available command line diff --git a/docs/threatprevention/7.5/troubleshooting/overview.md b/docs/threatprevention/7.5/troubleshooting/overview.md index 4dfe0e39e8..e074dbf3ce 100644 --- a/docs/threatprevention/7.5/troubleshooting/overview.md +++ b/docs/threatprevention/7.5/troubleshooting/overview.md @@ -1,3 +1,9 @@ +--- +title: "Best Practices and Troubleshooting" +description: "Best Practices and Troubleshooting" +sidebar_position: 60 +--- + # Best Practices and Troubleshooting This topic provides general best practices and basic troubleshooting that you should take into @@ -69,7 +75,7 @@ Threat Prevention sends the _LSASS process terminated_ alert when the LSASS proc after a reboot. The Agent stops and all monitoring/blocking by that Agent stops. To resolve the issue, either upgrade to the latest version of the Agent or simply upgrade SI.ActiveDirectoryMonitor.dll - commonly known as ADMonitor DLL (recommended). See the -[Upgrade ADMonitor](/docs/threatprevention/7.5/admin/agents/management/upgradeadmonitor.md)topic for additional information. +[Upgrade ADMonitor](/docs/threatprevention/7.5/admin/agents/agent-management/upgradeadmonitor.md)topic for additional information. **_RECOMMENDED:_** Activate an email notification for the _LSASS process terminated_ alert. See the [Enable the 'LSASS Process Terminated' Email Alert](/docs/threatprevention/7.5/troubleshooting/lsass.md#enable-the-lsass-process-terminated-email-alert) diff --git a/docs/threatprevention/7.5/troubleshooting/sqlserver.md b/docs/threatprevention/7.5/troubleshooting/sqlserver.md index 931f88efce..74ec0bf3aa 100644 --- a/docs/threatprevention/7.5/troubleshooting/sqlserver.md +++ b/docs/threatprevention/7.5/troubleshooting/sqlserver.md @@ -1,3 +1,9 @@ +--- +title: "Restrict SQL Server Maximum Server Memory" +description: "Restrict SQL Server Maximum Server Memory" +sidebar_position: 60 +--- + # Restrict SQL Server Maximum Server Memory For SQL Server 2012+, it is necessary to restrict the maximum server memory value to 60-70% of the diff --git a/docs/threatprevention/7.5/whatsnew.md b/docs/threatprevention/7.5/whatsnew.md deleted file mode 100644 index b7c47d5bce..0000000000 --- a/docs/threatprevention/7.5/whatsnew.md +++ /dev/null @@ -1,7 +0,0 @@ -# What's New - -## New Netwrix Community! - -All Netwrix product announcements have moved to the new Netwrix Community. See announcements for -Netwrix Threat Prevention in the [Threat Prevention](https://community.netwrix.com/c/160) area of -our new community. diff --git a/scripts/ActivityMonitor.fltoc b/scripts/ActivityMonitor.fltoc deleted file mode 100644 index 7b99498fe9..0000000000 --- a/scripts/ActivityMonitor.fltoc +++ /dev/null @@ -1,715 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file diff --git a/scripts/Auditor.fltoc b/scripts/Auditor.fltoc deleted file mode 100644 index ce74a29959..0000000000 --- a/scripts/Auditor.fltoc +++ /dev/null @@ -1,1662 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file diff --git a/scripts/ChangeTracker.fltoc b/scripts/ChangeTracker.fltoc deleted file mode 100644 index 1e45809cfd..0000000000 --- a/scripts/ChangeTracker.fltoc +++ /dev/null @@ -1,370 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file diff --git a/scripts/InformationCenter.fltoc b/scripts/InformationCenter.fltoc deleted file mode 100644 index 75d0200901..0000000000 --- a/scripts/InformationCenter.fltoc +++ /dev/null @@ -1,1229 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file diff --git a/scripts/NDC.fltoc b/scripts/NDC.fltoc deleted file mode 100644 index 0190432e97..0000000000 --- a/scripts/NDC.fltoc +++ /dev/null @@ -1,721 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file diff --git a/scripts/Recovery.fltoc b/scripts/Recovery.fltoc deleted file mode 100644 index 4cc2cc62d7..0000000000 --- a/scripts/Recovery.fltoc +++ /dev/null @@ -1,146 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file diff --git a/scripts/accessanalyzer.fltoc b/scripts/accessanalyzer.fltoc deleted file mode 100644 index cf94716a5f..0000000000 --- a/scripts/accessanalyzer.fltoc +++ /dev/null @@ -1,4675 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file diff --git a/scripts/fix-accessanalyzer-img-paths.js b/scripts/fix-accessanalyzer-img-paths.js deleted file mode 100644 index 7cd15e68fd..0000000000 --- a/scripts/fix-accessanalyzer-img-paths.js +++ /dev/null @@ -1,40 +0,0 @@ -const fs = require('fs'); -const path = require('path'); - -// Usage: node scripts/fix-accessanalyzer-img-paths.js -if (process.argv.length < 3) { - console.error('Usage: node scripts/fix-accessanalyzer-img-paths.js '); - process.exit(1); -} - -const targetFolder = path.join(__dirname, '..', 'docs', process.argv[2]); - -function processFile(filePath) { - let content = fs.readFileSync(filePath, 'utf8'); - let newContent = content - .replace(/\/img\/product_docs\/accessanalyzer(?!\/12\.0)/g, '/img/product_docs/accessanalyzer/12.0') - .replace(/\/img\/versioned_docs\/accessanalyzer_11\.6\/accessanalyzer/g, '/img/product_docs/accessanalyzer/11.6'); - if (newContent !== content) { - fs.writeFileSync(filePath, newContent, 'utf8'); - console.log(`Updated: ${filePath}`); - } -} - -function walkDir(dir) { - fs.readdirSync(dir, { withFileTypes: true }).forEach((entry) => { - const fullPath = path.join(dir, entry.name); - if (entry.isDirectory()) { - walkDir(fullPath); - } else if (entry.isFile() && fullPath.endsWith('.md')) { - processFile(fullPath); - } - }); -} - -if (!fs.existsSync(targetFolder)) { - console.error(`Folder does not exist: ${targetFolder}`); - process.exit(1); -} - -walkDir(targetFolder); -console.log('Done.'); \ No newline at end of file diff --git a/scripts/fix-images.js b/scripts/fix-images.js deleted file mode 100644 index 36985e4eb4..0000000000 --- a/scripts/fix-images.js +++ /dev/null @@ -1,430 +0,0 @@ -#!/usr/bin/env node - -/** - * fix-images.js - * - * Interactive CLI tool to fix both product folder mismatches and path alignment mismatches in image links. - * - * Usage: - * node scripts/fix-images.js [--case=product|path] - * (default: both cases) - */ - -const fs = require('fs'); -const path = require('path'); -const readline = require('readline'); -const { spawn } = require('child_process'); - -// ANSI color codes -const colors = { - reset: '\x1b[0m', - bold: '\x1b[1m', - cyan: '\x1b[36m', - yellow: '\x1b[33m', - green: '\x1b[32m', - gray: '\x1b[90m', - red: '\x1b[31m', -}; - -function walkDir(dir, ext, fileList = []) { - const files = fs.readdirSync(dir); - for (const file of files) { - const fullPath = path.join(dir, file); - const stat = fs.statSync(fullPath); - if (stat.isDirectory()) { - walkDir(fullPath, ext, fileList); - } else if (file.endsWith(ext)) { - fileList.push(fullPath); - } - } - return fileList; -} - -function findImageLinks(mdContent) { - // Matches ![alt](path) or ![](path) - const regex = /!\[[^\]]*\]\(([^)]+)\)/g; - let match; - const results = []; - while ((match = regex.exec(mdContent)) !== null) { - results.push({ - link: match[0], - path: match[1], - index: match.index, - }); - } - return results; -} - -function getContextLines(mdContent, index, numLines = 2) { - const lines = mdContent.split('\n'); - let charCount = 0; - let lineNum = 0; - for (; lineNum < lines.length; lineNum++) { - charCount += lines[lineNum].length + 1; - if (charCount > index) break; - } - const start = Math.max(0, lineNum - numLines); - const end = Math.min(lines.length, lineNum + numLines + 1); - return lines.slice(start, end).join('\n'); -} - -function promptUser(question) { - const rl = readline.createInterface({ input: process.stdin, output: process.stdout }); - return new Promise(resolve => rl.question(question, ans => { rl.close(); resolve(ans); })); -} - -function openImage(filePath) { - const platform = process.platform; - let cmd, args; - if (platform === 'win32') { - cmd = 'cmd'; - args = ['/c', 'start', '""', filePath]; - } else if (platform === 'darwin') { - cmd = 'open'; - args = [filePath]; - } else { - cmd = 'xdg-open'; - args = [filePath]; - } - spawn(cmd, args, { stdio: 'ignore', detached: true }).unref(); -} - -function getProductFolderFromImgPath(imgPath, productFolder) { - // Count how many segments in productFolder - const numSegments = productFolder.split('/').length; - // Build regex to match that many segments after img/product_docs/ - const regex = new RegExp('(?:^|/)img/product_docs/((?:[^/]+/){' + (numSegments - 1) + '}[^/]+)/'); -function getProductFolderFromImgPath(imgPath, productFolder) { - // Count how many segments in productFolder - const numSegments = productFolder.split('/').length; - // Build regex to match that many segments after img/product_docs/ - const regex = new RegExp('(?:^|/)img/product_docs/((?:[^/]+/){' + (numSegments - 1) + '}[^/]+)/'); - const norm = imgPath.replace(/\\/g, '/'); - const m = norm.match(regex); - const m = norm.match(regex); - return m ? m[1] : null; -} - -function pathHasProductFolder(imgPath, productFolder) { - // Normalize and check if productFolder is in the path after /img/product_docs/ - const norm = imgPath.replace(/\\/g, '/'); - return norm.includes('/img/product_docs/' + productFolder + '/') || norm.includes('img/product_docs/' + productFolder + '/'); -} - -function getExpectedImagePath(productFolder, mdFile, origImgPath) { - // Support /img/product_docs//, img/product_docs//, or static/img/product_docs// - const normImgPath = origImgPath.replace(/\\/g, '/'); - const prefixes = [ - '/img/product_docs/' + productFolder + '/', - 'img/product_docs/' + productFolder + '/', - 'static/img/product_docs/' + productFolder + '/', - ]; - const prefix = prefixes.find(p => normImgPath.startsWith(p)); - if (!prefix) return null; - // Get the relative path of the md file (excluding filename) - const mdRelPath = path.relative(path.join('docs', productFolder), mdFile).replace(/\\/g, '/'); - const mdRelDir = path.dirname(mdRelPath); - const imgFileName = path.basename(normImgPath); - const expected = prefix + (mdRelDir === '.' ? '' : mdRelDir + '/') + imgFileName; - return expected; -} - -function isProductFolderMismatch(productFolder, imgPath) { - // True if the product folder in the image path does not match the input - const found = getProductFolderFromImgPath(imgPath, productFolder); - const found = getProductFolderFromImgPath(imgPath, productFolder); - return found && found !== productFolder; -} - -function isPathAlignmentMismatch(productFolder, mdFile, imgPath) { - const normImgPath = imgPath.replace(/\\/g, '/'); - const prefixes = [ - '/img/product_docs/' + productFolder + '/', - 'img/product_docs/' + productFolder + '/', - 'static/img/product_docs/' + productFolder + '/', - ]; - const prefix = prefixes.find(p => normImgPath.startsWith(p)); - if (!prefix) return false; - // Get the subpath after product folder (excluding filename) - const imgSubPath = path.dirname(normImgPath.slice(prefix.length)); - const mdRelPath = path.relative(path.join('docs', productFolder), mdFile).replace(/\\/g, '/'); - const mdRelDir = path.dirname(mdRelPath); - // If subpath does not match mdRelDir, it's a mismatch - return imgSubPath !== mdRelDir; -} - -function getCandidateImagePaths(productFolder, mdFile, origImgPath) { - // Suggest: /// and _1, _2, etc. - const prefixes = [ - '/img/product_docs/', - 'img/product_docs/', - 'static/img/product_docs/', - ]; - const prefix = prefixes.find(p => origImgPath.replace(/\\/g, '/').startsWith(p)); - if (!prefix) return []; - const baseDir = prefix + productFolder; - const mdRelPath = path.relative(path.join('docs', productFolder), mdFile).replace(/\\/g, '/'); - const imgFileName = path.basename(origImgPath); - const prefixName = imgFileName.replace(/(\.[^.]+)$/, ''); - const ext = path.extname(imgFileName); - let currDir = path.dirname(mdRelPath); - while (true) { - const parentDir = baseDir + (currDir === '.' ? '' : '/' + currDir); - const parentDirFs = path.join('static', parentDir.replace(/^\/?img\//, 'img/').replace(/^\/?/, '')); - let found = []; - if (fs.existsSync(parentDirFs)) { - const files = fs.readdirSync(parentDirFs); - // Find all files matching basename and basename_# - files.forEach(f => { - if ( - (f === imgFileName || - (f.startsWith(prefixName + '_') && f.endsWith(ext) && /^_\d+/.test(f.slice(prefixName.length)))) - ) { - found.push((parentDir + '/' + f).replace(/\\/g, '/').replace(/\/\//g, '/')); - } - }); - } - if (found.length > 0) { - // Return all matches at this level only - return [...new Set(found)]; - } - // If not found, check one level deeper: a subfolder named after the markdown file's base name - if (currDir !== '.' && currDir !== '' && currDir !== path.sep) { - const mdBaseName = path.basename(mdRelPath, path.extname(mdRelPath)); - const subDir = parentDir + '/' + mdBaseName; - const subDirFs = path.join('static', subDir.replace(/^\/?img\//, 'img/').replace(/^\/?/, '')); - let foundSub = []; - if (fs.existsSync(subDirFs)) { - const files = fs.readdirSync(subDirFs); - files.forEach(f => { - if ( - (f === imgFileName || - (f.startsWith(prefixName + '_') && f.endsWith(ext) && /^_\d+/.test(f.slice(prefixName.length)))) - ) { - foundSub.push((subDir + '/' + f).replace(/\\/g, '/').replace(/\/\//g, '/')); - } - }); - } - if (foundSub.length > 0) { - return [...new Set(foundSub)]; - } - } - // Extra check for overview.md: look for image named after the last folder - if (path.basename(mdRelPath) === 'overview.md') { - const lastFolder = path.basename(currDir); - if (lastFolder && lastFolder !== '.' && lastFolder !== path.sep) { - const overviewImg = lastFolder + ext; - const overviewImgPath = parentDir + '/' + overviewImg; - const overviewImgFs = path.join('static', overviewImgPath.replace(/^\/?img\//, 'img/').replace(/^\/?/, '')); - if (fs.existsSync(overviewImgFs)) { - return [overviewImgPath.replace(/\\/g, '/').replace(/\/\//g, '/')]; - } - } - } - if (currDir === '' || currDir === '.' || currDir === path.sep) break; - currDir = path.dirname(currDir); - } - return []; -} - -async function main() { - const inputFolder = process.argv[2]; - const caseArg = process.argv.find(arg => arg.startsWith('--case=')); - const whichCase = caseArg ? caseArg.split('=')[1] : 'both'; - if (!inputFolder) { - console.error('Usage: node scripts/fix-images.js [--case=product|path]'); - process.exit(1); - } - const docsRoot = path.join('docs', inputFolder); - if (!fs.existsSync(docsRoot)) { - console.error('Folder not found:', docsRoot); - process.exit(1); - } - const mdFiles = walkDir(docsRoot, '.md'); - // Track skipped image links for this run - const skippedLinks = new Set(); - // Collect skipped info for report - const skippedReport = []; - for (const mdFile of mdFiles) { - const mdContent = fs.readFileSync(mdFile, 'utf8'); - const links = findImageLinks(mdContent); - let newContent = mdContent; - // Collect all changes first, then apply them in reverse order to avoid index shifting - const changes = []; - for (const linkObj of links) { - const { link, path: imgPath, index } = linkObj; - // Create a unique key for this image link in this file - const skipKey = mdFile + '|' + link; - if (skippedLinks.has(skipKey)) { - continue; - } - // Create a unique key for this image link in this file - const skipKey = mdFile + '|' + link; - if (skippedLinks.has(skipKey)) { - continue; - } - let caseType = null; - if ((whichCase === 'both' || whichCase === 'product') && isProductFolderMismatch(inputFolder, imgPath)) { - caseType = 'product'; - } else if ((whichCase === 'both' || whichCase === 'path') && isPathAlignmentMismatch(inputFolder, mdFile, imgPath)) { - caseType = 'path'; - } else { - continue; - } - const context = getContextLines(mdContent, index, 2); - const candidates = getCandidateImagePaths(inputFolder, mdFile, imgPath); - let skipAndReport = false; - if (candidates.length === 0) { - // Automatically skip if this is a path alignment mismatch or product folder mismatch - if (caseType === 'path' || caseType === 'product') { - skipAndReport = true; - } - } - if (skipAndReport) { - // Collect all info for report - let reportEntry = ''; - reportEntry += '\n---\n'; - reportEntry += `File: ${mdFile}\n`; - reportEntry += `Context:\n${context}\n`; - reportEntry += `Original image link: ${link}\n`; - if (caseType === 'product') { - reportEntry += 'Case: Product folder mismatch\n'; - } else if (caseType === 'path') { - reportEntry += 'Case: Path alignment mismatch\n'; - } - reportEntry += 'No suggested images found.\n'; - skippedReport.push(reportEntry); - skippedLinks.add(skipKey); - continue; - } - console.log('\n---'); - console.log(`${colors.bold}${colors.cyan}File: ${mdFile}${colors.reset}`); - console.log(`${colors.gray}Context:`); - console.log(context + colors.reset); - console.log(`${colors.yellow}Original image link: ${link}${colors.reset}`); - if (caseType === 'product') { - console.log(`${colors.red}Case: Product folder mismatch${colors.reset}`); - } else if (caseType === 'path') { - console.log(`${colors.red}Case: Path alignment mismatch${colors.reset}`); - } - if (candidates.length === 1) { - if (candidates.length === 1) { - // Auto-update with the single candidate - const action = candidates[0]; - let imgFsPath = action.replace(/^\//, ''); - if (!imgFsPath.startsWith('static/')) imgFsPath = 'static/' + imgFsPath; - if (fs.existsSync(imgFsPath)) { - // Use root-relative path for markdown - const relImgPath = action.startsWith('/') ? action : '/' + action; - const newLink = link.replace(imgPath, relImgPath); - changes.push({ - originalLink: link, - newLink: newLink, - index: index - }); - console.log(`${colors.green}Automatically updated image link in file with: ${action}${colors.reset}`); - } else { - console.log(colors.red, 'Suggested image does not exist:', imgFsPath, colors.reset); - // Fallback to prompt if file doesn't exist - } - } else { - if (candidates.length === 0) { - console.log(colors.red, 'No suggested images found.', colors.reset); - // Automatically skip if this is a path alignment mismatch - if (caseType === 'path') { - skippedLinks.add(skipKey); - continue; - } - } else { - // Print suggested images if there are multiple candidates - } - } else { - if (candidates.length === 0) { - console.log(colors.red, 'No suggested images found.', colors.reset); - // Automatically skip if this is a path alignment mismatch - if (caseType === 'path') { - skippedLinks.add(skipKey); - continue; - } - } else { - // Print suggested images if there are multiple candidates - console.log('Suggested image(s):'); - candidates.forEach((c, i) => { - console.log(` ${colors.green}[${i + 1}] ${c}${colors.reset}`); - }); - } - let action; - while (candidates.length > 0 || (caseType !== 'path' && candidates.length === 0)) { - while (candidates.length > 0 || (caseType !== 'path' && candidates.length === 0)) { - let prompt = `\n${colors.bold}Choose an option:${colors.reset}\n`; - if (candidates.length) prompt += ' [1-' + candidates.length + '] Select a suggested image\n'; - prompt += ' [c] Enter custom path\n [s] Skip\n> '; - action = await promptUser(prompt); - if (candidates.length && /^[1-9]\d*$/.test(action) && +action >= 1 && +action <= candidates.length) { - action = candidates[+action - 1]; - } else if (action.toLowerCase() === 'c') { - action = await promptUser('Enter custom image path: '); - } else if (action.toLowerCase() === 's') { - // Mark this image link as skipped for this run - skippedLinks.add(skipKey); - // Mark this image link as skipped for this run - skippedLinks.add(skipKey); - break; - } else { - console.log('Invalid input.'); - continue; - } - // Check if file exists (relative to static/ or root) - let imgFsPath = action ? action.replace(/^\//, '') : ''; - if (action && !imgFsPath.startsWith('static/')) imgFsPath = 'static/' + imgFsPath; - if (action && !fs.existsSync(imgFsPath)) { - let imgFsPath = action ? action.replace(/^\//, '') : ''; - if (action && !imgFsPath.startsWith('static/')) imgFsPath = 'static/' + imgFsPath; - if (action && !fs.existsSync(imgFsPath)) { - console.log('File does not exist:', imgFsPath); - continue; - } - if (action) openImage(imgFsPath); - if (action) openImage(imgFsPath); - const confirm = await promptUser('Use this image? [y/N]: '); - if (confirm.toLowerCase() === 'y') { - // Use root-relative path for markdown - const relImgPath = action.startsWith('/') ? action : '/' + action; - const newLink = link.replace(imgPath, relImgPath); - changes.push({ - originalLink: link, - newLink: newLink, - index: index - }); - console.log('Updated image link in file.'); - break; - } else { - console.log('Not updating.'); - } - } - } - } - // Apply all changes in reverse order to avoid index shifting - changes.sort((a, b) => b.index - a.index); - for (const change of changes) { - newContent = newContent.replace(change.originalLink, change.newLink); - } - if (newContent !== mdContent) { - fs.writeFileSync(mdFile, newContent, 'utf8'); - console.log('File updated:', mdFile); - } - } - // At the end of main, after all files processed, write the skipped report if any - if (skippedReport.length > 0) { - const imgRoot = path.join('static', 'img', 'product_docs', inputFolder); - if (!fs.existsSync(imgRoot)) { - fs.mkdirSync(imgRoot, { recursive: true }); - } - const reportPath = path.join(imgRoot, 'skipped-image-links.txt'); - fs.writeFileSync(reportPath, skippedReport.join('\n'), 'utf8'); - console.log(`\nSkipped image links report written to: ${reportPath}`); - } - console.log('Done.'); -} - -main(); \ No newline at end of file diff --git a/scripts/move-and-update-links.js b/scripts/move-and-update-links.js deleted file mode 100644 index b77e269b30..0000000000 --- a/scripts/move-and-update-links.js +++ /dev/null @@ -1,148 +0,0 @@ -#!/usr/bin/env node -const fs = require('fs'); -const path = require('path'); -const fse = require('fs-extra'); - -// Helper to recursively get all .md files in a directory -function getAllMarkdownFiles(dir, fileList = []) { - const files = fs.readdirSync(dir); - files.forEach(file => { - const filePath = path.join(dir, file); - const stat = fs.statSync(filePath); - if (stat.isDirectory()) { - getAllMarkdownFiles(filePath, fileList); - } else if (file.endsWith('.md')) { - fileList.push(filePath); - } - }); - return fileList; -} - -// Helper to update markdown links in a file -function updateMarkdownLinks(filePath, oldPath, newPath) { - let content = fs.readFileSync(filePath, 'utf8'); - let updated = false; - - // Convert paths to forward slashes for consistent matching - const normalizedOldPath = oldPath.replace(/\\/g, '/'); - const normalizedNewPath = newPath.replace(/\\/g, '/'); - - // Only update files that actually contain links to the old path - // Look for markdown links that contain the old path and end with .md - const escapedOldPath = normalizedOldPath.replace(/[.*+?^${}()|[\]\\]/g, '\\$&'); - - // Match complete markdown links: [text](path/to/old/file.md) - // This regex specifically looks for markdown link syntax with the old path - const regex = new RegExp(`(\\[([^\\]]+)\\]\\()([^)]*${escapedOldPath}[^)]*\\.md)`, 'g'); - - const newContent = content.replace(regex, (match, p1, p2, p3) => { - // Double-check that this is actually a link to the old path - if (p3.includes(normalizedOldPath)) { - updated = true; - // Replace the old path with the new path in the link - const newLinkPath = p3.replace(new RegExp(escapedOldPath, 'g'), normalizedNewPath); - return `${p1}${newLinkPath}`; - } - return match; - }); - - if (updated) { - fs.writeFileSync(filePath, newContent, 'utf8'); - console.log(` Updated links in: ${filePath}`); - } - - return updated; -} - -// Main function -function main() { - // Parse command line arguments - const args = process.argv.slice(2); - let sourcePath = null; - let destPath = null; - - for (let i = 0; i < args.length; i++) { - if (args[i] === '--src' && i + 1 < args.length) { - sourcePath = args[i + 1]; - i++; - } else if (args[i] === '--dest' && i + 1 < args.length) { - destPath = args[i + 1]; - i++; - } - } - - if (!sourcePath || !destPath) { - console.error('Usage: node scripts/move-and-update-links.js --src --dest '); - process.exit(1); - } - - // Resolve paths relative to current directory - const resolvedSourcePath = path.resolve(sourcePath); - const resolvedDestPath = path.resolve(destPath); - - console.log(`Source: ${resolvedSourcePath}`); - console.log(`Destination: ${resolvedDestPath}`); - - // Check if source directory exists - if (!fs.existsSync(resolvedSourcePath)) { - console.error(`Error: Source directory does not exist: ${resolvedSourcePath}`); - process.exit(1); - } - - // Check if source is a directory - const sourceStat = fs.statSync(resolvedSourcePath); - if (!sourceStat.isDirectory()) { - console.error(`Error: Source is not a directory: ${resolvedSourcePath}`); - process.exit(1); - } - - // Safety check: prevent moving a directory into itself or its parent - if (resolvedSourcePath === resolvedDestPath || resolvedDestPath.startsWith(resolvedSourcePath + path.sep)) { - console.error('Error: Cannot move a directory into itself or its parent'); - process.exit(1); - } - - try { - // Move contents from source to destination - const sourceItems = fs.readdirSync(resolvedSourcePath); - console.log(`Found ${sourceItems.length} items to move in source directory`); - - sourceItems.forEach(item => { - const sourceItemPath = path.join(resolvedSourcePath, item); - const destItemPath = path.join(resolvedDestPath, item); - - if (fs.existsSync(destItemPath)) { - console.log(`Warning: ${destItemPath} already exists, will overwrite`); - } - - fse.moveSync(sourceItemPath, destItemPath, { overwrite: true }); - console.log(`Moved ${sourceItemPath} to ${destItemPath}`); - }); - - // Remove the now-empty source directory - fs.rmdirSync(resolvedSourcePath); - console.log(`Removed empty source directory: ${resolvedSourcePath}`); - - // Update markdown links - console.log('Updating markdown links...'); - const docsDir = path.resolve('docs'); - const markdownFiles = getAllMarkdownFiles(docsDir); - console.log(`Found ${markdownFiles.length} markdown files to check`); - - let updatedFilesCount = 0; - markdownFiles.forEach(filePath => { - if (updateMarkdownLinks(filePath, sourcePath, destPath)) { - updatedFilesCount++; - } - }); - - console.log(`Updated markdown links in ${updatedFilesCount} files under docs/.`); - - } catch (error) { - console.error('Error:', error.message); - process.exit(1); - } -} - -// Run the script -main(); \ No newline at end of file diff --git a/scripts/move-images-and-update-links.js b/scripts/move-images-and-update-links.js deleted file mode 100644 index 81aa4e2d4d..0000000000 --- a/scripts/move-images-and-update-links.js +++ /dev/null @@ -1,137 +0,0 @@ -#!/usr/bin/env node -"use strict"; -const fs = require("fs"); -const path = require("path"); - -// --- Argument Parsing --- -const args = process.argv.slice(2); -function getArg(flag, def) { - const idx = args.indexOf(flag); - if (idx !== -1 && args[idx + 1]) return args[idx + 1]; - return def; -} -const SRC_BASE = getArg("--src"); -const DEST_BASE = getArg("--dest"); -const DOCS_BASE = "docs"; // Always use 'docs' as the docs root -if (!SRC_BASE || !DEST_BASE) { - console.error("Usage: node move-images-and-update-links.js --src --dest "); - process.exit(1); -} - -const IMAGE_EXTENSIONS = [".png", ".jpg", ".jpeg", ".gif", ".svg", ".webp", ".bmp", ".tiff", ".ico"]; - -// --- 1. Move Images --- -function walkDir(dir, fileList = [], skipDir = null) { - const files = fs.readdirSync(dir); - for (const file of files) { - const fullPath = path.join(dir, file); - const stat = fs.statSync(fullPath); - if (stat.isDirectory()) { - if (skipDir && path.resolve(fullPath) === path.resolve(skipDir)) continue; - walkDir(fullPath, fileList, skipDir); - } else { - fileList.push(fullPath); - } - } - return fileList; -} -function moveImages() { - const allFiles = walkDir(SRC_BASE); - let moved = 0; - for (const srcFile of allFiles) { - const ext = path.extname(srcFile).toLowerCase(); - if (!IMAGE_EXTENSIONS.includes(ext)) continue; - const relPath = path.relative(SRC_BASE, srcFile); - const destFile = path.join(DEST_BASE, relPath); - fs.mkdirSync(path.dirname(destFile), { recursive: true }); - fs.renameSync(srcFile, destFile); - moved++; - console.log(`Moved: ${srcFile} -> ${destFile}`); - } - console.log(`\n${moved} image(s) moved.\n`); -} - -// --- 2. Delete Empty Folders --- -function deleteEmptyDirs(dir, skipDir = null) { - if (skipDir && path.resolve(dir) === path.resolve(skipDir)) return false; - if (!fs.existsSync(dir)) return false; - if (!fs.statSync(dir).isDirectory()) return false; - const files = fs.readdirSync(dir); - let allGone = true; - for (const file of files) { - const fullPath = path.join(dir, file); - if (fs.statSync(fullPath).isDirectory()) { - const childGone = deleteEmptyDirs(fullPath, skipDir); - if (!childGone) allGone = false; - } else { - allGone = false; - } - } - if (allGone) { - fs.rmdirSync(dir); - console.log(`Deleted empty folder: ${dir}`); - return true; - } - return false; -} -function cleanEmptyFolders() { - let deleted = 0; - for (const file of fs.readdirSync(SRC_BASE)) { - const fullPath = path.join(SRC_BASE, file); - if (path.resolve(fullPath) === path.resolve(DEST_BASE)) continue; - if (fs.statSync(fullPath).isDirectory()) { - if (deleteEmptyDirs(fullPath, DEST_BASE)) deleted++; - } - } - console.log(`\n${deleted} empty folder(s) deleted.\n`); -} - -// --- 3. Update Markdown Links --- -function walkMarkdownFiles(dir, fileList = []) { - const files = fs.readdirSync(dir); - for (const file of files) { - const fullPath = path.join(dir, file); - const stat = fs.statSync(fullPath); - if (stat.isDirectory()) { - walkMarkdownFiles(fullPath, fileList); - } else if (file.endsWith(".md")) { - fileList.push(fullPath); - } - } - return fileList; -} -function updateImageLinks() { - // Always use paths relative to 'static' for markdown links - function stripStaticPrefix(p) { - return p.replace(/^static[\/]/, '').replace(/\\/g, '/'); - } - const relSrc = stripStaticPrefix(SRC_BASE); - const relDest = stripStaticPrefix(DEST_BASE); - // Regex: match links like (/relSrc/...) or (relSrc/...) (with or without leading slash) - const regex = new RegExp(`(\\()/?${relSrc.replace(/[.*+?^${}()|[\]\\]/g, '\\$&')}/`, "g"); - const mdFiles = walkMarkdownFiles(DOCS_BASE); - let updatedFiles = 0; - for (const filePath of mdFiles) { - let content = fs.readFileSync(filePath, "utf8"); - let updated = false; - content = content.replace(regex, (match, p1) => { - updated = true; - return `${p1}/${relDest}/`.replace(/\/\//g, '/'); - }); - if (updated) { - fs.writeFileSync(filePath, content, "utf8"); - console.log(`Updated: ${filePath}`); - updatedFiles++; - } - } - console.log(`\n${updatedFiles} markdown file(s) updated.\n`); -} - -// --- Main --- -console.log(`Moving images from ${SRC_BASE} to ${DEST_BASE} ...`); -moveImages(); -console.log(`Cleaning up empty folders in ${SRC_BASE} ...`); -cleanEmptyFolders(); -console.log(`Updating markdown links in ${DOCS_BASE} ...`); -updateImageLinks(); -console.log("\nAll done!"); \ No newline at end of file diff --git a/scripts/rename-image-and-update-md.js b/scripts/rename-image-and-update-md.js deleted file mode 100644 index 47d261ec25..0000000000 --- a/scripts/rename-image-and-update-md.js +++ /dev/null @@ -1,102 +0,0 @@ -const fs = require('fs'); -const path = require('path'); - -// Get command line arguments -const args = process.argv.slice(2); -const oldImageRelPath = args[0]; // e.g., img/product_docs/1secure/admin/login/oldname.webp -const newImageRelPath = args[1]; // e.g., img/product_docs/1secure/admin/login/newname.webp - -const STATIC_DIR = path.join(__dirname, '..', 'static'); -const DOCS_DIR = path.join(__dirname, '..', 'docs'); - -function showUsage() { - console.log('Usage: node rename-image-and-update-md.js '); - console.log(''); - console.log('Arguments:'); - console.log(' old_image_path Path to the image to rename/move, relative to static/'); - console.log(' new_image_path New path/name for the image, relative to static/'); - console.log(''); - console.log('Example:'); - console.log(' node rename-image-and-update-md.js img/product_docs/1secure/admin/login/oldname.webp img/product_docs/1secure/admin/login/newname.webp'); -} - -if (args.includes('--help') || args.includes('-h') || !oldImageRelPath || !newImageRelPath) { - showUsage(); - process.exit(0); -} - -// Normalize paths to use forward slashes for markdown matching -function toForwardSlashes(p) { - return p.replace(/\\/g, '/'); -} - -const oldImageRelPathNorm = toForwardSlashes(oldImageRelPath); -const newImageRelPathNorm = toForwardSlashes(newImageRelPath); - -const oldImageAbsPath = path.join(STATIC_DIR, oldImageRelPath); -const newImageAbsPath = path.join(STATIC_DIR, newImageRelPath); - -// Check if old image exists -if (!fs.existsSync(oldImageAbsPath)) { - console.error(`❌ Error: Old image not found: ${oldImageAbsPath}`); - process.exit(1); -} - -// Ensure new image directory exists -const newImageDir = path.dirname(newImageAbsPath); -if (!fs.existsSync(newImageDir)) { - fs.mkdirSync(newImageDir, { recursive: true }); -} - -// Move/rename the image -try { - fs.renameSync(oldImageAbsPath, newImageAbsPath); - console.log(`✅ Image moved: ${oldImageRelPath} -> ${newImageRelPath}`); -} catch (err) { - console.error(`❌ Error moving image: ${err.message}`); - process.exit(1); -} - -// Function to recursively find all .md files in docs/ -function findMarkdownFiles(dir) { - const files = []; - function scanDirectory(currentDir) { - const items = fs.readdirSync(currentDir); - for (const item of items) { - const fullPath = path.join(currentDir, item); - const stat = fs.statSync(fullPath); - if (stat.isDirectory()) { - scanDirectory(fullPath); - } else if (path.extname(item).toLowerCase() === '.md') { - files.push(fullPath); - } - } - } - scanDirectory(dir); - return files; -} - -// Update references in markdown files -const markdownFiles = findMarkdownFiles(DOCS_DIR); -let filesUpdated = 0; -let refsUpdated = 0; - -for (const filePath of markdownFiles) { - let content = fs.readFileSync(filePath, 'utf8'); - // Replace all references to the old image path (with or without leading slash) - const oldPathPattern = new RegExp(`([!\[][^\]]*\]\()/?${oldImageRelPathNorm.replace(/[.*+?^${}()|[\]\\]/g, '\\$&')}(\))`, 'g'); - const newPath = `/${newImageRelPathNorm}`; - const newContent = content.replace(oldPathPattern, `$1${newPath}$2`); - if (newContent !== content) { - fs.writeFileSync(filePath, newContent, 'utf8'); - filesUpdated++; - // Count number of replacements - refsUpdated += (content.match(oldPathPattern) || []).length; - console.log(`📝 Updated references in: ${path.relative(DOCS_DIR, filePath)}`); - } -} - -console.log('='.repeat(60)); -console.log(`📁 Markdown files updated: ${filesUpdated}`); -console.log(`🔗 Image references updated: ${refsUpdated}`); -console.log('✅ Done!'); \ No newline at end of file diff --git a/scripts/reorganize-from-fltoc.js b/scripts/reorganize-from-fltoc.js index 95f64bb3d3..04bc581b4f 100644 --- a/scripts/reorganize-from-fltoc.js +++ b/scripts/reorganize-from-fltoc.js @@ -30,6 +30,10 @@ function prettifyLabel(name) { .replace(/\b\w/g, c => c.toUpperCase()); } +function sanitizeFileName(name) { + return name.replace(/\s+/g, '_'); +} + function getAllMdFiles(dir, rel = '') { let files = []; for (const entry of fs.readdirSync(dir)) { @@ -46,11 +50,11 @@ function getAllMdFiles(dir, rel = '') { function mapFltocLinkToMd(link) { if (link.startsWith('/Content/Config/')) { - return link.replace('/Content/', '').replace(/\.htm$/, '.md').toLowerCase(); + return link.replace('/Content/', '').replace(/\.htm$/, '.md').replace(/ /g, '_').toLowerCase(); } else if (link.startsWith('/Content/Access/General/')) { - return link.replace('/Content/Access/General/', 'general/').replace(/\.htm$/, '.md').toLowerCase(); + return link.replace('/Content/Access/General/', 'general/').replace(/\.htm$/, '.md').replace(/ /g, '_').toLowerCase(); } else if (link.startsWith(`/Content/${PRODUCT_KEY}/`)) { - return link.replace(`/Content/${PRODUCT_KEY}/`, '').replace(/\.htm$/, '.md').toLowerCase(); + return link.replace(`/Content/${PRODUCT_KEY}/`, '').replace(/\.htm$/, '.md').replace(/ /g, '_').toLowerCase(); } return null; } @@ -261,13 +265,14 @@ function walkTreeAndReorganize(tree, parentFolders, docsPath, sidebarPositionSta if (!item) continue; if (item.type === 'doc') { const fileName = path.basename(item.mdPath); + const sanitizedFileName = sanitizeFileName(fileName); const currentPath = path.join(docsPath, item.mdPath); - let desiredPath = path.join(docsPath, ...parentFolders, fileName); + let desiredPath = path.join(docsPath, ...parentFolders, sanitizedFileName); if (fs.existsSync(currentPath)) { if (fs.existsSync(desiredPath)) { // Only append suffix if the destination is a different file desiredPath = getNonClashingPath(desiredPath, currentPath); - if (desiredPath !== path.join(docsPath, ...parentFolders, fileName)) { + if (desiredPath !== path.join(docsPath, ...parentFolders, sanitizedFileName)) { console.warn(`[clash] Name clash detected. Moving to: ${desiredPath}`); } } @@ -281,7 +286,7 @@ function walkTreeAndReorganize(tree, parentFolders, docsPath, sidebarPositionSta console.warn(`[missing] File not found: ${currentPath}`); } } else if (fs.existsSync(desiredPath)) { - updateFrontmatter(desiredPath, path.basename(fileName, '.md'), position); + updateFrontmatter(desiredPath, path.basename(sanitizedFileName, '.md'), position); } else { console.warn(`[missing] File not found: ${currentPath}`); } @@ -303,21 +308,22 @@ function walkTreeAndReorganize(tree, parentFolders, docsPath, sidebarPositionSta } if (item.fileToMove) { const fileName = path.basename(item.fileToMove); + const sanitizedFileName = sanitizeFileName(fileName); const currentPath = path.join(docsPath, item.fileToMove); - let desiredPath = path.join(folderPath, fileName); + let desiredPath = path.join(folderPath, sanitizedFileName); if (fs.existsSync(currentPath)) { if (fs.existsSync(desiredPath)) { desiredPath = getNonClashingPath(desiredPath, currentPath); - if (desiredPath !== path.join(folderPath, fileName)) { - console.warn(`[clash] Name clash detected. Moving to: ${desiredPath}`); - } + if (desiredPath !== path.join(folderPath, sanitizedFileName)) { + console.warn(`[clash] Name clash detected. Moving to: ${desiredPath}`); + } } const movedPath = moveIfNeeded(currentPath, desiredPath); if (movedPath) { fileMoves.push({ old: currentPath, new: movedPath }); updateFrontmatter(movedPath, path.basename(fileName, '.md'), position); } else if (fs.existsSync(desiredPath)) { - updateFrontmatter(desiredPath, path.basename(fileName, '.md'), position); + updateFrontmatter(desiredPath, path.basename(sanitizedFileName, '.md'), position); } else { console.warn(`[missing] File not found: ${currentPath}`); } diff --git a/scripts/update-image-links.js b/scripts/update-image-links.js deleted file mode 100644 index 6409f07cd0..0000000000 --- a/scripts/update-image-links.js +++ /dev/null @@ -1,574 +0,0 @@ -const fs = require('fs'); -const path = require('path'); -const readline = require('readline'); - -// Get command line arguments -const args = process.argv.slice(2); -const targetFolder = args[0]; // First argument is the folder to check - -// Configuration -const DOCS_DIR = path.join(__dirname, '..', 'docs'); -const STATIC_DIR = path.join(__dirname, '..', 'static'); -const IMAGE_EXTENSIONS = ['.jpg', '.jpeg', '.png', '.gif', '.webp', '.svg', '.bmp', '.tiff']; - -// Validate input -if (!targetFolder) { - console.error('❌ Error: Please provide a folder name as an argument'); - console.log(''); - console.log('Usage: node update-image-links.js '); - console.log(''); - console.log('Examples:'); - console.log(' node update-image-links.js accessanalyzer/12.0'); - console.log(' node update-image-links.js 1secure'); - console.log(' node update-image-links.js activitymonitor/8.0'); - process.exit(1); -} - -// Determine the directory to scan -const SCAN_DIR = path.join(DOCS_DIR, targetFolder); - -// Function to recursively find all .md files -function findMarkdownFiles(dir) { - const files = []; - - function scanDirectory(currentDir) { - const items = fs.readdirSync(currentDir); - - for (const item of items) { - const fullPath = path.join(currentDir, item); - const stat = fs.statSync(fullPath); - - if (stat.isDirectory()) { - scanDirectory(fullPath); - } else if (path.extname(item).toLowerCase() === '.md') { - files.push(fullPath); - } - } - } - - scanDirectory(dir); - return files; -} - -// Function to extract image links from markdown content -function extractImageLinks(content) { - const imageRegex = /!\[([^\]]*)\]\(([^)]+)\)/g; - const links = []; - let match; - - while ((match = imageRegex.exec(content)) !== null) { - const altText = match[1]; - const imagePath = match[2].trim(); - - // Skip if the path contains obvious malformed characters or is too short - if (imagePath.length < 3 || imagePath.includes('<') || imagePath.includes('>')) { - continue; - } - - // Skip external URLs (http/https) - if (imagePath.startsWith('http://') || imagePath.startsWith('https://')) { - continue; - } - - // Skip data URLs - if (imagePath.startsWith('data:')) { - continue; - } - - links.push({ - altText, - imagePath, - lineNumber: content.substring(0, match.index).split('\n').length, - matchIndex: match.index, - fullMatch: match[0] - }); - } - - return links; -} - -// Function to check if image link should be updated -function shouldUpdateImageLink(imagePath, targetFolder) { - // Remove leading slash if present - const cleanPath = imagePath.startsWith('/') ? imagePath.substring(1) : imagePath; - - // Check if it's a product_docs link - if (!cleanPath.startsWith('img/product_docs/')) { - return false; - } - - // Extract the product name from the path - const pathParts = cleanPath.split('/'); - if (pathParts.length < 3) { - return false; - } - - const productName = pathParts[2]; // img/product_docs/[productName]/... - - // Extract the expected product name from target folder - const targetParts = targetFolder.split('/'); - const expectedProductName = targetParts[0]; // accessanalyzer/12.0 -> accessanalyzer - - // Check if the product name doesn't match - return productName !== expectedProductName; -} - -function getAllSubfolderCombinations(folders) { - // Returns all possible order-preserving subfolder combinations (including skipping some) - const results = []; - const n = folders.length; - for (let i = 1; i <= n; i++) { - for (let start = 0; start <= n - i; start++) { - results.push(folders.slice(start, start + i)); - } - } - return results; -} - -function getPossibleImagePaths(imageFilename, product, version, mdSubfolders, imgSubfolders) { - // Try all combinations of mdSubfolders, imgSubfolders, and their concatenations - const combos = []; - // 1. Just mdSubfolders - combos.push(mdSubfolders); - // 2. Just imgSubfolders - combos.push(imgSubfolders); - // 3. mdSubfolders + imgSubfolders - combos.push([...mdSubfolders, ...imgSubfolders]); - // 4. imgSubfolders + mdSubfolders - combos.push([...imgSubfolders, ...mdSubfolders]); - // 5. All sub-combinations of mdSubfolders - combos.push(...getAllSubfolderCombinations(mdSubfolders)); - // 6. All sub-combinations of imgSubfolders - combos.push(...getAllSubfolderCombinations(imgSubfolders)); - // 7. All sub-combinations of md+img - combos.push(...getAllSubfolderCombinations([...mdSubfolders, ...imgSubfolders])); - // 8. All sub-combinations of img+md - combos.push(...getAllSubfolderCombinations([...imgSubfolders, ...mdSubfolders])); - // Remove duplicates - const seen = new Set(); - const uniqueCombos = combos.filter(arr => { - const key = arr.join('/'); - if (seen.has(key)) return false; - seen.add(key); - return true; - }); - // Build possible paths - return uniqueCombos.map(subfolders => { - const parts = ['img', 'product_docs', product]; - if (version) parts.push(version); - parts.push(...subfolders); - parts.push(imageFilename); - return '/' + parts.join('/'); - }); -} - -function getAllInsertPositions(arr, toInsert) { - // Returns all arrays formed by inserting toInsert at every possible position in arr - const results = []; - for (let i = 0; i <= arr.length; i++) { - results.push([...arr.slice(0, i), ...toInsert, ...arr.slice(i)]); - } - return results; -} - -function getAllValidImagePaths(imageFilename, product, version, mdSubfolders, imgSubfolders) { - const candidates = []; - // 1. Just imgSubfolders - candidates.push(imgSubfolders); - // 2. Insert mdSubfolders at every position in imgSubfolders - candidates.push(...getAllInsertPositions(imgSubfolders, mdSubfolders)); - // Remove duplicates - const seen = new Set(); - const uniqueCombos = candidates.filter(arr => { - const key = arr.join('/'); - if (seen.has(key)) return false; - seen.add(key); - return true; - }); - // Build possible paths - return uniqueCombos.map(subfolders => { - const parts = ['img', 'product_docs', product]; - if (version) parts.push(version); - parts.push(...subfolders); - parts.push(imageFilename); - return '/' + parts.join('/'); - }); -} - -function generateCorrectedPath(imagePath, targetFolder, filePath) { - // Remove leading slash if present - const cleanPath = imagePath.startsWith('/') ? imagePath.substring(1) : imagePath; - const pathParts = cleanPath.split('/'); - const targetParts = targetFolder.split('/'); - const correctProductName = targetParts[0]; - const correctVersion = targetParts.length > 1 ? targetParts[1] : null; - // Get the relative path of the markdown file after product/version - const fileRelToProduct = path.relative(path.join(DOCS_DIR, targetFolder), filePath); - const mdSubfolders = fileRelToProduct.split(path.sep).slice(0, -1); // remove filename - const imageFilename = pathParts[pathParts.length - 1]; - // Try all subfolder levels (from most specific to least) - const validPaths = []; - for (let i = mdSubfolders.length; i >= 0; i--) { - const parts = ['img', 'product_docs', correctProductName]; - if (correctVersion) parts.push(correctVersion); - parts.push(...mdSubfolders.slice(0, i)); - parts.push(imageFilename); - const suggestedPath = '/' + parts.join('/'); - if (checkImageExistsInStatic(suggestedPath)) { - validPaths.push(suggestedPath); - } - } - if (validPaths.length > 0) { - return validPaths; - } - // If not found, return null to indicate no valid suggestion - return null; -} - -// Function to check if an image exists at a given path in the static folder -function checkImageExistsInStatic(imagePath) { - // Remove leading slash if present - const cleanPath = imagePath.startsWith('/') ? imagePath.substring(1) : imagePath; - const fullPath = path.join(STATIC_DIR, cleanPath); - return fs.existsSync(fullPath); -} - -// Function to update image links in content -function updateImageLinks(content, targetFolder) { - const imageRegex = /!\[([^\]]*)\]\(([^)]+)\)/g; - let updatedContent = content; - const updates = []; - - // Use replace with a function to handle the replacements properly - updatedContent = updatedContent.replace(imageRegex, (match, altText, imagePath) => { - // Skip if the path contains obvious malformed characters or is too short - if (imagePath.length < 3 || imagePath.includes('<') || imagePath.includes('>')) { - return match; - } - - // Skip external URLs (http/https) - if (imagePath.startsWith('http://') || imagePath.startsWith('https://')) { - return match; - } - - // Skip data URLs - if (imagePath.startsWith('data:')) { - return match; - } - - // Check if this link should be updated - if (shouldUpdateImageLink(imagePath, targetFolder)) { - const correctedPaths = generateCorrectedPath(imagePath, targetFolder, filePath); - // Only update if the image exists at the new location - if (correctedPaths && correctedPaths.length > 0) { - const newMatch = `![${altText}](${correctedPaths[0]})`; - updates.push({ - oldPath: imagePath, - newPath: correctedPaths[0], - updated: true - }); - return newMatch; - } else { - updates.push({ - oldPath: imagePath, - newPath: correctedPaths, - updated: false - }); - return match; // Do not update if image does not exist - } - } - - return match; - }); - - return { updatedContent, updates }; -} - -// Main function -function updateImageLinksInFolder() { - // Validate target folder - if (!fs.existsSync(SCAN_DIR)) { - console.error(`❌ Error: Folder '${targetFolder}' not found in docs directory`); - console.error(` Expected: ${SCAN_DIR}`); - process.exit(1); - } - - console.log(`🔍 Scanning folder '${targetFolder}' for markdown files...`); - - const markdownFiles = findMarkdownFiles(SCAN_DIR); - console.log(`📁 Found ${markdownFiles.length} markdown files\n`); - - let totalFilesUpdated = 0; - let totalLinksUpdated = 0; - - for (const filePath of markdownFiles) { - const content = fs.readFileSync(filePath, 'utf8'); - const { updatedContent, updates } = updateImageLinks(content, targetFolder); - - if (updates.length > 0) { - // Write the updated content back to the file if any links were updated - if (updates.some(u => u.updated)) { - fs.writeFileSync(filePath, updatedContent, 'utf8'); - } - - const relPath = path.relative(DOCS_DIR, filePath); - const updatedCount = updates.filter(u => u.updated).length; - const skippedCount = updates.filter(u => !u.updated).length; - if (updatedCount > 0) { - console.log(`✅ ${relPath} (${updatedCount} links updated):`); - for (const update of updates.filter(u => u.updated)) { - console.log(` Old: ${update.oldPath}`); - console.log(` New: ${update.newPath}`); - console.log(''); - } - } - if (skippedCount > 0) { - console.log(`⚠️ ${relPath} (${skippedCount} links skipped - image not found):`); - for (const update of updates.filter(u => !u.updated)) { - console.log(` Old: ${update.oldPath}`); - console.log(` Intended: ${update.newPath}`); - console.log(''); - } - } - - totalFilesUpdated++; - totalLinksUpdated += updates.length; - } - } - - // Summary - console.log('='.repeat(60)); - console.log('📊 SUMMARY:'); - console.log(`📁 Total markdown files scanned: ${markdownFiles.length}`); - console.log(`✅ Files updated: ${totalFilesUpdated}`); - console.log(`🔗 Total links updated: ${totalLinksUpdated}`); - - if (totalLinksUpdated === 0) { - console.log('✅ All image links are already correct!'); - } else { - console.log('✅ Image links have been updated successfully.'); - } -} - -// Show usage if help is requested -function showUsage() { - console.log('Usage: node update-image-links.js '); - console.log(''); - console.log('Arguments:'); - console.log(' folder Required: Specific subfolder within docs to update'); - console.log(' (e.g., "accessanalyzer/12.0" to update docs/accessanalyzer/12.0/)'); - console.log(''); - console.log('Examples:'); - console.log(' node update-image-links.js accessanalyzer/12.0'); - console.log(' node update-image-links.js 1secure'); - console.log(' node update-image-links.js activitymonitor/8.0'); - console.log(''); - console.log('This script will:'); - console.log(' 1. Scan all markdown files in the specified folder and subfolders'); - console.log(' 2. Find image links that don\'t match the expected product folder structure'); - console.log(' 3. Update them to use the correct product name and version'); - console.log(' 4. Save the changes back to the files'); -} - -// New: Function to scan and report mismatched image links -function reportMismatchedImageLinks(targetFolder) { - const markdownFiles = findMarkdownFiles(path.join(DOCS_DIR, targetFolder)); - const reportLines = []; - const targetParts = targetFolder.split('/'); - const correctProductName = targetParts[0]; - const correctVersion = targetParts.length > 1 ? targetParts[1] : null; - - // Add CSV header - reportLines.push('File,Line,Image Link'); - - for (const filePath of markdownFiles) { - const content = fs.readFileSync(filePath, 'utf8'); - const lines = content.split(/\r?\n/); - lines.forEach((line, idx) => { - // Find all image links in the line - const imageRegex = /!\[[^\]]*\]\(([^)]+)\)/g; - let match; - while ((match = imageRegex.exec(line)) !== null) { - const imagePath = match[1]; - // Only check local (not http/https) links - if (imagePath.startsWith('http://') || imagePath.startsWith('https://')) continue; - // Remove leading slash - const cleanPath = imagePath.startsWith('/') ? imagePath.substring(1) : imagePath; - const pathParts = cleanPath.split('/'); - // Check if path matches expected product/version - if ( - pathParts[0] === 'img' && - pathParts[1] === 'product_docs' && - ( - pathParts[2] !== correctProductName || - (correctVersion && pathParts[3] !== correctVersion) - ) - ) { - // Escape double quotes and commas in fields for CSV - const fileCsv = path.relative(DOCS_DIR, filePath).replace(/"/g, '""'); - const imageCsv = imagePath.replace(/"/g, '""'); - reportLines.push(`"${fileCsv}",${idx + 1},"${imageCsv}"`); - } - } - }); - } - // Write report to CSV file in root of specified folder - const reportPath = path.join(DOCS_DIR, targetFolder, 'image-link-report.csv'); - fs.writeFileSync(reportPath, reportLines.join('\n'), 'utf8'); - console.log(`\n📄 CSV report written to: ${reportPath}`); - console.log(`Total mismatched links found: ${reportLines.length - 1}`); -} - -// Replace main logic with report-only mode -if (require.main === module) { - if (!targetFolder) { - console.error('❌ Error: Please provide a folder name as an argument'); - process.exit(1); - } - reportMismatchedImageLinks(targetFolder); -} - -module.exports = { - updateImageLinksInFolder, - findMarkdownFiles, - extractImageLinks, - shouldUpdateImageLink, - generateCorrectedPath, - updateImageLinks -}; - -async function interactiveFix(targetFolder) { - const mismatches = getMismatchedLinks(targetFolder); - if (mismatches.length === 0) { - console.log('No mismatched image links found.'); - return; - } - const rl = readline.createInterface({ - input: process.stdin, - output: process.stdout - }); - let updated = 0, skipped = 0, custom = 0, quit = false; - for (const mismatch of mismatches) { - if (quit) break; - // Show 2 lines before and after for context - const content = fs.readFileSync(mismatch.filePath, 'utf8'); - const lines = content.split(/\r?\n/); - const start = Math.max(0, mismatch.lineNumber - 3); - const end = Math.min(lines.length, mismatch.lineNumber + 2); - console.log('\nFile:', path.relative(DOCS_DIR, mismatch.filePath)); - console.log('Line:', mismatch.lineNumber); - console.log('Context:'); - for (let i = start; i < end; i++) { - const prefix = (i + 1 === mismatch.lineNumber) ? '> ' : ' '; - console.log(`${prefix}${i + 1}: ${lines[i]}`); - } - console.log('Original image link:', mismatch.imagePath); - let suggestion = mismatch.suggested; - if (!suggestion) { - console.log('No valid suggested image path found.'); - } else { - console.log('Suggested:', suggestion); - } - let resolved = false; - while (!resolved) { - if (!suggestion) { - rl.setPrompt('Enter custom image path, [s]kip, [q]uit: '); - } else { - rl.setPrompt('Action? [a]ccept/[c]ustom/[s]kip/[q]uit: '); - } - await new Promise((resolve) => { - rl.prompt(); - rl.once('line', async (answer) => { - const ans = answer.trim().toLowerCase(); - if (suggestion && (ans === 'a' || ans === 'accept' || ans === '')) { - const suggestionPath = suggestion; - if (suggestionPath && checkImageExistsInStatic(suggestionPath)) { - const content = fs.readFileSync(mismatch.filePath, 'utf8'); - const newContent = content.replace(mismatch.fullMatch, mismatch.fullMatch.replace(mismatch.imagePath, suggestionPath)); - fs.writeFileSync(mismatch.filePath, newContent, 'utf8'); - console.log('✅ Updated to suggested path.'); - updated++; - resolved = true; - } else { - console.log('❌ Suggested image does not exist in static folder. Try again.'); - } - resolve(); - } else if (ans === 'c' || (!suggestion && ans !== 's' && ans !== 'q')) { - rl.question('Enter custom image path: ', (customPath) => { - const finalPath = customPath.trim(); - if (checkImageExistsInStatic(finalPath)) { - const content = fs.readFileSync(mismatch.filePath, 'utf8'); - const newContent = content.replace(mismatch.fullMatch, mismatch.fullMatch.replace(mismatch.imagePath, finalPath)); - fs.writeFileSync(mismatch.filePath, newContent, 'utf8'); - console.log('✅ Updated to custom path.'); - custom++; - resolved = true; - } else { - console.log('❌ Custom image does not exist in static folder. Try again.'); - } - resolve(); - }); - } else if (ans === 's' || ans === 'skip') { - skipped++; - resolved = true; - resolve(); - } else if (ans === 'q' || ans === 'quit') { - quit = true; - resolved = true; - resolve(); - } else { - console.log('Invalid input. Try again.'); - resolve(); - } - }); - }); - } - } - rl.close(); - console.log(`\nSummary: Updated: ${updated}, Custom: ${custom}, Skipped: ${skipped}`); -} - -function getMismatchedLinks(targetFolder) { - const markdownFiles = findMarkdownFiles(path.join(DOCS_DIR, targetFolder)); - const targetParts = targetFolder.split('/'); - const correctProductName = targetParts[0]; - const correctVersion = targetParts.length > 1 ? targetParts[1] : null; - const mismatches = []; - for (const filePath of markdownFiles) { - const content = fs.readFileSync(filePath, 'utf8'); - const lines = content.split(/\r?\n/); - lines.forEach((line, idx) => { - const imageRegex = /!\[[^\]]*\]\(([^)]+)\)/g; - let match; - while ((match = imageRegex.exec(line)) !== null) { - const imagePath = match[1]; - if (imagePath.startsWith('http://') || imagePath.startsWith('https://')) return; - const cleanPath = imagePath.startsWith('/') ? imagePath.substring(1) : imagePath; - const pathParts = cleanPath.split('/'); - if ( - pathParts[0] === 'img' && - pathParts[1] === 'product_docs' && - ( - pathParts[2] !== correctProductName || - (correctVersion && pathParts[3] !== correctVersion) - ) - ) { - mismatches.push({ - filePath, - lineNumber: idx + 1, - line, - imagePath, - matchIndex: match.index, - fullMatch: match[0], - suggested: generateCorrectedPath(imagePath, targetFolder, filePath) - }); - } - } - }); - } - return mismatches; -} - -if (require.main === module) { - interactiveFix(targetFolder); -} \ No newline at end of file diff --git a/sidebars/threatprevention-7.5-sidebar.js b/sidebars/threatprevention-7.5-sidebar.js index 5c52101445..18c7bbc691 100644 --- a/sidebars/threatprevention-7.5-sidebar.js +++ b/sidebars/threatprevention-7.5-sidebar.js @@ -4,448 +4,8 @@ const sidebars = { threatprevention75Sidebar: [ { - type: 'doc', - id: 'index', - label: 'Threat Prevention 7.5', - }, - { - type: 'category', - label: 'Getting Started', - collapsed: false, - items: [ - 'gettingstarted', - 'overview', - 'whatsnew', - { - type: 'category', - label: 'System Requirements', - items: [ - 'requirements/overview', - 'requirements/adminconsole', - 'requirements/agent', - 'requirements/agentnas', - 'requirements/application', - 'requirements/reportingserver', - 'requirements/sqlserver', - 'requirements/eperestsite', - 'requirements/dbmaintenance', - 'requirements/ports', - ], - }, - ], - }, - { - type: 'category', - label: 'Installation & Setup', - collapsed: true, - items: [ - 'install/overview', - 'install/firstlaunch', - 'install/adminconsole', - 'install/application', - 'install/licenseimport', - 'install/certificatemanagementwizard', - 'install/dbconnectionmanager', - 'install/eperestsite', - 'install/epeuserfeedback', - 'install/migrateemserver', - { - type: 'category', - label: 'Agent Installation', - items: [ - 'install/agent/overview', - 'install/agent/manual', - 'install/agent/silent', - 'install/agent/customcert', - ], - }, - { - type: 'category', - label: 'Reporting Module', - items: [ - 'install/reportingmodule/overview', - 'install/reportingmodule/database', - 'install/reportingmodule/application', - 'install/reportingmodule/firstlaunch', - 'install/reportingmodule/secure', - ], - }, - { - type: 'category', - label: 'Upgrades', - items: [ - 'install/upgrade/overview', - 'install/upgrade/agent', - 'install/upgrade/reportingmodule', - 'install/upgrade/policytemplates', - 'install/upgrade/uninstallagent', - ], - }, - ], - }, - { - type: 'category', - label: 'Administration', - collapsed: true, - items: [ - 'admin/overview', - { - type: 'category', - label: 'Agent Management', - items: [ - 'admin/agents/overview', - 'admin/agents/safemode', - { - type: 'category', - label: 'Agent Deployment', - items: [ - 'admin/agents/deploy/overview', - 'admin/agents/deploy/prerequisitescheck', - 'admin/agents/deploy/selectcomputers', - 'admin/agents/deploy/setoptions', - 'admin/agents/deploy/installing', - ], - }, - { - type: 'category', - label: 'Agent Operations', - items: [ - 'admin/agents/management/start', - 'admin/agents/management/stop', - 'admin/agents/management/harden', - 'admin/agents/management/soften', - 'admin/agents/management/startpendingmodules', - 'admin/agents/management/removeserver', - 'admin/agents/management/clearqueue', - 'admin/agents/management/upgradeadmonitor', - ], - }, - { - type: 'category', - label: 'Agent Configuration', - items: [ - 'admin/agents/window/agentinstallerupdate', - 'admin/agents/window/configureautodeploy', - 'admin/agents/window/enrollmentsecretconfiguration', - 'admin/agents/window/loglevelconfiguration', - ], - }, - ], - }, - { - type: 'category', - label: 'Policies & Templates', - items: [ - 'admin/policies/overview', - 'admin/policies/configuration', - 'admin/policies/general', - 'admin/policies/dataprotection', - 'admin/policies/exportpoliciestemplates', - { - type: 'category', - label: 'Event Type Policies', - items: [ - 'admin/policies/eventtype/overview', - 'admin/policies/eventtype/activedirectorychanges', - 'admin/policies/eventtype/activedirectorylockdown', - 'admin/policies/eventtype/activedirectoryreadmonitoring', - 'admin/policies/eventtype/authenticationlockdown', - 'admin/policies/eventtype/authenticationmonitoring', - 'admin/policies/eventtype/exchangechanges', - 'admin/policies/eventtype/exchangelockdown', - 'admin/policies/eventtype/filesystemaccessanalyzer', - 'admin/policies/eventtype/filesystemchanges', - 'admin/policies/eventtype/filesystemlockdown', - 'admin/policies/eventtype/ldaplockdown', - 'admin/policies/eventtype/ldapmonitoring', - 'admin/policies/eventtype/ldapbindmonitoring', - 'admin/policies/eventtype/lsassguardianmonitor', - 'admin/policies/eventtype/lsassguardianprotect', - 'admin/policies/eventtype/passwordenforcement', - 'admin/policies/eventtype/gposettingchanges', - 'admin/policies/eventtype/gposettinglockdown', - 'admin/policies/eventtype/adreplicationlockdown', - 'admin/policies/eventtype/adreplicationmonitoring', - 'admin/policies/eventtype/effectivegroupmembership', - 'admin/policies/eventtype/fsmorolemonitoring', - ], - }, - { - type: 'category', - label: 'Policy Actions', - items: [ - 'admin/policies/actions/overview', - 'admin/policies/actions/file', - 'admin/policies/actions/powershell', - 'admin/policies/actions/netscript', - ], - }, - { - type: 'category', - label: 'Recent Events', - items: [ - 'admin/policies/recentevents/overview', - 'admin/policies/recentevents/eventtracker', - 'admin/policies/recentevents/eventviewer', - 'admin/policies/recentevents/executepsscript', - ], - }, - { - type: 'category', - label: 'Policy Templates', - items: [ - 'admin/templates/overview', - 'admin/templates/createpolicy', - 'admin/templates/configuration', - 'admin/templates/general', - 'admin/templates/eventtype', - 'admin/templates/actions', - { - type: 'category', - label: 'Template Collections', - items: [ - 'admin/templates/folder/overview', - 'admin/templates/folder/security-templates', - 'admin/templates/folder/microsoft-templates', - 'admin/templates/folder/infrastructure-templates', - 'admin/templates/folder/bestpractices', - 'admin/templates/folder/actions', - 'admin/templates/folder/hipaa', - 'admin/templates/folder/reconnaissance', - 'admin/templates/folder/schemaconfiguration', - 'admin/templates/folder/siem', - ], - }, - ], - }, - ], - }, - { - type: 'category', - label: 'System Configuration', - items: [ - { - type: 'category', - label: 'Database Management', - items: [ - 'admin/configuration/databasemaintenance/overview', - 'admin/configuration/databasemaintenance/enable', - 'admin/configuration/databasemaintenance/schedule', - 'admin/configuration/databasemaintenance/archive', - 'admin/configuration/databasemaintenance/storedprocedures', - ], - }, - { - type: 'category', - label: 'System Alerting', - items: [ - 'admin/configuration/systemalerting/overview', - 'admin/configuration/systemalerting/email', - 'admin/configuration/systemalerting/eventlog', - 'admin/configuration/systemalerting/siem', - ], - }, - { - type: 'category', - label: 'Collection Manager', - items: [ - 'admin/configuration/collectionmanager/overview', - 'admin/configuration/collectionmanager/listcollections', - 'admin/configuration/collectionmanager/dynamic', - ], - }, - { - type: 'category', - label: 'User Management', - items: [ - 'admin/configuration/userroles/overview', - 'admin/configuration/userroles/add', - 'admin/configuration/userroles/modify', - 'admin/configuration/userroles/delete', - ], - }, - { - type: 'category', - label: 'System Settings', - items: [ - 'admin/configuration/epesettings', - 'admin/configuration/eventfilteringconfiguration', - 'admin/configuration/eventsdatabaseconfiguration', - 'admin/configuration/filemonitorsettings', - 'admin/configuration/threatmanagerconfiguration', - 'admin/configuration/siemoutputviewer', - ], - }, - ], - }, - { - type: 'category', - label: 'Investigation Tools', - items: [ - 'admin/investigate/overview', - 'admin/investigate/datagrid', - 'admin/investigate/filters', - 'admin/investigate/saved', - 'admin/investigate/summaryfolders', - ], - }, - { - type: 'category', - label: 'Analytics & Threats', - items: [ - 'admin/analytics/overview', - 'admin/analytics/baduseridsourcehost', - 'admin/analytics/baduseriduser', - 'admin/analytics/breachedpassword', - 'admin/analytics/bruteforceattacks', - 'admin/analytics/concurrentlogins', - 'admin/analytics/filesystemattacksuser', - 'admin/analytics/forgedpac', - 'admin/analytics/goldenticket', - 'admin/analytics/horizontalmovementattacks', - 'admin/analytics/impersonationlogins', - 'admin/analytics/kerberosweakencryption', - 'admin/analytics/useraccounthacking', - ], - }, - { - type: 'category', - label: 'Alerts & Notifications', - items: [ - 'admin/alerts/overview', - 'admin/alerts/window/alertscleanup', - 'admin/alerts/window/alertsexport', - 'admin/alerts/window/policycomparison', - ], - }, - { - type: 'category', - label: 'Navigation & Tools', - items: [ - 'admin/navigation/overview', - 'admin/navigation/datagrid', - 'admin/navigation/licensemanager', - 'admin/navigation/rightclickmenus', - 'admin/tools/exportpoliciestemplates', - 'admin/tools/import', - ], - }, - { - type: 'category', - label: 'Tags & Organization', - items: ['admin/tags/overview'], - }, - ], - }, - { - type: 'category', - label: 'Reporting & Analytics', - collapsed: true, - items: [ - 'reportingmodule/overview', - 'reportingmodule/threats', - { - type: 'category', - label: 'Investigations', - items: [ - 'reportingmodule/investigations/overview', - 'reportingmodule/investigations/newinvestigation', - 'reportingmodule/investigations/myinvestigations', - 'reportingmodule/investigations/predefinedinvestigations', - 'reportingmodule/investigations/favorites', - 'reportingmodule/investigations/reports', - 'reportingmodule/investigations/subscriptionsexports', - 'reportingmodule/investigations/auditcompliance', - 'reportingmodule/investigations/user', - 'reportingmodule/investigations/host', - 'reportingmodule/investigations/group', - ], - }, - { - type: 'category', - label: 'System Configuration', - items: [ - 'reportingmodule/configuration/overview', - 'reportingmodule/configuration/systemhealth', - ], - }, - ], - }, - { - type: 'category', - label: 'Security Solutions', - collapsed: true, - items: [ - 'solutions/overview', - 'solutions/activedirectory', - 'solutions/filesystem', - 'solutions/exchange', - 'solutions/ldap', - 'solutions/epe', - ], - }, - { - type: 'category', - label: 'SIEM Integration', - collapsed: true, - items: [ - 'siemdashboard/overview', - { - type: 'category', - label: 'QRadar Integration', - items: [ - 'siemdashboard/qradar/overview', - 'siemdashboard/qradar/navigate', - 'siemdashboard/qradar/offenses', - 'siemdashboard/qradar/qidmap', - 'siemdashboard/qradar/settings', - ], - }, - ], - }, - { - type: 'category', - label: 'API & Integrations', - collapsed: true, - items: [ - 'api/overview', - 'api/collections', - 'api/epe', - 'api/loadmodule', - 'api/policy', - 'api/threatmanager', - { - type: 'category', - label: 'EPE REST Site', - items: [ - 'eperestsite/overview', - 'eperestsite/login', - 'eperestsite/accountmanagement', - 'eperestsite/checkpassword', - ], - }, - ], - }, - { - type: 'category', - label: 'Troubleshooting', - collapsed: true, - items: [ - 'troubleshooting/overview', - 'troubleshooting/agentservice', - 'troubleshooting/agentcommunication', - 'troubleshooting/enterprisemanagercommunication', - 'troubleshooting/lsass', - 'troubleshooting/exchangelockdown', - 'troubleshooting/sqlserver', - 'troubleshooting/msilogs', - ], - }, - { - type: 'category', - label: 'Configuration Files', - collapsed: true, - items: ['config/activedirectory/threatprevention'], + type: 'autogenerated', + dirName: '.', }, ], }; diff --git a/static/img/product_docs/identitymanager/6.2/skipped-image-links.txt b/static/img/product_docs/identitymanager/6.2/skipped-image-links.txt new file mode 100644 index 0000000000..f89542b86b --- /dev/null +++ b/static/img/product_docs/identitymanager/6.2/skipped-image-links.txt @@ -0,0 +1,12145 @@ + +--- +File: docs\identitymanager\6.2\installation-guide\overview\index.md +Context: +## Components and Data Flow + +![Components & Data Flow](/img/product_docs/identitymanager/saas/installation-guide/overview/components_data_flow.webp) + +### Components +Original image link: ![Components & Data Flow](/img/product_docs/identitymanager/saas/installation-guide/overview/components_data_flow.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\installation-guide\overview\index.md +Context: +This approach is useful when managed systems need to run on separate and isolated networks. + +![Server & Agents isolated](/img/product_docs/identitymanager/saas/installation-guide/overview/distribution_1.webp) + +**2.** The Server and one Agent are installed on the same workstation +Original image link: ![Server & Agents isolated](/img/product_docs/identitymanager/saas/installation-guide/overview/distribution_1.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\installation-guide\overview\index.md +Context: +the same workstation or on a separate one. + +![Server & Agent together](/img/product_docs/identitymanager/saas/installation-guide/overview/distribution_2.webp) + +## Authentication +Original image link: ![Server & Agent together](/img/product_docs/identitymanager/saas/installation-guide/overview/distribution_2.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\installation-guide\production-ready\agent\index.md +Context: + **.NET CLR Version** > **No Managed Code** + +![IIS Settings](/img/product_docs/identitymanager/saas/installation-guide/production-ready/server/iis_settings.webp) + +This sums up IIS settings. +Original image link: ![IIS Settings](/img/product_docs/identitymanager/saas/installation-guide/production-ready/server/iis_settings.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\installation-guide\production-ready\agent\index.md +Context: +window. + +![Object Names](/img/product_docs/identitymanager/saas/installation-guide/production-ready/server/enter-the-object-names-to-select.webp) + +**Step 6 –** Check the **Allow** column for the relevant permissions. Check the **Deny** column for +Original image link: ![Object Names](/img/product_docs/identitymanager/saas/installation-guide/production-ready/server/enter-the-object-names-to-select.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\installation-guide\production-ready\database\index.md +Context: + screen. + +![Execute Query](/img/product_docs/identitymanager/saas/installation-guide/production-ready/database/execute_query.webp) + +- From the dropdown, select the newly created database. +Original image link: ![Execute Query](/img/product_docs/identitymanager/saas/installation-guide/production-ready/database/execute_query.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\installation-guide\production-ready\server\index.md +Context: + Version > `No Managed Code` + +![IIS Settings](/img/product_docs/identitymanager/saas/installation-guide/production-ready/server/iis_settings.webp) + +An SSL Certificate should also be set to the IIS Server to perform HTTPS communication with +Original image link: ![IIS Settings](/img/product_docs/identitymanager/saas/installation-guide/production-ready/server/iis_settings.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\installation-guide\production-ready\server\index.md +Context: +server-level role. + +![New Login](/img/product_docs/accessanalyzer/12.0/install/application/newlogin.webp) + +**Step 2 –** Expand the **Security** and **Login** nodes, and look for the Identity Manager service +Original image link: ![New Login](/img/product_docs/accessanalyzer/12.0/install/application/newlogin.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\installation-guide\production-ready\server\index.md +Context: +as well as **db_owner** and **public** (bottom panel). + +![Bulk](/img/product_docs/identitymanager/saas/installation-guide/production-ready/server/bulk.webp) + +**Step 7 –** Right-click the **Server** root node and select **Properties**, and in the +Original image link: ![Bulk](/img/product_docs/identitymanager/saas/installation-guide/production-ready/server/bulk.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\installation-guide\production-ready\server\index.md +Context: + **Step 1 –** Click on **Edit** and then on **Add**. + + ![Object Names](/img/product_docs/identitymanager/saas/installation-guide/production-ready/server/enter-the-object-names-to-select.webp) + + **Step 2 –** In the **Enter the object names to select** textbox, enter the service account name +Original image link: ![Object Names](/img/product_docs/identitymanager/saas/installation-guide/production-ready/server/enter-the-object-names-to-select.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\installation-guide\quick-start\index.md +Context: +expected version. + +![Extranet Artifacts](/img/product_docs/identitymanager/saas/installation-guide/quick-start/extranet_v601.webp) + +**Step 2 –** Extract from SDK the folder Identity Manager Bootstrap anywhere on the computer. +Original image link: ![Extranet Artifacts](/img/product_docs/identitymanager/saas/installation-guide/quick-start/extranet_v601.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\installation-guide\quick-start\index.md +Context: +When extracting Identity Manager Bootstrap to the root of the computer, it looks like: + +![Project Directory](/img/product_docs/identitymanager/saas/installation-guide/quick-start/directory_v602.webp) + +**Step 4 –** Move or copy your certificate inside the Runtime folder. +Original image link: ![Project Directory](/img/product_docs/identitymanager/saas/installation-guide/quick-start/directory_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\installation-guide\quick-start\index.md +Context: +section. + +![Authentication Dialog](/img/product_docs/identitymanager/saas/installation-guide/quick-start/authentication_v601.webp) + +Now you can start using the application. +Original image link: ![Authentication Dialog](/img/product_docs/identitymanager/saas/installation-guide/quick-start/authentication_v601.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\installation-guide\quick-start\index.md +Context: +from the **Configuration** section of the home page. + +![Home Page - Settings](/img/product_docs/identitymanager/saas/user-guide/set-up/user-profile-configuration/home_settings_v523.webp) + +Then, Netwrix Identity Manager (formerly Usercube) recommends following the user guide to start the +Original image link: ![Home Page - Settings](/img/product_docs/identitymanager/saas/user-guide/set-up/user-profile-configuration/home_settings_v523.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\installation-guide\reverse-proxy\index.md +Context: + able to monitor plain text requests from/to Identity Manager's server; + + ![Proxy Purposes: Encryption](/img/product_docs/identitymanager/saas/installation-guide/reverse-proxy/proxy_purpose_encryption.webp) + +- installing Identity Manager with an integrated agent on a network isolated from the users' +Original image link: ![Proxy Purposes: Encryption](/img/product_docs/identitymanager/saas/installation-guide/reverse-proxy/proxy_purpose_encryption.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\installation-guide\reverse-proxy\index.md +Context: + network isolated from the Internet; + + ![Proxy Installation Example](/img/product_docs/identitymanager/saas/installation-guide/reverse-proxy/proxy_example.webp) + + This installation will be used for the configuration examples below. +Original image link: ![Proxy Installation Example](/img/product_docs/identitymanager/saas/installation-guide/reverse-proxy/proxy_example.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\installation-guide\reverse-proxy\index.md +Context: +- using several Identity Manager's server instances for load-balancing purposes. + + ![Proxy Purposes: Load Balancing](/img/product_docs/identitymanager/saas/installation-guide/reverse-proxy/proxy_purpose_loadbalancing.webp) + +As Identity Manager is session-less, working with several servers does not imply the need to +Original image link: ![Proxy Purposes: Load Balancing](/img/product_docs/identitymanager/saas/installation-guide/reverse-proxy/proxy_purpose_loadbalancing.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\api\how-tos\request-postman\index.md +Context: +2. Create a new request by clicking on **+ New** then **Request**. + + ![Postman: New Request](/img/product_docs/identitymanager/saas/integration-guide/api/how-tos/request-postman/postman_newrequest.webp) + +3. Fill in the fields and click on **Save to Identity Manager**. +Original image link: ![Postman: New Request](/img/product_docs/identitymanager/saas/integration-guide/api/how-tos/request-postman/postman_newrequest.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\api\how-tos\request-postman\index.md +Context: +3. Fill in the fields and click on **Save to Identity Manager**. + + ![Postman: New Request Fields](/img/product_docs/identitymanager/saas/integration-guide/api/how-tos/request-postman/postman_requestfields.webp) + +4. Fill in the authentication information as follows: +Original image link: ![Postman: New Request Fields](/img/product_docs/identitymanager/saas/integration-guide/api/how-tos/request-postman/postman_requestfields.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\api\how-tos\request-postman\index.md +Context: +4. Fill in the authentication information as follows: + + ![Postman: Authentication](/img/product_docs/identitymanager/saas/integration-guide/api/how-tos/request-postman/postman_authentication.webp) + + - **Method**: POST +Original image link: ![Postman: Authentication](/img/product_docs/identitymanager/saas/integration-guide/api/how-tos/request-postman/postman_authentication.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\api\how-tos\request-postman\index.md +Context: +5. Click on **Send** and get the access token from the response body. + + ![Postman: Access Token](/img/product_docs/identitymanager/saas/integration-guide/api/how-tos/request-postman/postman_accesstoken.webp) + +## Use an Access Token +Original image link: ![Postman: Access Token](/img/product_docs/identitymanager/saas/integration-guide/api/how-tos/request-postman/postman_accesstoken.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\api\how-tos\request-postman\index.md +Context: +2. Fill in the authorization information as follows: + + ![Postman: Authorization](/img/product_docs/identitymanager/saas/integration-guide/api/how-tos/request-postman/postman_authorization.webp) + + - **Method**: GET +Original image link: ![Postman: Authorization](/img/product_docs/identitymanager/saas/integration-guide/api/how-tos/request-postman/postman_authorization.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\api\how-tos\request-postman\index.md +Context: +3. Click on **Send** and get the result from the response body. + + ![Postman: Access Token Result](/img/product_docs/identitymanager/saas/integration-guide/api/how-tos/request-postman/postman_accesstokenresult.webp) + +## Create a Combined Request +Original image link: ![Postman: Access Token Result](/img/product_docs/identitymanager/saas/integration-guide/api/how-tos/request-postman/postman_accesstokenresult.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\api\how-tos\request-postman\index.md +Context: +2. Fill in the authorization information as follows: + + ![Postman: Authorization (Combined Request)](/img/product_docs/identitymanager/saas/integration-guide/api/how-tos/request-postman/postman_authorizationcombined.webp) + + - **Method**: GET +Original image link: ![Postman: Authorization (Combined Request)](/img/product_docs/identitymanager/saas/integration-guide/api/how-tos/request-postman/postman_authorizationcombined.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\api\how-tos\request-postman\index.md +Context: +3. Click on **Get New Access Token** and fill in the fields as follows: + + ![Postman: New Access Token Fields (Combined Request)](/img/product_docs/identitymanager/saas/integration-guide/api/how-tos/request-postman/postman_newaccesstokencombined.webp) + + - **Token Name**: `` +Original image link: ![Postman: New Access Token Fields (Combined Request)](/img/product_docs/identitymanager/saas/integration-guide/api/how-tos/request-postman/postman_newaccesstokencombined.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\api\how-tos\request-postman\index.md +Context: +4. Click on **Request Token** to get the token. + + ![Postman: Get Token (Combined Request)](/img/product_docs/identitymanager/saas/integration-guide/api/how-tos/request-postman/postman_gettokencombined.webp) + +5. Click on **Use Token** and **Send** and get the result from the response body. +Original image link: ![Postman: Get Token (Combined Request)](/img/product_docs/identitymanager/saas/integration-guide/api/how-tos/request-postman/postman_gettokencombined.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\api\how-tos\request-postman\index.md +Context: +5. Click on **Use Token** and **Send** and get the result from the response body. + + ![Postman: Access Token Result (Combined Request)](/img/product_docs/identitymanager/saas/integration-guide/api/how-tos/request-postman/postman_accesstokenresult.webp) + +Original image link: ![Postman: Access Token Result (Combined Request)](/img/product_docs/identitymanager/saas/integration-guide/api/how-tos/request-postman/postman_accesstokenresult.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\api\index.md +Context: +Manager [OpenAPI](https://swagger.io/specification/) definition. + +![Usercube server swagger page](/img/product_docs/identitymanager/saas/integration-guide/api/swagger.webp) + +A function can have several versions. This is why the API description is split into several OpenAPI +Original image link: ![Usercube server swagger page](/img/product_docs/identitymanager/saas/integration-guide/api/swagger.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\api\pagination\index.md +Context: +The principle is to call the function with the ContinuationToken obtained from the previous call. + +![Pagination sequence diagram](/img/product_docs/identitymanager/saas/integration-guide/api/pagination/pagination.webp) + +**NOTE:** Pagination is optional. If PageSize is not specified, the function will return all items +Original image link: ![Pagination sequence diagram](/img/product_docs/identitymanager/saas/integration-guide/api/pagination/pagination.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\architecture\how-tos\protect-agent-server-communication\index.md +Context: + certificate configured by Identity Manager. + +![Schema: Agent/Server Communication](/img/product_docs/identitymanager/saas/integration-guide/architecture/how-tos/protect-agent-server-communication/agent-server-communication.webp) + +### Configuration details +Original image link: ![Schema: Agent/Server Communication](/img/product_docs/identitymanager/saas/integration-guide/architecture/how-tos/protect-agent-server-communication/agent-server-communication.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\architecture\index.md +Context: +[Microsoft SQLServer](https://www.microsoft.com/en-us/sql-server) relational database. + +![Architecture](/img/product_docs/changetracker/8.1/architecture.webp) + +See the [ SaaS Environment ](/docs/identitymanager/6.2/integration-guide/architecture/saas/index.md) topic for additional information on Netwrix Identity +Original image link: ![Architecture](/img/product_docs/changetracker/8.1/architecture.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\architecture\on-prem\index.md +Context: +Identity Manager recommends the following architecture: + +![On-Premises Recommended Architecture](/img/product_docs/identitymanager/saas/integration-guide/architecture/on-prem/architecture_onprem.webp) + +Most situations do not need Identity Manager so much that they need a fail-over system, i.e. +Original image link: ![On-Premises Recommended Architecture](/img/product_docs/identitymanager/saas/integration-guide/architecture/on-prem/architecture_onprem.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\architecture\saas\index.md +Context: +Identity Manager recommends the following architecture: + +![SaaS Recommended Architecture](/img/product_docs/identitymanager/saas/integration-guide/architecture/saas/architecture_saas.webp) + +### Agent(s) +Original image link: ![SaaS Recommended Architecture](/img/product_docs/identitymanager/saas/integration-guide/architecture/saas/architecture_saas.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\connectors\configuration-details\connections\index.md +Context: +columns of the selected table are used for the mapping as `Source Columns`. + +![connectiontables_ui_v60](/img/product_docs/identitymanager/saas/integration-guide/connectors/configuration-details/connections/connectiontables_ui_v60.webp) + +## Refresh Schema +Original image link: ![connectiontables_ui_v60](/img/product_docs/identitymanager/saas/integration-guide/connectors/configuration-details/connections/connectiontables_ui_v60.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\connectors\configuration-details\connections\index.md +Context: + connection is refreshed; + + ![Refresh Schema of One Connection](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/connection-creation/connectioncreation_refreshschema_v522.webp) + +- when clicking on **Refresh all schemas** on the connector's page: all schemas of the connector are +Original image link: ![Refresh Schema of One Connection](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/connection-creation/connectioncreation_refreshschema_v522.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\connectors\configuration-details\connections\index.md +Context: + refreshed. + + ![Refresh all Schemas](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/connection-creation/connectioncreation_refreshall_v602.webp) + +In the **Connections** frame, either the last successful schema update is indicated or an icon is +Original image link: ![Refresh all Schemas](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/connection-creation/connectioncreation_refreshall_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\connectors\configuration-details\connections\index.md +Context: +shown if the refresh schema failed. + +![Failed Refresh Schemas](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/connection-creation/connectioncreation_failedindicator_v602.webp) + +Some packages don't generate a schema. For these packages, the **Refresh Schema** button isn't +Original image link: ![Failed Refresh Schemas](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/connection-creation/connectioncreation_failedindicator_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\connectors\configuration-details\connections\index.md +Context: +indicated by the sentence "There is no schema for this connection". + +![No Schema](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/connection-creation/connectioncreation_noschema_v522.webp) + +The connections' schemas must be refreshed before editing the connector's entity types via the UI, +Original image link: ![No Schema](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/connection-creation/connectioncreation_noschema_v522.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\connectors\entitypropertymapping-format\index.md +Context: +> of `userAccountControl`. +> +> ![New Property for Bit Provisioning](/img/product_docs/identitymanager/saas/integration-guide/connectors/entitypropertymapping-format/bitprov_property_v603.webp) +> +> XML configuration looks like the following: +Original image link: ![New Property for Bit Provisioning](/img/product_docs/identitymanager/saas/integration-guide/connectors/entitypropertymapping-format/bitprov_property_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\connectors\entitypropertymapping-format\index.md +Context: +declared in the ResourceType. + +![Export and Fulfill Data transformation](/img/product_docs/identitymanager/saas/integration-guide/connectors/entitypropertymapping-format/entitypropertymapping-format-flowchart.webp) + +Original image link: ![Export and Fulfill Data transformation](/img/product_docs/identitymanager/saas/integration-guide/connectors/entitypropertymapping-format/entitypropertymapping-format-flowchart.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\connectors\how-tos\azuread-register\index.md +Context: +5. Click the **+ New Registration** button in the top menu. + + ![Azure AD Export - Add New Registration](/img/product_docs/identitymanager/saas/integration-guide/connectors/how-tos/azuread-register/howtos_azuread_exportregistration.webp) + + A new registration form is displayed: +Original image link: ![Azure AD Export - Add New Registration](/img/product_docs/identitymanager/saas/integration-guide/connectors/how-tos/azuread-register/howtos_azuread_exportregistration.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\connectors\how-tos\azuread-register\index.md +Context: + needed by the Identity Manager Agent. + + ![Azure AD Export - New ApplicationId](/img/product_docs/identitymanager/saas/integration-guide/connectors/how-tos/azuread-register/howtos_azuread_exportapplicationid.webp) + +### Get the application's secret key +Original image link: ![Azure AD Export - New ApplicationId](/img/product_docs/identitymanager/saas/integration-guide/connectors/how-tos/azuread-register/howtos_azuread_exportapplicationid.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\connectors\how-tos\azuread-register\index.md +Context: + is needed by the Identity Manager Agent settings file. + + ![Azure AD Export - New Client Secret](/img/product_docs/identitymanager/saas/integration-guide/connectors/how-tos/azuread-register/howtos_azuread_exportsecret.webp) + + The **Client Secret** value is only displayed in the UI in plain text at first. After a while, +Original image link: ![Azure AD Export - New Client Secret](/img/product_docs/identitymanager/saas/integration-guide/connectors/how-tos/azuread-register/howtos_azuread_exportsecret.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\connectors\how-tos\azuread-register\index.md +Context: +4. Click on the **+ Add a permission** button. + + ![Azure AD Export - Add Permission](/img/product_docs/identitymanager/saas/integration-guide/connectors/how-tos/azuread-register/howtos_azuread_exportpermissions.webp) + +5. Go to **Microsoft graph** > **Application permissions**. +Original image link: ![Azure AD Export - Add Permission](/img/product_docs/identitymanager/saas/integration-guide/connectors/how-tos/azuread-register/howtos_azuread_exportpermissions.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\connectors\how-tos\azuread-register\index.md +Context: + permission. + + ![Azure AD Export - Directory Permission](/img/product_docs/identitymanager/saas/integration-guide/connectors/how-tos/azuread-register/howtos_azuread_exportdirectorypermission.webp) + +8. Confirm with the **Add permissions** button at the bottom of the page. +Original image link: ![Azure AD Export - Directory Permission](/img/product_docs/identitymanager/saas/integration-guide/connectors/how-tos/azuread-register/howtos_azuread_exportdirectorypermission.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\connectors\how-tos\azuread-register\index.md +Context: +9. Grant admin consent by clicking on **√ Grant admin consent for** name of the organization. + + ![Azure AD Export - Grant Admin Consent](/img/product_docs/identitymanager/saas/integration-guide/connectors/how-tos/azuread-register/howtos_azuread_exportadminconsent.webp) + + You should now see the status displayed as **√ Granted for** name of the organization. +Original image link: ![Azure AD Export - Grant Admin Consent](/img/product_docs/identitymanager/saas/integration-guide/connectors/how-tos/azuread-register/howtos_azuread_exportadminconsent.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\connectors\how-tos\configure-secured-options\index.md +Context: + - for a simple field: + + ![AD creation](/img/product_docs/identitymanager/saas/integration-guide/connectors/how-tos/configure-secured-options/securedoptions_adlogin_v603.webp) + + - for multiple key-value fields: +Original image link: ![AD creation](/img/product_docs/identitymanager/saas/integration-guide/connectors/how-tos/configure-secured-options/securedoptions_adlogin_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\connectors\how-tos\configure-secured-options\index.md +Context: + - for multiple key-value fields: + + ![SQL connection string](/img/product_docs/identitymanager/saas/integration-guide/connectors/how-tos/configure-secured-options/securedoptions_keyvalue_v603.webp) + + Contrary to simple fields, multiple-key-value secured options are not restricted to a given +Original image link: ![SQL connection string](/img/product_docs/identitymanager/saas/integration-guide/connectors/how-tos/configure-secured-options/securedoptions_keyvalue_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\connectors\how-tos\configure-secured-options\index.md +Context: +2. Fill the field(s) and, if needed, click on the eye icon to make the content visible. + + ![Eye Icon](/img/product_docs/identitymanager/saas/user-guide/set-up/synchronization/iconeye_v600.svg) + + > For example, for a simple field in an AD connection, the **Login** and **Password** are by +Original image link: ![Eye Icon](/img/product_docs/identitymanager/saas/user-guide/set-up/synchronization/iconeye_v600.svg) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\connectors\how-tos\configure-secured-options\index.md +Context: + > default hidden with ??????: + > + > ![Login Secured Options Hidden](/img/product_docs/identitymanager/saas/integration-guide/connectors/how-tos/configure-secured-options/securedoptions_adexample_v603.webp) + > + > ![Login Secured Options Revealed](/img/product_docs/identitymanager/saas/integration-guide/connectors/how-tos/configure-secured-options/securedoptions_adexamplevisible_v603.webp) +Original image link: ![Login Secured Options Hidden](/img/product_docs/identitymanager/saas/integration-guide/connectors/how-tos/configure-secured-options/securedoptions_adexample_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\connectors\how-tos\configure-secured-options\index.md +Context: + > ![Login Secured Options Hidden](/img/product_docs/identitymanager/saas/integration-guide/connectors/how-tos/configure-secured-options/securedoptions_adexample_v603.webp) + > + > ![Login Secured Options Revealed](/img/product_docs/identitymanager/saas/integration-guide/connectors/how-tos/configure-secured-options/securedoptions_adexamplevisible_v603.webp) + + > For example, for multiple key-value fields in an SQL connection, some elements of the +Original image link: ![Login Secured Options Revealed](/img/product_docs/identitymanager/saas/integration-guide/connectors/how-tos/configure-secured-options/securedoptions_adexamplevisible_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\connectors\how-tos\configure-secured-options\index.md +Context: + > connection string might be sensitive and need to be hidden: + > + > ![SQL connection string](/img/product_docs/identitymanager/saas/integration-guide/connectors/how-tos/configure-secured-options/securedoptions_sqlexample1_v603.webp) + > + > In this example, the database name and the minimal pool size are secured options: +Original image link: ![SQL connection string](/img/product_docs/identitymanager/saas/integration-guide/connectors/how-tos/configure-secured-options/securedoptions_sqlexample1_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\connectors\how-tos\configure-secured-options\index.md +Context: + > In this example, the database name and the minimal pool size are secured options: + > + > ![SQL Secured option filled](/img/product_docs/identitymanager/saas/integration-guide/connectors/how-tos/configure-secured-options/securedoptions_sqlexample2_v603.webp) + + > Another example of multiple key-value fields in a Powershell connection: +Original image link: ![SQL Secured option filled](/img/product_docs/identitymanager/saas/integration-guide/connectors/how-tos/configure-secured-options/securedoptions_sqlexample2_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\connectors\how-tos\configure-secured-options\index.md +Context: + > Another example of multiple key-value fields in a Powershell connection: + > + > ![Powershell Secured option hidden](/img/product_docs/identitymanager/saas/integration-guide/connectors/how-tos/configure-secured-options/securedoptions_powershellexample_v603.webp) + +3. Once saved, any secured option's value can no longer be seen. However, it can still be modified +Original image link: ![Powershell Secured option hidden](/img/product_docs/identitymanager/saas/integration-guide/connectors/how-tos/configure-secured-options/securedoptions_powershellexample_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\connectors\how-tos\create-connector\azuread\index.md +Context: +via the UI. + +![Menu Item - Azure AD Connector](/img/product_docs/identitymanager/saas/integration-guide/connectors/how-tos/create-connector/azuread/howtos_azure_menuitem_v603.webp) + +In XML, it should look like this: +Original image link: ![Menu Item - Azure AD Connector](/img/product_docs/identitymanager/saas/integration-guide/connectors/how-tos/create-connector/azuread/howtos_azure_menuitem_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\connectors\how-tos\create-connector\azuread\index.md +Context: +``` + +![Navigation Properties - Azure AD Connector](/img/product_docs/identitymanager/saas/integration-guide/connectors/how-tos/create-connector/azuread/howtos_azure_navproperties_v603.webp) + +Microsoft Entra ID's resources are listed in a table. +Original image link: ![Navigation Properties - Azure AD Connector](/img/product_docs/identitymanager/saas/integration-guide/connectors/how-tos/create-connector/azuread/howtos_azure_navproperties_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\connectors\how-tos\create-connector\azuread\index.md +Context: +``` + +![Display Table - Azure AD Connector](/img/product_docs/identitymanager/saas/integration-guide/connectors/how-tos/create-connector/azuread/howtos_azure_table_v603.webp) + +This is how the resources are displayed on the UI. +Original image link: ![Display Table - Azure AD Connector](/img/product_docs/identitymanager/saas/integration-guide/connectors/how-tos/create-connector/azuread/howtos_azure_table_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\connectors\how-tos\create-connector\index.md +Context: +Identity Manager provides a menu item to list all connectors in the dashboard's left menu. + +![Menu Item - Connectors](/img/product_docs/identitymanager/saas/user-guide/set-up/synchronization/home_entitytypes_v602.webp) + +> It is usually written like this: +Original image link: ![Menu Item - Connectors](/img/product_docs/identitymanager/saas/user-guide/set-up/synchronization/home_entitytypes_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\connectors\how-tos\demoapp-banking\index.md +Context: + a user by clicking on **Create New User** + + ![Users list](/img/product_docs/identitymanager/saas/integration-guide/connectors/how-tos/demoapp-banking/demoapps_banking_userslist.webp) + +- A list of groups, accessible by clicking on **Groups** at the top of the page. Clicking on +Original image link: ![Users list](/img/product_docs/identitymanager/saas/integration-guide/connectors/how-tos/demoapp-banking/demoapps_banking_userslist.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\connectors\how-tos\demoapp-banking\index.md +Context: + list + + ![User details](/img/product_docs/identitymanager/saas/integration-guide/connectors/how-tos/demoapp-banking/demoapps_banking_userdetails.webp) + +The most interesting part of the Banking application is a user's page. On a user's page, it is +Original image link: ![User details](/img/product_docs/identitymanager/saas/integration-guide/connectors/how-tos/demoapp-banking/demoapps_banking_userdetails.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\connectors\how-tos\demoapp-hr\index.md +Context: +application contains an employee list. + +![Users list](/img/product_docs/identitymanager/saas/integration-guide/connectors/how-tos/demoapp-hr/demoapps_hr_userslist.webp) + +Each employee also has their own page, with the possibility to edit their profile or delete them. It +Original image link: ![Users list](/img/product_docs/identitymanager/saas/integration-guide/connectors/how-tos/demoapp-hr/demoapps_hr_userslist.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\connectors\how-tos\demoapp-hr\index.md +Context: +is also possible to add a new employee. + +![User details](/img/product_docs/identitymanager/saas/integration-guide/connectors/how-tos/demoapp-hr/demoapps_hr_userdetails.webp) + +The HR application uses csv files as data sources. When a user is added, deleted, or edited, the csv +Original image link: ![User details](/img/product_docs/identitymanager/saas/integration-guide/connectors/how-tos/demoapp-hr/demoapps_hr_userdetails.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\connectors\how-tos\interact-gui-robotframework\index.md +Context: +**Show XPath**. + +![Show XPath](/img/product_docs/identitymanager/saas/integration-guide/connectors/how-tos/interact-gui-robotframework/robotframeworkflaui_flauishowxpath.webp) + +To see the XPath of an element, hover over the element, and press control. A red box should appear +Original image link: ![Show XPath](/img/product_docs/identitymanager/saas/integration-guide/connectors/how-tos/interact-gui-robotframework/robotframeworkflaui_flauishowxpath.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\connectors\how-tos\interact-gui-robotframework\index.md +Context: +should be at the bottom left of the FlaUI element. + +![Highlight Element](/img/product_docs/identitymanager/saas/integration-guide/connectors/how-tos/interact-gui-robotframework/robotframeworkflaui_flauixpathexample.webp) + +As an example, imagine an application showing a list of files and folders. Targeting a specific file +Original image link: ![Highlight Element](/img/product_docs/identitymanager/saas/integration-guide/connectors/how-tos/interact-gui-robotframework/robotframeworkflaui_flauixpathexample.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\connectors\how-tos\interact-web-page-robotframework\index.md +Context: +element, and clicking **Inspect**. + +![Inspect Tool](/img/product_docs/identitymanager/saas/integration-guide/connectors/how-tos/interact-web-page-robotframework/robotframeworkselenium_inspecttool.webp) + +Suppose the goal of the script is to copy the content of the code block, and paste it to a file, to +Original image link: ![Inspect Tool](/img/product_docs/identitymanager/saas/integration-guide/connectors/how-tos/interact-web-page-robotframework/robotframeworkselenium_inspecttool.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\connectors\how-tos\interact-web-page-robotframework\index.md +Context: +right click it in the HTML, and click on **Copy** > **Full XPath**. + +![Copy Full XPath](/img/product_docs/identitymanager/saas/integration-guide/connectors/how-tos/interact-web-page-robotframework/robotframeworkselenium_copyfullxpath.webp) + +For the `copy to clipboard` button, the XPath is +Original image link: ![Copy Full XPath](/img/product_docs/identitymanager/saas/integration-guide/connectors/how-tos/interact-web-page-robotframework/robotframeworkselenium_copyfullxpath.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\connectors\how-tos\powershell-fulfill\index.md +Context: +entities. + +![Microsoft Exchange Menu Items](/img/product_docs/identitymanager/saas/integration-guide/connectors/how-tos/powershell-fulfill/microsoftexchange_fulfill_menu_item_5.1.7.webp) + +### Configuration +Original image link: ![Microsoft Exchange Menu Items](/img/product_docs/identitymanager/saas/integration-guide/connectors/how-tos/powershell-fulfill/microsoftexchange_fulfill_menu_item_5.1.7.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\connectors\how-tos\powershell-fulfill\index.md +Context: +[wolfgang.abendroth@acme.com](mailto:wolfgang.abendroth@acme.com). + +![Microsoft Exchange Display Entity Type](/img/product_docs/identitymanager/saas/integration-guide/connectors/how-tos/powershell-fulfill/microsoftexchange_fulfill_display_entity_type_5.1.7.webp) + +The scalar properties require no configuration: they are automatically displayed. The only +Original image link: ![Microsoft Exchange Display Entity Type](/img/product_docs/identitymanager/saas/integration-guide/connectors/how-tos/powershell-fulfill/microsoftexchange_fulfill_display_entity_type_5.1.7.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\connectors\how-tos\powershell-fulfill\index.md +Context: +This example configures the following list display: + +![Microsoft Exchange Display Table](/img/product_docs/identitymanager/saas/integration-guide/connectors/how-tos/powershell-fulfill/microsoftexchange_fulfill_display_table_5.1.7.webp) + +#### Internal Display Name +Original image link: ![Microsoft Exchange Display Table](/img/product_docs/identitymanager/saas/integration-guide/connectors/how-tos/powershell-fulfill/microsoftexchange_fulfill_display_table_5.1.7.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\connectors\how-tos\powershell-fulfill\index.md +Context: +input in the Job's **DisplayName_Li** attribute. + +![Microsoft Exchange Jobs](/img/product_docs/identitymanager/saas/integration-guide/connectors/how-tos/powershell-fulfill/microsoftexchange_jobs_5.1.7.webp) + +From there, the Synchronization job can be launched and debugged (if needed). +Original image link: ![Microsoft Exchange Jobs](/img/product_docs/identitymanager/saas/integration-guide/connectors/how-tos/powershell-fulfill/microsoftexchange_jobs_5.1.7.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\connectors\how-tos\scim-cyberark-export\index.md +Context: +Adds a new menu item under the ```Nav_Connectors``` menu item declared in the root ```Nav.xml``` file. This new menu item gives access to the list of synchronized CyberArk SCIM objects. + +![SCIM CyberArk Menu Items](/img/product_docs/identitymanager/saas/integration-guide/connectors/how-tos/scim-cyberark-export/scim_cyberark_export_menu_item_5.1.6.webp) + +### Configuration +Original image link: ![SCIM CyberArk Menu Items](/img/product_docs/identitymanager/saas/integration-guide/connectors/how-tos/scim-cyberark-export/scim_cyberark_export_menu_item_5.1.6.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\connectors\how-tos\scim-cyberark-export\index.md +Context: +This configuration configures that display for [christian.adam@acme.com](mailto:christian.adam@acme.com): + +![SCIM CyberArk Display Entity Type](/img/product_docs/identitymanager/saas/integration-guide/connectors/how-tos/scim-cyberark-export/scim_cyberark_export_display_entity_type_5.1.6.webp) + +The scalar properties don't need to be configured: they are automatically displayed. The only information that the [DisplayEntityType](/docs/identitymanager/6.2/integration-guide/toolkit/xml-configuration/user-interface/displayentitytype/index.md) adds here, is that the property ```BasicCollection``` is a navigation property. An eye icon will be displayed to take you directly to the matching page. +Original image link: ![SCIM CyberArk Display Entity Type](/img/product_docs/identitymanager/saas/integration-guide/connectors/how-tos/scim-cyberark-export/scim_cyberark_export_display_entity_type_5.1.6.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\connectors\how-tos\scim-cyberark-export\index.md +Context: +configures the following list display: + +![SCIM CyberArk Display Table](/img/product_docs/identitymanager/saas/integration-guide/connectors/how-tos/scim-cyberark-export/scim_cyberark_export_display_table_5.1.6.webp) + +#### Internal display name +Original image link: ![SCIM CyberArk Display Table](/img/product_docs/identitymanager/saas/integration-guide/connectors/how-tos/scim-cyberark-export/scim_cyberark_export_display_table_5.1.6.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\connectors\how-tos\sharepoint-export\index.md +Context: +- Enter the name of the Identity Manager service account or its email address. + +![SharePoint Export Add Member](/img/product_docs/identitymanager/saas/integration-guide/connectors/how-tos/sharepoint-export/sharepoint_export_add_member.webp) + +The service account is now a member of the site. However, to scan the site, the service account +Original image link: ![SharePoint Export Add Member](/img/product_docs/identitymanager/saas/integration-guide/connectors/how-tos/sharepoint-export/sharepoint_export_add_member.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\connectors\how-tos\sharepoint-export\index.md +Context: +- Choose **Owner**. + +![SharePoint Export Role Owner](/img/product_docs/identitymanager/saas/integration-guide/connectors/how-tos/sharepoint-export/sharepoint_export_role_owner.webp) + +### Configuration +Original image link: ![SharePoint Export Role Owner](/img/product_docs/identitymanager/saas/integration-guide/connectors/how-tos/sharepoint-export/sharepoint_export_role_owner.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\connectors\index.md +Context: +A connector, therefore, acts as an interface between Identity Manager and a managed system. + +![Connector Schema](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/connectorcreation_connectorschema.webp) + +Netwrix Identity Manager (formerly Usercube)strongly recommends the creation of one connector for +Original image link: ![Connector Schema](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/connectorcreation_connectorschema.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\connectors\index.md +Context: +Manager will feed data into connected managed systems. + +![Outbound System=](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/connectorcreation_outbound.webp) + +In this case, data flows between Identity Manager and the managed system are also called: +Original image link: ![Outbound System=](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/connectorcreation_outbound.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\connectors\index.md +Context: + > manually through Identity Manager. + +![Connector Technical Schema](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/connectorcreation_connectortechnicalschema.webp) + +A connector requires at least one connection and one entity type. +Original image link: ![Connector Technical Schema](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/connectorcreation_connectortechnicalschema.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\connectors\references-connectors\activedirectory\index.md +Context: +additional information. + +![Package: Directory/Active Directory](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/activedirectory/packages_ad_v603.webp) + +## Overview +Original image link: ![Package: Directory/Active Directory](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/activedirectory/packages_ad_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\connectors\references-connectors\activedirectory\index.md +Context: +**Step 1 –** Check the **View** details in the Active Directory and Computers. + +![Enable Permissions - Step 1](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/activedirectory/references_connectors_activedirectory_01.webp) + +**Step 2 –** Open the **Advanced Security Settings** dialog box for the domain root. +Original image link: ![Enable Permissions - Step 1](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/activedirectory/references_connectors_activedirectory_01.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\connectors\references-connectors\activedirectory\index.md +Context: +**Step 2 –** Open the **Advanced Security Settings** dialog box for the domain root. + +![Enable Permissions - Step 2](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/activedirectory/references_connectors_activedirectory_02.webp) + +**Step 3 –** Select the **Replicating Directory Changes** check box from the list. +Original image link: ![Enable Permissions - Step 2](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/activedirectory/references_connectors_activedirectory_02.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\connectors\references-connectors\activedirectory\index.md +Context: +**Step 3 –** Select the **Replicating Directory Changes** check box from the list. + +![Enable Permissions - Step 3](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/activedirectory/references_connectors_activedirectory_03.webp) + +**Step 4 –** To change groups' membership, in the Applies field, select Descendent Group object and +Original image link: ![Enable Permissions - Step 3](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/activedirectory/references_connectors_activedirectory_03.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\connectors\references-connectors\activedirectory\index.md +Context: +select the **Read Members** and **Write Members** check boxes from the list. + +![Read/Write Members](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/activedirectory/references_connectors_activedirectory_04.webp) + +**Step 5 –** To Reset Password capabilities, in the Applies field, select Descendent User object and +Original image link: ![Read/Write Members](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/activedirectory/references_connectors_activedirectory_04.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\connectors\references-connectors\activedirectory\index.md +Context: +select the **Read lockoutTime** and **Write lockoutTime** check boxes from the list. + +![Read/Write Lockout Times](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/activedirectory/references_connectors_activedirectory_05.webp) + +Administrator rights must not be granted to the service account. Doing otherwise would create a +Original image link: ![Read/Write Lockout Times](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/activedirectory/references_connectors_activedirectory_05.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\connectors\references-connectors\azure\index.md +Context: +This page is about [ Azure ](/docs/identitymanager/6.2/integration-guide/connectors/references-packages/azure/index.md). + +![Package: Cloud/Azure](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/azure/packages_azure_v603.webp) + +## Prerequisites +Original image link: ![Package: Cloud/Azure](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/azure/packages_azure_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\connectors\references-connectors\csv\index.md +Context: +This page is about [ CSV ](/docs/identitymanager/6.2/integration-guide/connectors/references-packages/csv/index.md). + +![Package: File/CSV](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/csv/packages_csv_v603.webp) + +## Overview +Original image link: ![Package: File/CSV](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/csv/packages_csv_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\connectors\references-connectors\easyvista\index.md +Context: +This page is about [ EasyVista ](/docs/identitymanager/6.2/integration-guide/connectors/references-connectors/easyvista/index.md). + +![Package: ITSM/EasyVista](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/easyvista/packages_easyvista_v603.webp) + +## Overview +Original image link: ![Package: ITSM/EasyVista](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/easyvista/packages_easyvista_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\connectors\references-connectors\easyvista\index.md +Context: +| | | +| --- | --- | +| ExportSettingsOptions optional | **Type** List **Description** List of entities to retrieve from the EasyVista instance. **Note:** for any customized entity to be exported, this argument must contain its REST API URL. **Get REST API URLs** Access the relevant view in EasyVista and click on **...** > **Rest API Url** to copy the URL. For example: ![EasyVista Profiles View](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/easyvista/easyvista_view_v523.webp) | + +### Output details +Original image link: ![EasyVista Profiles View](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/easyvista/easyvista_view_v523.