Common Enforcement Properties

Specifies if SOCKS proxy is used. Socket Secure (SOCKS) is an Internet protocol that establishes a connection between the client and server and then routes all traffic back and forth using a proxy server.

Possible values: Yes or No

Specifies if SMTP authentication is used.

Possible values: Yes or No

NOTE   Sentinel EMS supports only basic SMTP authentication.

Specifies if transport layer security (TLS) is used.

TLS is a way of changing data such as your user name and password into code as it travels across the internet, so that the data will be secure and private. With email delivery, TLS begins with an unsecured connection to the email servers, and then upgrades to a secure connection when the information is sent.

Possible values: Yes or No

Default value: No

The email address from which all emails are sent.

The port that connects to the email exchange server.

Default value: 25

Specifies if the entitlement certificate is sent to defined channel partners.

Possible values: Yes or No

Specifies if the CC Email field can be edited while creating, editing, modifying, splitting, and transferring entitlements.

Possible values: Yes or No

The email address to which carbon copies of the entitlement certificate are sent. You can type the email address manually or select it from the autocomplete list. Press Enter after each manually-entered email address.

Possible values: Up to 15 email addresses

The email address to which blind carbon copies of the entitlement certificate are sent. You can type the email address manually or select it from the autocomplete list. Press Enter after each manually-entered email address.

Possible values: Up to 15 email addresses

Specifies if license certificate email attachments should be compressed.

Possible values:

>Yes—Attachments are compressed into a .zip file.

>No—Attachments are sent as plain files.

Default value: Yes

Specifies if emails should include download links.

Possible values:

>Yes—Emails include links to the download files associated with the products in the entitlement.

>No—Download links are not included in emails.

The email address to which a carbon copy of the email is sent.

Possible values: One email address

The email address to which a blind carbon copy of the email is sent.

Possible values: One email address

The email address to which a carbon copy of the email is sent.

Possible values: One email address

The email address to which a blind carbon copy of the email is sent.

Possible values: One email address

Your organization's support team phone number.

Your organization's support email address, for example, support@yourdomain.com.

Specifies that all products in an entitlement are activated at the same time.

This setting can be modified for specific entitlements as needed. For enforcement- and license model-specific restrictions for a particular entitlement, see Entitlement as a Whole.

Possible values: Yes or No

Default Value: No

Specifies the type of user that can activate an entitlement. Activation refers to any type of activation, including burning a key* Applicable only for Sentinel LDK and produce and push* Applicable only for Sentinel LDK.

This setting can be modified for specific entitlements as needed. For details, see Allow Activation ... By.

Possible values:

>All Users: Any user that has access to the entitlement can activate the entitlement. Vendor users require activation role permissions.

>Vendor Only: Vendor users with activation role permissions can activate the entitlement. On the Sentinel EMS customer portal, the entitlement is visible, but cannot be activated.

Default Value: All Users

Specifies if licenses for all line items are consolidated into a single file on activation.

Possible values: Yes or No

Default Value: Yes

Possible values:

>Yes—A customized entitlement ID (EID) and product key ID can be specified while creating an entitlement.

>No—Sentinel EMS automatically generates the EID and PKID.

Default Value: No

NOTE   Customized EID and PKID cannot contain spaces.

Specifies if the HTTPS protocol is used.

Possible values: Yes or No

Specifies if all the login types are displayed on the Sentinel EMS customer portal.

Possible Values:

>Yes—Users can log in to the Sentinel EMS customer portal using any of the available login types (Entitlement ID, Product Key ID, User Credentials).

>No—A new property, Customer Portal Login Type, is displayed in which you select the relevant login type.

Default Value: Yes

(Visible only if Show All Login Types on Customer Portal is set to No.)

Specifies the login type displayed on the Sentinel EMS customer portal.

Possible values:

>EID—Enables customers to log in using an entitlement ID (EID).

>PKID—Enables customers to log in using a product key ID (PKID).

>User Credentials—Enables customers to log in using their credentials (user ID or email address and password).

