Common Enforcement Properties
Outgoing Email Server Settings (Deprecated)
NOTE For any changes required to the SMTP server settings, contact Thales Customer Support.
Configure the outgoing email exchange server (SMTP) and other email properties.
| Field | Description |
|---|---|
| SOCKS Proxy Port | The port for SOCKS proxy server. |
| SOCKS Proxy Host | The SOCKS proxy host. |
| Use SOCKS Proxy |
Specifies if SOCKS proxy is used. Socket Secure (SOCKS) is an Internet protocol that establishes a connection between the client and server and then routes all traffic back and forth using a proxy server. Possible values: Yes or No |
| Use SMTP Authentication |
Specifies if SMTP authentication is used. Possible values: Yes or No NOTE Sentinel EMS supports only basic SMTP authentication. |
| Email Master Footer | Specifies the information that is included as the footer in all emails. |
| Use TLS |
Specifies if transport layer security (TLS) is used. TLS is a way of changing data such as your user name and password into code as it travels across the internet, so that the data will be secure and private. With email delivery, TLS begins with an unsecured connection to the email servers, and then upgrades to a secure connection when the information is sent. Possible values: Yes or No Default value: No |
| Sender Name | The sender name that appears in emails. |
| Sender Email |
The email address from which all emails are sent. |
| Password | Password corresponding to the user name. |
| User Name | User name corresponding to the email. Used when sending email from an authenticated email server. |
| SMTP Port |
The port that connects to the email exchange server. Default value: 25 |
| SMTP Host |
The email exchange server. |
Entitlement Certificate Email Settings
License File Configuration
The following properties are used when sending a license certificate email to a recipient.
User Registration Email Settings
(Previously known as "Contact Certificate Email Settings".)
This email notifies the recipient when an end user registers on the Sentinel EMS customer portal. The user registration form is displayed on the customer portal when the User Registration setting in an entitlement is set to Mandatory or Optional, and a user logs in using that entitlement's EID. Registration via the customer portal creates a user in Sentinel EMS. For more details, see Assign Customers, Users, Channel Partners, and Market Groups and Guide to the Sentinel EMS Customer Portal.
The following properties are used when sending this email notification.
| Field | Description |
|---|---|
| BCC |
The email address to which a blind carbon copy of the email is sent. Possible values: One email address |
| CC |
The email address to which a carbon copy of the email is sent. Possible values: One email address |
| Sender Name | The sender name that appears in the email. |
| Sender Email | The address from which the email is sent. |
| Email Required |
Specifies if an email is sent when an end user successfully registers on the customer portal. >DESIRED—Sentinel EMS will try to send an email. The operation will be considered successful even if the email cannot be sent. >REQUIRED—Sentinel EMS will try to send an email. The operation will fail if the email cannot be sent. >NO—Sentinel EMS will not send an email. |
Technical Support Contacts
The following properties are appended to the end of the email body in all emails sent by Sentinel EMS.
| Field | Description |
|---|---|
| Phone | Support contact phone number. |
|
Support email address. |
|
| Support Team Name | Name of the support team. |
Entitlement Configuration
| Field | Description |
|---|---|
|
Specifies that all products in an entitlement are activated at the same time. This setting can be modified for specific entitlements as needed. For enforcement- and license model-specific restrictions for a particular entitlement, see Entitlement as a Whole. Possible values: Yes or No Default Value: No |
|
|
Specifies the type of user that can activate an entitlement. This setting can be modified for specific entitlements as needed. For details, see Allow Activation ... By. Possible values: >All Users: Any user that has access to the entitlement can activate the entitlement. Vendor users require activation role permissions. >Vendor Only: Vendor users with activation role permissions can activate the entitlement. On the Sentinel EMS customer portal, the entitlement is visible, but cannot be activated. Default Value: All Users |
|
| Consolidate License |
Specifies if licenses for all line items are consolidated into a single file on activation. Possible values: Yes or No Default Value: Yes |
| Allow Manual Creation of EID and PKID |
Possible values: >Yes—A customized entitlement ID (EID) and product key ID can be specified while creating an entitlement. >No—Sentinel EMS automatically generates the EID and PKID. Default Value: No NOTE Customized EID and PKID cannot contain spaces. |
| Copy License Date from Line Item |
Specifies if a line item's license models should automatically update their start date and/or end date to match the line item when the line item's start date and/or end date are modified. Possible values: Yes or No Default Value: No |
SSL and HTTP(S) Port Details (Read-Only)
This section displays SSL status and port details.
