Settings UI fields
You use the Admin Portal Settings page to configure the following Privileged Access Service options. Before you develop your Privileged Access Service deployment plan, review these options. Some of them may be necessary to support certain mobile devices (for example, the Apple Push Notification Service certificate for iOS devices) while others are optional (Account Customization and Exchange ActiveSync Server Settings).
Modifying a setting requires specific Admin Portal administrative rights.The third column lists the required rights. To learn more about the roles and rights required to make these changes see Admin Portal Administrative Rights.
| Setting | Why you use this setting | Role or rights needed to modify these settings |
|---|---|---|
| Account Customization | Customize the Admin Portal login prompts and email messages to incorporate your organizations brand and logos. See How to Customize the Admin and Login Window. | Sysadmin role |
| Authentication Profiles | Define the required authentication mechanisms such as password, email confirmation code, mobile authenticator, etc. You use the authentication profile when you create your authentication rule or when you are configuring Server Suite authentication. See Creating Authentication Profiles | Sysadmin role |
| Admin Portal | Display the list of Delinea Connectors, configure Integrated Windows Authentication settings, and add or delete a Delinea Connector. See How to install a Delinea Connector. | Sysadmin role to modify all settings Register Connectors permission to add a connector |
| Corporate IP Range | Specify the public IP addresses you want to include within the corporate intranet. Privileged Access Service uses these addresses for Integrated Windows Authentication and application multifactor authentication. See How to Set Corporate IP Ranges | Sysadmin role |
| Directory Services | Add LDAP or Google as your directory service and view existing configured directory services. See How to Add a Directory Service. | Sysadmin role |
| Idle User Session Timeout | Enable a timeout and set the time period to log out inactive users from Admin Portal and Privileged Access Service Admin Portal. See How to Configure Idle Session Timeout. | Sysadmin role |
| Login suffix | Create a list of the login suffixes (the name that follows @ in the full user name) that users enter to log in to the Privileged Access Service Admin Portal and enroll devices. Users that do not have a login suffix in this list cannot log in to the portals or enroll a device. See How to Use Login Suffixes. | Sysadmin role |
| OATH Tokens | You can authenticate the Privileged Access Service using your existing third-party OATH tokens (for example, those generated by a YubiKey) by bulk uploading those tokens. Privileged Access Service uses those tokens to generate one-time passcodes (OTP) that users with enrolled devices can immediately use to log in to the Admin Portal. See How to Configure OATH OTP. | Sysadmin role |
| Partner Management | Allows you to add business partners so that you can share your Privileged Access Service with your partners. Partner federation is achieved through SAML, where your tenant serves as the host (the Service Provider in SAML terms), and your business partners access the tenant and its associated resources by passing a SAML token obtained from their Identity Provider (IDP). See How to Set Up Business Partner Federation. | Sysadmin role |
| Provisioning | Run application user provisioning synchronization, configure the provisioning report options, and specify daily synchronizations. | Sysadmin role |
| RADIUS Connections | Allows you to configure your RADIUS clients/servers. You can use the Delinea Connector as a RADIUS server for clients that support RADIUS authentication, such as VPNs. Additionally, you can configure RADIUS server settings to allow third-party RADIUS authentication. See How to Configure Privileged Access Service for RADIUS. | Sysadmin role |
| SafeNet KeySecure Configuration | Configure communication between the Privileged Access Service and the SafeNet KeySecure appliance if you want to use KeySecure to store Delinea privilege service account passwords. | Sysadmin role |
| Security Settings | Define security related settings such as securely capture users' passwords at login or enabling forgotten username self-service. See How to Set Authentication Security Options. | Sysadminrole |
| Server Suite Authentication | Add or select an authentication profile to use for multi-factor authentication on Delinea-managed Linux and UNIX computers. The authentication profile determines the authentication mechanism from which users can select how they are authenticated. See Preparing Authentication Profiles. | Sysadmin role |
| System Configuration | To configure a custom SMTP server to for outgoing mail service such as MFA challenges and self-service features. You can also choose to connect to the custom SMTP server using the Delinea Connector. | |
| Tenant URLs | Create a URL that is specific to your company so your users can easily remember the Privileged Access Service URL. Newly created URLs may take a few minutes to propagate. If you have users using FIDO2 authenticator(s), those users will need to log in with the new URL and re-activate their keys. See "Using FIDO2 Authenticators with a New Tenant URL" for more information. URL requirements: Always begin with an alphabet Maximum of 63 characters Can only contain alphabets, numbers, and dashes (-) | Sysadmin role |