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\connectors\references-connectors\easyvistaticket\index.md +Context: +This page is about [ EasyVista Ticket ](/docs/identitymanager/6.2/integration-guide/connectors/references-packages/easyvistaticket/index.md). + +![Package: Ticket/EasyVista](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/easyvistaticket/packages_easyvistaticket_v603.webp) + +## Overview +Original image link: ![Package: Ticket/EasyVista](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/easyvistaticket/packages_easyvistaticket_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\connectors\references-connectors\excel\index.md +Context: +This page is about [ Excel ](/docs/identitymanager/6.2/integration-guide/connectors/references-packages/excel/index.md). + +![Package: File/Microsoft Excel](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/excel/packages_excel_v603.webp) + +## Overview +Original image link: ![Package: File/Microsoft Excel](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/excel/packages_excel_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\connectors\references-connectors\googleworkspace\index.md +Context: +This page is about [ Google Workspace ](/docs/identitymanager/6.2/integration-guide/connectors/references-packages/googleworkspace/index.md). + +![Package: Directory/Google Workspace](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/googleworkspace/packages_workspace_v603.webp) + +## Overview +Original image link: ![Package: Directory/Google Workspace](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/googleworkspace/packages_workspace_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\connectors\references-connectors\homefolder\index.md +Context: +This page is about [ Home Folders ](/docs/identitymanager/6.2/integration-guide/connectors/references-packages/home-folders/index.md). + +![Package: Storage/Home Folders](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/homefolder/packages_homefolders_v603.webp) + +## Overview +Original image link: ![Package: Storage/Home Folders](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/homefolder/packages_homefolders_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\connectors\references-connectors\internalresources\index.md +Context: +topics for additional information. + +![Package: Ticket/Usercube](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/internalresources/packages_identitymanagerticket_v603.webp) + +![Package: Ticket/Usercube And Create/Update/Delete resources](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/internalresources/packages_identitymanagerticketcud_v603.webp) +Original image link: ![Package: Ticket/Usercube](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/internalresources/packages_identitymanagerticket_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\connectors\references-connectors\internalresources\index.md +Context: +![Package: Ticket/Usercube](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/internalresources/packages_identitymanagerticket_v603.webp) + +![Package: Ticket/Usercube And Create/Update/Delete resources](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/internalresources/packages_identitymanagerticketcud_v603.webp) + +See the +Original image link: ![Package: Ticket/Usercube And Create/Update/Delete resources](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/internalresources/packages_identitymanagerticketcud_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\connectors\references-connectors\internalworkflow\index.md +Context: +[ Workflow ](/docs/identitymanager/6.2/integration-guide/connectors/references-packages/workflow/index.md) topic for additional information. + +![Package: Usercube/Workflow](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/internalworkflow/packages_workflow_v603.webp) + +## Overview +Original image link: ![Package: Usercube/Workflow](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/internalworkflow/packages_workflow_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\connectors\references-connectors\json\index.md +Context: +This page is about [ JSON ](/docs/identitymanager/6.2/integration-guide/connectors/references-packages/json/index.md) + +![Package: Custom/JSON](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/json/packages_json_v603.webp) + +The documentation is not yet available for this page and will be completed in the near future. +Original image link: ![Package: Custom/JSON](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/json/packages_json_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\connectors\references-connectors\ldap\index.md +Context: +- [ Red Hat Directory Server ](/docs/identitymanager/6.2/integration-guide/connectors/references-packages/red-hat-directory-server/index.md). + +![Package: Directory/Generic LDAP](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/ldap/packages_ldapgeneric_v603.webp) + +![Package: Directory/Oracle LDAP](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/ldap/packages_ldaporacle_v603.webp) +Original image link: ![Package: Directory/Generic LDAP](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/ldap/packages_ldapgeneric_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\connectors\references-connectors\ldap\index.md +Context: +![Package: Directory/Generic LDAP](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/ldap/packages_ldapgeneric_v603.webp) + +![Package: Directory/Oracle LDAP](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/ldap/packages_ldaporacle_v603.webp) + +![Package: Directory/Apache Directory](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/ldap/packages_ldapapache_v603.webp) +Original image link: ![Package: Directory/Oracle LDAP](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/ldap/packages_ldaporacle_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\connectors\references-connectors\ldap\index.md +Context: +![Package: Directory/Oracle LDAP](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/ldap/packages_ldaporacle_v603.webp) + +![Package: Directory/Apache Directory](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/ldap/packages_ldapapache_v603.webp) + +![Package: Directory/Red Hat Directory Server](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/ldap/packages_ldapredhat_v603.webp) +Original image link: ![Package: Directory/Apache Directory](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/ldap/packages_ldapapache_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\connectors\references-connectors\ldap\index.md +Context: +![Package: Directory/Apache Directory](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/ldap/packages_ldapapache_v603.webp) + +![Package: Directory/Red Hat Directory Server](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/ldap/packages_ldapredhat_v603.webp) + +## Overview +Original image link: ![Package: Directory/Red Hat Directory Server](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/ldap/packages_ldapredhat_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\connectors\references-connectors\ldif\index.md +Context: +This page is about [ LDIF ](/docs/identitymanager/6.2/integration-guide/connectors/references-packages/ldif/index.md). + +![Package: Directory/LDIF](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/ldif/packages_ldif_v603.webp) + +## Overview +Original image link: ![Package: Directory/LDIF](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/ldif/packages_ldif_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\connectors\references-connectors\microsoftentraid\index.md +Context: +additional information. + +![Package: Directory/Microsoft Entra ID](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/microsoftentraid/packages_azuread_v603.webp) + +## Overview +Original image link: ![Package: Directory/Microsoft Entra ID](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/microsoftentraid/packages_azuread_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\connectors\references-connectors\microsoftexchange\index.md +Context: +This page is about [ Microsoft Exchange ](/docs/identitymanager/6.2/integration-guide/connectors/references-packages/microsoft-exchange/index.md). + +![Package: Server/Microsoft Exchange](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/microsoftexchange/packages_exchange_v603.webp) + +## Overview +Original image link: ![Package: Server/Microsoft Exchange](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/microsoftexchange/packages_exchange_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\connectors\references-connectors\odata\index.md +Context: +This page is about [ OData ](/docs/identitymanager/6.2/integration-guide/connectors/references-packages/odata/index.md). + +![Package: Custom/OData](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/odata/packages_odata_v603.webp) + +## Overview +Original image link: ![Package: Custom/OData](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/odata/packages_odata_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\connectors\references-connectors\okta\index.md +Context: +This connector exports and fulfills entries from/to Okta application. + +![okta](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/okta/okta.webp) + +## Overview +Original image link: ![okta](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/okta/okta.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\connectors\references-connectors\openldap\index.md +Context: +This page is about [ OData ](/docs/identitymanager/6.2/integration-guide/connectors/references-packages/odata/index.md). + +![Package: Directory/Open LDAP](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/openldap/packages_ldapopen_v603.webp) + +## Overview +Original image link: ![Package: Directory/Open LDAP](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/openldap/packages_ldapopen_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\connectors\references-connectors\powershellprov\index.md +Context: +This page is about [ PowerShellProv ](/docs/identitymanager/6.2/integration-guide/connectors/references-packages/powershellprov/index.md). + +![Package: Custom/PowerShellProv](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/powershellprov/packages_powershellprov_v603.webp) + +## Overview +Original image link: ![Package: Custom/PowerShellProv](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/powershellprov/packages_powershellprov_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\connectors\references-connectors\powershellsync\index.md +Context: +This page is about [ PowerShellSync ](/docs/identitymanager/6.2/integration-guide/connectors/references-packages/powershellsync/index.md). + +![Package: Custom/PowerShellSync](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/powershellsync/packages_powershellsync_v603.webp) + +## Overview +Original image link: ![Package: Custom/PowerShellSync](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/powershellsync/packages_powershellsync_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\connectors\references-connectors\racf\index.md +Context: +This page is about [ RACF ](/docs/identitymanager/6.2/integration-guide/connectors/references-packages/racf/index.md). + +![Package: MainFrame/RACF](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/racf/packages_racf_v603.webp) + +## Overview +Original image link: ![Package: MainFrame/RACF](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/racf/packages_racf_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\connectors\references-connectors\robotframework\index.md +Context: +This page is about [ Robot Framework ](/docs/identitymanager/6.2/integration-guide/connectors/references-packages/robot-framework/index.md) + +![Package: Custom/Robot Framework](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/robotframework/packages_robot_v603.webp) + +## Overview +Original image link: ![Package: Custom/Robot Framework](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/robotframework/packages_robot_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\connectors\references-connectors\saperp6\index.md +Context: +This page is about ERP/SAP ERP 6.0. + +![Package: ERP/SAP ERP 6.0](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/saperp6/packages_saperp6_v603.webp) + +## Overview +Original image link: ![Package: ERP/SAP ERP 6.0](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/saperp6/packages_saperp6_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\connectors\references-connectors\saperp6\index.md +Context: +**Step 1 –** Copy the DLL `Sap.Data.Hana.Core.v2.1.dll` into the Runtime of Identity Manager. + +![connectorreadprerequisites1](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/saperp6/connectorreadprerequisites1.webp) + +**Step 2 –** Unzip the "hdbclient.zip" archive to C: drive and add the path to the Path environment +Original image link: ![connectorreadprerequisites1](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/saperp6/connectorreadprerequisites1.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\connectors\references-connectors\saperp6\index.md +Context: +variables. + +![connectorreadprerequisites2](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/saperp6/connectorreadprerequisites2.webp) + +**Step 3 –** Create environment variables: `HDBADOTNET=C:\hdbclient\ado.net` and +Original image link: ![connectorreadprerequisites2](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/saperp6/connectorreadprerequisites2.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\connectors\references-connectors\saperp6\index.md +Context: +Manager. + +![connectorwriteprerequisites](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/saperp6/connectorwriteprerequisites.webp) + +**Step 4 –** Disable DLLs search by adding the environment variable `NLSUI_7BIT_FALLBACK=YES`. +Original image link: ![connectorwriteprerequisites](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/saperp6/connectorwriteprerequisites.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\connectors\references-connectors\saperp6\index.md +Context: +**Step 4 –** Disable DLLs search by adding the environment variable `NLSUI_7BIT_FALLBACK=YES`. + +![connectorwriteprerequisites2](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/saperp6/connectorwriteprerequisites2.webp) + +**Step 5 –** Add new environment variable `USERCUBE_DOTNET32` containing the path to dotnetx86 +Original image link: ![connectorwriteprerequisites2](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/saperp6/connectorwriteprerequisites2.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\connectors\references-connectors\sapnetweaver\index.md +Context: +This page is about [ SAP S/4 HANA ](/docs/identitymanager/6.2/integration-guide/connectors/references-packages/saphana/index.md). + +![Package: ERP/SAP S/4 HANA](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/sapnetweaver/packages_sap_v603.webp) + +## Overview +Original image link: ![Package: ERP/SAP S/4 HANA](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/sapnetweaver/packages_sap_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\connectors\references-connectors\scim\index.md +Context: +- PAM/CyberArk + +![Package: Custom/SCIM](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/scim/packages_scim_v603.webp) + +![Package: CRM/Salesforce](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/scim/packages_salesforce_v603.webp) +Original image link: ![Package: Custom/SCIM](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/scim/packages_scim_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\connectors\references-connectors\scim\index.md +Context: +![Package: Custom/SCIM](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/scim/packages_scim_v603.webp) + +![Package: CRM/Salesforce](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/scim/packages_salesforce_v603.webp) + +![Package: Messaging/Slack](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/scim/packages_slack_v603.webp) +Original image link: ![Package: CRM/Salesforce](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/scim/packages_salesforce_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\connectors\references-connectors\scim\index.md +Context: +![Package: CRM/Salesforce](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/scim/packages_salesforce_v603.webp) + +![Package: Messaging/Slack](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/scim/packages_slack_v603.webp) + +![Package: PAM/CyberArk](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/scim/packages_cyberark_v603.webp) +Original image link: ![Package: Messaging/Slack](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/scim/packages_slack_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\connectors\references-connectors\scim\index.md +Context: +![Package: Messaging/Slack](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/scim/packages_slack_v603.webp) + +![Package: PAM/CyberArk](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/scim/packages_cyberark_v603.webp) + +## Overview +Original image link: ![Package: PAM/CyberArk](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/scim/packages_cyberark_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\connectors\references-connectors\scim\index.md +Context: +**Step 1 –** Log into Salesforce using an admin account. + +![salesforce-advancesetup](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/scim/salesforce-advancesetup.webp) + +**Step 2 –** Go to **Advanced Setup**. +Original image link: ![salesforce-advancesetup](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/scim/salesforce-advancesetup.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\connectors\references-connectors\scim\index.md +Context: +**Step 2 –** Go to **Advanced Setup**. + +![salesforce-newconnectedapp](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/scim/salesforce-newconnectedapp.webp) + +**Step 3 –** Go to **App Manager** and **Create a Connected App**. +Original image link: ![salesforce-newconnectedapp](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/scim/salesforce-newconnectedapp.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\connectors\references-connectors\scim\index.md +Context: +**Step 3 –** Go to **App Manager** and **Create a Connected App**. + +![salesforce-enableoauth](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/scim/salesforce-enableoauth.webp) + +**Step 4 –** Fill in the details of the application: Application Name, API Name, Contact Email, +Original image link: ![salesforce-enableoauth](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/scim/salesforce-enableoauth.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\connectors\references-connectors\scim\index.md +Context: +**Step 5 –** Save the Application. + +![salesforce-manageconnectedapps](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/scim/salesforce-manageconnectedapps.webp) + +**Step 6 –** Go to **Manage Connected Apps** and click on the newly created application. +Original image link: ![salesforce-manageconnectedapps](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/scim/salesforce-manageconnectedapps.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\connectors\references-connectors\scim\index.md +Context: +**Step 6 –** Go to **Manage Connected Apps** and click on the newly created application. + +![salesforce-manageconsumerdetails](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/scim/salesforce-manageconsumerdetails.webp) + +**Step 7 –** Click on **Manage Consumer Details**. +Original image link: ![salesforce-manageconsumerdetails](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/scim/salesforce-manageconsumerdetails.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\connectors\references-connectors\scim\index.md +Context: +**Step 7 –** Click on **Manage Consumer Details**. + +![salesforce-consumerkey](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/scim/salesforce-consumerkey.webp) + +**Step 8 –** Copy the Consumer Key and Consumer Secret in your Keypass. +Original image link: ![salesforce-consumerkey](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/scim/salesforce-consumerkey.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\connectors\references-connectors\scim\index.md +Context: +**Step 2 –** Go to **Advanced Setup**. + +![oauthauthentication](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/scim/oauthauthentication.webp) + +**Step 3 –** Go to **OAuth** and **OpenID Connect Settings** in the **Identity** drop-down menu, +Original image link: ![oauthauthentication](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/scim/oauthauthentication.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\connectors\references-connectors\scim\index.md +Context: +**Step 1 –** Log into Salesforce using an admin account. + +![salesforce-usertoken-settings](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/scim/salesforce-usertoken-settings.webp) + +**Step 2 –** Click on **Settings** under the profile details. +Original image link: ![salesforce-usertoken-settings](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/scim/salesforce-usertoken-settings.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\connectors\references-connectors\scim\index.md +Context: +**Step 2 –** Click on **Settings** under the profile details. + +![salesforce-resetseuritytoken](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/scim/salesforce-resetseuritytoken.webp) + +**Step 3 –** Click on **Reset My Security Token**. +Original image link: ![salesforce-resetseuritytoken](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/scim/salesforce-resetseuritytoken.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\connectors\references-connectors\scim\index.md +Context: +**Step 3 –** Click on **Reset My Security Token**. + +![salesforce-checkemail](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/scim/salesforce-checkemail.webp) + +**Step 4 –** An email containing the new token will be sent. +Original image link: ![salesforce-checkemail](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/scim/salesforce-checkemail.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\connectors\references-connectors\scim\index.md +Context: +**Step 1 –** Log into Identity Manager using an admin account. + +![salesforce-connector](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/scim/salesforce-connector.webp) + +**Step 2 –** Create a new Salesforce connector. +Original image link: ![salesforce-connector](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/scim/salesforce-connector.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\connectors\references-connectors\scim\index.md +Context: +**Step 2 –** Create a new Salesforce connector. + +![salesforce-connection](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/scim/salesforce-connection.webp) + +**Step 3 –** Add a new Salesforce connection. +Original image link: ![salesforce-connection](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/scim/salesforce-connection.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\connectors\references-connectors\scim\index.md +Context: +**Step 3 –** Add a new Salesforce connection. + +![salesforce-agent-settings](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/scim/salesforce-agent-settings.webp) + +**Step 4 –** Fill the fields in the **Connection Settings** and choose the **Filter**. +Original image link: ![salesforce-agent-settings](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/scim/salesforce-agent-settings.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\connectors\references-connectors\servicenowentitymanagement\index.md +Context: +This page is about [ ServiceNow ](/docs/identitymanager/6.2/integration-guide/connectors/references-packages/servicenow/index.md). + +![Package: ITSM/ServiceNow](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/servicenowentitymanagement/packages_servicenow_v603.webp) + +## Overview +Original image link: ![Package: ITSM/ServiceNow](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/servicenowentitymanagement/packages_servicenow_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\connectors\references-connectors\servicenowticket\index.md +Context: +This page is about [ ServiceNow Ticket ](/docs/identitymanager/6.2/integration-guide/connectors/references-packages/servicenow-ticket/index.md). + +![Package: Ticket/ServiceNow](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/servicenowticket/packages_servicenowticket_v603.webp) + +## Overview +Original image link: ![Package: Ticket/ServiceNow](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/servicenowticket/packages_servicenowticket_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\connectors\references-connectors\sharedfolder\index.md +Context: +This page is about [ Shared Folders ](/docs/identitymanager/6.2/integration-guide/connectors/references-packages/shared-folders/index.md). + +![Package: Storage/Shared Folders](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/sharedfolder/packages_sharedfolders_v603.webp) + +## Overview +Original image link: ![Package: Storage/Shared Folders](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/sharedfolder/packages_sharedfolders_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\connectors\references-connectors\sharedfolder\index.md +Context: + batch. + + ![SharedFolder - Permission for Batch Authentication](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/sharedfolder/sharedfolder_permission.webp) + +## Export +Original image link: ![SharedFolder - Permission for Batch Authentication](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/sharedfolder/sharedfolder_permission.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\connectors\references-connectors\sharepoint\index.md +Context: +This page is about Storage/SharePoint. + +![Package: Storage/SharePoint](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/sharepoint/packages_sharepoint_v603.webp) + +## Overview +Original image link: ![Package: Storage/SharePoint](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/sharepoint/packages_sharepoint_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\connectors\references-connectors\sql\index.md +Context: +- [ SAP ASE ](/docs/identitymanager/6.2/integration-guide/connectors/references-packages/sapase/index.md). + +![Package: Directory/Database/Generic SQL](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/sql/packages_sqlgeneric_v603.webp) + +![Package: Directory/Database/Microsoft SQL Server](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/sql/packages_sqlserver_v603.webp) +Original image link: ![Package: Directory/Database/Generic SQL](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/sql/packages_sqlgeneric_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\connectors\references-connectors\sql\index.md +Context: +![Package: Directory/Database/Generic SQL](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/sql/packages_sqlgeneric_v603.webp) + +![Package: Directory/Database/Microsoft SQL Server](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/sql/packages_sqlserver_v603.webp) + +![Package: Directory/Database/MySQL](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/sql/packages_sqlmy_v603.webp) +Original image link: ![Package: Directory/Database/Microsoft SQL Server](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/sql/packages_sqlserver_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\connectors\references-connectors\sql\index.md +Context: +![Package: Directory/Database/Microsoft SQL Server](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/sql/packages_sqlserver_v603.webp) + +![Package: Directory/Database/MySQL](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/sql/packages_sqlmy_v603.webp) + +![Package: Directory/Database/ODBC](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/sql/packages_sqlodbc_v603.webp) +Original image link: ![Package: Directory/Database/MySQL](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/sql/packages_sqlmy_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\connectors\references-connectors\sql\index.md +Context: +![Package: Directory/Database/MySQL](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/sql/packages_sqlmy_v603.webp) + +![Package: Directory/Database/ODBC](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/sql/packages_sqlodbc_v603.webp) + +![Package: Directory/Database/Oracle](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/sql/packages_sqloracle_v603.webp) +Original image link: ![Package: Directory/Database/ODBC](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/sql/packages_sqlodbc_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\connectors\references-connectors\sql\index.md +Context: +![Package: Directory/Database/ODBC](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/sql/packages_sqlodbc_v603.webp) + +![Package: Directory/Database/Oracle](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/sql/packages_sqloracle_v603.webp) + +![Package: Directory/Database/PostgreSQL](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/sql/packages_sqlpostgre_v603.webp) +Original image link: ![Package: Directory/Database/Oracle](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/sql/packages_sqloracle_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\connectors\references-connectors\sql\index.md +Context: +![Package: Directory/Database/Oracle](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/sql/packages_sqloracle_v603.webp) + +![Package: Directory/Database/PostgreSQL](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/sql/packages_sqlpostgre_v603.webp) + +![Package: Directory/Database/SAP ASE](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/sql/packages_sqlsap_v603.webp) +Original image link: ![Package: Directory/Database/PostgreSQL](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/sql/packages_sqlpostgre_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\connectors\references-connectors\sql\index.md +Context: +![Package: Directory/Database/PostgreSQL](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/sql/packages_sqlpostgre_v603.webp) + +![Package: Directory/Database/SAP ASE](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/sql/packages_sqlsap_v603.webp) + +## Overview +Original image link: ![Package: Directory/Database/SAP ASE](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/sql/packages_sqlsap_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\connectors\references-connectors\sql\index.md +Context: + > For MySQL, download the package from [MySql.Data](https://www.nuget.org/packages/MySql.Data/). + > + > ![MySQL: Download Package](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/sql/sql_downloadpackage.webp) +2. Copy the DLL file (corresponding to the correct .Net version) to the `Runtime` folder. + > For MySQL, the DLL is `MySql.Data.dll`. +Original image link: ![MySQL: Download Package](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/sql/sql_downloadpackage.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\connectors\references-connectors\sql\index.md +Context: + > For MySQL: + > + > ![Package Characteristics Example](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/sql/sql_packagecharacteristics.webp) + + - for another DBMS, by accessing the DBMS' documentation for .Net and finding a class with +Original image link: ![Package Characteristics Example](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/sql/sql_packagecharacteristics.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\connectors\references-connectors\sqlserverentitlements\index.md +Context: +[ SQL Server Entitlements ](/docs/identitymanager/6.2/integration-guide/connectors/references-packages/sql-server-entitlements/index.md). + +![Package: Database/Microsoft SQL Server Entitlements](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/sqlserverentitlements/packages_sqlservermanagement_v603.webp) + +## Overview +Original image link: ![Package: Database/Microsoft SQL Server Entitlements](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/sqlserverentitlements/packages_sqlservermanagement_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\connectors\references-connectors\topsecret\index.md +Context: +This page is about [ TSS ](/docs/identitymanager/6.2/integration-guide/connectors/references-packages/tss/index.md). + +![Package: Mainframe/Top Secret](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/topsecret/packages_tss_v603.webp) + +The documentation is not yet available for this page and will be completed in the near future. +Original image link: ![Package: Mainframe/Top Secret](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/topsecret/packages_tss_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\connectors\references-connectors\workday\index.md +Context: +This page is about [ Workday ](/docs/identitymanager/6.2/integration-guide/connectors/references-packages/workday/index.md). + +![Package: ERP/Workday](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/workday/packages_workday_v603.webp) + +## Prerequisites +Original image link: ![Package: ERP/Workday](/img/product_docs/identitymanager/saas/integration-guide/connectors/references-connectors/workday/packages_workday_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\entity-model\index.md +Context: +something readable by the external system. + +![Export and Fulfill Data transformation](/img/product_docs/identitymanager/saas/integration-guide/connectors/entitypropertymapping-format/entitypropertymapping-format-flowchart.webp) + +The format used in the external system can be provided through the +Original image link: ![Export and Fulfill Data transformation](/img/product_docs/identitymanager/saas/integration-guide/connectors/entitypropertymapping-format/entitypropertymapping-format-flowchart.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\executables\references\create-databaseviews\index.md +Context: +Management Studio + +![SSMS Views](/img/product_docs/identitymanager/saas/integration-guide/executables/references/create-databaseviews/identitymanager-create-databaseviews_ssms.webp) + +Original image link: ![SSMS Views](/img/product_docs/identitymanager/saas/integration-guide/executables/references/create-databaseviews/identitymanager-create-databaseviews_ssms.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\executables\references\export-configuration\index.md +Context: +- a scaffolding export will export the XML configuration generated by scaffoldings. + +![Schema - Export Process](/img/product_docs/identitymanager/saas/integration-guide/executables/references/export-configuration/identitymanager-export-configuration.webp) + +For all export types, Netwrix Identity Manager (formerly Usercube) recommends using as output +Original image link: ![Schema - Export Process](/img/product_docs/identitymanager/saas/integration-guide/executables/references/export-configuration/identitymanager-export-configuration.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\executables\references\invoke-job\index.md +Context: +The Usercube-Invoke-Job.exe tool is a state machine. + +![Schematization](/img/product_docs/identitymanager/saas/integration-guide/executables/references/invoke-job/job_operation.webp) + +When a job is launched, the state machine starts by computing all the tasks that must be launched in +Original image link: ![Schematization](/img/product_docs/identitymanager/saas/integration-guide/executables/references/invoke-job/job_operation.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\executables\references\manage-history\index.md +Context: +per year (525960 minutes) in the last 2 years before the previously defined periods. + +![Schema - Optimize](/img/product_docs/identitymanager/saas/integration-guide/executables/references/manage-history/tools_managehistory_schema.webp) + +For each period, if there is more than one version (i.e. `ValidFrom` is inside the interval), the +Original image link: ![Schema - Optimize](/img/product_docs/identitymanager/saas/integration-guide/executables/references/manage-history/tools_managehistory_schema.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\executables\references\prepare-synchronization\index.md +Context: +and _manager_). + +![Active Directory Prepare-Synchronization Example](/img/product_docs/identitymanager/saas/integration-guide/synchronization/upward-data-sync/ad_preparesynchro_example.webp) + +## Examples +Original image link: ![Active Directory Prepare-Synchronization Example](/img/product_docs/identitymanager/saas/integration-guide/synchronization/upward-data-sync/ad_preparesynchro_example.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\governance\accesscertification\index.md +Context: +It automatically appears on the campaign creation screen, and binds itself to the created campaign: + +![Campaign creation screen with policies](/img/product_docs/identitymanager/saas/integration-guide/governance/accesscertification/creation_5.1.6.webp) + +To use it, modify the access control rules by adding a filter on the campaign policy. See the +Original image link: ![Campaign creation screen with policies](/img/product_docs/identitymanager/saas/integration-guide/governance/accesscertification/creation_5.1.6.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\governance\reporting\how-tos\analyze-powerbi\index.md +Context: +- publish the reports with Power BI Service (SaaS) or Power BI Report Server (on premises) + +![Process Schema](/img/product_docs/identitymanager/saas/integration-guide/governance/reporting/how-tos/analyze-powerbi/powerbi_process.webp) + +## Prerequisites +Original image link: ![Process Schema](/img/product_docs/identitymanager/saas/integration-guide/governance/reporting/how-tos/analyze-powerbi/powerbi_process.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\governance\reporting\how-tos\connect-powerbi\index.md +Context: +2. Click on **Get data** either in the welcome window or in the home menu. + + ![Get Data](/img/product_docs/identitymanager/saas/integration-guide/governance/reporting/how-tos/connect-powerbi/powerbi_getdata.webp) + +3. In the opening window, search for Identity Manager, click on its plugin in the right menu, and +Original image link: ![Get Data](/img/product_docs/identitymanager/saas/integration-guide/governance/reporting/how-tos/connect-powerbi/powerbi_getdata.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\governance\reporting\how-tos\connect-powerbi\index.md +Context: + click on **Connect**. + + ![Get Data Window](/img/product_docs/identitymanager/saas/integration-guide/governance/reporting/how-tos/connect-powerbi/powerbi_getdatawindow.webp) + +4. Enter Identity Manager's server URL in the opening window. +Original image link: ![Get Data Window](/img/product_docs/identitymanager/saas/integration-guide/governance/reporting/how-tos/connect-powerbi/powerbi_getdatawindow.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\governance\reporting\how-tos\connect-powerbi\index.md +Context: +4. Enter Identity Manager's server URL in the opening window. + + ![Server URL](/img/product_docs/identitymanager/saas/integration-guide/governance/reporting/how-tos/connect-powerbi/powerbi_url.webp) + +5. In the opening window, enter the +Original image link: ![Server URL](/img/product_docs/identitymanager/saas/integration-guide/governance/reporting/how-tos/connect-powerbi/powerbi_url.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\governance\reporting\how-tos\connect-powerbi\index.md +Context: + `OpenIdClient` with `@` and Identity Manager's domain name. See the following example. + + ![Client Id / Client Secret](/img/product_docs/identitymanager/saas/integration-guide/governance/reporting/how-tos/connect-powerbi/powerbi_clientid.webp) + +6. You can now access in the left panel the +Original image link: ![Client Id / Client Secret](/img/product_docs/identitymanager/saas/integration-guide/governance/reporting/how-tos/connect-powerbi/powerbi_clientid.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\governance\reporting\how-tos\connect-powerbi\index.md +Context: + pick the desired tables. + + ![Universe Panel](/img/product_docs/identitymanager/saas/integration-guide/governance/reporting/how-tos/connect-powerbi/powerbi_universes.webp) + + **Power BI tip:** to view a table, click on its name. To select a table, check the box next to +Original image link: ![Universe Panel](/img/product_docs/identitymanager/saas/integration-guide/governance/reporting/how-tos/connect-powerbi/powerbi_universes.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\governance\reporting\how-tos\connect-powerbi\index.md +Context: +2. In the **Data Load** tab, click on **Clear Cache**. + + ![Clear Cache](/img/product_docs/identitymanager/saas/integration-guide/governance/reporting/how-tos/connect-powerbi/powerbi_clearcache.webp) + +Original image link: ![Clear Cache](/img/product_docs/identitymanager/saas/integration-guide/governance/reporting/how-tos/connect-powerbi/powerbi_clearcache.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\governance\risks\index.md +Context: +request must be cancelled: + +![Exemption Policy - Blocking](/img/product_docs/identitymanager/saas/integration-guide/governance/risks/risks_blocking_v522.webp) + +### Approval Required +Original image link: ![Exemption Policy - Blocking](/img/product_docs/identitymanager/saas/integration-guide/governance/risks/risks_blocking_v522.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\governance\risks\index.md +Context: +security officer. A message is displayed and the request can be continued or cancelled: + +![Exemption Policy - Approval Required](/img/product_docs/identitymanager/saas/integration-guide/governance/risks/risks_requiredapproval_v522.webp) + +If the request is performed, then a line appears on the **Role Review** screen. +Original image link: ![Exemption Policy - Approval Required](/img/product_docs/identitymanager/saas/integration-guide/governance/risks/risks_requiredapproval_v522.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\governance\risks\index.md +Context: +risk icon. + +![Home Page - Role Review](/img/product_docs/identitymanager/saas/integration-guide/governance/risks/risks_riskicon_v522.svg) + +### Warning +Original image link: ![Home Page - Role Review](/img/product_docs/identitymanager/saas/integration-guide/governance/risks/risks_riskicon_v522.svg) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\governance\risks\index.md +Context: +then Identity Manager displays a message and the request can be continued or cancelled: + +![Exemption Policy - Warning](/img/product_docs/identitymanager/saas/integration-guide/governance/risks/risks_warning_v522.webp) + +### Upon Profile +Original image link: ![Exemption Policy - Warning](/img/product_docs/identitymanager/saas/integration-guide/governance/risks/risks_warning_v522.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\governance\risks\index.md +Context: +The risk score computation is performed by the risk score task. + +![Compute Risk Score Task](/img/product_docs/identitymanager/saas/integration-guide/governance/risks/risks_riskcomputetask_v522.webp) + +Original image link: ![Compute Risk Score Task](/img/product_docs/identitymanager/saas/integration-guide/governance/risks/risks_riskcomputetask_v522.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\identity-management\identity-repository\index.md +Context: +> includes the user's employee id, last name and first name, email, user type, organization, etc. +> +> ![Identity Repository Example](/img/product_docs/identitymanager/saas/user-guide/set-up/initial-identities-loading/identityrepository-example.webp) + +> In Identity Manager, the identity repository can look like the following: +Original image link: ![Identity Repository Example](/img/product_docs/identitymanager/saas/user-guide/set-up/initial-identities-loading/identityrepository-example.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\identity-management\identity-repository\index.md +Context: +> In Identity Manager, the identity repository can look like the following: +> +> ![Identity Repository Result](/img/product_docs/identitymanager/saas/user-guide/set-up/initial-identities-loading/identityrepository_v602.webp) +> +> ![Identity Example](/img/product_docs/identitymanager/saas/user-guide/set-up/initial-identities-loading/identityrepository-person_v602.webp) +Original image link: ![Identity Repository Result](/img/product_docs/identitymanager/saas/user-guide/set-up/initial-identities-loading/identityrepository_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\identity-management\identity-repository\index.md +Context: +> ![Identity Repository Result](/img/product_docs/identitymanager/saas/user-guide/set-up/initial-identities-loading/identityrepository_v602.webp) +> +> ![Identity Example](/img/product_docs/identitymanager/saas/user-guide/set-up/initial-identities-loading/identityrepository-person_v602.webp) + +The identity repository can be created and updated by: +Original image link: ![Identity Example](/img/product_docs/identitymanager/saas/user-guide/set-up/initial-identities-loading/identityrepository-person_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\identity-management\joiners-movers-leavers\on-offboarding\index.md +Context: +[ Context Rule ](/docs/identitymanager/6.2/integration-guide/toolkit/xml-configuration/provisioning/contextrule/index.md). + +![Identities - Validity Period](/img/product_docs/identitymanager/saas/integration-guide/identity-management/joiners-movers-leavers/on-offboarding/validityperiod.webp) + +At the start date, the resource is created and a few entitlements are assigned to the identity. +Original image link: ![Identities - Validity Period](/img/product_docs/identitymanager/saas/integration-guide/identity-management/joiners-movers-leavers/on-offboarding/validityperiod.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\identity-management\joiners-movers-leavers\position-change\index.md +Context: +users' personal data, one for their contract(s) and one for their position(s): + +![Records Origin - Three-Entity Model](/img/product_docs/identitymanager/saas/integration-guide/identity-management/joiners-movers-leavers/position-change/recordsorigin_firstmodel.webp) + +A user can have several positions over time, even simultaneously. A user's contract can change over +Original image link: ![Records Origin - Three-Entity Model](/img/product_docs/identitymanager/saas/integration-guide/identity-management/joiners-movers-leavers/position-change/recordsorigin_firstmodel.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\identity-management\joiners-movers-leavers\position-change\index.md +Context: +> from day D2 to day D3 when the first position ends. +> +> ![User Example](/img/product_docs/identitymanager/saas/integration-guide/identity-management/joiners-movers-leavers/position-change/recordsorigin_userexample.webp) +> +> Over time, the three entities are as follows: +Original image link: ![User Example](/img/product_docs/identitymanager/saas/integration-guide/identity-management/joiners-movers-leavers/position-change/recordsorigin_userexample.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\identity-management\joiners-movers-leavers\position-change\index.md +Context: +> Over time, the three entities are as follows: +> +> ![Example - Timelines](/img/product_docs/identitymanager/saas/integration-guide/identity-management/joiners-movers-leavers/position-change/recordsorigin_timelines.webp) +> +> From this, Identity Manager is able to combine the start and end dates of all entities at all +Original image link: ![Example - Timelines](/img/product_docs/identitymanager/saas/integration-guide/identity-management/joiners-movers-leavers/position-change/recordsorigin_timelines.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\identity-management\joiners-movers-leavers\position-change\index.md +Context: +> times to generate the following datasheets, named contexts: +> +> ![Example - Contexts](/img/product_docs/identitymanager/saas/integration-guide/identity-management/joiners-movers-leavers/position-change/recordsorigin_contexts.webp) + +Contexts are the result of the combination of all entities (personal data, contract and position) so +Original image link: ![Example - Contexts](/img/product_docs/identitymanager/saas/integration-guide/identity-management/joiners-movers-leavers/position-change/recordsorigin_contexts.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\identity-management\joiners-movers-leavers\position-change\index.md +Context: +single entity named records, where a context is a record instance: + +![Records Origin - Final Model](/img/product_docs/identitymanager/saas/integration-guide/identity-management/joiners-movers-leavers/position-change/recordsorigin_thirdmodel.webp) + +While there are as many contexts for a user as the number of changes in the user's datasheet, there +Original image link: ![Records Origin - Final Model](/img/product_docs/identitymanager/saas/integration-guide/identity-management/joiners-movers-leavers/position-change/recordsorigin_thirdmodel.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\network-configuration\how-tos\okta\index.md +Context: +On the Okta dashboard: + +![Add Application](/img/product_docs/identitymanager/saas/integration-guide/network-configuration/how-tos/okta/okta_addapplication.webp) + +**Step 1 –** Select the **Applications** section and click on the **Add Application** button. +Original image link: ![Add Application](/img/product_docs/identitymanager/saas/integration-guide/network-configuration/how-tos/okta/okta_addapplication.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\network-configuration\how-tos\okta\index.md +Context: +**Step 1 –** Select the **Applications** section and click on the **Add Application** button. + +![Create New App](/img/product_docs/identitymanager/saas/integration-guide/network-configuration/how-tos/okta/okta_createnewapp.webp) + +**Step 2 –** Then click on the **Create New App** button. +Original image link: ![Create New App](/img/product_docs/identitymanager/saas/integration-guide/network-configuration/how-tos/okta/okta_createnewapp.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\network-configuration\how-tos\okta\index.md +Context: +**Step 2 –** Then click on the **Create New App** button. + +![Create Native App](/img/product_docs/identitymanager/saas/integration-guide/network-configuration/how-tos/okta/okta_createnativeapp.webp) + +**Step 3 –** Select the platform **Native app**. The only sign-on method is the OpenID Connect. +Original image link: ![Create Native App](/img/product_docs/identitymanager/saas/integration-guide/network-configuration/how-tos/okta/okta_createnativeapp.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\network-configuration\how-tos\okta\index.md +Context: +Identity Manager. + +![Save Application](/img/product_docs/identitymanager/saas/integration-guide/network-configuration/how-tos/okta/okta_saveapplication.webp) + +## Configure the Client Credentials +Original image link: ![Save Application](/img/product_docs/identitymanager/saas/integration-guide/network-configuration/how-tos/okta/okta_saveapplication.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\network-configuration\how-tos\okta\index.md +Context: +save the changes. + +![Client Credentials](/img/product_docs/identitymanager/saas/integration-guide/network-configuration/how-tos/okta/okta_clientcredentials.webp) + +## Configure the Application Settings +Original image link: ![Client Credentials](/img/product_docs/identitymanager/saas/integration-guide/network-configuration/how-tos/okta/okta_clientcredentials.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\network-configuration\how-tos\okta\index.md +Context: +Identity Manager can operate correctly. **Allow ID Token with implicit grant type** is optional. + +![Application Section](/img/product_docs/identitymanager/saas/integration-guide/network-configuration/how-tos/okta/okta_applicationsection.webp) + +## Configure the appsettings.json +Original image link: ![Application Section](/img/product_docs/identitymanager/saas/integration-guide/network-configuration/how-tos/okta/okta_applicationsection.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\network-configuration\index.md +Context: +belonging to a parent section. + +![tree like structure](/img/product_docs/identitymanager/saas/integration-guide/network-configuration/tree-like-structure.webp) + +### Configuration files +Original image link: ![tree like structure](/img/product_docs/identitymanager/saas/integration-guide/network-configuration/tree-like-structure.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\network-configuration\server-configuration\end-users-authentication\index.md +Context: +Internal method & test mode form: + +![authent_1](/img/product_docs/identitymanager/saas/integration-guide/network-configuration/server-configuration/end-users-authentication/authent_1.webp) + +External method prompt: +Original image link: ![authent_1](/img/product_docs/identitymanager/saas/integration-guide/network-configuration/server-configuration/end-users-authentication/authent_1.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\network-configuration\server-configuration\end-users-authentication\index.md +Context: +External method prompt: + +![authent_2](/img/product_docs/identitymanager/saas/integration-guide/network-configuration/server-configuration/end-users-authentication/authent_2.webp) + +## Identity Server RSA Key Pair +Original image link: ![authent_2](/img/product_docs/identitymanager/saas/integration-guide/network-configuration/server-configuration/end-users-authentication/authent_2.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\network-configuration\settings\index.md +Context: +``` + +![CustomLinksUserMenu.webp](/img/product_docs/identitymanager/saas/integration-guide/network-configuration/settings/customlinksusermenu_v523.webp) + +## DashboardItemNumber +Original image link: ![CustomLinksUserMenu.webp](/img/product_docs/identitymanager/saas/integration-guide/network-configuration/settings/customlinksusermenu_v523.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\network-configuration\settings\index.md +Context: +the review page filtered by entity type. The links are sorted by entity type priority. + +![DashboardItemNumber.webp](/img/product_docs/identitymanager/saas/integration-guide/network-configuration/settings/dashboarditemnumber.webp) + +By default, 3 links are displayed. If more than 3 entity type links exist, a link "Others" is +Original image link: ![DashboardItemNumber.webp](/img/product_docs/identitymanager/saas/integration-guide/network-configuration/settings/dashboarditemnumber.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\role-assignment\assignments-of-entitlements\index.md +Context: +do not have a provisioning state, unlike assigned resource types, scalars and navigation, etc. + +![Provisioning State Schema](/img/product_docs/identitymanager/saas/user-guide/administrate/provisioning/prov_stateschema_v523.webp) + +The schema sums up the usual progress of an assignment's provisioning state. +Original image link: ![Provisioning State Schema](/img/product_docs/identitymanager/saas/user-guide/administrate/provisioning/prov_stateschema_v523.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\role-assignment\assignments-of-entitlements\index.md +Context: +all assignments that do not comply with the policy. + +![Non-Conforming Assignments](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/assignments-of-entitlements/governance_nonconforming.webp) + +A non-conforming assignment must be reviewed in Identity Manager by a knowledgeable user, and is +Original image link: ![Non-Conforming Assignments](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/assignments-of-entitlements/governance_nonconforming.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\role-assignment\evaluate-policy\index.md +Context: +## Overview + +![Evaluate Policy Overview](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/evaluate-policy-1.webp) + +The main responsibility of the Evaluate Policy is to compute, for every fed resource, the set of +Original image link: ![Evaluate Policy Overview](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/evaluate-policy-1.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\role-assignment\evaluate-policy\index.md +Context: +- The time period validity of every assignment computed during this Evaluate Policy iteration + +![Computing Context For Input Resource](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/enforce-context.webp) + +Computing expected role assignments +Original image link: ![Computing Context For Input Resource](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/enforce-context.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\role-assignment\evaluate-policy\index.md +Context: +resource-identity. + +![Computing Expected Role Assignments](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/compute-expected-1.webp) + +Enforcing composite role rules +Original image link: ![Computing Expected Role Assignments](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/compute-expected-1.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\role-assignment\evaluate-policy\index.md +Context: +topic for additional information. + +![Computing Expected Provisioning Assignments](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/compute-expected-2.webp) + +Enforcing resource type rules +Original image link: ![Computing Expected Provisioning Assignments](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/compute-expected-2.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\role-assignment\evaluate-policy\index.md +Context: +**Step 3 –** **Match existing assignments with expected assignments** + +![Computing Expected Provisioning Assignments](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/compute-find-matching.webp) + +The expected assignments list is now built. +Original image link: ![Computing Expected Provisioning Assignments](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/compute-find-matching.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\role-assignment\evaluate-policy\index.md +Context: +**Step 5 –** **Correlation** + +![Computing Expected Provisioning Assignments](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/correlation.webp) + +Resource correlation rules are enforced: for every expected assigned resource type, the algorithm +Original image link: ![Computing Expected Provisioning Assignments](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/correlation.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\role-assignment\evaluate-policy\index.md +Context: +| --------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| 0—None | Used for Identity Manager's internal computation | +| 1—Non-conforming | The assignment is not supported by a rule. ![Workflow State: Non-conforming](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/1_nonconforming_v603.webp) | +| 2—Requested - Missing Parameters | The assignment has been requested via a workflow, but does not specify at least one required parameter for the role. | +| 3—Pre-existing | The assignment is not supported by a rule, and it existed before the production launch. ![Workflow State: Pre-existing](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/3_preexisting_v603.webp) | +Original image link: ![Workflow State: Non-conforming](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/1_nonconforming_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\role-assignment\evaluate-policy\index.md +Context: +| 1—Non-conforming | The assignment is not supported by a rule. ![Workflow State: Non-conforming](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/1_nonconforming_v603.webp) | +| 2—Requested - Missing Parameters | The assignment has been requested via a workflow, but does not specify at least one required parameter for the role. | +| 3—Pre-existing | The assignment is not supported by a rule, and it existed before the production launch. ![Workflow State: Pre-existing](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/3_preexisting_v603.webp) | +| 4—Requested | The assignment is requested via a workflow, but not yet added. **NOTE:** Usually displayed in workflows' summaries. ![Workflow State: Pending Approval - Requested](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/4_requested_v603.webp) | +| 5—Calculated - Missing Parameters | The assignment was done by a rule which does not specify at least one required parameter for the role. ![Workflow State: Calculated - Missing Parameters](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/5_calculatedmissingparameters_v603.webp) | +Original image link: ![Workflow State: Pre-existing](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/3_preexisting_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\role-assignment\evaluate-policy\index.md +Context: +| 2—Requested - Missing Parameters | The assignment has been requested via a workflow, but does not specify at least one required parameter for the role. | +| 3—Pre-existing | The assignment is not supported by a rule, and it existed before the production launch. ![Workflow State: Pre-existing](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/3_preexisting_v603.webp) | +| 4—Requested | The assignment is requested via a workflow, but not yet added. **NOTE:** Usually displayed in workflows' summaries. ![Workflow State: Pending Approval - Requested](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/4_requested_v603.webp) | +| 5—Calculated - Missing Parameters | The assignment was done by a rule which does not specify at least one required parameter for the role. ![Workflow State: Calculated - Missing Parameters](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/5_calculatedmissingparameters_v603.webp) | +| 8—Pending Approval | The assignment must be reviewed manually by a knowledgeable user. ![Workflow State: Pending Approval](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/8_pendingapproval_v603.webp) | +Original image link: ![Workflow State: Pending Approval - Requested](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/4_requested_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\role-assignment\evaluate-policy\index.md +Context: +| 3—Pre-existing | The assignment is not supported by a rule, and it existed before the production launch. ![Workflow State: Pre-existing](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/3_preexisting_v603.webp) | +| 4—Requested | The assignment is requested via a workflow, but not yet added. **NOTE:** Usually displayed in workflows' summaries. ![Workflow State: Pending Approval - Requested](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/4_requested_v603.webp) | +| 5—Calculated - Missing Parameters | The assignment was done by a rule which does not specify at least one required parameter for the role. ![Workflow State: Calculated - Missing Parameters](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/5_calculatedmissingparameters_v603.webp) | +| 8—Pending Approval | The assignment must be reviewed manually by a knowledgeable user. ![Workflow State: Pending Approval](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/8_pendingapproval_v603.webp) | +| 9—Pending Approval 1 of 2 | The assignment is pending the first approval on a two-step workflow. | +Original image link: ![Workflow State: Calculated - Missing Parameters](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/5_calculatedmissingparameters_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\role-assignment\evaluate-policy\index.md +Context: +| 4—Requested | The assignment is requested via a workflow, but not yet added. **NOTE:** Usually displayed in workflows' summaries. ![Workflow State: Pending Approval - Requested](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/4_requested_v603.webp) | +| 5—Calculated - Missing Parameters | The assignment was done by a rule which does not specify at least one required parameter for the role. ![Workflow State: Calculated - Missing Parameters](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/5_calculatedmissingparameters_v603.webp) | +| 8—Pending Approval | The assignment must be reviewed manually by a knowledgeable user. ![Workflow State: Pending Approval](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/8_pendingapproval_v603.webp) | +| 9—Pending Approval 1 of 2 | The assignment is pending the first approval on a two-step workflow. | +| 10—Pending Approval 2 of 2 | The assignment is pending the second approval on a two-step workflow. | +Original image link: ![Workflow State: Pending Approval](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/8_pendingapproval_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\role-assignment\evaluate-policy\index.md +Context: +| 12—Pending Approval 2 of 3 | The assignment is pending the second approval on a three-step workflow. | +| 13—Pending Approval 3 of 3 | The assignment is pending the third approval on a three-step workflow. | +| 16—Approved | The assignment has completed all approval steps. ![Workflow State: Approved](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/16_approved_v603.webp) | +| 17—Declined | The assignment is explicitly declined during one of the approval steps. | +| 20—Cancellation | The assignment is inferred by a role that was declined. ![Workflow State: Cancellation](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/20_cancellation_v603.webp) | +Original image link: ![Workflow State: Approved](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/16_approved_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\role-assignment\evaluate-policy\index.md +Context: +| 16—Approved | The assignment has completed all approval steps. ![Workflow State: Approved](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/16_approved_v603.webp) | +| 17—Declined | The assignment is explicitly declined during one of the approval steps. | +| 20—Cancellation | The assignment is inferred by a role that was declined. ![Workflow State: Cancellation](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/20_cancellation_v603.webp) | + +**Step 7 –** **Delta** +Original image link: ![Workflow State: Cancellation](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/20_cancellation_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\role-assignment\existingassignmentsdeduction\index.md +Context: +group _Internet_ through a navigation rule `N`. + +![use_case_1_rolemodel](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/existingassignmentsdeduction/use_case_1_rolemodel.webp) + +We are going to consider here an identity named John Doe, and his Active Directory account +Original image link: ![use_case_1_rolemodel](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/existingassignmentsdeduction/use_case_1_rolemodel.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\role-assignment\existingassignmentsdeduction\index.md +Context: +The situation in Identity Manager database at this point is the following. + +![use_case_1_sync](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/existingassignmentsdeduction/use_case_1_sync.webp) + +Integrators have defined the Internet single role and linked it to the _Internet_ AD group through +Original image link: ![use_case_1_sync](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/existingassignmentsdeduction/use_case_1_sync.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\role-assignment\existingassignmentsdeduction\index.md +Context: +The role is now listed under John Doe's assignment list (permissions) in Identity Manager. + +![use_case_1_deduction](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/existingassignmentsdeduction/use_case_1_deduction.webp) + +## Use Case 2: Several Groups, One Role +Original image link: ![use_case_1_deduction](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/existingassignmentsdeduction/use_case_1_deduction.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\role-assignment\generate-contexts\index.md +Context: +The following image shows the positions of `Mark Barn` in a defined timeline. + +![simple-recordsection-identity](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/generate-contexts/simple-recordsection-identity.webp) + +With the given configuration and the identity of `Mark Barn`, the following contexts are generated: +Original image link: ![simple-recordsection-identity](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/generate-contexts/simple-recordsection-identity.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\role-assignment\generate-contexts\index.md +Context: +With the given configuration and the identity of `Mark Barn`, the following contexts are generated: + +![simple-recordsection-result](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/generate-contexts/simple-recordsection-result.webp) + +Each computed context will be used to create a set of dimension-value pairs, thus having 3 sets for +Original image link: ![simple-recordsection-result](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/generate-contexts/simple-recordsection-result.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\role-assignment\generate-contexts\index.md +Context: +Using the identity of `Mark Barn` the computed contexts should be as followed: + +![recordsection-withvaluecopy-result1](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/generate-contexts/recordsection-withvaluecopy-result1.webp) + +Any rules targeting identities working in `London` will be assigned to `Mark Barn` from `Cs` to +Original image link: ![recordsection-withvaluecopy-result1](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/generate-contexts/recordsection-withvaluecopy-result1.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\role-assignment\generate-contexts\index.md +Context: +``` + +![positionextension-identity](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/generate-contexts/positionextension-identity.webp) + +Two contexts will be generated. +Original image link: ![positionextension-identity](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/generate-contexts/positionextension-identity.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\role-assignment\generate-contexts\index.md +Context: +Two contexts will be generated. + +![positionextension-result](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/generate-contexts/positionextension-result.webp) + +By default, the previous position is extended when there is a gap. If there isn't any previous +Original image link: ![positionextension-result](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/generate-contexts/positionextension-result.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\role-assignment\how-tos\configureindirectpermissions\index.md +Context: +The aim of this section is to give you a step-by-step guide for setting up a test user. It will also cover what is displayed in Identity Manager. In this example, we will assign a ```Test Group A``` directly to the test user and the ```Test Group A``` will also be a member of the ```Test Group B```. This way, the test user will also have an indirect assignment to the ```Test Group B```. We will also create the corresponding roles. + +![Group Membership Schema](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/how-tos/configureindirectpermissions/indirectpermissionsadexample.webp) + +A running Active Directory instance is required to reproduce these steps yourself. +Original image link: ![Group Membership Schema](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/how-tos/configureindirectpermissions/indirectpermissionsadexample.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\role-assignment\how-tos\configureindirectpermissions\index.md +Context: +Then we create one Single Role for each group in the Active Directory. We will name them ```TestRoleA``` and ```TestRoleB``` for ```Directory > User```, : + +![Single Role Configuration Example](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/how-tos/configureindirectpermissions/srconf_5.2.1.webp) + +We will also create a test Composite Role to showcase indirect Composite Roles. We will name it ```TestCRoleAB```: +Original image link: ![Single Role Configuration Example](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/how-tos/configureindirectpermissions/srconf_5.2.1.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\role-assignment\how-tos\configureindirectpermissions\index.md +Context: +We will also create a test Composite Role to showcase indirect Composite Roles. We will name it ```TestCRoleAB```: + +![Composite Role Configuration](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/how-tos/configureindirectpermissions/crconf_5.2.1.webp) + +Then we will also need to add some rules. We first need to add one Navigation Rule for each group to link them with their respective Single Role: +Original image link: ![Composite Role Configuration](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/how-tos/configureindirectpermissions/crconf_5.2.1.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\role-assignment\how-tos\configureindirectpermissions\index.md +Context: +Then we will also need to add some rules. We first need to add one Navigation Rule for each group to link them with their respective Single Role: + +![Navigation Rule Example](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/how-tos/configureindirectpermissions/navrule_5.2.1.webp) + +And finally, we need to add Single Role Rules to link our two previously created Single Roles to the new Composite Role: +Original image link: ![Navigation Rule Example](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/how-tos/configureindirectpermissions/navrule_5.2.1.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\role-assignment\how-tos\configureindirectpermissions\index.md +Context: +And finally, we need to add Single Role Rules to link our two previously created Single Roles to the new Composite Role: + +![Single Role Rule Example](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/how-tos/configureindirectpermissions/srrule_5.2.1.webp) + +Even if two rules of a kind are needed, only one is pictured. Do not forget the other one. +Original image link: ![Single Role Rule Example](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/how-tos/configureindirectpermissions/srrule_5.2.1.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\role-assignment\how-tos\configureindirectpermissions\index.md +Context: +If you first go on the ```View permissions``` tab of your test user, the only new role that appears in the ```Simplified view``` is the indirect Composite Role ```TestCRoleAB```: + +![View Permissions Simplified](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/how-tos/configureindirectpermissions/viewpermissionssimplified_5.2.1.webp) + +To display Indirect Permissions, you need to switch over to the ```Advanced view```. ```TestRoleA``` and ```TestRoleB``` should then appear: +Original image link: ![View Permissions Simplified](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/how-tos/configureindirectpermissions/viewpermissionssimplified_5.2.1.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\role-assignment\how-tos\configureindirectpermissions\index.md +Context: +To display Indirect Permissions, you need to switch over to the ```Advanced view```. ```TestRoleA``` and ```TestRoleB``` should then appear: + +![View Permissions Advanced](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/how-tos/configureindirectpermissions/viewpermissionsadvanced_5.2.1.webp) + +You can also directly display the Assigned Resource Navigations by clicking on ```AD User (nominative)```. The ```memberOf``` properties will appear in the list: +Original image link: ![View Permissions Advanced](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/how-tos/configureindirectpermissions/viewpermissionsadvanced_5.2.1.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\role-assignment\how-tos\configureindirectpermissions\index.md +Context: +You can also directly display the Assigned Resource Navigations by clicking on ```AD User (nominative)```. The ```memberOf``` properties will appear in the list: + +![AD Assigned Resource Navigations](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/how-tos/configureindirectpermissions/adassignednavigations_5.2.1.webp) + +## Configure Indirect Permissions in an Microsoft Entra ID +Original image link: ![AD Assigned Resource Navigations](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/how-tos/configureindirectpermissions/adassignednavigations_5.2.1.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\role-assignment\indirectpermissions\index.md +Context: + +Indirect Permissions are always indicated by the following icon: +![Indirect Permission Icon](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/indirectpermissions/ic_fluent_flow_20_regular.webp) + +## Disabling the Indirect Permission Computation +Original image link: ![Indirect Permission Icon](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/indirectpermissions/ic_fluent_flow_20_regular.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\role-mining\index.md +Context: +assign single roles to certain users matching given criteria. + +![Schema - Role Mining](/img/product_docs/identitymanager/saas/user-guide/optimize/assignment-automation/role-mining/rolemining_schema.webp) + +Role mining is a Machine Learning process. It is a statistic tool used to emphasize the +Original image link: ![Schema - Role Mining](/img/product_docs/identitymanager/saas/user-guide/optimize/assignment-automation/role-mining/rolemining_schema.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\role-mining\index.md +Context: + entitlement request for a user. + + ![Suggested](/img/product_docs/identitymanager/saas/user-guide/optimize/assignment-automation/role-mining/rolemining_suggested_v602.webp) + +You can generate both automatic and suggested rules for the same role, with different precision +Original image link: ![Suggested](/img/product_docs/identitymanager/saas/user-guide/optimize/assignment-automation/role-mining/rolemining_suggested_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\role-mining\index.md +Context: +> between 75% and 95%. +> +> ![Rule Types](/img/product_docs/identitymanager/saas/user-guide/optimize/assignment-automation/role-mining/rolemining_ruletype.webp) + +You can also differentiate entitlements according to their sensitivity, for example require +Original image link: ![Rule Types](/img/product_docs/identitymanager/saas/user-guide/optimize/assignment-automation/role-mining/rolemining_ruletype.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\role-mining\index.md +Context: +additional reviews following the request of a sensitive entitlement: + +![Rule Types - Sensitivity](/img/product_docs/identitymanager/saas/user-guide/optimize/assignment-automation/role-mining/rolemining_ruletype-sensitivity.webp) + +The automation of entitlement assignments according to sensitivity brings greater confidence in +Original image link: ![Rule Types - Sensitivity](/img/product_docs/identitymanager/saas/user-guide/optimize/assignment-automation/role-mining/rolemining_ruletype-sensitivity.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\role-mining\index.md +Context: +entitlements remain unchanged: + +![Impact Example - Use Case 1](/img/product_docs/identitymanager/saas/integration-guide/role-mining/rolemining_impact_usecase1.webp) + +Now consider that half of users in the organization have the role. Then role mining will not +Original image link: ![Impact Example - Use Case 1](/img/product_docs/identitymanager/saas/integration-guide/role-mining/rolemining_impact_usecase1.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\role-mining\index.md +Context: +generate a role assignment rule. Then users' entitlements remain unchanged: + +![Impact Example - Use Case 2](/img/product_docs/identitymanager/saas/integration-guide/role-mining/rolemining_impact_usecase2.webp) + +Starting from the previous example, consider now that users progressively request the role. As long +Original image link: ![Impact Example - Use Case 2](/img/product_docs/identitymanager/saas/integration-guide/role-mining/rolemining_impact_usecase2.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\role-mining\index.md +Context: +Then users' entitlements remain unchanged: + +![Impact Example - Use Case 3](/img/product_docs/identitymanager/saas/integration-guide/role-mining/rolemining_impact_usecase3.webp) + +Starting from the previous example, consider now that users continue requesting the role. As soon as +Original image link: ![Impact Example - Use Case 3](/img/product_docs/identitymanager/saas/integration-guide/role-mining/rolemining_impact_usecase3.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\role-mining\index.md +Context: +entitlement: + +![Impact Example - Use Case 4](/img/product_docs/identitymanager/saas/integration-guide/role-mining/rolemining_impact_usecase4.webp) + +Starting from the previous example, consider now that, as a result of a reorganization or an access +Original image link: ![Impact Example - Use Case 4](/img/product_docs/identitymanager/saas/integration-guide/role-mining/rolemining_impact_usecase4.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\role-mining\index.md +Context: +users who need the role will not lose it. Then users' entitlements remain unchanged: + +![Impact Example - Use Case 5](/img/product_docs/identitymanager/saas/integration-guide/role-mining/rolemining_impact_usecase5.webp) + +## Perform Role Mining +Original image link: ![Impact Example - Use Case 5](/img/product_docs/identitymanager/saas/integration-guide/role-mining/rolemining_impact_usecase5.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\role-mining\index.md +Context: +mining on the role model, before applying them. + +![Schema - Role Mining](/img/product_docs/identitymanager/saas/integration-guide/role-mining/rolemining_simulation.webp) + +The simulation tool gives another point of view on the role model as it emphasizes the changes. +Original image link: ![Schema - Role Mining](/img/product_docs/identitymanager/saas/integration-guide/role-mining/rolemining_simulation.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\role-mining\index.md +Context: +The simulation tool gives another point of view on the role model as it emphasizes the changes. + +![Schema - Role Mining](/img/product_docs/identitymanager/saas/integration-guide/role-mining/rolemining_simulationresults.webp) + +Identity Manager recommends simulating role mining before applying the results. +Original image link: ![Schema - Role Mining](/img/product_docs/identitymanager/saas/integration-guide/role-mining/rolemining_simulationresults.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\role-model\role-model-rules\index.md +Context: +[Evaluate Policy](/docs/identitymanager/6.2/integration-guide/role-assignment/evaluate-policy/index.md) algorithm. + +![Cascading From Dimensions To Roles To Provisioning Orders](/img/product_docs/identitymanager/saas/integration-guide/role-model/role-model-rules/enforce-assignment-policy-summary.webp) + +--- +Original image link: ![Cascading From Dimensions To Roles To Provisioning Orders](/img/product_docs/identitymanager/saas/integration-guide/role-model/role-model-rules/enforce-assignment-policy-summary.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\synchronization\upward-data-sync\index.md +Context: +(`ad_managers.csv`). + +![Active Directory Export Example](/img/product_docs/identitymanager/saas/integration-guide/synchronization/upward-data-sync/ad_export_example.webp) + +`ad_entries.csv` contains raw AD entry data. +Original image link: ![Active Directory Export Example](/img/product_docs/identitymanager/saas/integration-guide/synchronization/upward-data-sync/ad_export_example.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\synchronization\upward-data-sync\index.md +Context: +The following illustration models the complete _prepare-synchronization_ steps applied to an Active Directory export. The matching _Connector_ defines an Entity Type _AD Entry_ and two associations: _members_ and _manager_. + +![Active Directory Prepare-Synchronization Example](/img/product_docs/identitymanager/saas/integration-guide/synchronization/upward-data-sync/ad_preparesynchro_example.webp) + +## Synchro +Original image link: ![Active Directory Prepare-Synchronization Example](/img/product_docs/identitymanager/saas/integration-guide/synchronization/upward-data-sync/ad_preparesynchro_example.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\synchronization\upward-data-sync\index.md +Context: +This example illustrates the _complete_ loading of Active Directory ```.sorted``` files into Identity Manager database. + +![Active Directory Synchronization Example](/img/product_docs/identitymanager/saas/integration-guide/synchronization/upward-data-sync/ad_synchro_example.webp) + +## Handling Errors +Original image link: ![Active Directory Synchronization Example](/img/product_docs/identitymanager/saas/integration-guide/synchronization/upward-data-sync/ad_synchro_example.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\tasks-jobs\how-tos\troubleshoot-connector-jobs\index.md +Context: +sequence: + +![Synchronization/Provisioning Schema](/img/product_docs/identitymanager/saas/integration-guide/tasks-jobs/how-tos/troubleshoot-connector-jobs/troubleshoot_synchroprovschema.webp) + +### Export data +Original image link: ![Synchronization/Provisioning Schema](/img/product_docs/identitymanager/saas/integration-guide/tasks-jobs/how-tos/troubleshoot-connector-jobs/troubleshoot_synchroprovschema.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\toolkit\expressions\index.md +Context: +For example, the source object of a scalar rule based on user records is displayed: + +![Property Path and Expression](/img/product_docs/identitymanager/saas/integration-guide/toolkit/expressions/expression-propertypath_v602.webp) + +The field Property Path is usually filled in with the + button only when the rule involves one +Original image link: ![Property Path and Expression](/img/product_docs/identitymanager/saas/integration-guide/toolkit/expressions/expression-propertypath_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\toolkit\expressions\index.md +Context: +second defines the source object with an expression based on the user record's first and last names: + +![Property Path Example](/img/product_docs/identitymanager/saas/integration-guide/toolkit/expressions/expression-propertypath-example1_v602.webp) + +![Expression Example](/img/product_docs/identitymanager/saas/integration-guide/toolkit/expressions/expression-propertypath-example2_v602.webp) +Original image link: ![Property Path Example](/img/product_docs/identitymanager/saas/integration-guide/toolkit/expressions/expression-propertypath-example1_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\toolkit\expressions\index.md +Context: +![Property Path Example](/img/product_docs/identitymanager/saas/integration-guide/toolkit/expressions/expression-propertypath-example1_v602.webp) + +![Expression Example](/img/product_docs/identitymanager/saas/integration-guide/toolkit/expressions/expression-propertypath-example2_v602.webp) + +### Expressions in XML +Original image link: ![Expression Example](/img/product_docs/identitymanager/saas/integration-guide/toolkit/expressions/expression-propertypath-example2_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\toolkit\how-tos\deploy-configuration\index.md +Context: +2. Log in to the IDP to be redirected back to this screen: + + ![Usercube-Login.exe Success Screen](/img/product_docs/identitymanager/saas/integration-guide/toolkit/how-tos/export-configuration/identitymanager-login_success_v602.webp) + + Once authenticated, an identification token is stored on your local machine for the +Original image link: ![Usercube-Login.exe Success Screen](/img/product_docs/identitymanager/saas/integration-guide/toolkit/how-tos/export-configuration/identitymanager-login_success_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\toolkit\how-tos\export-configuration\index.md +Context: +2. Log in to the IDP to be redirected back to this screen: + + ![Usercube-Login.exe Success Screen](/img/product_docs/identitymanager/saas/integration-guide/toolkit/how-tos/export-configuration/identitymanager-login_success_v602.webp) + + Once authenticated, an identification token is stored on your local machine for the +Original image link: ![Usercube-Login.exe Success Screen](/img/product_docs/identitymanager/saas/integration-guide/toolkit/how-tos/export-configuration/identitymanager-login_success_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\toolkit\index.md +Context: +successive imports in a test instance. + +![Integration cycle](/img/product_docs/identitymanager/saas/integration-guide/toolkit/configurationcycle.webp) + +Original image link: ![Integration cycle](/img/product_docs/identitymanager/saas/integration-guide/toolkit/configurationcycle.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\toolkit\recommendations\index.md +Context: +`Ctrl-Space`. + +![Auto-complete](/img/product_docs/identitymanager/saas/integration-guide/toolkit/recommendations/autocomplete.webp) + +Configure auto-completion by proceeding as follows: +Original image link: ![Auto-complete](/img/product_docs/identitymanager/saas/integration-guide/toolkit/recommendations/autocomplete.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\toolkit\recommendations\index.md +Context: +- **_Workflows.xml_** file containing the Workflows configuration for the given connector. + +![Recommendation](/img/product_docs/identitymanager/saas/integration-guide/toolkit/recommendations/recommendation.webp) + +Original image link: ![Recommendation](/img/product_docs/identitymanager/saas/integration-guide/toolkit/recommendations/recommendation.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\toolkit\xml-configuration\access-control\accesscontrolrule\index.md +Context: +- A comparison value that can be constant, or originating from the user profile + +![Access Control Filter Schema](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/access-control/accesscontrolrule/accesscontrolfilter_schema.webp) + +### Examples +Original image link: ![Access Control Filter Schema](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/access-control/accesscontrolrule/accesscontrolfilter_schema.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\toolkit\xml-configuration\access-control\accesscontrolrule\index.md +Context: +set to `Treasury/Chief Economist`. + +![Matching Assigned Profile](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/access-control/accesscontrolrule/assignedprofile_example_v603.webp) + +Thus, with the previous access control rule, Timothy Callahan will get certain permissions on users +Original image link: ![Matching Assigned Profile](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/access-control/accesscontrolrule/assignedprofile_example_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\toolkit\xml-configuration\business-intelligence\universe\index.md +Context: +``` + +![Universe - Basic Example](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/business-intelligence/universe/bi_universeexampledisplaynames.webp) + +When getting Identity Manager data in +Original image link: ![Universe - Basic Example](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/business-intelligence/universe/bi_universeexampledisplaynames.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\toolkit\xml-configuration\business-intelligence\universe\index.md +Context: +we see the following: + +![Universe (Display Names)](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/business-intelligence/universe/universe_columnnamedisplayname.webp) + +##### Basic universe with identifiers instead of display names +Original image link: ![Universe (Display Names)](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/business-intelligence/universe/universe_columnnamedisplayname.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\toolkit\xml-configuration\business-intelligence\universe\index.md +Context: +``` + +![Universe - Basic Example](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/business-intelligence/universe/bi_universeexample.webp) + +When getting Identity Manager data in +Original image link: ![Universe - Basic Example](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/business-intelligence/universe/bi_universeexample.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\toolkit\xml-configuration\business-intelligence\universe\index.md +Context: +we see the following: + +![Universe (Identifiers)](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/business-intelligence/universe/universe_columnnameidentifier.webp) + +## Properties +Original image link: ![Universe (Identifiers)](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/business-intelligence/universe/universe_columnnameidentifier.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\toolkit\xml-configuration\configuration\scaffoldings\accesscontrolrules\accessreviews\accessreviewadministrationaccesscontrolrules\index.md +Context: +Gives access to a shortcut on the dashboard to access this page. + +![Access Certification Campaigns](/img/product_docs/identitymanager/saas/user-guide/administrate/access-certification/certification-campaign-scheduling/home_accesscertificationcampaigns_v602.webp) + +## Examples +Original image link: ![Access Certification Campaigns](/img/product_docs/identitymanager/saas/user-guide/administrate/access-certification/certification-campaign-scheduling/home_accesscertificationcampaigns_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\toolkit\xml-configuration\configuration\scaffoldings\accesscontrolrules\jobs\jobadministrationaccesscontrolrules\index.md +Context: +part in dashboard of the user interface. + +![Job Execution](/img/product_docs/identitymanager/saas/user-guide/set-up/synchronization/home_jobexecution_v602.webp) + +## Examples +Original image link: ![Job Execution](/img/product_docs/identitymanager/saas/user-guide/set-up/synchronization/home_jobexecution_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\toolkit\xml-configuration\configuration\scaffoldings\accesscontrolrules\profiles\assignprofileaccesscontrolrules\index.md +Context: +the **Assigned Profiles** screen. + +![Assigned Profiles](/img/product_docs/identitymanager/saas/user-guide/set-up/user-profile-assignment/home_assignedprofiles_v602.webp) + +## Examples +Original image link: ![Assigned Profiles](/img/product_docs/identitymanager/saas/user-guide/set-up/user-profile-assignment/home_assignedprofiles_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\toolkit\xml-configuration\configuration\scaffoldings\accesscontrolrules\profiles\profileadministrationaccesscontrolrules\index.md +Context: +Profiles are listed on the **Profiles** screen, from **Settings** in the **Configuration** section. + +![Settings](/img/product_docs/identitymanager/saas/user-guide/set-up/user-profile-configuration/home_settings_v523.webp) + +![Profiles](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/configuration/scaffoldings/accesscontrolrules/profiles/profileadministrationaccesscontrolrules/accesscontrol_profiles_v603.webp) +Original image link: ![Settings](/img/product_docs/identitymanager/saas/user-guide/set-up/user-profile-configuration/home_settings_v523.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\toolkit\xml-configuration\configuration\scaffoldings\accesscontrolrules\profiles\profileadministrationaccesscontrolrules\index.md +Context: +![Settings](/img/product_docs/identitymanager/saas/user-guide/set-up/user-profile-configuration/home_settings_v523.webp) + +![Profiles](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/configuration/scaffoldings/accesscontrolrules/profiles/profileadministrationaccesscontrolrules/accesscontrol_profiles_v603.webp) + +See more details on profiles' APIs. +Original image link: ![Profiles](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/configuration/scaffoldings/accesscontrolrules/profiles/profileadministrationaccesscontrolrules/accesscontrol_profiles_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\toolkit\xml-configuration\configuration\scaffoldings\accesscontrolrules\queries\reportaccesscontrolrules\index.md +Context: +Gives access to a shortcut on the navigation to access this page. + +![Reports](/img/product_docs/identitymanager/saas/user-guide/administrate/reporting/home_reports_v602.webp) + +## Examples +Original image link: ![Reports](/img/product_docs/identitymanager/saas/user-guide/administrate/reporting/home_reports_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\toolkit\xml-configuration\configuration\scaffoldings\accesscontrolrules\rolemodels\governancerolesaccesscontrolrules\index.md +Context: +Gives access to a shortcut on the dashboard to access this page. + +![Role Review](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/configuration/scaffoldings/accesscontrolrules/rolemodels/governancerolesaccesscontrolrules/home_rolereview_v523.webp) + +## Properties +Original image link: ![Role Review](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/configuration/scaffoldings/accesscontrolrules/rolemodels/governancerolesaccesscontrolrules/home_rolereview_v523.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\toolkit\xml-configuration\configuration\scaffoldings\accesscontrolrules\rolemodels\performmanualprovisioningaccesscontrolrules\index.md +Context: +Gives access to a shortcut on the dashboard to access this page. + +![Manual Provisioning](/img/product_docs/identitymanager/saas/user-guide/administrate/provisioning/manual-provisioning/home_manualprovisioning_v523.webp) + +The connector connected to the entity type must have the manual type as the provisioning type, +Original image link: ![Manual Provisioning](/img/product_docs/identitymanager/saas/user-guide/administrate/provisioning/manual-provisioning/home_manualprovisioning_v523.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\toolkit\xml-configuration\configuration\scaffoldings\accesscontrolrules\rolemodels\reconciliateresourcesaccesscontrolrules\index.md +Context: +EntityType to be filled in the Scaffolding. + +![Resource Reconciliation](/img/product_docs/identitymanager/saas/user-guide/administrate/orphan-unused-account-review/home_resourcereconciliation_v523.webp) + +## Examples +Original image link: ![Resource Reconciliation](/img/product_docs/identitymanager/saas/user-guide/administrate/orphan-unused-account-review/home_resourcereconciliation_v523.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\toolkit\xml-configuration\configuration\scaffoldings\accesscontrolrules\rolemodels\reconciliaterolesaccesscontrolrules\index.md +Context: +Gives access to a shortcut on the dashboard to access this page. + +![Role Reconciliation](/img/product_docs/identitymanager/saas/user-guide/administrate/non-conforming-assignment-review/role-reconciliation/home_rolereconciliation_v523.webp) + +## Examples +Original image link: ![Role Reconciliation](/img/product_docs/identitymanager/saas/user-guide/administrate/non-conforming-assignment-review/role-reconciliation/home_rolereconciliation_v523.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\toolkit\xml-configuration\configuration\scaffoldings\accesscontrolrules\rolemodels\redundantassignmentaccesscontrolrule\index.md +Context: +Gives access to a shortcut on the dashboard to access this page. + +![Redundant Assignments](/img/product_docs/identitymanager/saas/user-guide/optimize/assignment-automation/remove-redundant-assignments/home_redundantassignments_v602.webp) + +## Examples +Original image link: ![Redundant Assignments](/img/product_docs/identitymanager/saas/user-guide/optimize/assignment-automation/remove-redundant-assignments/home_redundantassignments_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\toolkit\xml-configuration\configuration\scaffoldings\accesscontrolrules\rolemodels\reviewprovisioningaccesscontrolrules\index.md +Context: +Gives access to a shortcut on the dashboard to access this page. + +![Provisioning Review](/img/product_docs/identitymanager/saas/user-guide/administrate/provisioning/provisioning-review/home_provisioningreview_v523.webp) + +## Examples +Original image link: ![Provisioning Review](/img/product_docs/identitymanager/saas/user-guide/administrate/provisioning/provisioning-review/home_provisioningreview_v523.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\toolkit\xml-configuration\configuration\scaffoldings\accesscontrolrules\rolemodels\reviewrolesaccesscontrolrules\index.md +Context: +Gives access to a shortcut on the dashboard to access this page. + +![Role Review](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/configuration/scaffoldings/accesscontrolrules/rolemodels/governancerolesaccesscontrolrules/home_rolereview_v523.webp) + +## Examples +Original image link: ![Role Review](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/configuration/scaffoldings/accesscontrolrules/rolemodels/governancerolesaccesscontrolrules/home_rolereview_v523.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\toolkit\xml-configuration\configuration\scaffoldings\accesscontrolrules\rolemodels\roleadministrationaccesscontrolrules\index.md +Context: +Gives access to a shortcut on the dashboard to access this page. + +![Configuration Section](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/configuration/scaffoldings/accesscontrolrules/rolemodels/roleadministrationaccesscontrolrules/home_configuration_v603.webp) + +## Examples +Original image link: ![Configuration Section](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/configuration/scaffoldings/accesscontrolrules/rolemodels/roleadministrationaccesscontrolrules/home_configuration_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\toolkit\xml-configuration\configuration\scaffoldings\accesscontrolrules\userinterfaces\manageaccounts\index.md +Context: +Gives access to the **Manage Accounts** buttons for the users of a given entity type. + +![ManageAccounts Button](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/configuration/scaffoldings/accesscontrolrules/userinterfaces/manageaccounts/accesscontrol_manageaccounts_v603.webp) + +The scaffolding gives access to the button, but you need to get the permissions on said accounts in +Original image link: ![ManageAccounts Button](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/configuration/scaffoldings/accesscontrolrules/userinterfaces/manageaccounts/accesscontrol_manageaccounts_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\toolkit\xml-configuration\configuration\scaffoldings\accesscontrolrules\workflows\workflowaccesscontrolrules\index.md +Context: +Top bar shortcut: + +![Tasks in Top Bar](/img/product_docs/identitymanager/saas/user-guide/set-up/configure-workflows/home_topbar_v601.webp) + +DashBoard shortcut: +Original image link: ![Tasks in Top Bar](/img/product_docs/identitymanager/saas/user-guide/set-up/configure-workflows/home_topbar_v601.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\toolkit\xml-configuration\configuration\scaffoldings\accesscontrolrules\workflows\workflowaccesscontrolrules\index.md +Context: +DashBoard shortcut: + +![Task in Dashboard](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/configuration/scaffoldings/accesscontrolrules/workflows/workflowaccesscontrolrules/home_mytasks_v523.webp) + +## Examples +Original image link: ![Task in Dashboard](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/configuration/scaffoldings/accesscontrolrules/workflows/workflowaccesscontrolrules/home_mytasks_v523.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\toolkit\xml-configuration\configuration\scaffoldings\accesscontrolrules\workflows\workflowoverviewcontrolrules\index.md +Context: +Gives access to a shortcut on the dashboard to access this page. + +![Workflow Overview](/img/product_docs/identitymanager/saas/user-guide/administrate/reporting/home_workflowoverview_v602.webp) + +## Examples +Original image link: ![Workflow Overview](/img/product_docs/identitymanager/saas/user-guide/administrate/reporting/home_workflowoverview_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\toolkit\xml-configuration\configuration\scaffoldings\entitytypes\entitytypes\connectormappings\index.md +Context: +we see the following: + +![Universe (ExcludedProperty)](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/configuration/scaffoldings/queries/universedatamodel/universe_excluded.webp) + +### Mapping Path +Original image link: ![Universe (ExcludedProperty)](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/configuration/scaffoldings/queries/universedatamodel/universe_excluded.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\toolkit\xml-configuration\configuration\scaffoldings\queries\universedatamodel\index.md +Context: +we see the following: + +![Universe (ExcludedProperty)](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/configuration/scaffoldings/queries/universedatamodel/universe_excluded.webp) + +### Root Instance +Original image link: ![Universe (ExcludedProperty)](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/configuration/scaffoldings/queries/universedatamodel/universe_excluded.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\toolkit\xml-configuration\configuration\scaffoldings\queries\universedatamodel\index.md +Context: +``` + +![Universe (RootInstance)](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/configuration/scaffoldings/queries/universedatamodel/universe_rootinstance.webp) + +When getting Identity Manager data in +Original image link: ![Universe (RootInstance)](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/configuration/scaffoldings/queries/universedatamodel/universe_rootinstance.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\toolkit\xml-configuration\configuration\scaffoldings\queries\universedatamodel\index.md +Context: +``` + +![Universe Schema (Several Scaffoldings with Data Duplication)](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/configuration/scaffoldings/queries/universedatamodel/universe_severalduplicationschema.webp) + +When getting Identity Manager +Original image link: ![Universe Schema (Several Scaffoldings with Data Duplication)](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/configuration/scaffoldings/queries/universedatamodel/universe_severalduplicationschema.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\toolkit\xml-configuration\configuration\scaffoldings\queries\universedatamodel\index.md +Context: +the following: + +![Universe (Several Scaffoldings with Data Duplication)](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/configuration/scaffoldings/queries/universedatamodel/universe_severalduplication.webp) + +We see that `Directory_User_Records` and `Directory_UserRecords` represent the same entity +Original image link: ![Universe (Several Scaffoldings with Data Duplication)](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/configuration/scaffoldings/queries/universedatamodel/universe_severalduplication.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\toolkit\xml-configuration\configuration\scaffoldings\queries\universedatamodel\index.md +Context: +``` + +![Universe (Several Scaffoldings without Data Duplication)](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/configuration/scaffoldings/queries/universedatamodel/universe_severalnoduplicationschema.webp) + +When getting Identity Managerdata in +Original image link: ![Universe (Several Scaffoldings without Data Duplication)](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/configuration/scaffoldings/queries/universedatamodel/universe_severalnoduplicationschema.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\toolkit\xml-configuration\configuration\scaffoldings\queries\universedatamodel\index.md +Context: +we see the following: + +![Universe (Several Scaffoldings without Data Duplication)](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/configuration/scaffoldings/queries/universedatamodel/universe_severalnoduplication.webp) + +Thus we removed the duplicated data, and we understand easily the navigations of the model. +Original image link: ![Universe (Several Scaffoldings without Data Duplication)](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/configuration/scaffoldings/queries/universedatamodel/universe_severalnoduplication.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\toolkit\xml-configuration\configuration\scaffoldings\queries\universedatamodel\index.md +Context: +``` + +![Universe (No Template)](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/configuration/scaffoldings/queries/universedatamodel/universe_notemplateschema.webp) + +When getting Identity Manager data in +Original image link: ![Universe (No Template)](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/configuration/scaffoldings/queries/universedatamodel/universe_notemplateschema.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\toolkit\xml-configuration\configuration\scaffoldings\queries\universedatamodel\index.md +Context: +we see the following: + +![Universe (No Template)](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/configuration/scaffoldings/queries/universedatamodel/universe_notemplate.webp) + +We see here identifiers instead of display names due to `ColumnNamesMode` set to identifiers. +Original image link: ![Universe (No Template)](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/configuration/scaffoldings/queries/universedatamodel/universe_notemplate.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\toolkit\xml-configuration\configuration\scaffoldings\queries\universedatamodel\index.md +Context: +``` + +![Universe (Template Schema: Owned Resource Types)](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/configuration/scaffoldings/queries/universedatamodel/universe_ownedresourcetypesschema.webp) + +When getting Identity Manager data in +Original image link: ![Universe (Template Schema: Owned Resource Types)](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/configuration/scaffoldings/queries/universedatamodel/universe_ownedresourcetypesschema.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\toolkit\xml-configuration\configuration\scaffoldings\queries\universedatamodel\index.md +Context: +we see the following: + +![Universe (Template: Owned Resource Types)](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/configuration/scaffoldings/queries/universedatamodel/universe_ownedresourcetypes.webp) + +#### ResourceResourceTypes +Original image link: ![Universe (Template: Owned Resource Types)](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/configuration/scaffoldings/queries/universedatamodel/universe_ownedresourcetypes.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\toolkit\xml-configuration\configuration\scaffoldings\queries\universedatamodel\index.md +Context: +The configuration generated by this snippet is similar to the one for `OwnedResourceTypes`. + +![Universe (Template Schema: Resource Resource Types)](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/configuration/scaffoldings/queries/universedatamodel/universe_resourceresourcetypesschema.webp) + +When getting Identity Manager data in +Original image link: ![Universe (Template Schema: Resource Resource Types)](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/configuration/scaffoldings/queries/universedatamodel/universe_resourceresourcetypesschema.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\toolkit\xml-configuration\configuration\scaffoldings\queries\universedatamodel\index.md +Context: +we see the following: + +![Universe (Template: Resource Resource Types)](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/configuration/scaffoldings/queries/universedatamodel/universe_resourceresourcetypes.webp) + +#### Owned Single Roles +Original image link: ![Universe (Template: Resource Resource Types)](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/configuration/scaffoldings/queries/universedatamodel/universe_resourceresourcetypes.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\toolkit\xml-configuration\configuration\scaffoldings\queries\universedatamodel\index.md +Context: +``` + +![Universe (Template Schema: Owned Single Roles)](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/configuration/scaffoldings/queries/universedatamodel/universe_ownedsinglerolesschema.webp) + +When getting Identity Managerdata in +Original image link: ![Universe (Template Schema: Owned Single Roles)](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/configuration/scaffoldings/queries/universedatamodel/universe_ownedsinglerolesschema.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\toolkit\xml-configuration\configuration\scaffoldings\queries\universedatamodel\index.md +Context: +we see the following: + +![Universe (Template: Owned Single Roles)](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/configuration/scaffoldings/queries/universedatamodel/universe_ownedsingleroles.webp) + +#### Owned Composite Roles +Original image link: ![Universe (Template: Owned Single Roles)](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/configuration/scaffoldings/queries/universedatamodel/universe_ownedsingleroles.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\toolkit\xml-configuration\configuration\scaffoldings\queries\universedatamodel\index.md +Context: +The configuration generated by this snippet is similar to the one for `OwnedSingleRoles`. + +![Universe (Template Schema: Owned Composite Roles)](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/configuration/scaffoldings/queries/universedatamodel/universe_ownedcompositerolesschema.webp) + +When getting Identity Manager data in +Original image link: ![Universe (Template Schema: Owned Composite Roles)](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/configuration/scaffoldings/queries/universedatamodel/universe_ownedcompositerolesschema.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\toolkit\xml-configuration\configuration\scaffoldings\queries\universedatamodel\index.md +Context: +we see the following: + +![Universe (Template: Owned Composite Roles)](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/configuration/scaffoldings/queries/universedatamodel/universe_ownedcompositeroles.webp) + +## Mixed Example +Original image link: ![Universe (Template: Owned Composite Roles)](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/configuration/scaffoldings/queries/universedatamodel/universe_ownedcompositeroles.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\toolkit\xml-configuration\configuration\scaffoldings\queries\universedatamodel\index.md +Context: +we see the following: + +![Universe (Mixed Example)](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/configuration/scaffoldings/queries/universedatamodel/universe_mixedexample.webp) + +Original image link: ![Universe (Mixed Example)](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/configuration/scaffoldings/queries/universedatamodel/universe_mixedexample.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\toolkit\xml-configuration\configuration\scaffoldings\templates\connectorsaccesscontrolrules\index.md +Context: +Gives access to shortcuts on the dashboard to access these pages. + +![Connectors](/img/product_docs/identitymanager/saas/user-guide/set-up/synchronization/home_connectors_v602.webp) + +The scaffolding generates the following scaffoldings: +Original image link: ![Connectors](/img/product_docs/identitymanager/saas/user-guide/set-up/synchronization/home_connectors_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\toolkit\xml-configuration\connectors\resourcetypemappings\servicenowresourcetypemapping\index.md +Context: +Manager's perspective) are emphasized: + +![ServiceNow Ticket Example](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/connectors/resourcetypemappings/servicenowresourcetypemapping/servicenow_example.webp) + +## Examples +Original image link: ![ServiceNow Ticket Example](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/connectors/resourcetypemappings/servicenowresourcetypemapping/servicenow_example.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\toolkit\xml-configuration\metadata\settings\appdisplaysetting\index.md +Context: +Colors, logo and name customization: + +![AppDisplay - Basic Screen](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/metadata/settings/appdisplaysetting/appdisplaysetting_screen2_v603.webp) + +Display colors customization: +Original image link: ![AppDisplay - Basic Screen](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/metadata/settings/appdisplaysetting/appdisplaysetting_screen2_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\toolkit\xml-configuration\metadata\settings\appdisplaysetting\index.md +Context: +Display colors customization: + +![AppDisplay - Authentication](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/metadata/settings/appdisplaysetting/appdisplaysetting_screen1_v603.webp) + +### Disable counters +Original image link: ![AppDisplay - Authentication](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/metadata/settings/appdisplaysetting/appdisplaysetting_screen1_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\toolkit\xml-configuration\metadata\settings\appdisplaysetting\index.md +Context: +The following example disables the counters that are usually visible on the dashboard: + +![AppDisplay - Without Counters](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/metadata/settings/appdisplaysetting/appdisplaysetting_counters_v603.webp) + +Code attributes enclosed with `<>` need to be replaced with a custom value before entering the +Original image link: ![AppDisplay - Without Counters](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/metadata/settings/appdisplaysetting/appdisplaysetting_counters_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\toolkit\xml-configuration\metadata\settings\appdisplaysetting\index.md +Context: +``` + +![AppDisplay - Without Counters](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/metadata/settings/appdisplaysetting/appdisplaysetting_nocounters_v603.webp) + +### Features +Original image link: ![AppDisplay - Without Counters](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/metadata/settings/appdisplaysetting/appdisplaysetting_nocounters_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\toolkit\xml-configuration\metadata\settings\appdisplaysetting\index.md +Context: +Certification items while making the **More** button unavailable. + +![allowapprovingdenyingaccesscertificationitems](/img/product_docs/identitymanager/saas/user-guide/set-up/configure-global-settings/allowapprovingdenyingaccesscertificationitems.webp) + +The following example disables the **More** button that is usually visible on certification screen: +Original image link: ![allowapprovingdenyingaccesscertificationitems](/img/product_docs/identitymanager/saas/user-guide/set-up/configure-global-settings/allowapprovingdenyingaccesscertificationitems.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\toolkit\xml-configuration\metadata\settings\appdisplaysetting\index.md +Context: +the **More** button is disabled. + +![accesscertificationonlyapprovedeny-disabled](/img/product_docs/identitymanager/saas/user-guide/set-up/configure-global-settings/accesscertificationonlyapprovedeny-disabled.webp) + +See the +Original image link: ![accesscertificationonlyapprovedeny-disabled](/img/product_docs/identitymanager/saas/user-guide/set-up/configure-global-settings/accesscertificationonlyapprovedeny-disabled.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\toolkit\xml-configuration\provisioning\automationrule\index.md +Context: +| SingleRole optional | Int64 | Identifier of the single role targeted by the rule. | +| Type required | AutomationRuleType | Object type targeted by the rule. 0 - CompositeRole. 1 - SingleRole. 2 - ResourceType. 4 - Category. 