Common Enforcement Properties
Outgoing Email Server Settings (Deprecated)
NOTE For any changes required to the SMTP server settings, contact Thales Customer Support.
Configure the outgoing email exchange server (SMTP) and other email properties.
| Field | Description |
|---|---|
| SOCKS Proxy Port | The port for SOCKS proxy server. |
| SOCKS Proxy Host | The SOCKS proxy host. |
| Use SOCKS Proxy |
Specifies if SOCKS proxy is used. Socket Secure (SOCKS) is an Internet protocol that establishes a connection between the client and server and then routes all traffic back and forth using a proxy server. Possible values: Yes or No |
| Use SMTP Authentication |
Specifies if SMTP authentication is used. Possible values: Yes or No NOTE Sentinel EMS supports only basic SMTP authentication. |
| Email Master Footer | Specifies the information that is included as the footer in all emails. |
| Use TLS |
Specifies if transport layer security (TLS) is used. TLS is a way of changing data such as your user name and password into code as it travels across the internet, so that the data will be secure and private. With email delivery, TLS begins with an unsecured connection to the email servers, and then upgrades to a secure connection once information is sent. Possible values: Yes or No Default value: No |
| Sender Name | The sender name that appears in emails. |
| Sender Email |
The email address from which all emails are sent. |
| Password | Password corresponding to the user name. |
| User Name | User name corresponding to the email. It is used for sending email from an authenticated email server. |
| SMTP Port |
The port that connects to the email exchange server. Default value: 25 |
| SMTP Host |
The email exchange server. |
Entitlement Certificate Email Settings
| Field | Description |
|---|---|
| Send Email to Channel Partner |
Specifies if the entitlement certificate is sent to defined channel partners. Possible values: Yes or No |
| CC Email Change Allowed |
Specifies if users can edit the CC Email field while creating, editing, modifying, splitting, and transferring entitlements. Possible values: Yes or No |
| CC |
The email address to which carbon copies of the entitlement certificate are sent. You can type the email address manually or select it from the autocomplete list. Press Enter after each manually-entered email address. Possible values: Up to 15 email addresses |
| BCC |
The email address to which blind carbon copies of the entitlement certificate are sent. You can type the email address manually or select it from the autocomplete list. Press Enter after each manually-entered email address. Possible values: Up to 15 email addresses |
| Sender Name | The sender name that appears in the emails. |
| Sender Email | The email address from which entitlement certificates are sent. |
| Email Required |
Specifies if an email is sent when entitlements are produced. >DESIRED—Sentinel EMS will try to send email, but if it fails, the operation will still succeed. >REQUIRED—Sentinel EMS will try to send email, but if it fails, the operation fails. >NO—Sentinel EMS will not send the email. |
License File Configuration <5.5Preview>
Contact Certificate Email Settings
| Field | Description |
|---|---|
| BCC |
Send blind carbon copies of the contact certificate emails to this email address. Possible values: One email address |
| CC |
Send carbon copies of the contact certificate emails to this email address. Possible values: One email address |
| Sender Name | The sender name that appears in the emails. |
| Sender Email | The contact certificate is sent from this email address. |
| Email Required |
An email is sent when end user is registered. >DESIRED—Sentinel EMS will try to send an email. The operation will be considered successful even if the email cannot be sent. >REQUIRED—Sentinel EMS will try to send an email. The operation will fail if the email cannot be sent. >NO—Sentinel EMS will not send an email. |
Technical Support Contacts
The following properties are appended to the end of the email body in all emails sent by Sentinel EMS.
| Field | Description |
|---|---|
| Phone | Support contact phone number. |
|
Support email address. |
|
| Support Team Name | Name of the support team. |
Entitlement Configuration
| Field | Description |
|---|---|
| Consolidate License |
Specifies if licenses for all line items are consolidated into a single file on activation. Possible values: Yes or No Default Value: Yes |
| Allow Manual Creation of EID and PKID |
Possible values: >Yes—Enables users to specify a customized entitlement ID (EID) and product key ID while creating an entitlement. >No—Sentinel EMS automatically generates the EID and PKID. Default Value: No NOTE Customized EID and PKID cannot contain spaces. |
| Copy License Date from Line Item. |
Specifies if users can copy a modified line item start date and/or end date as the start date and/or end date for all of its license models. This property is applicable only for copying license dates in the user interface. Possible values: Yes or No Default Value: No |
| Default Enforcement |
The enforcement used when creating entitlements. If multiple enforcements are available, you can select the required enforcement from the list. If only one enforcement is available, then the value is displayed as read-only. |
SSL and HTTP(S) Port Details (Read-Only)
This section displays SSL status and port details.