Default Value: User Credentials

Specifies the identity provider used by the Sentinel EMS customer portal. You can set either Sentinel IDP or your own identity provider from the list, if any. The specified identity provider is used to authenticate users on the Sentinel EMS customer portal.

Default Value: Sentinel IDP

NOTE   If your own identity provider is required but is not available in the list, contact Thales Customer Support for assistance.

(Visible only when an identity provider other than Sentinel IDP is available in Sentinel EMS.)

Specifies the user attribute used for identity federation.

Identity federation enables the mapping of user attributes between Sentinel EMS and your software applications. This ensures that the user is recognized correctly in both systems during the identity-sharing process.

Possible values:

>User ID

>Email

>External ID

Default Value: External ID

NOTE   If an identity provider other than Sentinel IDP is available, specify the same value here and in the Vendor User Attribute for Identity Federation field.

(Visible only when more than one identity provider is available in Sentinel EMS, and you set Identity Provider for Customer Portal to a value other than Sentinel IDP.)

Specifies if customer administrator users who are integrated with an identity provider other than Sentinel IDP have the required permissions to manage users on the Sentinel EMS customer portal.

Default Value: No

NOTE   If Allow User Management on Customer Portal is set to Yes, you can set the User Attribute for Identity Federation value to either User ID or Email.

Specifies the identity provider used by the Sentinel EMS vendor portal. You can set either Sentinel IDP or your own identity provider from the list, if any. The specified identity provider is used to authenticate vendor users on the Sentinel EMS vendor portal.

Default Value: Sentinel IDP

NOTE   If your own identity provider is required but is not available in the list, contact Thales Customer Support for assistance.

(Visible only when an identity provider other than Sentinel IDP is available in Sentinel EMS.)

Specifies the user attribute used for identity federation.

Identity federation enables the mapping of user attributes between Sentinel EMS and other applications that are integrated with your identity provider. This ensures that the vendor user is recognized correctly in both systems during the identity-sharing process.

Possible values:

>User ID

>Email

>External ID

Default Value: External ID

NOTE   If an identity provider other than Sentinel IDP is available, specify the same value here and in the User Attribute for Identity Federation field.

Sets the market group as "Default" for REST API calls.

When multiple market groups exist in Sentinel EMS, this property is used to control the value of the market group when it is not passed as a parameter in the REST API calls.

Set the value of this property to "Yes" to use the "Default" market group as the value if the market group parameter is not provided.

If you set the value to of the property to "No", then an error is generated during customer, user, and entitlement creation if the market group parameter is not provided.

Default value: Yes

NOTE   If a new namespace is added when there are multiple market groups in the system, then the namespace should be associated to a relevant market group before its products can be used in an entitlement.

Specifies if line items from multiple entitlements can be selected for simultaneous activation.

Possible values: Yes or No

NOTE    Not supported for the Sentinel LDK enforcement. If the Sentinel LDK enforcement is available in your Sentinel EMS instance—with or without other enforcements, set the value to No.

The maximum value that is accepted by the component multiplier.

The product description is displayed together with the product name during activation.

This is especially helpful in distinguishing variants for versionless products because all variants have the same name.

The number of unsuccessful login attempts that can be performed before Sentinel EMS locks the account.

Value range: 3 to 999

Default value: 10—The account is locked on the 11th incorrect login attempt.

When using the Sentinel EMS REST API, this property specifies if a channel partner can view and/or add customers and users in an entitlement during split or transfer.

Possible values:

>None—The channel partner cannot view or create customers and users.

>View Customers and Users—The channel partner can view customers and users but cannot create them. (Only GET is supported.)

>Create Customers and Users—The channel partner can create customers and users but cannot search for them. (Only POST, PUT and PATCH are supported.)

>All—The channel partner can view and create customers and users. (Only GET, POST, PUT and PATCH are supported.)

Default value: None

This property can be used to provide a regular expression for an email validation. This property helps a software vendor customize the email validation as per their requirement.

