Common Enforcement Properties

Outgoing Email Server Settings (Deprecated)

NOTE   For any changes required to the SMTP server settings, contact Thales Customer Support.

Configure the outgoing email exchange server (SMTP) and other email properties.

Field Description
SOCKS Proxy Port The port for SOCKS proxy server.
SOCKS Proxy Host The SOCKS proxy host.
Use SOCKS Proxy

Specifies if SOCKS proxy is used. Socket Secure (SOCKS) is an Internet protocol that establishes a connection between the client and server and then routes all traffic back and forth using a proxy server.

Possible values: Yes or No

Use SMTP Authentication

Specifies if SMTP authentication is used.

Possible values: Yes or No

NOTE   Sentinel EMS supports only basic SMTP authentication.

Email Master Footer Specifies the information that is included as the footer in all emails.
Use TLS

Specifies if transport layer security (TLS) is used.

TLS is a way of changing data such as your user name and password into code as it travels across the internet, so that the data will be secure and private. With email delivery, TLS begins with an unsecured connection to the email servers, and then upgrades to a secure connection when the information is sent.

Possible values: Yes or No

Default value: No

Sender Name The sender name that appears in emails.
Sender Email

The email address from which all emails are sent.

Password Password corresponding to the user name.
User Name User name corresponding to the email. Used when sending email from an authenticated email server.
SMTP Port

The port that connects to the email exchange server.

Default value: 25

SMTP Host

The email exchange server.

Entitlement Certificate Email Settings

Field Description
Send Email to Channel Partner

Specifies if the entitlement certificate is sent to defined channel partners.

Possible values: Yes or No

CC Email Change Allowed

Specifies if the CC Email field can be edited while creating, editing, modifying, splitting, and transferring entitlements.

Possible values: Yes or No

CC

The email address to which carbon copies of the entitlement certificate are sent. You can type the email address manually or select it from the autocomplete list. Press Enter after each manually-entered email address.

Possible values: Up to 15 email addresses

BCC

The email address to which blind carbon copies of the entitlement certificate are sent. You can type the email address manually or select it from the autocomplete list. Press Enter after each manually-entered email address.

Possible values: Up to 15 email addresses

Sender Name The sender name that appears in the emails.
Sender Email The email address from which entitlement certificates are sent.
Email Required

Specifies if an email is sent when entitlements are produced.

>DESIRED—Sentinel EMS will try to send email, but if it fails, the operation will still succeed.

>REQUIRED—Sentinel EMS will try to send email, but if it fails, the operation fails.

>NO—Sentinel EMS will not send the email.

License File Configuration

The following properties are used when sending a license certificate email to a recipient.

Field Description
Compress License Certificate Attachments

Specifies if license certificate email attachments should be compressed.

Possible values:

>Yes—Attachments are compressed into a .zip file.

>No—Attachments are sent as plain files.

Default value: Yes

Add Download Links

Specifies if emails should include download links.

Possible values:

>Yes—Emails include links to the download files associated with the products in the entitlement.

>No—Download links are not included in emails.

BCC

The email address to which a blind carbon copy of the email is sent.

Possible values: One email address

CC

The email address to which a carbon copy of the email is sent.

Possible values: One email address

Sender Name The sender name that appears in the email.
Sender Email The address from which the email is sent.
Email Required

Specifies if an email is sent when licenses are generated.

>DESIRED—Sentinel EMS will try to send an email. The operation will be considered successful even if the email cannot be sent.

>REQUIRED—Sentinel EMS will try to send an email. The operation will fail if the email cannot be sent.

>NO—Sentinel EMS will not send an email.

User Registration Email Settings

(Previously known as "Contact Certificate Email Settings".)

This email notifies the recipient when an end user registers on the Sentinel EMS customer portal. The user registration form is displayed on the customer portal when the User Registration setting in an entitlement is set to Mandatory or Optional, and a user logs in using that entitlement's EID. Registration via the customer portal creates a user in Sentinel EMS. For more details, see Assign Customers, Users, Channel Partners, and Market Groups and Guide to the Sentinel EMS Customer Portal.