| Field | Description |
|---|---|
| SSL |
Specifies if the HTTPS protocol is used. Possible values: Yes or No |
| HTTPS Port | The HTTPS port in use. |
| HTTP Port | The HTTP port in use. |
General Configuration
| Field | Description |
|---|---|
| Use 'Default' Market Group in API Calls |
Sets the market group as "Default" for REST API calls. When multiple market groups exist in Sentinel EMS, this property is used to control the value of the market group when it is not passed as a parameter in the REST API calls. Set the value of this property to "Yes" to use the "Default" market group as the value if the market group parameter is not provided. If you set the value to of the property to "No", then an error is generated during customer, contact, and entitlement creation if the market group parameter is not provided. Default value: Yes NOTE If a new namespace is added when there are multiple market groups in the system, then the namespace should be associated to a relevant market group before its products can be used in an entitlement. |
| Multiple Entitlement Activation |
Specifies if users can select multiple line items across entitlements for activation. Possible values: Yes or No NOTE
|
| Fix the Customer Portal Login Type |
Specifies if the login type of the customer portal is fixed or can be changed. Possible values: >Yes—The customer portal login type is fixed and cannot be changed. >No—The customer can switch between the login types on the customer portal. Default value: No |
| Customer Portal Default Login Type |
Sets the default login type for the customer. Possible values: >User ID — The Email tab on the customer portal appears selected by default. Customers can use this option to log in with their credentials (email address and password). >EID — The EID tab on the customer portal appears selected by default. Customers can use this option to log in with an entitlement ID (EID). Default value: User ID NOTE If the Fix the Customer Portal Login Type attribute is set to "Yes", then the tabbed view displaying login types does not appear and only the default login type is visible.
|
| Component Multiplier Max Value |
The maximum value that is accepted by the component multiplier. Default value: 4294967294 |
| Show Product Description while Activating |
The product description is displayed together with the product name during activation.
|
| Max Login Attempts Before Lockout |
The number of unsuccessful login attempts a user can perform before Sentinel EMS locks the account. Value range: 3 to 999 Default value: 10—The account is locked on the 11th incorrect login attempt. |
| Allow Channel Partner to Create Customers |
This property allows a channel partner to add new customers and contacts for an entitlement during entitlement modification and split or transfer. Default value: No |
| Email Validation Regular Expression |
This property can be used to provide a regular expression for an email validation. This property helps a software vendor customize the email validation as per their requirement. Default Value: [a-zA-Z0-9!#$%&'*+/=?^_` {|}~-](?:.[a-zA-Z0-9!#$%&'*/=?^_`{|} ~-])@(?:[a-zA-Z0-9](?:[a-zA-Z0-9-][a-zA-Z0-9])?.)[a-zA-Z0-9](?:[a-zA-Z0-9-]*[a-zA-Z0-9])? |
| Component Multiplier Visible |
Specifies if the Component Multiplier is visible and available to a user with administrative privileges who is creating or updating a product. Possible values: Yes or No Default value: No See User Limit Configuration for details. |
| Comments Required |
Specifies if users must enter feedback comments when performing transactions, such as entitlement creation or activation. NOTE To maintain backward compatibility, in Sentinel EMS version 4.2 and later, this property controls the behavior of user-added comments for entitlements and activations. For versions up to 4.1, there is no change in behavior in the comments added by user. Possible values: >DESIRED—Sentinel EMS will try to send an email. The operation will be considered successful even if the email cannot be sent. >REQUIRED—Sentinel EMS will try to send an email. The operation will fail if the email cannot be sent. |
 Use Legacy Customer Portal |
This property is visible only when you upgrade Sentinel EMS to version 5.3.200 or later. The customer portal used in versions earlier than 5.3.200 is referred to as the legacy customer portal. For fresh or non-upgrade cases (version 5.3.200 or later), this property is not visible. The Use Legacy Customer Portal property is used in combination with the Customer Portal URL property to determine which customer portal URL to publish in email notifications sent to customers and contacts. Possible Values: Yes— Keeps the legacy behavior. Email notications include the customer portal URL that was available to customers and contacts before upgrading to Sentinel EMS 5.3.200 or later. No— Email notifications include the latest customer portal's default URL or the URL configured in the Customer Portal URL property. Default value: Yes |
| Customer Portal URL |
The URL of the customer portal that is published in email notifications for customers and contacts (such as, the entitlement certificate email). You can use this property to specify the URL of your own customer portal (overriding the default customer portal URL).