| Field | Description |
|---|---|
| SSL |
Specifies if the HTTPS protocol is used. Possible values: Yes or No |
| HTTPS Port | The HTTPS port in use. |
| HTTP Port | The HTTP port in use. |
General Configuration
| Field | Description |
|---|---|
| Use 'Default' Market Group in API Calls |
Sets the market group as "Default" for REST API calls. When multiple market groups exist in Sentinel EMS, this property is used to control the value of the market group when it is not passed as a parameter in the REST API calls. Set the value of this property to "Yes" to use the "Default" market group as the value if the market group parameter is not provided. If you set the value to of the property to "No", then an error is generated during customer, user, and entitlement creation if the market group parameter is not provided. Default value: Yes NOTE If a new namespace is added when there are multiple market groups in the system, then the namespace should be associated to a relevant market group before its products can be used in an entitlement. |
|
Specifies if line items from multiple entitlements can be selected for simultaneous activation. Possible values: Yes or No NOTE
|
|
|
Sets the default login type on the Sentinel EMS customer portal. When more than one login type is available, the login types are displayed as tabs on the login screen, and the default login type (defined in this attribute) is automatically selected. Otherwise, if the Show Only Default Customer Portal Login Type attribute is set to "Yes", then only the default login type is available, and the tabbed view displaying login types is not shown. Possible values: >Email—Enables customers to use the Email option to log in with their credentials (email address and password). >EID—Enables customers to use the EID option to log in with an entitlement ID (EID). >PKID—Enables customers to use the PKID option to log in with the product key (PKID). Default value: Email |
|
|
When set to "Yes", only the Default Customer Portal Login Type is available when logging on to the Sentinel EMS customer portal. NOTE This attribute value controls login access to the customer portal for both the UI and the API. Possible values: >Yes—Only the default login type is available. The tabbed view displaying login types is not shown. >No—The tabbed view displaying login types is shown, and people can log in to the customer portal using any of the available login options. Default value: No |
|
| Component Multiplier Max Value |
The maximum value that is accepted by the component multiplier. Default value: 4294967294 |
| Show Product Description while Activating |
The product description is displayed together with the product name during activation.
|
| Max Login Attempts Before Lockout |
The number of unsuccessful login attempts that can be performed before Sentinel EMS locks the account. Value range: 3 to 999 Default value: 10—The account is locked on the 11th incorrect login attempt. |
|
When using the Sentinel EMS REST API, this property specifies if a channel partner can view and/or add customers and users in an entitlement during split or transfer. Possible values: >None—The channel partner cannot view or create customers and users. >View Customers and Users—The channel partner can view customers and users but cannot create them. (Only GET is supported.) >Create Customers and Users—The channel partner can create customers and users but cannot search for them. (Only POST, PUT and PATCH are supported.) >All—The channel partner can view and create customers and users. (Only GET, POST, PUT and PATCH are supported.) Default value: None |
|
| Email Validation Regular Expression |
This property can be used to provide a regular expression for an email validation. This property helps a software vendor customize the email validation as per their requirement. Default Value: [a-zA-Z0-9!#$%&'*+/=?^_` {|}~-](?:.[a-zA-Z0-9!#$%&'*/=?^_`{|} ~-])@(?:[a-zA-Z0-9](?:[a-zA-Z0-9-][a-zA-Z0-9])?.)[a-zA-Z0-9](?:[a-zA-Z0-9-]*[a-zA-Z0-9])? |
| Component Multiplier Visible |
Specifies if the Multiplier attribute is visible and available to a user with administrative privileges who is creating or updating a product. Possible values: Yes or No Default value: No For details, see User Limit Configuration. |
| Comments Required |
Specifies if vendor users must enter feedback comments when performing transactions, such as entitlement creation or activation. NOTE To maintain backward compatibility, in Sentinel EMS version 4.2 and later, this property controls the behavior of comments that are added by vendor users to entitlements and activations. In Sentinel EMS versions 4.1 and earlier, there is no change in behavior in the comments added by a vendor user. Possible values: >DESIRED >REQUIRED |
 Use Legacy Customer Portal |
This property is visible only when you upgrade Sentinel EMS to version 5.3.200 or later. The customer portal used in versions earlier than 5.3.200 is referred to as the legacy customer portal. For fresh or non-upgrade cases (version 5.3.200 or later), this property is not visible. The Use Legacy Customer Portal property is used in combination with the Customer Portal URL property to determine which customer portal URL to publish in email notifications sent to customers and users. Possible Values: Yes— Keeps the legacy behavior. Email notifications include the customer portal URL that was available to customers and users before upgrading to Sentinel EMS 5.3.200 or later. No— Email notifications include the latest customer portal's default URL or the URL configured in the Customer Portal URL property. Default value: Yes |
| Customer Portal URL |
The URL of the customer portal that is published in email notifications for customers and users (such as, the entitlement certificate email). You can use this property to specify the URL of your own customer portal (overriding the default customer portal URL).