The following properties are used when sending this email notification.

Field Description
BCC

The email address to which a blind carbon copy of the email is sent.

Possible values: One email address

CC

The email address to which a carbon copy of the email is sent.

Possible values: One email address

Sender Name The sender name that appears in the email.
Sender Email The address from which the email is sent.
Email Required

Specifies if an email is sent when an end user successfully registers on the customer portal.

>DESIRED—Sentinel EMS will try to send an email. The operation will be considered successful even if the email cannot be sent.

>REQUIRED—Sentinel EMS will try to send an email. The operation will fail if the email cannot be sent.

>NO—Sentinel EMS will not send an email.

Technical Support Contacts

The following properties are appended to the end of the email body in all emails sent by Sentinel EMS.

Field Description
Phone Support contact phone number.
Email

Support email address.

Support Team Name Name of the support team.

Entitlement Configuration

Field Description

Entitlement as a Whole

Specifies that all products in an entitlement are activated at the same time.

This setting can be modified for specific entitlements as needed. For enforcement- and license model-specific restrictions for a particular entitlement, see Entitlement as a Whole.

Possible values: Yes or No

Default Value: No

Allow Activation By

Specifies the type of user that can activate an entitlement. Activation refers to any type of activation, including burning a key* and produce and push*.

This setting can be modified for specific entitlements as needed. For details, see Allow Activation ... By.

Possible values:

>All Users: Any user that has access to the entitlement can activate the entitlement. Vendor users require activation role permissions.

>Vendor Only: Vendor users with activation role permissions can activate the entitlement. On the Sentinel EMS customer portal, the entitlement is visible, but cannot be activated.

Default Value: All Users

Consolidate License

Specifies if licenses for all line items are consolidated into a single file on activation.

Possible values: Yes or No

Default Value: Yes

Allow Manual Creation of EID and PKID

Possible values:

>Yes—A customized entitlement ID (EID) and product key ID can be specified while creating an entitlement.

>No—Sentinel EMS automatically generates the EID and PKID.

Default Value: No

NOTE   Customized EID and PKID cannot contain spaces.

Copy License Date from Line Item

Specifies if a line item's license models should automatically update their start date and/or end date to match the line item when the line item's start date and/or end date are modified.

Possible values: Yes or No

Default Value: No

SSL and HTTP(S) Port Details (Read-Only)

This section displays SSL status and port details.

Field Description
SSL

Specifies if the HTTPS protocol is used.

Possible values: Yes or No

HTTPS Port The HTTPS port in use.
HTTP Port The HTTP port in use.

General Configuration

Field Description
Use 'Default' Market Group in API Calls

Sets the market group as "Default" for REST API calls.

When multiple market groups exist in Sentinel EMS, this property is used to control the value of the market group when it is not passed as a parameter in the REST API calls.

Set the value of this property to "Yes" to use the "Default" market group as the value if the market group parameter is not provided.

If you set the value to of the property to "No", then an error is generated during customer, user, and entitlement creation if the market group parameter is not provided.

Default value: Yes

NOTE   If a new namespace is added when there are multiple market groups in the system, then the namespace should be associated to a relevant market group before its products can be used in an entitlement.

Multiple Entitlement Activation

Specifies if line items from multiple entitlements can be selected for simultaneous activation.

Possible values: Yes or No

NOTE    Not supported for the Sentinel LDK enforcement. If the Sentinel LDK enforcement is available in your Sentinel EMS instance—with or without other enforcements, set the value to No.

Default Customer Portal Login Type

Sets the default login type on the Sentinel EMS customer portal.

When more than one login type is available, the login types are displayed as tabs on the login screen, and the default login type (defined in this attribute) is automatically selected. Otherwise, if the Show Only Default Customer Portal Login Type attribute is set to "Yes", then only the default login type is available, and the tabbed view displaying login types is not shown.