|
| Show Associated Downloads |
Specifies if the functionality in the Associated Downloads pane for download management in the Sentinel EMS portal is enabled. Possible values: Yes or No Default value: Yes |
| Max Concurrent Requests per URL |
The maximum number of concurrent requests allowed from an IP address to each URL in the Sentinel EMS portal. You can configure this property to a suitable number to keep your portal safe from denial-of-service (DoS) attacks. Default value: 100 |
| Max Records per Page (Web Services) |
The maximum number of records that are returned by REST API calls. Default value: 200 |
This option is not supported. This means that for entitlements using the
Revocation Configuration
| Field | Description |
|---|---|
| Call License Generator On Revoke |
This property is for third-party enforcements and when enabled ensures that Sentinel EMS will send the activation ID to the license generator for forced revocations. When this property is enabled, the Revoke Immediately action on the Sentinel EMS user interface will act as a custom revoke. To configure forced revocations for third-party enforcements using this property, you can connect to Thales Professional Services. This property appears disabled by default. Default value: No |
| Require Deactivation Code |
This property appears only when the 'Call License Generator On Revoke' property is enabled. If this property is set to "Yes" then Sentinel EMS asks for a deactivation code at the time of revoke immediately. Default value: No |
| Auto Confirm Revocation |
If you select this option, then after the revocation receipt is uploaded, all revocations are automatically confirmed. The software vendor does not need to manually confirm or reject the revocation. Default value: Yes |
| Allow Revocation | If this option is set to "Yes" then the Allow Revocation option in the Add Entitlement page also appears set to "Yes", by default.
Default value: Yes |
Batch Configuration
| Field | Description |
|---|---|
| Thread Priority |
The priority of a thread. It can be an integer between 1 and 10. Default value: 4 |
| Thread Count |
The number of threads available for concurrent execution of jobs. Default value: 5 |
| Entitlement Count Limit |
The maximum number of entitlements that can be created in a batch. It cannot exceed 5000. Default value: 1000 |
| Manual Recovery Period (in ms) |
The period in milliseconds after which manual recovery takes place. Default value: 300000 |
| Time Out (in ms): |
The period in milliseconds after which batch processing times out. Default value: 1800000 |
Default Interval between Start Dates and End Dates (in Days)
| Field | Description |
|---|---|
| User Login | Number of days added to the user login start date to calculate the default user login expiration date. This date is used during user login creation if the user login expiration date is not provided. |
| Line Item Renewal | Number of days added to the line item renewal start date to calculate the default line item renewal end date. This date is used during renewal if the line item renewal end date is not provided. |
| Line Item | Number of days added to the line item start date to calculate the default line item end date. This date is used during creation if the line item end date is not provided. |
| Entitlement | Number of days added to the entitlement start date to calculate the default entitlement end date. This date is used during entitlement creation if the entitlement end date is not provided. |
Outbound Services
| Field | Description |
|---|---|
|
|
Enables the outbound services to be triggered during revocation. |
| Enable Entitlement Activate Event | Enables the outbound services to be triggered during activation. |
| Enable Entitlement Split Event | Enables the outbound services to be triggered during entitlement split and transfer. |
| Enable Entitlement Update Event | Enables the outbound services to be triggered when entitlements are updated. |
| Enable Entitlement Create Event | Enables the outbound services to be triggered at entitlement creation. |
Authentication Systems
| Field | Description |
|---|---|
| Enabled Authentication System |
Specifies the authentication system being used. Valid values: DB—Database is used for authentication LDAP—Active Directory is used for authentication UID—UID authentication SSO—Single Sign On authentication |
| Third Party Authentication Systems |
Specifies the authentication system used for the third-party enforcement. |
ESD Configuration
The Administration Console displays ESD configuration only if the ESD Service is enabled by the customer. ESD configuration is visible only for the Windows operating system. Configure the following to enable the integrated ESD, which provides a seamless and secure experience for electronic software distribution.
