This document provides information about the System parameters form screen, which refers to the parameters in the EPM tab.
Path to access
- On Segura® Platform, in the navigation bar, hover over the Products menu and select Settings.
- In the side menu, select System Parameters > Global > EPM
or
- On Segura® Platform, in the navigation bar, hover over the Products menu and select EPM.
- In the side menu, select Management > Settings > Parameters
EPM menu
Installation settings section
| Item |
Type |
Required |
Description |
| Vault token |
Text field |
No |
EPM Client authentication token used to register the workstation in Segura® Platform. |
Modules section
| Item |
Type |
Required |
Description |
| Enable Credentials? * |
Radio button |
Yes |
Defines whether the EPM Client user can view and copy credentials or start remote sessions, according to their access group. |
| Enable applications? * |
Radio button |
Yes |
Defines whether the EPM Client user can run applications, elevate privileges, and perform impersonations. |
| Enable uninstall? * |
Radio button |
Yes |
Defines whether the EPM Client user can access the uninstall applications module. |
| Enable network share? * |
Radio button |
Yes |
Defines whether the EPM Client user can access the network sharing module. |
| Enable network interface? * |
Radio button |
Yes |
Defines whether the EPM Client user can configure the operating system’s network adapters. |
| Enable control panel? * |
Radio button |
Yes |
Defines whether the EPM Client user can access the operating system’s control panel. |
General settings section
| Item |
Type |
Required |
Description |
| Enable offline use? * |
Radio button |
Yes |
Defines whether the EPM Client user can run applications without an active connection or registration in Segura® Platform. The workstation must be registered before the first offline use. |
| Require PAM user? * |
Radio button |
Yes |
Defines if it is mandatory to associate the workstation user with a vault user in order to enable certain features that require a password or access group membership. |
| Enable UAC integration? * |
Radio button |
Yes |
Defines whether integration with the credential provider (UAC) is enabled, allowing the EPM Client user to use Segura® Platform credentials to run applications. |
| Enable application scan? * |
Radio button |
Yes |
Defines if the application scan functionality is enabled. |
| Enable vault? * |
Radio button |
Yes |
Defines whether vault features are enabled, controlling when the EPM Client synchronizes credentials and how long they remain stored locally. Recommended for environments with a high volume of credentials. |
| Enable recording session? * |
Radio button |
Yes |
Defines whether screen recording of workstations with sessions started through the EPM Client is enabled. |
| Enable application malware and reputation scan? * |
Radio button |
Yes |
Defines whether the EPM Client performs malware scanning before executing applications. |
| Minutes interval to request credentials |
Quantity input |
No |
Defines the time interval, in minutes, for retrieving and updating credentials from Segura® Platform.
Attention: Use this parameter with caution, It can overload the system. The lower the time, more resources will be used. |
| Block access to network? |
Radio button |
No |
Defines whether the EPM Client should block processes attempting to communicate with destinations other than Segura® Platform. |
| Block user |
Dropdown menu |
No |
Defines whether the EPM Client should block a user who exceeds the allowed number of processes communicating with unauthorized servers. Requires network blocking to be enabled. |
| Occurrences (minimum) |
Quantity input |
No |
Defines the minimum number of occurrences before the user is blocked. |
| Enable DLL analysis? * |
Radio button |
Yes |
Defines whether the EPM Client should analyze process DLLs. This parameter must be used with access lists, applying the same blocking policies to DLLs. |
| Enable JIT access? * |
Radio button |
Yes |
Defines whether a non-administrator user can be temporarily added to the administrators group during a session. Access is revoked when the user ends the session or restarts the machine. |
| New trusted directory |
Multi-record field |
No |
Defines directories considered trusted during access list analysis. |
| Directory to be ignored |
Multi-record field |
No |
Defines directories to be ignored during application scanning for privilege elevation. |
| Virus total API token |
Text field |
No |
Defines the VirusTotal API token used to perform malware analysis. |
Authentication section
| Item |
Type |
Required |
Description |
| Enable multifactor authentication at login? * |
Radio button |
Yes |
Defines whether multifactor authentication is required when the user logs into the operating system. |
| Enable multifactor authentication to elevate applications? * |
Radio button |
Yes |
Defines whether a multifactor token is required when the user requests application elevation. |
| Enable Single Sign-On? * |
Radio button |
Yes |
Defines whether the authentication performed in Windows and the EPM Client can also be used to log into Segura® Platform. |
Workflow settings section
Elevation settings
| Item |
Type |
Required |
Description |
| User can elevate applications |
Checkbox |
No |
Defines whether the user can elevate applications through the EPM Client. |
| Require reason to elevate applications |
Checkbox |
No |
Defines whether the user must provide a justification to elevate an application. This option requires User can elevate applications to be enabled. |
| Require approval to elevate applications |
Checkbox |
No |
Defines whether an approval workflow is required for application elevation. This option depends on User can elevate applications and Require reason to elevate applications being enabled. |
| Approvals required |
Quantity input |
No |
Defines the minimum number of approvers required to authorize the user’s privilege elevation request. This option depends on User can elevate applications and Require reason to elevate applications being enabled. |
| Disapprovals required to cancel |
Quantity input |
No |
Defines the number of rejections required to cancel an elevation request. |
| Approval in levels |
Checkbox |
No |
Defines whether multi-level approval is enabled. |
| Allow emergency access |
Checkbox |
No |
Defines whether the user can perform emergency access operations. |
Access request settings
| Item |
Type |
Required |
Description |
| Governance ID required when justifying? * |
Radio button |
Yes |
Defines whether the user must provide a governance code when justifying access. |
| Always add user manager to approvers? * |
Radio button |
Yes |
Defines whether the user’s manager is automatically added to the approver group. |
Messages section
| Item |
Type |
Required |
Description |
| Execution message |
Text field |
No |
Defines the message displayed to the user when an application is executed by the EPM Client. |
| Execution block message |
Text field |
No |
Defines the message displayed to the user when a blocked application is executed by the EPM Client. |