Possible values:

>Email—Enables customers to use the Email option to log in with their credentials (email address and password).

>EID—Enables customers to use the EID option to log in with an entitlement ID (EID).

>PKID—Enables customers to use the PKID option to log in with the product key (PKID).

Default value: Email

Show Only Default Customer Portal Login Type

When set to "Yes", only the Default Customer Portal Login Type is available when logging on to the Sentinel EMS customer portal.

NOTE    This attribute value controls login access to the customer portal for both the UI and the API.

Possible values: 

>Yes—Only the default login type is available. The tabbed view displaying login types is not shown.

>No—The tabbed view displaying login types is shown, and people can log in to the customer portal using any of the available login options.

Default value: No

Component Multiplier Max Value

The maximum value that is accepted by the component multiplier.

Default value: 4294967294
Show Product Description while Activating

The product description is displayed together with the product name during activation.

This is especially helpful in distinguishing variants for versionless products because all variants have the same name.

Max Login Attempts Before Lockout

The number of unsuccessful login attempts that can be performed before Sentinel EMS locks the account.

Value range: 3 to 999

Default value: 10—The account is locked on the 11th incorrect login attempt.

Channel Partner Permissions

When using the Sentinel EMS REST API, this property specifies if a channel partner can view and/or add customers and users in an entitlement during split or transfer.

Possible values:

>None—The channel partner cannot view or create customers and users.

>View Customers and Users—The channel partner can view customers and users but cannot create them. (Only GET is supported.)

>Create Customers and Users—The channel partner can create customers and users but cannot search for them. (Only POST, PUT and PATCH are supported.)

>All—The channel partner can view and create customers and users. (Only GET, POST, PUT and PATCH are supported.)

Default value: None

Email Validation Regular Expression

This property can be used to provide a regular expression for an email validation. This property helps a software vendor customize the email validation as per their requirement.

Default Value: [a-zA-Z0-9!#$%&'*+/=?^_`

{|}~-](?:.[a-zA-Z0-9!#$%&'*/=?^_`{|}

~-])@(?:[a-zA-Z0-9](?:[a-zA-Z0-9-][a-zA-Z0-9])?.)[a-zA-Z0-9](?:[a-zA-Z0-9-]*[a-zA-Z0-9])?

Component Multiplier Visible

Specifies if the Multiplier attribute is visible and available to a user with administrative privileges who is creating or updating a product.

Possible values: Yes or No

Default value: No

For details, see User Limit Configuration.

Comments Required

Specifies if vendor users must enter feedback comments when performing transactions, such as entitlement creation or activation.

NOTE   To maintain backward compatibility, in Sentinel EMS version 4.2 and later, this property controls the behavior of comments that are added by vendor users to entitlements and activations. In Sentinel EMS versions 4.1 and earlier, there is no change in behavior in the comments added by a vendor user.

Possible values:

>DESIRED

>REQUIRED

Use Legacy Customer Portal

This property is visible only when you upgrade Sentinel EMS to version 5.3.200 or later. The customer portal used in versions earlier than 5.3.200 is referred to as the legacy customer portal. For fresh or non-upgrade cases (version 5.3.200 or later), this property is not visible.

The Use Legacy Customer Portal property is used in combination with the Customer Portal URL property to determine which customer portal URL to publish in email notifications sent to customers and users.

Possible Values:

Yes— Keeps the legacy behavior. Email notifications include the customer portal URL that was available to customers and users before upgrading to Sentinel EMS 5.3.200 or later.

No— Email notifications include the latest customer portal's default URL or the URL configured in the Customer Portal URL property.

Default value: Yes

Customer Portal URL

The URL of the customer portal that is published in email notifications for customers and users (such as, the entitlement certificate email). You can use this property to specify the URL of your own customer portal (overriding the default customer portal URL).

When left blank, the default customer portal URL is used based on the value configured in the Use Legacy Customer Portal property.

