Configure Global Site Options

You can configure global website settings from the Configuration > System > Site Options page, including:

  • Changing the Login page to include lists of domains and LDAP servers
  • Displaying the Forgot Password link on the Login page
  • Displaying social media links on the Login and About pages
  • Changing the refresh interval for Smart Rules
  • Configuring a pre-login banner to appear to users before logging into the site
  • Configuring session options
  • Enabling and disabling Endpoint Privilege Management options
  • Enforcing certificate validation during communication for LDAPS managed account tasks and LDAPS / AD user authentication and directory queries
  • Turning on language selection
  • Enabling and disabling the requirement to provide an access key when creating, editing, or using discovery scan credentials.
  • Creating a global access key to be used for all discovery scan credentials

List Domains and LDAP Servers on the Login Page

Users can log in to the management console using Active Directory or LDAP credentials. When this site setting is enabled, the user can select a domain or LDAP server from the Log in to list. Domain and LDAP server information is based on the Active Directory and LDAP user group information.

The Log in to list is only displayed on the Login page when there are either Active Directory or LDAP user groups created in the management console.

By default, the setting is enabled. If you do not want to display domains or LDAP severs on the Login page, disable the setting.

  1. Under Login Page, uncheck the box to disable Show list of domains/LDAP servers on login page.
  2. Click Update Login Page Options.

You must log out and log back in for the change to take effect.

Disable Forgot Password Link

Users logging into the console using Active Directory credentials cannot use the Forgot Password feature. In this scenario, you can disable the setting so the link is no longer displayed on the Login page.

  1. Under Login Page, uncheck the box to disable Show Forgot Password link on login page.
  2. Click Update Login Page Options.

You must log out and log back in for the change to take effect.

Disable Social Media links on the Login and About pages

By default, links for Facebook, Twitter, LinkedIn, and YouTube are available at the bottom of the Login page and also on the About page.

  1. Under Login Page, uncheck the box to turn off Show social media links on login and about pages.
  2. Click Update Login Page Options.

You must log out and log back in for the change to take effect.

Change the Refresh Interval for Smart Rules

Scans can run more efficiently when Smart Rules are set to refresh at longer intervals.

  1. Under General, set the number of minutes for Maximum Smart Rule refresh frequency for asset updates. The default is 60.
  2. Click Update General Options.

Configure a Pre-Login Banner

You can configure a banner to appear to all users upon access to the site.

  1. Under Pre-Login Banner, check the Show banner option to enable it.
  2. Provide a title and message, and then click Update Pre-login Banner Options.

Configure Session Options

You can configure the following session related options:

  • Session timeout
  • Notification time before session timeout
  • Minimum interval between session extension requests
  • User Quarantine Cache refresh interval
  1. Under Session, set the following:
    • Session timeout: Sets the amount of time for session inactivity before the session times out. Session timeout can be set between 2 and 60 minutes, with the default set at 20 minutes.
    • Notification time before session timeout: Sets the amount of time, prior to the session timing out due to inactivity, that the system notifies the user that their session will timeout shortly. This value must always be less than the session timeout value.
    • Minimum interval between session extension requests: Sets the number of minutes that pass between session extension requests. In general, this setting should always be set low and should always be less than the session timeout value. The only time you should change this from the default of three minutes is if there are a severely high number of simultaneous users and session refresh requests to the server causing high loads.
    • User Quarantine Cache refresh interval: Account Quarantine is a feature that can be set at the user account level that prevents a user from logging on the console or API and also terminates any active sessions immediately. It is a preventative measure taken when suspicious activity is detected. The User Quarantine Cache refresh interval sets the number of seconds that pass before the database is updated with the most recently discovered user accounts from the quarantine cache. The quarantine is only applied to the user account after the database is updated. The user can remain logged on and sessions remain active up until the refresh interval time passes, and the database is updated with a Quarantine status. The default value is 600 seconds. The maximum value is 1200 seconds.
  2. Click Update Session Options.

Changes to the Session Timeout value take effect the next time an Internet Information Services (IIS) reset is performed. Changes to Notification Time, Minimum Interval, and User Quarantine Cache Refresh Interval do not require an IIS reset.

Enable Language Selection (Localization)

The management console can be viewed in the following languages:

  • German
  • English (US)
  • Spanish (LA)
  • French (FR)
  • French (CA)
  • Korean
  • Japanese
  • Portuguese (BR)

By default, the Language list is not displayed in the BeyondInsight console. Once localization is enabled, the Language list may be accessed from the Profile and preferences icon in the top right corner of the console and also from the bottom of the Login page.

  1. Under Localization, check the box to enable the Show language picker option.
  2. Click Update Localization Options.

You must log out and log back in for the change to take effect.

Enable Endpoint Privilege Management Options

Endpoint Privilege Management options are not enabled by default. You can enable the following options:

  • Include arguments when creating rules
  • Suppress events where rule has been applied
  • Automatically retrieve initial grid data

Enable Certificate Validation

Certificate validation helps enforce the validity of a given certificate during communication. You can enforce the validation for LDAPS managed account tasks and LDAPS / AD user authenticaion and directory queries. Turning these options on will mean that valid certificates are required and Certificate Authorities must be installed on the server.

Configure Global Discovery Credential Access Keys

When the Require a Discovery Credential Key option is enabled, all discovery credentials require the global credential access key. Enable the option, and then enter a Global Credential Key.

You may still set a custom key on individual credentials to something other than the default.

When the Require a Discovery Credential Key option is disabled, all discovery credentials do not require an access key and all previously configured credential keys (including custom keys) are deleted.

These settings apply to ALL discovery credentials for ALL tenants.