| Field | Description |
|---|---|
| URL Expiration Time |
The expiration time of the file download URL. A numeric value has to be specified for URL Expiration Time and m(minute), h(hour), or d(day) appended to the value to specify duration. The file download links expire in 16 hours by default. The expiration time can be configured using this property. |
Active Directory Settings (Read-Only)
The section displays the Active Directory configuration details.
NOTE The Active Directory Settings pane is available when the Enabled Authentication System property is set to LDAP.
| Field | Description |
|---|---|
| Host | IP address that specifies the Active Directory host. |
| Port | Active Directory port number. The default non-SSL Active Directory port is 389 and default SSL port is 636. |
| User Name | The user name for an Active Directory account. |
| Password | Password for the Active Directory account. |
| Base DN | The top level Distinguished Name (DN) of your Active Directory tree. The format for Base DN is CN=users,DC=host,DC=domain. |
| Authentication Enabled | Specifies whether or not authentication using Active Directory is enabled. |
| Authorization Enabled | Specifies whether or not authorization using Active Directory is enabled. |
| SSL Enabled | Specifies whether or not SSL is enabled for Active Directory. This check box appears selected if SSL is enabled. |
SSO Configuration Settings
This section enables you to configure the Single Sign On configuration details.
NOTE The SSO Configuration Settings pane is available when the Enabled Authentication System property is set to SSO.
| Field | Description |
|---|---|
| Issuer ID |
Specifies the value of the Identifier that was given at the time of configuring Sentinel EMS in Relying Party Trust in IdP. |
| Consumer URL | Specifies the value of the assertion consumer URL that was given at the time of configuring Sentinel EMS in Relying Party Trust in IdP. |
| Idp URL | Specifies the URL of the IdP. |
| Enable Response Signing | Enables or disables the response signing in Sentinel EMS. Set this property to ‘true’ to enable response signing in the IdP. |
| Enable Assertion Signing | Enables or disables the assertion signing in Sentinel EMS. Set this property to ‘true’ to enable assertion signing in the IdP. |
| Enable Assertion Encryption | Enables or disables the assertion encryption in Sentinel EMS. Set this property to ‘true’ to enable assertion encryption in the IdP. |
| Enable Request Signing | Enables or disables the request signing in Sentinel EMS. Set this property to ‘true’ to enable request signing in the IdP. |
| Keystore File Path |
Specifies the location of the keystore file. |
| Idp Signing Certificate |
Specifies the location of the IdP Signing Certificate. This certificate can be imported from the IdP. |
| Keystore Password | Specifies the value of the keystore password given at the time of creation of keystore file. |
| Private Key Alias | Specifies the value of the alias given at the time of creation of keystore file. |
| Private Key Password |
Specifies the value of key password given at the time of creation of keystore file. |
Device Configuration
Property that needs to be configured for devices:
| Field | Description |
|---|---|
| Add Activatee as Device Owner |
Specifies that the activatee of a license will also be the owner of the device. |
Data Export Report Configuration
Property that needs to be configured for data export report downloads:
| Field | Description |
|---|---|
| Email Recipients | Specifies a maximum of 15 recipients who receive the notification when the data export reports are available for download. |
| Data Exporter Report URL Validity (in minutes) |
Specifies the duration in minutes for which the download URL of data export reports is available. |
Action Buttons
The following action buttons are available at the bottom of the page.
| Button | Description |
|---|---|
| Test Email | Send test emails to specified email address. This works only if the SMTP details are provided and are valid. |
| Save | Save the data entered. |