Application Settings

Go to Settings > Configuration Search > Application to get to the Application Settings page.

Alternatively, search for Application in the Admin search.

The Application Settings page allows configuring basic Secret Server settings. Here, you can enable automatic checks for software updates and gain early access to new features through the Early Adopter setting. You can also opt to send anonymized system metrics to Delinea for product improvement and enable webservices to allow other applications to interact with Secret Server. Additional settings include configuring offline access duration for mobile devices, setting session timeouts for webservices, and managing token refreshes. Furthermore, you can enable Syslog/CEF Log Output, configure WinRM settings, and obfuscate personally identifiable information in audits.

Click Edit to enable, disable or set the desired configurations.

When done, click Save to save your settings.

Click Test system log to test your configurations.

The following configurations are available here:

  • Automatic checks for software updates: Enable to be notified at the top of each page with a link to the latest update.

  • Early Adopter: Enable to have access to the early adopter release - access, use, and benefit from the latest features, enhancements and improvements as soon as they are available. It is recommended to evaluate them in your test environment before an organization-wide rollout.

  • Send anonymized system metrics to Delinea: Enable to sent anonymized data about your configuration and usage of Secret Server for the further product improvement. See Anonymized system metric information for more details.

  • Enable webservices: Enable to allow other application to interact with Secret Server (requires to log in with the Secret Server credentials).

  • Maximum Time for Offline Access on Mobile Devices (days/hours): The maximum time for offline access on mobile devices setting in the server determines how long to cache secret data on the mobile device. Once the device is not in contact with the server for longer than the specified amount of time, the device removes its cache of the stored secrets. The only way to view secrets on the device once the cache is cleared is to connect to SS again so that the secrets can be re-downloaded. See Maximum Time Offline Explanation for more details.

  • Session timeout for webservices (days/hours/minutes): Set a Session time limit on Webservices API. Once Webservices expires, the user must log in again with their username and password.

  • Enable refresh tokens for webservices: Tell OAuth2 to send back a refresh token during Authentication. This token will allow the user to get a new access token without having to enter credentials.

  • Maximum token refreshes allowed: Set the maximum amount of times a user can refresh an access token.

  • Prevent direct API authentication: Prevent non-Application Account users from directly authenticating against the API.

  • Prevent Application from Sleeping When Idle: A keep alive thread will run in the background pinging the web URL to make sure IIS does not stop running due to inactivity.

  • Enable Syslog/CEF Log Output: Check to enable Syslog/CEF Log Output. See Syslog/CEF Logging Advanced Settings Information for more details.

  • Syslog/CEF Server * : Enter Syslog/CEF Server Address.

  • Syslog/CEF Port *: Enter Syslog/CEF Server Port.

  • Syslog/CEF Protocol: Select Syslog/CEF Protocol to use when sending logs.

  • Syslog/CEF Time Zone: Select Time Zone to use when sending Syslog/CEF Protocol log entries.

  • Syslog/CEF DateTime Format: DateTime Format for Syslog/CEF Protocol log timestamps. Syslog: Jun 23 2022 11:22:33; ISO 8601: 2022-06-23T11:22:33.000.

  • Syslog/CEF Site: This is the site that the CEF/Syslogs will run on.

  • Write Syslogs As Windows Events: When enabled, Audits and Event Subscriptions will be written out to the Windows Event Log of the server.

  • WinRM Endpoint URL *: The URL of the Windows Remote Management listener that will be used to run PowerShell scripts.

  • Enable CredSSP Authentication for WinRM: Enable to allow a client to delegate credentials to a target server. See How do I configure CredSSP for WinRM? for more details.

  • Max Secret Log Length: Enter the maximum Secret Log Length.

  • Custom URL: The custom-set external binding for the server.

  • Privilege Manager Installation URL: The custom-set location for Privilege Manager.

  • Obfuscate Personally Identifiable Information: Delimit personally identifiable information (PII) in Audits. If obfuscate is selected, then it will automatically remove PII data from Audit exports. Note: This will only export data from the last enabled date.