Show Associated Downloads

Specifies if the functionality in the Associated Downloads pane for download management in the Sentinel EMS portal is enabled.

Possible values: Yes or No

Default value: Yes

Max Concurrent Requests per URL

The maximum number of concurrent requests allowed from an IP address to each URL in the Sentinel EMS portal. You can configure this property to a suitable number to keep your portal safe from denial-of-service (DoS) attacks.

Default value: 100

Default Enforcement

The default Enforcement Type value displayed in a drop-down list when more than one enforcement is available. The Enforcement Type list is available in:

>The License Models page (Catalog > License Models).

>The Associate License Models section, which is located in the Add Feature page. You can access this page by clicking the Add Feature button while creating a feature from the Features page, or while creating a product from the Products page.

Possible values:

>If multiple enforcements are available, you can select the required enforcement from the list.

>If only one enforcement is available, then the value is displayed as read-only.

Default Max Records per Page (API Calls)

The maximum number of records that are returned on each page for REST API calls.

This default value is used only if pageSize is not specified in a REST API call. If a value for pageSize is specified in a REST API call, then that value is used and the default value specified here is ignored.

Default value: 200

Revocation Configuration

Field Description
Call License Generator On Revoke

This property is for third-party enforcements. When set to Yes, The Revoke Immediately action on the Sentinel EMS user interface acts as a custom revoke, ensuring that Sentinel EMS sends the activation ID to the license generator for forced revocations.

To configure forced revocations for third-party enforcements using this property, you can connect to Thales Professional Services.

This property appears disabled by default.

Default value: No

Require Deactivation Code

This property appears only when the 'Call License Generator On Revoke' property is enabled. If this property is set to "Yes" then Sentinel EMS asks for a deactivation code Revoke Immediately is initiated.

Default value: No

Auto Confirm Revocation

If you select this option, then after the revocation receipt is uploaded, all revocations are automatically confirmed. The software vendor does not need to manually confirm or reject the revocation.

Default value: Yes

Allow Revocation If this option is set to "Yes" then the Allow Revocation option in the Add Entitlement page also appears set to "Yes", by default.

Default value: Yes

Batch Configuration

Field Description
Thread Priority

The priority of a thread. It can be an integer between 1 and 10.

Default value: 4

Thread Count

The number of threads available for concurrent execution of jobs.

Default value: 5

Entitlement Count Limit

The maximum number of entitlements that can be created in a batch. It cannot exceed 5000.

Default value: 1000

Manual Recovery Period (in ms)

The period in milliseconds after which manual recovery takes place.

Default value: 300000

Time Out (in ms):

The period in milliseconds after which batch processing times out.

Default value: 1800000

Default Interval between Start Dates and End Dates (in Days)

Field Description
User Login

Number of days added to the user login start date to calculate the default user login expiration date. This date is used during user login creation if the user login expiration date is not provided.

Line Item Renewal Number of days added to the line item renewal start date to calculate the default line item renewal end date. This date is used during renewal if the line item renewal end date is not provided.
Line Item Number of days added to the line item start date to calculate the default line item end date. This date is used during creation if the line item end date is not provided.
Entitlement Number of days added to the entitlement start date to calculate the default entitlement end date. This date is used during entitlement creation if the entitlement end date is not provided.

Outbound Services

Field Description

Enable License Revocation Event

Enables the outbound services to be triggered during revocation.

Enable Entitlement Activate Event Enables the outbound services to be triggered during activation.
Enable Entitlement Split Event Enables the outbound services to be triggered during entitlement split and transfer.
Enable Entitlement Update Event Enables the outbound services to be triggered when entitlements are updated.
Enable Entitlement Create Event Enables the outbound services to be triggered at entitlement creation.

Authentication Systems

Field Description
Enabled Authentication System

Specifies the authentication system being used.

Valid values:

DB—Database is used for authentication

LDAP—Active Directory is used for authentication

UID—UID authentication

SSO—Single Sign On authentication

Third Party Authentication Systems

Specifies the authentication system used for the third-party enforcement.