5 - Policy. | +| WorkflowState default value: 0 | WorkflowState | Workflow state of the assignments targeted by the rule. `0` - **None**: used for Identity Manager's internal computation. `1` - **Non-conforming**: the assignment is not supported by a rule. ![Workflow State: Non-conforming](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/1_nonconforming_v603.webp) `3` - **Pre-existing**: the assignment is not supported by a rule, and it existed before the production launch. ![Workflow State: Pre-existing](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/3_preexisting_v603.webp) `4` - **Requested**: the assignment is requested via a workflow, but not yet added. **NOTE:** Usually displayed in workflows' summaries. ![Workflow State: Pending Approval - Requested](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/4_requested_v603.webp) `5` - **Calculated - Missing Parameters**: the assignment was done by a rule which does not specify at least one required parameter for the role. ![Workflow State: Calculated - Missing Parameters](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/5_calculatedmissingparameters_v603.webp) `8` - **Pending Approval**: the assignment must be reviewed manually by a knowledgeable user. ![Workflow State: Pending Approval](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/8_pendingapproval_v603.webp) `9` - **Pending Approval 1 of 2**: the assignment is pending the first approval on a two-step workflow. `10` - **Pending Approval 2 of 2**: the assignment is pending the second approval on a two-step workflow. `11` - **Pending Approval 1 of 3**: the assignment is pending the first approval on a three-step workflow. `12` - **Pending Approval 2 of 3**: the assignment is pending the second approval on a three-step workflow. `13` - **Pending Approval 3 of 3**: the assignment is pending the third approval on a three-step workflow. `16` - **Approved**: the assignment has completed all approval steps. ![Workflow State: Approved](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/16_approved_v603.webp) `17` - **Declined**: the assignment is explicitly declined during one of the approval steps. ![Workflow State: Declined](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/automationrule/17_declined_v603.webp) `18` - **Calculated**: the assignment is given by one of Identity Manager's rules. ![Workflow State: Calculated](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/automationrule/18_calculated_v603.webp) `19` - **Inactive**: the assignment has expired and is not yet removed. Does not appear in the UI. `20` - **Cancellation**: the assignment is inferred by a role that was declined. See the [ Reconcile a Property ](/docs/identitymanager/6.2/user-guide/administrate/non-conforming-assignment-review/property-reconciliation/index.md) topic for additional information. ![Workflow State: Cancellation](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/20_cancellation_v603.webp) `21` - **Suggested**: the assignment comes from a rule of type `Suggested` and appears among suggested permissions in the owner's permission basket. See the [Single Role Rule](/docs/identitymanager/6.2/integration-guide/toolkit/xml-configuration/provisioning/singlerolerule/index.md) topic for additional information. ![Workflow State: Suggested](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/automationrule/21_suggested_v603.webp) `22` - **Suggested**: the assignment comes from a rule of type `Automatic but with Validation` and appears among suggested permissions for a pre-existing user. See the [Single Role Rule](/docs/identitymanager/6.2/integration-guide/toolkit/xml-configuration/provisioning/singlerolerule/index.md) topic for additional information. _Remember,_ the states `21` and `22` are both displayed in the UI as **Suggested** but they do not mean the exact same thing. `23` - **Automatic but with Validation**: the assignment comes from a rule of type `Automatic but with Validation` and appears in a new user's permission basket. See the [Single Role Rule](/docs/identitymanager/6.2/integration-guide/toolkit/xml-configuration/provisioning/singlerolerule/index.md) topic for additional information. `24` - **Approved - Questioned**: the assignment was approved manually, then a change has been made in the assignment's source data via one of Identity Manager's workflows that should change the assignment but the manual approval is authoritative. See the [Resource Type](/docs/identitymanager/6.2/integration-guide/toolkit/xml-configuration/provisioning/resourcetype/index.md) topic for additional information. ![Workflow State: Approved - Questioned](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/automationrule/24_approvedquestioned_v603.webp) `25` - **Pending Approval - Risk**: the assignment must be reviewed due to a risk. ![Workflow State: Pending Approval (Risk)](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/automationrule/25_pendingapprovalrisk_v603.webp) `26` - **Blocked**: the assignment is blocked due to a risk of type `Blocking`. Does not appear in the UI. `27` - **Prolonged**: the assignment has expired but it was set with a grace period. See the [Single Role Rule](/docs/identitymanager/6.2/integration-guide/toolkit/xml-configuration/provisioning/singlerolerule/index.md) topic for additional information. ![Workflow State: Prolonged](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/automationrule/27_prolonged_v603.webp) `116` - **Approved - Risk**: the assignment is approved despite a risk. ![Workflow State: Approved (Risk)](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/16_approved_v603.webp) `118` - **Given by a Role**: the assignment comes from the assignment of a role. For example, when a user is assigned a SAP entitlement without having a SAP account, the account is created automatically with this state. ![Workflow State: Given by a Role](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/automationrule/118_givenbyarole_v603.webp) **Found** - Will match assignments not supported by a rule. ![Workflow State: Non-conforming](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/1_nonconforming_v603.webp) **Historic** - Will match assignments not supported by a rule, which existed before the production launch. ![Workflow State: Pre-existing](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/3_preexisting_v603.webp) | + +Original image link: ![Workflow State: Non-conforming](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/1_nonconforming_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\toolkit\xml-configuration\provisioning\automationrule\index.md +Context: +| SingleRole optional | Int64 | Identifier of the single role targeted by the rule. | +| Type required | AutomationRuleType | Object type targeted by the rule. 0 - CompositeRole. 1 - SingleRole. 2 - ResourceType. 4 - Category. 5 - Policy. | +| WorkflowState default value: 0 | WorkflowState | Workflow state of the assignments targeted by the rule. `0` - **None**: used for Identity Manager's internal computation. `1` - **Non-conforming**: the assignment is not supported by a rule. ![Workflow State: Non-conforming](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/1_nonconforming_v603.webp) `3` - **Pre-existing**: the assignment is not supported by a rule, and it existed before the production launch. ![Workflow State: Pre-existing](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/3_preexisting_v603.webp) `4` - **Requested**: the assignment is requested via a workflow, but not yet added. **NOTE:** Usually displayed in workflows' summaries. ![Workflow State: Pending Approval - Requested](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/4_requested_v603.webp) `5` - **Calculated - Missing Parameters**: the assignment was done by a rule which does not specify at least one required parameter for the role. ![Workflow State: Calculated - Missing Parameters](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/5_calculatedmissingparameters_v603.webp) `8` - **Pending Approval**: the assignment must be reviewed manually by a knowledgeable user. ![Workflow State: Pending Approval](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/8_pendingapproval_v603.webp) `9` - **Pending Approval 1 of 2**: the assignment is pending the first approval on a two-step workflow. `10` - **Pending Approval 2 of 2**: the assignment is pending the second approval on a two-step workflow. `11` - **Pending Approval 1 of 3**: the assignment is pending the first approval on a three-step workflow. `12` - **Pending Approval 2 of 3**: the assignment is pending the second approval on a three-step workflow. `13` - **Pending Approval 3 of 3**: the assignment is pending the third approval on a three-step workflow. `16` - **Approved**: the assignment has completed all approval steps. ![Workflow State: Approved](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/16_approved_v603.webp) `17` - **Declined**: the assignment is explicitly declined during one of the approval steps. ![Workflow State: Declined](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/automationrule/17_declined_v603.webp) `18` - **Calculated**: the assignment is given by one of Identity Manager's rules. ![Workflow State: Calculated](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/automationrule/18_calculated_v603.webp) `19` - **Inactive**: the assignment has expired and is not yet removed. Does not appear in the UI. `20` - **Cancellation**: the assignment is inferred by a role that was declined. See the [ Reconcile a Property ](/docs/identitymanager/6.2/user-guide/administrate/non-conforming-assignment-review/property-reconciliation/index.md) topic for additional information. ![Workflow State: Cancellation](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/20_cancellation_v603.webp) `21` - **Suggested**: the assignment comes from a rule of type `Suggested` and appears among suggested permissions in the owner's permission basket. See the [Single Role Rule](/docs/identitymanager/6.2/integration-guide/toolkit/xml-configuration/provisioning/singlerolerule/index.md) topic for additional information. ![Workflow State: Suggested](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/automationrule/21_suggested_v603.webp) `22` - **Suggested**: the assignment comes from a rule of type `Automatic but with Validation` and appears among suggested permissions for a pre-existing user. See the [Single Role Rule](/docs/identitymanager/6.2/integration-guide/toolkit/xml-configuration/provisioning/singlerolerule/index.md) topic for additional information. _Remember,_ the states `21` and `22` are both displayed in the UI as **Suggested** but they do not mean the exact same thing. `23` - **Automatic but with Validation**: the assignment comes from a rule of type `Automatic but with Validation` and appears in a new user's permission basket. See the [Single Role Rule](/docs/identitymanager/6.2/integration-guide/toolkit/xml-configuration/provisioning/singlerolerule/index.md) topic for additional information. `24` - **Approved - Questioned**: the assignment was approved manually, then a change has been made in the assignment's source data via one of Identity Manager's workflows that should change the assignment but the manual approval is authoritative. See the [Resource Type](/docs/identitymanager/6.2/integration-guide/toolkit/xml-configuration/provisioning/resourcetype/index.md) topic for additional information. ![Workflow State: Approved - Questioned](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/automationrule/24_approvedquestioned_v603.webp) `25` - **Pending Approval - Risk**: the assignment must be reviewed due to a risk. ![Workflow State: Pending Approval (Risk)](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/automationrule/25_pendingapprovalrisk_v603.webp) `26` - **Blocked**: the assignment is blocked due to a risk of type `Blocking`. Does not appear in the UI. `27` - **Prolonged**: the assignment has expired but it was set with a grace period. See the [Single Role Rule](/docs/identitymanager/6.2/integration-guide/toolkit/xml-configuration/provisioning/singlerolerule/index.md) topic for additional information. ![Workflow State: Prolonged](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/automationrule/27_prolonged_v603.webp) `116` - **Approved - Risk**: the assignment is approved despite a risk. ![Workflow State: Approved (Risk)](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/16_approved_v603.webp) `118` - **Given by a Role**: the assignment comes from the assignment of a role. For example, when a user is assigned a SAP entitlement without having a SAP account, the account is created automatically with this state. ![Workflow State: Given by a Role](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/automationrule/118_givenbyarole_v603.webp) **Found** - Will match assignments not supported by a rule. ![Workflow State: Non-conforming](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/1_nonconforming_v603.webp) **Historic** - Will match assignments not supported by a rule, which existed before the production launch. ![Workflow State: Pre-existing](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/3_preexisting_v603.webp) | + +Original image link: ![Workflow State: Pre-existing](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/3_preexisting_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\toolkit\xml-configuration\provisioning\automationrule\index.md +Context: +| SingleRole optional | Int64 | Identifier of the single role targeted by the rule. | +| Type required | AutomationRuleType | Object type targeted by the rule. 0 - CompositeRole. 1 - SingleRole. 2 - ResourceType. 4 - Category. 5 - Policy. | +| WorkflowState default value: 0 | WorkflowState | Workflow state of the assignments targeted by the rule. `0` - **None**: used for Identity Manager's internal computation. `1` - **Non-conforming**: the assignment is not supported by a rule. ![Workflow State: Non-conforming](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/1_nonconforming_v603.webp) `3` - **Pre-existing**: the assignment is not supported by a rule, and it existed before the production launch. ![Workflow State: Pre-existing](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/3_preexisting_v603.webp) `4` - **Requested**: the assignment is requested via a workflow, but not yet added. **NOTE:** Usually displayed in workflows' summaries. ![Workflow State: Pending Approval - Requested](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/4_requested_v603.webp) `5` - **Calculated - Missing Parameters**: the assignment was done by a rule which does not specify at least one required parameter for the role. ![Workflow State: Calculated - Missing Parameters](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/5_calculatedmissingparameters_v603.webp) `8` - **Pending Approval**: the assignment must be reviewed manually by a knowledgeable user. ![Workflow State: Pending Approval](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/8_pendingapproval_v603.webp) `9` - **Pending Approval 1 of 2**: the assignment is pending the first approval on a two-step workflow. `10` - **Pending Approval 2 of 2**: the assignment is pending the second approval on a two-step workflow. `11` - **Pending Approval 1 of 3**: the assignment is pending the first approval on a three-step workflow. `12` - **Pending Approval 2 of 3**: the assignment is pending the second approval on a three-step workflow. `13` - **Pending Approval 3 of 3**: the assignment is pending the third approval on a three-step workflow. `16` - **Approved**: the assignment has completed all approval steps. ![Workflow State: Approved](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/16_approved_v603.webp) `17` - **Declined**: the assignment is explicitly declined during one of the approval steps. ![Workflow State: Declined](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/automationrule/17_declined_v603.webp) `18` - **Calculated**: the assignment is given by one of Identity Manager's rules. ![Workflow State: Calculated](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/automationrule/18_calculated_v603.webp) `19` - **Inactive**: the assignment has expired and is not yet removed. Does not appear in the UI. `20` - **Cancellation**: the assignment is inferred by a role that was declined. See the [ Reconcile a Property ](/docs/identitymanager/6.2/user-guide/administrate/non-conforming-assignment-review/property-reconciliation/index.md) topic for additional information. ![Workflow State: Cancellation](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/20_cancellation_v603.webp) `21` - **Suggested**: the assignment comes from a rule of type `Suggested` and appears among suggested permissions in the owner's permission basket. See the [Single Role Rule](/docs/identitymanager/6.2/integration-guide/toolkit/xml-configuration/provisioning/singlerolerule/index.md) topic for additional information. ![Workflow State: Suggested](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/automationrule/21_suggested_v603.webp) `22` - **Suggested**: the assignment comes from a rule of type `Automatic but with Validation` and appears among suggested permissions for a pre-existing user. See the [Single Role Rule](/docs/identitymanager/6.2/integration-guide/toolkit/xml-configuration/provisioning/singlerolerule/index.md) topic for additional information. _Remember,_ the states `21` and `22` are both displayed in the UI as **Suggested** but they do not mean the exact same thing. `23` - **Automatic but with Validation**: the assignment comes from a rule of type `Automatic but with Validation` and appears in a new user's permission basket. See the [Single Role Rule](/docs/identitymanager/6.2/integration-guide/toolkit/xml-configuration/provisioning/singlerolerule/index.md) topic for additional information. `24` - **Approved - Questioned**: the assignment was approved manually, then a change has been made in the assignment's source data via one of Identity Manager's workflows that should change the assignment but the manual approval is authoritative. See the [Resource Type](/docs/identitymanager/6.2/integration-guide/toolkit/xml-configuration/provisioning/resourcetype/index.md) topic for additional information. ![Workflow State: Approved - Questioned](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/automationrule/24_approvedquestioned_v603.webp) `25` - **Pending Approval - Risk**: the assignment must be reviewed due to a risk. ![Workflow State: Pending Approval (Risk)](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/automationrule/25_pendingapprovalrisk_v603.webp) `26` - **Blocked**: the assignment is blocked due to a risk of type `Blocking`. Does not appear in the UI. `27` - **Prolonged**: the assignment has expired but it was set with a grace period. See the [Single Role Rule](/docs/identitymanager/6.2/integration-guide/toolkit/xml-configuration/provisioning/singlerolerule/index.md) topic for additional information. ![Workflow State: Prolonged](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/automationrule/27_prolonged_v603.webp) `116` - **Approved - Risk**: the assignment is approved despite a risk. ![Workflow State: Approved (Risk)](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/16_approved_v603.webp) `118` - **Given by a Role**: the assignment comes from the assignment of a role. For example, when a user is assigned a SAP entitlement without having a SAP account, the account is created automatically with this state. ![Workflow State: Given by a Role](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/automationrule/118_givenbyarole_v603.webp) **Found** - Will match assignments not supported by a rule. ![Workflow State: Non-conforming](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/1_nonconforming_v603.webp) **Historic** - Will match assignments not supported by a rule, which existed before the production launch. ![Workflow State: Pre-existing](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/3_preexisting_v603.webp) | + +Original image link: ![Workflow State: Pending Approval - Requested](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/4_requested_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\toolkit\xml-configuration\provisioning\automationrule\index.md +Context: +| SingleRole optional | Int64 | Identifier of the single role targeted by the rule. | +| Type required | AutomationRuleType | Object type targeted by the rule. 0 - CompositeRole. 1 - SingleRole. 2 - ResourceType. 4 - Category. 5 - Policy. | +| WorkflowState default value: 0 | WorkflowState | Workflow state of the assignments targeted by the rule. `0` - **None**: used for Identity Manager's internal computation. `1` - **Non-conforming**: the assignment is not supported by a rule. ![Workflow State: Non-conforming](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/1_nonconforming_v603.webp) `3` - **Pre-existing**: the assignment is not supported by a rule, and it existed before the production launch. ![Workflow State: Pre-existing](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/3_preexisting_v603.webp) `4` - **Requested**: the assignment is requested via a workflow, but not yet added. **NOTE:** Usually displayed in workflows' summaries. ![Workflow State: Pending Approval - Requested](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/4_requested_v603.webp) `5` - **Calculated - Missing Parameters**: the assignment was done by a rule which does not specify at least one required parameter for the role. ![Workflow State: Calculated - Missing Parameters](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/5_calculatedmissingparameters_v603.webp) `8` - **Pending Approval**: the assignment must be reviewed manually by a knowledgeable user. ![Workflow State: Pending Approval](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/8_pendingapproval_v603.webp) `9` - **Pending Approval 1 of 2**: the assignment is pending the first approval on a two-step workflow. `10` - **Pending Approval 2 of 2**: the assignment is pending the second approval on a two-step workflow. `11` - **Pending Approval 1 of 3**: the assignment is pending the first approval on a three-step workflow. `12` - **Pending Approval 2 of 3**: the assignment is pending the second approval on a three-step workflow. `13` - **Pending Approval 3 of 3**: the assignment is pending the third approval on a three-step workflow. `16` - **Approved**: the assignment has completed all approval steps. ![Workflow State: Approved](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/16_approved_v603.webp) `17` - **Declined**: the assignment is explicitly declined during one of the approval steps. ![Workflow State: Declined](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/automationrule/17_declined_v603.webp) `18` - **Calculated**: the assignment is given by one of Identity Manager's rules. ![Workflow State: Calculated](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/automationrule/18_calculated_v603.webp) `19` - **Inactive**: the assignment has expired and is not yet removed. Does not appear in the UI. `20` - **Cancellation**: the assignment is inferred by a role that was declined. See the [ Reconcile a Property ](/docs/identitymanager/6.2/user-guide/administrate/non-conforming-assignment-review/property-reconciliation/index.md) topic for additional information. ![Workflow State: Cancellation](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/20_cancellation_v603.webp) `21` - **Suggested**: the assignment comes from a rule of type `Suggested` and appears among suggested permissions in the owner's permission basket. See the [Single Role Rule](/docs/identitymanager/6.2/integration-guide/toolkit/xml-configuration/provisioning/singlerolerule/index.md) topic for additional information. ![Workflow State: Suggested](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/automationrule/21_suggested_v603.webp) `22` - **Suggested**: the assignment comes from a rule of type `Automatic but with Validation` and appears among suggested permissions for a pre-existing user. See the [Single Role Rule](/docs/identitymanager/6.2/integration-guide/toolkit/xml-configuration/provisioning/singlerolerule/index.md) topic for additional information. _Remember,_ the states `21` and `22` are both displayed in the UI as **Suggested** but they do not mean the exact same thing. `23` - **Automatic but with Validation**: the assignment comes from a rule of type `Automatic but with Validation` and appears in a new user's permission basket. See the [Single Role Rule](/docs/identitymanager/6.2/integration-guide/toolkit/xml-configuration/provisioning/singlerolerule/index.md) topic for additional information. `24` - **Approved - Questioned**: the assignment was approved manually, then a change has been made in the assignment's source data via one of Identity Manager's workflows that should change the assignment but the manual approval is authoritative. See the [Resource Type](/docs/identitymanager/6.2/integration-guide/toolkit/xml-configuration/provisioning/resourcetype/index.md) topic for additional information. ![Workflow State: Approved - Questioned](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/automationrule/24_approvedquestioned_v603.webp) `25` - **Pending Approval - Risk**: the assignment must be reviewed due to a risk. ![Workflow State: Pending Approval (Risk)](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/automationrule/25_pendingapprovalrisk_v603.webp) `26` - **Blocked**: the assignment is blocked due to a risk of type `Blocking`. Does not appear in the UI. `27` - **Prolonged**: the assignment has expired but it was set with a grace period. See the [Single Role Rule](/docs/identitymanager/6.2/integration-guide/toolkit/xml-configuration/provisioning/singlerolerule/index.md) topic for additional information. ![Workflow State: Prolonged](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/automationrule/27_prolonged_v603.webp) `116` - **Approved - Risk**: the assignment is approved despite a risk. ![Workflow State: Approved (Risk)](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/16_approved_v603.webp) `118` - **Given by a Role**: the assignment comes from the assignment of a role. For example, when a user is assigned a SAP entitlement without having a SAP account, the account is created automatically with this state. ![Workflow State: Given by a Role](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/automationrule/118_givenbyarole_v603.webp) **Found** - Will match assignments not supported by a rule. ![Workflow State: Non-conforming](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/1_nonconforming_v603.webp) **Historic** - Will match assignments not supported by a rule, which existed before the production launch. ![Workflow State: Pre-existing](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/3_preexisting_v603.webp) | + +Original image link: ![Workflow State: Calculated - Missing Parameters](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/5_calculatedmissingparameters_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\toolkit\xml-configuration\provisioning\automationrule\index.md +Context: +| SingleRole optional | Int64 | Identifier of the single role targeted by the rule. | +| Type required | AutomationRuleType | Object type targeted by the rule. 0 - CompositeRole. 1 - SingleRole. 2 - ResourceType. 4 - Category. 5 - Policy. | +| WorkflowState default value: 0 | WorkflowState | Workflow state of the assignments targeted by the rule. `0` - **None**: used for Identity Manager's internal computation. `1` - **Non-conforming**: the assignment is not supported by a rule. ![Workflow State: Non-conforming](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/1_nonconforming_v603.webp) `3` - **Pre-existing**: the assignment is not supported by a rule, and it existed before the production launch. ![Workflow State: Pre-existing](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/3_preexisting_v603.webp) `4` - **Requested**: the assignment is requested via a workflow, but not yet added. **NOTE:** Usually displayed in workflows' summaries. ![Workflow State: Pending Approval - Requested](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/4_requested_v603.webp) `5` - **Calculated - Missing Parameters**: the assignment was done by a rule which does not specify at least one required parameter for the role. ![Workflow State: Calculated - Missing Parameters](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/5_calculatedmissingparameters_v603.webp) `8` - **Pending Approval**: the assignment must be reviewed manually by a knowledgeable user. ![Workflow State: Pending Approval](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/8_pendingapproval_v603.webp) `9` - **Pending Approval 1 of 2**: the assignment is pending the first approval on a two-step workflow. `10` - **Pending Approval 2 of 2**: the assignment is pending the second approval on a two-step workflow. `11` - **Pending Approval 1 of 3**: the assignment is pending the first approval on a three-step workflow. `12` - **Pending Approval 2 of 3**: the assignment is pending the second approval on a three-step workflow. `13` - **Pending Approval 3 of 3**: the assignment is pending the third approval on a three-step workflow. `16` - **Approved**: the assignment has completed all approval steps. ![Workflow State: Approved](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/16_approved_v603.webp) `17` - **Declined**: the assignment is explicitly declined during one of the approval steps. ![Workflow State: Declined](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/automationrule/17_declined_v603.webp) `18` - **Calculated**: the assignment is given by one of Identity Manager's rules. ![Workflow State: Calculated](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/automationrule/18_calculated_v603.webp) `19` - **Inactive**: the assignment has expired and is not yet removed. Does not appear in the UI. `20` - **Cancellation**: the assignment is inferred by a role that was declined. See the [ Reconcile a Property ](/docs/identitymanager/6.2/user-guide/administrate/non-conforming-assignment-review/property-reconciliation/index.md) topic for additional information. ![Workflow State: Cancellation](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/20_cancellation_v603.webp) `21` - **Suggested**: the assignment comes from a rule of type `Suggested` and appears among suggested permissions in the owner's permission basket. See the [Single Role Rule](/docs/identitymanager/6.2/integration-guide/toolkit/xml-configuration/provisioning/singlerolerule/index.md) topic for additional information. ![Workflow State: Suggested](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/automationrule/21_suggested_v603.webp) `22` - **Suggested**: the assignment comes from a rule of type `Automatic but with Validation` and appears among suggested permissions for a pre-existing user. See the [Single Role Rule](/docs/identitymanager/6.2/integration-guide/toolkit/xml-configuration/provisioning/singlerolerule/index.md) topic for additional information. _Remember,_ the states `21` and `22` are both displayed in the UI as **Suggested** but they do not mean the exact same thing. `23` - **Automatic but with Validation**: the assignment comes from a rule of type `Automatic but with Validation` and appears in a new user's permission basket. See the [Single Role Rule](/docs/identitymanager/6.2/integration-guide/toolkit/xml-configuration/provisioning/singlerolerule/index.md) topic for additional information. `24` - **Approved - Questioned**: the assignment was approved manually, then a change has been made in the assignment's source data via one of Identity Manager's workflows that should change the assignment but the manual approval is authoritative. See the [Resource Type](/docs/identitymanager/6.2/integration-guide/toolkit/xml-configuration/provisioning/resourcetype/index.md) topic for additional information. ![Workflow State: Approved - Questioned](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/automationrule/24_approvedquestioned_v603.webp) `25` - **Pending Approval - Risk**: the assignment must be reviewed due to a risk. ![Workflow State: Pending Approval (Risk)](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/automationrule/25_pendingapprovalrisk_v603.webp) `26` - **Blocked**: the assignment is blocked due to a risk of type `Blocking`. Does not appear in the UI. `27` - **Prolonged**: the assignment has expired but it was set with a grace period. See the [Single Role Rule](/docs/identitymanager/6.2/integration-guide/toolkit/xml-configuration/provisioning/singlerolerule/index.md) topic for additional information. ![Workflow State: Prolonged](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/automationrule/27_prolonged_v603.webp) `116` - **Approved - Risk**: the assignment is approved despite a risk. ![Workflow State: Approved (Risk)](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/16_approved_v603.webp) `118` - **Given by a Role**: the assignment comes from the assignment of a role. For example, when a user is assigned a SAP entitlement without having a SAP account, the account is created automatically with this state. ![Workflow State: Given by a Role](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/automationrule/118_givenbyarole_v603.webp) **Found** - Will match assignments not supported by a rule. ![Workflow State: Non-conforming](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/1_nonconforming_v603.webp) **Historic** - Will match assignments not supported by a rule, which existed before the production launch. ![Workflow State: Pre-existing](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/3_preexisting_v603.webp) | + +Original image link: ![Workflow State: Pending Approval](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/8_pendingapproval_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\toolkit\xml-configuration\provisioning\automationrule\index.md +Context: +| SingleRole optional | Int64 | Identifier of the single role targeted by the rule. | +| Type required | AutomationRuleType | Object type targeted by the rule. 0 - CompositeRole. 1 - SingleRole. 2 - ResourceType. 4 - Category. 5 - Policy. | +| WorkflowState default value: 0 | WorkflowState | Workflow state of the assignments targeted by the rule. `0` - **None**: used for Identity Manager's internal computation. `1` - **Non-conforming**: the assignment is not supported by a rule. ![Workflow State: Non-conforming](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/1_nonconforming_v603.webp) `3` - **Pre-existing**: the assignment is not supported by a rule, and it existed before the production launch. ![Workflow State: Pre-existing](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/3_preexisting_v603.webp) `4` - **Requested**: the assignment is requested via a workflow, but not yet added. **NOTE:** Usually displayed in workflows' summaries. ![Workflow State: Pending Approval - Requested](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/4_requested_v603.webp) `5` - **Calculated - Missing Parameters**: the assignment was done by a rule which does not specify at least one required parameter for the role. ![Workflow State: Calculated - Missing Parameters](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/5_calculatedmissingparameters_v603.webp) `8` - **Pending Approval**: the assignment must be reviewed manually by a knowledgeable user. ![Workflow State: Pending Approval](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/8_pendingapproval_v603.webp) `9` - **Pending Approval 1 of 2**: the assignment is pending the first approval on a two-step workflow. `10` - **Pending Approval 2 of 2**: the assignment is pending the second approval on a two-step workflow. `11` - **Pending Approval 1 of 3**: the assignment is pending the first approval on a three-step workflow. `12` - **Pending Approval 2 of 3**: the assignment is pending the second approval on a three-step workflow. `13` - **Pending Approval 3 of 3**: the assignment is pending the third approval on a three-step workflow. `16` - **Approved**: the assignment has completed all approval steps. ![Workflow State: Approved](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/16_approved_v603.webp) `17` - **Declined**: the assignment is explicitly declined during one of the approval steps. ![Workflow State: Declined](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/automationrule/17_declined_v603.webp) `18` - **Calculated**: the assignment is given by one of Identity Manager's rules. ![Workflow State: Calculated](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/automationrule/18_calculated_v603.webp) `19` - **Inactive**: the assignment has expired and is not yet removed. Does not appear in the UI. `20` - **Cancellation**: the assignment is inferred by a role that was declined. See the [ Reconcile a Property ](/docs/identitymanager/6.2/user-guide/administrate/non-conforming-assignment-review/property-reconciliation/index.md) topic for additional information. ![Workflow State: Cancellation](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/20_cancellation_v603.webp) `21` - **Suggested**: the assignment comes from a rule of type `Suggested` and appears among suggested permissions in the owner's permission basket. See the [Single Role Rule](/docs/identitymanager/6.2/integration-guide/toolkit/xml-configuration/provisioning/singlerolerule/index.md) topic for additional information. ![Workflow State: Suggested](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/automationrule/21_suggested_v603.webp) `22` - **Suggested**: the assignment comes from a rule of type `Automatic but with Validation` and appears among suggested permissions for a pre-existing user. See the [Single Role Rule](/docs/identitymanager/6.2/integration-guide/toolkit/xml-configuration/provisioning/singlerolerule/index.md) topic for additional information. _Remember,_ the states `21` and `22` are both displayed in the UI as **Suggested** but they do not mean the exact same thing. `23` - **Automatic but with Validation**: the assignment comes from a rule of type `Automatic but with Validation` and appears in a new user's permission basket. See the [Single Role Rule](/docs/identitymanager/6.2/integration-guide/toolkit/xml-configuration/provisioning/singlerolerule/index.md) topic for additional information. `24` - **Approved - Questioned**: the assignment was approved manually, then a change has been made in the assignment's source data via one of Identity Manager's workflows that should change the assignment but the manual approval is authoritative. See the [Resource Type](/docs/identitymanager/6.2/integration-guide/toolkit/xml-configuration/provisioning/resourcetype/index.md) topic for additional information. ![Workflow State: Approved - Questioned](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/automationrule/24_approvedquestioned_v603.webp) `25` - **Pending Approval - Risk**: the assignment must be reviewed due to a risk. ![Workflow State: Pending Approval (Risk)](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/automationrule/25_pendingapprovalrisk_v603.webp) `26` - **Blocked**: the assignment is blocked due to a risk of type `Blocking`. Does not appear in the UI. `27` - **Prolonged**: the assignment has expired but it was set with a grace period. See the [Single Role Rule](/docs/identitymanager/6.2/integration-guide/toolkit/xml-configuration/provisioning/singlerolerule/index.md) topic for additional information. ![Workflow State: Prolonged](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/automationrule/27_prolonged_v603.webp) `116` - **Approved - Risk**: the assignment is approved despite a risk. ![Workflow State: Approved (Risk)](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/16_approved_v603.webp) `118` - **Given by a Role**: the assignment comes from the assignment of a role. For example, when a user is assigned a SAP entitlement without having a SAP account, the account is created automatically with this state. ![Workflow State: Given by a Role](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/automationrule/118_givenbyarole_v603.webp) **Found** - Will match assignments not supported by a rule. ![Workflow State: Non-conforming](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/1_nonconforming_v603.webp) **Historic** - Will match assignments not supported by a rule, which existed before the production launch. ![Workflow State: Pre-existing](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/3_preexisting_v603.webp) | + +Original image link: ![Workflow State: Approved](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/16_approved_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\toolkit\xml-configuration\provisioning\automationrule\index.md +Context: +| SingleRole optional | Int64 | Identifier of the single role targeted by the rule. | +| Type required | AutomationRuleType | Object type targeted by the rule. 0 - CompositeRole. 1 - SingleRole. 2 - ResourceType. 4 - Category. 5 - Policy. | +| WorkflowState default value: 0 | WorkflowState | Workflow state of the assignments targeted by the rule. `0` - **None**: used for Identity Manager's internal computation. `1` - **Non-conforming**: the assignment is not supported by a rule. ![Workflow State: Non-conforming](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/1_nonconforming_v603.webp) `3` - **Pre-existing**: the assignment is not supported by a rule, and it existed before the production launch. ![Workflow State: Pre-existing](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/3_preexisting_v603.webp) `4` - **Requested**: the assignment is requested via a workflow, but not yet added. **NOTE:** Usually displayed in workflows' summaries. ![Workflow State: Pending Approval - Requested](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/4_requested_v603.webp) `5` - **Calculated - Missing Parameters**: the assignment was done by a rule which does not specify at least one required parameter for the role. ![Workflow State: Calculated - Missing Parameters](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/5_calculatedmissingparameters_v603.webp) `8` - **Pending Approval**: the assignment must be reviewed manually by a knowledgeable user. ![Workflow State: Pending Approval](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/8_pendingapproval_v603.webp) `9` - **Pending Approval 1 of 2**: the assignment is pending the first approval on a two-step workflow. `10` - **Pending Approval 2 of 2**: the assignment is pending the second approval on a two-step workflow. `11` - **Pending Approval 1 of 3**: the assignment is pending the first approval on a three-step workflow. `12` - **Pending Approval 2 of 3**: the assignment is pending the second approval on a three-step workflow. `13` - **Pending Approval 3 of 3**: the assignment is pending the third approval on a three-step workflow. `16` - **Approved**: the assignment has completed all approval steps. ![Workflow State: Approved](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/16_approved_v603.webp) `17` - **Declined**: the assignment is explicitly declined during one of the approval steps. ![Workflow State: Declined](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/automationrule/17_declined_v603.webp) `18` - **Calculated**: the assignment is given by one of Identity Manager's rules. ![Workflow State: Calculated](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/automationrule/18_calculated_v603.webp) `19` - **Inactive**: the assignment has expired and is not yet removed. Does not appear in the UI. `20` - **Cancellation**: the assignment is inferred by a role that was declined. See the [ Reconcile a Property ](/docs/identitymanager/6.2/user-guide/administrate/non-conforming-assignment-review/property-reconciliation/index.md) topic for additional information. ![Workflow State: Cancellation](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/20_cancellation_v603.webp) `21` - **Suggested**: the assignment comes from a rule of type `Suggested` and appears among suggested permissions in the owner's permission basket. See the [Single Role Rule](/docs/identitymanager/6.2/integration-guide/toolkit/xml-configuration/provisioning/singlerolerule/index.md) topic for additional information. ![Workflow State: Suggested](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/automationrule/21_suggested_v603.webp) `22` - **Suggested**: the assignment comes from a rule of type `Automatic but with Validation` and appears among suggested permissions for a pre-existing user. See the [Single Role Rule](/docs/identitymanager/6.2/integration-guide/toolkit/xml-configuration/provisioning/singlerolerule/index.md) topic for additional information. _Remember,_ the states `21` and `22` are both displayed in the UI as **Suggested** but they do not mean the exact same thing. `23` - **Automatic but with Validation**: the assignment comes from a rule of type `Automatic but with Validation` and appears in a new user's permission basket. See the [Single Role Rule](/docs/identitymanager/6.2/integration-guide/toolkit/xml-configuration/provisioning/singlerolerule/index.md) topic for additional information. `24` - **Approved - Questioned**: the assignment was approved manually, then a change has been made in the assignment's source data via one of Identity Manager's workflows that should change the assignment but the manual approval is authoritative. See the [Resource Type](/docs/identitymanager/6.2/integration-guide/toolkit/xml-configuration/provisioning/resourcetype/index.md) topic for additional information. ![Workflow State: Approved - Questioned](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/automationrule/24_approvedquestioned_v603.webp) `25` - **Pending Approval - Risk**: the assignment must be reviewed due to a risk. ![Workflow State: Pending Approval (Risk)](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/automationrule/25_pendingapprovalrisk_v603.webp) `26` - **Blocked**: the assignment is blocked due to a risk of type `Blocking`. Does not appear in the UI. `27` - **Prolonged**: the assignment has expired but it was set with a grace period. See the [Single Role Rule](/docs/identitymanager/6.2/integration-guide/toolkit/xml-configuration/provisioning/singlerolerule/index.md) topic for additional information. ![Workflow State: Prolonged](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/automationrule/27_prolonged_v603.webp) `116` - **Approved - Risk**: the assignment is approved despite a risk. ![Workflow State: Approved (Risk)](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/16_approved_v603.webp) `118` - **Given by a Role**: the assignment comes from the assignment of a role. For example, when a user is assigned a SAP entitlement without having a SAP account, the account is created automatically with this state. ![Workflow State: Given by a Role](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/automationrule/118_givenbyarole_v603.webp) **Found** - Will match assignments not supported by a rule. ![Workflow State: Non-conforming](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/1_nonconforming_v603.webp) **Historic** - Will match assignments not supported by a rule, which existed before the production launch. ![Workflow State: Pre-existing](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/3_preexisting_v603.webp) | + +Original image link: ![Workflow State: Declined](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/automationrule/17_declined_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\toolkit\xml-configuration\provisioning\automationrule\index.md +Context: +| SingleRole optional | Int64 | Identifier of the single role targeted by the rule. | +| Type required | AutomationRuleType | Object type targeted by the rule. 0 - CompositeRole. 1 - SingleRole. 2 - ResourceType. 4 - Category. 5 - Policy. | +| WorkflowState default value: 0 | WorkflowState | Workflow state of the assignments targeted by the rule. `0` - **None**: used for Identity Manager's internal computation. `1` - **Non-conforming**: the assignment is not supported by a rule. ![Workflow State: Non-conforming](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/1_nonconforming_v603.webp) `3` - **Pre-existing**: the assignment is not supported by a rule, and it existed before the production launch. ![Workflow State: Pre-existing](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/3_preexisting_v603.webp) `4` - **Requested**: the assignment is requested via a workflow, but not yet added. **NOTE:** Usually displayed in workflows' summaries. ![Workflow State: Pending Approval - Requested](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/4_requested_v603.webp) `5` - **Calculated - Missing Parameters**: the assignment was done by a rule which does not specify at least one required parameter for the role. ![Workflow State: Calculated - Missing Parameters](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/5_calculatedmissingparameters_v603.webp) `8` - **Pending Approval**: the assignment must be reviewed manually by a knowledgeable user. ![Workflow State: Pending Approval](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/8_pendingapproval_v603.webp) `9` - **Pending Approval 1 of 2**: the assignment is pending the first approval on a two-step workflow. `10` - **Pending Approval 2 of 2**: the assignment is pending the second approval on a two-step workflow. `11` - **Pending Approval 1 of 3**: the assignment is pending the first approval on a three-step workflow. `12` - **Pending Approval 2 of 3**: the assignment is pending the second approval on a three-step workflow. `13` - **Pending Approval 3 of 3**: the assignment is pending the third approval on a three-step workflow. `16` - **Approved**: the assignment has completed all approval steps. ![Workflow State: Approved](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/16_approved_v603.webp) `17` - **Declined**: the assignment is explicitly declined during one of the approval steps. ![Workflow State: Declined](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/automationrule/17_declined_v603.webp) `18` - **Calculated**: the assignment is given by one of Identity Manager's rules. ![Workflow State: Calculated](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/automationrule/18_calculated_v603.webp) `19` - **Inactive**: the assignment has expired and is not yet removed. Does not appear in the UI. `20` - **Cancellation**: the assignment is inferred by a role that was declined. See the [ Reconcile a Property ](/docs/identitymanager/6.2/user-guide/administrate/non-conforming-assignment-review/property-reconciliation/index.md) topic for additional information. ![Workflow State: Cancellation](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/20_cancellation_v603.webp) `21` - **Suggested**: the assignment comes from a rule of type `Suggested` and appears among suggested permissions in the owner's permission basket. See the [Single Role Rule](/docs/identitymanager/6.2/integration-guide/toolkit/xml-configuration/provisioning/singlerolerule/index.md) topic for additional information. ![Workflow State: Suggested](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/automationrule/21_suggested_v603.webp) `22` - **Suggested**: the assignment comes from a rule of type `Automatic but with Validation` and appears among suggested permissions for a pre-existing user. See the [Single Role Rule](/docs/identitymanager/6.2/integration-guide/toolkit/xml-configuration/provisioning/singlerolerule/index.md) topic for additional information. _Remember,_ the states `21` and `22` are both displayed in the UI as **Suggested** but they do not mean the exact same thing. `23` - **Automatic but with Validation**: the assignment comes from a rule of type `Automatic but with Validation` and appears in a new user's permission basket. See the [Single Role Rule](/docs/identitymanager/6.2/integration-guide/toolkit/xml-configuration/provisioning/singlerolerule/index.md) topic for additional information. `24` - **Approved - Questioned**: the assignment was approved manually, then a change has been made in the assignment's source data via one of Identity Manager's workflows that should change the assignment but the manual approval is authoritative. See the [Resource Type](/docs/identitymanager/6.2/integration-guide/toolkit/xml-configuration/provisioning/resourcetype/index.md) topic for additional information. ![Workflow State: Approved - Questioned](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/automationrule/24_approvedquestioned_v603.webp) `25` - **Pending Approval - Risk**: the assignment must be reviewed due to a risk. ![Workflow State: Pending Approval (Risk)](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/automationrule/25_pendingapprovalrisk_v603.webp) `26` - **Blocked**: the assignment is blocked due to a risk of type `Blocking`. Does not appear in the UI. `27` - **Prolonged**: the assignment has expired but it was set with a grace period. See the [Single Role Rule](/docs/identitymanager/6.2/integration-guide/toolkit/xml-configuration/provisioning/singlerolerule/index.md) topic for additional information. ![Workflow State: Prolonged](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/automationrule/27_prolonged_v603.webp) `116` - **Approved - Risk**: the assignment is approved despite a risk. ![Workflow State: Approved (Risk)](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/16_approved_v603.webp) `118` - **Given by a Role**: the assignment comes from the assignment of a role. For example, when a user is assigned a SAP entitlement without having a SAP account, the account is created automatically with this state. ![Workflow State: Given by a Role](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/automationrule/118_givenbyarole_v603.webp) **Found** - Will match assignments not supported by a rule. ![Workflow State: Non-conforming](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/1_nonconforming_v603.webp) **Historic** - Will match assignments not supported by a rule, which existed before the production launch. ![Workflow State: Pre-existing](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/3_preexisting_v603.webp) | + +Original image link: ![Workflow State: Calculated](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/automationrule/18_calculated_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\toolkit\xml-configuration\provisioning\automationrule\index.md +Context: +| SingleRole optional | Int64 | Identifier of the single role targeted by the rule. | +| Type required | AutomationRuleType | Object type targeted by the rule. 0 - CompositeRole. 1 - SingleRole. 2 - ResourceType. 4 - Category. 5 - Policy. | +| WorkflowState default value: 0 | WorkflowState | Workflow state of the assignments targeted by the rule. `0` - **None**: used for Identity Manager's internal computation. `1` - **Non-conforming**: the assignment is not supported by a rule. ![Workflow State: Non-conforming](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/1_nonconforming_v603.webp) `3` - **Pre-existing**: the assignment is not supported by a rule, and it existed before the production launch. ![Workflow State: Pre-existing](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/3_preexisting_v603.webp) `4` - **Requested**: the assignment is requested via a workflow, but not yet added. **NOTE:** Usually displayed in workflows' summaries. ![Workflow State: Pending Approval - Requested](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/4_requested_v603.webp) `5` - **Calculated - Missing Parameters**: the assignment was done by a rule which does not specify at least one required parameter for the role. ![Workflow State: Calculated - Missing Parameters](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/5_calculatedmissingparameters_v603.webp) `8` - **Pending Approval**: the assignment must be reviewed manually by a knowledgeable user. ![Workflow State: Pending Approval](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/8_pendingapproval_v603.webp) `9` - **Pending Approval 1 of 2**: the assignment is pending the first approval on a two-step workflow. `10` - **Pending Approval 2 of 2**: the assignment is pending the second approval on a two-step workflow. `11` - **Pending Approval 1 of 3**: the assignment is pending the first approval on a three-step workflow. `12` - **Pending Approval 2 of 3**: the assignment is pending the second approval on a three-step workflow. `13` - **Pending Approval 3 of 3**: the assignment is pending the third approval on a three-step workflow. `16` - **Approved**: the assignment has completed all approval steps. ![Workflow State: Approved](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/16_approved_v603.webp) `17` - **Declined**: the assignment is explicitly declined during one of the approval steps. ![Workflow State: Declined](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/automationrule/17_declined_v603.webp) `18` - **Calculated**: the assignment is given by one of Identity Manager's rules. ![Workflow State: Calculated](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/automationrule/18_calculated_v603.webp) `19` - **Inactive**: the assignment has expired and is not yet removed. Does not appear in the UI. `20` - **Cancellation**: the assignment is inferred by a role that was declined. See the [ Reconcile a Property ](/docs/identitymanager/6.2/user-guide/administrate/non-conforming-assignment-review/property-reconciliation/index.md) topic for additional information. ![Workflow State: Cancellation](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/20_cancellation_v603.webp) `21` - **Suggested**: the assignment comes from a rule of type `Suggested` and appears among suggested permissions in the owner's permission basket. See the [Single Role Rule](/docs/identitymanager/6.2/integration-guide/toolkit/xml-configuration/provisioning/singlerolerule/index.md) topic for additional information. ![Workflow State: Suggested](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/automationrule/21_suggested_v603.webp) `22` - **Suggested**: the assignment comes from a rule of type `Automatic but with Validation` and appears among suggested permissions for a pre-existing user. See the [Single Role Rule](/docs/identitymanager/6.2/integration-guide/toolkit/xml-configuration/provisioning/singlerolerule/index.md) topic for additional information. _Remember,_ the states `21` and `22` are both displayed in the UI as **Suggested** but they do not mean the exact same thing. `23` - **Automatic but with Validation**: the assignment comes from a rule of type `Automatic but with Validation` and appears in a new user's permission basket. See the [Single Role Rule](/docs/identitymanager/6.2/integration-guide/toolkit/xml-configuration/provisioning/singlerolerule/index.md) topic for additional information. `24` - **Approved - Questioned**: the assignment was approved manually, then a change has been made in the assignment's source data via one of Identity Manager's workflows that should change the assignment but the manual approval is authoritative. See the [Resource Type](/docs/identitymanager/6.2/integration-guide/toolkit/xml-configuration/provisioning/resourcetype/index.md) topic for additional information. ![Workflow State: Approved - Questioned](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/automationrule/24_approvedquestioned_v603.webp) `25` - **Pending Approval - Risk**: the assignment must be reviewed due to a risk. ![Workflow State: Pending Approval (Risk)](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/automationrule/25_pendingapprovalrisk_v603.webp) `26` - **Blocked**: the assignment is blocked due to a risk of type `Blocking`. Does not appear in the UI. `27` - **Prolonged**: the assignment has expired but it was set with a grace period. See the [Single Role Rule](/docs/identitymanager/6.2/integration-guide/toolkit/xml-configuration/provisioning/singlerolerule/index.md) topic for additional information. ![Workflow State: Prolonged](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/automationrule/27_prolonged_v603.webp) `116` - **Approved - Risk**: the assignment is approved despite a risk. ![Workflow State: Approved (Risk)](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/16_approved_v603.webp) `118` - **Given by a Role**: the assignment comes from the assignment of a role. For example, when a user is assigned a SAP entitlement without having a SAP account, the account is created automatically with this state. ![Workflow State: Given by a Role](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/automationrule/118_givenbyarole_v603.webp) **Found** - Will match assignments not supported by a rule. ![Workflow State: Non-conforming](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/1_nonconforming_v603.webp) **Historic** - Will match assignments not supported by a rule, which existed before the production launch. ![Workflow State: Pre-existing](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/3_preexisting_v603.webp) | + +Original image link: ![Workflow State: Cancellation](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/20_cancellation_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\toolkit\xml-configuration\provisioning\automationrule\index.md +Context: +| SingleRole optional | Int64 | Identifier of the single role targeted by the rule. | +| Type required | AutomationRuleType | Object type targeted by the rule. 0 - CompositeRole. 1 - SingleRole. 2 - ResourceType. 4 - Category. 5 - Policy. | +| WorkflowState default value: 0 | WorkflowState | Workflow state of the assignments targeted by the rule. `0` - **None**: used for Identity Manager's internal computation. `1` - **Non-conforming**: the assignment is not supported by a rule. ![Workflow State: Non-conforming](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/1_nonconforming_v603.webp) `3` - **Pre-existing**: the assignment is not supported by a rule, and it existed before the production launch. ![Workflow State: Pre-existing](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/3_preexisting_v603.webp) `4` - **Requested**: the assignment is requested via a workflow, but not yet added. **NOTE:** Usually displayed in workflows' summaries. ![Workflow State: Pending Approval - Requested](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/4_requested_v603.webp) `5` - **Calculated - Missing Parameters**: the assignment was done by a rule which does not specify at least one required parameter for the role. ![Workflow State: Calculated - Missing Parameters](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/5_calculatedmissingparameters_v603.webp) `8` - **Pending Approval**: the assignment must be reviewed manually by a knowledgeable user. ![Workflow State: Pending Approval](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/8_pendingapproval_v603.webp) `9` - **Pending Approval 1 of 2**: the assignment is pending the first approval on a two-step workflow. `10` - **Pending Approval 2 of 2**: the assignment is pending the second approval on a two-step workflow. `11` - **Pending Approval 1 of 3**: the assignment is pending the first approval on a three-step workflow. `12` - **Pending Approval 2 of 3**: the assignment is pending the second approval on a three-step workflow. `13` - **Pending Approval 3 of 3**: the assignment is pending the third approval on a three-step workflow. `16` - **Approved**: the assignment has completed all approval steps. ![Workflow State: Approved](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/16_approved_v603.webp) `17` - **Declined**: the assignment is explicitly declined during one of the approval steps. ![Workflow State: Declined](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/automationrule/17_declined_v603.webp) `18` - **Calculated**: the assignment is given by one of Identity Manager's rules. ![Workflow State: Calculated](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/automationrule/18_calculated_v603.webp) `19` - **Inactive**: the assignment has expired and is not yet removed. Does not appear in the UI. `20` - **Cancellation**: the assignment is inferred by a role that was declined. See the [ Reconcile a Property ](/docs/identitymanager/6.2/user-guide/administrate/non-conforming-assignment-review/property-reconciliation/index.md) topic for additional information. ![Workflow State: Cancellation](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/20_cancellation_v603.webp) `21` - **Suggested**: the assignment comes from a rule of type `Suggested` and appears among suggested permissions in the owner's permission basket. See the [Single Role Rule](/docs/identitymanager/6.2/integration-guide/toolkit/xml-configuration/provisioning/singlerolerule/index.md) topic for additional information. ![Workflow State: Suggested](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/automationrule/21_suggested_v603.webp) `22` - **Suggested**: the assignment comes from a rule of type `Automatic but with Validation` and appears among suggested permissions for a pre-existing user. See the [Single Role Rule](/docs/identitymanager/6.2/integration-guide/toolkit/xml-configuration/provisioning/singlerolerule/index.md) topic for additional information. _Remember,_ the states `21` and `22` are both displayed in the UI as **Suggested** but they do not mean the exact same thing. `23` - **Automatic but with Validation**: the assignment comes from a rule of type `Automatic but with Validation` and appears in a new user's permission basket. See the [Single Role Rule](/docs/identitymanager/6.2/integration-guide/toolkit/xml-configuration/provisioning/singlerolerule/index.md) topic for additional information. `24` - **Approved - Questioned**: the assignment was approved manually, then a change has been made in the assignment's source data via one of Identity Manager's workflows that should change the assignment but the manual approval is authoritative. See the [Resource Type](/docs/identitymanager/6.2/integration-guide/toolkit/xml-configuration/provisioning/resourcetype/index.md) topic for additional information. ![Workflow State: Approved - Questioned](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/automationrule/24_approvedquestioned_v603.webp) `25` - **Pending Approval - Risk**: the assignment must be reviewed due to a risk. ![Workflow State: Pending Approval (Risk)](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/automationrule/25_pendingapprovalrisk_v603.webp) `26` - **Blocked**: the assignment is blocked due to a risk of type `Blocking`. Does not appear in the UI. `27` - **Prolonged**: the assignment has expired but it was set with a grace period. See the [Single Role Rule](/docs/identitymanager/6.2/integration-guide/toolkit/xml-configuration/provisioning/singlerolerule/index.md) topic for additional information. ![Workflow State: Prolonged](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/automationrule/27_prolonged_v603.webp) `116` - **Approved - Risk**: the assignment is approved despite a risk. ![Workflow State: Approved (Risk)](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/16_approved_v603.webp) `118` - **Given by a Role**: the assignment comes from the assignment of a role. For example, when a user is assigned a SAP entitlement without having a SAP account, the account is created automatically with this state. ![Workflow State: Given by a Role](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/automationrule/118_givenbyarole_v603.webp) **Found** - Will match assignments not supported by a rule. ![Workflow State: Non-conforming](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/1_nonconforming_v603.webp) **Historic** - Will match assignments not supported by a rule, which existed before the production launch. ![Workflow State: Pre-existing](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/3_preexisting_v603.webp) | + +Original image link: ![Workflow State: Suggested](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/automationrule/21_suggested_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\toolkit\xml-configuration\provisioning\automationrule\index.md +Context: +| SingleRole optional | Int64 | Identifier of the single role targeted by the rule. | +| Type required | AutomationRuleType | Object type targeted by the rule. 0 - CompositeRole. 1 - SingleRole. 2 - ResourceType. 4 - Category. 5 - Policy. | +| WorkflowState default value: 0 | WorkflowState | Workflow state of the assignments targeted by the rule. `0` - **None**: used for Identity Manager's internal computation. `1` - **Non-conforming**: the assignment is not supported by a rule. ![Workflow State: Non-conforming](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/1_nonconforming_v603.webp) `3` - **Pre-existing**: the assignment is not supported by a rule, and it existed before the production launch. ![Workflow State: Pre-existing](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/3_preexisting_v603.webp) `4` - **Requested**: the assignment is requested via a workflow, but not yet added. **NOTE:** Usually displayed in workflows' summaries. ![Workflow State: Pending Approval - Requested](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/4_requested_v603.webp) `5` - **Calculated - Missing Parameters**: the assignment was done by a rule which does not specify at least one required parameter for the role. ![Workflow State: Calculated - Missing Parameters](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/5_calculatedmissingparameters_v603.webp) `8` - **Pending Approval**: the assignment must be reviewed manually by a knowledgeable user. ![Workflow State: Pending Approval](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/8_pendingapproval_v603.webp) `9` - **Pending Approval 1 of 2**: the assignment is pending the first approval on a two-step workflow. `10` - **Pending Approval 2 of 2**: the assignment is pending the second approval on a two-step workflow. `11` - **Pending Approval 1 of 3**: the assignment is pending the first approval on a three-step workflow. `12` - **Pending Approval 2 of 3**: the assignment is pending the second approval on a three-step workflow. `13` - **Pending Approval 3 of 3**: the assignment is pending the third approval on a three-step workflow. `16` - **Approved**: the assignment has completed all approval steps. ![Workflow State: Approved](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/16_approved_v603.webp) `17` - **Declined**: the assignment is explicitly declined during one of the approval steps. ![Workflow State: Declined](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/automationrule/17_declined_v603.webp) `18` - **Calculated**: the assignment is given by one of Identity Manager's rules. ![Workflow State: Calculated](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/automationrule/18_calculated_v603.webp) `19` - **Inactive**: the assignment has expired and is not yet removed. Does not appear in the UI. `20` - **Cancellation**: the assignment is inferred by a role that was declined. See the [ Reconcile a Property ](/docs/identitymanager/6.2/user-guide/administrate/non-conforming-assignment-review/property-reconciliation/index.md) topic for additional information. ![Workflow State: Cancellation](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/20_cancellation_v603.webp) `21` - **Suggested**: the assignment comes from a rule of type `Suggested` and appears among suggested permissions in the owner's permission basket. See the [Single Role Rule](/docs/identitymanager/6.2/integration-guide/toolkit/xml-configuration/provisioning/singlerolerule/index.md) topic for additional information. ![Workflow State: Suggested](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/automationrule/21_suggested_v603.webp) `22` - **Suggested**: the assignment comes from a rule of type `Automatic but with Validation` and appears among suggested permissions for a pre-existing user. See the [Single Role Rule](/docs/identitymanager/6.2/integration-guide/toolkit/xml-configuration/provisioning/singlerolerule/index.md) topic for additional information. _Remember,_ the states `21` and `22` are both displayed in the UI as **Suggested** but they do not mean the exact same thing. `23` - **Automatic but with Validation**: the assignment comes from a rule of type `Automatic but with Validation` and appears in a new user's permission basket. See the [Single Role Rule](/docs/identitymanager/6.2/integration-guide/toolkit/xml-configuration/provisioning/singlerolerule/index.md) topic for additional information. `24` - **Approved - Questioned**: the assignment was approved manually, then a change has been made in the assignment's source data via one of Identity Manager's workflows that should change the assignment but the manual approval is authoritative. See the [Resource Type](/docs/identitymanager/6.2/integration-guide/toolkit/xml-configuration/provisioning/resourcetype/index.md) topic for additional information. ![Workflow State: Approved - Questioned](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/automationrule/24_approvedquestioned_v603.webp) `25` - **Pending Approval - Risk**: the assignment must be reviewed due to a risk. ![Workflow State: Pending Approval (Risk)](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/automationrule/25_pendingapprovalrisk_v603.webp) `26` - **Blocked**: the assignment is blocked due to a risk of type `Blocking`. Does not appear in the UI. `27` - **Prolonged**: the assignment has expired but it was set with a grace period. See the [Single Role Rule](/docs/identitymanager/6.2/integration-guide/toolkit/xml-configuration/provisioning/singlerolerule/index.md) topic for additional information. ![Workflow State: Prolonged](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/automationrule/27_prolonged_v603.webp) `116` - **Approved - Risk**: the assignment is approved despite a risk. ![Workflow State: Approved (Risk)](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/16_approved_v603.webp) `118` - **Given by a Role**: the assignment comes from the assignment of a role. For example, when a user is assigned a SAP entitlement without having a SAP account, the account is created automatically with this state. ![Workflow State: Given by a Role](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/automationrule/118_givenbyarole_v603.webp) **Found** - Will match assignments not supported by a rule. ![Workflow State: Non-conforming](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/1_nonconforming_v603.webp) **Historic** - Will match assignments not supported by a rule, which existed before the production launch. ![Workflow State: Pre-existing](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/3_preexisting_v603.webp) | + +Original image link: ![Workflow State: Approved - Questioned](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/automationrule/24_approvedquestioned_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\toolkit\xml-configuration\provisioning\automationrule\index.md +Context: +| SingleRole optional | Int64 | Identifier of the single role targeted by the rule. | +| Type required | AutomationRuleType | Object type targeted by the rule. 0 - CompositeRole. 1 - SingleRole. 2 - ResourceType. 4 - Category. 5 - Policy. | +| WorkflowState default value: 0 | WorkflowState | Workflow state of the assignments targeted by the rule. `0` - **None**: used for Identity Manager's internal computation. `1` - **Non-conforming**: the assignment is not supported by a rule. ![Workflow State: Non-conforming](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/1_nonconforming_v603.webp) `3` - **Pre-existing**: the assignment is not supported by a rule, and it existed before the production launch. ![Workflow State: Pre-existing](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/3_preexisting_v603.webp) `4` - **Requested**: the assignment is requested via a workflow, but not yet added. **NOTE:** Usually displayed in workflows' summaries. ![Workflow State: Pending Approval - Requested](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/4_requested_v603.webp) `5` - **Calculated - Missing Parameters**: the assignment was done by a rule which does not specify at least one required parameter for the role. ![Workflow State: Calculated - Missing Parameters](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/5_calculatedmissingparameters_v603.webp) `8` - **Pending Approval**: the assignment must be reviewed manually by a knowledgeable user. ![Workflow State: Pending Approval](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/8_pendingapproval_v603.webp) `9` - **Pending Approval 1 of 2**: the assignment is pending the first approval on a two-step workflow. `10` - **Pending Approval 2 of 2**: the assignment is pending the second approval on a two-step workflow. `11` - **Pending Approval 1 of 3**: the assignment is pending the first approval on a three-step workflow. `12` - **Pending Approval 2 of 3**: the assignment is pending the second approval on a three-step workflow. `13` - **Pending Approval 3 of 3**: the assignment is pending the third approval on a three-step workflow. `16` - **Approved**: the assignment has completed all approval steps. ![Workflow State: Approved](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/16_approved_v603.webp) `17` - **Declined**: the assignment is explicitly declined during one of the approval steps. ![Workflow State: Declined](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/automationrule/17_declined_v603.webp) `18` - **Calculated**: the assignment is given by one of Identity Manager's rules. ![Workflow State: Calculated](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/automationrule/18_calculated_v603.webp) `19` - **Inactive**: the assignment has expired and is not yet removed. Does not appear in the UI. `20` - **Cancellation**: the assignment is inferred by a role that was declined. See the [ Reconcile a Property ](/docs/identitymanager/6.2/user-guide/administrate/non-conforming-assignment-review/property-reconciliation/index.md) topic for additional information. ![Workflow State: Cancellation](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/20_cancellation_v603.webp) `21` - **Suggested**: the assignment comes from a rule of type `Suggested` and appears among suggested permissions in the owner's permission basket. See the [Single Role Rule](/docs/identitymanager/6.2/integration-guide/toolkit/xml-configuration/provisioning/singlerolerule/index.md) topic for additional information. ![Workflow State: Suggested](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/automationrule/21_suggested_v603.webp) `22` - **Suggested**: the assignment comes from a rule of type `Automatic but with Validation` and appears among suggested permissions for a pre-existing user. See the [Single Role Rule](/docs/identitymanager/6.2/integration-guide/toolkit/xml-configuration/provisioning/singlerolerule/index.md) topic for additional information. _Remember,_ the states `21` and `22` are both displayed in the UI as **Suggested** but they do not mean the exact same thing. `23` - **Automatic but with Validation**: the assignment comes from a rule of type `Automatic but with Validation` and appears in a new user's permission basket. See the [Single Role Rule](/docs/identitymanager/6.2/integration-guide/toolkit/xml-configuration/provisioning/singlerolerule/index.md) topic for additional information. `24` - **Approved - Questioned**: the assignment was approved manually, then a change has been made in the assignment's source data via one of Identity Manager's workflows that should change the assignment but the manual approval is authoritative. See the [Resource Type](/docs/identitymanager/6.2/integration-guide/toolkit/xml-configuration/provisioning/resourcetype/index.md) topic for additional information. ![Workflow State: Approved - Questioned](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/automationrule/24_approvedquestioned_v603.webp) `25` - **Pending Approval - Risk**: the assignment must be reviewed due to a risk. ![Workflow State: Pending Approval (Risk)](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/automationrule/25_pendingapprovalrisk_v603.webp) `26` - **Blocked**: the assignment is blocked due to a risk of type `Blocking`. Does not appear in the UI. `27` - **Prolonged**: the assignment has expired but it was set with a grace period. See the [Single Role Rule](/docs/identitymanager/6.2/integration-guide/toolkit/xml-configuration/provisioning/singlerolerule/index.md) topic for additional information. ![Workflow State: Prolonged](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/automationrule/27_prolonged_v603.webp) `116` - **Approved - Risk**: the assignment is approved despite a risk. ![Workflow State: Approved (Risk)](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/16_approved_v603.webp) `118` - **Given by a Role**: the assignment comes from the assignment of a role. For example, when a user is assigned a SAP entitlement without having a SAP account, the account is created automatically with this state. ![Workflow State: Given by a Role](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/automationrule/118_givenbyarole_v603.webp) **Found** - Will match assignments not supported by a rule. ![Workflow State: Non-conforming](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/1_nonconforming_v603.webp) **Historic** - Will match assignments not supported by a rule, which existed before the production launch. ![Workflow State: Pre-existing](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/3_preexisting_v603.webp) | + +Original image link: ![Workflow State: Pending Approval (Risk)](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/automationrule/25_pendingapprovalrisk_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\toolkit\xml-configuration\provisioning\automationrule\index.md +Context: +| SingleRole optional | Int64 | Identifier of the single role targeted by the rule. | +| Type required | AutomationRuleType | Object type targeted by the rule. 0 - CompositeRole. 1 - SingleRole. 2 - ResourceType. 4 - Category. 5 - Policy. | +| WorkflowState default value: 0 | WorkflowState | Workflow state of the assignments targeted by the rule. `0` - **None**: used for Identity Manager's internal computation. `1` - **Non-conforming**: the assignment is not supported by a rule. ![Workflow State: Non-conforming](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/1_nonconforming_v603.webp) `3` - **Pre-existing**: the assignment is not supported by a rule, and it existed before the production launch. ![Workflow State: Pre-existing](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/3_preexisting_v603.webp) `4` - **Requested**: the assignment is requested via a workflow, but not yet added. **NOTE:** Usually displayed in workflows' summaries. ![Workflow State: Pending Approval - Requested](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/4_requested_v603.webp) `5` - **Calculated - Missing Parameters**: the assignment was done by a rule which does not specify at least one required parameter for the role. ![Workflow State: Calculated - Missing Parameters](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/5_calculatedmissingparameters_v603.webp) `8` - **Pending Approval**: the assignment must be reviewed manually by a knowledgeable user. ![Workflow State: Pending Approval](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/8_pendingapproval_v603.webp) `9` - **Pending Approval 1 of 2**: the assignment is pending the first approval on a two-step workflow. `10` - **Pending Approval 2 of 2**: the assignment is pending the second approval on a two-step workflow. `11` - **Pending Approval 1 of 3**: the assignment is pending the first approval on a three-step workflow. `12` - **Pending Approval 2 of 3**: the assignment is pending the second approval on a three-step workflow. `13` - **Pending Approval 3 of 3**: the assignment is pending the third approval on a three-step workflow. `16` - **Approved**: the assignment has completed all approval steps. ![Workflow State: Approved](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/16_approved_v603.webp) `17` - **Declined**: the assignment is explicitly declined during one of the approval steps. ![Workflow State: Declined](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/automationrule/17_declined_v603.webp) `18` - **Calculated**: the assignment is given by one of Identity Manager's rules. ![Workflow State: Calculated](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/automationrule/18_calculated_v603.webp) `19` - **Inactive**: the assignment has expired and is not yet removed. Does not appear in the UI. `20` - **Cancellation**: the assignment is inferred by a role that was declined. See the [ Reconcile a Property ](/docs/identitymanager/6.2/user-guide/administrate/non-conforming-assignment-review/property-reconciliation/index.md) topic for additional information. ![Workflow State: Cancellation](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/20_cancellation_v603.webp) `21` - **Suggested**: the assignment comes from a rule of type `Suggested` and appears among suggested permissions in the owner's permission basket. See the [Single Role Rule](/docs/identitymanager/6.2/integration-guide/toolkit/xml-configuration/provisioning/singlerolerule/index.md) topic for additional information. ![Workflow State: Suggested](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/automationrule/21_suggested_v603.webp) `22` - **Suggested**: the assignment comes from a rule of type `Automatic but with Validation` and appears among suggested permissions for a pre-existing user. See the [Single Role Rule](/docs/identitymanager/6.2/integration-guide/toolkit/xml-configuration/provisioning/singlerolerule/index.md) topic for additional information. _Remember,_ the states `21` and `22` are both displayed in the UI as **Suggested** but they do not mean the exact same thing. `23` - **Automatic but with Validation**: the assignment comes from a rule of type `Automatic but with Validation` and appears in a new user's permission basket. See the [Single Role Rule](/docs/identitymanager/6.2/integration-guide/toolkit/xml-configuration/provisioning/singlerolerule/index.md) topic for additional information. `24` - **Approved - Questioned**: the assignment was approved manually, then a change has been made in the assignment's source data via one of Identity Manager's workflows that should change the assignment but the manual approval is authoritative. See the [Resource Type](/docs/identitymanager/6.2/integration-guide/toolkit/xml-configuration/provisioning/resourcetype/index.md) topic for additional information. ![Workflow State: Approved - Questioned](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/automationrule/24_approvedquestioned_v603.webp) `25` - **Pending Approval - Risk**: the assignment must be reviewed due to a risk. ![Workflow State: Pending Approval (Risk)](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/automationrule/25_pendingapprovalrisk_v603.webp) `26` - **Blocked**: the assignment is blocked due to a risk of type `Blocking`. Does not appear in the UI. `27` - **Prolonged**: the assignment has expired but it was set with a grace period. See the [Single Role Rule](/docs/identitymanager/6.2/integration-guide/toolkit/xml-configuration/provisioning/singlerolerule/index.md) topic for additional information. ![Workflow State: Prolonged](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/automationrule/27_prolonged_v603.webp) `116` - **Approved - Risk**: the assignment is approved despite a risk. ![Workflow State: Approved (Risk)](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/16_approved_v603.webp) `118` - **Given by a Role**: the assignment comes from the assignment of a role. For example, when a user is assigned a SAP entitlement without having a SAP account, the account is created automatically with this state. ![Workflow State: Given by a Role](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/automationrule/118_givenbyarole_v603.webp) **Found** - Will match assignments not supported by a rule. ![Workflow State: Non-conforming](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/1_nonconforming_v603.webp) **Historic** - Will match assignments not supported by a rule, which existed before the production launch. ![Workflow State: Pre-existing](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/3_preexisting_v603.webp) | + +Original image link: ![Workflow State: Prolonged](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/automationrule/27_prolonged_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\toolkit\xml-configuration\provisioning\automationrule\index.md +Context: +| SingleRole optional | Int64 | Identifier of the single role targeted by the rule. | +| Type required | AutomationRuleType | Object type targeted by the rule. 0 - CompositeRole. 1 - SingleRole. 2 - ResourceType. 4 - Category. 5 - Policy. | +| WorkflowState default value: 0 | WorkflowState | Workflow state of the assignments targeted by the rule. `0` - **None**: used for Identity Manager's internal computation. `1` - **Non-conforming**: the assignment is not supported by a rule. ![Workflow State: Non-conforming](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/1_nonconforming_v603.webp) `3` - **Pre-existing**: the assignment is not supported by a rule, and it existed before the production launch. ![Workflow State: Pre-existing](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/3_preexisting_v603.webp) `4` - **Requested**: the assignment is requested via a workflow, but not yet added. **NOTE:** Usually displayed in workflows' summaries. ![Workflow State: Pending Approval - Requested](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/4_requested_v603.webp) `5` - **Calculated - Missing Parameters**: the assignment was done by a rule which does not specify at least one required parameter for the role. ![Workflow State: Calculated - Missing Parameters](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/5_calculatedmissingparameters_v603.webp) `8` - **Pending Approval**: the assignment must be reviewed manually by a knowledgeable user. ![Workflow State: Pending Approval](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/8_pendingapproval_v603.webp) `9` - **Pending Approval 1 of 2**: the assignment is pending the first approval on a two-step workflow. `10` - **Pending Approval 2 of 2**: the assignment is pending the second approval on a two-step workflow. `11` - **Pending Approval 1 of 3**: the assignment is pending the first approval on a three-step workflow. `12` - **Pending Approval 2 of 3**: the assignment is pending the second approval on a three-step workflow. `13` - **Pending Approval 3 of 3**: the assignment is pending the third approval on a three-step workflow. `16` - **Approved**: the assignment has completed all approval steps. ![Workflow State: Approved](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/16_approved_v603.webp) `17` - **Declined**: the assignment is explicitly declined during one of the approval steps. ![Workflow State: Declined](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/automationrule/17_declined_v603.webp) `18` - **Calculated**: the assignment is given by one of Identity Manager's rules. ![Workflow State: Calculated](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/automationrule/18_calculated_v603.webp) `19` - **Inactive**: the assignment has expired and is not yet removed. Does not appear in the UI. `20` - **Cancellation**: the assignment is inferred by a role that was declined. See the [ Reconcile a Property ](/docs/identitymanager/6.2/user-guide/administrate/non-conforming-assignment-review/property-reconciliation/index.md) topic for additional information. ![Workflow State: Cancellation](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/20_cancellation_v603.webp) `21` - **Suggested**: the assignment comes from a rule of type `Suggested` and appears among suggested permissions in the owner's permission basket. See the [Single Role Rule](/docs/identitymanager/6.2/integration-guide/toolkit/xml-configuration/provisioning/singlerolerule/index.md) topic for additional information. ![Workflow State: Suggested](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/automationrule/21_suggested_v603.webp) `22` - **Suggested**: the assignment comes from a rule of type `Automatic but with Validation` and appears among suggested permissions for a pre-existing user. See the [Single Role Rule](/docs/identitymanager/6.2/integration-guide/toolkit/xml-configuration/provisioning/singlerolerule/index.md) topic for additional information. _Remember,_ the states `21` and `22` are both displayed in the UI as **Suggested** but they do not mean the exact same thing. `23` - **Automatic but with Validation**: the assignment comes from a rule of type `Automatic but with Validation` and appears in a new user's permission basket. See the [Single Role Rule](/docs/identitymanager/6.2/integration-guide/toolkit/xml-configuration/provisioning/singlerolerule/index.md) topic for additional information. `24` - **Approved - Questioned**: the assignment was approved manually, then a change has been made in the assignment's source data via one of Identity Manager's workflows that should change the assignment but the manual approval is authoritative. See the [Resource Type](/docs/identitymanager/6.2/integration-guide/toolkit/xml-configuration/provisioning/resourcetype/index.md) topic for additional information. ![Workflow State: Approved - Questioned](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/automationrule/24_approvedquestioned_v603.webp) `25` - **Pending Approval - Risk**: the assignment must be reviewed due to a risk. ![Workflow State: Pending Approval (Risk)](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/automationrule/25_pendingapprovalrisk_v603.webp) `26` - **Blocked**: the assignment is blocked due to a risk of type `Blocking`. Does not appear in the UI. `27` - **Prolonged**: the assignment has expired but it was set with a grace period. See the [Single Role Rule](/docs/identitymanager/6.2/integration-guide/toolkit/xml-configuration/provisioning/singlerolerule/index.md) topic for additional information. ![Workflow State: Prolonged](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/automationrule/27_prolonged_v603.webp) `116` - **Approved - Risk**: the assignment is approved despite a risk. ![Workflow State: Approved (Risk)](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/16_approved_v603.webp) `118` - **Given by a Role**: the assignment comes from the assignment of a role. For example, when a user is assigned a SAP entitlement without having a SAP account, the account is created automatically with this state. ![Workflow State: Given by a Role](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/automationrule/118_givenbyarole_v603.webp) **Found** - Will match assignments not supported by a rule. ![Workflow State: Non-conforming](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/1_nonconforming_v603.webp) **Historic** - Will match assignments not supported by a rule, which existed before the production launch. ![Workflow State: Pre-existing](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/3_preexisting_v603.webp) | + +Original image link: ![Workflow State: Approved (Risk)](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/16_approved_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\toolkit\xml-configuration\provisioning\automationrule\index.md +Context: +| SingleRole optional | Int64 | Identifier of the single role targeted by the rule. | +| Type required | AutomationRuleType | Object type targeted by the rule. 0 - CompositeRole. 1 - SingleRole. 2 - ResourceType. 4 - Category. 5 - Policy. | +| WorkflowState default value: 0 | WorkflowState | Workflow state of the assignments targeted by the rule. `0` - **None**: used for Identity Manager's internal computation. `1` - **Non-conforming**: the assignment is not supported by a rule. ![Workflow State: Non-conforming](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/1_nonconforming_v603.webp) `3` - **Pre-existing**: the assignment is not supported by a rule, and it existed before the production launch. ![Workflow State: Pre-existing](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/3_preexisting_v603.webp) `4` - **Requested**: the assignment is requested via a workflow, but not yet added. **NOTE:** Usually displayed in workflows' summaries. ![Workflow State: Pending Approval - Requested](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/4_requested_v603.webp) `5` - **Calculated - Missing Parameters**: the assignment was done by a rule which does not specify at least one required parameter for the role. ![Workflow State: Calculated - Missing Parameters](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/5_calculatedmissingparameters_v603.webp) `8` - **Pending Approval**: the assignment must be reviewed manually by a knowledgeable user. ![Workflow State: Pending Approval](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/8_pendingapproval_v603.webp) `9` - **Pending Approval 1 of 2**: the assignment is pending the first approval on a two-step workflow. `10` - **Pending Approval 2 of 2**: the assignment is pending the second approval on a two-step workflow. `11` - **Pending Approval 1 of 3**: the assignment is pending the first approval on a three-step workflow. `12` - **Pending Approval 2 of 3**: the assignment is pending the second approval on a three-step workflow. `13` - **Pending Approval 3 of 3**: the assignment is pending the third approval on a three-step workflow. `16` - **Approved**: the assignment has completed all approval steps. ![Workflow State: Approved](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/16_approved_v603.webp) `17` - **Declined**: the assignment is explicitly declined during one of the approval steps. ![Workflow State: Declined](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/automationrule/17_declined_v603.webp) `18` - **Calculated**: the assignment is given by one of Identity Manager's rules. ![Workflow State: Calculated](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/automationrule/18_calculated_v603.webp) `19` - **Inactive**: the assignment has expired and is not yet removed. Does not appear in the UI. `20` - **Cancellation**: the assignment is inferred by a role that was declined. See the [ Reconcile a Property ](/docs/identitymanager/6.2/user-guide/administrate/non-conforming-assignment-review/property-reconciliation/index.md) topic for additional information. ![Workflow State: Cancellation](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/20_cancellation_v603.webp) `21` - **Suggested**: the assignment comes from a rule of type `Suggested` and appears among suggested permissions in the owner's permission basket. See the [Single Role Rule](/docs/identitymanager/6.2/integration-guide/toolkit/xml-configuration/provisioning/singlerolerule/index.md) topic for additional information. ![Workflow State: Suggested](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/automationrule/21_suggested_v603.webp) `22` - **Suggested**: the assignment comes from a rule of type `Automatic but with Validation` and appears among suggested permissions for a pre-existing user. See the [Single Role Rule](/docs/identitymanager/6.2/integration-guide/toolkit/xml-configuration/provisioning/singlerolerule/index.md) topic for additional information. _Remember,_ the states `21` and `22` are both displayed in the UI as **Suggested** but they do not mean the exact same thing. `23` - **Automatic but with Validation**: the assignment comes from a rule of type `Automatic but with Validation` and appears in a new user's permission basket. See the [Single Role Rule](/docs/identitymanager/6.2/integration-guide/toolkit/xml-configuration/provisioning/singlerolerule/index.md) topic for additional information. `24` - **Approved - Questioned**: the assignment was approved manually, then a change has been made in the assignment's source data via one of Identity Manager's workflows that should change the assignment but the manual approval is authoritative. See the [Resource Type](/docs/identitymanager/6.2/integration-guide/toolkit/xml-configuration/provisioning/resourcetype/index.md) topic for additional information. ![Workflow State: Approved - Questioned](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/automationrule/24_approvedquestioned_v603.webp) `25` - **Pending Approval - Risk**: the assignment must be reviewed due to a risk. ![Workflow State: Pending Approval (Risk)](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/automationrule/25_pendingapprovalrisk_v603.webp) `26` - **Blocked**: the assignment is blocked due to a risk of type `Blocking`. Does not appear in the UI. `27` - **Prolonged**: the assignment has expired but it was set with a grace period. See the [Single Role Rule](/docs/identitymanager/6.2/integration-guide/toolkit/xml-configuration/provisioning/singlerolerule/index.md) topic for additional information. ![Workflow State: Prolonged](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/automationrule/27_prolonged_v603.webp) `116` - **Approved - Risk**: the assignment is approved despite a risk. ![Workflow State: Approved (Risk)](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/16_approved_v603.webp) `118` - **Given by a Role**: the assignment comes from the assignment of a role. For example, when a user is assigned a SAP entitlement without having a SAP account, the account is created automatically with this state. ![Workflow State: Given by a Role](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/automationrule/118_givenbyarole_v603.webp) **Found** - Will match assignments not supported by a rule. ![Workflow State: Non-conforming](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/1_nonconforming_v603.webp) **Historic** - Will match assignments not supported by a rule, which existed before the production launch. ![Workflow State: Pre-existing](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/evaluate-policy/3_preexisting_v603.webp) | + +Original image link: ![Workflow State: Given by a Role](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/automationrule/118_givenbyarole_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\toolkit\xml-configuration\provisioning\contextrule\index.md +Context: +and sorting the dimension values per user percentage, we get the following table (right). + +![Role Mining Tables](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/contextrule/contextrules_rolemining.webp) + +The tables here represent a simple situation with few dimensions. But the higher the number of +Original image link: ![Role Mining Tables](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/contextrule/contextrules_rolemining.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\toolkit\xml-configuration\provisioning\recordsection\index.md +Context: +context and extend its values, which context should it be? + +![Schema - ExtensionKind](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/recordsection/recordsection_extensionkind.webp) + +Here, we decide to extend an existing contract to the gap, for example because users' email +Original image link: ![Schema - ExtensionKind](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/recordsection/recordsection_extensionkind.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\toolkit\xml-configuration\provisioning\resourcetype\index.md +Context: +scalar rule to Blanc. + +![Example - State 0](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/resourcetype/discardmanualassignments_state0_v602.webp) + +Let's see what happens when the user's name is changed manually directly in the AD. +Original image link: ![Example - State 0](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/resourcetype/discardmanualassignments_state0_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\toolkit\xml-configuration\provisioning\resourcetype\index.md +Context: +page. + +![Example - State 1](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/resourcetype/discardmanualassignments_state1_v602.webp) + +![Example - Step 1](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/resourcetype/discardmanualassignments_step1_v602.webp) +Original image link: ![Example - State 1](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/resourcetype/discardmanualassignments_state1_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\toolkit\xml-configuration\provisioning\resourcetype\index.md +Context: +![Example - State 1](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/resourcetype/discardmanualassignments_state1_v602.webp) + +![Example - Step 1](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/resourcetype/discardmanualassignments_step1_v602.webp) + +![Example - Step 2](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/resourcetype/discardmanualassignments_step2_v602.webp) +Original image link: ![Example - Step 1](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/resourcetype/discardmanualassignments_step1_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\toolkit\xml-configuration\provisioning\resourcetype\index.md +Context: +![Example - Step 1](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/resourcetype/discardmanualassignments_step1_v602.webp) + +![Example - Step 2](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/resourcetype/discardmanualassignments_step2_v602.webp) + +Once this manual new value is confirmed, the property is stated as **Approved**. +Original image link: ![Example - Step 2](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/resourcetype/discardmanualassignments_step2_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\toolkit\xml-configuration\provisioning\resourcetype\index.md +Context: +Once this manual new value is confirmed, the property is stated as **Approved**. + +![Example - State 2](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/resourcetype/discardmanualassignments_state2_v602.webp) + +Now suppose that the user's last name is changed to Black via Identity Manager's workflows. As the +Original image link: ![Example - State 2](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/resourcetype/discardmanualassignments_state2_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\toolkit\xml-configuration\provisioning\resourcetype\index.md +Context: + Manager only states the property's value as Questioned. + + ![Example - State 3](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/resourcetype/discardmanualassignments_state3_v602.webp) + + **NOTE:** No change in the source data can affect the property's value. However, any manual +Original image link: ![Example - State 3](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/resourcetype/discardmanualassignments_state3_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\toolkit\xml-configuration\provisioning\resourcetype\index.md +Context: + value Black. + + ![Example - State 4](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/resourcetype/discardmanualassignments_state4_v602.webp) + +In this scenario for Cedric Blanc, these behaviors can be summed up like the following: +Original image link: ![Example - State 4](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/resourcetype/discardmanualassignments_state4_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\toolkit\xml-configuration\provisioning\resourcetype\index.md +Context: +In this scenario for Cedric Blanc, these behaviors can be summed up like the following: + +![Schema for DiscardManualAssignments](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/resourcetype/discardmanualassignments_schema.webp) + +### Correlate Multiple Resources +Original image link: ![Schema for DiscardManualAssignments](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/resourcetype/discardmanualassignments_schema.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\toolkit\xml-configuration\provisioning\resourcetype\index.md +Context: +resource type has previously been correlated to the owner or not. + +![suggestallcorrelations-nnn](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/resourcetype/suggestallcorrelations-nnn.webp) + +- The value for both **Correlate Multiple Resources** and **Suggest All Correlations** is **No** +Original image link: ![suggestallcorrelations-nnn](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/resourcetype/suggestallcorrelations-nnn.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\toolkit\xml-configuration\provisioning\resourcetype\index.md +Context: + lower confidence rate they will be ignored. + + ![suggestallcorrelations-nnn2](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/resourcetype/suggestallcorrelations-nnn2.webp) + + If there are no Resources to be correlated with a confidence rate `>100`, the ones below with +Original image link: ![suggestallcorrelations-nnn2](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/resourcetype/suggestallcorrelations-nnn2.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\toolkit\xml-configuration\provisioning\resourcetype\index.md +Context: + confidence rate below 100 are Suggested or Ignored. + + ![suggestallcorrelations-nny](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/resourcetype/suggestallcorrelations-nny.webp) + +- The value for both **Correlate Multiple Resources** and **Suggest All Correlations** is **No** +Original image link: ![suggestallcorrelations-nny](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/resourcetype/suggestallcorrelations-nny.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\toolkit\xml-configuration\provisioning\resourcetype\index.md +Context: + there is one Resource already correlated so due to this all future correlations will be ignored. + + ![suggestallcorrelations-nyn](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/resourcetype/suggestallcorrelations-nyn.webp) + +- The value for **Correlate Multiple Resources** is **No**, **Suggest All Correlations** is **Yes** +Original image link: ![suggestallcorrelations-nyn](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/resourcetype/suggestallcorrelations-nyn.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\toolkit\xml-configuration\provisioning\resourcetype\index.md +Context: + there is no Resource already correlated so all Resource Types will be **Suggested**. + + ![suggestallcorrelations-nyy](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/resourcetype/suggestallcorrelations-nyy.webp) + +- The value for **Correlate Multiple Resources** is **No**, **Suggest All Correlations** **Yes** +Original image link: ![suggestallcorrelations-nyy](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/resourcetype/suggestallcorrelations-nyy.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\toolkit\xml-configuration\provisioning\resourcetype\index.md +Context: + will be **Suggested**. As for all other matches with lower confidence rate they will be ignored. + + ![suggestallcorrelations-ynn](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/resourcetype/suggestallcorrelations-ynn.webp) + +- The value for **Correlate Multiple Resources** is **Yes**, **Suggest All Correlations** **No**, +Original image link: ![suggestallcorrelations-ynn](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/resourcetype/suggestallcorrelations-ynn.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\toolkit\xml-configuration\provisioning\resourcetype\index.md +Context: + otherwise they will be ignored. + + ![suggestallcorrelations-ynn2](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/resourcetype/suggestallcorrelations-ynn2.webp) + + If there are no Resources to be correlated with a confidence rate `>100`, the ones with +Original image link: ![suggestallcorrelations-ynn2](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/resourcetype/suggestallcorrelations-ynn2.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\toolkit\xml-configuration\provisioning\resourcetype\index.md +Context: + confidence rate below 100 are Suggested. + + ![suggestallcorrelations-yny](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/resourcetype/suggestallcorrelations-yny.webp) + +- The value for **Correlate Multiple Resources** is **Yes**, **Suggest All Correlations** **No** +Original image link: ![suggestallcorrelations-yny](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/resourcetype/suggestallcorrelations-yny.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\toolkit\xml-configuration\provisioning\resourcetype\index.md +Context: + **Correlated** and the ones `<100` will be ignored. + + ![suggestallcorrelations-yyny](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/resourcetype/suggestallcorrelations-yyny.webp) + +- The value for **Correlate Multiple Resources** is **Yes**, **Suggest All Correlations** **Yes** +Original image link: ![suggestallcorrelations-yyny](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/resourcetype/suggestallcorrelations-yyny.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\toolkit\xml-configuration\provisioning\resourcetype\index.md +Context: +[ Context Rule ](/docs/identitymanager/6.2/integration-guide/toolkit/xml-configuration/provisioning/contextrule/index.md) topics for additional information. + +![Schema - Default Application Period](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/resourcetype/datamodel_scalarrule_timeoffsetdefault.webp) + +A time offset adjusts the period for which the rule applies and computes a property's value. +Original image link: ![Schema - Default Application Period](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/resourcetype/datamodel_scalarrule_timeoffsetdefault.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\toolkit\xml-configuration\provisioning\resourcetype\index.md +Context: +``` + +![Schema - Offset Application Period](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/resourcetype/datamodel_scalarrule_timeoffsetexample.webp) + +If the time period of property computation exceeds the limits of the period of resource type +Original image link: ![Schema - Offset Application Period](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/resourcetype/datamodel_scalarrule_timeoffsetexample.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\toolkit\xml-configuration\provisioning\resourcetype\index.md +Context: +following: + +![Schema - Overlapping Offsets](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/resourcetype/datamodel_scalarrule_timeoffsetoverlap.webp) + +### Properties +Original image link: ![Schema - Overlapping Offsets](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/provisioning/resourcetype/datamodel_scalarrule_timeoffsetoverlap.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\toolkit\xml-configuration\user-interface\displayentitytype\index.md +Context: +change the selection using the top-left dropdown. + +![Change Selection](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/user-interface/displayentitytype/ui_displaypriorities_changeselection_v521beta.webp) + +Priorities are integer values, positive or negative. The most important priority is assigned to the +Original image link: ![Change Selection](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/user-interface/displayentitytype/ui_displaypriorities_changeselection_v521beta.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\toolkit\xml-configuration\user-interface\displaypropertygroup\index.md +Context: +``` + +![Display Property Group - Example](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/user-interface/displaypropertygroup/displaypropertygroup_example_v603.webp) + +Any property without a value is not displayed. +Original image link: ![Display Property Group - Example](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/user-interface/displaypropertygroup/displaypropertygroup_example_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\toolkit\xml-configuration\user-interface\displaytable\index.md +Context: +``` + +![Example - DisplayTableDesignElement Set to Table](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/user-interface/displaytable/displaytabledesignelement_table_v602.webp) + +DisplayTableDesignElement list +Original image link: ![Example - DisplayTableDesignElement Set to Table](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/user-interface/displaytable/displaytabledesignelement_table_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\toolkit\xml-configuration\user-interface\displaytable\index.md +Context: +``` + +![Example - DisplayTableDesignElement Set to List](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/user-interface/displaytable/displaytabledesignelement_list_v602.webp) + +_Remember,_ for resources to be displayed as a list, the display table must also be configured with +Original image link: ![Example - DisplayTableDesignElement Set to List](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/user-interface/displaytable/displaytabledesignelement_list_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\toolkit\xml-configuration\user-interface\displaytable\index.md +Context: +``` + +![Example - DisplayTableDesignElement Set to ResourceTable](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/user-interface/displaytable/displaytabledesignelement_resourcetable_v602.webp) + +## Properties +Original image link: ![Example - DisplayTableDesignElement Set to ResourceTable](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/user-interface/displaytable/displaytabledesignelement_resourcetable_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\toolkit\xml-configuration\user-interface\form\index.md +Context: +When `HideRoles` is set to `true`, then the **Access Permissions** tab is not accessible. + +![Access Permissions](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/user-interface/form/form_hideroles_v603.webp) + +Adjust the request type +Original image link: ![Access Permissions](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/user-interface/form/form_hideroles_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\toolkit\xml-configuration\user-interface\form\index.md +Context: +When `WorkflowRequestType` is set to `Self`, then the finalization step looks like: + +![WorkflowRequestType = Self](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/user-interface/form/form_requesttypeself_v603.webp) + +When `WorkflowRequestType` is set to `Helpdesk`, then the finalization step looks like: +Original image link: ![WorkflowRequestType = Self](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/user-interface/form/form_requesttypeself_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\toolkit\xml-configuration\user-interface\form\index.md +Context: +When `WorkflowRequestType` is set to `Helpdesk`, then the finalization step looks like: + +![WorkflowRequestType = Helpdesk](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/user-interface/form/form_requesttypehelpdesk_v603.webp) + +Display records in a table +Original image link: ![WorkflowRequestType = Helpdesk](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/user-interface/form/form_requesttypehelpdesk_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\toolkit\xml-configuration\user-interface\form\index.md +Context: +Display records in a table + +![RecordTable Example](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/user-interface/form/form_recordtable_v603.webp) + +InputType display +Original image link: ![RecordTable Example](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/user-interface/form/form_recordtable_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\toolkit\xml-configuration\user-interface\form\index.md +Context: +set of values listed below: + +![inputtypeattachment](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/user-interface/form/inputtypeattachment.webp) + +- Attachment — represents a control for adding an attachment +Original image link: ![inputtypeattachment](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/user-interface/form/inputtypeattachment.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\toolkit\xml-configuration\user-interface\form\index.md +Context: +- Auto — takes by default the type of the EntityType property + + ![inputtypecheckbox](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/user-interface/form/inputtypecheckbox.webp) + +- Checkbox — a boolean control which supports one of the two states +Original image link: ![inputtypecheckbox](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/user-interface/form/inputtypecheckbox.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\toolkit\xml-configuration\user-interface\form\index.md +Context: +- Checkbox — a boolean control which supports one of the two states + + ![inputtypecombobox](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/user-interface/form/inputtypecombobox.webp) + +- Combobox — a dropdown which supports single selection +Original image link: ![inputtypecombobox](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/user-interface/form/inputtypecombobox.