|
| Show Associated Downloads |
Specifies if the functionality in the Associated Downloads pane for download management in the Sentinel EMS portal is enabled. Possible values: Yes or No Default value: Yes |
| Max Concurrent Requests per URL |
The maximum number of concurrent requests allowed from an IP address to each URL in the Sentinel EMS portal. You can configure this property to a suitable number to keep your portal safe from denial-of-service (DoS) attacks. Default value: 100 |
| Default Enforcement |
The default Enforcement Type value displayed in a drop-down list when more than one enforcement is available. The Enforcement Type list is available in: >The License Models page (Catalog > License Models). >The Associate License Models section, which is located in the Add Feature page. You can access this page by clicking the Add Feature button while creating a feature from the Features page, or while creating a product from the Products page. Possible values: >If multiple enforcements are available, you can select the required enforcement from the list. >If only one enforcement is available, then the value is displayed as read-only. |
| Default Max Records per Page (API Calls) |
The maximum number of records that are returned on each page for REST API calls. This default value is used only if pageSize is not specified in a REST API call. If a value for pageSize is specified in a REST API call, then that value is used and the default value specified here is ignored. Default value: 200 |
Not supported for the
Revocation Configuration
| Field | Description |
|---|---|
|
Call License Generator On Revoke |
This property is for third-party enforcements. When set to Yes, The Revoke Immediately action on the Sentinel EMS user interface acts as a custom revoke, ensuring that Sentinel EMS sends the activation ID to the license generator for forced revocations. To configure forced revocations for third-party enforcements using this property, you can connect to Thales Professional Services. This property appears disabled by default. Default value: No |
|
Require Deactivation Code |
This property appears only when the 'Call License Generator On Revoke' property is enabled. If this property is set to "Yes" then Sentinel EMS asks for a deactivation code Revoke Immediately is initiated. Default value: No |
| Auto Confirm Revocation |
If you select this option, then after the revocation receipt is uploaded, all revocations are automatically confirmed. The software vendor does not need to manually confirm or reject the revocation. Default value: Yes |
| Allow Revocation | If this option is set to "Yes" then the Allow Revocation option in the Add Entitlement page also appears set to "Yes", by default.
Default value: Yes |
Batch Configuration
| Field | Description |
|---|---|
| Thread Priority |
The priority of a thread. It can be an integer between 1 and 10. Default value: 4 |
| Thread Count |
The number of threads available for concurrent execution of jobs. Default value: 5 |
| Entitlement Count Limit |
The maximum number of entitlements that can be created in a batch. It cannot exceed 5000. Default value: 1000 |
| Manual Recovery Period (in ms) |
The period in milliseconds after which manual recovery takes place. Default value: 300000 |
| Time Out (in ms): |
The period in milliseconds after which batch processing times out. Default value: 1800000 |
Default Interval between Start Dates and End Dates (in Days)
| Field | Description |
|---|---|
| User Login |
Number of days added to the user login start date to calculate the default user login expiration date. This date is used during user login creation if the user login expiration date is not provided. |
| Line Item Renewal | Number of days added to the line item renewal start date to calculate the default line item renewal end date. This date is used during renewal if the line item renewal end date is not provided. |
| Line Item | Number of days added to the line item start date to calculate the default line item end date. This date is used during creation if the line item end date is not provided. |
| Entitlement | Number of days added to the entitlement start date to calculate the default entitlement end date. This date is used during entitlement creation if the entitlement end date is not provided. |
Outbound Services
| Field | Description |
|---|---|
|
|
Enables the outbound services to be triggered during revocation. |
| Enable Entitlement Activate Event | Enables the outbound services to be triggered during activation. |
| Enable Entitlement Split Event | Enables the outbound services to be triggered during entitlement split and transfer. |
| Enable Entitlement Update Event | Enables the outbound services to be triggered when entitlements are updated. |
| Enable Entitlement Create Event | Enables the outbound services to be triggered at entitlement creation. |
Authentication Systems
| Field | Description |
|---|---|
| Enabled Authentication System |
Specifies the authentication system being used. Valid values: DB—Database is used for authentication LDAP—Active Directory is used for authentication UID—UID authentication SSO—Single Sign On authentication |
|
Third Party Authentication Systems |
Specifies the authentication system used for the third-party enforcement. |
ESD Configuration
The Administration Console displays ESD configuration only if the ESD Service is enabled by the customer. ESD configuration is visible only for the Windows operating system. Configure the following to enable the integrated ESD, which provides a seamless and secure experience for electronic software distribution.