ESD Configuration

The Administration Console displays ESD configuration only if the ESD Service is enabled by the customer. ESD configuration is visible only for the Windows operating system. Configure the following to enable the integrated ESD, which provides a seamless and secure experience for electronic software distribution.

Field Description
URL Expiration Time

The expiration time of the file download URL. Specify a numeric value for URL Expiration Time and append 'm' (minutes), 'h' (hours), or 'd' (days) to indicate duration.

File download links expire by default in 16 hours. You can configure the expiration time using this property.

Recommendation: Set a shorter URL Expiration Time because it allows for more frequent rotation of the signing keys, thereby strengthening the overall security. Ideally, this value should not exceed 1 month.

Active Directory Settings (Read-Only)

The section displays the Active Directory configuration details.

NOTE   The Active Directory Settings pane is available when the Enabled Authentication System property is set to LDAP.

Field Description
Host IP address that specifies the Active Directory host.
Port Active Directory port number. The default non-SSL Active Directory port is 389 and default SSL port is 636.
User Name

The user name for an Active Directory account.

Password Password for the Active Directory account.
Base DN The top level Distinguished Name (DN) of your Active Directory tree. The format for Base DN is CN=users,DC=host,DC=domain.
Authentication Enabled Specifies whether or not authentication using Active Directory is enabled.
Authorization Enabled Specifies whether or not authorization using Active Directory is enabled.
SSL Enabled Specifies whether or not SSL is enabled for Active Directory. This check box appears selected if SSL is enabled.

SSO Configuration Settings

This section enables you to configure the Single Sign On configuration details.

NOTE   The SSO Configuration Settings pane is available when the Enabled Authentication System property is set to SSO.

Field Description
Issuer ID

Specifies the value of the Identifier that was given at the time of configuring Sentinel EMS in Relying Party Trust in IdP.

Consumer URL Specifies the value of the assertion consumer URL that was given at the time of configuring Sentinel EMS in Relying Party Trust in IdP.
Idp URL Specifies the URL of the IdP.
Enable Response Signing Enables or disables the response signing in Sentinel EMS. Set this property to ‘true’ to enable response signing in the IdP.
Enable Assertion Signing Enables or disables the assertion signing in Sentinel EMS. Set this property to ‘true’ to enable assertion signing in the IdP.
Enable Assertion Encryption Enables or disables the assertion encryption in Sentinel EMS. Set this property to ‘true’ to enable assertion encryption in the IdP.
Enable Request Signing Enables or disables the request signing in Sentinel EMS. Set this property to ‘true’ to enable request signing in the IdP.
Keystore File Path

Specifies the location of the keystore file.

Idp Signing Certificate

Specifies the location of the IdP Signing Certificate. This certificate can be imported from the IdP.

Keystore Password Specifies the value of the keystore password given at the time of creation of keystore file.
Private Key Alias Specifies the value of the alias given at the time of creation of keystore file.
Private Key Password

Specifies the value of key password given at the time of creation of keystore file.

Device Configuration

Property that needs to be configured for devices:

Field Description
Add Activatee as Device Owner

Specifies that the activatee of a license will also be the owner of the device.

Data Export Report Configuration

Properties that need to be configured for data export report downloads:

Field Description
Email Recipients Specifies a maximum of 15 recipients who receive the notification when the data export reports are available for download.
Data Exporter Report URL Validity (in minutes)

Specifies the duration in minutes for which the download URL of data export reports is available.

Webhooks Configuration

Property that needs to be configured for webhooks:

Field Description
Time Zone for Expiration Events Time zone based on which entitlement and product key expiration events are triggered.
This property is relevant only for software vendors who subscribe to the webhooks add-on.

Action Buttons

The following action buttons are available at the bottom of the page.

Button Description
Test Email Send test emails to specified email address. This works only if the SMTP details are provided and are valid.
Save Save the data entered.