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\toolkit\xml-configuration\user-interface\form\index.md +Context: +- Combobox — a dropdown which supports single selection + + ![inputtypecomboboxmultiselection](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/user-interface/form/inputtypecomboboxmultiselection.webp) + +- ComboboxMultiSelection — a dropdown which supports multiple selection +Original image link: ![inputtypecomboboxmultiselection](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/user-interface/form/inputtypecomboboxmultiselection.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\toolkit\xml-configuration\user-interface\form\index.md +Context: +- ComboboxMultiSelection — a dropdown which supports multiple selection + + ![inputtypedate](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/user-interface/form/inputtypedate.webp) + +- Date — Date control +Original image link: ![inputtypedate](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/user-interface/form/inputtypedate.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\toolkit\xml-configuration\user-interface\form\index.md +Context: +- Hidden — Hides the input + + ![inputtypeimage](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/user-interface/form/inputtypeimage.webp) + +- Image - Control to show / upload image +Original image link: ![inputtypeimage](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/user-interface/form/inputtypeimage.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\toolkit\xml-configuration\user-interface\form\index.md +Context: + specified in a Control of a Form, it's the default value). + + ![inputtypepicker](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/user-interface/form/inputtypepicker.webp) + +- Picker — Opens a grid to select a resource +Original image link: ![inputtypepicker](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/user-interface/form/inputtypepicker.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\toolkit\xml-configuration\user-interface\form\index.md +Context: +- Picker — Opens a grid to select a resource + + ![inputtypetext](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/user-interface/form/inputtypetext.webp) + +- Text — Displays a single-line of text +Original image link: ![inputtypetext](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/user-interface/form/inputtypetext.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\toolkit\xml-configuration\user-interface\form\index.md +Context: +- Text — Displays a single-line of text + + ![inputtypetextarea](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/user-interface/form/inputtypetextarea.webp) + +- TextArea — A textbox which supports carriage return character. +Original image link: ![inputtypetextarea](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/user-interface/form/inputtypetextarea.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\toolkit\xml-configuration\workflows\aspects\addchangeaspect\index.md +Context: +The position of the pointcut is specified by an activity state and a mode (before or after). + +![pointcut Schema](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/workflows/aspects/addchangeaspect/pointcut.webp) + +| Property | Details | +Original image link: ![pointcut Schema](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/workflows/aspects/addchangeaspect/pointcut.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\toolkit\xml-configuration\workflows\aspects\assertvalueaspect\index.md +Context: +The position of the pointcut is specified by an activity state and a mode (before or after). + +![pointcut Schema](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/workflows/aspects/addchangeaspect/pointcut.webp) + +| Property | Type | Description | +Original image link: ![pointcut Schema](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/workflows/aspects/addchangeaspect/pointcut.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\toolkit\xml-configuration\workflows\aspects\assertvaluerequiredaspect\index.md +Context: +The position of the pointcut is specified by an activity state and a mode (before or after). + +![pointcut Schema](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/workflows/aspects/addchangeaspect/pointcut.webp) + +| Property | Details | +Original image link: ![pointcut Schema](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/workflows/aspects/addchangeaspect/pointcut.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\toolkit\xml-configuration\workflows\aspects\builduniquevalueaspect\index.md +Context: +The position of the pointcut is specified by an activity state and a mode (before or after). + +![pointcut Schema](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/workflows/aspects/addchangeaspect/pointcut.webp) + +| Property | Details | +Original image link: ![pointcut Schema](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/workflows/aspects/addchangeaspect/pointcut.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\toolkit\xml-configuration\workflows\aspects\builduniquevalueaspect\index.md +Context: +target binding/expression in the target entity type. + +![Schema: Unicity Check](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/workflows/aspects/builduniquevalueaspect/aspects_unicitycheck.webp) + +> For example, we need to generate an email address for any new user joining the company. We +Original image link: ![Schema: Unicity Check](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/workflows/aspects/builduniquevalueaspect/aspects_unicitycheck.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\toolkit\xml-configuration\workflows\aspects\invokescriptaspect\index.md +Context: +The position of the pointcut is specified by an activity state and a mode (before or after). + +![pointcut Schema](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/workflows/aspects/addchangeaspect/pointcut.webp) + +| Property | Type | Description | +Original image link: ![pointcut Schema](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/workflows/aspects/addchangeaspect/pointcut.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\toolkit\xml-configuration\workflows\aspects\invokeworkflowaspect\index.md +Context: +The position of the pointcut is specified by an activity state and a mode (before or after). + +![pointcut Schema](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/workflows/aspects/addchangeaspect/pointcut.webp) + +| Property | Details | +Original image link: ![pointcut Schema](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/workflows/aspects/addchangeaspect/pointcut.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\toolkit\xml-configuration\workflows\aspects\notificationaspect\index.md +Context: +The position of the pointcut is specified by an activity state and a mode (before or after). + +![pointcut Schema](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/workflows/aspects/addchangeaspect/pointcut.webp) + +| Property | Details | +Original image link: ![pointcut Schema](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/workflows/aspects/addchangeaspect/pointcut.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\toolkit\xml-configuration\workflows\forms\workflowaddandendrecordentityform\index.md +Context: +The contents of `MainControl` and `RecordControl` are visible during the workflow's execution: + +![Form Example - Update Position](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/workflows/forms/workflowaddandendrecordentityform/formexample_workflowaddandendrecordentityform_v603.webp) + +The content of `RecordUniqueItemControl` is not visible. The user's records that have the same +Original image link: ![Form Example - Update Position](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/workflows/forms/workflowaddandendrecordentityform/formexample_workflowaddandendrecordentityform_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\toolkit\xml-configuration\workflows\forms\workflowaddandendrecordentityform\index.md +Context: +execution: + +![Summary Form Example - Update Position](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/workflows/forms/workflowaddandendrecordentityform/formexample_workflowaddandendrecordentityform_summary_v603.webp) + +## Properties +Original image link: ![Summary Form Example - Update Position](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/workflows/forms/workflowaddandendrecordentityform/formexample_workflowaddandendrecordentityform_summary_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\toolkit\xml-configuration\workflows\forms\workflowaddrecordentityform\index.md +Context: +The contents of `MainControl` and `RecordControl` are visible during the workflow's execution: + +![Form Example - Computer Request](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/workflows/forms/workflowaddrecordentityform/formexample_workflowaddrecordentityform_v603.webp) + +The content of `RecordUniqueItemControl` is not visible. The user's records that have the same +Original image link: ![Form Example - Computer Request](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/workflows/forms/workflowaddrecordentityform/formexample_workflowaddrecordentityform_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\toolkit\xml-configuration\workflows\forms\workflowaddrecordentityform\index.md +Context: +execution: + +![Summary Form Example - Computer Request](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/workflows/forms/workflowaddrecordentityform/formexample_workflowaddrecordentityform_summary_v603.webp) + +## Properties +Original image link: ![Summary Form Example - Computer Request](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/workflows/forms/workflowaddrecordentityform/formexample_workflowaddrecordentityform_summary_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\toolkit\xml-configuration\workflows\forms\workflowcreateentityform\index.md +Context: +The content of `MainControl` is visible during the workflow's execution: + +![Form Example - Site Creation](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/workflows/forms/workflowcreateentityform/formexample_workflowcreateentityform_v603.webp) + +The content of `SummaryControl` is visible after the workflow's execution: +Original image link: ![Form Example - Site Creation](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/workflows/forms/workflowcreateentityform/formexample_workflowcreateentityform_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\toolkit\xml-configuration\workflows\forms\workflowcreateentityform\index.md +Context: +The content of `SummaryControl` is visible after the workflow's execution: + +![Summary Form Example - Site Creation](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/workflows/forms/workflowcreateentityform/formexample_workflowcreateentityform_summary_v603.webp) + +## Properties +Original image link: ![Summary Form Example - Site Creation](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/workflows/forms/workflowcreateentityform/formexample_workflowcreateentityform_summary_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\toolkit\xml-configuration\workflows\forms\workflowcreaterecordentityform\index.md +Context: +The content of `MainControl` is visible during the workflow's execution: + +![Form Example - New User from HR](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/workflows/forms/workflowcreaterecordentityform/formexample_workflowcreaterecordentityform_v603.webp) + +The contents of `MainSummaryControl` and `RecordSummaryControl` are visible after the workflow's +Original image link: ![Form Example - New User from HR](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/workflows/forms/workflowcreaterecordentityform/formexample_workflowcreaterecordentityform_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\toolkit\xml-configuration\workflows\forms\workflowcreateseveralrecordsentityform\index.md +Context: +workflow's execution: + +![Form Example - New User from Helpdesk](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/workflows/forms/workflowcreateseveralrecordsentityform/formexample_workflowcreateseveralrecordsentityform_v603.webp) + +## Properties +Original image link: ![Form Example - New User from Helpdesk](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/workflows/forms/workflowcreateseveralrecordsentityform/formexample_workflowcreateseveralrecordsentityform_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\toolkit\xml-configuration\workflows\forms\workfloweditentityform\index.md +Context: +The content of `MainControl` is visible during the workflow's execution: + +![Form Example - Computer Request](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/workflows/forms/workfloweditentityform/formexample_workfloweditentityform_v603.webp) + +The content of `SummaryControl` is visible after the workflow's execution: +Original image link: ![Form Example - Computer Request](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/workflows/forms/workfloweditentityform/formexample_workfloweditentityform_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\toolkit\xml-configuration\workflows\forms\workfloweditentityform\index.md +Context: +The content of `SummaryControl` is visible after the workflow's execution: + +![Summary Form Example - Computer Request](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/workflows/forms/workfloweditentityform/formexample_workfloweditentityform_summary_v603.webp) + +## Properties +Original image link: ![Summary Form Example - Computer Request](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/workflows/forms/workfloweditentityform/formexample_workfloweditentityform_summary_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\toolkit\xml-configuration\workflows\forms\workflowupdaterecordentitiesform\index.md +Context: +The contents of `MainControl` and `RecordControl` are visible during the workflow's execution: + +![Form Example - Mass Update](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/workflows/forms/workflowupdaterecordentitiesform/formexample_workflowupdaterecordentitiesform_v603.webp) + +The content of `RecordUniqueItemControl` is not visible. The user's records that have the same +Original image link: ![Form Example - Mass Update](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/workflows/forms/workflowupdaterecordentitiesform/formexample_workflowupdaterecordentitiesform_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\toolkit\xml-configuration\workflows\forms\workflowupdaterecordentityform\index.md +Context: +The contents of `MainControl` and `RecordControl` are visible during the workflow's execution: + +![Form Example - Update Data](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/workflows/forms/workflowupdaterecordentityform/formexample_workflowupdaterecordentityform_v603.webp) + +The content of `RecordUniqueItemControl` is not visible. The user's records that have the same +Original image link: ![Form Example - Update Data](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/workflows/forms/workflowupdaterecordentityform/formexample_workflowupdaterecordentityform_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\toolkit\xml-configuration\workflows\forms\workflowupdaterecordentityform\index.md +Context: +execution: + +![Summary Form Example - Update Data](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/workflows/forms/workflowupdaterecordentityform/formexample_workflowupdaterecordentityform_summary_v603.webp) + +## Properties +Original image link: ![Summary Form Example - Update Data](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/workflows/forms/workflowupdaterecordentityform/formexample_workflowupdaterecordentityform_summary_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\toolkit\xml-configuration\workflows\forms\workflowupdateseveralrecordsentityform\index.md +Context: +`RecordSlaveControl` are visible during the workflow's execution: + +![Form Example - Manage a User's Positions](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/workflows/forms/workflowupdateseveralrecordsentityform/formexample_workflowupdateseveralrecordsentityform_v603.webp) + +When adding a new position, we decide to make `Title` available, in addition to the fields used to +Original image link: ![Form Example - Manage a User's Positions](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/workflows/forms/workflowupdateseveralrecordsentityform/formexample_workflowupdateseveralrecordsentityform_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\toolkit\xml-configuration\workflows\forms\workflowupdateseveralrecordsentityform\index.md +Context: +update existing records: + +![Form Example - Manage a User's Positions - New Record](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/workflows/forms/workflowupdateseveralrecordsentityform/formexample_workflowupdateseveralrecordsentityform_newrecord_v603.webp) + +The content of `RecordUniqueItemControl` is not visible. The user's records that have the same +Original image link: ![Form Example - Manage a User's Positions - New Record](/img/product_docs/identitymanager/saas/integration-guide/toolkit/xml-configuration/workflows/forms/workflowupdateseveralrecordsentityform/formexample_workflowupdateseveralrecordsentityform_newrecord_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\ui\how-tos\create-menu-items\index.md +Context: +This XML element gives the following result: + +![Add workflow link in resource list entity](/img/product_docs/identitymanager/saas/integration-guide/ui/how-tos/create-menu-items/workflowinentitylist.webp) + +### Create menu items for a workflow in a resource view +Original image link: ![Add workflow link in resource list entity](/img/product_docs/identitymanager/saas/integration-guide/ui/how-tos/create-menu-items/workflowinentitylist.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\ui\how-tos\create-menu-items\index.md +Context: +This XML element gives the following result: + +![Workflow in resource view](/img/product_docs/identitymanager/saas/integration-guide/ui/how-tos/create-menu-items/workflowinresourceview.webp) + +![All workflow in resource view*](/img/product_docs/identitymanager/saas/integration-guide/ui/how-tos/create-menu-items/allworkflowinresourceview.webp) +Original image link: ![Workflow in resource view](/img/product_docs/identitymanager/saas/integration-guide/ui/how-tos/create-menu-items/workflowinresourceview.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\ui\how-tos\create-menu-items\index.md +Context: +![Workflow in resource view](/img/product_docs/identitymanager/saas/integration-guide/ui/how-tos/create-menu-items/workflowinresourceview.webp) + +![All workflow in resource view*](/img/product_docs/identitymanager/saas/integration-guide/ui/how-tos/create-menu-items/allworkflowinresourceview.webp) + +Original image link: ![All workflow in resource view*](/img/product_docs/identitymanager/saas/integration-guide/ui/how-tos/create-menu-items/allworkflowinresourceview.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\ui\how-tos\custom-display-table\index.md +Context: +Here is the visualization of this display table on the interface: + +![DisplayTable(Table)](/img/product_docs/identitymanager/saas/integration-guide/ui/how-tos/custom-display-table/displaytablestable.webp) + +Ergonomically, it is recommended to hide the search symbol in a column header (in a list displayed +Original image link: ![DisplayTable(Table)](/img/product_docs/identitymanager/saas/integration-guide/ui/how-tos/custom-display-table/displaytablestable.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\ui\how-tos\custom-display-table\index.md +Context: +Here is the visualization of this resource table on the interface: + +![ResourceTable](/img/product_docs/identitymanager/saas/integration-guide/ui/how-tos/custom-display-table/displaytablesresourcetable.webp) + +## Display Table with Tiles +Original image link: ![ResourceTable](/img/product_docs/identitymanager/saas/integration-guide/ui/how-tos/custom-display-table/displaytablesresourcetable.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\ui\how-tos\custom-display-table\index.md +Context: +Here is the visualization of this display table on the interface: + +![DisplayTable with Tiles](/img/product_docs/identitymanager/saas/integration-guide/ui/how-tos/custom-display-table/displaytablestiles.webp) + +See the [Display Table](/docs/identitymanager/6.2/integration-guide/toolkit/xml-configuration/user-interface/displaytable/index.md) +Original image link: ![DisplayTable with Tiles](/img/product_docs/identitymanager/saas/integration-guide/ui/how-tos/custom-display-table/displaytablestiles.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\ui\how-tos\custom-search-bar\index.md +Context: +Here is the visualization of this searchbar on the interface: + +![SearchBarWithoutFilters](/img/product_docs/identitymanager/saas/integration-guide/ui/how-tos/custom-search-bar/searchbarwithoutfilter.webp) + +Ergonomically, it is recommended to hide the search symbol in a column header (in a list displayed +Original image link: ![SearchBarWithoutFilters](/img/product_docs/identitymanager/saas/integration-guide/ui/how-tos/custom-search-bar/searchbarwithoutfilter.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\ui\how-tos\custom-search-bar\index.md +Context: +Here is the visualization of this criterion on the interface: + +![SearchBarFilter](/img/product_docs/identitymanager/saas/integration-guide/ui/how-tos/custom-search-bar/searchbarfilters.webp) + +## Search Bar Menu +Original image link: ![SearchBarFilter](/img/product_docs/identitymanager/saas/integration-guide/ui/how-tos/custom-search-bar/searchbarfilters.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\workflows\activity-templates\index.md +Context: +Going through an activity means going through states and transitions. + +![Activity Template - Example](/img/product_docs/identitymanager/saas/integration-guide/workflows/activity-templates/activitytemplates_example.webp) + +By default, Identity Manager's workflow engine implements the following activity templates: +Original image link: ![Activity Template - Example](/img/product_docs/identitymanager/saas/integration-guide/workflows/activity-templates/activitytemplates_example.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\workflows\activity-templates\index.md +Context: +Awaits user modifications without another user's intervention. + +![Activity Template - Action](/img/product_docs/identitymanager/saas/integration-guide/workflows/activity-templates/activitytemplates_action.webp) + +### ActionWithRefine +Original image link: ![Activity Template - Action](/img/product_docs/identitymanager/saas/integration-guide/workflows/activity-templates/activitytemplates_action.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\workflows\activity-templates\index.md +Context: +Awaits user modifications with the possibility to delegate the action to another user. + +![Activity Template - ActionWithRefine](/img/product_docs/identitymanager/saas/integration-guide/workflows/activity-templates/activitytemplates_actionwithrefine.webp) + +The `ActionWithRefine` activity can be translated into the following form: +Original image link: ![Activity Template - ActionWithRefine](/img/product_docs/identitymanager/saas/integration-guide/workflows/activity-templates/activitytemplates_actionwithrefine.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\workflows\activity-templates\index.md +Context: +The `ActionWithRefine` activity can be translated into the following form: + +![ActionWithRefine in the UI](/img/product_docs/identitymanager/saas/integration-guide/workflows/activity-templates/activity_actionwithrefine_v602.webp) + +### Review +Original image link: ![ActionWithRefine in the UI](/img/product_docs/identitymanager/saas/integration-guide/workflows/activity-templates/activity_actionwithrefine_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\workflows\activity-templates\index.md +Context: +Awaits user approval without another user's intervention. + +![Activity Template - Review](/img/product_docs/identitymanager/saas/integration-guide/workflows/activity-templates/activitytemplates_review.webp) + +### ReviewWithFeedback +Original image link: ![Activity Template - Review](/img/product_docs/identitymanager/saas/integration-guide/workflows/activity-templates/activitytemplates_review.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\workflows\activity-templates\index.md +Context: +action. + +![Activity Template - ReviewWithFeedback](/img/product_docs/identitymanager/saas/integration-guide/workflows/activity-templates/activitytemplates_reviewwithfeedback.webp) + +The `ReviewWithFeedback` activity can be translated into the following form: +Original image link: ![Activity Template - ReviewWithFeedback](/img/product_docs/identitymanager/saas/integration-guide/workflows/activity-templates/activitytemplates_reviewwithfeedback.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\workflows\activity-templates\index.md +Context: +The `ReviewWithFeedback` activity can be translated into the following form: + +![ReviewWithFeedback in the UI](/img/product_docs/identitymanager/saas/integration-guide/workflows/activity-templates/activity_reviewwithfeedback_v602.webp) + +### Persist +Original image link: ![ReviewWithFeedback in the UI](/img/product_docs/identitymanager/saas/integration-guide/workflows/activity-templates/activity_reviewwithfeedback_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\workflows\how-to\workflow-create-mono\index.md +Context: +``` + +![UI Form](/img/product_docs/identitymanager/saas/integration-guide/workflows/how-to/workflow-create-mono/howto_resourcecreationmono_form_v602.webp) + +### Add a summary (Optional) +Original image link: ![UI Form](/img/product_docs/identitymanager/saas/integration-guide/workflows/how-to/workflow-create-mono/howto_resourcecreationmono_form_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\workflows\how-to\workflow-create-mono\index.md +Context: +``` + +![UI Summary](/img/product_docs/identitymanager/saas/integration-guide/workflows/how-to/workflow-create-mono/howto_resourcecreationmono_summary_v602.webp) + +## Assign the Right Permissions +Original image link: ![UI Summary](/img/product_docs/identitymanager/saas/integration-guide/workflows/how-to/workflow-create-mono/howto_resourcecreationmono_summary_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\workflows\how-to\workflow-create-mono\index.md +Context: +Creating a new resource, an interesting location for this workflow could be the users list page. + +![Workflow Menu Items - Users List](/img/product_docs/identitymanager/saas/integration-guide/workflows/how-to/workflow-create-multi/menuitems_userslist_v603.webp) + +To create a menu item here for the new workflow, you can add the following XML configuration to the +Original image link: ![Workflow Menu Items - Users List](/img/product_docs/identitymanager/saas/integration-guide/workflows/how-to/workflow-create-multi/menuitems_userslist_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\workflows\how-to\workflow-create-mono\index.md +Context: +``` + +![UI Homonym Detection](/img/product_docs/identitymanager/saas/integration-guide/workflows/how-to/workflow-create-multi/howto_resourcecreationmono_homonym_v603.webp) + +## Customize the Display Table (Optional) +Original image link: ![UI Homonym Detection](/img/product_docs/identitymanager/saas/integration-guide/workflows/how-to/workflow-create-multi/howto_resourcecreationmono_homonym_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\workflows\how-to\workflow-create-multi\index.md +Context: +``` + +![UI Form](/img/product_docs/identitymanager/saas/integration-guide/workflows/how-to/workflow-create-multi/howto_resourcecreationmulti_form_v603.webp) + +## Assign the Right Permissions +Original image link: ![UI Form](/img/product_docs/identitymanager/saas/integration-guide/workflows/how-to/workflow-create-multi/howto_resourcecreationmulti_form_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\workflows\how-to\workflow-create-multi\index.md +Context: +Creating a new resource, an interesting location for this workflow could be the users list page. + +![Workflow Menu Items - Users List](/img/product_docs/identitymanager/saas/integration-guide/workflows/how-to/workflow-create-multi/menuitems_userslist_v603.webp) + +To create a menu item here for the new workflow, you can add the following XML configuration to the +Original image link: ![Workflow Menu Items - Users List](/img/product_docs/identitymanager/saas/integration-guide/workflows/how-to/workflow-create-multi/menuitems_userslist_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\workflows\how-to\workflow-create-multi\index.md +Context: +``` + +![UI Homonym Detection](/img/product_docs/identitymanager/saas/integration-guide/workflows/how-to/workflow-create-multi/howto_resourcecreationmono_homonym_v603.webp) + +## Customize the Display Table (Optional) +Original image link: ![UI Homonym Detection](/img/product_docs/identitymanager/saas/integration-guide/workflows/how-to/workflow-create-multi/howto_resourcecreationmono_homonym_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\workflows\how-to\workflow-update-mono\index.md +Context: +``` + +![UI Form](/img/product_docs/identitymanager/saas/integration-guide/workflows/how-to/workflow-update-mono/howto_resourceupdatemono_form_v603.webp) + +`End of transition` sets the date for the change of records scheduled by this form. +Original image link: ![UI Form](/img/product_docs/identitymanager/saas/integration-guide/workflows/how-to/workflow-update-mono/howto_resourceupdatemono_form_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\workflows\how-to\workflow-update-mono\index.md +Context: +interesting location for this workflow could be the individual view page of users. + +![Workflow Menu Items - User's Page](/img/product_docs/identitymanager/saas/integration-guide/workflows/how-to/workflow-update-mono/menuitems_userview_v603.webp) + +To create a menu item here for the new workflow, you can add the following XML configuration to the +Original image link: ![Workflow Menu Items - User's Page](/img/product_docs/identitymanager/saas/integration-guide/workflows/how-to/workflow-update-mono/menuitems_userview_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\workflows\how-to\workflow-update-multi\index.md +Context: +copies part of the main record to pre-fill the fields of `RecordUniqueControl`. + +![UI Form](/img/product_docs/identitymanager/saas/integration-guide/workflows/how-to/workflow-update-multi/howto_resourceupdatemulti_form_v603.webp) + +## Assign the Right Permissions +Original image link: ![UI Form](/img/product_docs/identitymanager/saas/integration-guide/workflows/how-to/workflow-update-multi/howto_resourceupdatemulti_form_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\workflows\how-to\workflow-update-multi\index.md +Context: +interesting location for this workflow could be the individual view page of users. + +![Workflow Menu Items - User's Page](/img/product_docs/identitymanager/saas/integration-guide/workflows/how-to/workflow-update-mono/menuitems_userview_v603.webp) + +To create a menu item here for the new workflow, you can add the following XML configuration to the +Original image link: ![Workflow Menu Items - User's Page](/img/product_docs/identitymanager/saas/integration-guide/workflows/how-to/workflow-update-mono/menuitems_userview_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\workflows\how-to\workflow-update-resource\index.md +Context: +``` + +![UI Form](/img/product_docs/identitymanager/saas/integration-guide/workflows/how-to/workflow-update-resource/howto_resourceupdateno_form_v603.webp) + +### Add a summary (Optional) +Original image link: ![UI Form](/img/product_docs/identitymanager/saas/integration-guide/workflows/how-to/workflow-update-resource/howto_resourceupdateno_form_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\workflows\how-to\workflow-update-resource\index.md +Context: +``` + +![UI Summary](/img/product_docs/identitymanager/saas/integration-guide/workflows/how-to/workflow-update-resource/howto_resourceupdateno_summary_v603.webp) + +## Assign the Right Permissions +Original image link: ![UI Summary](/img/product_docs/identitymanager/saas/integration-guide/workflows/how-to/workflow-update-resource/howto_resourceupdateno_summary_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\workflows\how-to\workflow-update-resource\index.md +Context: +interesting location for this workflow could be the individual view page of users. + +![Workflow Menu Items - User's Page](/img/product_docs/identitymanager/saas/integration-guide/workflows/how-to/workflow-update-mono/menuitems_userview_v603.webp) + +To create a menu item here for the new workflow, you can add the following XML configuration to the +Original image link: ![Workflow Menu Items - User's Page](/img/product_docs/identitymanager/saas/integration-guide/workflows/how-to/workflow-update-mono/menuitems_userview_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\workflows\index.md +Context: + +- the list of users accessible from the **Directory** section on the home page; + ![Workflow Menu Items - Users List](/img/product_docs/identitymanager/saas/integration-guide/workflows/how-to/workflow-create-multi/menuitems_userslist_v603.webp) +- the view page of a given user. In this case, the workflows manipulate the selected user. + ![Workflow Menu Items - User's Page](/img/product_docs/identitymanager/saas/integration-guide/workflows/how-to/workflow-update-mono/menuitems_userview_v603.webp) +Original image link: ![Workflow Menu Items - Users List](/img/product_docs/identitymanager/saas/integration-guide/workflows/how-to/workflow-create-multi/menuitems_userslist_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\integration-guide\workflows\index.md +Context: + ![Workflow Menu Items - Users List](/img/product_docs/identitymanager/saas/integration-guide/workflows/how-to/workflow-create-multi/menuitems_userslist_v603.webp) +- the view page of a given user. In this case, the workflows manipulate the selected user. + ![Workflow Menu Items - User's Page](/img/product_docs/identitymanager/saas/integration-guide/workflows/how-to/workflow-update-mono/menuitems_userview_v603.webp) + +## Aspects +Original image link: ![Workflow Menu Items - User's Page](/img/product_docs/identitymanager/saas/integration-guide/workflows/how-to/workflow-update-mono/menuitems_userview_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\introduction-guide\architecture\index.md +Context: +- SaaS so that the server dwells in the cloud and is provided as a service; + + ![Architecture: SaaS](/img/product_docs/identitymanager/saas/integration-guide/architecture/saas/architecture_saas.webp) + +- on-premises so that the server is installed on an isolated network within the company. +Original image link: ![Architecture: SaaS](/img/product_docs/identitymanager/saas/integration-guide/architecture/saas/architecture_saas.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\introduction-guide\architecture\index.md +Context: +- on-premises so that the server is installed on an isolated network within the company. + + ![Architecture: On-Premises](/img/product_docs/identitymanager/saas/integration-guide/architecture/on-prem/architecture_onprem.webp) + +## Next Steps +Original image link: ![Architecture: On-Premises](/img/product_docs/identitymanager/saas/integration-guide/architecture/on-prem/architecture_onprem.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\introduction-guide\overview\entitlement-management\index.md +Context: +entitlements available in the managed systems, and assign the right entitlements to the right users. + +![Role Catalog and Users](/img/product_docs/identitymanager/saas/introduction-guide/overview/entitlement-management/entitlements_rolecatalogusers.webp) + +Thus, the role model contains: +Original image link: ![Role Catalog and Users](/img/product_docs/identitymanager/saas/introduction-guide/overview/entitlement-management/entitlements_rolecatalogusers.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\introduction-guide\overview\entitlement-management\index.md +Context: + types. + +![Role Model](/img/product_docs/identitymanager/saas/introduction-guide/overview/entitlement-management/entitlements_rolemodel.webp) + +The role model is a subset of a policy that also includes [Governance](/docs/identitymanager/6.2/introduction-guide/overview/governance/index.md) data +Original image link: ![Role Model](/img/product_docs/identitymanager/saas/introduction-guide/overview/entitlement-management/entitlements_rolemodel.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\introduction-guide\overview\entitlement-management\index.md +Context: +everyone knows what the role is for. + +![Single Roles](/img/product_docs/identitymanager/saas/user-guide/set-up/single-roles-catalog-creation/singlerolescatalog_schemarole.webp) + +Each individual entitlement should usually be modeled by a single role, and single roles can be +Original image link: ![Single Roles](/img/product_docs/identitymanager/saas/user-guide/set-up/single-roles-catalog-creation/singlerolescatalog_schemarole.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\introduction-guide\overview\entitlement-management\index.md +Context: +grouped together into composite roles to be closer to real job positions. + +![Composite Roles](/img/product_docs/identitymanager/saas/introduction-guide/overview/entitlement-management/entitlements_compositeroles.webp) + +## A Rule Set +Original image link: ![Composite Roles](/img/product_docs/identitymanager/saas/introduction-guide/overview/entitlement-management/entitlements_compositeroles.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\introduction-guide\overview\entitlement-management\index.md +Context: +> member list of a specific AD group. + +![Provisioning Rules](/img/product_docs/identitymanager/saas/introduction-guide/overview/entitlement-management/entitlements_provisioningrules.webp) + +Even when a role is manually assigned, provisioning rules will determine which account (and +Original image link: ![Provisioning Rules](/img/product_docs/identitymanager/saas/introduction-guide/overview/entitlement-management/entitlements_provisioningrules.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\introduction-guide\overview\entitlement-management\index.md +Context: +> is benefits manager and whose location is in France. + +![Assignment Rules](/img/product_docs/identitymanager/saas/introduction-guide/overview/entitlement-management/entitlements_assignmentrules.webp) + +Once all assignment rules are created, Identity Manager is able to spot existing assignments that +Original image link: ![Assignment Rules](/img/product_docs/identitymanager/saas/introduction-guide/overview/entitlement-management/entitlements_assignmentrules.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\introduction-guide\overview\entitlement-management\index.md +Context: +> accounts. + +![Categorization Rules](/img/product_docs/identitymanager/saas/introduction-guide/overview/entitlement-management/entitlements_categorizationrules.webp) + +Identity Manager's categorization rules are: +Original image link: ![Categorization Rules](/img/product_docs/identitymanager/saas/introduction-guide/overview/entitlement-management/entitlements_categorizationrules.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\introduction-guide\overview\entitlement-management\index.md +Context: +- The schema with three dimensions would be a 3D cube. And you can imagine 4D or 5D hypercubes, etc. + +![Dimensions - 1D](/img/product_docs/identitymanager/saas/introduction-guide/overview/entitlement-management/entitlements_dimension1.webp) + +#### 1D +Original image link: ![Dimensions - 1D](/img/product_docs/identitymanager/saas/introduction-guide/overview/entitlement-management/entitlements_dimension1.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\introduction-guide\overview\entitlement-management\index.md +Context: +#### 1D + +![Dimensions - 2D](/img/product_docs/identitymanager/saas/introduction-guide/overview/entitlement-management/entitlements_dimension2.webp) + +#### 2D +Original image link: ![Dimensions - 2D](/img/product_docs/identitymanager/saas/introduction-guide/overview/entitlement-management/entitlements_dimension2.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\introduction-guide\overview\entitlement-management\index.md +Context: +#### 2D + +![Dimensions - 3D](/img/product_docs/identitymanager/saas/introduction-guide/overview/entitlement-management/entitlements_dimension3.webp) + +## Next Steps +Original image link: ![Dimensions - 3D](/img/product_docs/identitymanager/saas/introduction-guide/overview/entitlement-management/entitlements_dimension3.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\introduction-guide\overview\governance\index.md +Context: +knowledgeable users who can decide whether the assignment is warranted, such as security officers. + +![Non-Conforming Assignments](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/assignments-of-entitlements/governance_nonconforming.webp) + +A non-conforming assignment must be reviewed in Identity Manager by a knowledgeable user, and is +Original image link: ![Non-Conforming Assignments](/img/product_docs/identitymanager/saas/integration-guide/role-assignment/assignments-of-entitlements/governance_nonconforming.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\introduction-guide\overview\identity-management\index.md +Context: +the data necessary to manage all identities throughout their whole lifecycle. + +![Usercube's Repository](/img/product_docs/identitymanager/saas/introduction-guide/overview/identity-management/identities_repository.webp) + +Identity Manager's central repository acts as an intermediary between the systems that provide data, +Original image link: ![Usercube's Repository](/img/product_docs/identitymanager/saas/introduction-guide/overview/identity-management/identities_repository.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\introduction-guide\overview\identity-management\index.md +Context: +set of rules. The complexity becomes linear. + +![quadratic-linear-complexity](/img/product_docs/identitymanager/saas/introduction-guide/overview/identity-management/quadratic-linear-complexity.webp) + +## An Entity Relationship Model +Original image link: ![quadratic-linear-complexity](/img/product_docs/identitymanager/saas/introduction-guide/overview/identity-management/quadratic-linear-complexity.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\introduction-guide\overview\identity-management\index.md +Context: +> accounts from `SAB_User` could be related to groups from another entity `SAB_Group`. + +![Entity Type - Schema](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/entity-type-creation/entitytypecreation_schema.webp) + +These entities' instances are called resources in Identity Manager. A resource can be the digital +Original image link: ![Entity Type - Schema](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/entity-type-creation/entitytypecreation_schema.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\introduction-guide\overview\identity-management\index.md +Context: +Identity Manager can be configured with one connector for each managed system. + +![Connector Schema](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/connectorcreation_connectorschema.webp) + +For a given system, a connector contains: +Original image link: ![Connector Schema](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/connectorcreation_connectorschema.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\introduction-guide\overview\identity-management\index.md +Context: +an [extract, transform, load](https://en.wikipedia.org/wiki/Extract,_transform,_load) process. + +![Synchronization](/img/product_docs/identitymanager/saas/introduction-guide/overview/overview_synchronization.webp) + +> A typical example is the synchronization of the HR system's data to retrieve employees' personal +Original image link: ![Synchronization](/img/product_docs/identitymanager/saas/introduction-guide/overview/overview_synchronization.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\introduction-guide\overview\identity-management\index.md +Context: +something we will dig into later. + +![Provisioning](/img/product_docs/identitymanager/saas/introduction-guide/overview/overview_provisioning.webp) + +## Repository Updates +Original image link: ![Provisioning](/img/product_docs/identitymanager/saas/introduction-guide/overview/overview_provisioning.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\introduction-guide\overview\index.md +Context: +identity. + +![Synchronization](/img/product_docs/identitymanager/saas/introduction-guide/overview/overview_synchronization.webp) + +**This implies involving external systems.** +Original image link: ![Synchronization](/img/product_docs/identitymanager/saas/introduction-guide/overview/overview_synchronization.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\introduction-guide\overview\index.md +Context: +technology required for IGA-related data flows. + +![Connectors](/img/product_docs/identitymanager/saas/introduction-guide/overview/overview_connectors.webp) + +See more details on [ Identity Management ](/docs/identitymanager/6.2/introduction-guide/overview/identity-management/index.md) and connection between +Original image link: ![Connectors](/img/product_docs/identitymanager/saas/introduction-guide/overview/overview_connectors.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\introduction-guide\overview\index.md +Context: +rules. + +![Calculation](/img/product_docs/identitymanager/saas/introduction-guide/overview/overview_calculation.webp) + +--- +Original image link: ![Calculation](/img/product_docs/identitymanager/saas/introduction-guide/overview/overview_calculation.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\introduction-guide\overview\index.md +Context: +get their entitlements. + +![Provisioning](/img/product_docs/identitymanager/saas/introduction-guide/overview/overview_provisioning.webp) + +Furthermore, Identity Manager provides a few workflows for entitlement request or user data +Original image link: ![Provisioning](/img/product_docs/identitymanager/saas/introduction-guide/overview/overview_provisioning.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\administrate\access-certification\certification-campaign-execution\index.md +Context: + page. + + ![Home - Access Certification](/img/product_docs/identitymanager/saas/user-guide/administrate/access-certification/certification-campaign-execution/home_accesscertification_v523.webp) + + On this page, all assignments to be reviewed are listed. +Original image link: ![Home - Access Certification](/img/product_docs/identitymanager/saas/user-guide/administrate/access-certification/certification-campaign-execution/home_accesscertification_v523.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\administrate\access-certification\certification-campaign-execution\index.md +Context: + On this page, all assignments to be reviewed are listed. + + ![Access Certification](/img/product_docs/identitymanager/saas/user-guide/administrate/access-certification/certification-campaign-execution/certifcampaign_accesscertification_v602.webp) + + Each assignment can be commented by clicking on the corresponding icon. +Original image link: ![Access Certification](/img/product_docs/identitymanager/saas/user-guide/administrate/access-certification/certification-campaign-execution/certifcampaign_accesscertification_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\administrate\access-certification\certification-campaign-execution\index.md +Context: + Each assignment can be commented by clicking on the corresponding icon. + + ![Comment Icon](/img/product_docs/identitymanager/saas/user-guide/administrate/access-certification/certification-campaign-execution/certifcampaign_iconcomment_v522.svg) + +2. Choose one of the three possibilities to verify all assignments one by one: +Original image link: ![Comment Icon](/img/product_docs/identitymanager/saas/user-guide/administrate/access-certification/certification-campaign-execution/certifcampaign_iconcomment_v522.svg) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\administrate\access-certification\certification-campaign-execution\index.md +Context: + this entitlement carefully. + + ![Recommendation Icon](/img/product_docs/identitymanager/saas/user-guide/administrate/access-certification/certification-campaign-execution/certifcampaign_iconrecommendation_v522.svg) + + ![Discouragement Icon](/img/product_docs/identitymanager/saas/user-guide/administrate/access-certification/certification-campaign-execution/certifcampaign_icondiscouragement_v522.svg) +Original image link: ![Recommendation Icon](/img/product_docs/identitymanager/saas/user-guide/administrate/access-certification/certification-campaign-execution/certifcampaign_iconrecommendation_v522.svg) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\administrate\access-certification\certification-campaign-execution\index.md +Context: + ![Recommendation Icon](/img/product_docs/identitymanager/saas/user-guide/administrate/access-certification/certification-campaign-execution/certifcampaign_iconrecommendation_v522.svg) + + ![Discouragement Icon](/img/product_docs/identitymanager/saas/user-guide/administrate/access-certification/certification-campaign-execution/certifcampaign_icondiscouragement_v522.svg) + + - Either click on the approval icon to confirm that this entitlement is necessary for this +Original image link: ![Discouragement Icon](/img/product_docs/identitymanager/saas/user-guide/administrate/access-certification/certification-campaign-execution/certifcampaign_icondiscouragement_v522.svg) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\administrate\access-certification\certification-campaign-execution\index.md +Context: + identity. + + ![Approval Icon](/img/product_docs/identitymanager/saas/user-guide/administrate/access-certification/certification-campaign-execution/certifcampaign_iconapproval_v522.svg) + + - Or click on the decline icon to confirm that this entitlement is not necessary for this +Original image link: ![Approval Icon](/img/product_docs/identitymanager/saas/user-guide/administrate/access-certification/certification-campaign-execution/certifcampaign_iconapproval_v522.svg) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\administrate\access-certification\certification-campaign-execution\index.md +Context: + identity. + + ![Decline Icon](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/connection-creation/certifcampaign_icondecline_v522.svg) + + - Or click on the three dots icon to highlight that this entitlement is not part of your scope +Original image link: ![Decline Icon](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/connection-creation/certifcampaign_icondecline_v522.svg) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\administrate\access-certification\certification-campaign-execution\index.md +Context: + of responsibility and forward it to the adequate person. + + ![Forward Icon](/img/product_docs/identitymanager/saas/user-guide/administrate/access-certification/certification-campaign-execution/certifcampaign_iconforward_v522.svg) + +3. Click on **Confirm Decisions** on the left of the page. +Original image link: ![Forward Icon](/img/product_docs/identitymanager/saas/user-guide/administrate/access-certification/certification-campaign-execution/certifcampaign_iconforward_v522.svg) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\administrate\access-certification\certification-campaign-execution\index.md +Context: +Campaigns** button on the home page in the **Administration** section. + +![Home - Access Certification Campaigns](/img/product_docs/identitymanager/saas/user-guide/administrate/access-certification/certification-campaign-scheduling/home_accesscertificationcampaigns_v602.webp) + +![Campaigns Page](/img/product_docs/identitymanager/saas/user-guide/administrate/access-certification/certification-campaign-execution/certifcampaign_campaigns_v602.webp) +Original image link: ![Home - Access Certification Campaigns](/img/product_docs/identitymanager/saas/user-guide/administrate/access-certification/certification-campaign-scheduling/home_accesscertificationcampaigns_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\administrate\access-certification\certification-campaign-execution\index.md +Context: +![Home - Access Certification Campaigns](/img/product_docs/identitymanager/saas/user-guide/administrate/access-certification/certification-campaign-scheduling/home_accesscertificationcampaigns_v602.webp) + +![Campaigns Page](/img/product_docs/identitymanager/saas/user-guide/administrate/access-certification/certification-campaign-execution/certifcampaign_campaigns_v602.webp) + +### Get reports +Original image link: ![Campaigns Page](/img/product_docs/identitymanager/saas/user-guide/administrate/access-certification/certification-campaign-execution/certifcampaign_campaigns_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\administrate\access-certification\certification-campaign-execution\index.md +Context: +entitlement assignments to be reviewed, the corresponding reviewers and their decisions. + +![Report Example](/img/product_docs/identitymanager/saas/user-guide/administrate/access-certification/certification-campaign-execution/certifcampaign_decisions_v522.webp) + +### Send notifications +Original image link: ![Report Example](/img/product_docs/identitymanager/saas/user-guide/administrate/access-certification/certification-campaign-execution/certifcampaign_decisions_v522.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\administrate\access-certification\certification-campaign-execution\index.md +Context: +considered during the next provisioning job. + +![Apply Decisions](/img/product_docs/identitymanager/saas/user-guide/administrate/access-certification/certification-campaign-execution/certifcampaign_applydecisions_v602.webp) + +Original image link: ![Apply Decisions](/img/product_docs/identitymanager/saas/user-guide/administrate/access-certification/certification-campaign-execution/certifcampaign_applydecisions_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\administrate\access-certification\certification-campaign-scheduling\index.md +Context: +1. Click on **Access Certification Campaigns** in the **Administration** section on the home page. + + ![Home - Access Certification Campaigns](/img/product_docs/identitymanager/saas/user-guide/administrate/access-certification/certification-campaign-scheduling/home_accesscertificationcampaigns_v602.webp) + +2. Click the addition button at the top right and fill in the fields: +Original image link: ![Home - Access Certification Campaigns](/img/product_docs/identitymanager/saas/user-guide/administrate/access-certification/certification-campaign-scheduling/home_accesscertificationcampaigns_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\administrate\access-certification\certification-campaign-scheduling\index.md +Context: +2. Click the addition button at the top right and fill in the fields: + + ![Addition Icon](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/classification/iconadd_v602.svg) + + ![New Certification Campaign](/img/product_docs/identitymanager/saas/user-guide/administrate/access-certification/certification-campaign-scheduling/certifcampaign_newcertificationcampaign_v602.webp) +Original image link: ![Addition Icon](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/classification/iconadd_v602.svg) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\administrate\access-certification\certification-campaign-scheduling\index.md +Context: + ![Addition Icon](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/classification/iconadd_v602.svg) + + ![New Certification Campaign](/img/product_docs/identitymanager/saas/user-guide/administrate/access-certification/certification-campaign-scheduling/certifcampaign_newcertificationcampaign_v602.webp) + + - `Identifier`: Must be unique among campaigns, without whitespace. +Original image link: ![New Certification Campaign](/img/product_docs/identitymanager/saas/user-guide/administrate/access-certification/certification-campaign-scheduling/certifcampaign_newcertificationcampaign_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\administrate\access-certification\certification-campaign-scheduling\index.md +Context: + campaign scope is a **union** of all specificities. + + ![Target Specificities](/img/product_docs/identitymanager/saas/user-guide/administrate/access-certification/certification-campaign-scheduling/certifcampaign_targetspecificities_v602.webp) + + The campaign targets permissions that meet the **intersection (AND)** of all filters. When +Original image link: ![Target Specificities](/img/product_docs/identitymanager/saas/user-guide/administrate/access-certification/certification-campaign-scheduling/certifcampaign_targetspecificities_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\administrate\access-certification\certification-campaign-scheduling\index.md +Context: + - `Target Owners`: Filters based on identity dimensions. These are combined using **AND** logic. + + ![Target Owner Filters](/img/product_docs/identitymanager/saas/user-guide/administrate/access-certification/certification-campaign-scheduling/certifcampaign_targetowners_v602.webp) + + Additional filters may be available depending on the selected entity type: +Original image link: ![Target Owner Filters](/img/product_docs/identitymanager/saas/user-guide/administrate/access-certification/certification-campaign-scheduling/certifcampaign_targetowners_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\administrate\access-certification\certification-campaign-scheduling\index.md +Context: + Additional filters may be available depending on the selected entity type: + + ![Target Owner Additional Filters](/img/product_docs/identitymanager/saas/user-guide/administrate/access-certification/certification-campaign-scheduling/certifcampaign_targetownersadditional_v603.webp) + + - `Individual Owner`: A single identity whose access will be certified. +Original image link: ![Target Owner Additional Filters](/img/product_docs/identitymanager/saas/user-guide/administrate/access-certification/certification-campaign-scheduling/certifcampaign_targetownersadditional_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\administrate\access-certification\certification-campaign-scheduling\index.md +Context: + > users: + > + > ![Campaign Example](/img/product_docs/identitymanager/saas/user-guide/administrate/access-certification/certification-campaign-scheduling/certifcampaign_example_v602.webp) + +3. Click **Create**. The campaign appears in the list. +Original image link: ![Campaign Example](/img/product_docs/identitymanager/saas/user-guide/administrate/access-certification/certification-campaign-scheduling/certifcampaign_example_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\administrate\access-certification\certification-campaign-scheduling\index.md +Context: +3. Click **Create**. The campaign appears in the list. + + ![Campaigns Page](/img/product_docs/identitymanager/saas/user-guide/administrate/access-certification/certification-campaign-scheduling/certifcampaign_newlycreated_v603.webp) + +4. Click **Launch** to apply the changes and start the certification job. +Original image link: ![Campaigns Page](/img/product_docs/identitymanager/saas/user-guide/administrate/access-certification/certification-campaign-scheduling/certifcampaign_newlycreated_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\administrate\access-certification\certification-campaign-scheduling\index.md +Context: + > Example: + > + > ![Execute Access Reviews Job](/img/product_docs/identitymanager/saas/user-guide/administrate/access-certification/certification-campaign-scheduling/certifcampaign_job_v522.webp) + +## Impact of Modifications +Original image link: ![Execute Access Reviews Job](/img/product_docs/identitymanager/saas/user-guide/administrate/access-certification/certification-campaign-scheduling/certifcampaign_job_v522.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\administrate\assigned-roles\index.md +Context: +Review the Assigned Roles by proceeding as follows: + +![assignedroles](/img/product_docs/identitymanager/saas/user-guide/administrate/assigned-roles/assignedroles.webp) + +**Step 1 –** On the home page, in the Administration section of the UI click on Assigned Roles. +Original image link: ![assignedroles](/img/product_docs/identitymanager/saas/user-guide/administrate/assigned-roles/assignedroles.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\administrate\assigned-roles\index.md +Context: +**Step 1 –** On the home page, in the Administration section of the UI click on Assigned Roles. + +![assignedrolesscreen](/img/product_docs/identitymanager/saas/user-guide/administrate/assigned-roles/assignedrolesscreen.webp) + +**Step 2 –** View the list of users with different assigned roles and filter them by **Entity +Original image link: ![assignedrolesscreen](/img/product_docs/identitymanager/saas/user-guide/administrate/assigned-roles/assignedrolesscreen.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\administrate\manual-assignment-request\index.md +Context: +1. Access the user directory from the home page. + + ![Home Page - Directory User](/img/product_docs/identitymanager/saas/user-guide/set-up/configure-workflows/home_directoryuser_v523.webp) + +2. Click on the user to be checked. +Original image link: ![Home Page - Directory User](/img/product_docs/identitymanager/saas/user-guide/set-up/configure-workflows/home_directoryuser_v523.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\administrate\manual-assignment-request\index.md +Context: +2. Click on the user to be checked. + + ![Workflow - User](/img/product_docs/identitymanager/saas/user-guide/administrate/manual-assignment-request/datamodif_user_v602.webp) + +3. Click on **View Permissions** to access the entitlement list. +Original image link: ![Workflow - User](/img/product_docs/identitymanager/saas/user-guide/administrate/manual-assignment-request/datamodif_user_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\administrate\manual-assignment-request\index.md +Context: +3. Click on **View Permissions** to access the entitlement list. + + ![View Permissions Tab](/img/product_docs/identitymanager/saas/user-guide/set-up/provisioning-rule-creation/resource-creation/viewpermissions_v602.webp) + +## Modify Identity's Entitlements +Original image link: ![View Permissions Tab](/img/product_docs/identitymanager/saas/user-guide/set-up/provisioning-rule-creation/resource-creation/viewpermissions_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\administrate\manual-assignment-request\index.md +Context: + request. + + ![Workflow - Modify Permissions](/img/product_docs/identitymanager/saas/user-guide/administrate/manual-assignment-request/datamodif_changeuser_v602.webp) + +4. Follow the workflow's instructions to select entitlements and the action to be performed. You +Original image link: ![Workflow - Modify Permissions](/img/product_docs/identitymanager/saas/user-guide/administrate/manual-assignment-request/datamodif_changeuser_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\administrate\non-conforming-assignment-review\property-reconciliation\index.md +Context: +> the **Resource Reconciliation** screen: +> +> ![Example - Role Reconciliation](/img/product_docs/identitymanager/saas/user-guide/administrate/non-conforming-assignment-review/property-reconciliation/reviewrole_examplerole_v602.webp) +> +> ![Example - Resource Reconciliation](/img/product_docs/identitymanager/saas/user-guide/administrate/non-conforming-assignment-review/property-reconciliation/reviewrole_exampleresource_v602.webp) +Original image link: ![Example - Role Reconciliation](/img/product_docs/identitymanager/saas/user-guide/administrate/non-conforming-assignment-review/property-reconciliation/reviewrole_examplerole_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\administrate\non-conforming-assignment-review\property-reconciliation\index.md +Context: +> ![Example - Role Reconciliation](/img/product_docs/identitymanager/saas/user-guide/administrate/non-conforming-assignment-review/property-reconciliation/reviewrole_examplerole_v602.webp) +> +> ![Example - Resource Reconciliation](/img/product_docs/identitymanager/saas/user-guide/administrate/non-conforming-assignment-review/property-reconciliation/reviewrole_exampleresource_v602.webp) +> +> ![Example - Resource Reconciliation - Properties](/img/product_docs/identitymanager/saas/user-guide/administrate/non-conforming-assignment-review/property-reconciliation/reviewrole_exampleresourceprop_v602.webp) +Original image link: ![Example - Resource Reconciliation](/img/product_docs/identitymanager/saas/user-guide/administrate/non-conforming-assignment-review/property-reconciliation/reviewrole_exampleresource_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\administrate\non-conforming-assignment-review\property-reconciliation\index.md +Context: +> ![Example - Resource Reconciliation](/img/product_docs/identitymanager/saas/user-guide/administrate/non-conforming-assignment-review/property-reconciliation/reviewrole_exampleresource_v602.webp) +> +> ![Example - Resource Reconciliation - Properties](/img/product_docs/identitymanager/saas/user-guide/administrate/non-conforming-assignment-review/property-reconciliation/reviewrole_exampleresourceprop_v602.webp) + +## Participants and Artifacts +Original image link: ![Example - Resource Reconciliation - Properties](/img/product_docs/identitymanager/saas/user-guide/administrate/non-conforming-assignment-review/property-reconciliation/reviewrole_exampleresourceprop_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\administrate\non-conforming-assignment-review\property-reconciliation\index.md +Context: + complete job on the **Job Execution** page� + + ![Home Page - Job Execution](/img/product_docs/identitymanager/saas/user-guide/set-up/synchronization/home_jobexecution_v602.webp) + + � Or through the connector's overview page, **Jobs** > **Compute Role Model**. +Original image link: ![Home Page - Job Execution](/img/product_docs/identitymanager/saas/user-guide/set-up/synchronization/home_jobexecution_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\administrate\non-conforming-assignment-review\property-reconciliation\index.md +Context: + � Or through the connector's overview page, **Jobs** > **Compute Role Model**. + + ![Resource Type Jobs](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/classification/synchro_resourcetype_v602.webp) + +2. Get to the **Resource Reconciliation** page, accessible from the corresponding section on the +Original image link: ![Resource Type Jobs](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/classification/synchro_resourcetype_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\administrate\non-conforming-assignment-review\property-reconciliation\index.md +Context: + home page. + + ![Home Page - Resource Reconciliation](/img/product_docs/identitymanager/saas/user-guide/administrate/orphan-unused-account-review/home_resourcereconciliation_v523.webp) + +3. Select `Unreconciled properties` as a `Workflow State`. +Original image link: ![Home Page - Resource Reconciliation](/img/product_docs/identitymanager/saas/user-guide/administrate/orphan-unused-account-review/home_resourcereconciliation_v523.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\administrate\non-conforming-assignment-review\property-reconciliation\index.md +Context: +3. Select `Unreconciled properties` as a `Workflow State`. + + ![Unreconciled Property](/img/product_docs/identitymanager/saas/user-guide/administrate/non-conforming-assignment-review/property-reconciliation/reviewprop_unreconciled_v522.webp) + +4. Choose the default resource view or the property view with the top right toggle. See the +Original image link: ![Unreconciled Property](/img/product_docs/identitymanager/saas/user-guide/administrate/non-conforming-assignment-review/property-reconciliation/reviewprop_unreconciled_v522.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\administrate\non-conforming-assignment-review\property-reconciliation\index.md +Context: + > Verified** frame, there is one unreconciled property that happens to be `Group`. + > + > ![Unreconciled Property Example](/img/product_docs/identitymanager/saas/user-guide/administrate/non-conforming-assignment-review/property-reconciliation/reviewprop_example_v602.webp) + + - `Name`: unreconciled property name. +Original image link: ![Unreconciled Property Example](/img/product_docs/identitymanager/saas/user-guide/administrate/non-conforming-assignment-review/property-reconciliation/reviewprop_example_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\administrate\non-conforming-assignment-review\property-reconciliation\index.md +Context: + the whole property history. + + ![Addition Icon](/img/product_docs/identitymanager/saas/user-guide/administrate/provisioning/provisioning-review/provmanual_iconapprove_v602.svg) + + ![Edition Icon](/img/product_docs/identitymanager/saas/user-guide/administrate/provisioning/provisioning-review/provmanual_iconedit_v602.svg) +Original image link: ![Addition Icon](/img/product_docs/identitymanager/saas/user-guide/administrate/provisioning/provisioning-review/provmanual_iconapprove_v602.svg) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\administrate\non-conforming-assignment-review\property-reconciliation\index.md +Context: + ![Addition Icon](/img/product_docs/identitymanager/saas/user-guide/administrate/provisioning/provisioning-review/provmanual_iconapprove_v602.svg) + + ![Edition Icon](/img/product_docs/identitymanager/saas/user-guide/administrate/provisioning/provisioning-review/provmanual_iconedit_v602.svg) + + ![Deletion Icon](/img/product_docs/identitymanager/saas/user-guide/administrate/provisioning/provisioning-review/reviewrole_icondelete_v602.svg) +Original image link: ![Edition Icon](/img/product_docs/identitymanager/saas/user-guide/administrate/provisioning/provisioning-review/provmanual_iconedit_v602.svg) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\administrate\non-conforming-assignment-review\property-reconciliation\index.md +Context: + ![Edition Icon](/img/product_docs/identitymanager/saas/user-guide/administrate/provisioning/provisioning-review/provmanual_iconedit_v602.svg) + + ![Deletion Icon](/img/product_docs/identitymanager/saas/user-guide/administrate/provisioning/provisioning-review/reviewrole_icondelete_v602.svg) + + Automatic changes are essential for frequently-changing attributes. However, saving history +Original image link: ![Deletion Icon](/img/product_docs/identitymanager/saas/user-guide/administrate/provisioning/provisioning-review/reviewrole_icondelete_v602.svg) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\administrate\non-conforming-assignment-review\property-reconciliation\index.md +Context: + future, this property will no longer be changed automatically. + + ![Decline Icon](/img/product_docs/identitymanager/saas/user-guide/administrate/provisioning/provisioning-review/provmanual_icondecline_v522.svg) + + Retaining manual control of changes for sensitive data (i.e. `SAMAccountName`) can be of +Original image link: ![Decline Icon](/img/product_docs/identitymanager/saas/user-guide/administrate/provisioning/provisioning-review/provmanual_icondecline_v522.svg) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\administrate\non-conforming-assignment-review\property-reconciliation\index.md +Context: + by Identity Manager, and therefore cannot be modified. + + ![Postponement Icon](/img/product_docs/identitymanager/saas/user-guide/administrate/provisioning/provisioning-review/provmanual_iconpostpone_v522.svg) + +7. Click on **Confirm Property Values**. +Original image link: ![Postponement Icon](/img/product_docs/identitymanager/saas/user-guide/administrate/provisioning/provisioning-review/provmanual_iconpostpone_v522.svg) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\administrate\non-conforming-assignment-review\property-reconciliation\index.md +Context: +and then access the list of all unreconciled properties for said resource. + +![Resource View](/img/product_docs/identitymanager/saas/user-guide/administrate/orphan-unused-account-review/orphan_resourceview_v523.webp) + +It can be helpful to have the non-conforming assignments regrouped by property, as some of the +Original image link: ![Resource View](/img/product_docs/identitymanager/saas/user-guide/administrate/orphan-unused-account-review/orphan_resourceview_v523.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\administrate\non-conforming-assignment-review\property-reconciliation\index.md +Context: +resource type and property. + +![Property View](/img/product_docs/identitymanager/saas/user-guide/administrate/orphan-unused-account-review/orphan_propertyview_v603.webp) + +The review process is the same with both views. However with property view, reviewers don't click on +Original image link: ![Property View](/img/product_docs/identitymanager/saas/user-guide/administrate/orphan-unused-account-review/orphan_propertyview_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\administrate\non-conforming-assignment-review\property-reconciliation\index.md +Context: +the current values for several resources simultaneously. + +![Bulk Reconcile](/img/product_docs/identitymanager/saas/user-guide/administrate/orphan-unused-account-review/orphan_bulkreconcile_v603.webp) + +## Verify Property Reconciliation +Original image link: ![Bulk Reconcile](/img/product_docs/identitymanager/saas/user-guide/administrate/orphan-unused-account-review/orphan_bulkreconcile_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\administrate\non-conforming-assignment-review\role-reconciliation\index.md +Context: +> the **Resource Reconciliation** screen: +> +> ![Example - Role Reconciliation](/img/product_docs/identitymanager/saas/user-guide/administrate/non-conforming-assignment-review/property-reconciliation/reviewrole_examplerole_v602.webp) +> +> ![Example - Resource Reconciliation](/img/product_docs/identitymanager/saas/user-guide/administrate/non-conforming-assignment-review/property-reconciliation/reviewrole_exampleresource_v602.webp) +Original image link: ![Example - Role Reconciliation](/img/product_docs/identitymanager/saas/user-guide/administrate/non-conforming-assignment-review/property-reconciliation/reviewrole_examplerole_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\administrate\non-conforming-assignment-review\role-reconciliation\index.md +Context: +> ![Example - Role Reconciliation](/img/product_docs/identitymanager/saas/user-guide/administrate/non-conforming-assignment-review/property-reconciliation/reviewrole_examplerole_v602.webp) +> +> ![Example - Resource Reconciliation](/img/product_docs/identitymanager/saas/user-guide/administrate/non-conforming-assignment-review/property-reconciliation/reviewrole_exampleresource_v602.webp) +> +> ![Example - Resource Reconciliation - Properties](/img/product_docs/identitymanager/saas/user-guide/administrate/non-conforming-assignment-review/property-reconciliation/reviewrole_exampleresourceprop_v602.webp) +Original image link: ![Example - Resource Reconciliation](/img/product_docs/identitymanager/saas/user-guide/administrate/non-conforming-assignment-review/property-reconciliation/reviewrole_exampleresource_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\administrate\non-conforming-assignment-review\role-reconciliation\index.md +Context: +> ![Example - Resource Reconciliation](/img/product_docs/identitymanager/saas/user-guide/administrate/non-conforming-assignment-review/property-reconciliation/reviewrole_exampleresource_v602.webp) +> +> ![Example - Resource Reconciliation - Properties](/img/product_docs/identitymanager/saas/user-guide/administrate/non-conforming-assignment-review/property-reconciliation/reviewrole_exampleresourceprop_v602.webp) + +## Participants and Artifacts +Original image link: ![Example - Resource Reconciliation - Properties](/img/product_docs/identitymanager/saas/user-guide/administrate/non-conforming-assignment-review/property-reconciliation/reviewrole_exampleresourceprop_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\administrate\non-conforming-assignment-review\role-reconciliation\index.md +Context: + was launched recently, through the complete job on the **Job Execution** page + + ![Home Page - Job Execution](/img/product_docs/identitymanager/saas/user-guide/set-up/synchronization/home_jobexecution_v602.webp) + + � Or through the connector's overview page, **Jobs** > **Compute Role Model**. +Original image link: ![Home Page - Job Execution](/img/product_docs/identitymanager/saas/user-guide/set-up/synchronization/home_jobexecution_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\administrate\non-conforming-assignment-review\role-reconciliation\index.md +Context: + � Or through the connector's overview page, **Jobs** > **Compute Role Model**. + + ![Resource Type Jobs](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/classification/synchro_resourcetype_v602.webp) + +2. On the home page, click on the entity type that you want to manage in the **Role Reconciliation** +Original image link: ![Resource Type Jobs](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/classification/synchro_resourcetype_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\administrate\non-conforming-assignment-review\role-reconciliation\index.md +Context: + section, to get to the non-conforming permissions page. + + ![Home Page - Role Reconciliation](/img/product_docs/identitymanager/saas/user-guide/administrate/non-conforming-assignment-review/role-reconciliation/home_rolereconciliation_v523.webp) + + ![Role Reconciliation Page](/img/product_docs/identitymanager/saas/user-guide/administrate/non-conforming-assignment-review/role-reconciliation/reviewrole_rolereconciliation_v603.webp) +Original image link: ![Home Page - Role Reconciliation](/img/product_docs/identitymanager/saas/user-guide/administrate/non-conforming-assignment-review/role-reconciliation/home_rolereconciliation_v523.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\administrate\non-conforming-assignment-review\role-reconciliation\index.md +Context: + ![Home Page - Role Reconciliation](/img/product_docs/identitymanager/saas/user-guide/administrate/non-conforming-assignment-review/role-reconciliation/home_rolereconciliation_v523.webp) + + ![Role Reconciliation Page](/img/product_docs/identitymanager/saas/user-guide/administrate/non-conforming-assignment-review/role-reconciliation/reviewrole_rolereconciliation_v603.webp) + + Each non-conforming permission can be commented by clicking on the corresponding icon. +Original image link: ![Role Reconciliation Page](/img/product_docs/identitymanager/saas/user-guide/administrate/non-conforming-assignment-review/role-reconciliation/reviewrole_rolereconciliation_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\administrate\non-conforming-assignment-review\role-reconciliation\index.md +Context: + Each non-conforming permission can be commented by clicking on the corresponding icon. + + ![Comment Icon](/img/product_docs/identitymanager/saas/user-guide/administrate/access-certification/certification-campaign-execution/certifcampaign_iconcomment_v522.svg) + +3. Choose one of the two possibilities to verify the permission: +Original image link: ![Comment Icon](/img/product_docs/identitymanager/saas/user-guide/administrate/access-certification/certification-campaign-execution/certifcampaign_iconcomment_v522.svg) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\administrate\non-conforming-assignment-review\role-reconciliation\index.md +Context: + - Either click on the approval icon to keep the non-conforming permission. + + ![Approval Icon](/img/product_docs/identitymanager/saas/user-guide/administrate/non-conforming-assignment-review/role-reconciliation/orphan_iconapprove_v602.svg) + + - Or click on the decline icon to delete the non-conforming permission. +Original image link: ![Approval Icon](/img/product_docs/identitymanager/saas/user-guide/administrate/non-conforming-assignment-review/role-reconciliation/orphan_iconapprove_v602.svg) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\administrate\non-conforming-assignment-review\role-reconciliation\index.md +Context: + - Or click on the decline icon to delete the non-conforming permission. + + ![Decline Icon](/img/product_docs/identitymanager/saas/user-guide/administrate/non-conforming-assignment-review/role-reconciliation/orphan_icondecline_v522.svg) + +4. Trigger [provisioning](/docs/identitymanager/6.2/user-guide/administrate/provisioning/index.md) by launching, on the appropriate connector's +Original image link: ![Decline Icon](/img/product_docs/identitymanager/saas/user-guide/administrate/non-conforming-assignment-review/role-reconciliation/orphan_icondecline_v522.svg) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\administrate\non-conforming-assignment-review\role-reconciliation\index.md +Context: +Several roles can be reconciled simultaneously by clicking on **Bulk Reconcile Roles**. + +![Bulk Reconcile Roles](/img/product_docs/identitymanager/saas/user-guide/administrate/non-conforming-assignment-review/role-reconciliation/reviewrole_rolereconciliationbulk_v603.webp) + +## Verify Role Reconciliation +Original image link: ![Bulk Reconcile Roles](/img/product_docs/identitymanager/saas/user-guide/administrate/non-conforming-assignment-review/role-reconciliation/reviewrole_rolereconciliationbulk_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\administrate\non-conforming-assignment-review\role-reconciliation\index.md +Context: +user's **View Permissions** tab. + +![View Permissions Tab](/img/product_docs/identitymanager/saas/user-guide/set-up/provisioning-rule-creation/resource-creation/viewpermissions_v602.webp) + +Original image link: ![View Permissions Tab](/img/product_docs/identitymanager/saas/user-guide/set-up/provisioning-rule-creation/resource-creation/viewpermissions_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\administrate\non-conforming-assignment-review\unauthorized-account-review\index.md +Context: + was launched recently, through the complete job on the **Job Execution** page: + + ![Home Page - Job Execution](/img/product_docs/identitymanager/saas/user-guide/set-up/synchronization/home_jobexecution_v602.webp) + + Or through the connector's overview page, **Jobs** > **Compute Role Model**. +Original image link: ![Home Page - Job Execution](/img/product_docs/identitymanager/saas/user-guide/set-up/synchronization/home_jobexecution_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\administrate\non-conforming-assignment-review\unauthorized-account-review\index.md +Context: + Or through the connector's overview page, **Jobs** > **Compute Role Model**. + + ![Resource Type Jobs](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/classification/synchro_resourcetype_v602.webp) + +2. Get to the **Resource Reconciliation** page, accessible from the corresponding section on the +Original image link: ![Resource Type Jobs](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/classification/synchro_resourcetype_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\administrate\non-conforming-assignment-review\unauthorized-account-review\index.md +Context: + home page. + + ![Home Page - Resource Reconciliation](/img/product_docs/identitymanager/saas/user-guide/administrate/orphan-unused-account-review/home_resourcereconciliation_v523.webp) + +3. Select `Unauthorized account` as the `Workflow State`. Orphaned accounts appear with no owner. +Original image link: ![Home Page - Resource Reconciliation](/img/product_docs/identitymanager/saas/user-guide/administrate/orphan-unused-account-review/home_resourcereconciliation_v523.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\administrate\non-conforming-assignment-review\unauthorized-account-review\index.md +Context: +3. Select `Unauthorized account` as the `Workflow State`. Orphaned accounts appear with no owner. + + ![Resource Reconciliation Page](/img/product_docs/identitymanager/saas/user-guide/administrate/orphan-unused-account-review/unauth_unauthorizedaccounts_v602.webp) + +4. Choose the default resource view or the Review an Unauthorized Account with the top right toggle. +Original image link: ![Resource Reconciliation Page](/img/product_docs/identitymanager/saas/user-guide/administrate/orphan-unused-account-review/unauth_unauthorizedaccounts_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\administrate\non-conforming-assignment-review\unauthorized-account-review\index.md +Context: + rate. + + ![Select Decision](/img/product_docs/identitymanager/saas/user-guide/administrate/non-conforming-assignment-review/unauthorized-account-review/unauth_reviewunauthorized_v602.webp) + + The displayed confidence rate means that a rule actually assigned the account to the identity, +Original image link: ![Select Decision](/img/product_docs/identitymanager/saas/user-guide/administrate/non-conforming-assignment-review/unauthorized-account-review/unauth_reviewunauthorized_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\administrate\non-conforming-assignment-review\unauthorized-account-review\index.md +Context: + [ Reconcile a Property ](/docs/identitymanager/6.2/user-guide/administrate/non-conforming-assignment-review/property-reconciliation/index.md) topic for additional information. + + ![Edit Button](/img/product_docs/identitymanager/saas/user-guide/administrate/non-conforming-assignment-review/unauthorized-account-review/unauth_updateprop_v522.webp) + +6. Select the appropriate decision. +Original image link: ![Edit Button](/img/product_docs/identitymanager/saas/user-guide/administrate/non-conforming-assignment-review/unauthorized-account-review/unauth_updateprop_v522.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\administrate\non-conforming-assignment-review\unauthorized-account-review\index.md +Context: +and then access the list of all unreconciled properties for said resource. + +![Resource View](/img/product_docs/identitymanager/saas/user-guide/administrate/orphan-unused-account-review/orphan_resourceview_v523.webp) + +It can be helpful to have the non-conforming assignments regrouped by property, as some of the +Original image link: ![Resource View](/img/product_docs/identitymanager/saas/user-guide/administrate/orphan-unused-account-review/orphan_resourceview_v523.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\administrate\non-conforming-assignment-review\unauthorized-account-review\index.md +Context: +resource type and property. + +![Property View](/img/product_docs/identitymanager/saas/user-guide/administrate/orphan-unused-account-review/orphan_propertyview_v603.webp) + +The review process is the same with both views. However with property view, reviewers don't click on +Original image link: ![Property View](/img/product_docs/identitymanager/saas/user-guide/administrate/orphan-unused-account-review/orphan_propertyview_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\administrate\non-conforming-assignment-review\unauthorized-account-review\index.md +Context: +the current values for several resources simultaneously. + +![Bulk Reconcile](/img/product_docs/identitymanager/saas/user-guide/administrate/orphan-unused-account-review/orphan_bulkreconcile_v603.webp) + +Bulk keeping non-authorized accounts, by clicking on **Bulk Reconcile** then **Approve Current +Original image link: ![Bulk Reconcile](/img/product_docs/identitymanager/saas/user-guide/administrate/orphan-unused-account-review/orphan_bulkreconcile_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\administrate\non-conforming-assignment-review\unauthorized-account-review\index.md +Context: +user's **View Permissions** tab. + +![View Permissions Tab](/img/product_docs/identitymanager/saas/user-guide/set-up/provisioning-rule-creation/resource-creation/viewpermissions_v602.webp) + +Original image link: ![View Permissions Tab](/img/product_docs/identitymanager/saas/user-guide/set-up/provisioning-rule-creation/resource-creation/viewpermissions_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\administrate\orphan-unused-account-review\index.md +Context: +through the menu items on the left of the home page, in the **Connectors** section. + +![Home - Entity Types](/img/product_docs/identitymanager/saas/user-guide/set-up/synchronization/home_entitytypes_v602.webp) + +These entity type pages can be configured via XML to customize all displayed columns and available +Original image link: ![Home - Entity Types](/img/product_docs/identitymanager/saas/user-guide/set-up/synchronization/home_entitytypes_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\administrate\orphan-unused-account-review\index.md +Context: +additional information on customization. + +![Owner / Resource Type Column](/img/product_docs/identitymanager/saas/user-guide/administrate/reporting/orphan_entitytype_v523.webp) + +In the **Orphan** field, select **Yes** to see all existing resources without an owner. +Original image link: ![Owner / Resource Type Column](/img/product_docs/identitymanager/saas/user-guide/administrate/reporting/orphan_entitytype_v523.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\administrate\orphan-unused-account-review\index.md +Context: +displaying this property alongside users' **EmployeeId**. + +![Query of Unused Accounts](/img/product_docs/identitymanager/saas/user-guide/administrate/orphan-unused-account-review/orphan_unusedquery_v602.webp) + +## Participants and Artifacts +Original image link: ![Query of Unused Accounts](/img/product_docs/identitymanager/saas/user-guide/administrate/orphan-unused-account-review/orphan_unusedquery_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\administrate\orphan-unused-account-review\index.md +Context: +Review an orphaned account by proceeding as follows: + +![Home Page - Resource Reconciliation](/img/product_docs/identitymanager/saas/user-guide/administrate/orphan-unused-account-review/home_resourcereconciliation_v523.webp) + +**Step 1 –** Go to the **Resource Reconciliation** page, accessible from the corresponding section +Original image link: ![Home Page - Resource Reconciliation](/img/product_docs/identitymanager/saas/user-guide/administrate/orphan-unused-account-review/home_resourcereconciliation_v523.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\administrate\orphan-unused-account-review\index.md +Context: +on the home page. + +![Resource Reconciliation Page](/img/product_docs/identitymanager/saas/user-guide/administrate/orphan-unused-account-review/unauth_unauthorizedaccounts_v602.webp) + +**Step 2 –** Select **Unauthorized account** as the **Workflow State**. Orphaned accounts are those +Original image link: ![Resource Reconciliation Page](/img/product_docs/identitymanager/saas/user-guide/administrate/orphan-unused-account-review/unauth_unauthorizedaccounts_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\administrate\orphan-unused-account-review\index.md +Context: +**Step 4 –** Click on the line of an account without an owner. + +![Select Owner](/img/product_docs/identitymanager/saas/user-guide/administrate/orphan-unused-account-review/orphan_revieworphans_v602.webp) + +In the following example, the nominative AD account linked to the email address +Original image link: ![Select Owner](/img/product_docs/identitymanager/saas/user-guide/administrate/orphan-unused-account-review/orphan_revieworphans_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\administrate\orphan-unused-account-review\index.md +Context: +You can **Select owner** from the list by clicking on the check box. + +![Owners List](/img/product_docs/identitymanager/saas/user-guide/administrate/orphan-unused-account-review/orphan_revieworphans-owners_v602.webp) + +**Step 5 –** Answer the following questions in order to understand the situation. +Original image link: ![Owners List](/img/product_docs/identitymanager/saas/user-guide/administrate/orphan-unused-account-review/orphan_revieworphans-owners_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\administrate\orphan-unused-account-review\index.md +Context: +See the schema below this note. + +![Schema - Service Accounts](/img/product_docs/identitymanager/saas/user-guide/administrate/orphan-unused-account-review/orphan_serviceaccounts.webp) + +**Step 6 –** Select the appropriate owner or no owner at all, according to the previous analysis. +Original image link: ![Schema - Service Accounts](/img/product_docs/identitymanager/saas/user-guide/administrate/orphan-unused-account-review/orphan_serviceaccounts.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\administrate\orphan-unused-account-review\index.md +Context: +and then access the list of all unreconciled properties for said resource. + +![Resource View](/img/product_docs/identitymanager/saas/user-guide/administrate/orphan-unused-account-review/orphan_resourceview_v523.webp) + +It can be helpful to have the non-conforming assignments regrouped by property, as some of the +Original image link: ![Resource View](/img/product_docs/identitymanager/saas/user-guide/administrate/orphan-unused-account-review/orphan_resourceview_v523.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\administrate\orphan-unused-account-review\index.md +Context: +resource type and property. + +![Property View](/img/product_docs/identitymanager/saas/user-guide/administrate/orphan-unused-account-review/orphan_propertyview_v603.webp) + +The review process is the same with both views. However with property view, reviewers don't click on +Original image link: ![Property View](/img/product_docs/identitymanager/saas/user-guide/administrate/orphan-unused-account-review/orphan_propertyview_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\administrate\orphan-unused-account-review\index.md +Context: +a given line, but choose a decision directly on the left of the property line. + +![Bulk Reconcile](/img/product_docs/identitymanager/saas/user-guide/administrate/orphan-unused-account-review/orphan_bulkreconcile_v603.webp) + +In addition, using property view enables bulk reconciliation to approve the proposed values or keep +Original image link: ![Bulk Reconcile](/img/product_docs/identitymanager/saas/user-guide/administrate/orphan-unused-account-review/orphan_bulkreconcile_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\administrate\orphan-unused-account-review\index.md +Context: +**Resource Reconciliation** screen. + +![View Permissions Tab](/img/product_docs/identitymanager/saas/user-guide/set-up/provisioning-rule-creation/resource-creation/viewpermissions_v602.webp) + +In addition, if you reconciled an orphaned account with an owner, check the user's permissions to +Original image link: ![View Permissions Tab](/img/product_docs/identitymanager/saas/user-guide/set-up/provisioning-rule-creation/resource-creation/viewpermissions_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\administrate\provisioning\automatic-provisioning\index.md +Context: +assignment request goes through the following provisioning states: + +![Provisioning State Schema](/img/product_docs/identitymanager/saas/user-guide/administrate/provisioning/automatic-provisioning/provauto_states_v523.webp) + +## Participants and Artifacts +Original image link: ![Provisioning State Schema](/img/product_docs/identitymanager/saas/user-guide/administrate/provisioning/automatic-provisioning/provauto_states_v523.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\administrate\provisioning\automatic-provisioning\index.md +Context: +page. + +![Home Page - Job Execution](/img/product_docs/identitymanager/saas/user-guide/set-up/synchronization/home_jobexecution_v602.webp) + +## Verify Automated Provisioning +Original image link: ![Home Page - Job Execution](/img/product_docs/identitymanager/saas/user-guide/set-up/synchronization/home_jobexecution_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\administrate\provisioning\automatic-provisioning\index.md +Context: +1. Select a test user in the directory, accessible from the home page. + + ![Home Page - Directory User](/img/product_docs/identitymanager/saas/user-guide/set-up/configure-workflows/home_directoryuser_v523.webp) + +2. Follow the [ Request Entitlement Assignment ](/docs/identitymanager/6.2/user-guide/administrate/manual-assignment-request/index.md)to make a +Original image link: ![Home Page - Directory User](/img/product_docs/identitymanager/saas/user-guide/set-up/configure-workflows/home_directoryuser_v523.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\administrate\provisioning\index.md +Context: +In order to verify the process: + +![Home Page - Directory User](/img/product_docs/identitymanager/saas/user-guide/set-up/configure-workflows/home_directoryuser_v523.webp) + +**Step 1 –** Select a test user in the directory, accessible from the home page. +Original image link: ![Home Page - Directory User](/img/product_docs/identitymanager/saas/user-guide/set-up/configure-workflows/home_directoryuser_v523.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\administrate\provisioning\index.md +Context: +which involves the type of provisioning that you want to test. + +![View Permissions Tab](/img/product_docs/identitymanager/saas/user-guide/set-up/provisioning-rule-creation/resource-creation/viewpermissions_v602.webp) + +**Step 3 –** Check the provisioning state of the requested entitlement at every step, in the user's +Original image link: ![View Permissions Tab](/img/product_docs/identitymanager/saas/user-guide/set-up/provisioning-rule-creation/resource-creation/viewpermissions_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\administrate\provisioning\index.md +Context: +**View Permissions** tab. + +![Provisioning State Schema](/img/product_docs/identitymanager/saas/user-guide/administrate/provisioning/prov_stateschema_v523.webp) + +Whether your provisioning workflows trigger provisioning review, or whether they trigger manual or +Original image link: ![Provisioning State Schema](/img/product_docs/identitymanager/saas/user-guide/administrate/provisioning/prov_stateschema_v523.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\administrate\provisioning\manual-provisioning\index.md +Context: +In its lifecycle, an assignment request goes through the following provisioning states: + +![Provisioning State Schema](/img/product_docs/identitymanager/saas/user-guide/administrate/provisioning/manual-provisioning/provmanual_states_v523.webp) + +## Participants and Artifacts +Original image link: ![Provisioning State Schema](/img/product_docs/identitymanager/saas/user-guide/administrate/provisioning/manual-provisioning/provmanual_states_v523.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\administrate\provisioning\manual-provisioning\index.md +Context: + (or the provisioning review, if any), through the complete job in the **Job Execution** page. + + ![Home Page - Job Execution](/img/product_docs/identitymanager/saas/user-guide/set-up/synchronization/home_jobexecution_v602.webp) + + ![Manual Provisioning Screen](/img/product_docs/identitymanager/saas/user-guide/administrate/provisioning/manual-provisioning/provmanual_page_v603.webp) +Original image link: ![Home Page - Job Execution](/img/product_docs/identitymanager/saas/user-guide/set-up/synchronization/home_jobexecution_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\administrate\provisioning\manual-provisioning\index.md +Context: + ![Home Page - Job Execution](/img/product_docs/identitymanager/saas/user-guide/set-up/synchronization/home_jobexecution_v602.webp) + + ![Manual Provisioning Screen](/img/product_docs/identitymanager/saas/user-guide/administrate/provisioning/manual-provisioning/provmanual_page_v603.webp) + +2. Access the manual provisioning orders page by clicking on the entity type that you want to manage +Original image link: ![Manual Provisioning Screen](/img/product_docs/identitymanager/saas/user-guide/administrate/provisioning/manual-provisioning/provmanual_page_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\administrate\provisioning\manual-provisioning\index.md +Context: + in the **Manual Provisioning** section. + + ![Home Page - Manual Provisioning](/img/product_docs/identitymanager/saas/user-guide/administrate/provisioning/manual-provisioning/home_manualprovisioning_v523.webp) + +3. Choose a line to handle the corresponding provisioning order. +Original image link: ![Home Page - Manual Provisioning](/img/product_docs/identitymanager/saas/user-guide/administrate/provisioning/manual-provisioning/home_manualprovisioning_v523.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\administrate\provisioning\manual-provisioning\index.md +Context: + (outside Identity Manager). + + ![Creation Provisioning Order](/img/product_docs/identitymanager/saas/user-guide/administrate/provisioning/manual-provisioning/provmanual_createresource_v522.webp) + + ![Creation Provisioning Order](/img/product_docs/identitymanager/saas/user-guide/administrate/provisioning/manual-provisioning/provmanual_editresource_v522.webp) +Original image link: ![Creation Provisioning Order](/img/product_docs/identitymanager/saas/user-guide/administrate/provisioning/manual-provisioning/provmanual_createresource_v522.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\administrate\provisioning\manual-provisioning\index.md +Context: + ![Creation Provisioning Order](/img/product_docs/identitymanager/saas/user-guide/administrate/provisioning/manual-provisioning/provmanual_createresource_v522.webp) + + ![Creation Provisioning Order](/img/product_docs/identitymanager/saas/user-guide/administrate/provisioning/manual-provisioning/provmanual_editresource_v522.webp) + +5. Choose to confirm or report an error. +Original image link: ![Creation Provisioning Order](/img/product_docs/identitymanager/saas/user-guide/administrate/provisioning/manual-provisioning/provmanual_editresource_v522.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\administrate\provisioning\manual-provisioning\index.md +Context: +Several orders can be provisioned simultaneously by clicking on **Bulk Provision**. + +![Bulk Provisioning](/img/product_docs/identitymanager/saas/user-guide/administrate/provisioning/manual-provisioning/provmanual_bulk_v603.webp) + +## Verify Manual Provisioning +Original image link: ![Bulk Provisioning](/img/product_docs/identitymanager/saas/user-guide/administrate/provisioning/manual-provisioning/provmanual_bulk_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\administrate\provisioning\manual-provisioning\index.md +Context: +1. Select a test user in the directory, accessible from the home page. + + ![Home Page - Directory User](/img/product_docs/identitymanager/saas/user-guide/set-up/configure-workflows/home_directoryuser_v523.webp) + +2. Follow the [ Request Entitlement Assignment ](/docs/identitymanager/6.2/user-guide/administrate/manual-assignment-request/index.md) to make a +Original image link: ![Home Page - Directory User](/img/product_docs/identitymanager/saas/user-guide/set-up/configure-workflows/home_directoryuser_v523.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\administrate\provisioning\manual-provisioning\index.md +Context: + every step, in the user's **View Permissions** tab. + +![View Permissions Tab](/img/product_docs/identitymanager/saas/user-guide/set-up/provisioning-rule-creation/resource-creation/viewpermissions_v602.webp) + +4. Check in your managed system that the change was effectively made. +Original image link: ![View Permissions Tab](/img/product_docs/identitymanager/saas/user-guide/set-up/provisioning-rule-creation/resource-creation/viewpermissions_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\administrate\provisioning\provisioning-review\index.md +Context: +the request is issued and when provisioning orders are computed: + +![Provisioning State Schema](/img/product_docs/identitymanager/saas/user-guide/administrate/provisioning/provisioning-review/provreview_states_v523.webp) + +## Participants and Artifacts +Original image link: ![Provisioning State Schema](/img/product_docs/identitymanager/saas/user-guide/administrate/provisioning/provisioning-review/provreview_states_v523.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\administrate\provisioning\provisioning-review\index.md +Context: + section. + + ![Home Page - Provisioning Review](/img/product_docs/identitymanager/saas/user-guide/administrate/provisioning/provisioning-review/home_provisioningreview_v523.webp) + + ![Provisioning Review](/img/product_docs/identitymanager/saas/user-guide/administrate/provisioning/provisioning-review/provmanual_provreview_v602.webp) +Original image link: ![Home Page - Provisioning Review](/img/product_docs/identitymanager/saas/user-guide/administrate/provisioning/provisioning-review/home_provisioningreview_v523.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\administrate\provisioning\provisioning-review\index.md +Context: + ![Home Page - Provisioning Review](/img/product_docs/identitymanager/saas/user-guide/administrate/provisioning/provisioning-review/home_provisioningreview_v523.webp) + + ![Provisioning Review](/img/product_docs/identitymanager/saas/user-guide/administrate/provisioning/provisioning-review/provmanual_provreview_v602.webp) + +2. Click on a line to access details and handle addition, association, update or deletion orders. +Original image link: ![Provisioning Review](/img/product_docs/identitymanager/saas/user-guide/administrate/provisioning/provisioning-review/provmanual_provreview_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\administrate\provisioning\provisioning-review\index.md +Context: + on the **Manual Provisioning** page. + + ![Fulfill Task](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/classification/synchro_resourcetype_v602.webp) + +### Handle an addition order +Original image link: ![Fulfill Task](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/classification/synchro_resourcetype_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\administrate\provisioning\provisioning-review\index.md +Context: +Identity Manager shows all the properties of the new resource to be created: + +![Addition Order Review](/img/product_docs/identitymanager/saas/user-guide/administrate/provisioning/provisioning-review/provmanual_reviewaddition_v602.webp) + +- `Proposed Value`: value proposed by Identity Manager. +Original image link: ![Addition Order Review](/img/product_docs/identitymanager/saas/user-guide/administrate/provisioning/provisioning-review/provmanual_reviewaddition_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\administrate\provisioning\provisioning-review\index.md +Context: + - Either click on the approval icon to order the property creation with the proposed value. + + ![Addition - Approval Icon](/img/product_docs/identitymanager/saas/user-guide/administrate/provisioning/provisioning-review/provmanual_iconapprove_v602.svg) + + - Or click on the decline icon to refuse the property creation. +Original image link: ![Addition - Approval Icon](/img/product_docs/identitymanager/saas/user-guide/administrate/provisioning/provisioning-review/provmanual_iconapprove_v602.svg) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\administrate\provisioning\provisioning-review\index.md +Context: + - Or click on the decline icon to refuse the property creation. + + ![Addition - Decline Icon](/img/product_docs/identitymanager/saas/user-guide/administrate/provisioning/provisioning-review/provmanual_icondecline_v522.svg) + + - Or click on the postponement icon to delay the decision. +Original image link: ![Addition - Decline Icon](/img/product_docs/identitymanager/saas/user-guide/administrate/provisioning/provisioning-review/provmanual_icondecline_v522.svg) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\administrate\provisioning\provisioning-review\index.md +Context: + - Or click on the postponement icon to delay the decision. + + ![Addition - Postponement Icon](/img/product_docs/identitymanager/saas/user-guide/administrate/provisioning/provisioning-review/provmanual_iconpostpone_v522.svg) + +2. Choose to confirm or ignore the creation. +Original image link: ![Addition - Postponement Icon](/img/product_docs/identitymanager/saas/user-guide/administrate/provisioning/provisioning-review/provmanual_iconpostpone_v522.svg) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\administrate\provisioning\provisioning-review\index.md +Context: +properties to be verified: + +![Association Order Review](/img/product_docs/identitymanager/saas/user-guide/administrate/provisioning/provisioning-review/provmanual_reviewassociation_v602.webp) + +- `Confidence rate of proposed resource`: rate expressing the confidence in this +Original image link: ![Association Order Review](/img/product_docs/identitymanager/saas/user-guide/administrate/provisioning/provisioning-review/provmanual_reviewassociation_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\administrate\provisioning\provisioning-review\index.md +Context: + - Either click on the approval icon to validate the proposed property value. + + ![Addition Icon](/img/product_docs/identitymanager/saas/user-guide/administrate/provisioning/provisioning-review/provmanual_iconapprove_v602.svg) + + ![Edition Icon](/img/product_docs/identitymanager/saas/user-guide/administrate/provisioning/provisioning-review/provmanual_iconedit_v602.svg) +Original image link: ![Addition Icon](/img/product_docs/identitymanager/saas/user-guide/administrate/provisioning/provisioning-review/provmanual_iconapprove_v602.svg) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\administrate\provisioning\provisioning-review\index.md +Context: + ![Addition Icon](/img/product_docs/identitymanager/saas/user-guide/administrate/provisioning/provisioning-review/provmanual_iconapprove_v602.svg) + + ![Edition Icon](/img/product_docs/identitymanager/saas/user-guide/administrate/provisioning/provisioning-review/provmanual_iconedit_v602.svg) + + ![Deletion Icon](/img/product_docs/identitymanager/saas/user-guide/administrate/provisioning/provisioning-review/reviewrole_icondelete_v602.svg) +Original image link: ![Edition Icon](/img/product_docs/identitymanager/saas/user-guide/administrate/provisioning/provisioning-review/provmanual_iconedit_v602.svg) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\administrate\provisioning\provisioning-review\index.md +Context: + ![Edition Icon](/img/product_docs/identitymanager/saas/user-guide/administrate/provisioning/provisioning-review/provmanual_iconedit_v602.svg) + + ![Deletion Icon](/img/product_docs/identitymanager/saas/user-guide/administrate/provisioning/provisioning-review/reviewrole_icondelete_v602.svg) + + - Or click on the decline icon to refuse the property association. +Original image link: ![Deletion Icon](/img/product_docs/identitymanager/saas/user-guide/administrate/provisioning/provisioning-review/reviewrole_icondelete_v602.svg) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\administrate\provisioning\provisioning-review\index.md +Context: +Identity Manager shows a given resource and all resource properties to be verified: + +![Edition Order Review](/img/product_docs/identitymanager/saas/user-guide/administrate/provisioning/provisioning-review/provmanual_reviewedition_v602.webp) + +- `Proposed Value`: value proposed by Identity Manager. +Original image link: ![Edition Order Review](/img/product_docs/identitymanager/saas/user-guide/administrate/provisioning/provisioning-review/provmanual_reviewedition_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\administrate\provisioning\provisioning-review\index.md +Context: + - Either click on the approval icon to order the property update with the proposed value. + + ![Edition - Addition Icon](/img/product_docs/identitymanager/saas/user-guide/administrate/provisioning/provisioning-review/provmanual_iconapprove_v602.svg) + + ![Edition Icon](/img/product_docs/identitymanager/saas/user-guide/administrate/provisioning/provisioning-review/provmanual_iconedit_v602.svg) +Original image link: ![Edition - Addition Icon](/img/product_docs/identitymanager/saas/user-guide/administrate/provisioning/provisioning-review/provmanual_iconapprove_v602.svg) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\administrate\provisioning\provisioning-review\index.md +Context: +Identity Manager shows a given owner and their resources to be deleted: + +![Deletion Order Review](/img/product_docs/identitymanager/saas/user-guide/administrate/provisioning/provisioning-review/provmanual_reviewdeletion_v602.webp) + +Handle a deletion order by choosing either to confirm the deletion or to keep the resource. +Original image link: ![Deletion Order Review](/img/product_docs/identitymanager/saas/user-guide/administrate/provisioning/provisioning-review/provmanual_reviewdeletion_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\administrate\provisioning\provisioning-review\index.md +Context: +then access the list of all provisioning orders for that resource. + +![Resource View](/img/product_docs/identitymanager/saas/user-guide/administrate/provisioning/provisioning-review/provreview_resourceview_v603.webp) + +In addition, using resource view enables bulk unblocking for provisioning orders with errors. +Original image link: ![Resource View](/img/product_docs/identitymanager/saas/user-guide/administrate/provisioning/provisioning-review/provreview_resourceview_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\administrate\provisioning\provisioning-review\index.md +Context: +In addition, using resource view enables bulk unblocking for provisioning orders with errors. + +![Bulk Unblock](/img/product_docs/identitymanager/saas/user-guide/administrate/provisioning/provisioning-review/provreview_bulkunblock_v603.webp) + +It can be helpful to have the provisioning orders regrouped by property, as some of the changes can +Original image link: ![Bulk Unblock](/img/product_docs/identitymanager/saas/user-guide/administrate/provisioning/provisioning-review/provreview_bulkunblock_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\administrate\provisioning\provisioning-review\index.md +Context: +resource type and property. + +![Property View](/img/product_docs/identitymanager/saas/user-guide/administrate/provisioning/provisioning-review/provreview_propertyview_v603.webp) + +The review process is similar on both views. However with property view, reviewers don't click on a +Original image link: ![Property View](/img/product_docs/identitymanager/saas/user-guide/administrate/provisioning/provisioning-review/provreview_propertyview_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\administrate\provisioning\provisioning-review\index.md +Context: +1. Select a test user in the directory, accessible from the home page. + + ![Home Page - Directory User](/img/product_docs/identitymanager/saas/user-guide/set-up/configure-workflows/home_directoryuser_v523.webp) + +2. Follow the [ Request Entitlement Assignment ](/docs/identitymanager/6.2/user-guide/administrate/manual-assignment-request/index.md) workflow +Original image link: ![Home Page - Directory User](/img/product_docs/identitymanager/saas/user-guide/set-up/configure-workflows/home_directoryuser_v523.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\administrate\provisioning\provisioning-review\index.md +Context: +3. Check that the provisioning state is `Pending` in the user's **View Permissions** tab. + + ![View Permissions Tab](/img/product_docs/identitymanager/saas/user-guide/set-up/provisioning-rule-creation/resource-creation/viewpermissions_v602.webp) + +4. Click on **Jobs** > **Fulfill** on the corresponding connector's overview page, in the **Resource +Original image link: ![View Permissions Tab](/img/product_docs/identitymanager/saas/user-guide/set-up/provisioning-rule-creation/resource-creation/viewpermissions_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\administrate\provisioning\provisioning-review\index.md +Context: + Types** frame, to execute the provisioning orders. + + ![Home Page - Job Execution](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/classification/synchro_resourcetype_v602.webp) + +5. The orders using automated provisioning should be automatically handled with their state +Original image link: ![Home Page - Job Execution](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/classification/synchro_resourcetype_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\administrate\provisioning\provisioning-review\index.md +Context: + Provisioning** page with their state switching to `Transmitted`. + +![Home Page - Manual Provisioning](/img/product_docs/identitymanager/saas/user-guide/administrate/provisioning/manual-provisioning/home_manualprovisioning_v523.webp) + +Original image link: ![Home Page - Manual Provisioning](/img/product_docs/identitymanager/saas/user-guide/administrate/provisioning/manual-provisioning/home_manualprovisioning_v523.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\administrate\reporting\index.md +Context: +- the list of entitlements for a given user in their **View Permissions** tab; + + ![View Permissions Tab](/img/product_docs/identitymanager/saas/user-guide/set-up/provisioning-rule-creation/resource-creation/viewpermissions_v602.webp) + +- the list of all requests that you are authorized to see in **Workflow Overview** accessible from +Original image link: ![View Permissions Tab](/img/product_docs/identitymanager/saas/user-guide/set-up/provisioning-rule-creation/resource-creation/viewpermissions_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\administrate\reporting\index.md +Context: + the home page in the **Administration** section; + + ![Home - Workflow Overview](/img/product_docs/identitymanager/saas/user-guide/administrate/reporting/home_workflowoverview_v602.webp) + +- the list of [Review Orphaned and Unused Accounts](/docs/identitymanager/6.2/user-guide/administrate/orphan-unused-account-review/index.md). +Original image link: ![Home - Workflow Overview](/img/product_docs/identitymanager/saas/user-guide/administrate/reporting/home_workflowoverview_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\administrate\reporting\index.md +Context: +- the list of [Review Orphaned and Unused Accounts](/docs/identitymanager/6.2/user-guide/administrate/orphan-unused-account-review/index.md). + + ![Orphaned Account List](/img/product_docs/identitymanager/saas/user-guide/administrate/reporting/orphan_entitytype_v523.webp) + +Identity Manager puts users in control of their reporting. Rich features help produce customizable +Original image link: ![Orphaned Account List](/img/product_docs/identitymanager/saas/user-guide/administrate/reporting/orphan_entitytype_v523.