Active Directory Settings (Read-Only)
The section displays the Active Directory configuration details.
NOTE The Active Directory Settings pane is available when the Enabled Authentication System property is set to LDAP.
| Field | Description |
|---|---|
| Host | IP address that specifies the Active Directory host. |
| Port | Active Directory port number. The default non-SSL Active Directory port is 389 and default SSL port is 636. |
| User Name |
The user name for an Active Directory account. |
| Password | Password for the Active Directory account. |
| Base DN | The top level Distinguished Name (DN) of your Active Directory tree. The format for Base DN is CN=users,DC=host,DC=domain. |
| Authentication Enabled | Specifies whether or not authentication using Active Directory is enabled. |
| Authorization Enabled | Specifies whether or not authorization using Active Directory is enabled. |
| SSL Enabled | Specifies whether or not SSL is enabled for Active Directory. This check box appears selected if SSL is enabled. |
SSO Configuration Settings
This section enables you to configure the Single Sign On configuration details.
NOTE The SSO Configuration Settings pane is available when the Enabled Authentication System property is set to SSO.
| Field | Description |
|---|---|
| Issuer ID |
Specifies the value of the Identifier that was given at the time of configuring Sentinel EMS in Relying Party Trust in IdP. |
| Consumer URL | Specifies the value of the assertion consumer URL that was given at the time of configuring Sentinel EMS in Relying Party Trust in IdP. |
| Idp URL | Specifies the URL of the IdP. |
| Enable Response Signing | Enables or disables the response signing in Sentinel EMS. Set this property to ‘true’ to enable response signing in the IdP. |
| Enable Assertion Signing | Enables or disables the assertion signing in Sentinel EMS. Set this property to ‘true’ to enable assertion signing in the IdP. |
| Enable Assertion Encryption | Enables or disables the assertion encryption in Sentinel EMS. Set this property to ‘true’ to enable assertion encryption in the IdP. |
| Enable Request Signing | Enables or disables the request signing in Sentinel EMS. Set this property to ‘true’ to enable request signing in the IdP. |
| Keystore File Path |
Specifies the location of the keystore file. |
| Idp Signing Certificate |
Specifies the location of the IdP Signing Certificate. This certificate can be imported from the IdP. |
| Keystore Password | Specifies the value of the keystore password given at the time of creation of keystore file. |
| Private Key Alias | Specifies the value of the alias given at the time of creation of keystore file. |
| Private Key Password |
Specifies the value of key password given at the time of creation of keystore file. |
Device Configuration
Property that needs to be configured for devices:
| Field | Description |
|---|---|
| Add Activatee as Device Owner |
Specifies that the activatee of a license will also be the owner of the device. |
Data Export Report Configuration
Properties that need to be configured for data export report downloads:
| Field | Description |
|---|---|
| Email Recipients | Specifies a maximum of 15 recipients who receive the notification when the data export reports are available for download. |
| Data Exporter Report URL Validity (in minutes) |
Specifies the duration in minutes for which the download URL of data export reports is available. |
Webhooks Configuration
Property that needs to be configured for webhooks:
| Field | Description |
|---|---|
| Time Zone for Expiration Events | Time zone based on which entitlement and product key expiration events are triggered. This property is relevant only for software vendors who subscribe to the webhooks add-on. |
Action Buttons
The following action buttons are available at the bottom of the page.
| Button | Description |
|---|---|
| Test Email | Send test emails to specified email address. This works only if the SMTP details are provided and are valid. |
| Save | Save the data entered. |