Access the EPM parameter configuration through the path Product Menu > EPM > Settings > Parameters > EPM. On the screen, you will find the following information:
Info
The path indicated above is exclusive to Segura v.3.32 and the PEDM EPM agent for Windows v.3.32. Users of versions lower than this must access parameter configuration through the path Product Menu > EPM > Settings > Parameters > EPM Windows.
| Parameter | Description | Expected value |
|---|---|---|
Vault Token |
Authentication token for the Segura.go client, used to register the workstation with Segura. | String (fixed). |
Enable credentials?* |
Allow or prohibit the Segura.go client user from viewing and copying credentials, and starting remote sessions according to their access group. | Yes or No. |
Enable applications?* |
Allow or prohibit users of the Segura.go client from carrying out executions, elevations of privilege and impersonations. | Yes or No. |
Enable uninstall?* |
Allow or prohibit users of the Segura.go client from accessing the application uninstall module. | Yes or No. |
Enable network sharing?* |
Allow or prohibit the Segura.go client user from accessing the network sharing module. | Yes or No. |
Enable network interface?* |
Allow or prohibit the user of Segura.go client from accessing the configuration of the operating system's network adapters. | Yes or No. |
Enable control panel?* |
Allow or prohibit the Segura.go client user from accessing the operating system control panel. | Yes or No. |
Enable offline use?* |
Allow or prohibit the user of the Segura.go client from running applications, applications even without a connection or record from the workstation in Segura. You must have your workstation registered before going offline for the first time. | Yes or No. |
Enable UAC integration?* |
Allow or disallow integration with the credential provider (UAC), where the user of Segura.go client can use Segura credentials to run applications on the operating system. | Yes or No. |
Allow session recording?* |
Allow or disallow screen recording of workstations with sessions launched through the Segura.go client. | Yes or No. |
Enable malware scan and application reputation?* |
Allow or disallow malware analysis before running applications via the Segura.go client. | Yes or No. |
Enable vault?* |
Allow or disallow the credential vault functionalities, limiting the times in which the Segura.go client synchronizes the credentials with Segura and determining a local storage interval for them. Recommended for high volumes of registered credentials. | Yes or No. |
Minute interval to request credentials |
Credential search interval in Segura. | Number. |
Block network access?* |
Allow or disallow the blocking of processes that are communicating with a destination other than Segura. | Yes or No. |
Block user |
Allow or disallow blocking of users in the Segura.go client when they execute processes that cross the limit of processes that communicate with servers other than Segura. Can only be enabled if network lock is enabled. | Yes or No. |
Occurrences (minimum) |
The minimum number of processes that can be terminated in the user's session before it is blocked. | Number. |
Enable DLL parsing?* |
Allow or disallow DLL parsing of operating system processes. It should be used in conjunction with access lists to block applications. If this parameter is enabled, access list policies will also be applied to DDL parsing. | Yes or No. |
Enable JIT access?* |
Allow or disallow a non-admin user from being placed in the admin group for a session. The user loses administrator access when asking to be removed from the group, leaving the session or restarting the machine. | Yes or No. |
New trusted directory |
List of directories considered trustworthy in the access list analysis. | String (path). |
Directory to ignore |
List of directories that should be ignored when scanning applications for the list of applications in elevation of privilege. | String (path). |
Token of API virus total |
Field to insert the VirusTotal API token, so that the malware analysis can occur successfully. | String. |
Enable multi-factor authentication at login?* |
Allow or disallow the multi-factor token request when the user logs into the operating system. | Yes or No. |
Enable multi-factor authentication to elevate applications?* |
Enable multi-factor token request when the user wants to make upgrades. | Yes or No. |
Habilitar Single Sign-On?* |
Allow or disallow the same authentication already performed when logging into Windows and Segura.go client is used to log in to Segura. | Yes or No. |
User can elevate applications |
Enable application elevation through the Segura.go client. | Yes or No. |
Requires justification to elevate applications |
Request justification so that the user can upgrade an application. It can only be enabled if the User can elevate applications parameter is also enabled. |
Yes or No. |
Requires approval to elevate applications |
Allow or disallow the approval flow when the user raises an application. It can only be enabled when the parameters User can elevate applications and Requires justification to elevate applications are also enabled. |
Yes or No. |
Required approvals |
Minimum number of approvers who need to approve the user's elevation request for the execution to be carried out. It can only be enabled when the parameters User can elevate applications and Requires justification to elevate applications are also enabled. |
Number. |
Disapprovals required to cancel |
Define how many failures are necessary to not elevate the application's privilege. | Number. |
Approval in levels |
Allow or disallow tiered approvals. | Yes or No. |
Allow emergency access |
Allow or prohibit the user from performing emergency access. | Yes or No. |
Required to specify governance code when justifying?* |
Define whether it is necessary for the user to provide the governance code to justify their access. | Yes or No. |
Always add user manager to approvers?* |
Define whether to add the user manager to the approving user group will always be necessary. | Yes or No. |
Execution message |
Define the message that should appear to the user when an application is running through the Segura.go client. | String. |
Execution blocking message |
Define the message that should appear to the user when an application is blocked by the Segura.go client is executed. | String. |
Enable Learning Mode |
When enabled, Learning Mode captures and records usage data for analysis and system optimization. | Yes or No. |
Info
Some PEDM features, such as configuring network adapters, require the Enable applications? parameter to be activated. In these cases, when executing other configurations that require the applications module to be activated, the Segura.go client returns the message The elevation parameter must be enabled to run this application.