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\administrate\reporting\index.md +Context: +1. Click on **Reports** on the left of the home page to access the list of predefined reports. + + ![Home Page - Reports](/img/product_docs/identitymanager/saas/user-guide/administrate/reporting/home_reports_v602.webp) + + ![Reports](/img/product_docs/identitymanager/saas/user-guide/administrate/reporting/reporting_predefinedreports_v602.webp) +Original image link: ![Home Page - Reports](/img/product_docs/identitymanager/saas/user-guide/administrate/reporting/home_reports_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\administrate\reporting\index.md +Context: + ![Home Page - Reports](/img/product_docs/identitymanager/saas/user-guide/administrate/reporting/home_reports_v602.webp) + + ![Reports](/img/product_docs/identitymanager/saas/user-guide/administrate/reporting/reporting_predefinedreports_v602.webp) + +2. Choose the appropriate report and click on **Download** to get an Excel report. The +Original image link: ![Reports](/img/product_docs/identitymanager/saas/user-guide/administrate/reporting/reporting_predefinedreports_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\administrate\reporting\index.md +Context: +1. Click on **Query** in the **Administration** section on the home page. + + ![Home Page - Query](/img/product_docs/identitymanager/saas/user-guide/administrate/reporting/home_query_v602.webp) + + ![Query Page](/img/product_docs/identitymanager/saas/user-guide/administrate/reporting/reporting_querypage_v602.webp) +Original image link: ![Home Page - Query](/img/product_docs/identitymanager/saas/user-guide/administrate/reporting/home_query_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\administrate\reporting\index.md +Context: + ![Home Page - Query](/img/product_docs/identitymanager/saas/user-guide/administrate/reporting/home_query_v602.webp) + + ![Query Page](/img/product_docs/identitymanager/saas/user-guide/administrate/reporting/reporting_querypage_v602.webp) + +2. Choose a query model from among the list. +Original image link: ![Query Page](/img/product_docs/identitymanager/saas/user-guide/administrate/reporting/reporting_querypage_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\administrate\reporting\index.md +Context: + and click on **Confirm**. + + ![Fields to Display](/img/product_docs/identitymanager/saas/user-guide/administrate/reporting/reporting_fieldstodisplay_v522.webp) + + In cases where Identity Manager doesn't display correctly the information you need, you must try +Original image link: ![Fields to Display](/img/product_docs/identitymanager/saas/user-guide/administrate/reporting/reporting_fieldstodisplay_v522.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\administrate\reporting\index.md +Context: +4. Click on **Filters**, write the appropriate condition and click on **Confirm**. + + ![Filters](/img/product_docs/identitymanager/saas/user-guide/administrate/reporting/reporting_filters_v602.webp) + + For example, a report could list user names and identifiers but only those with their +Original image link: ![Filters](/img/product_docs/identitymanager/saas/user-guide/administrate/reporting/reporting_filters_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\deploy\change-management\index.md +Context: +Change management aims to support the teams throughout the human process. + +![Process of Change Management](/img/product_docs/identitymanager/saas/user-guide/deploy/change-management/changemanagement_process.webp) + +These processes include mandatory steps that all staff members have to go through, but not +Original image link: ![Process of Change Management](/img/product_docs/identitymanager/saas/user-guide/deploy/change-management/changemanagement_process.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\deploy\change-management\index.md +Context: +## Participants and Artifacts + +![Actors of Change Management](/img/product_docs/identitymanager/saas/user-guide/deploy/change-management/changemanagement_actors.webp) + +The aim of a Project Management Officer concerning critical stakeholders is to enable: +Original image link: ![Actors of Change Management](/img/product_docs/identitymanager/saas/user-guide/deploy/change-management/changemanagement_actors.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\deploy\change-management\index.md +Context: + vary enormously. + + ![Usual Populations](/img/product_docs/identitymanager/saas/user-guide/deploy/change-management/changemanagement_populations.webp) + +2. For all listed populations, estimate their size and the expected impact on them, through +Original image link: ![Usual Populations](/img/product_docs/identitymanager/saas/user-guide/deploy/change-management/changemanagement_populations.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\deploy\production-agent-installation\directory-permissions\index.md +Context: + the **Security** tab, click on **Advanced**. + + ![Working Directory Properties: Step 1](/img/product_docs/identitymanager/saas/user-guide/deploy/production-agent-installation/directory-permissions/prodagent_directoryproperties1.webp) + +2. In the **Permissions** tab, click on **Add**, and in the pop-up window click on **Select a +Original image link: ![Working Directory Properties: Step 1](/img/product_docs/identitymanager/saas/user-guide/deploy/production-agent-installation/directory-permissions/prodagent_directoryproperties1.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\deploy\production-agent-installation\directory-permissions\index.md +Context: + principal**. + + ![Working Directory Properties: Step 2](/img/product_docs/identitymanager/saas/user-guide/deploy/production-agent-installation/directory-permissions/prodagent_directoryproperties2.webp) + +3. Click on **Locations** to choose the current computer, and in the text area enter +Original image link: ![Working Directory Properties: Step 2](/img/product_docs/identitymanager/saas/user-guide/deploy/production-agent-installation/directory-permissions/prodagent_directoryproperties2.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\deploy\production-agent-installation\directory-permissions\index.md +Context: + `iis apppool/Usercube` (`Usercube` being the name of the previously created pool). + + ![Working Directory Properties: Step 3](/img/product_docs/identitymanager/saas/user-guide/deploy/production-agent-installation/directory-permissions/prodagent_directoryproperties3.webp) + + An error at this point should come either from a mistake in the pool's name or in the selected +Original image link: ![Working Directory Properties: Step 3](/img/product_docs/identitymanager/saas/user-guide/deploy/production-agent-installation/directory-permissions/prodagent_directoryproperties3.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\deploy\production-agent-installation\directory-permissions\index.md +Context: + **Read** permissions are selected. + + ![Working Directory Properties: Step 4](/img/product_docs/identitymanager/saas/user-guide/deploy/production-agent-installation/directory-permissions/prodagent_directoryproperties4.webp) + +5. Click on **OK** in the windows until they are all closed. +Original image link: ![Working Directory Properties: Step 4](/img/product_docs/identitymanager/saas/user-guide/deploy/production-agent-installation/directory-permissions/prodagent_directoryproperties4.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\deploy\production-agent-installation\directory-permissions\index.md +Context: + **Edit**. + + ![Temp Folder Properties: Step 1](/img/product_docs/identitymanager/saas/user-guide/deploy/production-agent-installation/directory-permissions/prodagent_foldersproperties1.webp) + +7. Select the user corresponding to the pool and give them `Full control`. +Original image link: ![Temp Folder Properties: Step 1](/img/product_docs/identitymanager/saas/user-guide/deploy/production-agent-installation/directory-permissions/prodagent_foldersproperties1.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\deploy\production-agent-installation\directory-permissions\index.md +Context: +7. Select the user corresponding to the pool and give them `Full control`. + + ![Temp Folder Properties: Step 2](/img/product_docs/identitymanager/saas/user-guide/deploy/production-agent-installation/directory-permissions/prodagent_foldersproperties2.webp) + +8. Click on **OK** in the windows until they are all closed. +Original image link: ![Temp Folder Properties: Step 2](/img/product_docs/identitymanager/saas/user-guide/deploy/production-agent-installation/directory-permissions/prodagent_foldersproperties2.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\deploy\production-agent-installation\iis-configuration\index.md +Context: + **Tools** menu. + + ![IIS: Step 1](/img/product_docs/identitymanager/saas/user-guide/deploy/production-agent-installation/iis-configuration/prodagent_iis1.webp) + +2. Right-click on **Application Pools** to add a new pool named `Usercube`. +Original image link: ![IIS: Step 1](/img/product_docs/identitymanager/saas/user-guide/deploy/production-agent-installation/iis-configuration/prodagent_iis1.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\deploy\production-agent-installation\iis-configuration\index.md +Context: +2. Right-click on **Application Pools** to add a new pool named `Usercube`. + + ![IIS: Step 2](/img/product_docs/identitymanager/saas/user-guide/deploy/production-agent-installation/iis-configuration/prodagent_iis2.webp) + +3. Right-click on **Sites** to add a new site named `Usercube`, make sure that the +Original image link: ![IIS: Step 2](/img/product_docs/identitymanager/saas/user-guide/deploy/production-agent-installation/iis-configuration/prodagent_iis2.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\deploy\production-agent-installation\iis-configuration\index.md +Context: + selected application pool is `Usercube` and set the `path` field to the `Runtime` folder. + + ![IIS: Step 3](/img/product_docs/identitymanager/saas/user-guide/deploy/production-agent-installation/iis-configuration/prodagent_iis3.webp) + +4. Right-click on the application pool to open its advanced settings and make sure that the +Original image link: ![IIS: Step 3](/img/product_docs/identitymanager/saas/user-guide/deploy/production-agent-installation/iis-configuration/prodagent_iis3.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\deploy\production-agent-installation\iis-configuration\index.md +Context: + following parameters are set as such: + + ![IIS: Step 4](/img/product_docs/identitymanager/saas/user-guide/deploy/production-agent-installation/iis-configuration/prodagent_iis4.webp) + + ![IIS: Step 5](/img/product_docs/identitymanager/saas/user-guide/deploy/production-agent-installation/iis-configuration/prodagent_iis5.webp) +Original image link: ![IIS: Step 4](/img/product_docs/identitymanager/saas/user-guide/deploy/production-agent-installation/iis-configuration/prodagent_iis4.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\deploy\production-agent-installation\iis-configuration\index.md +Context: + ![IIS: Step 4](/img/product_docs/identitymanager/saas/user-guide/deploy/production-agent-installation/iis-configuration/prodagent_iis4.webp) + + ![IIS: Step 5](/img/product_docs/identitymanager/saas/user-guide/deploy/production-agent-installation/iis-configuration/prodagent_iis5.webp) + +5. Make sure that IIS contains an SSL certificate, by accessing the home page of IIS server and +Original image link: ![IIS: Step 5](/img/product_docs/identitymanager/saas/user-guide/deploy/production-agent-installation/iis-configuration/prodagent_iis5.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\deploy\production-agent-installation\iis-configuration\index.md +Context: + If the certificate is not ready yet, generate an auto-signed certificate. + + ![IIS Server Certificate: Step 1](/img/product_docs/identitymanager/saas/user-guide/deploy/production-agent-installation/iis-configuration/prodagent_servercertificate1.webp) + + If the certificate is not there yet, import it by clicking on **Import** in the right-side menu, +Original image link: ![IIS Server Certificate: Step 1](/img/product_docs/identitymanager/saas/user-guide/deploy/production-agent-installation/iis-configuration/prodagent_servercertificate1.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\deploy\production-agent-installation\iis-configuration\index.md +Context: + and specify the certificate's path and password. + + ![IIS Server Certificate: Step 2](/img/product_docs/identitymanager/saas/user-guide/deploy/production-agent-installation/iis-configuration/prodagent_servercertificate2.webp) + +6. Add the certificate's URL to the site by right-clicking on the site, selecting **Edit Bindings** +Original image link: ![IIS Server Certificate: Step 2](/img/product_docs/identitymanager/saas/user-guide/deploy/production-agent-installation/iis-configuration/prodagent_servercertificate2.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\deploy\production-agent-installation\iis-configuration\index.md +Context: + URL (without the `https` part) as host name, and finally selecting the server certificate. + + ![IIS Server Certificate: Step 3](/img/product_docs/identitymanager/saas/user-guide/deploy/production-agent-installation/iis-configuration/prodagent_servercertificate3.webp) + + Click on **OK**. +Original image link: ![IIS Server Certificate: Step 3](/img/product_docs/identitymanager/saas/user-guide/deploy/production-agent-installation/iis-configuration/prodagent_servercertificate3.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\deploy\production-agent-installation\iis-installation\index.md +Context: +1. Open the Server Manager program and click on **Add roles and features**. + + ![Server Manager: Step 1](/img/product_docs/identitymanager/saas/user-guide/deploy/production-agent-installation/iis-installation/prodagent_servermanager1.webp) + +2. Click on **Next**, then in **Installation Type** make sure that **Role-based or feature-based +Original image link: ![Server Manager: Step 1](/img/product_docs/identitymanager/saas/user-guide/deploy/production-agent-installation/iis-installation/prodagent_servermanager1.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\deploy\production-agent-installation\iis-installation\index.md +Context: + installation** is selected and click on **Next**. + + ![Server Manager: Step 2](/img/product_docs/identitymanager/saas/user-guide/deploy/production-agent-installation/iis-installation/prodagent_servermanager2.webp) + +3. In **Server Selection** tick **Select a server from the server pool** and click on **Next**. +Original image link: ![Server Manager: Step 2](/img/product_docs/identitymanager/saas/user-guide/deploy/production-agent-installation/iis-installation/prodagent_servermanager2.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\deploy\production-agent-installation\iis-installation\index.md +Context: +3. In **Server Selection** tick **Select a server from the server pool** and click on **Next**. + + ![Server Manager: Step 3](/img/product_docs/identitymanager/saas/user-guide/deploy/production-agent-installation/iis-installation/prodagent_servermanager3.webp) + +4. In **Server Roles** tick **Web Server (IIS)**. +Original image link: ![Server Manager: Step 3](/img/product_docs/identitymanager/saas/user-guide/deploy/production-agent-installation/iis-installation/prodagent_servermanager3.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\deploy\production-agent-installation\iis-installation\index.md +Context: +4. In **Server Roles** tick **Web Server (IIS)**. + + ![Server Manager: Step 4](/img/product_docs/identitymanager/saas/user-guide/deploy/production-agent-installation/iis-installation/prodagent_servermanager4.webp) + +5. In **Features** select **Remote Server Administration Tools** > **Role Administration Tools** > +Original image link: ![Server Manager: Step 4](/img/product_docs/identitymanager/saas/user-guide/deploy/production-agent-installation/iis-installation/prodagent_servermanager4.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\deploy\production-agent-installation\iis-installation\index.md +Context: + **AD DA and AD LDS Tools** > **AD DS Tools** > **AD DS Snap-Ins and Command-Line Tools**. + + ![Server Manager: Step 5](/img/product_docs/identitymanager/saas/user-guide/deploy/production-agent-installation/iis-installation/prodagent_servermanager5.webp) + +6. In **Confirmation** click on **Install**. +Original image link: ![Server Manager: Step 5](/img/product_docs/identitymanager/saas/user-guide/deploy/production-agent-installation/iis-installation/prodagent_servermanager5.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\deploy\production-agent-installation\iis-installation\index.md +Context: +6. In **Confirmation** click on **Install**. + + ![Server Manager: Step 6](/img/product_docs/identitymanager/saas/user-guide/deploy/production-agent-installation/iis-installation/prodagent_servermanager6.webp) + +## Next Steps +Original image link: ![Server Manager: Step 6](/img/product_docs/identitymanager/saas/user-guide/deploy/production-agent-installation/iis-installation/prodagent_servermanager6.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\global-process\howto-maintaindirectory\index.md +Context: +## Overview + +![Process Schema - How to Implement a New System](/img/product_docs/identitymanager/saas/user-guide/global-process/howto-maintaindirectory/globalprocess_schemamaintain.webp) + +## Process Details +Original image link: ![Process Schema - How to Implement a New System](/img/product_docs/identitymanager/saas/user-guide/global-process/howto-maintaindirectory/globalprocess_schemamaintain.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\global-process\howto-newsystem\index.md +Context: +aware that you can go through the process options simultaneously. + +![Process Schema - How to Implement a New System](/img/product_docs/identitymanager/saas/user-guide/global-process/howto-newsystem/globalprocess_schemaconnectsyst.webp) + +## Process Details +Original image link: ![Process Schema - How to Implement a New System](/img/product_docs/identitymanager/saas/user-guide/global-process/howto-newsystem/globalprocess_schemaconnectsyst.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\global-process\howto-start\index.md +Context: +simultaneously. + +![Process Schema - How to Start with Usercube](/img/product_docs/identitymanager/saas/user-guide/global-process/howto-start/globalprocess_schemastart.webp) + +## Process Details +Original image link: ![Process Schema - How to Start with Usercube](/img/product_docs/identitymanager/saas/user-guide/global-process/howto-start/globalprocess_schemastart.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\maintain\identity-data-modification\individual-update\index.md +Context: +1. Access the user directory from the home page. + + ![Home Page - Directory User](/img/product_docs/identitymanager/saas/user-guide/set-up/configure-workflows/home_directoryuser_v523.webp) + +2. According to the type of the user to be declared, click on the corresponding button. +Original image link: ![Home Page - Directory User](/img/product_docs/identitymanager/saas/user-guide/set-up/configure-workflows/home_directoryuser_v523.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\maintain\identity-data-modification\individual-update\index.md +Context: +2. According to the type of the user to be declared, click on the corresponding button. + + ![Workflow - New User](/img/product_docs/identitymanager/saas/user-guide/maintain/identity-data-modification/individual-update/datamodif_newuser_v602.webp) + +3. Follow the workflow's instructions to fill the form with the user's data, choose the user's +Original image link: ![Workflow - New User](/img/product_docs/identitymanager/saas/user-guide/maintain/identity-data-modification/individual-update/datamodif_newuser_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\maintain\identity-data-modification\individual-update\index.md +Context: +2. Click on the user to be modified. + + ![Workflow - User](/img/product_docs/identitymanager/saas/user-guide/administrate/manual-assignment-request/datamodif_user_v602.webp) + +3. Click on **Actions** or **Helpdesk** to select the action to perform. +Original image link: ![Workflow - User](/img/product_docs/identitymanager/saas/user-guide/administrate/manual-assignment-request/datamodif_user_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\maintain\identity-data-modification\individual-update\index.md +Context: +3. Click on **Actions** or **Helpdesk** to select the action to perform. + + ![Workflow - Modify Permissions](/img/product_docs/identitymanager/saas/user-guide/administrate/manual-assignment-request/datamodif_changeuser_v602.webp) + +4. Follow the workflow's instructions. +Original image link: ![Workflow - Modify Permissions](/img/product_docs/identitymanager/saas/user-guide/administrate/manual-assignment-request/datamodif_changeuser_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\maintain\identity-data-modification\individual-update\index.md +Context: + will be displayed in Identity Manager only after the request has been reviewed. + + ![Request - Review Pending](/img/product_docs/identitymanager/saas/user-guide/maintain/identity-data-modification/individual-update/datamodif_reviewpending_v523.webp) + +## Verify Data Update +Original image link: ![Request - Review Pending](/img/product_docs/identitymanager/saas/user-guide/maintain/identity-data-modification/individual-update/datamodif_reviewpending_v523.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\maintain\identity-data-modification\mass-update\index.md +Context: + section. + + ![Home - Connectors](/img/product_docs/identitymanager/saas/user-guide/set-up/synchronization/home_connectors_v602.webp) + +2. On the connector's page, choose the connection corresponding to identities. +Original image link: ![Home - Connectors](/img/product_docs/identitymanager/saas/user-guide/set-up/synchronization/home_connectors_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\maintain\identity-data-modification\mass-update\index.md +Context: +3. In the connection's settings, download the Excel template full of the data from your database. + + ![Download Full Template](/img/product_docs/identitymanager/saas/user-guide/maintain/identity-data-modification/mass-update/datamodif_downloadtemplatedata_v602.webp) + +4. Update the data that needs change. +Original image link: ![Download Full Template](/img/product_docs/identitymanager/saas/user-guide/maintain/identity-data-modification/mass-update/datamodif_downloadtemplatedata_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\maintain\identity-data-modification\mass-update\index.md +Context: +6. Click on **Upload** and choose the file you modified with new data. + + ![Upload](/img/product_docs/identitymanager/saas/user-guide/maintain/identity-data-modification/mass-update/connection_upload_v602.webp) + +7. Click on **Check Connection** to verify the path. +Original image link: ![Upload](/img/product_docs/identitymanager/saas/user-guide/maintain/identity-data-modification/mass-update/connection_upload_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\maintain\identity-data-modification\mass-update\index.md +Context: +7. Click on **Check Connection** to verify the path. + + ![Check Connection](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/connection-creation/connectioncreation_checkconnection_v602.webp) + +8. Click on **Save & Close**. +Original image link: ![Check Connection](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/connection-creation/connectioncreation_checkconnection_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\maintain\identity-data-modification\mass-update\index.md +Context: +3. In the connection's settings, download the empty Excel template. + + ![Download Full Template](/img/product_docs/identitymanager/saas/user-guide/maintain/identity-data-modification/mass-update/datamodif_downloadtemplateempty_v602.webp) + +4. Fill only the data to be modified, specify the unique identifier for each entry (for correlation +Original image link: ![Download Full Template](/img/product_docs/identitymanager/saas/user-guide/maintain/identity-data-modification/mass-update/datamodif_downloadtemplateempty_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\maintain\identity-data-modification\mass-update\index.md +Context: + at least your own sheet and the sheets for your hierarchy. + + ![Home - Directory User](/img/product_docs/identitymanager/saas/user-guide/set-up/configure-workflows/home_directoryuser_v523.webp) + +- Check that every organization still has a manager. Organizations are accessible in the +Original image link: ![Home - Directory User](/img/product_docs/identitymanager/saas/user-guide/set-up/configure-workflows/home_directoryuser_v523.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\maintain\identity-data-modification\mass-update\index.md +Context: + `Department` directory accessible from the home page. + + ![Home - Directory Department](/img/product_docs/identitymanager/saas/user-guide/set-up/initial-identities-loading/load-identities/home_directorydepartment_v523.webp) + + ![List of Departments](/img/product_docs/identitymanager/saas/user-guide/set-up/initial-identities-loading/load-identities/initialload_departments_v602.webp) +Original image link: ![Home - Directory Department](/img/product_docs/identitymanager/saas/user-guide/set-up/initial-identities-loading/load-identities/home_directorydepartment_v523.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\maintain\identity-data-modification\mass-update\index.md +Context: + ![Home - Directory Department](/img/product_docs/identitymanager/saas/user-guide/set-up/initial-identities-loading/load-identities/home_directorydepartment_v523.webp) + + ![List of Departments](/img/product_docs/identitymanager/saas/user-guide/set-up/initial-identities-loading/load-identities/initialload_departments_v602.webp) + + If the system contains many organizations, then it is also possible to list them with their +Original image link: ![List of Departments](/img/product_docs/identitymanager/saas/user-guide/set-up/initial-identities-loading/load-identities/initialload_departments_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\maintain\identity-data-modification\multiple-update\index.md +Context: +1. Click on **Multiple Updates**, accessible from the directory on the home page. + + ![Home Page - Multiple Updates](/img/product_docs/identitymanager/saas/user-guide/maintain/identity-data-modification/multiple-update/home_multipleupdates_v523.webp) + +2. Follow the workflow's instructions to perform the change, assign new entitlements if needed, and +Original image link: ![Home Page - Multiple Updates](/img/product_docs/identitymanager/saas/user-guide/maintain/identity-data-modification/multiple-update/home_multipleupdates_v523.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\maintain\identity-data-modification\multiple-update\index.md +Context: + send the request. + + ![Multiple Updates Form](/img/product_docs/identitymanager/saas/user-guide/maintain/identity-data-modification/multiple-update/datamodif_multipleform_v602.webp) + + If the workflow has been configured in this way, the update request may require a review. In +Original image link: ![Multiple Updates Form](/img/product_docs/identitymanager/saas/user-guide/maintain/identity-data-modification/multiple-update/datamodif_multipleform_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\maintain\identity-data-modification\multiple-update\index.md +Context: + will be displayed in Identity Manager only after the request has been reviewed. + + ![Request - Review Pending](/img/product_docs/identitymanager/saas/user-guide/maintain/identity-data-modification/individual-update/datamodif_reviewpending_v523.webp) + +## Verify Data Update +Original image link: ![Request - Review Pending](/img/product_docs/identitymanager/saas/user-guide/maintain/identity-data-modification/individual-update/datamodif_reviewpending_v523.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\maintain\identity-data-modification\multiple-update\index.md +Context: + at least your own sheet and the sheets assigned to your hierarchy. + + ![Home - Directory User](/img/product_docs/identitymanager/saas/user-guide/set-up/configure-workflows/home_directoryuser_v523.webp) + +- Check that every organization still has a manager. Organizations are accessible in the +Original image link: ![Home - Directory User](/img/product_docs/identitymanager/saas/user-guide/set-up/configure-workflows/home_directoryuser_v523.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\maintain\identity-data-modification\multiple-update\index.md +Context: + `Department` directory on the home page. + + ![Home - Directory Department](/img/product_docs/identitymanager/saas/user-guide/set-up/initial-identities-loading/load-identities/home_directorydepartment_v523.webp) + + ![List of Departments](/img/product_docs/identitymanager/saas/user-guide/set-up/initial-identities-loading/load-identities/initialload_departments_v602.webp) +Original image link: ![Home - Directory Department](/img/product_docs/identitymanager/saas/user-guide/set-up/initial-identities-loading/load-identities/home_directorydepartment_v523.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\maintain\identity-data-modification\multiple-update\index.md +Context: + ![Home - Directory Department](/img/product_docs/identitymanager/saas/user-guide/set-up/initial-identities-loading/load-identities/home_directorydepartment_v523.webp) + + ![List of Departments](/img/product_docs/identitymanager/saas/user-guide/set-up/initial-identities-loading/load-identities/initialload_departments_v602.webp) + + If the system contains numerous organizations, it is also possible to list them with their +Original image link: ![List of Departments](/img/product_docs/identitymanager/saas/user-guide/set-up/initial-identities-loading/load-identities/initialload_departments_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\maintain\troubleshooting\index.md +Context: +- the connector screens, especially the jobs available there; + + ![Connector Jobs](/img/product_docs/identitymanager/saas/user-guide/maintain/troubleshooting/troubleshooting_connectorjobs_v603.webp) + +- the resource screens (identities, accounts, etc.) with their data, and especially their history +Original image link: ![Connector Jobs](/img/product_docs/identitymanager/saas/user-guide/maintain/troubleshooting/troubleshooting_connectorjobs_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\maintain\troubleshooting\index.md +Context: + and sources; + + ![User Data](/img/product_docs/identitymanager/saas/user-guide/maintain/troubleshooting/troubleshooting_userdata_v603.webp) + +- basic workflows, for example the usual helpdesk workflow, that give access to users' entitlements +Original image link: ![User Data](/img/product_docs/identitymanager/saas/user-guide/maintain/troubleshooting/troubleshooting_userdata_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\maintain\troubleshooting\index.md +Context: + and enable data modification and repair. + + ![Helpdesk Workflow](/img/product_docs/identitymanager/saas/user-guide/maintain/troubleshooting/troubleshooting_helpdesk_v603.webp) + +## Participants and Artifacts +Original image link: ![Helpdesk Workflow](/img/product_docs/identitymanager/saas/user-guide/maintain/troubleshooting/troubleshooting_helpdesk_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\optimize\assignment-automation\automate-role-assignment\index.md +Context: + section. + + ![Home Page - Access Rules](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/classification/home_rules_v602.webp) + +2. In the dropdown menu at the top left, choose the source entity type for the future scalar rule. +Original image link: ![Home Page - Access Rules](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/classification/home_rules_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\optimize\assignment-automation\automate-role-assignment\index.md +Context: +2. In the dropdown menu at the top left, choose the source entity type for the future scalar rule. + + ![Entity Type Choice](/img/product_docs/identitymanager/saas/user-guide/set-up/single-roles-catalog-creation/role-naming-rule-creation/provrules_entitytype_v602.webp) + +3. Click on the **Composite Roles** or **Single Roles** tab and on the addition button at the top +Original image link: ![Entity Type Choice](/img/product_docs/identitymanager/saas/user-guide/set-up/single-roles-catalog-creation/role-naming-rule-creation/provrules_entitytype_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\optimize\assignment-automation\automate-role-assignment\index.md +Context: + right corner. + + ![Addition Icon](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/classification/iconadd_v602.svg) + +4. Fill in the fields. +Original image link: ![Addition Icon](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/classification/iconadd_v602.svg) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\optimize\assignment-automation\automate-role-assignment\index.md +Context: +4. Fill in the fields. + + ![Create an Assignment Rule](/img/product_docs/identitymanager/saas/user-guide/optimize/assignment-automation/automate-role-assignment/assignmentrules_newsrolerule_v602.webp) + + - `Single Role`: single role to be automatically assigned in a single role rule. +Original image link: ![Create an Assignment Rule](/img/product_docs/identitymanager/saas/user-guide/optimize/assignment-automation/automate-role-assignment/assignmentrules_newsrolerule_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\optimize\assignment-automation\automate-role-assignment\index.md +Context: +1. Select a test user in the directory, accessible from the home page. + + ![Home Page - Directory User](/img/product_docs/identitymanager/saas/user-guide/set-up/configure-workflows/home_directoryuser_v523.webp) + +2. Create a role assignment rule for a role that said user doesn't already have, and based on +Original image link: ![Home Page - Directory User](/img/product_docs/identitymanager/saas/user-guide/set-up/configure-workflows/home_directoryuser_v523.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\optimize\assignment-automation\automate-role-assignment\index.md +Context: + in the **Administration** section. + + ![Home - Job Execution](/img/product_docs/identitymanager/saas/user-guide/set-up/synchronization/home_jobexecution_v602.webp) + +4. See the new permission in the user's **View Permissions** tab. +Original image link: ![Home - Job Execution](/img/product_docs/identitymanager/saas/user-guide/set-up/synchronization/home_jobexecution_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\optimize\assignment-automation\automate-role-assignment\index.md +Context: +4. See the new permission in the user's **View Permissions** tab. + + ![View Permissions Tab](/img/product_docs/identitymanager/saas/user-guide/set-up/provisioning-rule-creation/resource-creation/viewpermissions_v602.webp) + +Original image link: ![View Permissions Tab](/img/product_docs/identitymanager/saas/user-guide/set-up/provisioning-rule-creation/resource-creation/viewpermissions_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\optimize\assignment-automation\index.md +Context: + [ Perform Role Mining ](/docs/identitymanager/6.2/user-guide/optimize/assignment-automation/role-mining/index.md), based on existing data analysis. + +![Automation Concept](/img/product_docs/identitymanager/saas/user-guide/optimize/assignment-automation/automation_schema.webp) + +Assignment rules can sometimes give to users an entitlement that they had already received manually. +Original image link: ![Automation Concept](/img/product_docs/identitymanager/saas/user-guide/optimize/assignment-automation/automation_schema.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\optimize\assignment-automation\index.md +Context: +to the number of managed entitlements. + +![Optimal Cost Chart - Manual Assignments](/img/product_docs/identitymanager/saas/user-guide/optimize/assignment-automation/automation_optimalcost_manual.webp) + +### Automation benefits +Original image link: ![Optimal Cost Chart - Manual Assignments](/img/product_docs/identitymanager/saas/user-guide/optimize/assignment-automation/automation_optimalcost_manual.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\optimize\assignment-automation\index.md +Context: + be computed more frequently and thus sticks closer to reality. + +![Optimal Cost Chart - Automation Benefits](/img/product_docs/identitymanager/saas/user-guide/optimize/assignment-automation/automation_optimalcost_automationbenefits.webp) + +Automation helps integrators find basic assignment rules and face the previous risks, thus reducing +Original image link: ![Optimal Cost Chart - Automation Benefits](/img/product_docs/identitymanager/saas/user-guide/optimize/assignment-automation/automation_optimalcost_automationbenefits.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\optimize\assignment-automation\index.md +Context: +to write the right rules. It drives up costs considerably and draws you near the automation wall. + +![Optimal Cost Chart - Automation Limits](/img/product_docs/identitymanager/saas/user-guide/optimize/assignment-automation/automation_optimalcost_automationlimits.webp) + +The automation wall represents the automation threshold that cannot be overcome. It mostly comes +Original image link: ![Optimal Cost Chart - Automation Limits](/img/product_docs/identitymanager/saas/user-guide/optimize/assignment-automation/automation_optimalcost_automationlimits.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\optimize\assignment-automation\index.md +Context: +of automatic and manual assignments. + +![Optimal Cost Chart](/img/product_docs/identitymanager/saas/user-guide/optimize/assignment-automation/automation_optimalcost.webp) + +Automation strategy consists in using Machine Learning through Role Mining to get closer to the +Original image link: ![Optimal Cost Chart](/img/product_docs/identitymanager/saas/user-guide/optimize/assignment-automation/automation_optimalcost.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\optimize\assignment-automation\index.md +Context: + the automation wall. + + ![Optimal Cost Chart - Role Mining](/img/product_docs/identitymanager/saas/user-guide/optimize/assignment-automation/automation_optimalcost_rolemining.webp) + + **Enlarge the number of managed entitlements by tolerating errors:** +Original image link: ![Optimal Cost Chart - Role Mining](/img/product_docs/identitymanager/saas/user-guide/optimize/assignment-automation/automation_optimalcost_rolemining.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\optimize\assignment-automation\index.md +Context: + > about their respective projects. This is a typical area for improvement in data quality. + > + > ![Data Quality Example](/img/product_docs/identitymanager/saas/user-guide/optimize/assignment-automation/automation_dataquality_ex.webp) + + > For example, if charts show a high number of identities in the category `No Position`, +Original image link: ![Data Quality Example](/img/product_docs/identitymanager/saas/user-guide/optimize/assignment-automation/automation_dataquality_ex.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\optimize\assignment-automation\index.md +Context: + > integrators understand that the data model must be completed for role mining to be efficient. + > + > ![Data Quantity Example](/img/product_docs/identitymanager/saas/user-guide/optimize/assignment-automation/automation_dataquality_ex2.webp) + + > For example, if charts show a high number of unused roles, integrators understand that the +Original image link: ![Data Quantity Example](/img/product_docs/identitymanager/saas/user-guide/optimize/assignment-automation/automation_dataquality_ex2.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\optimize\assignment-automation\index.md +Context: + > role model needs further improvement because roles are not adequate. + > + > ![Data Quality Example](/img/product_docs/identitymanager/saas/user-guide/optimize/assignment-automation/automation_dataquality_ex3.webp) + + > For example, if charts show low automation rate per department, integrators will understand +Original image link: ![Data Quality Example](/img/product_docs/identitymanager/saas/user-guide/optimize/assignment-automation/automation_dataquality_ex3.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\optimize\assignment-automation\index.md +Context: + > that many identities may have switched departments while keeping their previous entitlements. + > + > ![Data Quality Example](/img/product_docs/identitymanager/saas/user-guide/optimize/assignment-automation/automation_dataquality_ex4.webp) + +3. Improve data quality and quantity to move the automation wall. +Original image link: ![Data Quality Example](/img/product_docs/identitymanager/saas/user-guide/optimize/assignment-automation/automation_dataquality_ex4.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\optimize\assignment-automation\index.md +Context: + number of entitlements. + + ![Optimal Cost Chart - Improved Data](/img/product_docs/identitymanager/saas/user-guide/optimize/assignment-automation/automation_optimalcost_data.webp) + + A high quantity of data simplifies data analysis and inferences in assignment rules. +Original image link: ![Optimal Cost Chart - Improved Data](/img/product_docs/identitymanager/saas/user-guide/optimize/assignment-automation/automation_optimalcost_data.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\optimize\assignment-automation\remove-redundant-assignments\index.md +Context: +automatically on a given time period, then we have: + +![Schema - Compute Role Model](/img/product_docs/identitymanager/saas/user-guide/optimize/assignment-automation/remove-redundant-assignments/redundantassignments_examplewithout.webp) + +The redundant assignment analysis gives priority to the rules inside the role model and the policy. +Original image link: ![Schema - Compute Role Model](/img/product_docs/identitymanager/saas/user-guide/optimize/assignment-automation/remove-redundant-assignments/redundantassignments_examplewithout.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\optimize\assignment-automation\remove-redundant-assignments\index.md +Context: +we have: + +![Schema - Redundant Assignment Analysis](/img/product_docs/identitymanager/saas/user-guide/optimize/assignment-automation/remove-redundant-assignments/redundantassignments_examplewith.webp) + +Redundant assignments can be removed by Identity Manager only when the corresponding assigned items +Original image link: ![Schema - Redundant Assignment Analysis](/img/product_docs/identitymanager/saas/user-guide/optimize/assignment-automation/remove-redundant-assignments/redundantassignments_examplewith.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\optimize\assignment-automation\remove-redundant-assignments\index.md +Context: +Remove redundant assignments by proceeding as follows: + +![Home Page - Redundant Assignments](/img/product_docs/identitymanager/saas/user-guide/optimize/assignment-automation/remove-redundant-assignments/home_redundantassignments_v602.webp) + +**Step 1 –** Click on **Redundant Assignments** on the home page in the **Administration** section. +Original image link: ![Home Page - Redundant Assignments](/img/product_docs/identitymanager/saas/user-guide/optimize/assignment-automation/remove-redundant-assignments/home_redundantassignments_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\optimize\assignment-automation\remove-redundant-assignments\index.md +Context: +**Step 1 –** Click on **Redundant Assignments** on the home page in the **Administration** section. + +![Redundant Assignments - Buttons](/img/product_docs/identitymanager/saas/user-guide/optimize/assignment-automation/remove-redundant-assignments/redundantassignments_buttons_v602.webp) + +**Step 2 –** Click on **Analyze** to tag the manual roles and resource types from all policies +Original image link: ![Redundant Assignments - Buttons](/img/product_docs/identitymanager/saas/user-guide/optimize/assignment-automation/remove-redundant-assignments/redundantassignments_buttons_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\optimize\assignment-automation\remove-redundant-assignments\index.md +Context: +per entity type representing identities. + +![Redundant Assignments - Report Example](/img/product_docs/identitymanager/saas/user-guide/optimize/assignment-automation/remove-redundant-assignments/redundantassignments_reportexample_v602.webp) + +The example states that in the entity type Directory_User, the user Nicholas Acosta had the single +Original image link: ![Redundant Assignments - Report Example](/img/product_docs/identitymanager/saas/user-guide/optimize/assignment-automation/remove-redundant-assignments/redundantassignments_reportexample_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\optimize\assignment-automation\remove-redundant-assignments\index.md +Context: +In order to verify the process: + +![Home Page - Directory User](/img/product_docs/identitymanager/saas/user-guide/set-up/configure-workflows/home_directoryuser_v523.webp) + +**Step 1 –** Access the user directory from the home page. +Original image link: ![Home Page - Directory User](/img/product_docs/identitymanager/saas/user-guide/set-up/configure-workflows/home_directoryuser_v523.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\optimize\assignment-automation\remove-redundant-assignments\index.md +Context: +**Step 1 –** Access the user directory from the home page. + +![View Permissions Tab](/img/product_docs/identitymanager/saas/user-guide/set-up/provisioning-rule-creation/resource-creation/viewpermissions_v602.webp) + +**Step 2 –** For one of the users mentioned in the report, access their permissions. +Original image link: ![View Permissions Tab](/img/product_docs/identitymanager/saas/user-guide/set-up/provisioning-rule-creation/resource-creation/viewpermissions_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\optimize\assignment-automation\remove-redundant-assignments\index.md +Context: +to calculated. + +![Redundant Assignments - Result](/img/product_docs/identitymanager/saas/user-guide/optimize/assignment-automation/remove-redundant-assignments/redundantassignments_reportexampleverif_v602.webp) + +When removing redundant assignments based on the previous report example the setting will be as +Original image link: ![Redundant Assignments - Result](/img/product_docs/identitymanager/saas/user-guide/optimize/assignment-automation/remove-redundant-assignments/redundantassignments_reportexampleverif_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\optimize\assignment-automation\role-mining\index.md +Context: +which will assign single roles to certain users matching given criteria. + +![Schema - Role Mining](/img/product_docs/identitymanager/saas/user-guide/optimize/assignment-automation/role-mining/rolemining_schema.webp) + +Role mining is a Machine Learning process. It is a statistic tool used to emphasize the +Original image link: ![Schema - Role Mining](/img/product_docs/identitymanager/saas/user-guide/optimize/assignment-automation/role-mining/rolemining_schema.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\optimize\assignment-automation\role-mining\index.md +Context: + entitlement request for a user. + + ![Suggested](/img/product_docs/identitymanager/saas/user-guide/optimize/assignment-automation/role-mining/rolemining_suggested_v602.webp) + +You can generate both automatic and suggested rules for the same role, with different precision +Original image link: ![Suggested](/img/product_docs/identitymanager/saas/user-guide/optimize/assignment-automation/role-mining/rolemining_suggested_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\optimize\assignment-automation\role-mining\index.md +Context: +> between 75% and 95%. +> +> ![Rule Types](/img/product_docs/identitymanager/saas/user-guide/optimize/assignment-automation/role-mining/rolemining_ruletype.webp) + +You can also differentiate entitlements according to their sensitivity, for example require +Original image link: ![Rule Types](/img/product_docs/identitymanager/saas/user-guide/optimize/assignment-automation/role-mining/rolemining_ruletype.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\optimize\assignment-automation\role-mining\index.md +Context: +additional reviews following the request of a sensitive entitlement: + +![Rule Types - Sensitivity](/img/product_docs/identitymanager/saas/user-guide/optimize/assignment-automation/role-mining/rolemining_ruletype-sensitivity.webp) + +The automation of entitlement assignments according to sensitivity brings greater confidence in +Original image link: ![Rule Types - Sensitivity](/img/product_docs/identitymanager/saas/user-guide/optimize/assignment-automation/role-mining/rolemining_ruletype-sensitivity.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\optimize\assignment-automation\role-mining\index.md +Context: +1. On the home page in the **Configuration** section, click on the **Role Mining** button. + + ![Home page - Connectors](/img/product_docs/identitymanager/saas/user-guide/optimize/assignment-automation/role-mining/home_rolemining_v60.webp) + + You will see all existing mining rules. +Original image link: ![Home page - Connectors](/img/product_docs/identitymanager/saas/user-guide/optimize/assignment-automation/role-mining/home_rolemining_v60.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\optimize\assignment-automation\role-mining\index.md +Context: +2. Click on the addition button at the top right and fill in the fields. + + ![Addition Icon](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/classification/iconadd_v602.svg) + + ![New Mining Rule](/img/product_docs/identitymanager/saas/user-guide/optimize/assignment-automation/role-mining/rolemining_miningrule_v602.webp) +Original image link: ![Addition Icon](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/classification/iconadd_v602.svg) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\optimize\assignment-automation\role-mining\index.md +Context: + ![Addition Icon](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/classification/iconadd_v602.svg) + + ![New Mining Rule](/img/product_docs/identitymanager/saas/user-guide/optimize/assignment-automation/role-mining/rolemining_miningrule_v602.webp) + + - `Policy`: [Create a Policy](/docs/identitymanager/6.2/user-guide/optimize/policy-creation/index.md) in which the mining rule exists. +Original image link: ![New Mining Rule](/img/product_docs/identitymanager/saas/user-guide/optimize/assignment-automation/role-mining/rolemining_miningrule_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\optimize\assignment-automation\role-mining\index.md +Context: + the[ Perform a Simulation ](/docs/identitymanager/6.2/user-guide/optimize/simulation/index.md) topic for additional information. + + ![Role Mining Jobs](/img/product_docs/identitymanager/saas/user-guide/optimize/assignment-automation/role-mining/rolemining_launchjob_v602.webp) + + If you need to bypass the simulation process, clicking on **Launch** will perform role mining +Original image link: ![Role Mining Jobs](/img/product_docs/identitymanager/saas/user-guide/optimize/assignment-automation/role-mining/rolemining_launchjob_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\optimize\assignment-automation\role-mining\index.md +Context: +In order to verify the process, access the rule list from the home page. + +![Home - Access Rules](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/classification/home_rules_v602.webp) + +Select **Single Roles** and check that the single role rules are created with the right parameters. +Original image link: ![Home - Access Rules](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/classification/home_rules_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\optimize\composite-role-creation\index.md +Context: +topic for additional information. + +![Schema](/img/product_docs/identitymanager/saas/user-guide/optimize/composite-role-creation/compositeroles_applicativeroles.webp) + +A composite role is a business role comprehensible by managers. It provides an additional layer of +Original image link: ![Schema](/img/product_docs/identitymanager/saas/user-guide/optimize/composite-role-creation/compositeroles_applicativeroles.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\optimize\composite-role-creation\index.md +Context: +abstraction layer. + +![Example](/img/product_docs/identitymanager/saas/user-guide/optimize/composite-role-creation/compositeroles_schema.webp) + +Single role rules link composite roles to single roles: a single role rule states that specific +Original image link: ![Example](/img/product_docs/identitymanager/saas/user-guide/optimize/composite-role-creation/compositeroles_schema.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\optimize\composite-role-creation\index.md +Context: +the roles page. + +![Home Page - Access Roles](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/resource-type-creation/home_roles_v602.webp) + +**Step 2 –** On the roles page, click on the adequate category and create a role by clicking on **+ +Original image link: ![Home Page - Access Roles](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/resource-type-creation/home_roles_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\optimize\composite-role-creation\index.md +Context: +**Step 3 –** Fill in the fields. + +![singlerolescatalog_createcompositerole_v62](/img/product_docs/identitymanager/saas/user-guide/optimize/composite-role-creation/singlerolescatalog_createcompositerole_v62.webp) + +- **Identifier**: must be unique among roles and without any whitespace. +Original image link: ![singlerolescatalog_createcompositerole_v62](/img/product_docs/identitymanager/saas/user-guide/optimize/composite-role-creation/singlerolescatalog_createcompositerole_v62.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\optimize\composite-role-creation\index.md +Context: +parameters. + +![Access Composite Roles](/img/product_docs/identitymanager/saas/user-guide/optimize/composite-role-creation/compositeroles_testroles_v602.webp) + +For rules, follow the instructions about assignment rules. See the +Original image link: ![Access Composite Roles](/img/product_docs/identitymanager/saas/user-guide/optimize/composite-role-creation/compositeroles_testroles_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\optimize\hr-connector-creation\index.md +Context: +inside Identity Manager. + +![Inbound System=](/img/product_docs/identitymanager/saas/user-guide/optimize/hr-connector-creation/connectorcreation_inbound.webp) + +As Identity Manager is able to feed all managed systems, it can also feed itself thanks to specific +Original image link: ![Inbound System=](/img/product_docs/identitymanager/saas/user-guide/optimize/hr-connector-creation/connectorcreation_inbound.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\optimize\hr-connector-creation\index.md +Context: + additional information. + + ![HR Connector Declaration](/img/product_docs/identitymanager/saas/user-guide/optimize/hr-connector-creation/hr_connectordeclaration_v602.webp) + +3. Create an Export CSV connection for each HR file to connect. See the +Original image link: ![HR Connector Declaration](/img/product_docs/identitymanager/saas/user-guide/optimize/hr-connector-creation/hr_connectordeclaration_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\optimize\hr-connector-creation\index.md +Context: + additional information. + + ![HR Connection](/img/product_docs/identitymanager/saas/user-guide/optimize/hr-connector-creation/hr_connection_v602.webp) + +4. [Create an Entity Type](/docs/identitymanager/6.2/user-guide/set-up/connect-system/entity-type-creation/index.md) corresponding +Original image link: ![HR Connection](/img/product_docs/identitymanager/saas/user-guide/optimize/hr-connector-creation/hr_connection_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\optimize\hr-connector-creation\index.md +Context: + to your model. For example: + + ![HR Entity Type - Scalar Properties](/img/product_docs/identitymanager/saas/user-guide/optimize/hr-connector-creation/hr_entitytypes_v602.webp) + + ![HR Entity Type - Navigation Properties](/img/product_docs/identitymanager/saas/user-guide/optimize/hr-connector-creation/hr_entitytypen_v602.webp) +Original image link: ![HR Entity Type - Scalar Properties](/img/product_docs/identitymanager/saas/user-guide/optimize/hr-connector-creation/hr_entitytypes_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\optimize\hr-connector-creation\index.md +Context: + ![HR Entity Type - Scalar Properties](/img/product_docs/identitymanager/saas/user-guide/optimize/hr-connector-creation/hr_entitytypes_v602.webp) + + ![HR Entity Type - Navigation Properties](/img/product_docs/identitymanager/saas/user-guide/optimize/hr-connector-creation/hr_entitytypen_v602.webp) + +5. Don't forget to reload and [ Synchronize Data ](/docs/identitymanager/6.2/user-guide/set-up/synchronization/index.md) to access +Original image link: ![HR Entity Type - Navigation Properties](/img/product_docs/identitymanager/saas/user-guide/optimize/hr-connector-creation/hr_entitytypen_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\optimize\hr-connector-creation\index.md +Context: + HR data within Identity Manager. + + ![Reload](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/entity-type-creation/key-selection/entitytypecreation_reload_v522.webp) + + ![Synchronize Job](/img/product_docs/identitymanager/saas/user-guide/set-up/synchronization/synchro_executionjobs_v602.webp) +Original image link: ![Reload](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/entity-type-creation/key-selection/entitytypecreation_reload_v522.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\optimize\hr-connector-creation\index.md +Context: + ![Reload](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/entity-type-creation/key-selection/entitytypecreation_reload_v522.webp) + + ![Synchronize Job](/img/product_docs/identitymanager/saas/user-guide/set-up/synchronization/synchro_executionjobs_v602.webp) + +## Verify HR Connector Creation +Original image link: ![Synchronize Job](/img/product_docs/identitymanager/saas/user-guide/set-up/synchronization/synchro_executionjobs_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\optimize\hr-connector-creation\index.md +Context: + synchronization completed successfully. + + ![Jobs Results](/img/product_docs/identitymanager/saas/user-guide/set-up/synchronization/synchro_results_v603.webp) + +3. Check that the entity types have been added to the left menu of the home page. +Original image link: ![Jobs Results](/img/product_docs/identitymanager/saas/user-guide/set-up/synchronization/synchro_results_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\optimize\hr-connector-creation\index.md +Context: +3. Check that the entity types have been added to the left menu of the home page. + + ![Test Entity Type](/img/product_docs/identitymanager/saas/user-guide/optimize/hr-connector-creation/hr_validatemenu_v600.webp) + +4. Access the relevant entity types (from the menu items on the left of the home page) to check +Original image link: ![Test Entity Type](/img/product_docs/identitymanager/saas/user-guide/optimize/hr-connector-creation/hr_validatemenu_v600.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\optimize\hr-connector-creation\index.md +Context: + associations, via the Eye icon: + + ![Eye Icon](/img/product_docs/identitymanager/saas/user-guide/set-up/synchronization/iconeye_v600.svg) + + You should seek configuration validation, not validation of the actual data being synchronized. +Original image link: ![Eye Icon](/img/product_docs/identitymanager/saas/user-guide/set-up/synchronization/iconeye_v600.svg) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\optimize\identity-datamodel-modification\index.md +Context: +1. On the home page, click on **Settings** in the **Configuration** section. + + ![Home Page - Configuration](/img/product_docs/identitymanager/saas/user-guide/set-up/user-profile-configuration/home_settings_v523.webp) + +2. Access the data model on the **Workforce** > **Data Model** page. +Original image link: ![Home Page - Configuration](/img/product_docs/identitymanager/saas/user-guide/set-up/user-profile-configuration/home_settings_v523.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\optimize\identity-datamodel-modification\index.md +Context: +3. Change the display option to show or hide properties in the identity repository. + + ![Scan Data Model - Display Option](/img/product_docs/identitymanager/saas/user-guide/optimize/identity-datamodel-modification/datamodelmodif_scan_v600.webp) + +4. After your changes are complete, click on the Save icon at the top. +Original image link: ![Scan Data Model - Display Option](/img/product_docs/identitymanager/saas/user-guide/optimize/identity-datamodel-modification/datamodelmodif_scan_v600.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\optimize\identity-datamodel-modification\index.md +Context: +4. After your changes are complete, click on the Save icon at the top. + + ![Save Icon](/img/product_docs/identitymanager/saas/user-guide/set-up/user-profile-configuration/iconsave_v602.svg) + +5. Click on the **Reload** button to apply the recent changes to the application. +Original image link: ![Save Icon](/img/product_docs/identitymanager/saas/user-guide/set-up/user-profile-configuration/iconsave_v602.svg) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\optimize\identity-datamodel-modification\index.md +Context: +5. Click on the **Reload** button to apply the recent changes to the application. + + ![Reload Button](/img/product_docs/identitymanager/saas/user-guide/set-up/initial-identities-loading/generate-unique-properties/reload_v603.webp) + +## Delete Properties +Original image link: ![Reload Button](/img/product_docs/identitymanager/saas/user-guide/set-up/initial-identities-loading/generate-unique-properties/reload_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\optimize\identity-datamodel-modification\index.md +Context: + least your own sheet and the sheets assigned to your hierarchy. + + ![Home - Directory User](/img/product_docs/identitymanager/saas/user-guide/set-up/configure-workflows/home_directoryuser_v523.webp) + +- Check that every organization still has a manager. Organizations are accessible in the department +Original image link: ![Home - Directory User](/img/product_docs/identitymanager/saas/user-guide/set-up/configure-workflows/home_directoryuser_v523.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\optimize\identity-datamodel-modification\index.md +Context: + directory accessible from the home page. + + ![Home - Directory Department](/img/product_docs/identitymanager/saas/user-guide/set-up/initial-identities-loading/load-identities/home_directorydepartment_v523.webp) + + ![List of Departments](/img/product_docs/identitymanager/saas/user-guide/set-up/initial-identities-loading/load-identities/initialload_departments_v602.webp) +Original image link: ![Home - Directory Department](/img/product_docs/identitymanager/saas/user-guide/set-up/initial-identities-loading/load-identities/home_directorydepartment_v523.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\optimize\identity-datamodel-modification\index.md +Context: + ![Home - Directory Department](/img/product_docs/identitymanager/saas/user-guide/set-up/initial-identities-loading/load-identities/home_directorydepartment_v523.webp) + + ![List of Departments](/img/product_docs/identitymanager/saas/user-guide/set-up/initial-identities-loading/load-identities/initialload_departments_v602.webp) + + If the system contains numerous organizations, it is also possible to list them with their +Original image link: ![List of Departments](/img/product_docs/identitymanager/saas/user-guide/set-up/initial-identities-loading/load-identities/initialload_departments_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\optimize\non-conforming-assignment-review-automation\index.md +Context: +Create an automation rule by proceeding as follows: + +![Home Page - Access Rules](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/classification/home_rules_v602.webp) + +**Step 1 –** On the home page in the **Configuration** section, click on **Access Rules**. +Original image link: ![Home Page - Access Rules](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/classification/home_rules_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\optimize\non-conforming-assignment-review-automation\index.md +Context: +**Step 1 –** On the home page in the **Configuration** section, click on **Access Rules**. + +![Entity Type Choice](/img/product_docs/identitymanager/saas/user-guide/set-up/single-roles-catalog-creation/role-naming-rule-creation/provrules_entitytype_v602.webp) + +**Step 2 –** In the dropdown menu at the top left, choose the entity type to which the future rule +Original image link: ![Entity Type Choice](/img/product_docs/identitymanager/saas/user-guide/set-up/single-roles-catalog-creation/role-naming-rule-creation/provrules_entitytype_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\optimize\non-conforming-assignment-review-automation\index.md +Context: +will be applied. + +![Addition Icon](/img/product_docs/identitymanager/saas/user-guide/set-up/user-profile-assignment/iconadd_v602.webp) + +**Step 3 –** Click on the **Automations** tab and on the addition button at the top right corner. +Original image link: ![Addition Icon](/img/product_docs/identitymanager/saas/user-guide/set-up/user-profile-assignment/iconadd_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\optimize\non-conforming-assignment-review-automation\index.md +Context: +**Step 3 –** Click on the **Automations** tab and on the addition button at the top right corner. + +![New Automation Rule](/img/product_docs/identitymanager/saas/user-guide/optimize/non-conforming-assignment-review-automation/reviewautomation_newrulefields_v602.webp) + +**Step 4 –** Fill in the fields. +Original image link: ![New Automation Rule](/img/product_docs/identitymanager/saas/user-guide/optimize/non-conforming-assignment-review-automation/reviewautomation_newrulefields_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\optimize\non-conforming-assignment-review-automation\index.md +Context: +**Step 2 –** Create an automation rule matching said assignment. + +![Home Page - Job Execution](/img/product_docs/identitymanager/saas/user-guide/set-up/synchronization/home_jobexecution_v602.webp) + +**Step 3 –** Compute the role model through the complete job on the **Job Execution** page. +Original image link: ![Home Page - Job Execution](/img/product_docs/identitymanager/saas/user-guide/set-up/synchronization/home_jobexecution_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\optimize\non-conforming-assignment-review-automation\index.md +Context: +according to the rule's settings. + +![New Automation Rule](/img/product_docs/identitymanager/saas/user-guide/optimize/non-conforming-assignment-review-automation/reviewautomation_rulemessage_v522.webp) + +Any role affected by an automation rule shows a specific message on the **Role Review** page. +Original image link: ![New Automation Rule](/img/product_docs/identitymanager/saas/user-guide/optimize/non-conforming-assignment-review-automation/reviewautomation_rulemessage_v522.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\optimize\parameterized-role\index.md +Context: +additional information. + +![Simple Role](/img/product_docs/identitymanager/saas/user-guide/optimize/parameterized-role/parameterizedroles_simplerole.webp) + +To enable the assignment of all existing entitlements, the role model usually contains numerous +Original image link: ![Simple Role](/img/product_docs/identitymanager/saas/user-guide/optimize/parameterized-role/parameterizedroles_simplerole.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\optimize\parameterized-role\index.md +Context: +For example, the SAP role can be given with slight differences according to the users' subsidiaries: + +> ![Role Matrix](/img/product_docs/identitymanager/saas/user-guide/optimize/parameterized-role/parameterizedroles_numerousroles.webp) + +In order to reduce the number of roles, we can configure roles with parameters by inserting a +Original image link: ![Role Matrix](/img/product_docs/identitymanager/saas/user-guide/optimize/parameterized-role/parameterizedroles_numerousroles.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\optimize\parameterized-role\index.md +Context: +the schema), we can have way fewer roles (right on the schema). + +![With/Without Parameters](/img/product_docs/identitymanager/saas/user-guide/optimize/parameterized-role/parameterizedroles_parameters.webp) + +In the previous example, with a parameter on the subsidiary, the number of roles would be divided by +Original image link: ![With/Without Parameters](/img/product_docs/identitymanager/saas/user-guide/optimize/parameterized-role/parameterizedroles_parameters.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\optimize\parameterized-role\index.md +Context: +``` + +![Example - Role](/img/product_docs/identitymanager/saas/user-guide/optimize/parameterized-role/parameterizedrole_examplerole_v603.webp) + +**Step 2 –** Create a single role. See the +Original image link: ![Example - Role](/img/product_docs/identitymanager/saas/user-guide/optimize/parameterized-role/parameterizedrole_examplerole_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\optimize\parameterized-role\index.md +Context: +Here we have three navigation rules, one for each distinct time slot (dimension A). For example: + +![Example - Rule](/img/product_docs/identitymanager/saas/user-guide/optimize/parameterized-role/parameterizedrole_examplerule_v603.webp) + +**NOTE:** Make sure that the corresponding dimension is specified in the right `DisplayEntityType` +Original image link: ![Example - Rule](/img/product_docs/identitymanager/saas/user-guide/optimize/parameterized-role/parameterizedrole_examplerule_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\optimize\parameterized-role\index.md +Context: +value Y, then that user would get the role B. + +![Example - Role Parameter Required](/img/product_docs/identitymanager/saas/user-guide/optimize/parameterized-role/parameterizedrole_exampleroleparameter_v603.webp) + +**Step 4 –** Go back to the roles page to edit the single role from step 2, if needing to set the +Original image link: ![Example - Role Parameter Required](/img/product_docs/identitymanager/saas/user-guide/optimize/parameterized-role/parameterizedrole_exampleroleparameter_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\optimize\parameterized-role\index.md +Context: +In our example: + +![Example - Step 1](/img/product_docs/identitymanager/saas/user-guide/optimize/parameterized-role/parameterizedroles_parameterexamplestep1_v603.webp) + +![Example - Step 2](/img/product_docs/identitymanager/saas/user-guide/optimize/parameterized-role/parameterizedroles_parameterexamplestep2_v603.webp) +Original image link: ![Example - Step 1](/img/product_docs/identitymanager/saas/user-guide/optimize/parameterized-role/parameterizedroles_parameterexamplestep1_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\optimize\parameterized-role\index.md +Context: +![Example - Step 1](/img/product_docs/identitymanager/saas/user-guide/optimize/parameterized-role/parameterizedroles_parameterexamplestep1_v603.webp) + +![Example - Step 2](/img/product_docs/identitymanager/saas/user-guide/optimize/parameterized-role/parameterizedroles_parameterexamplestep2_v603.webp) + +If the dimension is specified in the users' context rule, then Identity Manager will provide +Original image link: ![Example - Step 2](/img/product_docs/identitymanager/saas/user-guide/optimize/parameterized-role/parameterizedroles_parameterexamplestep2_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\optimize\parameterized-role\index.md +Context: +suggestions. + +![Example - Suggestion](/img/product_docs/identitymanager/saas/user-guide/optimize/parameterized-role/parameterizedrole_examplerolesuggestion_v603.webp) + +For example, concerning the `Title` dimension mentioned above. +Original image link: ![Example - Suggestion](/img/product_docs/identitymanager/saas/user-guide/optimize/parameterized-role/parameterizedrole_examplerolesuggestion_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\optimize\policy-creation\index.md +Context: +Create a policy by proceeding as follows: + +![Home - Access Policies](/img/product_docs/identitymanager/saas/user-guide/optimize/policy-creation/home_accesspolicies_v602.webp) + +**Step 1 –** Access the policies screen by clicking on **Access Policies** on the home page in the +Original image link: ![Home - Access Policies](/img/product_docs/identitymanager/saas/user-guide/optimize/policy-creation/home_accesspolicies_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\optimize\policy-creation\index.md +Context: +**Configuration** section. + +![New Policy](/img/product_docs/identitymanager/saas/user-guide/optimize/policy-creation/policycreation_policies_v602.webp) + +**Step 2 –** Click on **+ New policy** at the top right corner. +Original image link: ![New Policy](/img/product_docs/identitymanager/saas/user-guide/optimize/policy-creation/policycreation_policies_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\optimize\policy-creation\index.md +Context: +**Step 2 –** Click on **+ New policy** at the top right corner. + +![createpolicy](/img/product_docs/identitymanager/saas/user-guide/optimize/policy-creation/createpolicy.webp) + +**Step 3 –** Fill in the information fields. +Original image link: ![createpolicy](/img/product_docs/identitymanager/saas/user-guide/optimize/policy-creation/createpolicy.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\optimize\risk-management\index.md +Context: +1. On the home page in the **Configuration** section, click on **Risks**. + + ![Home Page - Risks](/img/product_docs/identitymanager/saas/user-guide/optimize/risk-management/home_risks_v602.webp) + +2. On the risks page, click on the addition button at the top right corner. +Original image link: ![Home Page - Risks](/img/product_docs/identitymanager/saas/user-guide/optimize/risk-management/home_risks_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\optimize\risk-management\index.md +Context: +2. On the risks page, click on the addition button at the top right corner. + + ![Addition Icon](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/classification/iconadd_v602.svg) + +3. Fill in the fields. +Original image link: ![Addition Icon](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/classification/iconadd_v602.svg) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\optimize\risk-management\index.md +Context: +3. Fill in the fields. + + ![New Risk](/img/product_docs/identitymanager/saas/user-guide/optimize/risk-management/riskmanagement_newrisk_v602.webp) + + - `Identifier`: must be unique among risks and without any whitespace. +Original image link: ![New Risk](/img/product_docs/identitymanager/saas/user-guide/optimize/risk-management/riskmanagement_newrisk_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\optimize\risk-management\index.md +Context: + topic for additional information. + + ![Risk Icon](/img/product_docs/identitymanager/saas/user-guide/optimize/risk-management/riskmanagement_workflowstate_v523.webp) + + ### Write risk rules +Original image link: ![Risk Icon](/img/product_docs/identitymanager/saas/user-guide/optimize/risk-management/riskmanagement_workflowstate_v523.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\optimize\risk-management\index.md +Context: + > The group `DL-INTERNET-Restricted` in our example. + + ![Risk Item Example](/img/product_docs/identitymanager/saas/user-guide/optimize/risk-management/riskmanagement_newriskitem_v602.webp) + + This final value is an entitlement, linked to the owner identity through the navigation property +Original image link: ![Risk Item Example](/img/product_docs/identitymanager/saas/user-guide/optimize/risk-management/riskmanagement_newriskitem_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\optimize\risk-management\index.md +Context: +**Identified Risks** screen, accessible from the home page in the **Administration** section. + +![Home Page - Identified Risks](/img/product_docs/identitymanager/saas/user-guide/optimize/risk-management/home_identifiedrisks_v602.webp) + +![Identified Risks](/img/product_docs/identitymanager/saas/user-guide/optimize/risk-management/riskmanagement_identifiedrisks_v522.webp) +Original image link: ![Home Page - Identified Risks](/img/product_docs/identitymanager/saas/user-guide/optimize/risk-management/home_identifiedrisks_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\optimize\risk-management\index.md +Context: +![Home Page - Identified Risks](/img/product_docs/identitymanager/saas/user-guide/optimize/risk-management/home_identifiedrisks_v602.webp) + +![Identified Risks](/img/product_docs/identitymanager/saas/user-guide/optimize/risk-management/riskmanagement_identifiedrisks_v522.webp) + +For a given identity in the list, user information can be viewed and accessed by clicking +Original image link: ![Identified Risks](/img/product_docs/identitymanager/saas/user-guide/optimize/risk-management/riskmanagement_identifiedrisks_v522.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\optimize\simulation\index.md +Context: + **Configuration** section. + + ![Home - Simulations](/img/product_docs/identitymanager/saas/user-guide/optimize/simulation/home_simulations_v600.webp) + + ![Simulation List](/img/product_docs/identitymanager/saas/user-guide/optimize/simulation/simulation_list_v602.webp) +Original image link: ![Home - Simulations](/img/product_docs/identitymanager/saas/user-guide/optimize/simulation/home_simulations_v600.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\optimize\simulation\index.md +Context: + ![Home - Simulations](/img/product_docs/identitymanager/saas/user-guide/optimize/simulation/home_simulations_v600.webp) + + ![Simulation List](/img/product_docs/identitymanager/saas/user-guide/optimize/simulation/simulation_list_v602.webp) + +2. Create a new simulation by clicking on the addition button at the top right corner. +Original image link: ![Simulation List](/img/product_docs/identitymanager/saas/user-guide/optimize/simulation/simulation_list_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\optimize\simulation\index.md +Context: +2. Create a new simulation by clicking on the addition button at the top right corner. + + ![Addition Icon](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/classification/iconadd_v602.svg) + +3. Fill in the fields. +Original image link: ![Addition Icon](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/classification/iconadd_v602.svg) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\optimize\simulation\index.md +Context: +3. Fill in the fields. + + ![Simulation List](/img/product_docs/identitymanager/saas/user-guide/optimize/simulation/simulation_new_v602.webp) + +4. Click on **+ Create**. +Original image link: ![Simulation List](/img/product_docs/identitymanager/saas/user-guide/optimize/simulation/simulation_new_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\optimize\simulation\index.md +Context: + respectively for addition, modification and deletion: + + ![Edition - Approval Icon](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/classification/iconadd_v602.svg) + + ![Recommendation Icon](/img/product_docs/identitymanager/saas/user-guide/optimize/simulation/simulation_iconedit_v600.svg) +Original image link: ![Edition - Approval Icon](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/classification/iconadd_v602.svg) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\optimize\simulation\index.md +Context: + ![Edition - Approval Icon](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/classification/iconadd_v602.svg) + + ![Recommendation Icon](/img/product_docs/identitymanager/saas/user-guide/optimize/simulation/simulation_iconedit_v600.svg) + + ![Discouragement Icon](/img/product_docs/identitymanager/saas/user-guide/optimize/simulation/simulation_icondelete_v600.svg) +Original image link: ![Recommendation Icon](/img/product_docs/identitymanager/saas/user-guide/optimize/simulation/simulation_iconedit_v600.svg) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\optimize\simulation\index.md +Context: + ![Recommendation Icon](/img/product_docs/identitymanager/saas/user-guide/optimize/simulation/simulation_iconedit_v600.svg) + + ![Discouragement Icon](/img/product_docs/identitymanager/saas/user-guide/optimize/simulation/simulation_icondelete_v600.svg) + + At any time, you can click on the line of a previously made change to access its description, +Original image link: ![Discouragement Icon](/img/product_docs/identitymanager/saas/user-guide/optimize/simulation/simulation_icondelete_v600.svg) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\optimize\simulation\index.md +Context: + even click on **Cancel** to erase it. + + ![Cancel Change](/img/product_docs/identitymanager/saas/user-guide/optimize/simulation/simulation_cancel_v602.webp) + +6. Click on **Start** to launch the simulation. +Original image link: ![Cancel Change](/img/product_docs/identitymanager/saas/user-guide/optimize/simulation/simulation_cancel_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\optimize\simulation\index.md +Context: +6. Click on **Start** to launch the simulation. + + ![Start Simulation](/img/product_docs/identitymanager/saas/user-guide/optimize/simulation/simulation_start_v602.webp) + +7. After a few seconds, click on **Refresh** to display the simulation results. +Original image link: ![Start Simulation](/img/product_docs/identitymanager/saas/user-guide/optimize/simulation/simulation_start_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\optimize\simulation\index.md +Context: +8. Observe the results in the overview and in the Excel report available via the Download button. + + ![Download Icon](/img/product_docs/identitymanager/saas/user-guide/set-up/initial-identities-loading/load-identities/icondownload_v602.svg) + +## Shift from Simulation to Production +Original image link: ![Download Icon](/img/product_docs/identitymanager/saas/user-guide/set-up/initial-identities-loading/load-identities/icondownload_v602.svg) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\optimize\simulation\index.md +Context: +After all needed changes have been simulated, you can decide to apply or cancel them. + +![Apply or Cancel Changes](/img/product_docs/identitymanager/saas/user-guide/optimize/simulation/simulation_decision_v600.webp) + +Then, the simulation is no longer active. +Original image link: ![Apply or Cancel Changes](/img/product_docs/identitymanager/saas/user-guide/optimize/simulation/simulation_decision_v600.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\optimize\simulation\index.md +Context: +For roles, click on **Access Roles** on the home page in the **Configuration** section. + +![Home Page - Access Roles](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/resource-type-creation/home_roles_v602.webp) + +Select the type of role that you want to check, and find the roles you created inside the right +Original image link: ![Home Page - Access Roles](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/resource-type-creation/home_roles_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\optimize\simulation\index.md +Context: +category and with the right parameters. + +![Select Roles](/img/product_docs/identitymanager/saas/user-guide/set-up/single-roles-catalog-creation/category-creation/categorycreation_test_v602.webp) + +For rules, click on **Access Rules** on the home page in the **Configuration** section. +Original image link: ![Select Roles](/img/product_docs/identitymanager/saas/user-guide/set-up/single-roles-catalog-creation/category-creation/categorycreation_test_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\optimize\simulation\index.md +Context: +For rules, click on **Access Rules** on the home page in the **Configuration** section. + +![Home Page - Access Rules](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/classification/home_rules_v602.webp) + +Select the type of rule that you want to check, and find the rules you created with the right +Original image link: ![Home Page - Access Rules](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/classification/home_rules_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\categorization\classification\index.md +Context: + requested manually or assigned automatically by a resource type rule; + + ![Correlation Review - Provisioning Review Screen](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/classification/categorization_reviewsprovisioningreview_v603.webp) + +- on the **Resource Reconciliation** page when the owned resource is not allowed by the role model, +Original image link: ![Correlation Review - Provisioning Review Screen](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/classification/categorization_reviewsprovisioningreview_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\categorization\classification\index.md +Context: + Reconciliation** page. + + ![Correlation Review - Resource Reconciliation Screen](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/classification/categorization_reviewsresourcereconciliation_v603.webp) + +Broadly speaking, the **Resource Reconciliation** page displays non-conforming assignments/values +Original image link: ![Correlation Review - Resource Reconciliation Screen](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/classification/categorization_reviewsresourcereconciliation_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\categorization\classification\index.md +Context: +1. On the relevant resource type's page, click on **Classification Rules** and the addition icon. + + ![New Classification Rule](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/classification/resourcetype_newclassifrule_v602.webp) + + Classification rules can also be created through the **Access Rules** screen (accessible from +Original image link: ![New Classification Rule](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/classification/resourcetype_newclassifrule_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\categorization\classification\index.md +Context: + the addition button at the top right corner. + + ![Home - Access Rules](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/classification/home_rules_v602.webp) + + ![Addition Icon](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/classification/iconadd_v602.svg) +Original image link: ![Home - Access Rules](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/classification/home_rules_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\categorization\classification\index.md +Context: + ![Home - Access Rules](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/classification/home_rules_v602.webp) + + ![Addition Icon](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/classification/iconadd_v602.svg) + +2. Fill in the fields. +Original image link: ![Addition Icon](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/classification/iconadd_v602.svg) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\categorization\classification\index.md +Context: +2. Fill in the fields. + + ![New Classification Rule Fields](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/classification/resourcetype_newclassifrulefields_v602.webp) + + - **Target Object** > `Expression`: C# expression based on the resource that needs to be +Original image link: ![New Classification Rule Fields](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/classification/resourcetype_newclassifrulefields_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\categorization\classification\index.md +Context: + > Our overview example would look like: + > + > ![Classification Rule Example](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/classification/classification_example_v602.webp) + +3. Click on **Create** and see a line added on the rules page. +Original image link: ![Classification Rule Example](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/classification/classification_example_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\categorization\classification\index.md +Context: + Resource Types** to apply the new classification rules. + +![Resource Type Jobs](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/classification/synchro_resourcetype_v602.webp) + +## Impact of Modifications +Original image link: ![Resource Type Jobs](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/classification/synchro_resourcetype_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\categorization\classification\index.md +Context: +of the home page. + +![Test Entity Type](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/classification/entitytypecreation_test_v602.webp) + +The entity type's page can be configured via XML to customize all displayed columns and available +Original image link: ![Test Entity Type](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/classification/entitytypecreation_test_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\categorization\classification\index.md +Context: +/ Resource Type** column that shows the resource type assigned to each resource. + +![Owner / Resource Type Column](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/classification/classification_test_v522.webp) + +Therefore, check that all resources show here a resource type. Moreover, a knowledgeable person must +Original image link: ![Owner / Resource Type Column](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/classification/classification_test_v522.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\categorization\classification\index.md +Context: +If a resource is not classified (or not correctly), then: + +![Unclassified Resource](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/classification/classification_unclassified_v600.webp) + +- If the resource is correlated, check whether the corresponding correlation rule is in the right +Original image link: ![Unclassified Resource](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/classification/classification_unclassified_v600.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\categorization\correlation\index.md +Context: + requested manually or assigned automatically by a resource type rule; + + ![Correlation Review - Provisioning Review Screen](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/classification/categorization_reviewsprovisioningreview_v603.webp) + +- on the **Resource Reconciliation** page when the owned resource is not allowed by the role model, +Original image link: ![Correlation Review - Provisioning Review Screen](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/classification/categorization_reviewsprovisioningreview_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\categorization\correlation\index.md +Context: + Reconciliation** page. + + ![Correlation Review - Resource Reconciliation Screen](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/classification/categorization_reviewsresourcereconciliation_v603.webp) + +Broadly speaking, the **Resource Reconciliation** page displays non-conforming assignments/values +Original image link: ![Correlation Review - Resource Reconciliation Screen](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/classification/categorization_reviewsresourcereconciliation_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\categorization\correlation\index.md +Context: +1. On the relevant resource type's page, click on **Correlation Rules** and **+ New**. + + ![New Correlation Rule](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/correlation/resourcetype_newcorrelrule_v602.webp) + + Correlation rules can also be created through the **Access Rules** screen (accessible from the +Original image link: ![New Correlation Rule](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/correlation/resourcetype_newcorrelrule_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\categorization\correlation\index.md +Context: + addition button at the top right corner. + + ![Home - Access Rules](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/classification/home_rules_v602.webp) + + ![Addition Icon](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/classification/iconadd_v602.svg) +Original image link: ![Home - Access Rules](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/classification/home_rules_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\categorization\correlation\index.md +Context: + ![Home - Access Rules](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/classification/home_rules_v602.webp) + + ![Addition Icon](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/classification/iconadd_v602.svg) + +2. Fill in the fields. +Original image link: ![Addition Icon](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/classification/iconadd_v602.svg) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\categorization\correlation\index.md +Context: +2. Fill in the fields. + + ![New Correlation Rule Fields](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/correlation/resourcetype_newcorrelrulefields_v602.webp) + + - **Source Object**: at least one property from the source system that is going to be linked to +Original image link: ![New Correlation Rule Fields](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/correlation/resourcetype_newcorrelrulefields_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\categorization\correlation\index.md +Context: + > account via its `sAMAccountName` attribute and display name: + > + > ![Correlation Rule Example](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/correlation/correlation_example_v602.webp) + +3. Click on **Create** and see a line added on the rules page. +Original image link: ![Correlation Rule Example](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/correlation/correlation_example_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\categorization\correlation\index.md +Context: + **Jobs** > **Compute Role Model** to apply all correlation rules. + +![Resource Type Jobs](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/classification/synchro_resourcetype_v602.webp) + +## Impact of Modifications +Original image link: ![Resource Type Jobs](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/classification/synchro_resourcetype_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\categorization\correlation\index.md +Context: +entity type(s) affected by your rule(s) in the left menu of the home page. + +![Test Entity Type](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/classification/entitytypecreation_test_v602.webp) + +The entity type's page can be configured via XML to customize all displayed columns and available +Original image link: ![Test Entity Type](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/classification/entitytypecreation_test_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\categorization\correlation\index.md +Context: +Resource Type** column that shows the owner assigned to each resource. + +![Owner / Resource Type Column](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/correlation/correlation_test_v522.webp) + +A knowledgeable person must analyze a few samples to ensure that resources' owners can all be +Original image link: ![Owner / Resource Type Column](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/correlation/correlation_test_v522.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\categorization\correlation\index.md +Context: +If a resource is not correlated (or not correctly), then: + +![Uncorrelated Resource](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/correlation/correlation_uncorrelated_v600.webp) + +- Check the validity of correlation rules. +Original image link: ![Uncorrelated Resource](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/correlation/correlation_uncorrelated_v600.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\categorization\index.md +Context: +topic for additional information. + +![Classification Schema](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/categorization_classifschema.webp) + +Any resource that is unclassified will not be available for review. +Original image link: ![Classification Schema](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/categorization_classifschema.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\categorization\index.md +Context: +topic for additional information. + +![Correlation Schema](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/categorization_correlschema.webp) + +While an owner can possess several resources, a resource can have only one owner. +Original image link: ![Correlation Schema](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/categorization_correlschema.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\categorization\index.md +Context: +> For basic users, we have in Identity Manager: +> +> ![Example - Basic Users in Usercube](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/categorization_examplebasicuser.webp) +> +> For basic users, we have in the AD: +Original image link: ![Example - Basic Users in Usercube](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/categorization_examplebasicuser.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\categorization\index.md +Context: +> For basic users, we have in the AD: +> +> ![Example - Basic Users in AD](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/categorization_examplebasicad.webp) +> +> Thus our example could induce the following rules: | Classification Rules | Correlation Rules | | +Original image link: ![Example - Basic Users in AD](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/categorization_examplebasicad.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\categorization\index.md +Context: +> For administrators, we have in Identity Manager: +> +> ![Example - Basic Users in Usercube](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/categorization_exampleadminuser.webp) +> +> For administrators, we have in the AD: +Original image link: ![Example - Basic Users in Usercube](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/categorization_exampleadminuser.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\categorization\index.md +Context: +> For administrators, we have in the AD: +> +> ![Example - Admin Users in AD](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/categorization_exampleadminad.webp) +> +> Thus our example could induce the following rules: | Classification Rules | Correlation Rules | | +Original image link: ![Example - Admin Users in AD](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/categorization_exampleadminad.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\categorization\index.md +Context: +In the same way, Identity Manager will apply correlation rules before classification rules. + +![Categorization Schema](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/categorization_categschema.webp) + +Now that you have created resource types and their correlation/classification rules, you have +Original image link: ![Categorization Schema](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/categorization_categschema.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\categorization\resource-type-creation\index.md +Context: +1. On the relevant connector page, click on the addition button in the **Resource Types** frame. + + ![Addition Icon](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/classification/iconadd_v602.svg) + + Resource types can also be created through the **Access Roles** screen (accessible from the home +Original image link: ![Addition Icon](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/classification/iconadd_v602.svg) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\categorization\resource-type-creation\index.md +Context: + `Resource Type` in the first field called `Type`. + + ![Home - Access Roles](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/resource-type-creation/home_roles_v602.webp) + +2. Fill in the fields. +Original image link: ![Home - Access Roles](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/resource-type-creation/home_roles_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\categorization\resource-type-creation\index.md +Context: +2. Fill in the fields. + + ![New Resource Type](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/resource-type-creation/resourcetype_newresourcet_v603.webp) + + - `Identifier`: must be unique among resource types, without any whitespace, and be +Original image link: ![New Resource Type](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/resource-type-creation/resourcetype_newresourcet_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\categorization\resource-type-creation\index.md +Context: +![Home - Access Roles](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/resource-type-creation/home_roles_v602.webp) + +![Test Connector](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/resource-type-creation/resourcetype_test_v602.webp) + +Original image link: ![Test Connector](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/resource-type-creation/resourcetype_test_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\configure-global-settings\index.md +Context: +The Settings interface provides information and management options for the application. + +![accesscertificationonlyapprovedenysettings](/img/product_docs/identitymanager/saas/user-guide/set-up/configure-global-settings/accesscertificationonlyapprovedenysettings.webp) + +### Look and Feel +Original image link: ![accesscertificationonlyapprovedenysettings](/img/product_docs/identitymanager/saas/user-guide/set-up/configure-global-settings/accesscertificationonlyapprovedenysettings.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\configure-global-settings\index.md +Context: +Certification items while making the **More** button unavailable. + +![allowapprovingdenyingaccesscertificationitems](/img/product_docs/identitymanager/saas/user-guide/set-up/configure-global-settings/allowapprovingdenyingaccesscertificationitems.webp) + +If the feature **Only allow approving and denying on access certification items** is set to **No** +Original image link: ![allowapprovingdenyingaccesscertificationitems](/img/product_docs/identitymanager/saas/user-guide/set-up/configure-global-settings/allowapprovingdenyingaccesscertificationitems.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\configure-global-settings\index.md +Context: +the following will be visible on the certification screen: + +![accesscertificationonlyapprovedeny](/img/product_docs/identitymanager/saas/user-guide/set-up/configure-global-settings/accesscertificationonlyapprovedeny.webp) + +If the feature **Only allow approving and denying on access certification items** is set to **Yes** +Original image link: ![accesscertificationonlyapprovedeny](/img/product_docs/identitymanager/saas/user-guide/set-up/configure-global-settings/accesscertificationonlyapprovedeny.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\configure-global-settings\index.md +Context: +the following will be visible on the certification screen: + +![accesscertificationonlyapprovedeny-disabled](/img/product_docs/identitymanager/saas/user-guide/set-up/configure-global-settings/accesscertificationonlyapprovedeny-disabled.webp) + +This is how the user's experience can be customized directly from the UI. +Original image link: ![accesscertificationonlyapprovedeny-disabled](/img/product_docs/identitymanager/saas/user-guide/set-up/configure-global-settings/accesscertificationonlyapprovedeny-disabled.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\configure-workflows\index.md +Context: +To perform the review of a user creation, one should have the right permissions. + +![Review Permissions](/img/product_docs/identitymanager/saas/user-guide/set-up/configure-workflows/workflows_reviewpermissions_v601.webp) + +When a review is needed, a notification appears on the **MY TASKS** tab at the top. +Original image link: ![Review Permissions](/img/product_docs/identitymanager/saas/user-guide/set-up/configure-workflows/workflows_reviewpermissions_v601.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\configure-workflows\index.md +Context: +When a review is needed, a notification appears on the **MY TASKS** tab at the top. + +![My Tasks Tab](/img/product_docs/identitymanager/saas/user-guide/set-up/configure-workflows/home_topbar_v601.webp) + +The reviewer can then complete the creation request and finally approve it. +Original image link: ![My Tasks Tab](/img/product_docs/identitymanager/saas/user-guide/set-up/configure-workflows/home_topbar_v601.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\configure-workflows\index.md +Context: + **Onboarding Workflows** in the left menu. + + ![Home - Settings](/img/product_docs/identitymanager/saas/user-guide/set-up/user-profile-configuration/home_settings_v523.webp) + +2. For each workflow, choose whether a review step is required. +Original image link: ![Home - Settings](/img/product_docs/identitymanager/saas/user-guide/set-up/user-profile-configuration/home_settings_v523.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\configure-workflows\index.md +Context: +2. For each workflow, choose whether a review step is required. + + ![Workflows Review Steps](/img/product_docs/identitymanager/saas/user-guide/set-up/configure-workflows/workflows_reviewsteps_v601.webp) + + Netwrix Identity Manager (formerly Usercube) recommends enabling the review for the onboarding +Original image link: ![Workflows Review Steps](/img/product_docs/identitymanager/saas/user-guide/set-up/configure-workflows/workflows_reviewsteps_v601.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\configure-workflows\index.md +Context: +3. Configure the homonym detection. + + ![Workflows Homonym Detection](/img/product_docs/identitymanager/saas/user-guide/set-up/configure-workflows/workflows_homonyms_v601.webp) + + Netwrix Identity Manager (formerly Usercube) recommends enabling the birth name comparison to +Original image link: ![Workflows Homonym Detection](/img/product_docs/identitymanager/saas/user-guide/set-up/configure-workflows/workflows_homonyms_v601.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\configure-workflows\index.md +Context: +4. Click on **Save** at the top of the page. + + ![Save Icon](/img/product_docs/identitymanager/saas/user-guide/set-up/user-profile-configuration/iconsave_v602.svg) + +## Verify Workflow Configuration +Original image link: ![Save Icon](/img/product_docs/identitymanager/saas/user-guide/set-up/user-profile-configuration/iconsave_v602.svg) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\configure-workflows\index.md +Context: +1. Access the user directory from the home page. + + ![Home Page - Directory User](/img/product_docs/identitymanager/saas/user-guide/set-up/configure-workflows/home_directoryuser_v523.webp) + +2. Execute the workflows for a new employee and a new contractor. +Original image link: ![Home Page - Directory User](/img/product_docs/identitymanager/saas/user-guide/set-up/configure-workflows/home_directoryuser_v523.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\configure-workflows\index.md +Context: + > For example, if the inversion comparison is enabled between the first and last names: + > + > ![Workflows Homonym Detection](/img/product_docs/identitymanager/saas/user-guide/set-up/configure-workflows/workflows_verifyhomonyms_v601.webp) + +4. Make sure that the potential validation steps are in accordance with the specified options. +Original image link: ![Workflows Homonym Detection](/img/product_docs/identitymanager/saas/user-guide/set-up/configure-workflows/workflows_verifyhomonyms_v601.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\connect-system\connection-creation\index.md +Context: +1. Click on the addition button in the **Connections** frame on the connector's summary page. + + ![Add a New Connection](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/connection-creation/connection_newconnection_v602.webp) + +2. Fill in the connection information fields on the left, then select a package (AD, CSV, etc.) and +Original image link: ![Add a New Connection](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/connection-creation/connection_newconnection_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\connect-system\connection-creation\index.md +Context: + fill the associated agent settings on the right. + + ![Connection Creation](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/connection-creation/connectioncreation_connectioncreation_v602.webp) + + - `Identifier`: must be unique among connections, without any whitespace, start with a letter, +Original image link: ![Connection Creation](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/connection-creation/connectioncreation_connectioncreation_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\connect-system\connection-creation\index.md +Context: + connection is refreshed; + + ![Refresh Schema of One Connection](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/connection-creation/connectioncreation_refreshschema_v522.webp) + +- when clicking on **Refresh all schemas** on the connector's page: all schemas of the connector are +Original image link: ![Refresh Schema of One Connection](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/connection-creation/connectioncreation_refreshschema_v522.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\connect-system\connection-creation\index.md +Context: + refreshed. + + ![Refresh all Schemas](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/connection-creation/connectioncreation_refreshall_v602.webp) + +In the **Connections** frame, either the last successful schema update is indicated or an icon is +Original image link: ![Refresh all Schemas](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/connection-creation/connectioncreation_refreshall_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\connect-system\connection-creation\index.md +Context: +shown if the refresh schema failed. + +![Failed Refresh Schemas](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/connection-creation/connectioncreation_failedindicator_v602.webp) + +Some packages don't generate a schema. For these packages, the **Refresh Schema** button isn't +Original image link: ![Failed Refresh Schemas](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/connection-creation/connectioncreation_failedindicator_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\connect-system\connection-creation\index.md +Context: +indicated by the sentence "_There is no schema for this connection_". + +![No Schema](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/connection-creation/connectioncreation_noschema_v522.webp) + +The connections' schemas must be refreshed before editing the connector's entity types via the UI, +Original image link: ![No Schema](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/connection-creation/connectioncreation_noschema_v522.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\connect-system\connection-creation\index.md +Context: +1. click on **Check Connection** to ensure that Identity Manager can reach the managed system; + + ![Check Connection](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/connection-creation/connectioncreation_checkconnection_v602.webp) + + Some connectors have both incremental and complete setting modes. See the +Original image link: ![Check Connection](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/connection-creation/connectioncreation_checkconnection_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\connect-system\connection-creation\index.md +Context: + without the Failed icon. + +![Decline Icon](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/connection-creation/certifcampaign_icondecline_v522.svg) + +## Troubleshooting +Original image link: ![Decline Icon](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/connection-creation/certifcampaign_icondecline_v522.svg) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\connect-system\connection-creation\index.md +Context: +If the schema couldn't be recovered, then: + +![Schema Not Recovered](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/connection-creation/connection_notrecovered_v523.webp) + +- Ensure that the managed system is properly connected. +Original image link: ![Schema Not Recovered](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/connection-creation/connection_notrecovered_v523.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\connect-system\connector-declaration\index.md +Context: +1. On the home page in the **Configuration** section, click on the **Connectors** button. + + ![Home page - Connectors](/img/product_docs/identitymanager/saas/user-guide/set-up/synchronization/home_connectors_v602.webp) + + You will see all existing connectors. +Original image link: ![Home page - Connectors](/img/product_docs/identitymanager/saas/user-guide/set-up/synchronization/home_connectors_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\connect-system\connector-declaration\index.md +Context: +2. Click on the addition icon and fill in the information fields. + + ![Addition Icon](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/classification/iconadd_v602.svg) + + ![Connector creation](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/connector-declaration/connectorcreation_declaration_v602.webp) +Original image link: ![Addition Icon](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/classification/iconadd_v602.svg) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\connect-system\connector-declaration\index.md +Context: + ![Addition Icon](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/classification/iconadd_v602.svg) + + ![Connector creation](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/connector-declaration/connectorcreation_declaration_v602.webp) + + - `Identifier`: must be unique among connectors, without any whitespace, start with a letter, +Original image link: ![Connector creation](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/connector-declaration/connectorcreation_declaration_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\connect-system\connector-declaration\index.md +Context: +3. Click on **+ Create** to get on the connector's overview page: + + ![Connector page](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/connector-declaration/connectorcreation_connectorpage_v602.webp) + +## Verify the Connector Declaration +Original image link: ![Connector page](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/connector-declaration/connectorcreation_connectorpage_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\connect-system\connector-declaration\index.md +Context: +the right name and identifier. + +![Test Connector](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/connector-declaration/connectorcreation_test_v602.webp) + +Original image link: ![Test Connector](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/connector-declaration/connectorcreation_test_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\connect-system\connector-modeling\index.md +Context: +All templates are detailed with examples and schemas with the following key: + +![Schemas' Key](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/connector-modeling/connectormodel_key.webp) + +During the technical modeling inside Identity Manager, these objects will become entity types, their +Original image link: ![Schemas' Key](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/connector-modeling/connectormodel_key.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\connect-system\connector-modeling\index.md +Context: +#### Model + +![User Model](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/connector-modeling/connectormodel_user.webp) + +Thus you need to create one entity type to represent either accounts or other resources. +Original image link: ![User Model](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/connector-modeling/connectormodel_user.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\connect-system\connector-modeling\index.md +Context: +users. + +![User Model - Canteen Badges Example](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/connector-modeling/connectormodel_user-canteen.webp) + +#### Example - Mailboxes +Original image link: ![User Model - Canteen Badges Example](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/connector-modeling/connectormodel_user-canteen.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\connect-system\connector-modeling\index.md +Context: +lists, or through mailbox entitlements and their lists of authorized users. + +![User Model - Mailboxes Example](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/connector-modeling/connectormodel_user-mailbox.webp) + +### User-Group +Original image link: ![User Model - Mailboxes Example](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/connector-modeling/connectormodel_user-mailbox.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\connect-system\connector-modeling\index.md +Context: +#### Model + +![User-Group Model](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/connector-modeling/connectormodel_usergroup.webp) + +Thus you need to create one entity type to represent groups (or roles or profiles) and one for +Original image link: ![User-Group Model](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/connector-modeling/connectormodel_usergroup.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\connect-system\connector-modeling\index.md +Context: +types in order to link `User` with `Group` with an "n-to-n" relationship. + +![User-Group Example - SAB](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/connector-modeling/connectormodel_sab.webp) + +#### Example - RACF +Original image link: ![User-Group Example - SAB](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/connector-modeling/connectormodel_sab.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\connect-system\connector-modeling\index.md +Context: +the system can be simplified to be managed by Identity Manager following the User-Group model. + +![User-Group Example - RACF](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/connector-modeling/connectormodel_racf.webp) + +For RACF, Identity Manager provisions only the link between accounts and groups. +Original image link: ![User-Group Example - RACF](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/connector-modeling/connectormodel_racf.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\connect-system\connector-modeling\index.md +Context: +authorizations, and are linked to users through group (profile) membership. + +![User-Group Example - TSS](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/connector-modeling/connectormodel_tss.webp) + +For TSS, Identity Manager provisions only the link between users and profiles. +Original image link: ![User-Group Example - TSS](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/connector-modeling/connectormodel_tss.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\connect-system\connector-modeling\index.md +Context: +through a given position and wallet. + +![User-Group Example - SDGE](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/connector-modeling/connectormodel_sdge.webp) + +For SDGE, Identity Manager provisions only workers and the link between workers and positions. +Original image link: ![User-Group Example - SDGE](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/connector-modeling/connectormodel_sdge.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\connect-system\connector-modeling\index.md +Context: +#### Model + +![Account-Profile-Transaction Model](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/connector-modeling/connectormodel_profiletransaction.webp) + +Thus you need to create one entity type to represent accounts, one for profiles, and one for +Original image link: ![Account-Profile-Transaction Model](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/connector-modeling/connectormodel_profiletransaction.