Default Value: [a-zA-Z0-9!#$%&'*+/=?^_`

{|}~-](?:.[a-zA-Z0-9!#$%&'*/=?^_`{|}

~-])@(?:[a-zA-Z0-9](?:[a-zA-Z0-9-][a-zA-Z0-9])?.)[a-zA-Z0-9](?:[a-zA-Z0-9-]*[a-zA-Z0-9])?

Specifies if the Multiplier attribute is visible and available to a user with administrative privileges who is creating or updating a product.

Possible values: Yes or No

Default value: No

For details, see User Limit Configuration.

Specifies if vendor users must enter feedback comments when performing transactions, such as entitlement creation or activation.

NOTE   To maintain backward compatibility, in Sentinel EMS version 4.2 and later, this property controls the behavior of comments that are added by vendor users to entitlements and activations. In Sentinel EMS versions 4.1 and earlier, there is no change in behavior in the comments added by a vendor user.

Possible values:

>DESIRED

>REQUIRED

This property is visible only when you upgrade Sentinel EMS to version 5.3.200 or later. The customer portal used in versions earlier than 5.3.200 is referred to as the legacy customer portal. For fresh or non-upgrade cases (version 5.3.200 or later), this property is not visible.

The Use Legacy Customer Portal property is used in combination with the Customer Portal URL property to determine which customer portal URL to publish in email notifications sent to customers and users.

Possible Values:

Yes— Keeps the legacy behavior. Email notifications include the customer portal URL that was available to customers and users before upgrading to Sentinel EMS 5.3.200 or later.

No— Email notifications include the latest customer portal's default URL or the URL configured in the Customer Portal URL property.

Default value: Yes

The URL of the customer portal that is published in email notifications for customers and users (such as, the entitlement certificate email). You can use this property to specify the URL of your own customer portal (overriding the default customer portal URL).

When left blank, the default customer portal URL is used based on the value configured in the Use Legacy Customer Portal property.

Specifies if the functionality in the Associated Downloads pane for download management in the Sentinel EMS portal is enabled.

Possible values: Yes or No

Default value: Yes

The maximum number of concurrent requests allowed from an IP address to each URL in the Sentinel EMS portal. You can configure this property to a suitable number to keep your portal safe from denial-of-service (DoS) attacks.

Default value: 100

The default Enforcement Type value displayed in a drop-down list when more than one enforcement is available. The Enforcement Type list is available in:

>The License Models page (Catalog > License Models).

>The Associate License Models section, which is located in the Add Feature page. You can access this page by clicking the Add Feature button while creating a feature from the Features page, or while creating a product from the Products page.

Possible values:

>If multiple enforcements are available, you can select the required enforcement from the list.

>If only one enforcement is available, then the value is displayed as read-only.

This property is for third-party enforcements. When set to Yes, The Revoke Immediately action on the Sentinel EMS user interface acts as a custom revoke, ensuring that Sentinel EMS sends the activation ID to the license generator for forced revocations.

To configure forced revocations for third-party enforcements using this property, you can connect to Thales Professional Services.

This property appears disabled by default.

Default value: No

This property appears only when the 'Call License Generator On Revoke' property is enabled. If this property is set to "Yes" then Sentinel EMS asks for a deactivation code Revoke Immediately is initiated.

Default value: No

If you select this option, then after the revocation receipt is uploaded, all revocations are automatically confirmed. The software vendor does not need to manually confirm or reject the revocation.

Default value: Yes

The priority of a thread. It can be an integer between 1 and 10.

Default value: 4

The number of threads available for concurrent execution of jobs.

Default value: 5

The maximum number of entitlements that can be created in a batch. It cannot exceed 5000.

Default value: 1000

The period in milliseconds after which manual recovery takes place.

Default value: 300000

Number of days added to the user login start date to calculate the default user login expiration date. This date is used during user login creation if the user login expiration date is not provided.

Enables the outbound services to be triggered during revocation.