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\connect-system\connector-modeling\index.md +Context: +See the schema below this note. + +![Profiles Example](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/connector-modeling/connectormodel_profiles.webp) + +Transactions are not mandatory in a model. Most of the time, the profile packages are predefined +Original image link: ![Profiles Example](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/connector-modeling/connectormodel_profiles.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\connect-system\connector-modeling\index.md +Context: +User-Group part is explained above. + +![User-Group Example - TSS](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/connector-modeling/connectormodel_tss-prof-trans.webp) + +Transactions are called here authorizations. +Original image link: ![User-Group Example - TSS](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/connector-modeling/connectormodel_tss-prof-trans.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\connect-system\connector-modeling\index.md +Context: +#### Model + +![Star Model](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/connector-modeling/connectormodel_star.webp) + +Thus you need to create one entity type to represent accounts, one for each criterion, and another +Original image link: ![Star Model](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/connector-modeling/connectormodel_star.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\connect-system\connector-modeling\index.md +Context: +sites. So a user may be assigned a given entitlement for a given profile, attachment area and site. + +![Star Model Example](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/connector-modeling/connectormodel_starmodel.webp) + +For this connector, Identity Manager provisions only the links between accounts and linking objects, +Original image link: ![Star Model Example](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/connector-modeling/connectormodel_starmodel.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\connect-system\connector-modeling\index.md +Context: +We start by renaming the `Account` object as `AD_User` and the `Group` object as `AD_Group`. + +![AD Example - Step 1](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/connector-modeling/connectormodel_ad-step1.webp) + +**Step 3: define useful data close to your reality.** +Original image link: ![AD Example - Step 1](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/connector-modeling/connectormodel_ad-step1.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\connect-system\connector-modeling\index.md +Context: +We shape these objects with the following attributes: + +![AD Example - Step 2](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/connector-modeling/connectormodel_ad.webp) + +**Step 4: ensure that all objects have unique keys.** +Original image link: ![AD Example - Step 2](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/connector-modeling/connectormodel_ad.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\connect-system\connector-modeling\index.md +Context: +> attributes provides the means to add objects without creating new entity types. +> +> ![AD_Entry Example](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/connector-modeling/connectormodel_adentry.webp) + +Original image link: ![AD_Entry Example](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/connector-modeling/connectormodel_adentry.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\connect-system\entity-type-creation\datasheet-organization\index.md +Context: +> For example, for an HR user without any display groups: +> +> ![Without Display Groups](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/entity-type-creation/datasheet-organization/entitytypecreation_displaygroups_without_v603.webp) + +## Organize Resources' Datasheets +Original image link: ![Without Display Groups](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/entity-type-creation/datasheet-organization/entitytypecreation_displaygroups_without_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\connect-system\entity-type-creation\datasheet-organization\index.md +Context: +3. On the entity type's definition page, click on the **Display** tab. + + ![Display Groups](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/entity-type-creation/datasheet-organization/entitytypecreation_displaygroups_v603.webp) + +4. Click on the arrow to see the entity type's properties listed in the alphabetical order, and drag +Original image link: ![Display Groups](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/entity-type-creation/datasheet-organization/entitytypecreation_displaygroups_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\connect-system\entity-type-creation\datasheet-organization\index.md +Context: + > For example: + > + > ![Display Example](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/entity-type-creation/datasheet-organization/entitytypecreation_displaygroups_example1_v603.webp) + +5. When needing to group properties together, click on **Add Display Group**, fill in the fields and +Original image link: ![Display Example](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/entity-type-creation/datasheet-organization/entitytypecreation_displaygroups_example1_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\connect-system\entity-type-creation\datasheet-organization\index.md +Context: + select from the pop-up window the properties to be grouped. + + ![Display Group Fields](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/entity-type-creation/datasheet-organization/entitytypecreation_displaygroups_fields_v603.webp) + + - `Identifier`: must be unique among display groups, without any whitespace, and be +Original image link: ![Display Group Fields](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/entity-type-creation/datasheet-organization/entitytypecreation_displaygroups_fields_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\connect-system\entity-type-creation\datasheet-organization\index.md +Context: + > For example: + > + > ![Display Example](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/entity-type-creation/datasheet-organization/entitytypecreation_displaygroups_example2_v603.webp) + > + > The entity type's resources would look like: +Original image link: ![Display Example](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/entity-type-creation/datasheet-organization/entitytypecreation_displaygroups_example2_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\connect-system\entity-type-creation\datasheet-organization\index.md +Context: + > The entity type's resources would look like: + > + > ![Display Example](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/entity-type-creation/datasheet-organization/entitytypecreation_displaygroups_example2results_v603.webp) + +6. Click on **Save & Close**. +Original image link: ![Display Example](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/entity-type-creation/datasheet-organization/entitytypecreation_displaygroups_example2results_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\connect-system\entity-type-creation\datasheet-organization\index.md +Context: +time. It is essential though to reload after the final changes are made. + +![Reload](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/entity-type-creation/key-selection/entitytypecreation_reload_v522.webp) + +The **Reload** button mostly enables your changes to appear in the menu items, which configure the +Original image link: ![Reload](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/entity-type-creation/key-selection/entitytypecreation_reload_v522.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\connect-system\entity-type-creation\display-name-setting\index.md +Context: +` - `. + +![Display Name - Example](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/entity-type-creation/display-name-setting/entitytypecreation_displaynameexample_v600.webp) + +If you do not set your own display name, Identity Manager provides a default value based on the +Original image link: ![Display Name - Example](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/entity-type-creation/display-name-setting/entitytypecreation_displaynameexample_v600.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\connect-system\entity-type-creation\display-name-setting\index.md +Context: +3. On the entity type's definition page, click on the **Settings** tab. + + ![Display Name - Property Path](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/entity-type-creation/display-name-setting/entitytypecreation_displayname_v603.webp) + +4. Set the display name. As a display name, you can use either the value of an existing property, or +Original image link: ![Display Name - Property Path](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/entity-type-creation/display-name-setting/entitytypecreation_displayname_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\connect-system\entity-type-creation\display-name-setting\index.md +Context: + > functions. + > + > ![AD Entity Type - Display Name](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/entity-type-creation/display-name-setting/entitytypecreation_examplead4_v602.webp) + > + > ![AD Entity Type - Display Name Result](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/entity-type-creation/display-name-setting/entitytypecreation_examplead4-result_v602.webp) +Original image link: ![AD Entity Type - Display Name](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/entity-type-creation/display-name-setting/entitytypecreation_examplead4_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\connect-system\entity-type-creation\display-name-setting\index.md +Context: + > ![AD Entity Type - Display Name](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/entity-type-creation/display-name-setting/entitytypecreation_examplead4_v602.webp) + > + > ![AD Entity Type - Display Name Result](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/entity-type-creation/display-name-setting/entitytypecreation_examplead4-result_v602.webp) + + > Another example from the HR connector (User entity type): +Original image link: ![AD Entity Type - Display Name Result](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/entity-type-creation/display-name-setting/entitytypecreation_examplead4-result_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\connect-system\entity-type-creation\display-name-setting\index.md +Context: + > Another example from the HR connector (User entity type): + > + > ![HR User Entity Type - Display Name](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/entity-type-creation/display-name-setting/entitytypecreation_examplehr_v602.webp) + > + > ![HR User Entity Type - Display Name Result](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/entity-type-creation/display-name-setting/entitytypecreation_examplehr-result_v602.webp) +Original image link: ![HR User Entity Type - Display Name](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/entity-type-creation/display-name-setting/entitytypecreation_examplehr_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\connect-system\entity-type-creation\display-name-setting\index.md +Context: + > ![HR User Entity Type - Display Name](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/entity-type-creation/display-name-setting/entitytypecreation_examplehr_v602.webp) + > + > ![HR User Entity Type - Display Name Result](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/entity-type-creation/display-name-setting/entitytypecreation_examplehr-result_v602.webp) + +5. Click on **Save & Close**. +Original image link: ![HR User Entity Type - Display Name Result](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/entity-type-creation/display-name-setting/entitytypecreation_examplehr-result_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\connect-system\entity-type-creation\display-name-setting\index.md +Context: +time. It is essential though to reload after the final changes are made. + +![Reload](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/entity-type-creation/key-selection/entitytypecreation_reload_v522.webp) + +The **Reload** button mostly enables your changes to appear in the menu items, which configure the +Original image link: ![Reload](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/entity-type-creation/key-selection/entitytypecreation_reload_v522.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\connect-system\entity-type-creation\display-name-setting\index.md +Context: +If no property appears in the display name auto-completion, then: + +![No Property](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/entity-type-creation/display-name-setting/entitytypecreation_troubleprop_v602.webp) + +Ensure that the created properties are saved by clicking on **Save & Close** > **Save** at the top +Original image link: ![No Property](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/entity-type-creation/display-name-setting/entitytypecreation_troubleprop_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\connect-system\entity-type-creation\entity-type-declaration\index.md +Context: + **Configuration** section, then on the relevant connector. + + ![Home page - Connectors](/img/product_docs/identitymanager/saas/user-guide/set-up/synchronization/home_connectors_v602.webp) + +2. On the connector's page, in the **Entity Types** frame, click on the addition button. +Original image link: ![Home page - Connectors](/img/product_docs/identitymanager/saas/user-guide/set-up/synchronization/home_connectors_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\connect-system\entity-type-creation\entity-type-declaration\index.md +Context: +2. On the connector's page, in the **Entity Types** frame, click on the addition button. + + ![Addition Icon](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/classification/iconadd_v602.svg) + +3. Fill in the information fields. +Original image link: ![Addition Icon](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/classification/iconadd_v602.svg) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\connect-system\entity-type-creation\entity-type-declaration\index.md +Context: +3. Fill in the information fields. + + ![Entity type creation](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/entity-type-creation/entity-type-declaration/entitytypecreation_entitytypecreation_v602.webp) + + - `Identifier`: must be unique among entity types, without any whitespace, and be C#-compatible. +Original image link: ![Entity type creation](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/entity-type-creation/entity-type-declaration/entitytypecreation_entitytypecreation_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\connect-system\entity-type-creation\entity-type-declaration\index.md +Context: + source's data structure. + + ![Properties' source](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/entity-type-creation/entity-type-declaration/entitytypecreation_propertiessource_v522.webp) + + > Let's use the example of an AD connector. We create an entity type `AD - Entry` to gather the +Original image link: ![Properties' source](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/entity-type-creation/entity-type-declaration/entitytypecreation_propertiessource_v522.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\connect-system\entity-type-creation\entity-type-declaration\index.md +Context: +If there is a message stating to refresh the connection's schema, then: + +![No Connection Table Error](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/entity-type-creation/entity-type-declaration/entitytypecreation_troubleshootingschema_v603.webp) + +Start by making sure that the connection's schema is refreshed by clicking on **Refresh all +Original image link: ![No Connection Table Error](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/entity-type-creation/entity-type-declaration/entitytypecreation_troubleshootingschema_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\connect-system\entity-type-creation\index.md +Context: +([ Define Navigation Properties ](/docs/identitymanager/6.2/user-guide/set-up/connect-system/entity-type-creation/navigation-property-definition/index.md)), both described later. + +![Entity Type - Schema](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/entity-type-creation/entitytypecreation_schema.webp) + +The configuration of entity types depends entirely on the previously established +Original image link: ![Entity Type - Schema](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/entity-type-creation/entitytypecreation_schema.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\connect-system\entity-type-creation\index.md +Context: +> connection but no entity types. +> +> ![Entity Type - AD Template](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/entity-type-creation/entitytype_template_v602.webp) + +## Verify the Entity Type +Original image link: ![Entity Type - AD Template](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/entity-type-creation/entitytype_template_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\connect-system\entity-type-creation\key-selection\index.md +Context: + information. + + ![Keys](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/entity-type-creation/key-selection/entitytypecreation_keys_v522.webp) + +2. In the entity type's **Properties** section, choose the key properties. +Original image link: ![Keys](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/entity-type-creation/key-selection/entitytypecreation_keys_v522.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\connect-system\entity-type-creation\key-selection\index.md +Context: +time. It is essential though to reload after the final changes are made. + +![Reload](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/entity-type-creation/key-selection/entitytypecreation_reload_v522.webp) + +The **Reload** button mostly enables your changes to appear in the menu items, which configure the +Original image link: ![Reload](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/entity-type-creation/key-selection/entitytypecreation_reload_v522.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\connect-system\entity-type-creation\navigation-property-definition\index.md +Context: +> For the AD entry `ADM Vidal Pierre`: +> +> ![Navigation Property - memberOf](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/entity-type-creation/navigation-property-definition/entitytypecreation_memberof_v600.webp) +> +> Clicking a group shows its properties, including the reverse side of `memberOf`, called `member`, +Original image link: ![Navigation Property - memberOf](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/entity-type-creation/navigation-property-definition/entitytypecreation_memberof_v600.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\connect-system\entity-type-creation\navigation-property-definition\index.md +Context: +> For the group `SG_APP_RAY_0_LDAP_READLDSFEDE`: +> +> ![Navigation Property - member](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/entity-type-creation/navigation-property-definition/entitytypecreation_member_v600.webp) + +> **Example 2**: Departments can link to managers using the `Manager` property, referencing a user’s +Original image link: ![Navigation Property - member](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/entity-type-creation/navigation-property-definition/entitytypecreation_member_v600.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\connect-system\entity-type-creation\navigation-property-definition\index.md +Context: +> profile: +> +> ![Navigation Property - Manager](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/entity-type-creation/navigation-property-definition/entitytypecreation_manager_v600.webp) +> +> That profile includes a `Department` property, pointing back to the managed department: +Original image link: ![Navigation Property - Manager](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/entity-type-creation/navigation-property-definition/entitytypecreation_manager_v600.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\connect-system\entity-type-creation\navigation-property-definition\index.md +Context: +> That profile includes a `Department` property, pointing back to the managed department: +> +> ![Navigation Property - Managed Department](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/entity-type-creation/navigation-property-definition/entitytypecreation_managerof_v600.webp) + +Navigation properties can link: +Original image link: ![Navigation Property - Managed Department](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/entity-type-creation/navigation-property-definition/entitytypecreation_managerof_v600.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\connect-system\entity-type-creation\navigation-property-definition\index.md +Context: +4. Fill out the configuration fields: + + ![Navigation Properties](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/entity-type-creation/navigation-property-definition/entitytypecreation_navigationproperties_v602.webp) + + - The **first line** maps the source column. +Original image link: ![Navigation Properties](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/entity-type-creation/navigation-property-definition/entitytypecreation_navigationproperties_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\connect-system\entity-type-creation\navigation-property-definition\index.md +Context: +> `directReports`, `memberOf`, `member`, `parentdn`, `children` + +> ![AD Entity Type - Navigation Properties](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/entity-type-creation/navigation-property-definition/entitytypecreation_examplead3_v603.webp) + +--- +Original image link: ![AD Entity Type - Navigation Properties](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/entity-type-creation/navigation-property-definition/entitytypecreation_examplead3_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\connect-system\entity-type-creation\navigation-property-definition\index.md +Context: +5. Click the gear icon to open **Advanced Settings**: + + ![Advanced Settings](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/entity-type-creation/scalar-property-definition/entitytypecreation_propertiessettings_v602.webp) + + - `Icon`: Choose from [Microsoft's icon list](https://uifabricicons.azurewebsites.net/) +Original image link: ![Advanced Settings](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/entity-type-creation/scalar-property-definition/entitytypecreation_propertiessettings_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\connect-system\entity-type-creation\navigation-property-definition\index.md +Context: + > `lastLogonTimestamp`: + > + > ![Advanced Settings](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/entity-type-creation/scalar-property-definition/entitytypecreation_sourceexpressionexample_v60.webp) + + - `Flexible Comparison Expression`: Improves search flexibility for the property. +Original image link: ![Advanced Settings](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/entity-type-creation/scalar-property-definition/entitytypecreation_sourceexpressionexample_v60.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\connect-system\entity-type-creation\navigation-property-definition\index.md +Context: +You can defer this, but **must reload after final changes**. + +![Reload](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/entity-type-creation/key-selection/entitytypecreation_reload_v522.webp) + +Reloading ensures the updated navigation properties appear in the UI’s left menu structure. +Original image link: ![Reload](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/entity-type-creation/key-selection/entitytypecreation_reload_v522.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\connect-system\entity-type-creation\scalar-property-definition\index.md +Context: +> For example: `DisplayName`; `Email`; `Identifier`; `StartDate`; etc. +> +> ![Scalar Properties](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/entity-type-creation/scalar-property-definition/entitytypecreation_scalarex_v600.webp) + +Most often, properties inside Identity Manager are each linked to a property from the managed +Original image link: ![Scalar Properties](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/entity-type-creation/scalar-property-definition/entitytypecreation_scalarex_v600.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\connect-system\entity-type-creation\scalar-property-definition\index.md +Context: + type. + + ![Map from source](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/entity-type-creation/scalar-property-definition/entitytypecreation_scalarpropertiesmap_v602.webp) + + You need to configure at least one property to be able to define primary keys later, and thus +Original image link: ![Map from source](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/entity-type-creation/scalar-property-definition/entitytypecreation_scalarpropertiesmap_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\connect-system\entity-type-creation\scalar-property-definition\index.md +Context: +3. Fill in the information fields. + + ![Scalar properties](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/entity-type-creation/scalar-property-definition/entitytypecreation_scalarproperties_v603.webp) + + - **APPLICATION METADATA**: fields about the future display of the properties inside Identity +Original image link: ![Scalar properties](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/entity-type-creation/scalar-property-definition/entitytypecreation_scalarproperties_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\connect-system\entity-type-creation\scalar-property-definition\index.md +Context: + > `1601 Date`. + > + > ![AD Entity Type - Scalar Properties](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/entity-type-creation/scalar-property-definition/entitytypecreation_examplead2_v602.webp) + +4. Click on the Gear symbol to add advanced settings if needed. +Original image link: ![AD Entity Type - Scalar Properties](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/entity-type-creation/scalar-property-definition/entitytypecreation_examplead2_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\connect-system\entity-type-creation\scalar-property-definition\index.md +Context: +4. Click on the Gear symbol to add advanced settings if needed. + + ![Advanced Settings](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/entity-type-creation/scalar-property-definition/entitytypecreation_propertiessettings_v602.webp) + + - `Icon`: can be chosen from [Microsoft's list](https://uifabricicons.azurewebsites.net/) and +Original image link: ![Advanced Settings](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/entity-type-creation/scalar-property-definition/entitytypecreation_propertiessettings_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\connect-system\entity-type-creation\scalar-property-definition\index.md +Context: + > `accountExpires` and `lastLogonTimestamp`: + > + > ![Advanced Settings](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/entity-type-creation/scalar-property-definition/entitytypecreation_sourceexpressionexample_v60.webp) + + - `Flexible Comparison Expression`: expression that inserts adaptable comparison flexibility +Original image link: ![Advanced Settings](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/entity-type-creation/scalar-property-definition/entitytypecreation_sourceexpressionexample_v60.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\connect-system\entity-type-creation\scalar-property-definition\index.md +Context: +time. It is essential though to reload after the final changes are made. + +![Reload](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/entity-type-creation/key-selection/entitytypecreation_reload_v522.webp) + +The **Reload** button mostly enables your changes to appear in the menu items, which configure the +Original image link: ![Reload](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/entity-type-creation/key-selection/entitytypecreation_reload_v522.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\connect-system\entity-type-creation\scalar-property-definition\index.md +Context: +If the Format column is not displayed in the External System part, then: + +![Scalar properties](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/entity-type-creation/scalar-property-definition/entitytypecreation_scalarpropertieswithoutformat_v522.webp) + +Refresh the connections' schemas. +Original image link: ![Scalar properties](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/entity-type-creation/scalar-property-definition/entitytypecreation_scalarpropertieswithoutformat_v522.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\connect-system\index.md +Context: +A connector, therefore, acts as an interface between Identity Manager and a managed system. + +![Connector Schema](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/connectorcreation_connectorschema.webp) + +NETWRIX strongly recommends the creation of one connector for one application. +Original image link: ![Connector Schema](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/connectorcreation_connectorschema.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\connect-system\index.md +Context: +Manager will feed data into connected managed systems. + +![Outbound System=](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/connectorcreation_outbound.webp) + +In this case, data flows between Identity Manager and the managed system are also called: +Original image link: ![Outbound System=](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/connectorcreation_outbound.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\connect-system\index.md +Context: + > manually through Identity Manager. + +![Connector Technical Schema](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/connectorcreation_connectortechnicalschema.webp) + +A connector requires at least one connection and one entity type. +Original image link: ![Connector Technical Schema](/img/product_docs/identitymanager/saas/user-guide/set-up/connect-system/connectorcreation_connectortechnicalschema.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\connect-system\index.md +Context: +You can activate the connector again at any time using the same button. + +![Jobs Results Dashboard](/img/product_docs/identitymanager/saas/user-guide/set-up/synchronization/synchro_dashboard_v522.webp) + +## Next Steps +Original image link: ![Jobs Results Dashboard](/img/product_docs/identitymanager/saas/user-guide/set-up/synchronization/synchro_dashboard_v522.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\initial-identities-loading\adjust-datamodel\index.md +Context: +1. On the home page, click on **Settings** in the **Configuration** section. + + ![Home Page - Configuration](/img/product_docs/identitymanager/saas/user-guide/set-up/user-profile-configuration/home_settings_v523.webp) + +2. On the **Workforce** > **Data Model** page, click on the following icon to adjust the data model +Original image link: ![Home Page - Configuration](/img/product_docs/identitymanager/saas/user-guide/set-up/user-profile-configuration/home_settings_v523.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\initial-identities-loading\adjust-datamodel\index.md +Context: + to your specific situation. + + ![Scan Data Model](/img/product_docs/identitymanager/saas/user-guide/set-up/initial-identities-loading/adjust-datamodel/iconscandatamodel_v602.svg) + + ![Scan Data Model](/img/product_docs/identitymanager/saas/user-guide/set-up/initial-identities-loading/adjust-datamodel/initialload_scandatamodel_v60.webp) +Original image link: ![Scan Data Model](/img/product_docs/identitymanager/saas/user-guide/set-up/initial-identities-loading/adjust-datamodel/iconscandatamodel_v602.svg) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\initial-identities-loading\adjust-datamodel\index.md +Context: + ![Scan Data Model](/img/product_docs/identitymanager/saas/user-guide/set-up/initial-identities-loading/adjust-datamodel/iconscandatamodel_v602.svg) + + ![Scan Data Model](/img/product_docs/identitymanager/saas/user-guide/set-up/initial-identities-loading/adjust-datamodel/initialload_scandatamodel_v60.webp) + + Identity Manager counts the entries for each attribute and suggests a quantification: +Original image link: ![Scan Data Model](/img/product_docs/identitymanager/saas/user-guide/set-up/initial-identities-loading/adjust-datamodel/initialload_scandatamodel_v60.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\initial-identities-loading\adjust-datamodel\index.md +Context: + forms optimally (e.g. dropdown list, search tool, etc.). + + ![Scan Data Model - Result](/img/product_docs/identitymanager/saas/user-guide/set-up/initial-identities-loading/adjust-datamodel/initialload_scandatamodel-result_v523.webp) + +3. Observe the result and adjust manually the data model if needed, by clicking on the properties. +Original image link: ![Scan Data Model - Result](/img/product_docs/identitymanager/saas/user-guide/set-up/initial-identities-loading/adjust-datamodel/initialload_scandatamodel-result_v523.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\initial-identities-loading\adjust-datamodel\index.md +Context: +4. Click on the Save icon at the top. + + ![Save Icon](/img/product_docs/identitymanager/saas/user-guide/set-up/user-profile-configuration/iconsave_v602.svg) + +5. Click on the **Reload** button to apply the recent changes to the application. +Original image link: ![Save Icon](/img/product_docs/identitymanager/saas/user-guide/set-up/user-profile-configuration/iconsave_v602.svg) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\initial-identities-loading\adjust-datamodel\index.md +Context: +5. Click on the **Reload** button to apply the recent changes to the application. + + ![Reload Button](/img/product_docs/identitymanager/saas/user-guide/set-up/initial-identities-loading/generate-unique-properties/reload_v603.webp) + +## Verify Identities Loading +Original image link: ![Reload Button](/img/product_docs/identitymanager/saas/user-guide/set-up/initial-identities-loading/generate-unique-properties/reload_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\initial-identities-loading\adjust-datamodel\index.md +Context: + > For example, our `Region` field in `Site` is sized as `large`. + > + > ![Scan Data Model - Example](/img/product_docs/identitymanager/saas/user-guide/set-up/initial-identities-loading/adjust-datamodel/initialload_scan-example_v523.webp) + +2. Navigate within Identity Manager to find a workflow using the test field. Observe the displaying +Original image link: ![Scan Data Model - Example](/img/product_docs/identitymanager/saas/user-guide/set-up/initial-identities-loading/adjust-datamodel/initialload_scan-example_v523.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\initial-identities-loading\adjust-datamodel\index.md +Context: + > opening a pop-up and choosing the region in the list. + > + > ![Scan Data Model - Example](/img/product_docs/identitymanager/saas/user-guide/set-up/initial-identities-loading/adjust-datamodel/initialload_scan-example2_v523.webp) + > + > ![Scan Data Model - Example](/img/product_docs/identitymanager/saas/user-guide/set-up/initial-identities-loading/adjust-datamodel/initialload_scan-example3_v523.webp) +Original image link: ![Scan Data Model - Example](/img/product_docs/identitymanager/saas/user-guide/set-up/initial-identities-loading/adjust-datamodel/initialload_scan-example2_v523.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\initial-identities-loading\adjust-datamodel\index.md +Context: + > ![Scan Data Model - Example](/img/product_docs/identitymanager/saas/user-guide/set-up/initial-identities-loading/adjust-datamodel/initialload_scan-example2_v523.webp) + > + > ![Scan Data Model - Example](/img/product_docs/identitymanager/saas/user-guide/set-up/initial-identities-loading/adjust-datamodel/initialload_scan-example3_v523.webp) + +3. Back on the scanning feature, change the displaying mode of your test field and save. +Original image link: ![Scan Data Model - Example](/img/product_docs/identitymanager/saas/user-guide/set-up/initial-identities-loading/adjust-datamodel/initialload_scan-example3_v523.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\initial-identities-loading\generate-unique-properties\index.md +Context: +1. On the home page, click on **Settings** in the **Configuration** section. + + ![Home Page - Configuration](/img/product_docs/identitymanager/saas/user-guide/set-up/user-profile-configuration/home_settings_v523.webp) + +2. On the **Workforce** > **Identifiers, Mails & Logins** page, you can follow Identity Manager's +Original image link: ![Home Page - Configuration](/img/product_docs/identitymanager/saas/user-guide/set-up/user-profile-configuration/home_settings_v523.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\initial-identities-loading\generate-unique-properties\index.md +Context: + based on one of the available options. + + ![Unique Identifier Generation](/img/product_docs/identitymanager/saas/user-guide/set-up/initial-identities-loading/generate-unique-properties/initialload_uniqueidentifier_v602.webp) + + - `Based on Full Name`: replaces all diacritics by the non-accentuated variants; removes all +Original image link: ![Unique Identifier Generation](/img/product_docs/identitymanager/saas/user-guide/set-up/initial-identities-loading/generate-unique-properties/initialload_uniqueidentifier_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\initial-identities-loading\generate-unique-properties\index.md +Context: + all users (who do not have one), based on one of the available options. + + ![Unique Email Generation](/img/product_docs/identitymanager/saas/user-guide/set-up/initial-identities-loading/generate-unique-properties/initialload_uniqueemail_v602.webp) + + - `Based on Full Name`: replaces all diacritics by the non-accentuated variants; removes all +Original image link: ![Unique Email Generation](/img/product_docs/identitymanager/saas/user-guide/set-up/initial-identities-loading/generate-unique-properties/initialload_uniqueemail_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\initial-identities-loading\generate-unique-properties\index.md +Context: + workers (who do not have one), based on one of the available options. + + ![Unique Login Generation](/img/product_docs/identitymanager/saas/user-guide/set-up/initial-identities-loading/generate-unique-properties/initialload_uniquelogin_v602.webp) + + - `Based on Email`: uses the local part of the email, i.e. before `@`. +Original image link: ![Unique Login Generation](/img/product_docs/identitymanager/saas/user-guide/set-up/initial-identities-loading/generate-unique-properties/initialload_uniquelogin_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\initial-identities-loading\generate-unique-properties\index.md +Context: +5. Click on the Save icon at the top. + + ![Save Icon](/img/product_docs/identitymanager/saas/user-guide/set-up/user-profile-configuration/iconsave_v602.svg) + +6. Click on the **Reload** button to apply the recent changes to the application. +Original image link: ![Save Icon](/img/product_docs/identitymanager/saas/user-guide/set-up/user-profile-configuration/iconsave_v602.svg) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\initial-identities-loading\generate-unique-properties\index.md +Context: +6. Click on the **Reload** button to apply the recent changes to the application. + + ![Reload Button](/img/product_docs/identitymanager/saas/user-guide/set-up/initial-identities-loading/generate-unique-properties/reload_v603.webp) + +## Verify Property Generation +Original image link: ![Reload Button](/img/product_docs/identitymanager/saas/user-guide/set-up/initial-identities-loading/generate-unique-properties/reload_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\initial-identities-loading\generate-unique-properties\index.md +Context: +In order to verify the process, add a fictitious employee through the workflows from the UI. + +![Home - New Employee](/img/product_docs/identitymanager/saas/user-guide/set-up/initial-identities-loading/generate-unique-properties/home_newemployee_v600.webp) + +Verify in the directory that the employee's sheet displays the expected values for the configured +Original image link: ![Home - New Employee](/img/product_docs/identitymanager/saas/user-guide/set-up/initial-identities-loading/generate-unique-properties/home_newemployee_v600.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\initial-identities-loading\generate-unique-properties\index.md +Context: +unique properties. + +![Home - Directory User](/img/product_docs/identitymanager/saas/user-guide/set-up/configure-workflows/home_directoryuser_v523.webp) + +Original image link: ![Home - Directory User](/img/product_docs/identitymanager/saas/user-guide/set-up/configure-workflows/home_directoryuser_v523.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\initial-identities-loading\index.md +Context: +> includes the user's employee id, last name and first name, email, user type, organization, etc. +> +> ![Identity Repository Example](/img/product_docs/identitymanager/saas/user-guide/set-up/initial-identities-loading/identityrepository-example.webp) + +> In Identity Manager, the identity repository can look like the following: +Original image link: ![Identity Repository Example](/img/product_docs/identitymanager/saas/user-guide/set-up/initial-identities-loading/identityrepository-example.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\initial-identities-loading\index.md +Context: +> In Identity Manager, the identity repository can look like the following: +> +> ![Identity Repository Result](/img/product_docs/identitymanager/saas/user-guide/set-up/initial-identities-loading/identityrepository_v602.webp) +> +> ![Identity Example](/img/product_docs/identitymanager/saas/user-guide/set-up/initial-identities-loading/identityrepository-person_v602.webp) +Original image link: ![Identity Repository Result](/img/product_docs/identitymanager/saas/user-guide/set-up/initial-identities-loading/identityrepository_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\initial-identities-loading\index.md +Context: +> ![Identity Repository Result](/img/product_docs/identitymanager/saas/user-guide/set-up/initial-identities-loading/identityrepository_v602.webp) +> +> ![Identity Example](/img/product_docs/identitymanager/saas/user-guide/set-up/initial-identities-loading/identityrepository-person_v602.webp) + +See the +Original image link: ![Identity Example](/img/product_docs/identitymanager/saas/user-guide/set-up/initial-identities-loading/identityrepository-person_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\initial-identities-loading\load-identities\index.md +Context: +part of the `UserRecord` tab, used in Identity Manager's demo: + +![Template Example](/img/product_docs/identitymanager/saas/user-guide/set-up/initial-identities-loading/load-identities/initialload_templateexample_v602.webp) + +### Useful data +Original image link: ![Template Example](/img/product_docs/identitymanager/saas/user-guide/set-up/initial-identities-loading/load-identities/initialload_templateexample_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\initial-identities-loading\load-identities\index.md +Context: +1. On the home page, click on **Settings** in the **Configuration** section. + + ![Home Page - Configuration](/img/product_docs/identitymanager/saas/user-guide/set-up/user-profile-configuration/home_settings_v523.webp) + +2. On the **Workforce** > **Data Upload** page, download the empty Excel template. +Original image link: ![Home Page - Configuration](/img/product_docs/identitymanager/saas/user-guide/set-up/user-profile-configuration/home_settings_v523.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\initial-identities-loading\load-identities\index.md +Context: +2. On the **Workforce** > **Data Upload** page, download the empty Excel template. + + ![Upload Icon](/img/product_docs/identitymanager/saas/user-guide/set-up/initial-identities-loading/load-identities/icondownload_v602.svg) + +3. Collect identity and organizational data. +Original image link: ![Upload Icon](/img/product_docs/identitymanager/saas/user-guide/set-up/initial-identities-loading/load-identities/icondownload_v602.svg) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\initial-identities-loading\load-identities\index.md +Context: + attributes (mandatory in orange): + + ![Template Recommendations](/img/product_docs/identitymanager/saas/user-guide/set-up/initial-identities-loading/load-identities/initialload_templatereco_v600.webp) + + [**Click here to download a template example**](/files/identitymanager/user-guide/set-up/initial-identities-loading/Directory_example_V602.xlsx). +Original image link: ![Template Recommendations](/img/product_docs/identitymanager/saas/user-guide/set-up/initial-identities-loading/load-identities/initialload_templatereco_v600.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\initial-identities-loading\load-identities\index.md +Context: + order to feed the data back to Identity Manager. + + ![Upload Icon](/img/product_docs/identitymanager/saas/user-guide/set-up/initial-identities-loading/load-identities/iconupload_v602.svg) + + The latest uploaded file overwrites the previous one. +Original image link: ![Upload Icon](/img/product_docs/identitymanager/saas/user-guide/set-up/initial-identities-loading/load-identities/iconupload_v602.svg) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\initial-identities-loading\load-identities\index.md +Context: + Identity Manager. + + ![Verify and Synchronize](/img/product_docs/identitymanager/saas/user-guide/set-up/initial-identities-loading/load-identities/initialload_dataupload-synchronize_v602.webp) + + Now you are able to view users' pages in the directory. +Original image link: ![Verify and Synchronize](/img/product_docs/identitymanager/saas/user-guide/set-up/initial-identities-loading/load-identities/initialload_dataupload-synchronize_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\initial-identities-loading\load-identities\index.md +Context: + Now you are able to view users' pages in the directory. + + ![Directory - Users](/img/product_docs/identitymanager/saas/user-guide/set-up/initial-identities-loading/load-identities/initialload_directoryusers_v602.webp) + +## Verify Identities Loading +Original image link: ![Directory - Users](/img/product_docs/identitymanager/saas/user-guide/set-up/initial-identities-loading/load-identities/initialload_directoryusers_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\initial-identities-loading\load-identities\index.md +Context: + least your own sheet and the sheets for your hierarchy. + + ![Home - Directory User](/img/product_docs/identitymanager/saas/user-guide/set-up/configure-workflows/home_directoryuser_v523.webp) + +- Check that every organization includes a manager. Organizations are accessible from the department +Original image link: ![Home - Directory User](/img/product_docs/identitymanager/saas/user-guide/set-up/configure-workflows/home_directoryuser_v523.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\initial-identities-loading\load-identities\index.md +Context: + directory on the home page. + + ![Home - Directory Department](/img/product_docs/identitymanager/saas/user-guide/set-up/initial-identities-loading/load-identities/home_directorydepartment_v523.webp) + + ![List of Departments](/img/product_docs/identitymanager/saas/user-guide/set-up/initial-identities-loading/load-identities/initialload_departments_v602.webp) +Original image link: ![Home - Directory Department](/img/product_docs/identitymanager/saas/user-guide/set-up/initial-identities-loading/load-identities/home_directorydepartment_v523.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\initial-identities-loading\load-identities\index.md +Context: + ![Home - Directory Department](/img/product_docs/identitymanager/saas/user-guide/set-up/initial-identities-loading/load-identities/home_directorydepartment_v523.webp) + + ![List of Departments](/img/product_docs/identitymanager/saas/user-guide/set-up/initial-identities-loading/load-identities/initialload_departments_v602.webp) + + If the system contains many organizations, then it is also possible to list each organization +Original image link: ![List of Departments](/img/product_docs/identitymanager/saas/user-guide/set-up/initial-identities-loading/load-identities/initialload_departments_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\initial-identities-loading\template-description\index.md +Context: +[Click here to download a template example](/files/identitymanager/user-guide/set-up/initial-identities-loading/Directory_example_V602.xlsx). + +![Template Model](/img/product_docs/identitymanager/saas/user-guide/set-up/initial-identities-loading/template-description/initialload_templatemodel_v603.webp) + +All tabs contain a column `Command` only used at a later stage to modify (massively) identity data. +Original image link: ![Template Model](/img/product_docs/identitymanager/saas/user-guide/set-up/initial-identities-loading/template-description/initialload_templatemodel_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\provisioning-rule-creation\navigation-property-computation\index.md +Context: + to assign. + +![Schema - Scalar Rule](/img/product_docs/identitymanager/saas/user-guide/set-up/provisioning-rule-creation/navigation-property-computation/provrules_schemanavigation.webp) + +> A navigation rule could add the AD group `SG_APP_SQL` to the `memberOf` navigation property to all +Original image link: ![Schema - Scalar Rule](/img/product_docs/identitymanager/saas/user-guide/set-up/provisioning-rule-creation/navigation-property-computation/provrules_schemanavigation.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\provisioning-rule-creation\navigation-property-computation\index.md +Context: +**Step 1 –** Click on **Access Rules** on the home page in the **Configuration** section. + +![Home - Access Rules](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/classification/home_rules_v602.webp) + +**Step 2 –** In the dropdown menu at the top left, choose the source entity type for the future +Original image link: ![Home - Access Rules](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/classification/home_rules_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\provisioning-rule-creation\navigation-property-computation\index.md +Context: +navigation rule. + +![Entity Type Choice](/img/product_docs/identitymanager/saas/user-guide/set-up/single-roles-catalog-creation/role-naming-rule-creation/provrules_entitytype_v602.webp) + +**Step 3 –** Click on the **Navigations** tab and on the addition button at the top right corner. +Original image link: ![Entity Type Choice](/img/product_docs/identitymanager/saas/user-guide/set-up/single-roles-catalog-creation/role-naming-rule-creation/provrules_entitytype_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\provisioning-rule-creation\navigation-property-computation\index.md +Context: +**Step 3 –** Click on the **Navigations** tab and on the addition button at the top right corner. + +![Addition Icon](/img/product_docs/identitymanager/saas/user-guide/set-up/user-profile-assignment/iconadd_v602.webp) + +**Step 4 –** Fill in the fields. +Original image link: ![Addition Icon](/img/product_docs/identitymanager/saas/user-guide/set-up/user-profile-assignment/iconadd_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\provisioning-rule-creation\navigation-property-computation\index.md +Context: +**Step 4 –** Fill in the fields. + +![Create a Navigation Rule](/img/product_docs/identitymanager/saas/user-guide/set-up/single-roles-catalog-creation/role-manual-creation/singlerolescatalog_createnavrule_v602.webp) + +- `Join`: navigation property from the target entity type, whose value is to be impacted. +Original image link: ![Create a Navigation Rule](/img/product_docs/identitymanager/saas/user-guide/set-up/single-roles-catalog-creation/role-manual-creation/singlerolescatalog_createnavrule_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\provisioning-rule-creation\navigation-property-computation\index.md +Context: +> Our example would look like: +> +> ![Scalar Rule Example](/img/product_docs/identitymanager/saas/user-guide/set-up/provisioning-rule-creation/navigation-property-computation/provrules_examplenav_v602.webp) + +**Step 5 –** Click on **Create** and see a line added on the rules page. +Original image link: ![Scalar Rule Example](/img/product_docs/identitymanager/saas/user-guide/set-up/provisioning-rule-creation/navigation-property-computation/provrules_examplenav_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\provisioning-rule-creation\navigation-property-computation\index.md +Context: +Fill in the fields. + +![Create Query Rule](/img/product_docs/identitymanager/saas/user-guide/set-up/provisioning-rule-creation/navigation-property-computation/provrules_queryrule_v522.webp) + +Once the `Resource Type` is provided, more fields appear. +Original image link: ![Create Query Rule](/img/product_docs/identitymanager/saas/user-guide/set-up/provisioning-rule-creation/navigation-property-computation/provrules_queryrule_v522.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\provisioning-rule-creation\navigation-property-computation\index.md +Context: +Once the `Resource Type` is provided, more fields appear. + +![Query Rule Fields](/img/product_docs/identitymanager/saas/user-guide/set-up/provisioning-rule-creation/navigation-property-computation/provrules_queryrulefields_v602.webp) + +- **Target Object** > `Property to fill`: navigation property from the target entity type, whose +Original image link: ![Query Rule Fields](/img/product_docs/identitymanager/saas/user-guide/set-up/provisioning-rule-creation/navigation-property-computation/provrules_queryrulefields_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\provisioning-rule-creation\navigation-property-computation\index.md +Context: +> Our examples would look like: +> +> ![Query Rule Example](/img/product_docs/identitymanager/saas/user-guide/set-up/provisioning-rule-creation/navigation-property-computation/provrules_examplequery_v602.webp) +> +> ![Query Rule Example 2](/img/product_docs/identitymanager/saas/user-guide/set-up/provisioning-rule-creation/navigation-property-computation/provrules_examplequerybis_v602.webp) +Original image link: ![Query Rule Example](/img/product_docs/identitymanager/saas/user-guide/set-up/provisioning-rule-creation/navigation-property-computation/provrules_examplequery_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\provisioning-rule-creation\navigation-property-computation\index.md +Context: +> ![Query Rule Example](/img/product_docs/identitymanager/saas/user-guide/set-up/provisioning-rule-creation/navigation-property-computation/provrules_examplequery_v602.webp) +> +> ![Query Rule Example 2](/img/product_docs/identitymanager/saas/user-guide/set-up/provisioning-rule-creation/navigation-property-computation/provrules_examplequerybis_v602.webp) + +Click on **Create** and see a line added on the rules page. +Original image link: ![Query Rule Example 2](/img/product_docs/identitymanager/saas/user-guide/set-up/provisioning-rule-creation/navigation-property-computation/provrules_examplequerybis_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\provisioning-rule-creation\navigation-property-computation\index.md +Context: +via **Jobs** > **Compute Role Model**. + +![Resource Type Jobs](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/classification/synchro_resourcetype_v602.webp) + +This task applies the rules and computes new properties. Therefore, if a given rule's criterion is +Original image link: ![Resource Type Jobs](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/classification/synchro_resourcetype_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\provisioning-rule-creation\resource-creation\index.md +Context: +1. Click on **Access Rules** on the home page in the **Configuration** section. + + ![Home - Access Rules](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/classification/home_rules_v602.webp) + +2. In the dropdown menu at the top left, choose the source entity type for the future scalar rule. +Original image link: ![Home - Access Rules](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/classification/home_rules_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\provisioning-rule-creation\resource-creation\index.md +Context: +2. In the dropdown menu at the top left, choose the source entity type for the future scalar rule. + + ![Entity Type Choice](/img/product_docs/identitymanager/saas/user-guide/set-up/single-roles-catalog-creation/role-naming-rule-creation/provrules_entitytype_v602.webp) + +3. Click on the **Resource Types** tab and on the addition button at the top right corner. +Original image link: ![Entity Type Choice](/img/product_docs/identitymanager/saas/user-guide/set-up/single-roles-catalog-creation/role-naming-rule-creation/provrules_entitytype_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\provisioning-rule-creation\resource-creation\index.md +Context: +3. Click on the **Resource Types** tab and on the addition button at the top right corner. + + ![Addition Icon](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/classification/iconadd_v602.svg) + +4. Fill in the fields. +Original image link: ![Addition Icon](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/classification/iconadd_v602.svg) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\provisioning-rule-creation\resource-creation\index.md +Context: +4. Fill in the fields. + + ![Create a Resource Type Rule](/img/product_docs/identitymanager/saas/user-guide/set-up/provisioning-rule-creation/resource-creation/provrules_typerule_v602.webp) + + - `Resource Type`: resource type to be automatically assigned. +Original image link: ![Create a Resource Type Rule](/img/product_docs/identitymanager/saas/user-guide/set-up/provisioning-rule-creation/resource-creation/provrules_typerule_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\provisioning-rule-creation\resource-creation\index.md +Context: + > Our example would look like: + > + > ![Resource Type Rule Example](/img/product_docs/identitymanager/saas/user-guide/set-up/provisioning-rule-creation/resource-creation/provrules_exampletype_v602.webp) + +5. Click on **Create** and see a line added on the rules page. +Original image link: ![Resource Type Rule Example](/img/product_docs/identitymanager/saas/user-guide/set-up/provisioning-rule-creation/resource-creation/provrules_exampletype_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\provisioning-rule-creation\resource-creation\index.md +Context: +via **Jobs** > **Compute Role Model**. + +![Resource Type Jobs](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/classification/synchro_resourcetype_v602.webp) + +This task applies the rules and computes new assignments. Therefore, if a given rule's criterion is +Original image link: ![Resource Type Jobs](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/classification/synchro_resourcetype_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\provisioning-rule-creation\resource-creation\index.md +Context: +1. Select a test user in the directory, accessible from the home page. + + ![Home Page - Directory User](/img/product_docs/identitymanager/saas/user-guide/set-up/configure-workflows/home_directoryuser_v523.webp) + +2. Create a resource type rule involving an account that said user doesn't already have, based on +Original image link: ![Home Page - Directory User](/img/product_docs/identitymanager/saas/user-guide/set-up/configure-workflows/home_directoryuser_v523.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\provisioning-rule-creation\resource-creation\index.md +Context: +4. See the new account in the user's **View Permissions** tab. + + ![View Permissions Tab](/img/product_docs/identitymanager/saas/user-guide/set-up/provisioning-rule-creation/resource-creation/viewpermissions_v602.webp) + + If the type rule uses a single role as a criterion, and the user has said role, then both the +Original image link: ![View Permissions Tab](/img/product_docs/identitymanager/saas/user-guide/set-up/provisioning-rule-creation/resource-creation/viewpermissions_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\provisioning-rule-creation\scalar-property-computation\index.md +Context: +from the source entity type, possibly writing a C# expression. + +![Schema - Scalar Rule](/img/product_docs/identitymanager/saas/user-guide/set-up/provisioning-rule-creation/scalar-property-computation/provrules_schemascalar.webp) + +A scalar rule could define the scalar property displayName of nominative AD accounts based on its +Original image link: ![Schema - Scalar Rule](/img/product_docs/identitymanager/saas/user-guide/set-up/provisioning-rule-creation/scalar-property-computation/provrules_schemascalar.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\provisioning-rule-creation\scalar-property-computation\index.md +Context: +Fill an entity type with a scalar rule by proceeding as follows: + +![Home - Access Rules](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/classification/home_rules_v602.webp) + +**Step 1 –** Click on **Access Rules** on the home page in the **Configuration** section. +Original image link: ![Home - Access Rules](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/classification/home_rules_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\provisioning-rule-creation\scalar-property-computation\index.md +Context: +**Step 1 –** Click on **Access Rules** on the home page in the **Configuration** section. + +![Entity Type Choice](/img/product_docs/identitymanager/saas/user-guide/set-up/single-roles-catalog-creation/role-naming-rule-creation/provrules_entitytype_v602.webp) + +**Step 2 –** In the dropdown menu at the top left, choose the source entity type for the future +Original image link: ![Entity Type Choice](/img/product_docs/identitymanager/saas/user-guide/set-up/single-roles-catalog-creation/role-naming-rule-creation/provrules_entitytype_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\provisioning-rule-creation\scalar-property-computation\index.md +Context: +scalar rule. + +![iconadd_v602](/img/product_docs/identitymanager/saas/user-guide/set-up/user-profile-assignment/iconadd_v602.webp) + +**Step 3 –** Click on the **Scalars** tab and on the addition button at the top right corner. +Original image link: ![iconadd_v602](/img/product_docs/identitymanager/saas/user-guide/set-up/user-profile-assignment/iconadd_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\provisioning-rule-creation\scalar-property-computation\index.md +Context: +**Step 3 –** Click on the **Scalars** tab and on the addition button at the top right corner. + +![Create Scalar Rule](/img/product_docs/identitymanager/saas/user-guide/set-up/provisioning-rule-creation/scalar-property-computation/provrules_scalarrule_v522.webp) + +**Step 4 –** Fill in the fields. +Original image link: ![Create Scalar Rule](/img/product_docs/identitymanager/saas/user-guide/set-up/provisioning-rule-creation/scalar-property-computation/provrules_scalarrule_v522.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\provisioning-rule-creation\scalar-property-computation\index.md +Context: +**Step 4 –** Fill in the fields. + +![Scalar Rule Fields](/img/product_docs/identitymanager/saas/user-guide/set-up/provisioning-rule-creation/scalar-property-computation/provrules_scalarrulefields_v602.webp) + +Once the Resource Type is provided, more fields appear. +Original image link: ![Scalar Rule Fields](/img/product_docs/identitymanager/saas/user-guide/set-up/provisioning-rule-creation/scalar-property-computation/provrules_scalarrulefields_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\provisioning-rule-creation\scalar-property-computation\index.md +Context: +Our example would look like: + +![Scalar Rule Example](/img/product_docs/identitymanager/saas/user-guide/set-up/provisioning-rule-creation/scalar-property-computation/provrules_examplescalar_v522.webp) + +**Step 5 –** Click on **Create** and see a line added on the rules page. +Original image link: ![Scalar Rule Example](/img/product_docs/identitymanager/saas/user-guide/set-up/provisioning-rule-creation/scalar-property-computation/provrules_examplescalar_v522.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\provisioning-rule-creation\scalar-property-computation\index.md +Context: +**Compute Role Model**. + +![Resource Type Jobs](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/classification/synchro_resourcetype_v602.webp) + +This task applies the rules and computes new properties. Therefore, if a given rule's criterion is +Original image link: ![Resource Type Jobs](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/classification/synchro_resourcetype_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\single-roles-catalog-creation\category-creation\index.md +Context: + page. + + ![Home Page - Access Roles](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/resource-type-creation/home_roles_v602.webp) + +2. All existing categories are shown in the menus on the left. To create a new category, click on +Original image link: ![Home Page - Access Roles](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/resource-type-creation/home_roles_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\single-roles-catalog-creation\category-creation\index.md +Context: + **+**. + + ![Add a New Category](/img/product_docs/identitymanager/saas/user-guide/set-up/single-roles-catalog-creation/category-creation/singlerolescatalog_newcategory_v602.webp) + +3. Fill in the fields. +Original image link: ![Add a New Category](/img/product_docs/identitymanager/saas/user-guide/set-up/single-roles-catalog-creation/category-creation/singlerolescatalog_newcategory_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\single-roles-catalog-creation\category-creation\index.md +Context: +3. Fill in the fields. + + ![Create a Category](/img/product_docs/identitymanager/saas/user-guide/set-up/single-roles-catalog-creation/category-creation/singlerolescatalog_createcategory_v602.webp) + + - `Identifier`: must be unique among categories and without any whitespace. +Original image link: ![Create a Category](/img/product_docs/identitymanager/saas/user-guide/set-up/single-roles-catalog-creation/category-creation/singlerolescatalog_createcategory_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\single-roles-catalog-creation\category-creation\index.md +Context: +with the right parameters. + +![Verify Category](/img/product_docs/identitymanager/saas/user-guide/set-up/single-roles-catalog-creation/category-creation/categorycreation_test_v602.webp) + +Original image link: ![Verify Category](/img/product_docs/identitymanager/saas/user-guide/set-up/single-roles-catalog-creation/category-creation/categorycreation_test_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\single-roles-catalog-creation\index.md +Context: +to work with the managed systems. + +![Schema - Single Role](/img/product_docs/identitymanager/saas/user-guide/set-up/single-roles-catalog-creation/singlerolescatalog_schemarole.webp) + +In other words, establishing the role catalog aims to list exhaustively and explicitly all the roles +Original image link: ![Schema - Single Role](/img/product_docs/identitymanager/saas/user-guide/set-up/single-roles-catalog-creation/singlerolescatalog_schemarole.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\single-roles-catalog-creation\index.md +Context: +- a role is created with a given approval workflow according to the entitlement's sensitivity; + + ![Schema - Approval Workflow](/img/product_docs/identitymanager/saas/user-guide/set-up/single-roles-catalog-creation/singlerolescatalog_schemaapprovals.webp) + + > We choose to require one manual validation from a knowledgeable user before the Internet role +Original image link: ![Schema - Approval Workflow](/img/product_docs/identitymanager/saas/user-guide/set-up/single-roles-catalog-creation/singlerolescatalog_schemaapprovals.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\single-roles-catalog-creation\index.md +Context: + information. + + ![Schema - Single Role with Navigation Rule](/img/product_docs/identitymanager/saas/user-guide/set-up/single-roles-catalog-creation/singlerolescatalog_schemarolerule.webp) + + > We link the role to the entitlement named `SG_APP_DL-INTERNET-ALL` in the AD, via a navigation +Original image link: ![Schema - Single Role with Navigation Rule](/img/product_docs/identitymanager/saas/user-guide/set-up/single-roles-catalog-creation/singlerolescatalog_schemarolerule.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\single-roles-catalog-creation\index.md +Context: + one single role with one fine-grained entitlement. + + ![Schema - Roles and Identities](/img/product_docs/identitymanager/saas/user-guide/set-up/single-roles-catalog-creation/singlerolescatalog_schemarolesidentities.webp) + + > For example, an accountant needs read access to the accounting software, a project manager to +Original image link: ![Schema - Roles and Identities](/img/product_docs/identitymanager/saas/user-guide/set-up/single-roles-catalog-creation/singlerolescatalog_schemarolesidentities.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\single-roles-catalog-creation\index.md +Context: +> entitlement in SAP inside a category called `SAP`: +> +> ![Roles Example](/img/product_docs/identitymanager/saas/user-guide/set-up/single-roles-catalog-creation/singlerolescatalog_strategymono_v602.webp) + +One system hosting several applications with existing naming conventions +Original image link: ![Roles Example](/img/product_docs/identitymanager/saas/user-guide/set-up/single-roles-catalog-creation/singlerolescatalog_strategymono_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\single-roles-catalog-creation\index.md +Context: +> distinct applications. +> +> ![AD Groups](/img/product_docs/identitymanager/saas/user-guide/set-up/single-roles-catalog-creation/singlerolescatalog_strategymulti_v522.webp) + +The goal here is to find a way to clarify the link between each entitlement and the corresponding +Original image link: ![AD Groups](/img/product_docs/identitymanager/saas/user-guide/set-up/single-roles-catalog-creation/singlerolescatalog_strategymulti_v522.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\single-roles-catalog-creation\index.md +Context: +> specify the application name (such as Outlook in this example). +> +> ![Appropriated Field](/img/product_docs/identitymanager/saas/user-guide/set-up/single-roles-catalog-creation/singlerolescatalog_strategymultinoname_v522.webp) + +Thus, the needed information is added to the managed system. After the execution of synchronization, +Original image link: ![Appropriated Field](/img/product_docs/identitymanager/saas/user-guide/set-up/single-roles-catalog-creation/singlerolescatalog_strategymultinoname_v522.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\single-roles-catalog-creation\index.md +Context: +[Create a Role Manually](/docs/identitymanager/6.2/user-guide/set-up/single-roles-catalog-creation/role-manual-creation/index.md) topic for additional information. + +![Schema - Role Creation Top-Down](/img/product_docs/identitymanager/saas/user-guide/set-up/single-roles-catalog-creation/singlerolescatalog_schematopdown.webp) + +Roles can also be created bottom-up via role naming rules. Instead of the previous process, you can +Original image link: ![Schema - Role Creation Top-Down](/img/product_docs/identitymanager/saas/user-guide/set-up/single-roles-catalog-creation/singlerolescatalog_schematopdown.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\single-roles-catalog-creation\index.md +Context: +[ Create Roles in Bulk ](/docs/identitymanager/6.2/user-guide/set-up/single-roles-catalog-creation/role-naming-rule-creation/index.md) topic for additional information. + +![Schema - Role Creation Top-Down](/img/product_docs/identitymanager/saas/user-guide/set-up/single-roles-catalog-creation/singlerolescatalog_schemabottomup.webp) + +One naming rule can generate many roles, so a few automatic rules can easily and faster create the +Original image link: ![Schema - Role Creation Top-Down](/img/product_docs/identitymanager/saas/user-guide/set-up/single-roles-catalog-creation/singlerolescatalog_schemabottomup.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\single-roles-catalog-creation\role-manual-creation\index.md +Context: +Create a single role by proceeding as follows: + +![Home Page - Access Roles](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/resource-type-creation/home_roles_v602.webp) + +**Step 1 –** On the home page in the **Configuration** section, click on **Access Roles** to access +Original image link: ![Home Page - Access Roles](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/resource-type-creation/home_roles_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\single-roles-catalog-creation\role-manual-creation\index.md +Context: +the roles page. + +![createsinglerole](/img/product_docs/identitymanager/saas/user-guide/set-up/single-roles-catalog-creation/role-manual-creation/createsinglerole.webp) + +**Step 2 –** On the roles page, click on the adequate category and create a role by clicking on **+ +Original image link: ![createsinglerole](/img/product_docs/identitymanager/saas/user-guide/set-up/single-roles-catalog-creation/role-manual-creation/createsinglerole.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\single-roles-catalog-creation\role-manual-creation\index.md +Context: +Create a navigation rule by proceeding as follows: + +![Home Page - Access Rules](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/classification/home_rules_v602.webp) + +**Step 1 –** On the home page in the **Configuration** section, click on **Access Rules** to access +Original image link: ![Home Page - Access Rules](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/classification/home_rules_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\single-roles-catalog-creation\role-manual-creation\index.md +Context: +the rules page. + +![Entity Type Choice](/img/product_docs/identitymanager/saas/user-guide/set-up/single-roles-catalog-creation/role-naming-rule-creation/provrules_entitytype_v602.webp) + +**Step 2 –** In the drop down menu at the top left, choose the entity type to which the future +Original image link: ![Entity Type Choice](/img/product_docs/identitymanager/saas/user-guide/set-up/single-roles-catalog-creation/role-naming-rule-creation/provrules_entitytype_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\single-roles-catalog-creation\role-manual-creation\index.md +Context: +navigation rule will be applied. + +![Addition Icon](/img/product_docs/identitymanager/saas/user-guide/set-up/user-profile-assignment/iconadd_v602.webp) + +**Step 3 –** Click on the **Navigations** tab and on the addition button at the top right corner. +Original image link: ![Addition Icon](/img/product_docs/identitymanager/saas/user-guide/set-up/user-profile-assignment/iconadd_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\single-roles-catalog-creation\role-manual-creation\index.md +Context: +**Step 3 –** Click on the **Navigations** tab and on the addition button at the top right corner. + +![Create a Navigation Rule](/img/product_docs/identitymanager/saas/user-guide/set-up/single-roles-catalog-creation/role-manual-creation/singlerolescatalog_createnavrule_v602.webp) + +**Step 4 –** Fill in the fields. +Original image link: ![Create a Navigation Rule](/img/product_docs/identitymanager/saas/user-guide/set-up/single-roles-catalog-creation/role-manual-creation/singlerolescatalog_createnavrule_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\single-roles-catalog-creation\role-manual-creation\index.md +Context: +**Step 1 –** For roles, click on **Access Roles** on the home page in the **Configuration** section. + +![Access Single Roles](/img/product_docs/identitymanager/saas/user-guide/set-up/single-roles-catalog-creation/role-naming-rule-creation/namingrulecreation_testroles_v602.webp) + +**Step 2 –** Select single roles and find the role you created inside the right category and with +Original image link: ![Access Single Roles](/img/product_docs/identitymanager/saas/user-guide/set-up/single-roles-catalog-creation/role-naming-rule-creation/namingrulecreation_testroles_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\single-roles-catalog-creation\role-manual-creation\index.md +Context: +Our example would look like: + +![Example - Generated Role](/img/product_docs/identitymanager/saas/user-guide/set-up/single-roles-catalog-creation/role-naming-rule-creation/namingrulecreation_exampleroleresult_v602.webp) + +![Home Page - Access Rules](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/classification/home_rules_v602.webp) +Original image link: ![Example - Generated Role](/img/product_docs/identitymanager/saas/user-guide/set-up/single-roles-catalog-creation/role-naming-rule-creation/namingrulecreation_exampleroleresult_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\single-roles-catalog-creation\role-manual-creation\index.md +Context: +**Step 3 –** For rules, click on **Access Rules** on the home page in the **Configuration** section. + +![Access Navigation Rules](/img/product_docs/identitymanager/saas/user-guide/set-up/single-roles-catalog-creation/role-naming-rule-creation/namingrulecreation_testrules_v602.webp) + +**Step 4 –** Select navigation rules and find the rule(s) you created with the right parameters. +Original image link: ![Access Navigation Rules](/img/product_docs/identitymanager/saas/user-guide/set-up/single-roles-catalog-creation/role-naming-rule-creation/namingrulecreation_testrules_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\single-roles-catalog-creation\role-manual-creation\index.md +Context: +Our example would look like: + +![Example - Generated Rule](/img/product_docs/identitymanager/saas/user-guide/set-up/single-roles-catalog-creation/role-naming-rule-creation/namingrulecreation_exampleruleresult_v523.webp) + +The verification of role creation has been completed. +Original image link: ![Example - Generated Rule](/img/product_docs/identitymanager/saas/user-guide/set-up/single-roles-catalog-creation/role-naming-rule-creation/namingrulecreation_exampleruleresult_v523.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\single-roles-catalog-creation\role-naming-rule-creation\index.md +Context: +1. On the home page, click on **Access Rules** in the **Configuration** section. + + ![Home Page - Access Rules](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/classification/home_rules_v602.webp) + +2. In the dropdown menu at the top left, choose the entity type to which the future naming rule will +Original image link: ![Home Page - Access Rules](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/classification/home_rules_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\single-roles-catalog-creation\role-naming-rule-creation\index.md +Context: + be applied. + + ![Entity Type Choice](/img/product_docs/identitymanager/saas/user-guide/set-up/single-roles-catalog-creation/role-naming-rule-creation/provrules_entitytype_v602.webp) + +3. Click on the **Role Naming Conventions** tab and on the addition button at the top right corner. +Original image link: ![Entity Type Choice](/img/product_docs/identitymanager/saas/user-guide/set-up/single-roles-catalog-creation/role-naming-rule-creation/provrules_entitytype_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\single-roles-catalog-creation\role-naming-rule-creation\index.md +Context: +3. Click on the **Role Naming Conventions** tab and on the addition button at the top right corner. + + ![Addition Icon](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/classification/iconadd_v602.svg) + +4. Fill in the fields. +Original image link: ![Addition Icon](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/classification/iconadd_v602.svg) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\single-roles-catalog-creation\role-naming-rule-creation\index.md +Context: +4. Fill in the fields. + + ![Create a Naming Rule](/img/product_docs/identitymanager/saas/user-guide/set-up/single-roles-catalog-creation/role-naming-rule-creation/namingrulecreation_newrule_v602.webp) + + - `Policy`: +Original image link: ![Create a Naming Rule](/img/product_docs/identitymanager/saas/user-guide/set-up/single-roles-catalog-creation/role-naming-rule-creation/namingrulecreation_newrule_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\single-roles-catalog-creation\role-naming-rule-creation\index.md +Context: + > Our example would look like: + > + > ![Example - Naming Rule](/img/product_docs/identitymanager/saas/user-guide/set-up/single-roles-catalog-creation/role-naming-rule-creation/namingrulecreation_example_v602.webp) + +5. Click on **Create** and see a line added on the rules page. +Original image link: ![Example - Naming Rule](/img/product_docs/identitymanager/saas/user-guide/set-up/single-roles-catalog-creation/role-naming-rule-creation/namingrulecreation_example_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\single-roles-catalog-creation\role-naming-rule-creation\index.md +Context: + **Jobs** > **Apply Naming Conventions**; + + ![Resource Type Jobs](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/classification/synchro_resourcetype_v602.webp) + +2. check that the correct roles and rules were created. +Original image link: ![Resource Type Jobs](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/classification/synchro_resourcetype_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\single-roles-catalog-creation\role-naming-rule-creation\index.md +Context: +For roles, click on **Access Roles** on the home page in the **Configuration** section. + +![Home Page - Access Roles](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/resource-type-creation/home_roles_v602.webp) + +Select single roles and find the role(s) you created inside the right category and with the right +Original image link: ![Home Page - Access Roles](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/resource-type-creation/home_roles_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\single-roles-catalog-creation\role-naming-rule-creation\index.md +Context: +parameters. + +![Access Single Roles](/img/product_docs/identitymanager/saas/user-guide/set-up/single-roles-catalog-creation/role-naming-rule-creation/namingrulecreation_testroles_v602.webp) + +> [Our example](() would look like: +Original image link: ![Access Single Roles](/img/product_docs/identitymanager/saas/user-guide/set-up/single-roles-catalog-creation/role-naming-rule-creation/namingrulecreation_testroles_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\single-roles-catalog-creation\role-naming-rule-creation\index.md +Context: +> [Our example](() would look like: +> +> ![Example - Generated Role](/img/product_docs/identitymanager/saas/user-guide/set-up/single-roles-catalog-creation/role-naming-rule-creation/namingrulecreation_exampleroleresult_v602.webp) + +For rules, click on **Access Rules** on the home page in the **Configuration** section. +Original image link: ![Example - Generated Role](/img/product_docs/identitymanager/saas/user-guide/set-up/single-roles-catalog-creation/role-naming-rule-creation/namingrulecreation_exampleroleresult_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\single-roles-catalog-creation\role-naming-rule-creation\index.md +Context: +Select navigation rules and find the rule(s) you created with the right parameters. + +![Access Navigation Rules](/img/product_docs/identitymanager/saas/user-guide/set-up/single-roles-catalog-creation/role-naming-rule-creation/namingrulecreation_testrules_v602.webp) + +> Our example would look like: +Original image link: ![Access Navigation Rules](/img/product_docs/identitymanager/saas/user-guide/set-up/single-roles-catalog-creation/role-naming-rule-creation/namingrulecreation_testrules_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\single-roles-catalog-creation\role-naming-rule-creation\index.md +Context: +> Our example would look like: +> +> ![Example - Generated Rule](/img/product_docs/identitymanager/saas/user-guide/set-up/single-roles-catalog-creation/role-naming-rule-creation/namingrulecreation_exampleruleresult_v523.webp) + +Original image link: ![Example - Generated Rule](/img/product_docs/identitymanager/saas/user-guide/set-up/single-roles-catalog-creation/role-naming-rule-creation/namingrulecreation_exampleruleresult_v523.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\synchronization\index.md +Context: +the synchronization itself. + +![Synchronization Schema](/img/product_docs/identitymanager/saas/user-guide/set-up/synchronization/synchro_schema.webp) + +#### Export +Original image link: ![Synchronization Schema](/img/product_docs/identitymanager/saas/user-guide/set-up/synchronization/synchro_schema.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\synchronization\index.md +Context: + **Configuration** section. + + ![Home - Connectors](/img/product_docs/identitymanager/saas/user-guide/set-up/synchronization/home_connectors_v602.webp) + +2. On the relevant connector page, in the **Entity Types** frame, click on **Jobs**. +Original image link: ![Home - Connectors](/img/product_docs/identitymanager/saas/user-guide/set-up/synchronization/home_connectors_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\synchronization\index.md +Context: + mode. + + ![Synchronize Job](/img/product_docs/identitymanager/saas/user-guide/set-up/synchronization/synchro_executionjobs_v602.webp) + + - `Update Expressions`: computes the expressions used in the entity type mapping. +Original image link: ![Synchronize Job](/img/product_docs/identitymanager/saas/user-guide/set-up/synchronization/synchro_executionjobs_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\synchronization\index.md +Context: + choice between `Complete` and `Incremental`. See below this note. + + ![Synchronize Job (Only Complete)](/img/product_docs/identitymanager/saas/user-guide/set-up/synchronization/synchro_executionjobs-complete_v602.webp) + +## Manage Synchronization Automation +Original image link: ![Synchronize Job (Only Complete)](/img/product_docs/identitymanager/saas/user-guide/set-up/synchronization/synchro_executionjobs-complete_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\synchronization\index.md +Context: +**Activate**. + +![Jobs Results Dashboard](/img/product_docs/identitymanager/saas/user-guide/set-up/synchronization/synchro_dashboard_v522.webp) + +You can fine-tune the synchronization and/or provisioning of the connector by clicking on the +Original image link: ![Jobs Results Dashboard](/img/product_docs/identitymanager/saas/user-guide/set-up/synchronization/synchro_dashboard_v522.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\synchronization\index.md +Context: +**Edit** button. + +![Edit button](/img/product_docs/identitymanager/saas/user-guide/set-up/synchronization/synchro_edit_v600.webp) + +Click on **Job Results** to access the progress of this connector's jobs. +Original image link: ![Edit button](/img/product_docs/identitymanager/saas/user-guide/set-up/synchronization/synchro_edit_v600.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\synchronization\index.md +Context: +All jobs are accessible on the **Job Execution** page in the **Administration** section. + +![Home - Job Execution](/img/product_docs/identitymanager/saas/user-guide/set-up/synchronization/home_jobexecution_v602.webp) + +## Verify an Entity Type's Synchronization +Original image link: ![Home - Job Execution](/img/product_docs/identitymanager/saas/user-guide/set-up/synchronization/home_jobexecution_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\synchronization\index.md +Context: + synchronization completed successfully. + + ![Jobs Results](/img/product_docs/identitymanager/saas/user-guide/set-up/synchronization/synchro_results_v603.webp) + +3. Check that the entity types have been added to the left menu of the home page. +Original image link: ![Jobs Results](/img/product_docs/identitymanager/saas/user-guide/set-up/synchronization/synchro_results_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\synchronization\index.md +Context: +3. Check that the entity types have been added to the left menu of the home page. + + ![Test Entity Type](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/classification/entitytypecreation_test_v602.webp) + +4. Access the relevant entity types (from the menu items on the left of the home page) to check +Original image link: ![Test Entity Type](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/classification/entitytypecreation_test_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\synchronization\index.md +Context: + associations, via the eye icon: + + ![Eye Icon](/img/product_docs/identitymanager/saas/user-guide/set-up/synchronization/iconeye_v600.svg) + + You should first look for configuration validation, and only later validation of the actual data +Original image link: ![Eye Icon](/img/product_docs/identitymanager/saas/user-guide/set-up/synchronization/iconeye_v600.svg) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\synchronization\index.md +Context: + > `SAB - Users` and `SAB - Groups`. Then, the home page shows them on the left. + > + > ![SAB Example - Home Page](/img/product_docs/identitymanager/saas/user-guide/set-up/synchronization/synchro_examplesab_v522.webp) + > + > Clicking on `SAB - Users` displays the list of all synchronized resources. +Original image link: ![SAB Example - Home Page](/img/product_docs/identitymanager/saas/user-guide/set-up/synchronization/synchro_examplesab_v522.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\synchronization\index.md +Context: + > Clicking on `SAB - Users` displays the list of all synchronized resources. + > + > ![SAB Example - Data List](/img/product_docs/identitymanager/saas/user-guide/set-up/synchronization/synchro_examplesab2_v602.webp) + > + > Clicking on any resource displays its detailed attributes, for example `Abbott Mark`: +Original image link: ![SAB Example - Data List](/img/product_docs/identitymanager/saas/user-guide/set-up/synchronization/synchro_examplesab2_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\synchronization\index.md +Context: + > Clicking on any resource displays its detailed attributes, for example `Abbott Mark`: + > + > ![SAB Example - Resource Attributes](/img/product_docs/identitymanager/saas/user-guide/set-up/synchronization/synchro_examplesab3_v602.webp) + > + > Clicking on any eye icon displays the corresponding resource. SAB was created here with a +Original image link: ![SAB Example - Resource Attributes](/img/product_docs/identitymanager/saas/user-guide/set-up/synchronization/synchro_examplesab3_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\synchronization\index.md +Context: +If the connector and/or entity type doesn't appear in the menu items, then: + +![Test Entity Type](/img/product_docs/identitymanager/saas/user-guide/set-up/synchronization/home_entitytypes_v602.webp) + +Access the relevant connector's page and click on the **Reload** button to take into account the +Original image link: ![Test Entity Type](/img/product_docs/identitymanager/saas/user-guide/set-up/synchronization/home_entitytypes_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\synchronization\index.md +Context: +If a synchronization is blocked by an exceeded threshold, then: + +![Threshold warning](/img/product_docs/identitymanager/saas/user-guide/set-up/synchronization/synchro_threshold_v603.webp) + +Find out the reasons to decide whether or not to bypass the threshold. Proceed as follows: +Original image link: ![Threshold warning](/img/product_docs/identitymanager/saas/user-guide/set-up/synchronization/synchro_threshold_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\synchronization\index.md +Context: + make a decision about whether to bypass synchronization thresholds. + + ![Job progress](/img/product_docs/identitymanager/saas/user-guide/set-up/synchronization/synchro_thresholdlog_v603.webp) + + In most cases, the first synchronization exceeds thresholds because no data exists in Identity +Original image link: ![Job progress](/img/product_docs/identitymanager/saas/user-guide/set-up/synchronization/synchro_thresholdlog_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\synchronization\index.md +Context: + Be cautious, check twice for mistakes before resuming. + + ![Resumed Job](/img/product_docs/identitymanager/saas/user-guide/set-up/synchronization/synchro_thresholdresumed_v602.webp) + +If an export doesn't complete, then: +Original image link: ![Resumed Job](/img/product_docs/identitymanager/saas/user-guide/set-up/synchronization/synchro_thresholdresumed_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\synchronization\index.md +Context: + source column exists in the corresponding managed system. + + ![Source Column](/img/product_docs/identitymanager/saas/user-guide/set-up/synchronization/entitytype_sourcecolumn_v602.webp) + +If a given property from users' data is displayed in an unexpected way, then: +Original image link: ![Source Column](/img/product_docs/identitymanager/saas/user-guide/set-up/synchronization/entitytype_sourcecolumn_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\synchronization\index.md +Context: +Check the format of both the application metadata and the external system. + +![Property Format](/img/product_docs/identitymanager/saas/user-guide/set-up/synchronization/entitytype_format_v523.webp) + +> For example, if you find that a given date doesn't comply with what you set, then maybe the format +Original image link: ![Property Format](/img/product_docs/identitymanager/saas/user-guide/set-up/synchronization/entitytype_format_v523.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\user-profile-assignment\index.md +Context: +topics for additional information. + +![Schema - Profile Assignment](/img/product_docs/identitymanager/saas/user-guide/set-up/user-profile-configuration/profiles_schema.webp) + +For example, the access to the list of users with their personal data is usually restricted to HR +Original image link: ![Schema - Profile Assignment](/img/product_docs/identitymanager/saas/user-guide/set-up/user-profile-configuration/profiles_schema.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\user-profile-assignment\index.md +Context: +Assign manually a profile to a user by proceeding as follows: + +![Home Page - Assigned Profiles](/img/product_docs/identitymanager/saas/user-guide/set-up/user-profile-assignment/home_assignedprofiles_v602.webp) + +**Step 1 –** Access the **Assigned Profiles** screen from the home page in the **Administration** +Original image link: ![Home Page - Assigned Profiles](/img/product_docs/identitymanager/saas/user-guide/set-up/user-profile-assignment/home_assignedprofiles_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\user-profile-assignment\index.md +Context: +section. + +![Addition Icon](/img/product_docs/identitymanager/saas/user-guide/set-up/user-profile-assignment/iconadd_v602.webp) + +**Step 2 –** Click on the addition button at the top right corner. +Original image link: ![Addition Icon](/img/product_docs/identitymanager/saas/user-guide/set-up/user-profile-assignment/iconadd_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\user-profile-assignment\index.md +Context: +**Step 2 –** Click on the addition button at the top right corner. + +![New Profile](/img/product_docs/identitymanager/saas/user-guide/set-up/user-profile-assignment/roleofficers_newprofile_v602.webp) + +**Step 3 –** Fill in the fields. +Original image link: ![New Profile](/img/product_docs/identitymanager/saas/user-guide/set-up/user-profile-assignment/roleofficers_newprofile_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\user-profile-assignment\index.md +Context: +topic for additional information. + +![Launch Button](/img/product_docs/identitymanager/saas/user-guide/set-up/user-profile-assignment/launch_v603.webp) + +Click on **Launch** to apply these profile rules. +Original image link: ![Launch Button](/img/product_docs/identitymanager/saas/user-guide/set-up/user-profile-assignment/launch_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\user-profile-configuration\index.md +Context: +assigning profiles to users and permissions to profiles. + +![Schema - Profile Assignment](/img/product_docs/identitymanager/saas/user-guide/set-up/user-profile-configuration/profiles_schema.webp) + +> For example, access to user lists with personal data is usually restricted to HR staff, and the +Original image link: ![Schema - Profile Assignment](/img/product_docs/identitymanager/saas/user-guide/set-up/user-profile-configuration/profiles_schema.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\user-profile-configuration\index.md +Context: + **Profiles** in the left menu. + + ![Home - Configuration](/img/product_docs/identitymanager/saas/user-guide/set-up/user-profile-configuration/home_settings_v523.webp) + +2. Check whether the profile to configure is part of the provided list. If not, create it by +Original image link: ![Home - Configuration](/img/product_docs/identitymanager/saas/user-guide/set-up/user-profile-configuration/home_settings_v523.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\user-profile-configuration\index.md +Context: + clicking on the addition button at the top right and fill in the fields. + + ![Addition Icon](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/classification/iconadd_v602.svg) + + +Original image link: ![Addition Icon](/img/product_docs/identitymanager/saas/user-guide/set-up/categorization/classification/iconadd_v602.svg) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\user-profile-configuration\index.md +Context: + + + ![New Profile](/img/product_docs/identitymanager/saas/user-guide/set-up/user-profile-configuration/profiles_creation_v602.webp) + + - `Identifier`: must be unique among profiles and without any whitespace. +Original image link: ![New Profile](/img/product_docs/identitymanager/saas/user-guide/set-up/user-profile-configuration/profiles_creation_v602.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\user-profile-configuration\index.md +Context: + the appropriate permissions, one by one, selecting if needed their responsibility scope. + + ![Profile Configuration Example](/img/product_docs/identitymanager/saas/user-guide/set-up/user-profile-configuration/profiles_example_v603.webp) + +5. Click on **Save** at the top of the page. +Original image link: ![Profile Configuration Example](/img/product_docs/identitymanager/saas/user-guide/set-up/user-profile-configuration/profiles_example_v603.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\identitymanager\6.2\user-guide\set-up\user-profile-configuration\index.md +Context: +5. Click on **Save** at the top of the page. + + ![Save Icon](/img/product_docs/identitymanager/saas/user-guide/set-up/user-profile-configuration/iconsave_v602.svg) + +## Verify Profile Configuration +Original image link: ![Save Icon](/img/product_docs/identitymanager/saas/user-guide/set-up/user-profile-configuration/iconsave_v602.svg) +Case: Product folder mismatch +No suggested images found. diff --git a/static/img/product_docs/passwordpolicyenforcer/10.2/skipped-image-links.txt b/static/img/product_docs/passwordpolicyenforcer/10.2/skipped-image-links.txt new file mode 100644 index 0000000000..7fe6b87f2c --- /dev/null +++ b/static/img/product_docs/passwordpolicyenforcer/10.2/skipped-image-links.txt @@ -0,0 +1,64 @@ + +--- +File: docs\passwordpolicyenforcer\10.2\administration\administration_overview.md +Context: +rejected. + +![introduction_2](/img/product_docs/passwordpolicyenforcer/10.2/evaluation/introduction_3.webp) + +Unlike password cracking products that check passwords after they are accepted by the operating +Original image link: ![introduction_2](/img/product_docs/passwordpolicyenforcer/10.2/evaluation/introduction_3.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\passwordpolicyenforcer\10.2\administration\disable_windows_rules.md +Context: +**Step 10 –** Close the Group Policy Management Editor. + +![installing_ppe_3](/img/product_docs/passwordpolicyenforcer/10.2/evaluation/preparing_the_computer.webp) + +**NOTE:** You do not have to disable all the Windows password policy rules to use Password Policy +Original image link: ![installing_ppe_3](/img/product_docs/passwordpolicyenforcer/10.2/evaluation/preparing_the_computer.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\passwordpolicyenforcer\10.2\administration\testing_policies.md +Context: +| Rule | Status of Password Compliance with Rule | +| ------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------- | +| ![testing_the_password_policy_1](/img/product_docs/passwordpolicyenforcer/10.2/evaluation/testing_the_password_policy_1.webp) | Rule disabled or not tested. | +| ![testing_the_password_policy_2](/img/product_docs/passwordpolicyenforcer/10.2/evaluation/testing_the_password_policy_2.webp) | Rule enabled, password complies with rule | +| ![testing_the_password_policy_3](/img/product_docs/passwordpolicyenforcer/10.2/evaluation/testing_the_password_policy_3.webp) | Rule enabled, password does not comply with rule. | +Original image link: ![testing_the_password_policy_1](/img/product_docs/passwordpolicyenforcer/10.2/evaluation/testing_the_password_policy_1.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\passwordpolicyenforcer\10.2\administration\testing_policies.md +Context: +| ------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------- | +| ![testing_the_password_policy_1](/img/product_docs/passwordpolicyenforcer/10.2/evaluation/testing_the_password_policy_1.webp) | Rule disabled or not tested. | +| ![testing_the_password_policy_2](/img/product_docs/passwordpolicyenforcer/10.2/evaluation/testing_the_password_policy_2.webp) | Rule enabled, password complies with rule | +| ![testing_the_password_policy_3](/img/product_docs/passwordpolicyenforcer/10.2/evaluation/testing_the_password_policy_3.webp) | Rule enabled, password does not comply with rule. | + +Original image link: ![testing_the_password_policy_2](/img/product_docs/passwordpolicyenforcer/10.2/evaluation/testing_the_password_policy_2.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\passwordpolicyenforcer\10.2\administration\testing_policies.md +Context: +| ![testing_the_password_policy_1](/img/product_docs/passwordpolicyenforcer/10.2/evaluation/testing_the_password_policy_1.webp) | Rule disabled or not tested. | +| ![testing_the_password_policy_2](/img/product_docs/passwordpolicyenforcer/10.2/evaluation/testing_the_password_policy_2.webp) | Rule enabled, password complies with rule | +| ![testing_the_password_policy_3](/img/product_docs/passwordpolicyenforcer/10.2/evaluation/testing_the_password_policy_3.webp) | Rule enabled, password does not comply with rule. | + +![managing_policies_12](/img/product_docs/passwordpolicyenforcer/10.2/administration/managing_policies_12.webp) +Original image link: ![testing_the_password_policy_3](/img/product_docs/passwordpolicyenforcer/10.2/evaluation/testing_the_password_policy_3.webp) +Case: Path alignment mismatch +No suggested images found. diff --git a/static/img/product_docs/passwordpolicyenforcer/11.0/skipped-image-links.txt b/static/img/product_docs/passwordpolicyenforcer/11.0/skipped-image-links.txt new file mode 100644 index 0000000000..1ad180418d --- /dev/null +++ b/static/img/product_docs/passwordpolicyenforcer/11.0/skipped-image-links.txt @@ -0,0 +1,63 @@ + +--- +File: docs\passwordpolicyenforcer\11.0\administration\administration_overview.md +Context: +Enforcer immediately rejects the password and details why the password was rejected. + +![introduction_2](/img/product_docs/passwordpolicyenforcer/11.0/evaluation/introduction_3.webp) + +Unlike password cracking products that check passwords after they are accepted by the operating +Original image link: ![introduction_2](/img/product_docs/passwordpolicyenforcer/11.0/evaluation/introduction_3.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\passwordpolicyenforcer\11.0\administration\configconsole.md +Context: +Double click the **PPE Configuration** desktop shortcut. + +![Configuration Console Dashboard](/img/product_docs/passwordpolicyenforcer/11.0/evaluation/ppedashboard.webp) + +## Dashboard Controls +Original image link: ![Configuration Console Dashboard](/img/product_docs/passwordpolicyenforcer/11.0/evaluation/ppedashboard.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\passwordpolicyenforcer\11.0\administration\configconsoleoverview.md +Context: +The [Configuration Console](/docs/passwordpolicyenforcer/11.0/administration/configconsole.md) is displayed: + +![Configuration Console Dashboard](/img/product_docs/passwordpolicyenforcer/11.0/evaluation/ppedashboard.webp) + +Original image link: ![Configuration Console Dashboard](/img/product_docs/passwordpolicyenforcer/11.0/evaluation/ppedashboard.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\passwordpolicyenforcer\11.0\administration\disable_windows_rules.md +Context: +**Step 10 –** Close the Group Policy Management Editor. + +![installing_ppe_3](/img/product_docs/passwordpolicyenforcer/11.0/evaluation/preparing_the_computer.webp) + +**NOTE:** You do not have to disable all the Windows password policy rules to use Password Policy +Original image link: ![installing_ppe_3](/img/product_docs/passwordpolicyenforcer/11.0/evaluation/preparing_the_computer.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\passwordpolicyenforcer\11.0\administration\manage_policies.md +Context: +Double click the **PPE Configuration** desktop shortcut. + +![Configuration Console Dashboard](/img/product_docs/passwordpolicyenforcer/11.0/evaluation/ppedashboard.webp) + +The Configuration Console dashboard shows **No password policies have been set up** when you are +Original image link: ![Configuration Console Dashboard](/img/product_docs/passwordpolicyenforcer/11.0/evaluation/ppedashboard.webp) +Case: Path alignment mismatch +No suggested images found. diff --git a/static/img/product_docs/passwordreset/3.23/skipped-image-links.txt b/static/img/product_docs/passwordreset/3.23/skipped-image-links.txt new file mode 100644 index 0000000000..8acbcf277d --- /dev/null +++ b/static/img/product_docs/passwordreset/3.23/skipped-image-links.txt @@ -0,0 +1,818 @@ + +--- +File: docs\passwordreset\3.23\administration\configuring_password_reset.md +Context: +information. + +![configuring_apr](/img/product_docs/passwordreset/3.23/evaluation/configuring_apr_1.webp) + +### Domain List +Original image link: ![configuring_apr](/img/product_docs/passwordreset/3.23/evaluation/configuring_apr_1.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\passwordreset\3.23\administration\configuring_password_reset.md +Context: +compliant password. + +![configuring_apr_1](/img/product_docs/passwordreset/3.23/evaluation/configuring_apr_1.webp) + +Password Reset displays the Password Policy Enforcer policy message when users are prompted for +Original image link: ![configuring_apr_1](/img/product_docs/passwordreset/3.23/evaluation/configuring_apr_1.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\passwordreset\3.23\administration\configuring_password_reset.md +Context: +understand their e-mail alerts. + +![configuring_apr_5](/img/product_docs/passwordpolicyenforcer/10.2/password_reset/administration/configuring_npr_5.webp) + +**CAUTION:** An attacker may choose a specific language to avoid detection. E-mail alerts are sent +Original image link: ![configuring_apr_5](/img/product_docs/passwordpolicyenforcer/10.2/password_reset/administration/configuring_npr_5.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\passwordreset\3.23\administration\configuring_password_reset.md +Context: +text box, and the path to the script file and other parameters in the **Parameters** text box. + +![configuring_apr_7](/img/product_docs/passwordpolicyenforcer/10.2/password_reset/administration/configuring_npr_7.webp) + +## Security Tab +Original image link: ![configuring_apr_7](/img/product_docs/passwordpolicyenforcer/10.2/password_reset/administration/configuring_npr_7.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\passwordreset\3.23\administration\installation.md +Context: +the credentials are valid. + +![installing_apr](/img/product_docs/passwordreset/3.23/evaluation/installing_apr_1.webp) + +**NOTE:** Microsoft SQL Server Compact is installed with the Password Reset Server. SQL Server +Original image link: ![installing_apr](/img/product_docs/passwordreset/3.23/evaluation/installing_apr_1.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\passwordreset\3.23\administration\installation.md +Context: +installed the Password Reset Server onto. + +![installing_apr_1](/img/product_docs/passwordreset/3.23/evaluation/installing_apr_1.webp) + +The Password Reset Setup wizard only installs one Web Interface on each server, but you can copy the +Original image link: ![installing_apr_1](/img/product_docs/passwordreset/3.23/evaluation/installing_apr_1.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\passwordreset\3.23\administration\password_reset_client.md +Context: +**Step 10 –** Click inside the **License key** text box, then paste the license key. + +![the_password_reset_client_5](/img/product_docs/passwordpolicyenforcer/10.2/password_reset/administration/the_password_reset_client_5.webp) + +**Step 11 –** Click **OK**. +Original image link: ![the_password_reset_client_5](/img/product_docs/passwordpolicyenforcer/10.2/password_reset/administration/the_password_reset_client_5.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\passwordreset\3.23\administration\persuading_users_to_enroll.md +Context: +**Step 3 –** Create a new **DWORD** value called **WebAPIState**, and set it to 1. + +![persuading_users_to_enroll](/img/product_docs/passwordpolicyenforcer/10.2/password_reset/administration/persuading_users_to_enroll.webp) + +## Querying the API +Original image link: ![persuading_users_to_enroll](/img/product_docs/passwordpolicyenforcer/10.2/password_reset/administration/persuading_users_to_enroll.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\passwordreset\3.23\administration\using_password_reset.md +Context: +**Step 1 –** Click the **Enroll** item in the menu. + +![using_apr](/img/product_docs/passwordreset/3.23/evaluation/using_apr_1_1.webp) + +**Step 2 –** Type a **Username**, **Domain**, and **Password**. +Original image link: ![using_apr](/img/product_docs/passwordreset/3.23/evaluation/using_apr_1_1.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\passwordreset\3.23\administration\using_password_reset.md +Context: +questions are answered correctly. + +![using_apr_2](/img/product_docs/passwordreset/3.23/evaluation/introduction_1_1.webp) + +**Step 4 –** You may be asked to enter a verification code. The verification code is sent to your +Original image link: ![using_apr_2](/img/product_docs/passwordreset/3.23/evaluation/introduction_1_1.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\passwordreset\3.23\administration\using_the_data_console.md +Context: +Editor** button in the lower right corner of the Data Console. + +![using_the_data_console_9](/img/product_docs/passwordpolicyenforcer/10.2/password_reset/administration/using_the_data_console_9.webp) + +A filter may contain several conditions. Conditions start with a column name, followed by an +Original image link: ![using_the_data_console_9](/img/product_docs/passwordpolicyenforcer/10.2/password_reset/administration/using_the_data_console_9.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\passwordreset\3.23\password_policy_enforcer\administration\administration_overview.md +Context: +was rejected. + +![introduction_2](/img/product_docs/passwordpolicyenforcer/10.2/evaluation/introduction_3.webp) + +Unlike password cracking products that check passwords after they are accepted by the operating +Original image link: ![introduction_2](/img/product_docs/passwordpolicyenforcer/10.2/evaluation/introduction_3.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\passwordreset\3.23\password_policy_enforcer\administration\configuration.md +Context: +you would like to create a new Password Policy Enforcer configuration. + +![configuring_ppe_1](/img/product_docs/passwordpolicyenforcer/10.2/administration/configuring_ppe_1.webp) + +The management console images in this document are taken from a computer running Windows +Original image link: ![configuring_ppe_1](/img/product_docs/passwordpolicyenforcer/10.2/administration/configuring_ppe_1.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\passwordreset\3.23\password_policy_enforcer\administration\configuration.md +Context: +#### Password Policy Enforcer View + +![configuring_ppe_2](/img/product_docs/passwordpolicyenforcer/10.2/administration/configuring_ppe_2.webp) + +Click **Password Policy Enforcer** in the left pane to display this view. With this view, you can +Original image link: ![configuring_ppe_2](/img/product_docs/passwordpolicyenforcer/10.2/administration/configuring_ppe_2.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\passwordreset\3.23\password_policy_enforcer\administration\configuration.md +Context: +#### PPS View + +![configuring_ppe_3](/img/product_docs/passwordpolicyenforcer/10.2/administration/configuring_ppe_3.webp) + +Click **PPS** in the left pane to display this view. With this view, you can perform the following +Original image link: ![configuring_ppe_3](/img/product_docs/passwordpolicyenforcer/10.2/administration/configuring_ppe_3.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\passwordreset\3.23\password_policy_enforcer\administration\configuration.md +Context: +#### Policies View + +![configuring_ppe_4](/img/product_docs/passwordpolicyenforcer/10.2/administration/configuring_ppe_4.webp) + +Click **PPS** in the left pane to display this view. With this view, you can perform the following +Original image link: ![configuring_ppe_4](/img/product_docs/passwordpolicyenforcer/10.2/administration/configuring_ppe_4.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\passwordreset\3.23\password_policy_enforcer\administration\configuration.md +Context: +for a policy. + +#### ![configuring_ppe_5](/img/product_docs/passwordpolicyenforcer/10.2/administration/configuring_ppe_5.webp) + +## Connecting to a Configuration +Original image link: ![configuring_ppe_5](/img/product_docs/passwordpolicyenforcer/10.2/administration/configuring_ppe_5.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\passwordreset\3.23\password_policy_enforcer\administration\configuration.md +Context: +**Step 2 –** Click **PPS Properties** in the right pane of the management console. + +![configuring_ppe_6](/img/product_docs/passwordpolicyenforcer/10.2/administration/configuring_ppe_6.webp) + +**Step 3 –** Click **Disable PPE**. +Original image link: ![configuring_ppe_6](/img/product_docs/passwordpolicyenforcer/10.2/administration/configuring_ppe_6.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\passwordreset\3.23\password_policy_enforcer\administration\domain_and_local_policies.md +Context: +**Step 5 –** Right-click the **Registry** item, and then select **New** > **Registry Wizard**. + +![domain_and_local_policies](/img/product_docs/passwordpolicyenforcer/10.2/administration/domain_and_local_policies.webp) + +**Step 6 –** Select the computer that contains the Password Policy Enforcer local configuration that +Original image link: ![domain_and_local_policies](/img/product_docs/passwordpolicyenforcer/10.2/administration/domain_and_local_policies.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\passwordreset\3.23\password_policy_enforcer\administration\domain_and_local_policies.md +Context: +each item in the bottom pane of the window. + +![domain_and_local_policies_1](/img/product_docs/passwordpolicyenforcer/10.2/administration/domain_and_local_policies_1.webp) + +**Step 9 –** Click **Finish**. +Original image link: ![domain_and_local_policies_1](/img/product_docs/passwordpolicyenforcer/10.2/administration/domain_and_local_policies_1.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\passwordreset\3.23\password_policy_enforcer\administration\installation.md +Context: +**Step 4 –** Enter **Password Policy Enforcer** in the provided field, and then press **Enter**. + +![installing_ppe_1](/img/product_docs/passwordpolicyenforcer/10.2/administration/installing_ppe_1.webp) + +#### Edit the Group Policy Object +Original image link: ![installing_ppe_1](/img/product_docs/passwordpolicyenforcer/10.2/administration/installing_ppe_1.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\passwordreset\3.23\password_policy_enforcer\administration\installation.md +Context: +**Step 6 –** Select the **Assigned deployment method**, and then click **OK**. + +![installing_ppe_2](/img/product_docs/passwordpolicyenforcer/10.2/administration/installing_ppe_2.webp) + +**Step 7 –** Close the Group Policy Management Editor. +Original image link: ![installing_ppe_2](/img/product_docs/passwordpolicyenforcer/10.2/administration/installing_ppe_2.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\passwordreset\3.23\password_policy_enforcer\administration\installation.md +Context: +**Step 10 –** Close the Group Policy Management Editor. + +![installing_ppe_3](/img/product_docs/passwordpolicyenforcer/10.2/evaluation/preparing_the_computer.webp) + +**NOTE:** You do not have to disable all the Windows password policy rules to use Password Policy +Original image link: ![installing_ppe_3](/img/product_docs/passwordpolicyenforcer/10.2/evaluation/preparing_the_computer.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\passwordreset\3.23\password_policy_enforcer\administration\installation.md +Context: +automatically import the V8.x configuration settings into the new version. + +![installing_ppe_4](/img/product_docs/passwordpolicyenforcer/10.2/administration/installing_ppe_4.webp) + +The management console imports valid subscription license keys, but it will not import V8.x +Original image link: ![installing_ppe_4](/img/product_docs/passwordpolicyenforcer/10.2/administration/installing_ppe_4.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\passwordreset\3.23\password_policy_enforcer\administration\installation.md +Context: +automatically import the V6.x configuration settings into the new version. + +![installing_ppe_7](/img/product_docs/passwordpolicyenforcer/10.2/administration/installing_ppe_7.webp) + +The management console imports valid subscription license keys, but it will not import V6.x +Original image link: ![installing_ppe_7](/img/product_docs/passwordpolicyenforcer/10.2/administration/installing_ppe_7.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\passwordreset\3.23\password_policy_enforcer\administration\mailer.md +Context: +**Step 3 –** Click the **email** tab. + +![the_ppe_mailer](/img/product_docs/passwordpolicyenforcer/10.2/administration/the_ppe_mailer.webp) + +**Step 4 –** Select the **Disable email reminders** option to disable email delivery. +Original image link: ![the_ppe_mailer](/img/product_docs/passwordpolicyenforcer/10.2/administration/the_ppe_mailer.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\passwordreset\3.23\password_policy_enforcer\administration\mailer.md +Context: +**Step 6 –** Click the Email tab. + +![the_ppe_mailer_1](/img/product_docs/passwordpolicyenforcer/10.2/administration/the_ppe_mailer_1.webp) + +Choose values from the days drop-down lists to specify when emails will be sent. By default, emails +Original image link: ![the_ppe_mailer_1](/img/product_docs/passwordpolicyenforcer/10.2/administration/the_ppe_mailer_1.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\passwordreset\3.23\password_policy_enforcer\administration\managing_policies.md +Context: +## Policy Properties + +![managing_policies_1](/img/product_docs/passwordpolicyenforcer/10.2/administration/managing_policies_1.webp) + +To open the Policy Properties page: +Original image link: ![managing_policies_1](/img/product_docs/passwordpolicyenforcer/10.2/administration/managing_policies_1.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\passwordreset\3.23\password_policy_enforcer\administration\managing_policies.md +Context: +policy to a child OU. + +![managing_policies_3](/img/product_docs/passwordpolicyenforcer/10.2/administration/managing_policies_3.webp) + +**NOTE:** When a domain policy is assigned to a user or group, Password Policy Enforcer stores the +Original image link: ![managing_policies_3](/img/product_docs/passwordpolicyenforcer/10.2/administration/managing_policies_3.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\passwordreset\3.23\password_policy_enforcer\administration\managing_policies.md +Context: +the configuration. The assignment is invalidated if the user is renamed. + +![managing_policies_4](/img/product_docs/passwordpolicyenforcer/10.2/administration/managing_policies_4.webp) + +To assign a password policy: +Original image link: ![managing_policies_4](/img/product_docs/passwordpolicyenforcer/10.2/administration/managing_policies_4.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\passwordreset\3.23\password_policy_enforcer\administration\managing_policies.md +Context: +will enforce for a particular user. + +![managing_policies_5](/img/product_docs/passwordpolicyenforcer/10.2/administration/managing_policies_5.webp) + +### Policy Priorities +Original image link: ![managing_policies_5](/img/product_docs/passwordpolicyenforcer/10.2/administration/managing_policies_5.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\passwordreset\3.23\password_policy_enforcer\administration\managing_policies.md +Context: +passphrases. To configure a password policy with fewer requirements for passphrases: + +![managing_policies_7](/img/product_docs/passwordpolicyenforcer/10.2/administration/managing_policies_7.webp) + +**Step 1 –** Click the Policies item to display the Policies view. +Original image link: ![managing_policies_7](/img/product_docs/passwordpolicyenforcer/10.2/administration/managing_policies_7.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\passwordreset\3.23\password_policy_enforcer\administration\managing_policies.md +Context: +| Rule | Status of Password Compliance with Rule | +| ------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------- | +| ![testing_the_password_policy_1](/img/product_docs/passwordpolicyenforcer/10.2/evaluation/testing_the_password_policy_1.webp) | Rule disabled or not tested. | +| ![testing_the_password_policy_2](/img/product_docs/passwordpolicyenforcer/10.2/evaluation/testing_the_password_policy_2.webp) | Rule enabled, password complies with rule | +| ![testing_the_password_policy_3](/img/product_docs/passwordpolicyenforcer/10.2/evaluation/testing_the_password_policy_3.webp) | Rule enabled, password does not comply with rule. | +Original image link: ![testing_the_password_policy_1](/img/product_docs/passwordpolicyenforcer/10.2/evaluation/testing_the_password_policy_1.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\passwordreset\3.23\password_policy_enforcer\administration\managing_policies.md +Context: +| ------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------- | +| ![testing_the_password_policy_1](/img/product_docs/passwordpolicyenforcer/10.2/evaluation/testing_the_password_policy_1.webp) | Rule disabled or not tested. | +| ![testing_the_password_policy_2](/img/product_docs/passwordpolicyenforcer/10.2/evaluation/testing_the_password_policy_2.webp) | Rule enabled, password complies with rule | +| ![testing_the_password_policy_3](/img/product_docs/passwordpolicyenforcer/10.2/evaluation/testing_the_password_policy_3.webp) | Rule enabled, password does not comply with rule. | + +Original image link: ![testing_the_password_policy_2](/img/product_docs/passwordpolicyenforcer/10.2/evaluation/testing_the_password_policy_2.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\passwordreset\3.23\password_policy_enforcer\administration\managing_policies.md +Context: +| ![testing_the_password_policy_1](/img/product_docs/passwordpolicyenforcer/10.2/evaluation/testing_the_password_policy_1.webp) | Rule disabled or not tested. | +| ![testing_the_password_policy_2](/img/product_docs/passwordpolicyenforcer/10.2/evaluation/testing_the_password_policy_2.webp) | Rule enabled, password complies with rule | +| ![testing_the_password_policy_3](/img/product_docs/passwordpolicyenforcer/10.2/evaluation/testing_the_password_policy_3.webp) | Rule enabled, password does not comply with rule. | + +Click the **Log** tab to view Password Policy Enforcer's internal event log. The event log can help +Original image link: ![testing_the_password_policy_3](/img/product_docs/passwordpolicyenforcer/10.2/evaluation/testing_the_password_policy_3.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\passwordreset\3.23\password_policy_enforcer\administration\managing_policies.md +Context: +- Errors or warnings occurred during testing. + +![managing_policies_12](/img/product_docs/passwordpolicyenforcer/10.2/administration/managing_policies_12.webp) + +### Policy Testing vs. Password Changes +Original image link: ![managing_policies_12](/img/product_docs/passwordpolicyenforcer/10.2/administration/managing_policies_12.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\passwordreset\3.23\password_policy_enforcer\administration\password_policy_client.md +Context: +![the_password_policy_client](/img/product_docs/passwordpolicyenforcer/10.2/administration/the_password_policy_client.webp) + +![the_password_policy_client_1](/img/product_docs/passwordpolicyenforcer/10.2/administration/the_password_policy_client_1.webp) + +The PPC displays the password policy during a password change so that users can see the policy while +Original image link: ![the_password_policy_client_1](/img/product_docs/passwordpolicyenforcer/10.2/administration/the_password_policy_client_1.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\passwordreset\3.23\password_policy_enforcer\administration\password_policy_client.md +Context: +**Step 6 –** Select the **Assigned deployment method**, then click **OK**. + +![the_password_policy_client_2](/img/product_docs/passwordpolicyenforcer/10.2/administration/the_password_policy_client_2.webp) + +**Step 7 –** Close the **Group Policy Management Editor**. +Original image link: ![the_password_policy_client_2](/img/product_docs/passwordpolicyenforcer/10.2/administration/the_password_policy_client_2.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\passwordreset\3.23\password_policy_enforcer\administration\password_policy_client.md +Context: +inbound port exceptions** in the right pane. + +![the_password_policy_client_3](/img/product_docs/passwordpolicyenforcer/10.2/administration/the_password_policy_client_3.webp) + +**Step 5 –** Select the **Enabled** option, and then click **Show...**. +Original image link: ![the_password_policy_client_3](/img/product_docs/passwordpolicyenforcer/10.2/administration/the_password_policy_client_3.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\passwordreset\3.23\password_policy_enforcer\administration\password_policy_client.md +Context: +**Step 5 –** Select the **Enabled** option, and then click **Show...**. + +![the_password_policy_client_4](/img/product_docs/passwordpolicyenforcer/10.2/administration/the_password_policy_client_4.webp) + +**Step 6 –** Select the **Enabled** option, and then click **Show...**. +Original image link: ![the_password_policy_client_4](/img/product_docs/passwordpolicyenforcer/10.2/administration/the_password_policy_client_4.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\passwordreset\3.23\password_policy_enforcer\administration\password_policy_client.md +Context: +**Step 6 –** Select the **Enabled** option, and then click **Show...**. + +![the_password_policy_client_5](/img/product_docs/passwordpolicyenforcer/10.2/administration/the_password_policy_client_5.webp) + +**Step 7 –** Click **OK** until you return to the Group Policy Management Editor. +Original image link: ![the_password_policy_client_5](/img/product_docs/passwordpolicyenforcer/10.2/administration/the_password_policy_client_5.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\passwordreset\3.23\password_policy_enforcer\administration\password_policy_client.md +Context: +**Step 2 –** Configure rule inserts for each enabled rule (see Customizing Rule Inserts above). + +![the_password_policy_client_6](/img/product_docs/passwordpolicyenforcer/10.2/administration/the_password_policy_client_6.webp) + +![the_password_policy_client_7](/img/product_docs/passwordpolicyenforcer/10.2/administration/the_password_policy_client_7.webp) +Original image link: ![the_password_policy_client_6](/img/product_docs/passwordpolicyenforcer/10.2/administration/the_password_policy_client_6.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\passwordreset\3.23\password_policy_enforcer\administration\password_policy_client.md +Context: +![the_password_policy_client_6](/img/product_docs/passwordpolicyenforcer/10.2/administration/the_password_policy_client_6.webp) + +![the_password_policy_client_7](/img/product_docs/passwordpolicyenforcer/10.2/administration/the_password_policy_client_7.webp) + +The Password Policy Client uses the Windows client language settings to determine which language to +Original image link: ![the_password_policy_client_7](/img/product_docs/passwordpolicyenforcer/10.2/administration/the_password_policy_client_7.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\passwordreset\3.23\password_policy_enforcer\administration\rules.md +Context: +evade the History and Similarity rules. This rule can only be enforced by domain policies. + +![ppe_rules_2](/img/product_docs/passwordpolicyenforcer/10.2/administration/ppe_rules_2.webp) + +Select the **Enabled** check box to enable the Minimum Age rule. +Original image link: ![ppe_rules_2](/img/product_docs/passwordpolicyenforcer/10.2/administration/ppe_rules_2.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\passwordreset\3.23\password_policy_enforcer\administration\rules.md +Context: +maintained with a system that cannot accept long passwords. + +![ppe_rules_3](/img/product_docs/passwordpolicyenforcer/10.2/administration/ppe_rules_3.webp) + +Select the **Enabled** check box to enable the Length rule. +Original image link: ![ppe_rules_3](/img/product_docs/passwordpolicyenforcer/10.2/administration/ppe_rules_3.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\passwordreset\3.23\password_policy_enforcer\administration\rules.md +Context: +sets. Using several character types can make passwords more difficult to crack. + +![ppe_rules_4](/img/product_docs/passwordpolicyenforcer/10.2/administration/ppe_rules_4.webp) + +Select the **Enabled** check box to enable the Complexity rule. +Original image link: ![ppe_rules_4](/img/product_docs/passwordpolicyenforcer/10.2/administration/ppe_rules_4.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\passwordreset\3.23\password_policy_enforcer\administration\rules.md +Context: +passwords are based on common words. + +![ppe_rules_5](/img/product_docs/passwordpolicyenforcer/10.2/administration/ppe_rules_5.webp) + +There are two Dictionary rules in each password policy. You can use the second rule with a different +Original image link: ![ppe_rules_5](/img/product_docs/passwordpolicyenforcer/10.2/administration/ppe_rules_5.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\passwordreset\3.23\password_policy_enforcer\administration\rules.md +Context: +number of days. + +![ppe_rules_7](/img/product_docs/passwordpolicyenforcer/10.2/administration/ppe_rules_7.webp) + +Select the **Enabled** check box to enable the History rule. +Original image link: ![ppe_rules_7](/img/product_docs/passwordpolicyenforcer/10.2/administration/ppe_rules_7.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\passwordreset\3.23\password_policy_enforcer\administration\rules.md +Context: +**Step 4 –** Press **ENTER** and check the output for errors. + +![ppe_rules_8](/img/product_docs/passwordpolicyenforcer/10.2/administration/ppe_rules_8.webp) + +### Using an Existing Attribute for the Password History +Original image link: ![ppe_rules_8](/img/product_docs/passwordpolicyenforcer/10.2/administration/ppe_rules_8.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\passwordreset\3.23\password_policy_enforcer\administration\rules.md +Context: +attacker to guess the new password. + +![ppe_rules_9](/img/product_docs/passwordpolicyenforcer/10.2/administration/ppe_rules_9.webp) + +Select the **Enabled** check box to enable the Similarity rule. +Original image link: ![ppe_rules_9](/img/product_docs/passwordpolicyenforcer/10.2/administration/ppe_rules_9.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\passwordreset\3.23\password_policy_enforcer\administration\rules.md +Context: +Passwords that are similar to a user's logon name are not desirable because they are easily guessed. + +![ppe_rules_10](/img/product_docs/passwordpolicyenforcer/10.2/administration/ppe_rules_10.webp) + +- Select the Enabled check box to enable the User Logon Name rule. +Original image link: ![ppe_rules_10](/img/product_docs/passwordpolicyenforcer/10.2/administration/ppe_rules_10.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\passwordreset\3.23\password_policy_enforcer\administration\rules.md +Context: +desirable because they are easily guessed. + +![ppe_rules_11](/img/product_docs/passwordpolicyenforcer/10.2/administration/ppe_rules_11.webp) + +- Select the **Enabled** check box to enable the User Display Name rule. +Original image link: ![ppe_rules_11](/img/product_docs/passwordpolicyenforcer/10.2/administration/ppe_rules_11.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\passwordreset\3.23\password_policy_enforcer\administration\rules.md +Context: +compatibility with other systems. + +![ppe_rules_12](/img/product_docs/passwordpolicyenforcer/10.2/administration/ppe_rules_12.webp) + +All the Character rules work identically, but each has their own default character set. A character +Original image link: ![ppe_rules_12](/img/product_docs/passwordpolicyenforcer/10.2/administration/ppe_rules_12.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\passwordreset\3.23\password_policy_enforcer\administration\rules.md +Context: +| | | +| ------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------- | +| ![ppe_rules_13](/img/product_docs/passwordpolicyenforcer/10.2/administration/ppe_rules_13.webp) | ![ppe_rules_14](/img/product_docs/passwordpolicyenforcer/10.2/administration/ppe_rules_14.webp) | + +Password Policy Enforcer has only one Numeric rule, so the second requirement must be enforced by +Original image link: ![ppe_rules_13](/img/product_docs/passwordpolicyenforcer/10.2/administration/ppe_rules_13.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\passwordreset\3.23\password_policy_enforcer\administration\rules.md +Context: +| | | +| ------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------- | +| ![ppe_rules_13](/img/product_docs/passwordpolicyenforcer/10.2/administration/ppe_rules_13.webp) | ![ppe_rules_14](/img/product_docs/passwordpolicyenforcer/10.2/administration/ppe_rules_14.webp) | + +Password Policy Enforcer has only one Numeric rule, so the second requirement must be enforced by +Original image link: ![ppe_rules_14](/img/product_docs/passwordpolicyenforcer/10.2/administration/ppe_rules_14.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\passwordreset\3.23\password_policy_enforcer\administration\rules.md +Context: +| | | +| ------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------- | +| ![ppe_rules_15](/img/product_docs/passwordpolicyenforcer/10.2/administration/ppe_rules_15.webp) | ![ppe_rules_16](/img/product_docs/passwordpolicyenforcer/10.2/administration/ppe_rules_16.webp) | + +Select the **Enabled** check box to enable the First or Last Character rule. +Original image link: ![ppe_rules_15](/img/product_docs/passwordpolicyenforcer/10.2/administration/ppe_rules_15.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\passwordreset\3.23\password_policy_enforcer\administration\rules.md +Context: +| | | +| ------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------- | +| ![ppe_rules_15](/img/product_docs/passwordpolicyenforcer/10.2/administration/ppe_rules_15.webp) | ![ppe_rules_16](/img/product_docs/passwordpolicyenforcer/10.2/administration/ppe_rules_16.webp) | + +Select the **Enabled** check box to enable the First or Last Character rule. +Original image link: ![ppe_rules_16](/img/product_docs/passwordpolicyenforcer/10.2/administration/ppe_rules_16.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\passwordreset\3.23\password_policy_enforcer\administration\rules.md +Context: +shoulder surfing (observing users as they enter their password). + +![ppe_rules_17](/img/product_docs/passwordpolicyenforcer/10.2/administration/ppe_rules_17.webp) + +The examples for this rule are taken from a US keyboard layout. These patterns may not exist on +Original image link: ![ppe_rules_17](/img/product_docs/passwordpolicyenforcer/10.2/administration/ppe_rules_17.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\passwordreset\3.23\password_policy_enforcer\administration\rules.md +Context: +Passwords should not contain character patterns because they can weaken the password. + +![ppe_rules_19](/img/product_docs/passwordpolicyenforcer/10.2/administration/ppe_rules_19.webp) + +- Select the **Enabled** check box to enable the Character Pattern rule. +Original image link: ![ppe_rules_19](/img/product_docs/passwordpolicyenforcer/10.2/administration/ppe_rules_19.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\passwordreset\3.23\password_policy_enforcer\administration\rules.md +Context: +consecutive repeating characters (SssS). + +![ppe_rules_21](/img/product_docs/passwordpolicyenforcer/10.2/administration/ppe_rules_21.webp) + +- Select the **Enabled** check box to enable the Repeating Characters rule. +Original image link: ![ppe_rules_21](/img/product_docs/passwordpolicyenforcer/10.2/administration/ppe_rules_21.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\passwordreset\3.23\password_policy_enforcer\administration\rules.md +Context: +characters (LoOpHle). + +![ppe_rules_22](/img/product_docs/passwordpolicyenforcer/10.2/administration/ppe_rules_22.webp) + +- Select the **Enabled** check box to enable the Unique Characters rule. +Original image link: ![ppe_rules_22](/img/product_docs/passwordpolicyenforcer/10.2/administration/ppe_rules_22.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\passwordreset\3.23\password_policy_enforcer\evaluation\evaluation_overview.md +Context: +immediately rejects the password and tells the user why their password was rejected. + +![introduction_3](/img/product_docs/passwordpolicyenforcer/10.2/evaluation/introduction_3.webp) + +Unlike password cracking products that check passwords after they are accepted by the operating +Original image link: ![introduction_3](/img/product_docs/passwordpolicyenforcer/10.2/evaluation/introduction_3.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\passwordreset\3.23\password_policy_enforcer\web\web_overview.md +Context: +choose a compliant password. + +![introduction_4](/img/product_docs/passwordpolicyenforcer/10.2/web/introduction_4.webp) + +PPE/Web communicates directly with the domain controllers, so it works best when both the web server +Original image link: ![introduction_4](/img/product_docs/passwordpolicyenforcer/10.2/web/introduction_4.webp) +Case: Product folder mismatch +No suggested images found. diff --git a/static/img/product_docs/passwordreset/3.3/skipped-image-links.txt b/static/img/product_docs/passwordreset/3.3/skipped-image-links.txt new file mode 100644 index 0000000000..d9c7e24868 --- /dev/null +++ b/static/img/product_docs/passwordreset/3.3/skipped-image-links.txt @@ -0,0 +1,673 @@ + +--- +File: docs\passwordreset\3.3\administration\about_tab.md +Context: +key. + +![configuring_npr_10](/img/product_docs/passwordpolicyenforcer/11.0/passwordreset/administration/configuring_npr_10.webp) + +To install a new license key, copy the entire license e-mail to the clipboard, and then click Get +Original image link: ![configuring_npr_10](/img/product_docs/passwordpolicyenforcer/11.0/passwordreset/administration/configuring_npr_10.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\passwordreset\3.3\administration\editing_the_html_templates.md +Context: +normally caused by invalid user input. + +![using_npr_12](/img/product_docs/passwordpolicyenforcer/11.0/passwordreset/administration/using_npr_12.webp) + +Validation error messages are defined in the relevant template (en_enroll.htm, en_reset.htm, +Original image link: ![using_npr_12](/img/product_docs/passwordpolicyenforcer/11.0/passwordreset/administration/using_npr_12.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\passwordreset\3.3\administration\editing_the_html_templates.md +Context: +strings section near the end of the file. See the Resource Strings topic for more information. + +![using_npr_13](/img/product_docs/passwordpolicyenforcer/11.0/passwordreset/administration/using_npr_13.webp) + +You may see placeholders like %1 and %2 in some error messages. These are replaced with more +Original image link: ![using_npr_13](/img/product_docs/passwordpolicyenforcer/11.0/passwordreset/administration/using_npr_13.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\passwordreset\3.3\administration\editing_the_html_templates.md +Context: +the Resource Strings topic for more information. + +![using_npr_9](/img/product_docs/passwordpolicyenforcer/11.0/passwordreset/administration/using_npr_9.webp) + +`en_finished.htm` has two resource strings for password changes (RES_FINISHED_CHANGE and +Original image link: ![using_npr_9](/img/product_docs/passwordpolicyenforcer/11.0/passwordreset/administration/using_npr_9.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\passwordreset\3.3\administration\email_tab.md +Context: +Click the name of an enabled trigger to edit the trigger's e-mail template. + +![configuring_npr_4](/img/product_docs/passwordpolicyenforcer/11.0/passwordreset/administration/configuring_npr_4.webp) + +Type the name and e-mail address you wish to appear in the e-mail's From field in the **From** text +Original image link: ![configuring_npr_4](/img/product_docs/passwordpolicyenforcer/11.0/passwordreset/administration/configuring_npr_4.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\passwordreset\3.3\administration\email_tab.md +Context: +understand their e-mail alerts. + +![configuring_npr_5](/img/product_docs/passwordpolicyenforcer/11.0/passwordreset/administration/configuring_npr_5.webp) + +**CAUTION:** An attacker may choose a specific language to avoid detection. E-mail alerts are sent +Original image link: ![configuring_npr_5](/img/product_docs/passwordpolicyenforcer/11.0/passwordreset/administration/configuring_npr_5.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\passwordreset\3.3\administration\enroll_tab.md +Context: +Use the **Enroll** tab to maintain the list of enrollment questions and options. + +![configuring_npr_2](/img/product_docs/passwordpolicyenforcer/11.0/passwordreset/administration/configuring_npr_2.webp) + +### Question List +Original image link: ![configuring_npr_2](/img/product_docs/passwordpolicyenforcer/11.0/passwordreset/administration/configuring_npr_2.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\passwordreset\3.3\administration\filtering_data.md +Context: +values directly into this row. + +![using_the_data_console_3](/img/product_docs/passwordpolicyenforcer/11.0/passwordreset/administration/using_the_data_console_3.webp) + +The Filter Row is empty when you first open the Data Console. To create a filter, click the **Filter +Original image link: ![using_the_data_console_3](/img/product_docs/passwordpolicyenforcer/11.0/passwordreset/administration/using_the_data_console_3.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\passwordreset\3.3\administration\filtering_data.md +Context: +character. + +![using_the_data_console_4](/img/product_docs/passwordpolicyenforcer/11.0/passwordreset/administration/using_the_data_console_4.webp) + +The image above shows a filter on the Date, Source, and Source IP columns. Only password reset +Original image link: ![using_the_data_console_4](/img/product_docs/passwordpolicyenforcer/11.0/passwordreset/administration/using_the_data_console_4.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\passwordreset\3.3\administration\filtering_data.md +Context: +You can also create a filter by selecting values from a list in the column headers. + +![using_the_data_console_5](/img/product_docs/passwordpolicyenforcer/11.0/passwordreset/administration/using_the_data_console_5.webp) + +Hover the mouse pointer over a column header until a small button appears on the right side of the +Original image link: ![using_the_data_console_5](/img/product_docs/passwordpolicyenforcer/11.0/passwordreset/administration/using_the_data_console_5.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\passwordreset\3.3\administration\filtering_data.md +Context: +header. + +![using_the_data_console_6](/img/product_docs/passwordpolicyenforcer/11.0/passwordreset/administration/using_the_data_console_6.webp) + +Click the button to show a list of values in the column. +Original image link: ![using_the_data_console_6](/img/product_docs/passwordpolicyenforcer/11.0/passwordreset/administration/using_the_data_console_6.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\passwordreset\3.3\administration\filtering_data.md +Context: +hidden. + +![using_the_data_console_7](/img/product_docs/passwordpolicyenforcer/11.0/passwordreset/administration/using_the_data_console_7.webp) + +The list of values for date and date/time columns also includes date ranges such as **Last 7 days**, +Original image link: ![using_the_data_console_7](/img/product_docs/passwordpolicyenforcer/11.0/passwordreset/administration/using_the_data_console_7.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\passwordreset\3.3\administration\filtering_data.md +Context: +filters. Click **(Custom...)** in a column header's value list to create a custom filter. + +![using_the_data_console_8](/img/product_docs/passwordpolicyenforcer/11.0/passwordreset/administration/using_the_data_console_8.webp) + +Custom filters can contain one or two conditions for each column. Select an operator for the first +Original image link: ![using_the_data_console_8](/img/product_docs/passwordpolicyenforcer/11.0/passwordreset/administration/using_the_data_console_8.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\passwordreset\3.3\administration\filtering_data.md +Context: +active filter. The button on the right side of the Filter Bar opens the Filter Editor. + +![using_the_data_console_11](/img/product_docs/passwordpolicyenforcer/11.0/passwordreset/administration/using_the_data_console_11.webp) + +A button and a check box appear on the left side of the Filter Bar when a filter is active. Click +Original image link: ![using_the_data_console_11](/img/product_docs/passwordpolicyenforcer/11.0/passwordreset/administration/using_the_data_console_11.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\passwordreset\3.3\administration\filtering_data.md +Context: +the button to clear the filter. Toggle the check box to disable or enable the filter. + +![using_the_data_console_12](/img/product_docs/passwordpolicyenforcer/11.0/passwordreset/administration/using_the_data_console_12.webp) + +A drop-down button appears to the right of the filter. Click it to select a recently used filter. +Original image link: ![using_the_data_console_12](/img/product_docs/passwordpolicyenforcer/11.0/passwordreset/administration/using_the_data_console_12.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\passwordreset\3.3\administration\filtering_data.md +Context: +A drop-down button appears to the right of the filter. Click it to select a recently used filter. + +![using_the_data_console_13](/img/product_docs/passwordpolicyenforcer/11.0/passwordreset/administration/using_the_data_console_13.webp) + +## Exporting Data +Original image link: ![using_the_data_console_13](/img/product_docs/passwordpolicyenforcer/11.0/passwordreset/administration/using_the_data_console_13.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\passwordreset\3.3\administration\filter_editor.md +Context: +Editor** button in the lower right corner of the Data Console. + +![using_the_data_console_9](/img/product_docs/passwordpolicyenforcer/11.0/passwordreset/administration/using_the_data_console_9.webp) + +A filter may contain several conditions. Conditions start with a column name, followed by an +Original image link: ![using_the_data_console_9](/img/product_docs/passwordpolicyenforcer/11.0/passwordreset/administration/using_the_data_console_9.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\passwordreset\3.3\administration\filter_editor.md +Context: +record. + +![using_the_data_console_10](/img/product_docs/passwordpolicyenforcer/11.0/passwordreset/administration/using_the_data_console_10.webp) + +Original image link: ![using_the_data_console_10](/img/product_docs/passwordpolicyenforcer/11.0/passwordreset/administration/using_the_data_console_10.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\passwordreset\3.3\administration\general_tab.md +Context: +compliant password. + +![configuring_npr_1](/img/product_docs/passwordpolicyenforcer/11.0/passwordreset/administration/configuring_npr_1.webp) + +Password Reset displays the Password Policy Enforcer policy message when users are prompted for +Original image link: ![configuring_npr_1](/img/product_docs/passwordpolicyenforcer/11.0/passwordreset/administration/configuring_npr_1.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\passwordreset\3.3\administration\general_tab.md +Context: +server configuration, and enable "Only accept encrypted client request". + +![using_ppe_with_npr](/img/product_docs/passwordpolicyenforcer/11.0/passwordreset/administration/using_ppe_with_npr.webp) + +Please do not enable this option if you are using Netwrix Password Reset v3.3 with Netwrix Password +Original image link: ![using_ppe_with_npr](/img/product_docs/passwordpolicyenforcer/11.0/passwordreset/administration/using_ppe_with_npr.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\passwordreset\3.3\administration\installation.md +Context: +the credentials are valid. + +![installing_npr](/img/product_docs/passwordreset/3.3/evaluation/installing_npr.webp) + +**NOTE:** Microsoft SQL Server Compact is installed with the Password Reset Server. SQL Server +Original image link: ![installing_npr](/img/product_docs/passwordreset/3.3/evaluation/installing_npr.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\passwordreset\3.3\administration\installation.md +Context: +installed the Password Reset Server onto. + +![installing_npr_1](/img/product_docs/passwordpolicyenforcer/11.0/passwordreset/administration/installing_npr_1.webp) + +The Password Reset Setup wizard only installs one Web Interface on each server, but you can copy the +Original image link: ![installing_npr_1](/img/product_docs/passwordpolicyenforcer/11.0/passwordreset/administration/installing_npr_1.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\passwordreset\3.3\administration\moving_to_sql_server.md +Context: +this account. + +![working_with_the_database](/img/product_docs/passwordpolicyenforcer/11.0/passwordreset/administration/working_with_the_database.webp) + +**Step 3 –** Create an SQL Server user, and map it to the service account login. +Original image link: ![working_with_the_database](/img/product_docs/passwordpolicyenforcer/11.0/passwordreset/administration/working_with_the_database.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\passwordreset\3.3\administration\moving_to_sql_server.md +Context: +The SQL Server Native Client must be installed if **Trust server certificate** is selected. + +![working_with_the_database_1](/img/product_docs/passwordpolicyenforcer/11.0/passwordreset/administration/working_with_the_database_1.webp) + +**Step 8 –** Click **Next**. +Original image link: ![working_with_the_database_1](/img/product_docs/passwordpolicyenforcer/11.0/passwordreset/administration/working_with_the_database_1.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\passwordreset\3.3\administration\password_reset_client.md +Context: +**Step 4 –** Enter **Password Reset Client**, then press **ENTER**. + +![the_password_reset_client_1](/img/product_docs/passwordreset/3.3/evaluation/the_password_reset_client_1.webp) + +### Edit the Group Policy Object +Original image link: ![the_password_reset_client_1](/img/product_docs/passwordreset/3.3/evaluation/the_password_reset_client_1.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\passwordreset\3.3\administration\password_reset_client.md +Context: +**Step 7 –** Select **NPRClt.adm**, and then click **Open**. + +![the_password_reset_client_2](/img/product_docs/passwordpolicyenforcer/11.0/passwordreset/administration/the_password_reset_client_2.webp) + +**Step 8 –** Click **Close**. +Original image link: ![the_password_reset_client_2](/img/product_docs/passwordpolicyenforcer/11.0/passwordreset/administration/the_password_reset_client_2.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\passwordreset\3.3\administration\password_reset_client.md +Context: +Reset Client** items. + +![the_password_reset_client_3](/img/product_docs/passwordpolicyenforcer/11.0/passwordreset/administration/the_password_reset_client_3.webp) + +**Step 4 –** Double-click the **Browser settings** item in the right pane of the Group Policy +Original image link: ![the_password_reset_client_3](/img/product_docs/passwordpolicyenforcer/11.0/passwordreset/administration/the_password_reset_client_3.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\passwordreset\3.3\administration\password_reset_client.md +Context: +Management Editor. + +![the_password_reset_client_4](/img/product_docs/passwordpolicyenforcer/11.0/passwordreset/administration/the_password_reset_client_4.webp) + +**Step 5 –** Select the **Enabled**option. +Original image link: ![the_password_reset_client_4](/img/product_docs/passwordpolicyenforcer/11.0/passwordreset/administration/the_password_reset_client_4.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\passwordreset\3.3\administration\password_reset_client.md +Context: +**Step 10 –** Click inside the **License key** text box, then paste the license key. + +![the_password_reset_client_5](/img/product_docs/passwordpolicyenforcer/11.0/passwordreset/administration/the_password_reset_client_5.webp) + +**Step 11 –** Click **OK**. +Original image link: ![the_password_reset_client_5](/img/product_docs/passwordpolicyenforcer/11.0/passwordreset/administration/the_password_reset_client_5.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\passwordreset\3.3\administration\permissions_tab.md +Context: +Use the **Permissions** tab to control which users can use Password Reset. + +![configuring_npr_9](/img/product_docs/passwordpolicyenforcer/11.0/passwordreset/administration/configuring_npr_9.webp) + +### Enroll +Original image link: ![configuring_npr_9](/img/product_docs/passwordpolicyenforcer/11.0/passwordreset/administration/configuring_npr_9.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\passwordreset\3.3\administration\persuading_users_to_enroll.md +Context: +**Step 3 –** Create a new **DWORD** value called **WebAPIState**, and set it to 1. + +![persuading_users_to_enroll](/img/product_docs/passwordpolicyenforcer/11.0/passwordreset/administration/persuading_users_to_enroll.webp) + +## Querying the API +Original image link: ![persuading_users_to_enroll](/img/product_docs/passwordpolicyenforcer/11.0/passwordreset/administration/persuading_users_to_enroll.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\passwordreset\3.3\administration\security_tab.md +Context: +lockout threshold. + +![configuring_npr_8](/img/product_docs/passwordpolicyenforcer/11.0/passwordreset/administration/configuring_npr_8.webp) + +### Inactivity Timeout +Original image link: ![configuring_npr_8](/img/product_docs/passwordpolicyenforcer/11.0/passwordreset/administration/configuring_npr_8.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\passwordreset\3.3\administration\using_password_reset.md +Context: +**Step 1 –** Click the **Enroll** item in the menu. + +![using_npr_0](/img/product_docs/passwordreset/3.3/evaluation/using_npr_1_1.webp) + +**Step 2 –** Type a **Username**, **Domain**, and **Password**. +Original image link: ![using_npr_0](/img/product_docs/passwordreset/3.3/evaluation/using_npr_1_1.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\passwordreset\3.3\administration\using_password_reset.md +Context: +questions are answered correctly. + +![using_npr_3](/img/product_docs/passwordpolicyenforcer/11.0/passwordreset/administration/using_npr_3.webp) + +**Step 4 –** You may be asked to enter a verification code. The verification code is sent to your +Original image link: ![using_npr_3](/img/product_docs/passwordpolicyenforcer/11.0/passwordreset/administration/using_npr_3.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\passwordreset\3.3\administration\using_password_reset.md +Context: +phone by e-mail or SMS. Type the **Code**, and then click **Next**. + +![using_npr_5](/img/product_docs/passwordpolicyenforcer/11.0/passwordreset/administration/using_npr_5.webp) + +**Step 5 –** Type the new **Password** into both text boxes, and then click **Next**. +Original image link: ![using_npr_5](/img/product_docs/passwordpolicyenforcer/11.0/passwordreset/administration/using_npr_5.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\passwordreset\3.3\administration\using_password_reset.md +Context: +**Step 5 –** Type the new **Password** into both text boxes, and then click **Next**. + +![using_npr_6](/img/product_docs/passwordpolicyenforcer/11.0/passwordreset/administration/using_npr_6.webp) + +**Step 6 –** Click **OK** to return to the menu. +Original image link: ![using_npr_6](/img/product_docs/passwordpolicyenforcer/11.0/passwordreset/administration/using_npr_6.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\passwordreset\3.3\administration\using_password_reset.md +Context: +**Step 1 –** Click the **Unlock** item in the menu. + +![using_npr_7](/img/product_docs/passwordpolicyenforcer/11.0/passwordreset/administration/using_npr_7.webp) + +**Step 2 –** Type a **Username** and **Domain**, and then click **Next**. +Original image link: ![using_npr_7](/img/product_docs/passwordpolicyenforcer/11.0/passwordreset/administration/using_npr_7.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\passwordreset\3.3\administration\using_password_reset.md +Context: +questions are answered correctly. + +![using_npr_8](/img/product_docs/passwordpolicyenforcer/11.0/passwordreset/administration/using_npr_8.webp) + +**Step 4 –** You may be asked to enter a verification code. The verification code is sent to your +Original image link: ![using_npr_8](/img/product_docs/passwordpolicyenforcer/11.0/passwordreset/administration/using_npr_8.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\passwordreset\3.3\administration\using_password_reset.md +Context: +phone by e-mail or SMS. Type the **Code**, and then click **Next**. + +![using_npr_9](/img/product_docs/passwordpolicyenforcer/11.0/passwordreset/administration/using_npr_9.webp) + +**Step 5 –** Click **OK** to return to the menu. +Original image link: ![using_npr_9](/img/product_docs/passwordpolicyenforcer/11.0/passwordreset/administration/using_npr_9.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\passwordreset\3.3\administration\using_password_reset.md +Context: +fields and resubmitting the form. + +![using_npr_12](/img/product_docs/passwordpolicyenforcer/11.0/passwordreset/administration/using_npr_12.webp) + +Critical errors are shown on their own page. These errors are mostly a result of configuration or +Original image link: ![using_npr_12](/img/product_docs/passwordpolicyenforcer/11.0/passwordreset/administration/using_npr_12.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\passwordreset\3.3\administration\using_password_reset.md +Context: +control. + +![using_npr_13](/img/product_docs/passwordpolicyenforcer/11.0/passwordreset/administration/using_npr_13.webp) + +Validation and critical error messages are stored in the HTML templates. You can modify the default +Original image link: ![using_npr_13](/img/product_docs/passwordpolicyenforcer/11.0/passwordreset/administration/using_npr_13.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\passwordreset\3.3\administration\verification_tab.md +Context: +verification code to continue. + +![configuring_npr_6](/img/product_docs/passwordpolicyenforcer/11.0/passwordreset/administration/configuring_npr_6.webp)7 + +#### Verification Codes +Original image link: ![configuring_npr_6](/img/product_docs/passwordpolicyenforcer/11.0/passwordreset/administration/configuring_npr_6.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\passwordreset\3.3\administration\verification_tab.md +Context: +information about the user. + +![configuring_npr_0](/img/product_docs/passwordpolicyenforcer/11.0/passwordreset/administration/configuring_npr_0.webp) + +Verification codes are of a specified length, and may contain both alpha and numeric characters. +Original image link: ![configuring_npr_0](/img/product_docs/passwordpolicyenforcer/11.0/passwordreset/administration/configuring_npr_0.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\passwordreset\3.3\administration\verification_tab.md +Context: +text box, and the path to the script file and other parameters in the **Parameters** text box. + +![configuring_npr_7](/img/product_docs/passwordpolicyenforcer/11.0/passwordreset/administration/configuring_npr_7.webp) + +Original image link: ![configuring_npr_7](/img/product_docs/passwordpolicyenforcer/11.0/passwordreset/administration/configuring_npr_7.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\passwordreset\3.3\evaluation\configuring_password_reset.md +Context: +Configuration Console to open the console. + +![configuring_npr_1](/img/product_docs/passwordpolicyenforcer/11.0/passwordreset/administration/configuring_npr_1.webp) + +The Configuration Console has a tabbed layout. Click the tabs along the top to see the various +Original image link: ![configuring_npr_1](/img/product_docs/passwordpolicyenforcer/11.0/passwordreset/administration/configuring_npr_1.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\passwordreset\3.3\evaluation\data_console.md +Context: +only some of the events. Filters are very flexible and easy to create. + +![the_data_console_1](/img/product_docs/passwordpolicyenforcer/11.0/passwordreset/administration/using_the_data_console_9.webp) + +The Users tab contains information about each user. You can export the data in the Audit Log and +Original image link: ![the_data_console_1](/img/product_docs/passwordpolicyenforcer/11.0/passwordreset/administration/using_the_data_console_9.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\passwordreset\3.3\evaluation\evaluation_overview.md +Context: +encounter any problems during your evaluation. + +![introduction_1_1](/img/product_docs/passwordpolicyenforcer/11.0/passwordreset/evaluation/introduction_1_1.webp) + +The Password Reset Administrator's Guide contains additional installation and configuration +Original image link: ![introduction_1_1](/img/product_docs/passwordpolicyenforcer/11.0/passwordreset/evaluation/introduction_1_1.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\passwordreset\3.3\passwordpolicyenforcer\administration\administration_overview.md +Context: +Enforcer immediately rejects the password and details why the password was rejected. + +![introduction_2](/img/product_docs/passwordpolicyenforcer/11.0/evaluation/introduction_3.webp) + +Unlike password cracking products that check passwords after they are accepted by the operating +Original image link: ![introduction_2](/img/product_docs/passwordpolicyenforcer/11.0/evaluation/introduction_3.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\passwordreset\3.3\passwordpolicyenforcer\administration\password_policy_client.md +Context: +Client. + +![the_password_policy_client](/img/product_docs/passwordpolicyenforcer/11.0/administration/the_password_policy_client.webp) + +![the_password_policy_client_1](/img/product_docs/passwordpolicyenforcer/11.0/administration/the_password_policy_client_1.webp) +Original image link: ![the_password_policy_client](/img/product_docs/passwordpolicyenforcer/11.0/administration/the_password_policy_client.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\passwordreset\3.3\passwordpolicyenforcer\administration\password_policy_client.md +Context: +![the_password_policy_client](/img/product_docs/passwordpolicyenforcer/11.0/administration/the_password_policy_client.webp) + +![the_password_policy_client_1](/img/product_docs/passwordpolicyenforcer/11.0/administration/the_password_policy_client_1.webp) + +The Password Policy Client displays the password policy during a password change so that users can +Original image link: ![the_password_policy_client_1](/img/product_docs/passwordpolicyenforcer/11.0/administration/the_password_policy_client_1.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\passwordreset\3.3\passwordpolicyenforcer\administration\similarity_rule.md +Context: +"password2", "password3". Password serialization allows an attacker to guess the new password. + +![Similarity Rule](/img/product_docs/passwordpolicyenforcer/11.0/administration/similarity.webp) + +Select the **Similarity** check box to enable the Similarity rule. +Original image link: ![Similarity Rule](/img/product_docs/passwordpolicyenforcer/11.0/administration/similarity.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\passwordreset\3.3\passwordpolicyenforcer\evaluation\evaluation_overview.md +Context: +immediately rejects the password and details why the password was rejected. + +![introduction_3](/img/product_docs/passwordpolicyenforcer/11.0/evaluation/introduction_3.webp) + +Unlike password cracking products that check passwords after they are accepted by the operating +Original image link: ![introduction_3](/img/product_docs/passwordpolicyenforcer/11.0/evaluation/introduction_3.webp) +Case: Product folder mismatch +No suggested images found. diff --git a/static/img/product_docs/passwordsecure/9.1/skipped-image-links.txt b/static/img/product_docs/passwordsecure/9.1/skipped-image-links.txt new file mode 100644 index 0000000000..f51557a107 --- /dev/null +++ b/static/img/product_docs/passwordsecure/9.1/skipped-image-links.txt @@ -0,0 +1,38 @@ + +--- +File: docs\passwordsecure\9.1\configuration\advanced_view\clientmodule\notifications\notifications.md +Context: +[Visibility](/docs/passwordsecure/9.1/configuration/advanced_view/permissionconcept/predefining_rights/protective_mechanisms/visibility/visibility.md) + +![Notifications modul](/img/product_docs/passwordsecure/9.1/configuration/advanced_view/clientmodule/applications/rdp_and_ssh_applications/recording_a_session/notifications_1-en.webp) + +NOTE: The reading pane is deactivated in this module by default. It can be activated in the +Original image link: ![Notifications modul](/img/product_docs/passwordsecure/9.1/configuration/advanced_view/clientmodule/applications/rdp_and_ssh_applications/recording_a_session/notifications_1-en.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\passwordsecure\9.1\configuration\advanced_view\mainmenu\user_settings\overview_user_settings\overview_of_all_user_settings.md +Context: +selected version are correspondingly marked in the list. + +![installation_with_parameters_115](/img/product_docs/passwordsecure/9.1/configuration/advanced_view/mainmenu/user_rights/overview_user_rights/installation_with_parameters_115.webp) + +This makes it easier for administrators to correctly configure new options before they release the +Original image link: ![installation_with_parameters_115](/img/product_docs/passwordsecure/9.1/configuration/advanced_view/mainmenu/user_rights/overview_user_rights/installation_with_parameters_115.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\passwordsecure\9.1\configuration\advanced_view\mainmenu\user_settings\user_settings.md +Context: +are not assigned via roles, but via organisational units! + +![installation_with_parameters_112](/img/product_docs/passwordsecure/9.1/configuration/advanced_view/mainmenu/user_rights/installation_with_parameters_112.webp) + +### Inheritance of user settings +Original image link: ![installation_with_parameters_112](/img/product_docs/passwordsecure/9.1/configuration/advanced_view/mainmenu/user_rights/installation_with_parameters_112.webp) +Case: Path alignment mismatch +No suggested images found. diff --git a/static/img/product_docs/passwordsecure/9.2/skipped-image-links.txt b/static/img/product_docs/passwordsecure/9.2/skipped-image-links.txt new file mode 100644 index 0000000000..2d43d06cdc --- /dev/null +++ b/static/img/product_docs/passwordsecure/9.2/skipped-image-links.txt @@ -0,0 +1,38 @@ + +--- +File: docs\passwordsecure\9.2\configuration\advanced_view\clientmodule\notifications\notifications.md +Context: +[Visibility](/docs/passwordsecure/9.2/configuration/advanced_view/permissionconcept/predefining_rights/protective_mechanisms/visibility/visibility.md) + +![Notifications modul](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/rdp_and_ssh_applications/recording_a_session/notifications_1-en.webp) + +NOTE: The reading pane is deactivated in this module by default. It can be activated in the +Original image link: ![Notifications modul](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/clientmodule/applications/rdp_and_ssh_applications/recording_a_session/notifications_1-en.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\passwordsecure\9.2\configuration\advanced_view\mainmenu\user_settings\overview_user_settings\overview_of_all_user_settings.md +Context: +selected version are correspondingly marked in the list. + +![installation_with_parameters_115](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/user_rights/overview_user_rights/installation_with_parameters_115.webp) + +This makes it easier for administrators to correctly configure new options before they release the +Original image link: ![installation_with_parameters_115](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/user_rights/overview_user_rights/installation_with_parameters_115.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\passwordsecure\9.2\configuration\advanced_view\mainmenu\user_settings\user_settings.md +Context: +are not assigned via roles, but via organisational units! + +![installation_with_parameters_112](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/user_rights/installation_with_parameters_112.webp) + +### Inheritance of user settings +Original image link: ![installation_with_parameters_112](/img/product_docs/passwordsecure/9.2/configuration/advanced_view/mainmenu/user_rights/installation_with_parameters_112.webp) +Case: Path alignment mismatch +No suggested images found. diff --git a/static/img/product_docs/platgovnetsuite/skipped-image-links.txt b/static/img/product_docs/platgovnetsuite/skipped-image-links.txt new file mode 100644 index 0000000000..1b7562287c --- /dev/null +++ b/static/img/product_docs/platgovnetsuite/skipped-image-links.txt @@ -0,0 +1,284 @@ + +--- +File: docs\platgovnetsuite\financial_controls\agent_creating_preapproved_change_request.md +Context: +### Status Bar States + +![change_request_bar_not_started](/img/product_docs/platgovnetsuite/change_management/change_request_bar_not_started.webp) + +New Change Request. Click **In Progress** to advance the status. +Original image link: ![change_request_bar_not_started](/img/product_docs/platgovnetsuite/change_management/change_request_bar_not_started.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\platgovnetsuite\financial_controls\agent_creating_preapproved_change_request.md +Context: +New Change Request. Click **In Progress** to advance the status. + +![change_request_bar_inprogress](/img/product_docs/platgovnetsuite/change_management/change_request_bar_inprogress.webp) + +Change Request **In Progress**. +Original image link: ![change_request_bar_inprogress](/img/product_docs/platgovnetsuite/change_management/change_request_bar_inprogress.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\platgovnetsuite\financial_controls\agent_creating_preapproved_change_request.md +Context: +When ready for approval, click **Pending Approval**. + +![change_request_bar_pending](/img/product_docs/platgovnetsuite/change_management/change_request_bar_pending.webp) + +Approvers are notified. +Original image link: ![change_request_bar_pending](/img/product_docs/platgovnetsuite/change_management/change_request_bar_pending.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\platgovnetsuite\financial_controls\agent_creating_preapproved_change_request.md +Context: +Status promoted based on Approvers actions. + +![change_request_bar_approved](/img/product_docs/platgovnetsuite/change_management/change_request_bar_approved.webp) + +Status when all approvers have approved. +Original image link: ![change_request_bar_approved](/img/product_docs/platgovnetsuite/change_management/change_request_bar_approved.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\platgovnetsuite\financial_controls\agent_creating_preapproved_change_request.md +Context: +Can be returned to a previous status or rejected. + +![change_request_bar_approved_partial](/img/product_docs/platgovnetsuite/change_management/change_request_bar_approved_partial.webp) + +Status when Change Request is partially approved. Wait for all approvers to finish. +Original image link: ![change_request_bar_approved_partial](/img/product_docs/platgovnetsuite/change_management/change_request_bar_approved_partial.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\platgovnetsuite\financial_controls\agent_creating_preapproved_change_request.md +Context: +Status when Change Request is partially approved. Wait for all approvers to finish. + +![change_request_bar_approved_override](/img/product_docs/platgovnetsuite/change_management/change_request_bar_approved_override.webp) + +Status when an administrator has approved in place of a specified approver. +Original image link: ![change_request_bar_approved_override](/img/product_docs/platgovnetsuite/change_management/change_request_bar_approved_override.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\platgovnetsuite\financial_controls\agent_creating_preapproved_change_request.md +Context: +**Approval Override by** field displays the approver. + +![change_request_bar_approved_completed](/img/product_docs/platgovnetsuite/change_management/change_request_bar_approved_completed.webp) + +Approved and Completed. +Original image link: ![change_request_bar_approved_completed](/img/product_docs/platgovnetsuite/change_management/change_request_bar_approved_completed.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\platgovnetsuite\financial_controls\agent_creating_preapproved_change_request.md +Context: +Can be returned to a previous status. + +![change_request_bar_approved_canceled](/img/product_docs/platgovnetsuite/change_management/change_request_bar_approved_canceled.webp) + +Approved and Canceled. +Original image link: ![change_request_bar_approved_canceled](/img/product_docs/platgovnetsuite/change_management/change_request_bar_approved_canceled.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\platgovnetsuite\financial_controls\agent_creating_preapproved_change_request.md +Context: +Can be returned to a previous status. + +![change_request_bar_rejected](/img/product_docs/platgovnetsuite/change_management/change_request_bar_rejected.webp) + +Rejected and Completed. +Original image link: ![change_request_bar_rejected](/img/product_docs/platgovnetsuite/change_management/change_request_bar_rejected.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\platgovnetsuite\installing_strongpoint\go_live_faq.md +Context: +helps if you do not have the exact name. + +![custquicksearch](/img/product_docs/platgovnetsuite/customizations/custquicksearch.webp) + +## Prototype Customizations +Original image link: ![custquicksearch](/img/product_docs/platgovnetsuite/customizations/custquicksearch.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\platgovnetsuite\installing_strongpoint\redeploy_scripts_sandbox.md +Context: +3. Set the Filter **Type** to **Suitelet** and the **Bundle ID** to **294336**. + + ![Find the Suitelet](/img/product_docs/platgovnetsuite/release_notes/scripts.webp) + +4. Click **View** by the **Strongpoint Reset Schedule Deployments** suitelet. +Original image link: ![Find the Suitelet](/img/product_docs/platgovnetsuite/release_notes/scripts.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\platgovnetsuite\installing_strongpoint\redeploy_scripts_sandbox.md +Context: +5. Open the **Deployments** tab. + + ![Open the Deployment tab](/img/product_docs/platgovnetsuite/release_notes/script_deploy_tab.webp) + +6. Click the Suitelet name: **Strongpoint Reset Schedule Deployments**. +Original image link: ![Open the Deployment tab](/img/product_docs/platgovnetsuite/release_notes/script_deploy_tab.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\platgovnetsuite\installing_strongpoint\redeploy_scripts_sandbox.md +Context: +7. Click on the Script **URL**. + + ![Click the Script URL](/img/product_docs/platgovnetsuite/release_notes/script_deploy_url.webp) + +Original image link: ![Click the Script URL](/img/product_docs/platgovnetsuite/release_notes/script_deploy_url.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\platgovnetsuite\integrations\jira_integration.md +Context: + Change Requests. + + ![Jira Integration settings with mapped statues](/img/product_docs/platgovnetsuite/release_notes/jira_example_integration.webp) + +7. Check **Allow NS to Jira Push** to enable pushing NetSuite change requests into Jira. +Original image link: ![Jira Integration settings with mapped statues](/img/product_docs/platgovnetsuite/release_notes/jira_example_integration.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\platgovnetsuite\integrations\jira_integration.md +Context: +4. Open your **Projects** page: + + ![Open your Jira Projects page to find Add-ons](/img/product_docs/platgovnetsuite/release_notes/jira_projects_menu.webp) + +5. Expand **Add-ons**. +Original image link: ![Open your Jira Projects page to find Add-ons](/img/product_docs/platgovnetsuite/release_notes/jira_projects_menu.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\platgovnetsuite\integrations\jira_integration.md +Context: +6. Select **Strongpoint Settings**. + + ![Jira Strongpoint Settings](/img/product_docs/platgovnetsuite/release_notes/jira_strongpoint_settings.webp) + +7. Click **New Token Based Authentication** to add your credentials. This needs to be done once for +Original image link: ![Jira Strongpoint Settings](/img/product_docs/platgovnetsuite/release_notes/jira_strongpoint_settings.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\platgovnetsuite\integrations\jira_integration.md +Context: + each of your accounts. + + ![Add tokens for Jira](/img/product_docs/platgovnetsuite/release_notes/jira_add_token.webp) + +8. Enter your credentials and click **Add Token Based Authentication Credential**. +Original image link: ![Add tokens for Jira](/img/product_docs/platgovnetsuite/release_notes/jira_add_token.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\platgovnetsuite\integrations\jira_walkthrough_example.md +Context: + +Once you have logged in, the form is displayed. +![Jira Strongpoint form](/img/product_docs/platgovnetsuite/release_notes/jira_strongpoint_form.webp) + +- **Synchronized with** displays the connected account. Click **Change Account** to switch to a +Original image link: ![Jira Strongpoint form](/img/product_docs/platgovnetsuite/release_notes/jira_strongpoint_form.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\platgovnetsuite\release_notes\netwrix_strongpoint_netsuite_7-1_release_notes.md +Context: + Date** and **Change By** fields. + + ![Refresh Changed By](/img/product_docs/platgovnetsuite/change_management/change_log_refresh.webp) + +- Removed extraneous Customization record link in Search Clean Up notification emails. +Original image link: ![Refresh Changed By](/img/product_docs/platgovnetsuite/change_management/change_log_refresh.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\platgovnetsuite\uar\uar_additional_reviewer\add_reviewer_membership_reviews.md +Context: + If the Change Request is rejected (**CR Rejected status**) or canceled (**CR Cancelled**), the + user row is returned to a pending state and can then be reviewed again. + ![Remove a user from a role](/img/product_docs/platgovnetsuite/uar/uar_owner/remove_user_from_role.webp) + If + the Change Request is rejected (**CR Rejected status**) or canceled (**CR Cancelled**), the user +Original image link: ![Remove a user from a role](/img/product_docs/platgovnetsuite/uar/uar_owner/remove_user_from_role.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\platgovnetsuite\uar\uar_additional_reviewer\add_reviewer_membership_reviews.md +Context: +**Export** the notes as a CSV or PDF file. + +![Open the Review Notes tab](/img/product_docs/platgovnetsuite/uar/uar_owner/review_notes_tab.webp) + +The notes have the following fields: +Original image link: ![Open the Review Notes tab](/img/product_docs/platgovnetsuite/uar/uar_owner/review_notes_tab.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\platgovnetsuite\uar\uar_additional_reviewer\add_reviewer_uar_list.md +Context: +showing all of the single reviews associated with the global review. + +![Review list of associated single reviews under a global review](/img/product_docs/platgovnetsuite/uar/uar_owner/review_list.webp) + +- **Export** exports the list of selected reviews as either a **CSV** or **PDF** file. The exported +Original image link: ![Review list of associated single reviews under a global review](/img/product_docs/platgovnetsuite/uar/uar_owner/review_list.webp) +Case: Path alignment mismatch +No suggested images found. diff --git a/static/img/product_docs/platgovsalesforce/skipped-image-links.txt b/static/img/product_docs/platgovsalesforce/skipped-image-links.txt new file mode 100644 index 0000000000..c04fab7557 --- /dev/null +++ b/static/img/product_docs/platgovsalesforce/skipped-image-links.txt @@ -0,0 +1,179 @@ + +--- +File: docs\platgovsalesforce\change_management\resolving_noncompliant_changes.md +Context: +can filter the report or sort by the column heads. + +![Non-Compliant Change Management Report](/img/product_docs/platgovnetsuite/change_management/changelog-1.webp) + +A noncompliant change means something got changed without the required approvals. Open each change +Original image link: ![Non-Compliant Change Management Report](/img/product_docs/platgovnetsuite/change_management/changelog-1.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\platgovsalesforce\change_management\setting_up_policies.md +Context: +2. Click **Add Customizations**. + + ![Add customizations](/img/product_docs/platgovnetsuite/change_management/policy_add_customizations.webp) + +3. Select a **Metadata Type** to filter the list. +Original image link: ![Add customizations](/img/product_docs/platgovnetsuite/change_management/policy_add_customizations.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\platgovsalesforce\change_management\set_up_data_tracking.md +Context: +5. Enter **(Data Records** in the Search Customization box. + + ![Select the customizations](/img/product_docs/platgovnetsuite/change_management/policy_add_customizations.webp) + +6. Select the customization to add. Use Shift-click (contiguous items) or Ctrl-click to select +Original image link: ![Select the customizations](/img/product_docs/platgovnetsuite/change_management/policy_add_customizations.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\platgovsalesforce\change_management\using_change_logs.md +Context: +Select a report, such as **What Changed** to see a list of Change Logs. + +![changelog-1](/img/product_docs/platgovnetsuite/change_management/changelog-1.webp) + +Here is an example change log for a **Profile** Metadata type. +Original image link: ![changelog-1](/img/product_docs/platgovnetsuite/change_management/changelog-1.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\platgovsalesforce\installing_strongpoint\config_and_stats.md +Context: +2. Open the **Jira Configuration** tab. It opens on the **Credentials** tab. + + ![Open the credentials](/img/product_docs/platgovsalesforce/integrations/jira_sp_credentials.webp) + +3. Enter your credentials: +Original image link: ![Open the credentials](/img/product_docs/platgovsalesforce/integrations/jira_sp_credentials.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\platgovsalesforce\installing_strongpoint\config_and_stats.md +Context: +3. Open the **Status Mapping** tab. + + ![Set up the Jira status mappings for Change Request status](/img/product_docs/platgovsalesforce/integrations/jira_status_settings.webp) + +4. Enter the mappings between your Jira statuses and the Change Request statuses. You must define +Original image link: ![Set up the Jira status mappings for Change Request status](/img/product_docs/platgovsalesforce/integrations/jira_status_settings.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\platgovsalesforce\installing_strongpoint\installing_strongpoint.md +Context: +7. Set **Selected OAuth Scopes** to **Full access (full)** + + ![Setting for Connected App](/img/product_docs/platgovsalesforce/integrations/connected_app.webp) + + **The Require Proof Key for Code Exchange (PKCE) Extension for Supported Authorization Flows** +Original image link: ![Setting for Connected App](/img/product_docs/platgovsalesforce/integrations/connected_app.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\platgovsalesforce\installing_strongpoint\validating_data.md +Context: +3. Click on a field and validate the data. + +![entity_diagram](/img/product_docs/platgovsalesforce/tools/entity_diagram.webp) + +## Customization Quick Search +Original image link: ![entity_diagram](/img/product_docs/platgovsalesforce/tools/entity_diagram.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\platgovsalesforce\installing_strongpoint\validating_data.md +Context: +3. Click on the **Customization** and validate the data. + +![custquicksearch](/img/product_docs/platgovnetsuite/customizations/custquicksearch.webp) + +Original image link: ![custquicksearch](/img/product_docs/platgovnetsuite/customizations/custquicksearch.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\platgovsalesforce\integrations\jira_upload_addon_not_showing.md +Context: +3. Click **Enable development mode** + +![Jira Enable Development Mode](/img/product_docs/platgovnetsuite/integrations/jira_enable_dev_mode.webp) + +Original image link: ![Jira Enable Development Mode](/img/product_docs/platgovnetsuite/integrations/jira_enable_dev_mode.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\platgovsalesforce\integrations\jira_walkthrough_example.md +Context: +3. Click **Create** (**+**). + + ![Create a Jira ticket](/img/product_docs/platgovnetsuite/integrations/jira_example_create_issue.webp) + +4. Enter your information on the **Create issue** form: +Original image link: ![Create a Jira ticket](/img/product_docs/platgovnetsuite/integrations/jira_example_create_issue.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\platgovsalesforce\integrations\jira_walkthrough_example.md +Context: + Proposed Customizations** are added to the **Proposed Customizations** list. You can delete added + Customizations with the + ![delete](/img/product_docs/platgovnetsuite/integrations/delete.webp) icon. +- **View DRD** and **Impact Analysis** are tools to Perform Risk Assessment. +- **Push** creates the Change Request in Salesforce. **Push** is also used to manually update your +Original image link: ![delete](/img/product_docs/platgovnetsuite/integrations/delete.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\platgovsalesforce\integrations\jira_walkthrough_example.md +Context: +Safely Deleted or Modified** tab: + +![Impact analysis report](/img/product_docs/platgovnetsuite/integrations/jira_example_impact_analysis.webp) + +Before proceeding with your changes, review each warning to ensure your change does not break +Original image link: ![Impact analysis report](/img/product_docs/platgovnetsuite/integrations/jira_example_impact_analysis.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\platgovsalesforce\scanners\scheduler.md +Context: + All categories are initially disabled by default. + + ![scheduler](/img/product_docs/platgovsalesforce/clean_up/scheduler.webp) + +2. Select the category to automate by clicking on **Disabled** to enable it. There is no save +Original image link: ![scheduler](/img/product_docs/platgovsalesforce/clean_up/scheduler.webp) +Case: Path alignment mismatch +No suggested images found. diff --git a/static/img/product_docs/platgovsalesforceflashlight/skipped-image-links.txt b/static/img/product_docs/platgovsalesforceflashlight/skipped-image-links.txt new file mode 100644 index 0000000000..240e4ae37b --- /dev/null +++ b/static/img/product_docs/platgovsalesforceflashlight/skipped-image-links.txt @@ -0,0 +1,246 @@ + +--- +File: docs\platgovsalesforceflashlight\clean_up\date_last_used.md +Context: +2. Expand **Custom Code** +3. Select **Custom Metadata Types** + ![Open Custom Metadata Types](/img/product_docs/platgovsalesforce/clean_up/custom_metadata_types.webp) +4. Click **Manage Records** by **Strongpoint DLU Parameter**. + ![Click Manage Records to open the record](/img/product_docs/platgovsalesforce/clean_up/custom_metadata_types_dlu_exp.webp) +Original image link: ![Open Custom Metadata Types](/img/product_docs/platgovsalesforce/clean_up/custom_metadata_types.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\platgovsalesforceflashlight\clean_up\date_last_used.md +Context: + ![Open Custom Metadata Types](/img/product_docs/platgovsalesforce/clean_up/custom_metadata_types.webp) +4. Click **Manage Records** by **Strongpoint DLU Parameter**. + ![Click Manage Records to open the record](/img/product_docs/platgovsalesforce/clean_up/custom_metadata_types_dlu_exp.webp) +5. Click **Edit** by **DLU Expiration**. + ![Edit the parameters](/img/product_docs/platgovsalesforce/clean_up/custom_metadata_types_dlu_para.webp) +Original image link: ![Click Manage Records to open the record](/img/product_docs/platgovsalesforce/clean_up/custom_metadata_types_dlu_exp.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\platgovsalesforceflashlight\clean_up\date_last_used.md +Context: + ![Click Manage Records to open the record](/img/product_docs/platgovsalesforce/clean_up/custom_metadata_types_dlu_exp.webp) +5. Click **Edit** by **DLU Expiration**. + ![Edit the parameters](/img/product_docs/platgovsalesforce/clean_up/custom_metadata_types_dlu_para.webp) +6. Set the **DLU Expiration (Months)**. The default is three. +7. Click **Save**. +Original image link: ![Edit the parameters](/img/product_docs/platgovsalesforce/clean_up/custom_metadata_types_dlu_para.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\platgovsalesforceflashlight\clean_up\date_last_used.md +Context: +to users. + +![scheduler](/img/product_docs/platgovsalesforce/clean_up/scheduler.webp) + +Once the scheduler has been set up, you can view the DLU under the **Metadata** tab on the +Original image link: ![scheduler](/img/product_docs/platgovsalesforce/clean_up/scheduler.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\platgovsalesforceflashlight\getting_started\dashboard.md +Context: +Links to key resources to help you learn to use Flashlight. + +![Resources](/img/product_docs/platgovnetsuiteflashlight/getting_started/resources.webp) + +## Key Tools +Original image link: ![Resources](/img/product_docs/platgovnetsuiteflashlight/getting_started/resources.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\platgovsalesforceflashlight\getting_started\dashboard.md +Context: +Links to useful Flashlight tools to give you more value out of your documentation. + +![Key Tools](/img/product_docs/platgovnetsuiteflashlight/getting_started/key_tools.webp) + +- **DRD**: Explore your customizations with Flashlight’s visual DRD and understand how +Original image link: ![Key Tools](/img/product_docs/platgovnetsuiteflashlight/getting_started/key_tools.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\platgovsalesforceflashlight\getting_started\scheduler.md +Context: + +1. Open **Flashlight** > **Support** > **Scheduler** + ![scheduler](/img/product_docs/platgovsalesforce/clean_up/scheduler.webp)2. + Toggle **Enabled**/**Disabled**by the category. Your selections are automatically saved. +2. Select the **Frequency** , **Day** and **Time**. Your selections are automatically saved. +Original image link: ![scheduler](/img/product_docs/platgovsalesforce/clean_up/scheduler.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\platgovsalesforceflashlight\tools\export_objects.md +Context: + the **Selected Objects** list, select it and click the left arrow. +5. Select the **Settings to be exported**. + ![export_object_settings](/img/product_docs/platgovsalesforce/tools/export_object_settings.webp) +6. Optional: Select one or more profiles to be included for more security + information.![export_object_profiles_800x685](/img/product_docs/platgovsalesforceflashlight/tools/export_object_profiles_800x685.webp) +Original image link: ![export_object_settings](/img/product_docs/platgovsalesforce/tools/export_object_settings.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\platgovsalesforceflashlight\tools\export_objects.md +Context: +file is in XML instead of the Excel format. Click **Yes** to load the file. + +![Excel error message - Click Yes to continue.](/img/product_docs/platgovsalesforce/tools/export_excel_error_msg.webp) + +The _ObjectExport.xls_ file contains a **Summary** tab and a separate tab for each selected object. +Original image link: ![Excel error message - Click Yes to continue.](/img/product_docs/platgovsalesforce/tools/export_excel_error_msg.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\platgovsalesforceflashlight\tools\export_objects.md +Context: +The **Summary** tab shows who created the export, the creation date and time, list of selected +objects, and lists of any selected optional Profiles and Permission Sets. +![export_object_summary](/img/product_docs/platgovsalesforce/tools/export_object_summary.webp) + +The **Object** tabs contain all of the requested information for each +Original image link: ![export_object_summary](/img/product_docs/platgovsalesforce/tools/export_object_summary.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\platgovsalesforceflashlight\tools\export_object_attachment_records.md +Context: +2. Select **Export Object Attachments**. + +![Export Object Attachments list](/img/product_docs/platgovsalesforce/tools/export_object_attach_record_list.webp) + +### Add the **Export Object Attachments** Tab +Original image link: ![Export Object Attachments list](/img/product_docs/platgovsalesforce/tools/export_object_attach_record_list.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\platgovsalesforceflashlight\tools\export_object_attachment_records.md +Context: +3. Select **Export Object Attachments** from the **Available Tabs** and add it to the **Selected + Tabs**. + ![Add Export Object Attachments to your menu bar in Classic view](/img/product_docs/platgovsalesforce/tools/export_object_attach_record_tab_classic.webp) +4. Click **Save**. + +Original image link: ![Add Export Object Attachments to your menu bar in Classic view](/img/product_docs/platgovsalesforce/tools/export_object_attach_record_tab_classic.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\platgovsalesforceflashlight\tools\export_object_attachment_records.md +Context: +3. Select **Export Object Attachments** from the **Available Tabs** and add it to the **Selected + Tabs**. + ![Add Export Object Attachments tab to your menu bar in Lightning](/img/product_docs/platgovsalesforce/tools/export_object_attach_record_tab_lightning.webp) +4. Click **Save**. + +Original image link: ![Add Export Object Attachments tab to your menu bar in Lightning](/img/product_docs/platgovsalesforce/tools/export_object_attach_record_tab_lightning.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\platgovsalesforceflashlight\tools\export_profiles.md +Context: + the **Selected Profiles** list, select it and click the left arrow. +6. Select the **Settings to be exported**. + ![export_profile_ui_settings](/img/product_docs/platgovsalesforce/tools/export_profile_ui_settings.webp) +7. Click **Test Connection**. +8. Click **Download XLS**. The file _ProfileExport.xls_ is created. +Original image link: ![export_profile_ui_settings](/img/product_docs/platgovsalesforce/tools/export_profile_ui_settings.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\platgovsalesforceflashlight\tools\export_profiles.md +Context: +file is in XML instead of the Excel format. Click **Yes** to load the file. + +![Excel error message - Click Yes to continue.](/img/product_docs/platgovsalesforce/tools/export_excel_error_msg.webp) + +The _ProfilesExport.xls_ file contains a **Summary** tab and a separate tab for each selected +Original image link: ![Excel error message - Click Yes to continue.](/img/product_docs/platgovsalesforce/tools/export_excel_error_msg.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\platgovsalesforceflashlight\tools\export_profiles.md +Context: +The **Summary** tab shows who created the export, the creation date and time, and the list of +selected profiles. +![export_profile_summary](/img/product_docs/platgovsalesforce/tools/export_profile_summary.webp) + +The **Profile** tabs contain all of the requested information for each profile. +Original image link: ![export_profile_summary](/img/product_docs/platgovsalesforce/tools/export_profile_summary.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\platgovsalesforceflashlight\tools\export_users.md +Context: + the **Selected Users** list, select it and click the left arrow. +6. Select the **Settings to be exported**. + ![export_users_settings](/img/product_docs/platgovsalesforce/tools/export_users_settings.webp) +7. Click **Download XLS**. The file _UserExport.xls_ is created. + +Original image link: ![export_users_settings](/img/product_docs/platgovsalesforce/tools/export_users_settings.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\platgovsalesforceflashlight\tools\export_users.md +Context: +is in XML instead of the Excel format. Click **Yes** to load the file. + +![Excel error message - Click Yes to continue.](/img/product_docs/platgovsalesforce/tools/export_excel_error_msg.webp) + +The _UserExport.xls_ file contains a **Summary** tab and a separate tab for each selected user. +Original image link: ![Excel error message - Click Yes to continue.](/img/product_docs/platgovsalesforce/tools/export_excel_error_msg.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\platgovsalesforceflashlight\tools\running_scanner.md +Context: +3. You can select several types to scan or you can scan the whole environment by clicking the **+** + by **Name** to select all the types. + ![scanner](/img/product_docs/platgovsalesforce/installing_strongpoint/scanner.webp)4. + Click **Run Scanner**. +4. The batch runs in the background. You receive an email notification when the scan is complete. +Original image link: ![scanner](/img/product_docs/platgovsalesforce/installing_strongpoint/scanner.webp) +Case: Product folder mismatch +No suggested images found. diff --git a/static/img/product_docs/privilegesecure/4.1/skipped-image-links.txt b/static/img/product_docs/privilegesecure/4.1/skipped-image-links.txt new file mode 100644 index 0000000000..132e1adab6 --- /dev/null +++ b/static/img/product_docs/privilegesecure/4.1/skipped-image-links.txt @@ -0,0 +1,1533 @@ + +--- +File: docs\privilegesecure\4.1\accessmanagement\admin\access\createsession.md +Context: +**Step 1 –** Select an **Activity** to expand the session ribbon. + +![myactivityuser](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/access/myactivityuser.webp) + +**Step 2 –** Click **Create Session** to start a new activity session. +Original image link: ![myactivityuser](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/access/myactivityuser.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.1\accessmanagement\admin\access\createsession.md +Context: + activity sessions. + +![configuresessionuser](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/access/configuresessionuser.webp) + +**Step 3 –** Enter the following information: +Original image link: ![configuresessionuser](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/access/configuresessionuser.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.1\accessmanagement\admin\access\createsession.md +Context: +- Click **Start Session** to start the provisioning process. + +![startsessionuser](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/access/startsessionuser.webp) + +**NOTE:** If an approval is required, the Waiting for approval message will display until it has +Original image link: ![startsessionuser](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/access/startsessionuser.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.1\accessmanagement\admin\access\createsession.md +Context: +been granted. + +![stopsession](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/access/stopsession.webp) + +**Step 4 –** When provisioned, an activity session will display an Available status with a green +Original image link: ![stopsession](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/access/stopsession.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.1\accessmanagement\admin\dashboard\createsession.md +Context: +**Step 2 –** In the Active Session table, click Create Session to open the Activity Request window. + +![Create Activity Session Interface](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/dashboard/createsessionuser.webp) + +**Step 3 –** On the Request Type page, enter the following information: +Original image link: ![Create Activity Session Interface](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/dashboard/createsessionuser.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.1\accessmanagement\admin\dashboard\createsession.md +Context: +**Step 4 –** Click Next to go to the Resource Selection page. + +![Create Session window Resource Selection](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/dashboard/createsessionresourceselection.webp) + +**Step 5 –** On the Resource Selection page, enter the following information: +Original image link: ![Create Session window Resource Selection](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/dashboard/createsessionresourceselection.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.1\accessmanagement\admin\dashboard\createsession.md +Context: +**Step 6 –** Click **Next** to go to the Notes page. + +![Create Session Notes Page](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/dashboard/createsessionnotes.webp) + +**Step 7 –** On the Notes page, enter the following information: +Original image link: ![Create Session Notes Page](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/dashboard/createsessionnotes.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.1\accessmanagement\admin\dashboard\createsession.md +Context: +**Step 8 –** Click Next to go to the Scheduling page. + +![Create Session Schedule Page](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/dashboard/createsessionscheduling.webp) + +**Step 9 –** On the Scheduling page, enter the following information: +Original image link: ![Create Session Schedule Page](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/dashboard/createsessionscheduling.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.1\accessmanagement\admin\dashboard\createsession.md +Context: +**Step 10 –** Click Next to go to the Review page. + +![Create Session Review Page](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/dashboard/createsessionreview.webp) + +**Step 11 –** On the Review page, review the summary of the new session. +Original image link: ![Create Session Review Page](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/dashboard/createsessionreview.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.1\accessmanagement\admin\dashboard\startsession.md +Context: +time is 5 minutes or less. + +![Extend Activity Session](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/dashboard/extendsession.webp) + +For RDP, a pop-up message is displayed in the session window. +Original image link: ![Extend Activity Session](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/dashboard/extendsession.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.1\accessmanagement\admin\dashboard\startsession.md +Context: +For RDP, a pop-up message is displayed in the session window. + +![extendsessionssh](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/dashboard/extendsessionssh.webp) + +For SSH the user can extend by typing **Ctrl+X** when prompted. +Original image link: ![extendsessionssh](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/dashboard/extendsessionssh.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.1\accessmanagement\admin\dashboard\window\sessionlogs.md +Context: +Active dashboard and click the View Logs button to open the Session Logs window. + +![Session Logs Window](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/dashboard/window/sessionlogs.webp) + +The window has the following features: +Original image link: ![Session Logs Window](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/dashboard/window/sessionlogs.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.1\accessmanagement\admin\login.md +Context: +Wizard. If required, first time users must register with an MFA to use with their login credentials. + +![Default Login](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/defaultloginuser.webp) + +**Step 2 –** Either click the default authentication connector button, or click **Log In with a +Original image link: ![Default Login](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/defaultloginuser.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.1\accessmanagement\admin\login.md +Context: +Privilege Secure. + +![Alternate Login](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/alternatelogin.webp) + +**Step 3 –** Login to the Privilege Secure Console with a configured authentication connector, or +Original image link: ![Alternate Login](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/alternatelogin.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.1\accessmanagement\admin\login.md +Context: +**Step 5 –** Enter the code provided by the registered multi-factor authenticator (MFA). + +![Multi Factor Authentication Login](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/mfalogin.webp) + +**Step 6 –** Click MFA Login. The Privilege Secure Console opens on the Dashboard Interface. +Original image link: ![Multi Factor Authentication Login](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/mfalogin.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.1\accessmanagement\admin\login.md +Context: +**Step 6 –** Click MFA Login. The Privilege Secure Console opens on the Dashboard Interface. + +![Dashboard Interface](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/activedashboarduser.webp) + +The Privilege Secure Console is ready to use. Note that the option to view the recovery codes is no +Original image link: ![Dashboard Interface](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/activedashboarduser.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.1\accessmanagement\admin\navigation.md +Context: +| Icon | Interface | +| ---------------------------------------------------------------------------------------------------------------------------- | ------------------- | +| ![myactivities](/img/product_docs/privilegesecure/4.1/accessmanagement/install/myactivities.webp) | My Activities | +| ![dashboard](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/dashboard.webp) | Dashboard | +| ![policy](/img/product_docs/threatprevention/7.4/admin/configuration/databasemaintenance/policy.webp) | Policy | +Original image link: ![myactivities](/img/product_docs/privilegesecure/4.1/accessmanagement/install/myactivities.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.1\accessmanagement\admin\navigation.md +Context: +| ---------------------------------------------------------------------------------------------------------------------------- | ------------------- | +| ![myactivities](/img/product_docs/privilegesecure/4.1/accessmanagement/install/myactivities.webp) | My Activities | +| ![dashboard](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/dashboard.webp) | Dashboard | +| ![policy](/img/product_docs/threatprevention/7.4/admin/configuration/databasemaintenance/policy.webp) | Policy | +| ![users](/img/product_docs/activitymonitor/7.1/admin/monitoreddomains/admonitoringconfiguration/users.webp) | Users & Groups | +Original image link: ![dashboard](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/dashboard.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.1\accessmanagement\admin\navigation.md +Context: +| ![myactivities](/img/product_docs/privilegesecure/4.1/accessmanagement/install/myactivities.webp) | My Activities | +| ![dashboard](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/dashboard.webp) | Dashboard | +| ![policy](/img/product_docs/threatprevention/7.4/admin/configuration/databasemaintenance/policy.webp) | Policy | +| ![users](/img/product_docs/activitymonitor/7.1/admin/monitoreddomains/admonitoringconfiguration/users.webp) | Users & Groups | +| ![resources](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/resources.webp) | Resources | +Original image link: ![policy](/img/product_docs/threatprevention/7.4/admin/configuration/databasemaintenance/policy.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.1\accessmanagement\admin\navigation.md +Context: +| ![dashboard](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/dashboard.webp) | Dashboard | +| ![policy](/img/product_docs/threatprevention/7.4/admin/configuration/databasemaintenance/policy.webp) | Policy | +| ![users](/img/product_docs/activitymonitor/7.1/admin/monitoreddomains/admonitoringconfiguration/users.webp) | Users & Groups | +| ![resources](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/resources.webp) | Resources | +| ![credentials](/img/product_docs/activitymonitor/7.1/install/agent/credentials.webp) | Credentials | +Original image link: ![users](/img/product_docs/activitymonitor/7.1/admin/monitoreddomains/admonitoringconfiguration/users.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.1\accessmanagement\admin\navigation.md +Context: +| ![policy](/img/product_docs/threatprevention/7.4/admin/configuration/databasemaintenance/policy.webp) | Policy | +| ![users](/img/product_docs/activitymonitor/7.1/admin/monitoreddomains/admonitoringconfiguration/users.webp) | Users & Groups | +| ![resources](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/resources.webp) | Resources | +| ![credentials](/img/product_docs/activitymonitor/7.1/install/agent/credentials.webp) | Credentials | +| ![activities](/img/product_docs/accessanalyzer/11.6/admin/hostdiscovery/activities.webp) | Activities | +Original image link: ![resources](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/resources.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.1\accessmanagement\admin\navigation.md +Context: +| ![users](/img/product_docs/activitymonitor/7.1/admin/monitoreddomains/admonitoringconfiguration/users.webp) | Users & Groups | +| ![resources](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/resources.webp) | Resources | +| ![credentials](/img/product_docs/activitymonitor/7.1/install/agent/credentials.webp) | Credentials | +| ![activities](/img/product_docs/accessanalyzer/11.6/admin/hostdiscovery/activities.webp) | Activities | +| ![configuration](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/configuration.webp) | Configuration | +Original image link: ![credentials](/img/product_docs/activitymonitor/7.1/install/agent/credentials.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.1\accessmanagement\admin\navigation.md +Context: +| ![resources](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/resources.webp) | Resources | +| ![credentials](/img/product_docs/activitymonitor/7.1/install/agent/credentials.webp) | Credentials | +| ![activities](/img/product_docs/accessanalyzer/11.6/admin/hostdiscovery/activities.webp) | Activities | +| ![configuration](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/configuration.webp) | Configuration | +| ![servicenodes](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/servicenodes.webp) | Service Nodes | +Original image link: ![activities](/img/product_docs/accessanalyzer/11.6/admin/hostdiscovery/activities.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.1\accessmanagement\admin\navigation.md +Context: +| ![credentials](/img/product_docs/activitymonitor/7.1/install/agent/credentials.webp) | Credentials | +| ![activities](/img/product_docs/accessanalyzer/11.6/admin/hostdiscovery/activities.webp) | Activities | +| ![configuration](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/configuration.webp) | Configuration | +| ![servicenodes](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/servicenodes.webp) | Service Nodes | +| ![auditreporting](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/auditreporting.webp) | Audit and Reporting | +Original image link: ![configuration](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/configuration.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.1\accessmanagement\admin\navigation.md +Context: +| ![activities](/img/product_docs/accessanalyzer/11.6/admin/hostdiscovery/activities.webp) | Activities | +| ![configuration](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/configuration.webp) | Configuration | +| ![servicenodes](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/servicenodes.webp) | Service Nodes | +| ![auditreporting](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/auditreporting.webp) | Audit and Reporting | + +Original image link: ![servicenodes](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/servicenodes.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.1\accessmanagement\admin\navigation.md +Context: +| ![configuration](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/configuration.webp) | Configuration | +| ![servicenodes](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/servicenodes.webp) | Service Nodes | +| ![auditreporting](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/auditreporting.webp) | Audit and Reporting | + +Dashboard Icons +Original image link: ![auditreporting](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/auditreporting.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.1\accessmanagement\admin\navigation.md +Context: +| Icon | Session Data | +| ---------------------------------------------------------------------------------------------------------------------------------- | ------------------- | +| ![activedashboard](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/activedashboard.webp) | Active Sessions | +| ![scheduleddashboard](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/scheduleddashboard.webp) | Scheduled Sessions | +| ![approvalsdashboard](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/approvalsdashboard.webp) | Approvals | +Original image link: ![activedashboard](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/activedashboard.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.1\accessmanagement\admin\navigation.md +Context: +| ---------------------------------------------------------------------------------------------------------------------------------- | ------------------- | +| ![activedashboard](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/activedashboard.webp) | Active Sessions | +| ![scheduleddashboard](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/scheduleddashboard.webp) | Scheduled Sessions | +| ![approvalsdashboard](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/approvalsdashboard.webp) | Approvals | +| ![historicaldashboard](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/historicaldashboard.webp) | Historical Sessions | +Original image link: ![scheduleddashboard](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/scheduleddashboard.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.1\accessmanagement\admin\navigation.md +Context: +| ![activedashboard](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/activedashboard.webp) | Active Sessions | +| ![scheduleddashboard](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/scheduleddashboard.webp) | Scheduled Sessions | +| ![approvalsdashboard](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/approvalsdashboard.webp) | Approvals | +| ![historicaldashboard](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/historicaldashboard.webp) | Historical Sessions | +| ![usersdasshboard](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/usersdasshboard.webp) | User Activity | +Original image link: ![approvalsdashboard](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/approvalsdashboard.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.1\accessmanagement\admin\navigation.md +Context: +| ![scheduleddashboard](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/scheduleddashboard.webp) | Scheduled Sessions | +| ![approvalsdashboard](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/approvalsdashboard.webp) | Approvals | +| ![historicaldashboard](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/historicaldashboard.webp) | Historical Sessions | +| ![usersdasshboard](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/usersdasshboard.webp) | User Activity | +| ![resourcesdashboard](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/resourcesdashboard.webp) | Resources | +Original image link: ![historicaldashboard](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/historicaldashboard.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.1\accessmanagement\admin\navigation.md +Context: +| ![approvalsdashboard](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/approvalsdashboard.webp) | Approvals | +| ![historicaldashboard](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/historicaldashboard.webp) | Historical Sessions | +| ![usersdasshboard](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/usersdasshboard.webp) | User Activity | +| ![resourcesdashboard](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/resourcesdashboard.webp) | Resources | +| ![credentialsdashboard](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/credentialsdashboard.webp) | Credentials | +Original image link: ![usersdasshboard](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/usersdasshboard.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.1\accessmanagement\admin\navigation.md +Context: +| ![historicaldashboard](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/historicaldashboard.webp) | Historical Sessions | +| ![usersdasshboard](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/usersdasshboard.webp) | User Activity | +| ![resourcesdashboard](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/resourcesdashboard.webp) | Resources | +| ![credentialsdashboard](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/credentialsdashboard.webp) | Credentials | + +Original image link: ![resourcesdashboard](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/resourcesdashboard.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.1\accessmanagement\admin\navigation.md +Context: +| ![usersdasshboard](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/usersdasshboard.webp) | User Activity | +| ![resourcesdashboard](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/resourcesdashboard.webp) | Resources | +| ![credentialsdashboard](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/credentialsdashboard.webp) | Credentials | + +Active Directory Icons +Original image link: ![credentialsdashboard](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/credentialsdashboard.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.1\accessmanagement\admin\navigation.md +Context: +| Icon | Object | +| ------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------------- | +| ![chapter_1_stealthbits_privileged_12](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_12.webp) | User | +| ![chapter_1_stealthbits_privileged_13](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_13.webp) | Group | +| ![chapter_1_stealthbits_privileged_15](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.5.webp) | Application | +Original image link: ![chapter_1_stealthbits_privileged_12](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_12.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.1\accessmanagement\admin\navigation.md +Context: +| ------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------------- | +| ![chapter_1_stealthbits_privileged_12](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_12.webp) | User | +| ![chapter_1_stealthbits_privileged_13](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_13.webp) | Group | +| ![chapter_1_stealthbits_privileged_15](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.5.webp) | Application | +| ![Collectionsicon](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/collectionsicon.webp) | Collection | +Original image link: ![chapter_1_stealthbits_privileged_13](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_13.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.1\accessmanagement\admin\navigation.md +Context: +| ![chapter_1_stealthbits_privileged_12](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_12.webp) | User | +| ![chapter_1_stealthbits_privileged_13](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_13.webp) | Group | +| ![chapter_1_stealthbits_privileged_15](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.5.webp) | Application | +| ![Collectionsicon](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/collectionsicon.webp) | Collection | +| ![Custom Role](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/customroleicon.webp) | Custom Role | +Original image link: ![chapter_1_stealthbits_privileged_15](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.5.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.1\accessmanagement\admin\navigation.md +Context: +| ![chapter_1_stealthbits_privileged_13](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_13.webp) | Group | +| ![chapter_1_stealthbits_privileged_15](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.5.webp) | Application | +| ![Collectionsicon](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/collectionsicon.webp) | Collection | +| ![Custom Role](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/customroleicon.webp) | Custom Role | +| ![Domain icon](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.6.webp) | Computer / Resource | +Original image link: ![Collectionsicon](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/collectionsicon.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.1\accessmanagement\admin\navigation.md +Context: +| ![chapter_1_stealthbits_privileged_15](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.5.webp) | Application | +| ![Collectionsicon](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/collectionsicon.webp) | Collection | +| ![Custom Role](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/customroleicon.webp) | Custom Role | +| ![Domain icon](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.6.webp) | Computer / Resource | +| ![chapter_1_stealthbits_privileged_15](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.webp) | Domain | +Original image link: ![Custom Role](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/customroleicon.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.1\accessmanagement\admin\navigation.md +Context: +| ![Collectionsicon](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/collectionsicon.webp) | Collection | +| ![Custom Role](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/customroleicon.webp) | Custom Role | +| ![Domain icon](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.6.webp) | Computer / Resource | +| ![chapter_1_stealthbits_privileged_15](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.webp) | Domain | +| ![Website icon](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.7.webp) | Website | +Original image link: ![Domain icon](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.6.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.1\accessmanagement\admin\navigation.md +Context: +| ![Custom Role](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/customroleicon.webp) | Custom Role | +| ![Domain icon](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.6.webp) | Computer / Resource | +| ![chapter_1_stealthbits_privileged_15](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.webp) | Domain | +| ![Website icon](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.7.webp) | Website | +| ![AzureAD icon](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.8.webp) | Azure AD | +Original image link: ![chapter_1_stealthbits_privileged_15](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.1\accessmanagement\admin\navigation.md +Context: +| ![Domain icon](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.6.webp) | Computer / Resource | +| ![chapter_1_stealthbits_privileged_15](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.webp) | Domain | +| ![Website icon](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.7.webp) | Website | +| ![AzureAD icon](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.8.webp) | Azure AD | +| ![Secret Vault icon](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.9.webp) | Secret Vault | +Original image link: ![Website icon](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.7.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.1\accessmanagement\admin\navigation.md +Context: +| ![chapter_1_stealthbits_privileged_15](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.webp) | Domain | +| ![Website icon](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.7.webp) | Website | +| ![AzureAD icon](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.8.webp) | Azure AD | +| ![Secret Vault icon](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.9.webp) | Secret Vault | +| ![Cisco icon](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.4.webp) | Cisco | +Original image link: ![AzureAD icon](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.8.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.1\accessmanagement\admin\navigation.md +Context: +| ![Website icon](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.7.webp) | Website | +| ![AzureAD icon](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.8.webp) | Azure AD | +| ![Secret Vault icon](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.9.webp) | Secret Vault | +| ![Cisco icon](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.4.webp) | Cisco | +| ![Windows icon](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.3.webp) | Windows | +Original image link: ![Secret Vault icon](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.9.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.1\accessmanagement\admin\navigation.md +Context: +| ![AzureAD icon](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.8.webp) | Azure AD | +| ![Secret Vault icon](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.9.webp) | Secret Vault | +| ![Cisco icon](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.4.webp) | Cisco | +| ![Windows icon](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.3.webp) | Windows | + +Original image link: ![Cisco icon](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.4.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.1\accessmanagement\admin\navigation.md +Context: +| ![Secret Vault icon](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.9.webp) | Secret Vault | +| ![Cisco icon](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.4.webp) | Cisco | +| ![Windows icon](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.3.webp) | Windows | + +Action Icons +Original image link: ![Windows icon](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.3.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.1\accessmanagement\admin\navigation.md +Context: +| Icon | Information | +| ---------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------- | +| ![chapter_1_stealthbits_privileged_23](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_23.webp) | Complete / Information | +| ![chapter_1_stealthbits_privileged_24](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_24.webp) | Warning | +| ![chapter_1_stealthbits_privileged_25](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_25.webp) | Failed / Error | +Original image link: ![chapter_1_stealthbits_privileged_23](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_23.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.1\accessmanagement\admin\navigation.md +Context: +| ---------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------- | +| ![chapter_1_stealthbits_privileged_23](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_23.webp) | Complete / Information | +| ![chapter_1_stealthbits_privileged_24](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_24.webp) | Warning | +| ![chapter_1_stealthbits_privileged_25](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_25.webp) | Failed / Error | +| ![chapter_1_stealthbits_privileged_26](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_26.webp) | Active Sessions | +Original image link: ![chapter_1_stealthbits_privileged_24](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_24.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.1\accessmanagement\admin\navigation.md +Context: +| ![chapter_1_stealthbits_privileged_23](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_23.webp) | Complete / Information | +| ![chapter_1_stealthbits_privileged_24](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_24.webp) | Warning | +| ![chapter_1_stealthbits_privileged_25](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_25.webp) | Failed / Error | +| ![chapter_1_stealthbits_privileged_26](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_26.webp) | Active Sessions | +| ![chapter_1_stealthbits_privileged_27](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_27.webp) | Scheduled Sessions | +Original image link: ![chapter_1_stealthbits_privileged_25](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_25.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.1\accessmanagement\admin\navigation.md +Context: +| ![chapter_1_stealthbits_privileged_24](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_24.webp) | Warning | +| ![chapter_1_stealthbits_privileged_25](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_25.webp) | Failed / Error | +| ![chapter_1_stealthbits_privileged_26](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_26.webp) | Active Sessions | +| ![chapter_1_stealthbits_privileged_27](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_27.webp) | Scheduled Sessions | + +Original image link: ![chapter_1_stealthbits_privileged_26](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_26.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.1\accessmanagement\admin\navigation.md +Context: +| ![chapter_1_stealthbits_privileged_25](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_25.webp) | Failed / Error | +| ![chapter_1_stealthbits_privileged_26](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_26.webp) | Active Sessions | +| ![chapter_1_stealthbits_privileged_27](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_27.webp) | Scheduled Sessions | + +Hover over an icon anywhere within the console for its description. +Original image link: ![chapter_1_stealthbits_privileged_27](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_27.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.1\accessmanagement\admin\policy\add\accesspolicy.md +Context: +**Step 2 –** In the Access Policy list, click the Plus icon. + +![Add Access Policy](/img/product_docs/privilegesecure/4.1/accessmanagement/admin/configuration/add/addaccesspolicy.webp) + +**Step 3 –** Enter the following information: +Original image link: ![Add Access Policy](/img/product_docs/privilegesecure/4.1/accessmanagement/admin/configuration/add/addaccesspolicy.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.1\accessmanagement\admin\policy\add\activitygroup.md +Context: +**Step 2 –** In the Activity Groups list, click the Add Activity Group icon. + +![addactivitygroup](/img/product_docs/privilegesecure/4.1/accessmanagement/admin/policy/page/addactivitygroup.webp) + +**Step 3 –** Enter the following information: +Original image link: ![addactivitygroup](/img/product_docs/privilegesecure/4.1/accessmanagement/admin/policy/page/addactivitygroup.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.1\accessmanagement\admin\policy\add\schedulepolicy.md +Context: +**Step 2 –** In the Schedule Polices list, click the **Plus** icon. + +![Schedule Policy Editor Window](/img/product_docs/privilegesecure/4.1/accessmanagement/admin/policy/edit/schedulepolicyeditor.webp) + +**Step 3 –** Enter the following information: +Original image link: ![Schedule Policy Editor Window](/img/product_docs/privilegesecure/4.1/accessmanagement/admin/policy/edit/schedulepolicyeditor.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.1\accessmanagement\admin\policy\add\secretvault.md +Context: +**Step 2 –** Click the Plus icon and select New Secret Vault from the drop-down list. + +![Add secrete Vault Resource](/img/product_docs/privilegesecure/4.1/accessmanagement/admin/configuration/add/addsecretvault.webp) + +**Step 3 –** Enter the following information: +Original image link: ![Add secrete Vault Resource](/img/product_docs/privilegesecure/4.1/accessmanagement/admin/configuration/add/addsecretvault.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.1\accessmanagement\admin\policy\page\credentials.md +Context: +[Credentials Dashboard](/docs/privilegesecure/4.1/accessmanagement/admin/dashboard/credentials.md). + +![Credentials page](/img/product_docs/activitymonitor/7.1/install/agent/credentials.webp) + +The page has the following features: +Original image link: ![Credentials page](/img/product_docs/activitymonitor/7.1/install/agent/credentials.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.1\accessmanagement\admin\policy\tab\resources\databases.md +Context: +The Databases tab shows information about the server database on the selected resource. + +![Database Details page](/img/product_docs/privilegesecure/4.1/accessmanagement/admin/policy/page/details/databasedetailspage.webp) + +The Databases tab has the following features: +Original image link: ![Database Details page](/img/product_docs/privilegesecure/4.1/accessmanagement/admin/policy/page/details/databasedetailspage.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.1\accessmanagement\admin\policy\window\accesspolicy\addactivitiesandactivitygroups.md +Context: +[Activities Page](/docs/privilegesecure/4.1/accessmanagement/admin/policy/page/activities.md). + +![Add Activities and Activity Groups Window](/img/product_docs/privilegesecure/4.1/accessmanagement/admin/policy/window/usersgroups/addactivitiesandactivitygroups.webp) + +The window has the following features: +Original image link: ![Add Activities and Activity Groups Window](/img/product_docs/privilegesecure/4.1/accessmanagement/admin/policy/window/usersgroups/addactivitiesandactivitygroups.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.1\accessmanagement\admin\policy\window\accesspolicy\addresourcesandresourcegroups.md +Context: +[Resources Page](/docs/privilegesecure/4.1/accessmanagement/admin/policy/page/resources.md). + +![Add resources and resource groups window](/img/product_docs/privilegesecure/4.1/accessmanagement/admin/policy/window/usersgroups/addresourcesandresourcegroups.webp) + +The window has the following features: +Original image link: ![Add resources and resource groups window](/img/product_docs/privilegesecure/4.1/accessmanagement/admin/policy/window/usersgroups/addresourcesandresourcegroups.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.1\accessmanagement\admin\policy\window\activities\addactivities.md +Context: +[Activities Page](/docs/privilegesecure/4.1/accessmanagement/admin/policy/page/activities.md). + +![Add activities and activity groups window](/img/product_docs/privilegesecure/4.1/accessmanagement/admin/policy/window/usersgroups/addactivitiesandactivitygroups.webp) + +The window has the following features: +Original image link: ![Add activities and activity groups window](/img/product_docs/privilegesecure/4.1/accessmanagement/admin/policy/window/usersgroups/addactivitiesandactivitygroups.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.1\accessmanagement\admin\policy\window\protectionpolicies\addresources.md +Context: +[Resources Page](/docs/privilegesecure/4.1/accessmanagement/admin/policy/page/resources.md). + +![Protection policy add resource window](/img/product_docs/privilegesecure/4.1/accessmanagement/admin/policy/window/resources/addresources.webp) + +The window has the following features: +Original image link: ![Protection policy add resource window](/img/product_docs/privilegesecure/4.1/accessmanagement/admin/policy/window/resources/addresources.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.1\accessmanagement\admin\producttour.md +Context: +Secure administrator role are walked through features that are relevant to their role. + +![producttour](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/producttour.webp) + +At any time, the tour can be stopped by clicking the **X** icon at the top-right of the Console. By +Original image link: ![producttour](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/producttour.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.1\accessmanagement\admin\producttour.md +Context: +The product tour may be re-started at any time via the user menu. + +![usermenu](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/usermenu.webp) + +See the +Original image link: ![usermenu](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/usermenu.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.1\accessmanagement\revieweruser\access\createsession.md +Context: +**Step 1 –** Select an **Activity** to expand the session ribbon. + +![myactivityuser](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/access/myactivityuser.webp) + +**Step 2 –** Click **Create Session** to start a new activity session. +Original image link: ![myactivityuser](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/access/myactivityuser.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.1\accessmanagement\revieweruser\access\createsession.md +Context: + activity sessions. + +![configuresessionuser](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/access/configuresessionuser.webp) + +**Step 3 –** Enter the following information: +Original image link: ![configuresessionuser](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/access/configuresessionuser.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.1\accessmanagement\revieweruser\access\createsession.md +Context: +- Click **Start Session** to start the provisioning process. + +![startsessionuser](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/access/startsessionuser.webp) + +**NOTE:** If an approval is required, the Waiting for approval message will display until it has +Original image link: ![startsessionuser](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/access/startsessionuser.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.1\accessmanagement\revieweruser\access\createsession.md +Context: +been granted. + +![stopsession](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/access/stopsession.webp) + +**Step 4 –** When provisioned, an activity session will display an Available status with a green +Original image link: ![stopsession](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/access/stopsession.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.1\accessmanagement\revieweruser\access\myactivities.md +Context: +organized alphabetically or by Access Policy. + +![My Activiy Dashboard for End User](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/access/myactivityuser.webp) + +To access the My Activities page, open the Access interface. If there is only a single activity card +Original image link: ![My Activiy Dashboard for End User](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/access/myactivityuser.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.1\accessmanagement\revieweruser\dashboard\createsession.md +Context: +**Step 2 –** In the Active Session table, click Create Session to open the Activity Request window. + +![Create Activity Session Interface](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/dashboard/createsessionuser.webp) + +**Step 3 –** On the Request Type page, enter the following information: +Original image link: ![Create Activity Session Interface](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/dashboard/createsessionuser.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.1\accessmanagement\revieweruser\dashboard\createsession.md +Context: +**Step 4 –** Click Next to go to the Resource Selection page. + +![Create Session window Resource Selection](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/dashboard/createsessionresourceselection.webp) + +**Step 5 –** On the Resource Selection page, enter the following information: +Original image link: ![Create Session window Resource Selection](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/dashboard/createsessionresourceselection.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.1\accessmanagement\revieweruser\dashboard\createsession.md +Context: +**Step 6 –** Click **Next** to go to the Notes page. + +![Create Session Notes Page](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/dashboard/createsessionnotes.webp) + +**Step 7 –** On the Notes page, enter the following information: +Original image link: ![Create Session Notes Page](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/dashboard/createsessionnotes.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.1\accessmanagement\revieweruser\dashboard\createsession.md +Context: +**Step 8 –** Click Next to go to the Scheduling page. + +![Create Session Schedule Page](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/dashboard/createsessionscheduling.webp) + +**Step 9 –** On the Scheduling page, enter the following information: +Original image link: ![Create Session Schedule Page](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/dashboard/createsessionscheduling.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.1\accessmanagement\revieweruser\dashboard\createsession.md +Context: +**Step 10 –** Click Next to go to the Review page. + +![Create Session Review Page](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/dashboard/createsessionreview.webp) + +**Step 11 –** On the Review page, review the summary of the new session. +Original image link: ![Create Session Review Page](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/dashboard/createsessionreview.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.1\accessmanagement\revieweruser\dashboard\overview.md +Context: +information. + +![Dashboard Interface](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/activedashboarduser.webp) + +The overview section shows information for the following: +Original image link: ![Dashboard Interface](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/activedashboarduser.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.1\accessmanagement\revieweruser\dashboard\startsession.md +Context: +time is 5 minutes or less. + +![Extend Activity Session](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/dashboard/extendsession.webp) + +For RDP, a pop-up message is displayed in the session window. +Original image link: ![Extend Activity Session](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/dashboard/extendsession.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.1\accessmanagement\revieweruser\dashboard\startsession.md +Context: +For RDP, a pop-up message is displayed in the session window. + +![extendsessionssh](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/dashboard/extendsessionssh.webp) + +For SSH the user can extend by typing **Ctrl+X** when prompted. +Original image link: ![extendsessionssh](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/dashboard/extendsessionssh.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.1\accessmanagement\revieweruser\dashboard\window\sessionlogs.md +Context: +Active dashboard and click the View Logs button to open the Session Logs window. + +![Session Logs Window](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/dashboard/window/sessionlogs.webp) + +The window has the following features: +Original image link: ![Session Logs Window](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/dashboard/window/sessionlogs.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.1\accessmanagement\revieweruser\navigation.md +Context: +| Icon | Interface | +| ---------------------------------------------------------------------------------------------------------------------------- | ------------------- | +| ![myactivities](/img/product_docs/privilegesecure/4.1/accessmanagement/install/myactivities.webp) | My Activities | +| ![dashboard](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/dashboard.webp) | Dashboard | +| ![policy](/img/product_docs/threatprevention/7.4/admin/configuration/databasemaintenance/policy.webp) | Policy | +Original image link: ![myactivities](/img/product_docs/privilegesecure/4.1/accessmanagement/install/myactivities.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.1\accessmanagement\revieweruser\navigation.md +Context: +| ---------------------------------------------------------------------------------------------------------------------------- | ------------------- | +| ![myactivities](/img/product_docs/privilegesecure/4.1/accessmanagement/install/myactivities.webp) | My Activities | +| ![dashboard](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/dashboard.webp) | Dashboard | +| ![policy](/img/product_docs/threatprevention/7.4/admin/configuration/databasemaintenance/policy.webp) | Policy | +| ![users](/img/product_docs/activitymonitor/7.1/admin/monitoreddomains/admonitoringconfiguration/users.webp) | Users & Groups | +Original image link: ![dashboard](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/dashboard.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.1\accessmanagement\revieweruser\navigation.md +Context: +| ![myactivities](/img/product_docs/privilegesecure/4.1/accessmanagement/install/myactivities.webp) | My Activities | +| ![dashboard](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/dashboard.webp) | Dashboard | +| ![policy](/img/product_docs/threatprevention/7.4/admin/configuration/databasemaintenance/policy.webp) | Policy | +| ![users](/img/product_docs/activitymonitor/7.1/admin/monitoreddomains/admonitoringconfiguration/users.webp) | Users & Groups | +| ![resources](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/resources.webp) | Resources | +Original image link: ![policy](/img/product_docs/threatprevention/7.4/admin/configuration/databasemaintenance/policy.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.1\accessmanagement\revieweruser\navigation.md +Context: +| ![dashboard](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/dashboard.webp) | Dashboard | +| ![policy](/img/product_docs/threatprevention/7.4/admin/configuration/databasemaintenance/policy.webp) | Policy | +| ![users](/img/product_docs/activitymonitor/7.1/admin/monitoreddomains/admonitoringconfiguration/users.webp) | Users & Groups | +| ![resources](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/resources.webp) | Resources | +| ![credentials](/img/product_docs/activitymonitor/7.1/install/agent/credentials.webp) | Credentials | +Original image link: ![users](/img/product_docs/activitymonitor/7.1/admin/monitoreddomains/admonitoringconfiguration/users.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.1\accessmanagement\revieweruser\navigation.md +Context: +| ![policy](/img/product_docs/threatprevention/7.4/admin/configuration/databasemaintenance/policy.webp) | Policy | +| ![users](/img/product_docs/activitymonitor/7.1/admin/monitoreddomains/admonitoringconfiguration/users.webp) | Users & Groups | +| ![resources](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/resources.webp) | Resources | +| ![credentials](/img/product_docs/activitymonitor/7.1/install/agent/credentials.webp) | Credentials | +| ![activities](/img/product_docs/accessanalyzer/11.6/admin/hostdiscovery/activities.webp) | Activities | +Original image link: ![resources](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/resources.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.1\accessmanagement\revieweruser\navigation.md +Context: +| ![users](/img/product_docs/activitymonitor/7.1/admin/monitoreddomains/admonitoringconfiguration/users.webp) | Users & Groups | +| ![resources](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/resources.webp) | Resources | +| ![credentials](/img/product_docs/activitymonitor/7.1/install/agent/credentials.webp) | Credentials | +| ![activities](/img/product_docs/accessanalyzer/11.6/admin/hostdiscovery/activities.webp) | Activities | +| ![configuration](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/configuration.webp) | Configuration | +Original image link: ![credentials](/img/product_docs/activitymonitor/7.1/install/agent/credentials.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.1\accessmanagement\revieweruser\navigation.md +Context: +| ![resources](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/resources.webp) | Resources | +| ![credentials](/img/product_docs/activitymonitor/7.1/install/agent/credentials.webp) | Credentials | +| ![activities](/img/product_docs/accessanalyzer/11.6/admin/hostdiscovery/activities.webp) | Activities | +| ![configuration](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/configuration.webp) | Configuration | +| ![servicenodes](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/servicenodes.webp) | Service Nodes | +Original image link: ![activities](/img/product_docs/accessanalyzer/11.6/admin/hostdiscovery/activities.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.1\accessmanagement\revieweruser\navigation.md +Context: +| ![credentials](/img/product_docs/activitymonitor/7.1/install/agent/credentials.webp) | Credentials | +| ![activities](/img/product_docs/accessanalyzer/11.6/admin/hostdiscovery/activities.webp) | Activities | +| ![configuration](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/configuration.webp) | Configuration | +| ![servicenodes](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/servicenodes.webp) | Service Nodes | +| ![auditreporting](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/auditreporting.webp) | Audit and Reporting | +Original image link: ![configuration](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/configuration.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.1\accessmanagement\revieweruser\navigation.md +Context: +| ![activities](/img/product_docs/accessanalyzer/11.6/admin/hostdiscovery/activities.webp) | Activities | +| ![configuration](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/configuration.webp) | Configuration | +| ![servicenodes](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/servicenodes.webp) | Service Nodes | +| ![auditreporting](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/auditreporting.webp) | Audit and Reporting | + +Original image link: ![servicenodes](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/servicenodes.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.1\accessmanagement\revieweruser\navigation.md +Context: +| ![configuration](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/configuration.webp) | Configuration | +| ![servicenodes](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/servicenodes.webp) | Service Nodes | +| ![auditreporting](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/auditreporting.webp) | Audit and Reporting | + +Dashboard Icons +Original image link: ![auditreporting](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/auditreporting.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.1\accessmanagement\revieweruser\navigation.md +Context: +| Icon | Session Data | +| ---------------------------------------------------------------------------------------------------------------------------------- | ------------------- | +| ![activedashboard](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/activedashboard.webp) | Active Sessions | +| ![scheduleddashboard](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/scheduleddashboard.webp) | Scheduled Sessions | +| ![approvalsdashboard](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/approvalsdashboard.webp) | Approvals | +Original image link: ![activedashboard](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/activedashboard.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.1\accessmanagement\revieweruser\navigation.md +Context: +| ---------------------------------------------------------------------------------------------------------------------------------- | ------------------- | +| ![activedashboard](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/activedashboard.webp) | Active Sessions | +| ![scheduleddashboard](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/scheduleddashboard.webp) | Scheduled Sessions | +| ![approvalsdashboard](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/approvalsdashboard.webp) | Approvals | +| ![historicaldashboard](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/historicaldashboard.webp) | Historical Sessions | +Original image link: ![scheduleddashboard](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/scheduleddashboard.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.1\accessmanagement\revieweruser\navigation.md +Context: +| ![activedashboard](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/activedashboard.webp) | Active Sessions | +| ![scheduleddashboard](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/scheduleddashboard.webp) | Scheduled Sessions | +| ![approvalsdashboard](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/approvalsdashboard.webp) | Approvals | +| ![historicaldashboard](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/historicaldashboard.webp) | Historical Sessions | +| ![usersdasshboard](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/usersdasshboard.webp) | User Activity | +Original image link: ![approvalsdashboard](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/approvalsdashboard.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.1\accessmanagement\revieweruser\navigation.md +Context: +| ![scheduleddashboard](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/scheduleddashboard.webp) | Scheduled Sessions | +| ![approvalsdashboard](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/approvalsdashboard.webp) | Approvals | +| ![historicaldashboard](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/historicaldashboard.webp) | Historical Sessions | +| ![usersdasshboard](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/usersdasshboard.webp) | User Activity | +| ![resourcesdashboard](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/resourcesdashboard.webp) | Resources | +Original image link: ![historicaldashboard](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/historicaldashboard.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.1\accessmanagement\revieweruser\navigation.md +Context: +| ![approvalsdashboard](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/approvalsdashboard.webp) | Approvals | +| ![historicaldashboard](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/historicaldashboard.webp) | Historical Sessions | +| ![usersdasshboard](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/usersdasshboard.webp) | User Activity | +| ![resourcesdashboard](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/resourcesdashboard.webp) | Resources | +| ![credentialsdashboard](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/credentialsdashboard.webp) | Credentials | +Original image link: ![usersdasshboard](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/usersdasshboard.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.1\accessmanagement\revieweruser\navigation.md +Context: +| ![historicaldashboard](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/historicaldashboard.webp) | Historical Sessions | +| ![usersdasshboard](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/usersdasshboard.webp) | User Activity | +| ![resourcesdashboard](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/resourcesdashboard.webp) | Resources | +| ![credentialsdashboard](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/credentialsdashboard.webp) | Credentials | + +Original image link: ![resourcesdashboard](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/resourcesdashboard.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.1\accessmanagement\revieweruser\navigation.md +Context: +| ![usersdasshboard](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/usersdasshboard.webp) | User Activity | +| ![resourcesdashboard](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/resourcesdashboard.webp) | Resources | +| ![credentialsdashboard](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/credentialsdashboard.webp) | Credentials | + +Active Directory Icons +Original image link: ![credentialsdashboard](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/credentialsdashboard.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.1\accessmanagement\revieweruser\navigation.md +Context: +| Icon | Object | +| ------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------------- | +| ![chapter_1_stealthbits_privileged_12](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_12.webp) | User | +| ![chapter_1_stealthbits_privileged_13](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_13.webp) | Group | +| ![chapter_1_stealthbits_privileged_15](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.5.webp) | Application | +Original image link: ![chapter_1_stealthbits_privileged_12](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_12.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.1\accessmanagement\revieweruser\navigation.md +Context: +| ------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------------- | +| ![chapter_1_stealthbits_privileged_12](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_12.webp) | User | +| ![chapter_1_stealthbits_privileged_13](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_13.webp) | Group | +| ![chapter_1_stealthbits_privileged_15](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.5.webp) | Application | +| ![Collectionsicon](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/collectionsicon.webp) | Collection | +Original image link: ![chapter_1_stealthbits_privileged_13](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_13.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.1\accessmanagement\revieweruser\navigation.md +Context: +| ![chapter_1_stealthbits_privileged_12](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_12.webp) | User | +| ![chapter_1_stealthbits_privileged_13](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_13.webp) | Group | +| ![chapter_1_stealthbits_privileged_15](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.5.webp) | Application | +| ![Collectionsicon](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/collectionsicon.webp) | Collection | +| ![Custom Role](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/customroleicon.webp) | Custom Role | +Original image link: ![chapter_1_stealthbits_privileged_15](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.5.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.1\accessmanagement\revieweruser\navigation.md +Context: +| ![chapter_1_stealthbits_privileged_13](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_13.webp) | Group | +| ![chapter_1_stealthbits_privileged_15](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.5.webp) | Application | +| ![Collectionsicon](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/collectionsicon.webp) | Collection | +| ![Custom Role](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/customroleicon.webp) | Custom Role | +| ![Domain icon](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.6.webp) | Computer / Resource | +Original image link: ![Collectionsicon](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/collectionsicon.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.1\accessmanagement\revieweruser\navigation.md +Context: +| ![chapter_1_stealthbits_privileged_15](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.5.webp) | Application | +| ![Collectionsicon](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/collectionsicon.webp) | Collection | +| ![Custom Role](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/customroleicon.webp) | Custom Role | +| ![Domain icon](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.6.webp) | Computer / Resource | +| ![chapter_1_stealthbits_privileged_15](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.webp) | Domain | +Original image link: ![Custom Role](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/customroleicon.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.1\accessmanagement\revieweruser\navigation.md +Context: +| ![Collectionsicon](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/collectionsicon.webp) | Collection | +| ![Custom Role](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/customroleicon.webp) | Custom Role | +| ![Domain icon](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.6.webp) | Computer / Resource | +| ![chapter_1_stealthbits_privileged_15](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.webp) | Domain | +| ![Website icon](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.7.webp) | Website | +Original image link: ![Domain icon](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.6.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.1\accessmanagement\revieweruser\navigation.md +Context: +| ![Custom Role](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/customroleicon.webp) | Custom Role | +| ![Domain icon](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.6.webp) | Computer / Resource | +| ![chapter_1_stealthbits_privileged_15](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.webp) | Domain | +| ![Website icon](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.7.webp) | Website | +| ![AzureAD icon](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.8.webp) | Azure AD | +Original image link: ![chapter_1_stealthbits_privileged_15](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.1\accessmanagement\revieweruser\navigation.md +Context: +| ![Domain icon](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.6.webp) | Computer / Resource | +| ![chapter_1_stealthbits_privileged_15](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.webp) | Domain | +| ![Website icon](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.7.webp) | Website | +| ![AzureAD icon](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.8.webp) | Azure AD | +| ![Secret Vault icon](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.9.webp) | Secret Vault | +Original image link: ![Website icon](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.7.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.1\accessmanagement\revieweruser\navigation.md +Context: +| ![chapter_1_stealthbits_privileged_15](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.webp) | Domain | +| ![Website icon](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.7.webp) | Website | +| ![AzureAD icon](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.8.webp) | Azure AD | +| ![Secret Vault icon](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.9.webp) | Secret Vault | +| ![Cisco icon](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.4.webp) | Cisco | +Original image link: ![AzureAD icon](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.8.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.1\accessmanagement\revieweruser\navigation.md +Context: +| ![Website icon](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.7.webp) | Website | +| ![AzureAD icon](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.8.webp) | Azure AD | +| ![Secret Vault icon](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.9.webp) | Secret Vault | +| ![Cisco icon](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.4.webp) | Cisco | +| ![Windows icon](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.3.webp) | Windows | +Original image link: ![Secret Vault icon](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.9.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.1\accessmanagement\revieweruser\navigation.md +Context: +| ![AzureAD icon](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.8.webp) | Azure AD | +| ![Secret Vault icon](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.9.webp) | Secret Vault | +| ![Cisco icon](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.4.webp) | Cisco | +| ![Windows icon](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.3.webp) | Windows | + +Original image link: ![Cisco icon](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.4.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.1\accessmanagement\revieweruser\navigation.md +Context: +| ![Secret Vault icon](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.9.webp) | Secret Vault | +| ![Cisco icon](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.4.webp) | Cisco | +| ![Windows icon](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.3.webp) | Windows | + +Information Icons +Original image link: ![Windows icon](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.3.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.1\accessmanagement\revieweruser\navigation.md +Context: +| Icon | Information | +| ---------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------- | +| ![chapter_1_stealthbits_privileged_23](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_23.webp) | Complete / Information | +| ![chapter_1_stealthbits_privileged_24](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_24.webp) | Warning | +| ![chapter_1_stealthbits_privileged_25](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_25.webp) | Failed / Error | +Original image link: ![chapter_1_stealthbits_privileged_23](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_23.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.1\accessmanagement\revieweruser\navigation.md +Context: +| ---------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------- | +| ![chapter_1_stealthbits_privileged_23](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_23.webp) | Complete / Information | +| ![chapter_1_stealthbits_privileged_24](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_24.webp) | Warning | +| ![chapter_1_stealthbits_privileged_25](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_25.webp) | Failed / Error | +| ![chapter_1_stealthbits_privileged_26](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_26.webp) | Active Sessions | +Original image link: ![chapter_1_stealthbits_privileged_24](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_24.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.1\accessmanagement\revieweruser\navigation.md +Context: +| ![chapter_1_stealthbits_privileged_23](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_23.webp) | Complete / Information | +| ![chapter_1_stealthbits_privileged_24](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_24.webp) | Warning | +| ![chapter_1_stealthbits_privileged_25](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_25.webp) | Failed / Error | +| ![chapter_1_stealthbits_privileged_26](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_26.webp) | Active Sessions | +| ![chapter_1_stealthbits_privileged_27](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_27.webp) | Scheduled Sessions | +Original image link: ![chapter_1_stealthbits_privileged_25](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_25.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.1\accessmanagement\revieweruser\navigation.md +Context: +| ![chapter_1_stealthbits_privileged_24](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_24.webp) | Warning | +| ![chapter_1_stealthbits_privileged_25](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_25.webp) | Failed / Error | +| ![chapter_1_stealthbits_privileged_26](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_26.webp) | Active Sessions | +| ![chapter_1_stealthbits_privileged_27](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_27.webp) | Scheduled Sessions | + +Original image link: ![chapter_1_stealthbits_privileged_26](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_26.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.1\accessmanagement\revieweruser\navigation.md +Context: +| ![chapter_1_stealthbits_privileged_25](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_25.webp) | Failed / Error | +| ![chapter_1_stealthbits_privileged_26](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_26.webp) | Active Sessions | +| ![chapter_1_stealthbits_privileged_27](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_27.webp) | Scheduled Sessions | + +Hover over an icon anywhere within the console for its description. +Original image link: ![chapter_1_stealthbits_privileged_27](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/chapter_1_stealthbits_privileged_27.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.1\accessmanagement\revieweruser\overview.md +Context: +If required, first time Reviewers must register with an MFA to use with their login credentials. + +![Default Login](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/defaultloginuser.webp) + +**Step 2 –** Either click the default authentication connector button, or click **Log In with a +Original image link: ![Default Login](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/defaultloginuser.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.1\accessmanagement\revieweruser\overview.md +Context: +Privilege Secure. + +![Alternate Login](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/alternatelogin.webp) + +**Step 3 –** Login to Privilege Secure with a configured authentication connector, or enter the user +Original image link: ![Alternate Login](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/alternatelogin.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.1\accessmanagement\revieweruser\overview.md +Context: + enter. Instead there's just a single button to login. + +![Okta authentication connector](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/oktadefault.webp) + +- Clicking the authentication connector will redirect the user to the IdP login screen, which will +Original image link: ![Okta authentication connector](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/oktadefault.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.1\accessmanagement\revieweruser\overview.md +Context: +**Step 6 –** Enter the code provided by the registered multi-factor authenticator (MFA). + +![Multi Factor Authentication Login](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/mfalogin.webp) + +**Step 7 –** Click MFA Login. Privilege Secure opens on the Dashboard Interface. +Original image link: ![Multi Factor Authentication Login](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/mfalogin.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.1\accessmanagement\revieweruser\overview.md +Context: +**Step 7 –** Click MFA Login. Privilege Secure opens on the Dashboard Interface. + +![Dashboard Interface](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/activedashboarduser.webp) + +Privilege Secure is ready to use. +Original image link: ![Dashboard Interface](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/activedashboarduser.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.1\accessmanagement\revieweruser\producttour.md +Context: +Secure administrator role are walked through features that are relevant to their role. + +![producttour](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/producttour.webp) + +At any time, the tour can be stopped by clicking the **X** icon at the top-right of the Console. By +Original image link: ![producttour](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/producttour.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.1\accessmanagement\revieweruser\producttour.md +Context: +The product tour may be re-started at any time via the user menu. + +![usermenu](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/usermenu.webp) + +See the +Original image link: ![usermenu](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/usermenu.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.1\accessmanagement\revieweruser\sessiontimeout.md +Context: +of inactivity. A Session Timeout warning message appears after 15 minutes. + +![Session Timeout window](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/sessiontimeout.webp) + +If the timeout message appears, click Stay Logged In to continue using the console. +Original image link: ![Session Timeout window](/img/product_docs/privilegesecure/4.1/accessmanagement/enduser/sessiontimeout.webp) +Case: Path alignment mismatch +No suggested images found. diff --git a/static/img/product_docs/privilegesecure/4.2/skipped-image-links.txt b/static/img/product_docs/privilegesecure/4.2/skipped-image-links.txt new file mode 100644 index 0000000000..8a80c3f1d1 --- /dev/null +++ b/static/img/product_docs/privilegesecure/4.2/skipped-image-links.txt @@ -0,0 +1,1793 @@ + +--- +File: docs\privilegesecure\4.2\accessmanagement\admin\access\createsession.md +Context: +**Step 1 –** Select an **Activity** to expand the session ribbon. + +![myactivityuser](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/access/myactivityuser.webp) + +**Step 2 –** Click **Create Session** to start a new activity session. +Original image link: ![myactivityuser](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/access/myactivityuser.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.2\accessmanagement\admin\access\createsession.md +Context: + activity sessions. + +![configuresessionuser](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/access/configuresessionuser.webp) + +**Step 3 –** Enter the following information: +Original image link: ![configuresessionuser](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/access/configuresessionuser.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.2\accessmanagement\admin\access\createsession.md +Context: +- Click **Start Session** to start the provisioning process. + +![startsessionuser](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/access/startsessionuser.webp) + +**NOTE:** If an approval is required, the Waiting for approval message will display until it has +Original image link: ![startsessionuser](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/access/startsessionuser.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.2\accessmanagement\admin\access\createsession.md +Context: +been granted. + +![stopsession](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/access/stopsession.webp) + +**Step 4 –** When provisioned, an activity session will display an Available status with a green +Original image link: ![stopsession](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/access/stopsession.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.2\accessmanagement\admin\dashboard\createsession.md +Context: +**Step 2 –** In the Active Session table, click Create Session to open the Activity Request window. + +![Create Activity Session Interface](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/createsessionuser.webp) + +**Step 3 –** On the Request Type page, enter the following information: +Original image link: ![Create Activity Session Interface](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/createsessionuser.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.2\accessmanagement\admin\dashboard\createsession.md +Context: +**Step 4 –** Click Next to go to the Resource Selection page. + +![Create Session window Resource Selection](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/createsessionresourceselection.webp) + +**Step 5 –** On the Resource Selection page, enter the following information: +Original image link: ![Create Session window Resource Selection](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/createsessionresourceselection.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.2\accessmanagement\admin\dashboard\createsession.md +Context: +**Step 6 –** Click **Next** to go to the Notes page. + +![Create Session Notes Page](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/createsessionnotes.webp) + +**Step 7 –** On the Notes page, enter the following information: +Original image link: ![Create Session Notes Page](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/createsessionnotes.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.2\accessmanagement\admin\dashboard\createsession.md +Context: +**Step 8 –** Click Next to go to the Scheduling page. + +![Create Session Schedule Page](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/createsessionscheduling.webp) + +**Step 9 –** On the Scheduling page, enter the following information: +Original image link: ![Create Session Schedule Page](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/createsessionscheduling.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.2\accessmanagement\admin\dashboard\createsession.md +Context: +**Step 10 –** Click Next to go to the Review page. + +![Create Session Review Page](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/createsessionreview.webp) + +**Step 11 –** On the Review page, review the summary of the new session. +Original image link: ![Create Session Review Page](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/createsessionreview.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.2\accessmanagement\admin\dashboard\startsession.md +Context: +**NOTE:** For NPS users with the Administrator role, session extension is always enabled. + +![Extend Activity Session](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/extendsession.webp) + +For RDP, a pop-up message is displayed in the session window. +Original image link: ![Extend Activity Session](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/extendsession.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.2\accessmanagement\admin\dashboard\startsession.md +Context: +For RDP, a pop-up message is displayed in the session window. + +![extendsessionssh](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/extendsessionssh.webp) + +For SSH the user can extend by typing **Ctrl+X** when prompted. +Original image link: ![extendsessionssh](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/extendsessionssh.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.2\accessmanagement\admin\dashboard\window\sessionlogs.md +Context: +Active dashboard and click the View Logs button to open the Session Logs window. + +![Session Logs Window](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/window/sessionlogs.webp) + +The window has the following features: +Original image link: ![Session Logs Window](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/window/sessionlogs.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.2\accessmanagement\admin\login.md +Context: +Wizard. If required, first time users must register with an MFA to use with their login credentials. + +![Default Login](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/defaultloginuser.webp) + +**Step 2 –** Either click the default authentication connector button, or click **Log In with a +Original image link: ![Default Login](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/defaultloginuser.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.2\accessmanagement\admin\login.md +Context: +Privilege Secure. + +![Alternate Login](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/alternatelogin.webp) + +**Step 3 –** Login to the Privilege Secure Console with a configured authentication connector, or +Original image link: ![Alternate Login](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/alternatelogin.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.2\accessmanagement\admin\login.md +Context: +**Step 5 –** Enter the code provided by the registered multi-factor authenticator (MFA). + +![Multi Factor Authentication Login](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/mfalogin.webp) + +**Step 6 –** Click MFA Login. The Privilege Secure Console opens on the Dashboard Interface. +Original image link: ![Multi Factor Authentication Login](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/mfalogin.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.2\accessmanagement\admin\login.md +Context: +**Step 6 –** Click MFA Login. The Privilege Secure Console opens on the Dashboard Interface. + +![Dashboard Interface](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/activedashboarduser.webp) + +**NOTE:** After five incorrect login attempts, the user will be locked out of the account for five +Original image link: ![Dashboard Interface](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/activedashboarduser.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.2\accessmanagement\admin\navigation.md +Context: +| Icon | Interface | +| -------------------------------------------------------------------------------------------------------------------------------------------- | ------------------- | +| ![myactivities](/img/product_docs/privilegesecure/4.2/accessmanagement/install/myactivities.webp) | My Activities | +| ![dashboard](/img/product_docs/directorymanager/11.1/admincenter/general/dashboard.webp) | Dashboard | +| ![policy](/img/product_docs/threatprevention/7.5/admin/configuration/databasemaintenance/policy.webp) | Policy | +Original image link: ![myactivities](/img/product_docs/privilegesecure/4.2/accessmanagement/install/myactivities.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.2\accessmanagement\admin\navigation.md +Context: +| -------------------------------------------------------------------------------------------------------------------------------------------- | ------------------- | +| ![myactivities](/img/product_docs/privilegesecure/4.2/accessmanagement/install/myactivities.webp) | My Activities | +| ![dashboard](/img/product_docs/directorymanager/11.1/admincenter/general/dashboard.webp) | Dashboard | +| ![policy](/img/product_docs/threatprevention/7.5/admin/configuration/databasemaintenance/policy.webp) | Policy | +| ![users](/img/product_docs/activitymonitor/8.0/admin/monitoreddomains/admonitoringconfiguration/users.webp) | Users & Groups | +Original image link: ![dashboard](/img/product_docs/directorymanager/11.1/admincenter/general/dashboard.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.2\accessmanagement\admin\navigation.md +Context: +| ![myactivities](/img/product_docs/privilegesecure/4.2/accessmanagement/install/myactivities.webp) | My Activities | +| ![dashboard](/img/product_docs/directorymanager/11.1/admincenter/general/dashboard.webp) | Dashboard | +| ![policy](/img/product_docs/threatprevention/7.5/admin/configuration/databasemaintenance/policy.webp) | Policy | +| ![users](/img/product_docs/activitymonitor/8.0/admin/monitoreddomains/admonitoringconfiguration/users.webp) | Users & Groups | +| ![resources](/img/product_docs/platgovnetsuiteflashlight/getting_started/resources.webp) | Resources | +Original image link: ![policy](/img/product_docs/threatprevention/7.5/admin/configuration/databasemaintenance/policy.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.2\accessmanagement\admin\navigation.md +Context: +| ![dashboard](/img/product_docs/directorymanager/11.1/admincenter/general/dashboard.webp) | Dashboard | +| ![policy](/img/product_docs/threatprevention/7.5/admin/configuration/databasemaintenance/policy.webp) | Policy | +| ![users](/img/product_docs/activitymonitor/8.0/admin/monitoreddomains/admonitoringconfiguration/users.webp) | Users & Groups | +| ![resources](/img/product_docs/platgovnetsuiteflashlight/getting_started/resources.webp) | Resources | +| ![credentials](/img/product_docs/activitymonitor/8.0/install/agent/credentials.webp) | Credentials | +Original image link: ![users](/img/product_docs/activitymonitor/8.0/admin/monitoreddomains/admonitoringconfiguration/users.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.2\accessmanagement\admin\navigation.md +Context: +| ![policy](/img/product_docs/threatprevention/7.5/admin/configuration/databasemaintenance/policy.webp) | Policy | +| ![users](/img/product_docs/activitymonitor/8.0/admin/monitoreddomains/admonitoringconfiguration/users.webp) | Users & Groups | +| ![resources](/img/product_docs/platgovnetsuiteflashlight/getting_started/resources.webp) | Resources | +| ![credentials](/img/product_docs/activitymonitor/8.0/install/agent/credentials.webp) | Credentials | +| ![activities](/img/product_docs/accessanalyzer/12.0/admin/hostdiscovery/activities.webp) | Activities | +Original image link: ![resources](/img/product_docs/platgovnetsuiteflashlight/getting_started/resources.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.2\accessmanagement\admin\navigation.md +Context: +| ![users](/img/product_docs/activitymonitor/8.0/admin/monitoreddomains/admonitoringconfiguration/users.webp) | Users & Groups | +| ![resources](/img/product_docs/platgovnetsuiteflashlight/getting_started/resources.webp) | Resources | +| ![credentials](/img/product_docs/activitymonitor/8.0/install/agent/credentials.webp) | Credentials | +| ![activities](/img/product_docs/accessanalyzer/12.0/admin/hostdiscovery/activities.webp) | Activities | +| ![configuration](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/configuration.webp) | Configuration | +Original image link: ![credentials](/img/product_docs/activitymonitor/8.0/install/agent/credentials.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.2\accessmanagement\admin\navigation.md +Context: +| ![resources](/img/product_docs/platgovnetsuiteflashlight/getting_started/resources.webp) | Resources | +| ![credentials](/img/product_docs/activitymonitor/8.0/install/agent/credentials.webp) | Credentials | +| ![activities](/img/product_docs/accessanalyzer/12.0/admin/hostdiscovery/activities.webp) | Activities | +| ![configuration](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/configuration.webp) | Configuration | +| ![servicenodes](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/servicenodes.webp) | Service Nodes | +Original image link: ![activities](/img/product_docs/accessanalyzer/12.0/admin/hostdiscovery/activities.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.2\accessmanagement\admin\navigation.md +Context: +| ![credentials](/img/product_docs/activitymonitor/8.0/install/agent/credentials.webp) | Credentials | +| ![activities](/img/product_docs/accessanalyzer/12.0/admin/hostdiscovery/activities.webp) | Activities | +| ![configuration](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/configuration.webp) | Configuration | +| ![servicenodes](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/servicenodes.webp) | Service Nodes | +| ![auditreporting](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/auditreporting.webp) | Audit and Reporting | +Original image link: ![configuration](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/configuration.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.2\accessmanagement\admin\navigation.md +Context: +| ![activities](/img/product_docs/accessanalyzer/12.0/admin/hostdiscovery/activities.webp) | Activities | +| ![configuration](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/configuration.webp) | Configuration | +| ![servicenodes](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/servicenodes.webp) | Service Nodes | +| ![auditreporting](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/auditreporting.webp) | Audit and Reporting | + +Original image link: ![servicenodes](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/servicenodes.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.2\accessmanagement\admin\navigation.md +Context: +| ![configuration](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/configuration.webp) | Configuration | +| ![servicenodes](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/servicenodes.webp) | Service Nodes | +| ![auditreporting](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/auditreporting.webp) | Audit and Reporting | + +Dashboard Icons +Original image link: ![auditreporting](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/auditreporting.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.2\accessmanagement\admin\navigation.md +Context: +| Icon | Session Data | +| -------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------- | +| ![activedashboard](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/activedashboard.webp) | Active Sessions | +| ![scheduleddashboard](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/scheduleddashboard.webp) | Scheduled Sessions | +| ![approvalsdashboard](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/approvalsdashboard.webp) | Approvals | +Original image link: ![activedashboard](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/activedashboard.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.2\accessmanagement\admin\navigation.md +Context: +| -------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------- | +| ![activedashboard](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/activedashboard.webp) | Active Sessions | +| ![scheduleddashboard](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/scheduleddashboard.webp) | Scheduled Sessions | +| ![approvalsdashboard](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/approvalsdashboard.webp) | Approvals | +| ![historicaldashboard](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/historicaldashboard.webp) | Historical Sessions | +Original image link: ![scheduleddashboard](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/scheduleddashboard.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.2\accessmanagement\admin\navigation.md +Context: +| ![activedashboard](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/activedashboard.webp) | Active Sessions | +| ![scheduleddashboard](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/scheduleddashboard.webp) | Scheduled Sessions | +| ![approvalsdashboard](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/approvalsdashboard.webp) | Approvals | +| ![historicaldashboard](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/historicaldashboard.webp) | Historical Sessions | +| ![usersdasshboard](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/usersdasshboard.webp) | User Activity | +Original image link: ![approvalsdashboard](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/approvalsdashboard.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.2\accessmanagement\admin\navigation.md +Context: +| ![scheduleddashboard](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/scheduleddashboard.webp) | Scheduled Sessions | +| ![approvalsdashboard](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/approvalsdashboard.webp) | Approvals | +| ![historicaldashboard](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/historicaldashboard.webp) | Historical Sessions | +| ![usersdasshboard](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/usersdasshboard.webp) | User Activity | +| ![resourcesdashboard](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/resourcesdashboard.webp) | Resources | +Original image link: ![historicaldashboard](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/historicaldashboard.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.2\accessmanagement\admin\navigation.md +Context: +| ![approvalsdashboard](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/approvalsdashboard.webp) | Approvals | +| ![historicaldashboard](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/historicaldashboard.webp) | Historical Sessions | +| ![usersdasshboard](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/usersdasshboard.webp) | User Activity | +| ![resourcesdashboard](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/resourcesdashboard.webp) | Resources | +| ![credentialsdashboard](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/credentialsdashboard.webp) | Credentials | +Original image link: ![usersdasshboard](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/usersdasshboard.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.2\accessmanagement\admin\navigation.md +Context: +| ![historicaldashboard](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/historicaldashboard.webp) | Historical Sessions | +| ![usersdasshboard](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/usersdasshboard.webp) | User Activity | +| ![resourcesdashboard](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/resourcesdashboard.webp) | Resources | +| ![credentialsdashboard](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/credentialsdashboard.webp) | Credentials | + +Original image link: ![resourcesdashboard](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/resourcesdashboard.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.2\accessmanagement\admin\navigation.md +Context: +| ![usersdasshboard](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/usersdasshboard.webp) | User Activity | +| ![resourcesdashboard](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/resourcesdashboard.webp) | Resources | +| ![credentialsdashboard](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/credentialsdashboard.webp) | Credentials | + +Active Directory Icons +Original image link: ![credentialsdashboard](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/credentialsdashboard.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.2\accessmanagement\admin\navigation.md +Context: +| Icon | Object | +| ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------- | +| ![chapter_1_stealthbits_privileged_12](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_12.webp) | User | +| ![chapter_1_stealthbits_privileged_13](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_13.webp) | Group | +| ![chapter_1_stealthbits_privileged_15](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.5.webp) | Application | +Original image link: ![chapter_1_stealthbits_privileged_12](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_12.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.2\accessmanagement\admin\navigation.md +Context: +| ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------- | +| ![chapter_1_stealthbits_privileged_12](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_12.webp) | User | +| ![chapter_1_stealthbits_privileged_13](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_13.webp) | Group | +| ![chapter_1_stealthbits_privileged_15](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.5.webp) | Application | +| ![Collectionsicon](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/collectionsicon.webp) | Collection | +Original image link: ![chapter_1_stealthbits_privileged_13](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_13.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.2\accessmanagement\admin\navigation.md +Context: +| ![chapter_1_stealthbits_privileged_12](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_12.webp) | User | +| ![chapter_1_stealthbits_privileged_13](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_13.webp) | Group | +| ![chapter_1_stealthbits_privileged_15](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.5.webp) | Application | +| ![Collectionsicon](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/collectionsicon.webp) | Collection | +| ![Custom Role](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/customroleicon.webp) | Custom Role | +Original image link: ![chapter_1_stealthbits_privileged_15](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.5.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.2\accessmanagement\admin\navigation.md +Context: +| ![chapter_1_stealthbits_privileged_13](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_13.webp) | Group | +| ![chapter_1_stealthbits_privileged_15](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.5.webp) | Application | +| ![Collectionsicon](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/collectionsicon.webp) | Collection | +| ![Custom Role](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/customroleicon.webp) | Custom Role | +| ![Domain icon](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.6.webp) | Computer / Resource | +Original image link: ![Collectionsicon](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/collectionsicon.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.2\accessmanagement\admin\navigation.md +Context: +| ![chapter_1_stealthbits_privileged_15](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.5.webp) | Application | +| ![Collectionsicon](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/collectionsicon.webp) | Collection | +| ![Custom Role](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/customroleicon.webp) | Custom Role | +| ![Domain icon](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.6.webp) | Computer / Resource | +| ![chapter_1_stealthbits_privileged_15](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.webp) | Domain | +Original image link: ![Custom Role](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/customroleicon.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.2\accessmanagement\admin\navigation.md +Context: +| ![Collectionsicon](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/collectionsicon.webp) | Collection | +| ![Custom Role](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/customroleicon.webp) | Custom Role | +| ![Domain icon](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.6.webp) | Computer / Resource | +| ![chapter_1_stealthbits_privileged_15](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.webp) | Domain | +| ![Website icon](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.7.webp) | Website | +Original image link: ![Domain icon](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.6.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.2\accessmanagement\admin\navigation.md +Context: +| ![Custom Role](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/customroleicon.webp) | Custom Role | +| ![Domain icon](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.6.webp) | Computer / Resource | +| ![chapter_1_stealthbits_privileged_15](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.webp) | Domain | +| ![Website icon](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.7.webp) | Website | +| ![AzureAD icon](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.8.webp) | Azure AD | +Original image link: ![chapter_1_stealthbits_privileged_15](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.2\accessmanagement\admin\navigation.md +Context: +| ![Domain icon](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.6.webp) | Computer / Resource | +| ![chapter_1_stealthbits_privileged_15](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.webp) | Domain | +| ![Website icon](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.7.webp) | Website | +| ![AzureAD icon](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.8.webp) | Azure AD | +| ![Secret Vault icon](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.9.webp) | Secret Vault | +Original image link: ![Website icon](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.7.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.2\accessmanagement\admin\navigation.md +Context: +| ![chapter_1_stealthbits_privileged_15](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.webp) | Domain | +| ![Website icon](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.7.webp) | Website | +| ![AzureAD icon](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.8.webp) | Azure AD | +| ![Secret Vault icon](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.9.webp) | Secret Vault | +| ![Cisco icon](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.4.webp) | Cisco | +Original image link: ![AzureAD icon](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.8.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.2\accessmanagement\admin\navigation.md +Context: +| ![Website icon](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.7.webp) | Website | +| ![AzureAD icon](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.8.webp) | Azure AD | +| ![Secret Vault icon](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.9.webp) | Secret Vault | +| ![Cisco icon](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.4.webp) | Cisco | +| ![Windows icon](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.3.webp) | Windows | +Original image link: ![Secret Vault icon](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.9.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.2\accessmanagement\admin\navigation.md +Context: +| ![AzureAD icon](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.8.webp) | Azure AD | +| ![Secret Vault icon](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.9.webp) | Secret Vault | +| ![Cisco icon](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.4.webp) | Cisco | +| ![Windows icon](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.3.webp) | Windows | + +Original image link: ![Cisco icon](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.4.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.2\accessmanagement\admin\navigation.md +Context: +| ![Secret Vault icon](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.9.webp) | Secret Vault | +| ![Cisco icon](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.4.webp) | Cisco | +| ![Windows icon](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.3.webp) | Windows | + +Action Icons +Original image link: ![Windows icon](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.3.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.2\accessmanagement\admin\navigation.md +Context: +| Icon | Information | +| -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------- | +| ![chapter_1_stealthbits_privileged_23](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_23.webp) | Complete / Information | +| ![chapter_1_stealthbits_privileged_24](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_24.webp) | Warning | +| ![chapter_1_stealthbits_privileged_25](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_25.webp) | Failed / Error | +Original image link: ![chapter_1_stealthbits_privileged_23](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_23.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.2\accessmanagement\admin\navigation.md +Context: +| -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------- | +| ![chapter_1_stealthbits_privileged_23](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_23.webp) | Complete / Information | +| ![chapter_1_stealthbits_privileged_24](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_24.webp) | Warning | +| ![chapter_1_stealthbits_privileged_25](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_25.webp) | Failed / Error | +| ![chapter_1_stealthbits_privileged_26](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_26.webp) | Active Sessions | +Original image link: ![chapter_1_stealthbits_privileged_24](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_24.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.2\accessmanagement\admin\navigation.md +Context: +| ![chapter_1_stealthbits_privileged_23](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_23.webp) | Complete / Information | +| ![chapter_1_stealthbits_privileged_24](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_24.webp) | Warning | +| ![chapter_1_stealthbits_privileged_25](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_25.webp) | Failed / Error | +| ![chapter_1_stealthbits_privileged_26](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_26.webp) | Active Sessions | +| ![chapter_1_stealthbits_privileged_27](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_27.webp) | Scheduled Sessions | +Original image link: ![chapter_1_stealthbits_privileged_25](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_25.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.2\accessmanagement\admin\navigation.md +Context: +| ![chapter_1_stealthbits_privileged_24](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_24.webp) | Warning | +| ![chapter_1_stealthbits_privileged_25](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_25.webp) | Failed / Error | +| ![chapter_1_stealthbits_privileged_26](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_26.webp) | Active Sessions | +| ![chapter_1_stealthbits_privileged_27](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_27.webp) | Scheduled Sessions | + +Original image link: ![chapter_1_stealthbits_privileged_26](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_26.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.2\accessmanagement\admin\navigation.md +Context: +| ![chapter_1_stealthbits_privileged_25](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_25.webp) | Failed / Error | +| ![chapter_1_stealthbits_privileged_26](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_26.webp) | Active Sessions | +| ![chapter_1_stealthbits_privileged_27](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_27.webp) | Scheduled Sessions | + +Hover over an icon anywhere within the console for its description. +Original image link: ![chapter_1_stealthbits_privileged_27](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_27.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.2\accessmanagement\admin\policy\add\accesspolicy.md +Context: +**Step 2 –** In the Access Policy list, click the Plus icon. + +![Add Access Policy](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/configuration/add/addaccesspolicy.webp) + +**Step 3 –** Enter the following information: +Original image link: ![Add Access Policy](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/configuration/add/addaccesspolicy.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.2\accessmanagement\admin\policy\add\activitygroup.md +Context: +**Step 2 –** In the Activity Groups list, click the Add Activity Group icon. + +![addactivitygroup](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/page/addactivitygroup.webp) + +**Step 3 –** Enter the following information: +Original image link: ![addactivitygroup](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/page/addactivitygroup.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.2\accessmanagement\admin\policy\add\schedulepolicy.md +Context: +**Step 2 –** In the Schedule Polices list, click the **Plus** icon. + +![Schedule Policy Editor Window](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/edit/schedulepolicyeditor.webp) + +**Step 3 –** Enter the following information: +Original image link: ![Schedule Policy Editor Window](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/edit/schedulepolicyeditor.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.2\accessmanagement\admin\policy\add\secretvault.md +Context: +**Step 2 –** Click the Plus icon and select New Secret Vault from the drop-down list. + +![Add secrete Vault Resource](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/configuration/add/addsecretvault.webp) + +**Step 3 –** Enter the following information: +Original image link: ![Add secrete Vault Resource](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/configuration/add/addsecretvault.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.2\accessmanagement\admin\policy\page\credentials.md +Context: +page displays the same information as the [Credentials Dashboard](/docs/privilegesecure/4.2/accessmanagement/admin/dashboard/credentials.md). + +![Credentials page](/img/product_docs/activitymonitor/8.0/install/agent/credentials.webp) + +The page has the following features: +Original image link: ![Credentials page](/img/product_docs/activitymonitor/8.0/install/agent/credentials.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.2\accessmanagement\admin\policy\tab\resources\databases.md +Context: +The Databases tab shows information about the server database on the selected resource. + +![Database Details page](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/page/details/databasedetailspage.webp) + +The Databases tab has the following features: +Original image link: ![Database Details page](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/page/details/databasedetailspage.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.2\accessmanagement\admin\policy\tab\resources\urlsentraid.md +Context: +login. + +![URLs Tab for Entra ID](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/page/details/azureaddetailspage.webp) + +The URLs tab has the following features: +Original image link: ![URLs Tab for Entra ID](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/page/details/azureaddetailspage.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.2\accessmanagement\admin\policy\window\accesspolicy\addactivitiesandactivitygroups.md +Context: +Activities are created in the [Activities Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/activities.md). + +![Add Activities and Activity Groups Window](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/window/usersgroups/addactivitiesandactivitygroups.webp) + +The window has the following features: +Original image link: ![Add Activities and Activity Groups Window](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/window/usersgroups/addactivitiesandactivitygroups.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.2\accessmanagement\admin\policy\window\accesspolicy\addresourcesandresourcegroups.md +Context: +Resources are onboarded in the [Resources Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/resources.md). + +![Add resources and resource groups window](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/window/usersgroups/addresourcesandresourcegroups.webp) + +The window has the following features: +Original image link: ![Add resources and resource groups window](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/window/usersgroups/addresourcesandresourcegroups.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.2\accessmanagement\admin\policy\window\activities\addactivities.md +Context: +created in the [Activities Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/activities.md). + +![Add activities and activity groups window](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/window/usersgroups/addactivitiesandactivitygroups.webp) + +The window has the following features: +Original image link: ![Add activities and activity groups window](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/window/usersgroups/addactivitiesandactivitygroups.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.2\accessmanagement\admin\policy\window\credentials\addcredentials.md +Context: +[Credentials Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/credentials.md). + +![Add Credentials Window](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/add/addcredentials.webp) + +The window has the following features: +Original image link: ![Add Credentials Window](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/add/addcredentials.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.2\accessmanagement\admin\policy\window\protectionpolicies\addresources.md +Context: +onboarded in the [Resources Page](/docs/privilegesecure/4.2/accessmanagement/admin/policy/page/resources.md). + +![Protection policy add resource window](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/window/resources/addresources.webp) + +The window has the following features: +Original image link: ![Protection policy add resource window](/img/product_docs/privilegesecure/4.2/accessmanagement/admin/policy/window/resources/addresources.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.2\accessmanagement\admin\producttour.md +Context: +Secure administrator role are walked through features that are relevant to their role. + +![producttour](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/producttour.webp) + +At any time, the tour can be stopped by clicking the **X** icon at the top-right of the Console. By +Original image link: ![producttour](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/producttour.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.2\accessmanagement\admin\producttour.md +Context: +The product tour may be re-started at any time via the user menu. + +![usermenu](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/usermenu.webp) + +See the [Navigation](/docs/privilegesecure/4.2/accessmanagement/admin/navigation.md) topic for additional information. +Original image link: ![usermenu](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/usermenu.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.2\accessmanagement\admin\sessiontimeout.md +Context: +For security reasons, the Privilege Secure Console automatically logs out the user after 10 minutes +of inactivity. A Session Timeout warning message displays after 5 +minutes.![Session time out window](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/sessiontimeout.webp)If +the timeout message displays, click Stay Logged In to continue using the console.See the +[Global Settings Page](/docs/privilegesecure/4.2/accessmanagement/admin/configuration/page/globalsettings.md) topic for additional information on +Original image link: ![Session time out window](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/sessiontimeout.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.2\accessmanagement\revieweruser\access\createsession.md +Context: +**Step 1 –** Select an **Activity** to expand the session ribbon. + +![myactivityuser](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/access/myactivityuser.webp) + +**Step 2 –** Click **Create Session** to start a new activity session. +Original image link: ![myactivityuser](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/access/myactivityuser.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.2\accessmanagement\revieweruser\access\createsession.md +Context: + activity sessions. + +![configuresessionuser](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/access/configuresessionuser.webp) + +**Step 3 –** Enter the following information: +Original image link: ![configuresessionuser](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/access/configuresessionuser.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.2\accessmanagement\revieweruser\access\createsession.md +Context: +- Click **Start Session** to start the provisioning process. + +![startsessionuser](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/access/startsessionuser.webp) + +**NOTE:** If an approval is required, the Waiting for approval message will display until it has +Original image link: ![startsessionuser](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/access/startsessionuser.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.2\accessmanagement\revieweruser\access\createsession.md +Context: +been granted. + +![stopsession](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/access/stopsession.webp) + +**Step 4 –** When provisioned, an activity session will display an Available status with a green +Original image link: ![stopsession](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/access/stopsession.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.2\accessmanagement\revieweruser\access\myactivities.md +Context: +organized alphabetically or by Access Policy. + +![My Activiy Dashboard for End User](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/access/myactivityuser.webp) + +To access the My Activities page, open the Access interface. If there is only a single activity card +Original image link: ![My Activiy Dashboard for End User](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/access/myactivityuser.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.2\accessmanagement\revieweruser\dashboard\createsession.md +Context: +**Step 2 –** In the Active Session table, click Create Session to open the Activity Request window. + +![Create Activity Session Interface](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/createsessionuser.webp) + +**Step 3 –** On the Request Type page, enter the following information: +Original image link: ![Create Activity Session Interface](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/createsessionuser.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.2\accessmanagement\revieweruser\dashboard\createsession.md +Context: +**Step 4 –** Click Next to go to the Resource Selection page. + +![Create Session window Resource Selection](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/createsessionresourceselection.webp) + +**Step 5 –** On the Resource Selection page, enter the following information: +Original image link: ![Create Session window Resource Selection](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/createsessionresourceselection.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.2\accessmanagement\revieweruser\dashboard\createsession.md +Context: +**Step 6 –** Click **Next** to go to the Notes page. + +![Create Session Notes Page](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/createsessionnotes.webp) + +**Step 7 –** On the Notes page, enter the following information: +Original image link: ![Create Session Notes Page](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/createsessionnotes.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.2\accessmanagement\revieweruser\dashboard\createsession.md +Context: +**Step 8 –** Click Next to go to the Scheduling page. + +![Create Session Schedule Page](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/createsessionscheduling.webp) + +**Step 9 –** On the Scheduling page, enter the following information: +Original image link: ![Create Session Schedule Page](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/createsessionscheduling.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.2\accessmanagement\revieweruser\dashboard\createsession.md +Context: +**Step 10 –** Click Next to go to the Review page. + +![Create Session Review Page](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/createsessionreview.webp) + +**Step 11 –** On the Review page, review the summary of the new session. +Original image link: ![Create Session Review Page](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/createsessionreview.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.2\accessmanagement\revieweruser\dashboard\overview.md +Context: +information. + +![Dashboard Interface](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/activedashboarduser.webp) + +The overview section shows information for the following: +Original image link: ![Dashboard Interface](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/activedashboarduser.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.2\accessmanagement\revieweruser\dashboard\startsession.md +Context: +**NOTE:** For NPS users with the Administrator role, session extension is always enabled. + +![Extend Activity Session](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/extendsession.webp) + +For RDP, a pop-up message is displayed in the session window. +Original image link: ![Extend Activity Session](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/extendsession.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.2\accessmanagement\revieweruser\dashboard\startsession.md +Context: +For RDP, a pop-up message is displayed in the session window. + +![extendsessionssh](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/extendsessionssh.webp) + +For SSH the user can extend by typing **Ctrl+X** when prompted. +Original image link: ![extendsessionssh](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/extendsessionssh.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.2\accessmanagement\revieweruser\dashboard\window\sessionlogs.md +Context: +Active dashboard and click the View Logs button to open the Session Logs window. + +![Session Logs Window](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/window/sessionlogs.webp) + +The window has the following features: +Original image link: ![Session Logs Window](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/window/sessionlogs.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.2\accessmanagement\revieweruser\navigation.md +Context: +| Icon | Interface | +| -------------------------------------------------------------------------------------------------------------------------------------------- | ------------------- | +| ![myactivities](/img/product_docs/privilegesecure/4.2/accessmanagement/install/myactivities.webp) | My Activities | +| ![dashboard](/img/product_docs/directorymanager/11.1/admincenter/general/dashboard.webp) | Dashboard | +| ![policy](/img/product_docs/threatprevention/7.5/admin/configuration/databasemaintenance/policy.webp) | Policy | +Original image link: ![myactivities](/img/product_docs/privilegesecure/4.2/accessmanagement/install/myactivities.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.2\accessmanagement\revieweruser\navigation.md +Context: +| -------------------------------------------------------------------------------------------------------------------------------------------- | ------------------- | +| ![myactivities](/img/product_docs/privilegesecure/4.2/accessmanagement/install/myactivities.webp) | My Activities | +| ![dashboard](/img/product_docs/directorymanager/11.1/admincenter/general/dashboard.webp) | Dashboard | +| ![policy](/img/product_docs/threatprevention/7.5/admin/configuration/databasemaintenance/policy.webp) | Policy | +| ![users](/img/product_docs/activitymonitor/8.0/admin/monitoreddomains/admonitoringconfiguration/users.webp) | Users & Groups | +Original image link: ![dashboard](/img/product_docs/directorymanager/11.1/admincenter/general/dashboard.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.2\accessmanagement\revieweruser\navigation.md +Context: +| ![myactivities](/img/product_docs/privilegesecure/4.2/accessmanagement/install/myactivities.webp) | My Activities | +| ![dashboard](/img/product_docs/directorymanager/11.1/admincenter/general/dashboard.webp) | Dashboard | +| ![policy](/img/product_docs/threatprevention/7.5/admin/configuration/databasemaintenance/policy.webp) | Policy | +| ![users](/img/product_docs/activitymonitor/8.0/admin/monitoreddomains/admonitoringconfiguration/users.webp) | Users & Groups | +| ![resources](/img/product_docs/platgovnetsuiteflashlight/getting_started/resources.webp) | Resources | +Original image link: ![policy](/img/product_docs/threatprevention/7.5/admin/configuration/databasemaintenance/policy.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.2\accessmanagement\revieweruser\navigation.md +Context: +| ![dashboard](/img/product_docs/directorymanager/11.1/admincenter/general/dashboard.webp) | Dashboard | +| ![policy](/img/product_docs/threatprevention/7.5/admin/configuration/databasemaintenance/policy.webp) | Policy | +| ![users](/img/product_docs/activitymonitor/8.0/admin/monitoreddomains/admonitoringconfiguration/users.webp) | Users & Groups | +| ![resources](/img/product_docs/platgovnetsuiteflashlight/getting_started/resources.webp) | Resources | +| ![credentials](/img/product_docs/activitymonitor/8.0/install/agent/credentials.webp) | Credentials | +Original image link: ![users](/img/product_docs/activitymonitor/8.0/admin/monitoreddomains/admonitoringconfiguration/users.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.2\accessmanagement\revieweruser\navigation.md +Context: +| ![policy](/img/product_docs/threatprevention/7.5/admin/configuration/databasemaintenance/policy.webp) | Policy | +| ![users](/img/product_docs/activitymonitor/8.0/admin/monitoreddomains/admonitoringconfiguration/users.webp) | Users & Groups | +| ![resources](/img/product_docs/platgovnetsuiteflashlight/getting_started/resources.webp) | Resources | +| ![credentials](/img/product_docs/activitymonitor/8.0/install/agent/credentials.webp) | Credentials | +| ![activities](/img/product_docs/accessanalyzer/12.0/admin/hostdiscovery/activities.webp) | Activities | +Original image link: ![resources](/img/product_docs/platgovnetsuiteflashlight/getting_started/resources.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.2\accessmanagement\revieweruser\navigation.md +Context: +| ![users](/img/product_docs/activitymonitor/8.0/admin/monitoreddomains/admonitoringconfiguration/users.webp) | Users & Groups | +| ![resources](/img/product_docs/platgovnetsuiteflashlight/getting_started/resources.webp) | Resources | +| ![credentials](/img/product_docs/activitymonitor/8.0/install/agent/credentials.webp) | Credentials | +| ![activities](/img/product_docs/accessanalyzer/12.0/admin/hostdiscovery/activities.webp) | Activities | +| ![configuration](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/configuration.webp) | Configuration | +Original image link: ![credentials](/img/product_docs/activitymonitor/8.0/install/agent/credentials.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.2\accessmanagement\revieweruser\navigation.md +Context: +| ![resources](/img/product_docs/platgovnetsuiteflashlight/getting_started/resources.webp) | Resources | +| ![credentials](/img/product_docs/activitymonitor/8.0/install/agent/credentials.webp) | Credentials | +| ![activities](/img/product_docs/accessanalyzer/12.0/admin/hostdiscovery/activities.webp) | Activities | +| ![configuration](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/configuration.webp) | Configuration | +| ![servicenodes](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/servicenodes.webp) | Service Nodes | +Original image link: ![activities](/img/product_docs/accessanalyzer/12.0/admin/hostdiscovery/activities.webp) +Case: Product folder mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.2\accessmanagement\revieweruser\navigation.md +Context: +| ![credentials](/img/product_docs/activitymonitor/8.0/install/agent/credentials.webp) | Credentials | +| ![activities](/img/product_docs/accessanalyzer/12.0/admin/hostdiscovery/activities.webp) | Activities | +| ![configuration](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/configuration.webp) | Configuration | +| ![servicenodes](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/servicenodes.webp) | Service Nodes | +| ![auditreporting](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/auditreporting.webp) | Audit and Reporting | +Original image link: ![configuration](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/configuration.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.2\accessmanagement\revieweruser\navigation.md +Context: +| ![activities](/img/product_docs/accessanalyzer/12.0/admin/hostdiscovery/activities.webp) | Activities | +| ![configuration](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/configuration.webp) | Configuration | +| ![servicenodes](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/servicenodes.webp) | Service Nodes | +| ![auditreporting](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/auditreporting.webp) | Audit and Reporting | + +Original image link: ![servicenodes](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/servicenodes.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.2\accessmanagement\revieweruser\navigation.md +Context: +| ![configuration](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/configuration.webp) | Configuration | +| ![servicenodes](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/servicenodes.webp) | Service Nodes | +| ![auditreporting](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/auditreporting.webp) | Audit and Reporting | + +Dashboard Icons +Original image link: ![auditreporting](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/auditreporting.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.2\accessmanagement\revieweruser\navigation.md +Context: +| Icon | Session Data | +| -------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------- | +| ![activedashboard](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/activedashboard.webp) | Active Sessions | +| ![scheduleddashboard](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/scheduleddashboard.webp) | Scheduled Sessions | +| ![approvalsdashboard](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/approvalsdashboard.webp) | Approvals | +Original image link: ![activedashboard](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/activedashboard.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.2\accessmanagement\revieweruser\navigation.md +Context: +| -------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------- | +| ![activedashboard](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/activedashboard.webp) | Active Sessions | +| ![scheduleddashboard](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/scheduleddashboard.webp) | Scheduled Sessions | +| ![approvalsdashboard](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/approvalsdashboard.webp) | Approvals | +| ![historicaldashboard](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/historicaldashboard.webp) | Historical Sessions | +Original image link: ![scheduleddashboard](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/scheduleddashboard.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.2\accessmanagement\revieweruser\navigation.md +Context: +| ![activedashboard](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/activedashboard.webp) | Active Sessions | +| ![scheduleddashboard](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/scheduleddashboard.webp) | Scheduled Sessions | +| ![approvalsdashboard](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/approvalsdashboard.webp) | Approvals | +| ![historicaldashboard](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/historicaldashboard.webp) | Historical Sessions | +| ![usersdasshboard](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/usersdasshboard.webp) | User Activity | +Original image link: ![approvalsdashboard](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/approvalsdashboard.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.2\accessmanagement\revieweruser\navigation.md +Context: +| ![scheduleddashboard](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/scheduleddashboard.webp) | Scheduled Sessions | +| ![approvalsdashboard](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/approvalsdashboard.webp) | Approvals | +| ![historicaldashboard](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/historicaldashboard.webp) | Historical Sessions | +| ![usersdasshboard](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/usersdasshboard.webp) | User Activity | +| ![resourcesdashboard](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/resourcesdashboard.webp) | Resources | +Original image link: ![historicaldashboard](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/historicaldashboard.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.2\accessmanagement\revieweruser\navigation.md +Context: +| ![approvalsdashboard](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/approvalsdashboard.webp) | Approvals | +| ![historicaldashboard](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/historicaldashboard.webp) | Historical Sessions | +| ![usersdasshboard](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/usersdasshboard.webp) | User Activity | +| ![resourcesdashboard](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/resourcesdashboard.webp) | Resources | +| ![credentialsdashboard](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/credentialsdashboard.webp) | Credentials | +Original image link: ![usersdasshboard](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/usersdasshboard.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.2\accessmanagement\revieweruser\navigation.md +Context: +| ![historicaldashboard](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/historicaldashboard.webp) | Historical Sessions | +| ![usersdasshboard](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/usersdasshboard.webp) | User Activity | +| ![resourcesdashboard](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/resourcesdashboard.webp) | Resources | +| ![credentialsdashboard](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/credentialsdashboard.webp) | Credentials | + +Original image link: ![resourcesdashboard](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/resourcesdashboard.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.2\accessmanagement\revieweruser\navigation.md +Context: +| ![usersdasshboard](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/usersdasshboard.webp) | User Activity | +| ![resourcesdashboard](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/resourcesdashboard.webp) | Resources | +| ![credentialsdashboard](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/credentialsdashboard.webp) | Credentials | + +Active Directory Icons +Original image link: ![credentialsdashboard](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/credentialsdashboard.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.2\accessmanagement\revieweruser\navigation.md +Context: +| Icon | Object | +| ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------- | +| ![chapter_1_stealthbits_privileged_12](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_12.webp) | User | +| ![chapter_1_stealthbits_privileged_13](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_13.webp) | Group | +| ![chapter_1_stealthbits_privileged_15](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.5.webp) | Application | +Original image link: ![chapter_1_stealthbits_privileged_12](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_12.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.2\accessmanagement\revieweruser\navigation.md +Context: +| ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------- | +| ![chapter_1_stealthbits_privileged_12](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_12.webp) | User | +| ![chapter_1_stealthbits_privileged_13](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_13.webp) | Group | +| ![chapter_1_stealthbits_privileged_15](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.5.webp) | Application | +| ![Collectionsicon](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/collectionsicon.webp) | Collection | +Original image link: ![chapter_1_stealthbits_privileged_13](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_13.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.2\accessmanagement\revieweruser\navigation.md +Context: +| ![chapter_1_stealthbits_privileged_12](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_12.webp) | User | +| ![chapter_1_stealthbits_privileged_13](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_13.webp) | Group | +| ![chapter_1_stealthbits_privileged_15](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.5.webp) | Application | +| ![Collectionsicon](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/collectionsicon.webp) | Collection | +| ![Custom Role](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/customroleicon.webp) | Custom Role | +Original image link: ![chapter_1_stealthbits_privileged_15](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.5.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.2\accessmanagement\revieweruser\navigation.md +Context: +| ![chapter_1_stealthbits_privileged_13](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_13.webp) | Group | +| ![chapter_1_stealthbits_privileged_15](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.5.webp) | Application | +| ![Collectionsicon](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/collectionsicon.webp) | Collection | +| ![Custom Role](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/customroleicon.webp) | Custom Role | +| ![Domain icon](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.6.webp) | Computer / Resource | +Original image link: ![Collectionsicon](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/collectionsicon.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.2\accessmanagement\revieweruser\navigation.md +Context: +| ![chapter_1_stealthbits_privileged_15](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.5.webp) | Application | +| ![Collectionsicon](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/collectionsicon.webp) | Collection | +| ![Custom Role](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/customroleicon.webp) | Custom Role | +| ![Domain icon](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.6.webp) | Computer / Resource | +| ![chapter_1_stealthbits_privileged_15](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.webp) | Domain | +Original image link: ![Custom Role](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/customroleicon.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.2\accessmanagement\revieweruser\navigation.md +Context: +| ![Collectionsicon](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/collectionsicon.webp) | Collection | +| ![Custom Role](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/customroleicon.webp) | Custom Role | +| ![Domain icon](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.6.webp) | Computer / Resource | +| ![chapter_1_stealthbits_privileged_15](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.webp) | Domain | +| ![Website icon](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.7.webp) | Website | +Original image link: ![Domain icon](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.6.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.2\accessmanagement\revieweruser\navigation.md +Context: +| ![Custom Role](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/customroleicon.webp) | Custom Role | +| ![Domain icon](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.6.webp) | Computer / Resource | +| ![chapter_1_stealthbits_privileged_15](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.webp) | Domain | +| ![Website icon](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.7.webp) | Website | +| ![AzureAD icon](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.8.webp) | Azure AD | +Original image link: ![chapter_1_stealthbits_privileged_15](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.2\accessmanagement\revieweruser\navigation.md +Context: +| ![Domain icon](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.6.webp) | Computer / Resource | +| ![chapter_1_stealthbits_privileged_15](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.webp) | Domain | +| ![Website icon](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.7.webp) | Website | +| ![AzureAD icon](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.8.webp) | Azure AD | +| ![Secret Vault icon](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.9.webp) | Secret Vault | +Original image link: ![Website icon](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.7.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.2\accessmanagement\revieweruser\navigation.md +Context: +| ![chapter_1_stealthbits_privileged_15](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.webp) | Domain | +| ![Website icon](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.7.webp) | Website | +| ![AzureAD icon](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.8.webp) | Azure AD | +| ![Secret Vault icon](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.9.webp) | Secret Vault | +| ![Cisco icon](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.4.webp) | Cisco | +Original image link: ![AzureAD icon](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.8.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.2\accessmanagement\revieweruser\navigation.md +Context: +| ![Website icon](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.7.webp) | Website | +| ![AzureAD icon](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.8.webp) | Azure AD | +| ![Secret Vault icon](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.9.webp) | Secret Vault | +| ![Cisco icon](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.4.webp) | Cisco | +| ![Windows icon](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.3.webp) | Windows | +Original image link: ![Secret Vault icon](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.9.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.2\accessmanagement\revieweruser\navigation.md +Context: +| ![AzureAD icon](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.8.webp) | Azure AD | +| ![Secret Vault icon](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.9.webp) | Secret Vault | +| ![Cisco icon](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.4.webp) | Cisco | +| ![Windows icon](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.3.webp) | Windows | + +Original image link: ![Cisco icon](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.4.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.2\accessmanagement\revieweruser\navigation.md +Context: +| ![Secret Vault icon](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.9.webp) | Secret Vault | +| ![Cisco icon](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.4.webp) | Cisco | +| ![Windows icon](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.3.webp) | Windows | + +Information Icons +Original image link: ![Windows icon](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_15.3.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.2\accessmanagement\revieweruser\navigation.md +Context: +| Icon | Information | +| -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------- | +| ![chapter_1_stealthbits_privileged_23](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_23.webp) | Complete / Information | +| ![chapter_1_stealthbits_privileged_24](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_24.webp) | Warning | +| ![chapter_1_stealthbits_privileged_25](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_25.webp) | Failed / Error | +Original image link: ![chapter_1_stealthbits_privileged_23](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_23.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.2\accessmanagement\revieweruser\navigation.md +Context: +| -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------- | +| ![chapter_1_stealthbits_privileged_23](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_23.webp) | Complete / Information | +| ![chapter_1_stealthbits_privileged_24](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_24.webp) | Warning | +| ![chapter_1_stealthbits_privileged_25](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_25.webp) | Failed / Error | +| ![chapter_1_stealthbits_privileged_26](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_26.webp) | Active Sessions | +Original image link: ![chapter_1_stealthbits_privileged_24](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_24.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.2\accessmanagement\revieweruser\navigation.md +Context: +| ![chapter_1_stealthbits_privileged_23](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_23.webp) | Complete / Information | +| ![chapter_1_stealthbits_privileged_24](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_24.webp) | Warning | +| ![chapter_1_stealthbits_privileged_25](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_25.webp) | Failed / Error | +| ![chapter_1_stealthbits_privileged_26](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_26.webp) | Active Sessions | +| ![chapter_1_stealthbits_privileged_27](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_27.webp) | Scheduled Sessions | +Original image link: ![chapter_1_stealthbits_privileged_25](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_25.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.2\accessmanagement\revieweruser\navigation.md +Context: +| ![chapter_1_stealthbits_privileged_24](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_24.webp) | Warning | +| ![chapter_1_stealthbits_privileged_25](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_25.webp) | Failed / Error | +| ![chapter_1_stealthbits_privileged_26](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_26.webp) | Active Sessions | +| ![chapter_1_stealthbits_privileged_27](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_27.webp) | Scheduled Sessions | + +Original image link: ![chapter_1_stealthbits_privileged_26](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_26.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.2\accessmanagement\revieweruser\navigation.md +Context: +| ![chapter_1_stealthbits_privileged_25](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_25.webp) | Failed / Error | +| ![chapter_1_stealthbits_privileged_26](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_26.webp) | Active Sessions | +| ![chapter_1_stealthbits_privileged_27](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_27.webp) | Scheduled Sessions | + +Hover over an icon anywhere within the console for its description. +Original image link: ![chapter_1_stealthbits_privileged_27](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/chapter_1_stealthbits_privileged_27.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.2\accessmanagement\revieweruser\overview.md +Context: +If required, first time Reviewers must register with an MFA to use with their login credentials. + +![Default Login](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/defaultloginuser.webp) + +**Step 2 –** Either click the default authentication connector button, or click **Log In with a +Original image link: ![Default Login](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/defaultloginuser.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.2\accessmanagement\revieweruser\overview.md +Context: +Privilege Secure. + +![Alternate Login](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/alternatelogin.webp) + +**Step 3 –** Login to Privilege Secure with a configured authentication connector, or enter the user +Original image link: ![Alternate Login](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/alternatelogin.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.2\accessmanagement\revieweruser\overview.md +Context: + enter. Instead there's just a single button to login. + +![Okta authentication connector](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/oktadefault.webp) + +- Clicking the authentication connector will redirect the user to the IdP login screen, which will +Original image link: ![Okta authentication connector](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/oktadefault.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.2\accessmanagement\revieweruser\overview.md +Context: +**Step 6 –** Enter the code provided by the registered multi-factor authenticator (MFA). + +![Multi Factor Authentication Login](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/mfalogin.webp) + +**Step 7 –** Click MFA Login. Privilege Secure opens on the Dashboard Interface. +Original image link: ![Multi Factor Authentication Login](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/mfalogin.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.2\accessmanagement\revieweruser\overview.md +Context: +**Step 7 –** Click MFA Login. Privilege Secure opens on the Dashboard Interface. + +![Dashboard Interface](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/activedashboarduser.webp) + +Privilege Secure is ready to use. +Original image link: ![Dashboard Interface](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/activedashboarduser.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.2\accessmanagement\revieweruser\producttour.md +Context: +Secure administrator role are walked through features that are relevant to their role. + +![producttour](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/producttour.webp) + +At any time, the tour can be stopped by clicking the **X** icon at the top-right of the Console. By +Original image link: ![producttour](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/producttour.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.2\accessmanagement\revieweruser\producttour.md +Context: +The product tour may be re-started at any time via the user menu. + +![usermenu](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/usermenu.webp) + +See the [Navigation](/docs/privilegesecure/4.2/accessmanagement/enduser/navigation.md) topic for additional information. +Original image link: ![usermenu](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/usermenu.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.2\accessmanagement\revieweruser\sessiontimeout.md +Context: +For security reasons, the Privilege Secure Console automatically logs out the user after 10 minutes +of inactivity. A Session Timeout warning message displays after 5 +minutes.![Session time out window](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/sessiontimeout.webp)If +the timeout message displays, click Stay Logged In to continue using the console. + +Original image link: ![Session time out window](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/sessiontimeout.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.2\remoteaccessgateway\enduser\access\createsession.md +Context: +**Step 1 –** Select an **Activity** to expand the session ribbon. + +![myactivityuser](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/access/myactivityuser.webp) + +**Step 2 –** Click **Create Session** to start a new activity session. +Original image link: ![myactivityuser](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/access/myactivityuser.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.2\remoteaccessgateway\enduser\access\createsession.md +Context: + activity sessions. + +![configuresessionuser](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/access/configuresessionuser.webp) + +**Step 3 –** Enter the following information: +Original image link: ![configuresessionuser](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/access/configuresessionuser.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.2\remoteaccessgateway\enduser\access\createsession.md +Context: +- Click **Start Session** to start the provisioning process. + +![startsessionuser](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/access/startsessionuser.webp) + +**NOTE:** If an approval is required, the Waiting for approval message will display until it has +Original image link: ![startsessionuser](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/access/startsessionuser.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.2\remoteaccessgateway\enduser\access\createsession.md +Context: +been granted. + +![stopsession](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/access/stopsession.webp) + +**Step 4 –** When provisioned, an activity session will display an Available status with a green +Original image link: ![stopsession](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/access/stopsession.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.2\remoteaccessgateway\enduser\dashboard\active.md +Context: +your administrator. + +![End User Active Dashboard](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/activedashboarduser.webp) + +The Active Sessions table has the following features: +Original image link: ![End User Active Dashboard](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/activedashboarduser.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.2\remoteaccessgateway\enduser\dashboard\approvals.md +Context: +approvals. Submitting an approval must be done through Netwrix Privilege Secure. + +![Approvals Dashboard](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/approvalsdashboarduser.webp) + +The Approvals Dashboard has the following features: +Original image link: ![Approvals Dashboard](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/approvalsdashboarduser.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.2\remoteaccessgateway\enduser\dashboard\createsession.md +Context: +**Step 2 –** In the Active Session table, click Create Session to open the Activity Request window. + +![Create Activity Session Interface](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/createsessionuser.webp) + +**Step 3 –** On the Request Type page, enter the following information: +Original image link: ![Create Activity Session Interface](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/createsessionuser.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.2\remoteaccessgateway\enduser\dashboard\createsession.md +Context: +**Step 4 –** Click Next to go to the Resource Selection page. + +![Create Session window Resource Selection](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/createsessionresourceselection.webp) + +**Step 5 –** On the Resource Selection page, enter the following information: +Original image link: ![Create Session window Resource Selection](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/createsessionresourceselection.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.2\remoteaccessgateway\enduser\dashboard\createsession.md +Context: +**Step 6 –** Click **Next** to go to the Notes page. + +![Create Session Notes Page](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/createsessionnotes.webp) + +**Step 7 –** On the Notes page, enter the following information: +Original image link: ![Create Session Notes Page](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/createsessionnotes.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.2\remoteaccessgateway\enduser\dashboard\createsession.md +Context: +**Step 8 –** Click Next to go to the Scheduling page. + +![Create Session Schedule Page](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/createsessionscheduling.webp) + +**Step 9 –** On the Scheduling page, enter the following information: +Original image link: ![Create Session Schedule Page](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/createsessionscheduling.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.2\remoteaccessgateway\enduser\dashboard\createsession.md +Context: +**Step 10 –** Click Next to go to the Review page. + +![Create Session Review Page](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/createsessionreview.webp) + +**Step 11 –** On the Review page, review the summary of the new session. +Original image link: ![Create Session Review Page](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/createsessionreview.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.2\remoteaccessgateway\enduser\dashboard\overview.md +Context: +information. + +![Dashboard Interface](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/activedashboarduser.webp) + +The overview section shows information for the following: +Original image link: ![Dashboard Interface](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/activedashboarduser.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.2\remoteaccessgateway\enduser\dashboard\scheduled.md +Context: +The Scheduled sessions dashboard shows all scheduled sessions. + +![Scheduled Dashboard](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/scheduleddashboarduser.webp) + +The Scheduled Sessions table has the following features: +Original image link: ![Scheduled Dashboard](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/dashboard/scheduleddashboarduser.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.2\remoteaccessgateway\enduser\navigation.md +Context: +Help link and the User Menu: + +![End User Dashboard](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/enduserdashboard.webp) + +The buttons have these functions: +Original image link: ![End User Dashboard](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/enduserdashboard.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.2\remoteaccessgateway\enduser\producttour.md +Context: +Secure administrator role are walked through features that are relevant to their role. + +![producttour](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/producttour.webp) + +At any time, the tour can be stopped by clicking the **X** icon at the top-right of the Console. By +Original image link: ![producttour](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/producttour.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.2\remoteaccessgateway\enduser\producttour.md +Context: +The product tour may be re-started at any time via the user menu. + +![usermenu](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/usermenu.webp) + +See the [Navigation](/docs/privilegesecure/4.2/remoteaccessgateway/enduser/navigation.md) topic for additional information. +Original image link: ![usermenu](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/usermenu.webp) +Case: Path alignment mismatch +No suggested images found. + + +--- +File: docs\privilegesecure\4.2\remoteaccessgateway\enduser\sessiontimeout.md +Context: +**NOTE:** The session timeout setting may differ if it has been customized by your administrator. + +![Session Timeout ](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/sessiontimeout.webp) + +If the timeout message appears, click **Stay Logged In** to continue using the console. +Original image link: ![Session Timeout ](/img/product_docs/privilegesecure/4.2/accessmanagement/enduser/sessiontimeout.webp) +Case: Path alignment mismatch +No suggested images found.