You can define two types of end user messages:

  • Messages: Messages take focus when they're displayed to the user.
  • Notifications: (Windows only). Message notifications appear on the user's task bar. A notifications is displayed as a toast notification.

Messages and Notifications are displayed when a user’s action triggers a rule (application/on-demand or content rule). Rules can be triggered by an application launch or block, or when content is modified.

Messages provide an effective way of alerting the user before an action is performed, for example, before elevating an application or allowing content to be modified, or advising that an application launch or content modification is blocked.

Messages give the user information about the application or content, the action taken, and can be used to request information from the user.

Messages are assigned to Application Rules. A message displays different properties, depending on the targets it is assigned to.

Create a Message

Message templates vary between Windows and macOS.

Dialog box for creating a message in Privilege Management Cloud

  1. In the Policy Editor, go to Messages.
  1. Click Create New Message.
  2. Select a message type: message box or notification. Message types do not apply to macOS messages.
  3. Select a message template from the list.
  4. Enter a name and description. The default name is the name of the template.
  5. Enter the title that displays in the title bar of the window. (Windows only)
  6. Enter text for the message header and body.
  7. Select Show Message On Secure Desktop to show the message on the secure desktop. (Windows only).
  8. Turn off Show the details of application being executed to hide the details from being displayed. This option is enabled by default. (Windows only).
  9. Click Create New Message.

You can edit or delete messages at any time.


Customize a Message

There are attributes of a message that you can choose to use when configuring messaging:

  • General message features such as header and title information.
  • User Reason settings when you want your end users to provide a reason before proceeding.
  • Challenge/Response Authorization where a user must enter a response code before proceeding.

Select the Edit menu for a message template to customize the message properties.

Message Options

Configure the following settings:

  • Show Message On Secure Desktop: (Windows only). Select to show the message on the secure desktop. We recommend this if the message is being used to confirm the elevation of a process, for enhanced security.
  • Title Text: (Windows only). Add text that appears in the title bar of the dialog box.
  • Header Type: Select the type of header: Default, Error, None, Warning, Question.
  • Header Background Type: Select Solid or Custom Image. If you select Custom Image, you must select an image from the Select Image list. If you select Solid, select a header background color.
  • Show Header Text: Select if you want to display header text.
  • Header Text: Add text that displays next to the header type icon.
  • Header Text Color: Select the color for the header text.
  • Body Text: Add additional information for the end user.
  • Refer URL Text: (Windows only). Update text for existing link on the message. In some cases, you might want to provide a website with more information for your end users. The URL appears below the body text.

You can configure the following settings for notifications (Windows only): Title Text and Body Text.

Add User Reason Properties

To configure the user reason details, select User Reason and set the following:

  • User Reason Type: Select Textbox or Drop-down. When you select Drop-down, the User Reason List is displayed further below. Add reason text that the end user selects as part of the authorization process.
  • Remember User Reason (per application): Select to enable. Reasons are stored per-user in the registry.
  • Reason Text: When using Textbox as User Reason Type, add the text that displays above the box. When using Drop-down add text to display above the drop-down to explain to the user what is expected.
  • Reason Error Message Text: The text displayed to the end user if the end user clicks Yes and doesn't enter a reason.
  • Drop-down List Prompt Text: The text that displays in the User Reason list area.

Add Challenge/Response Authorization

There are two parts to setting up Challenge/Response Authorization:

  • Set a shared key: The Challenge/Response Key must be set to use Challenge/Response Authorization in your messages. The key is encrypted. The key is required by the Challenge/Response generator to generate response codes. The only way to change the shared key is by setting a new one.
  • Add the authorization type to a message: When configuring your message, configure the Challenge/Response settings.

The Challenge/Response feature is a global setting and can be configured for Windows and macOS messages. Challenge/Response Authorization only applies to Allow message types.

To add a shared key:

  1. In the Policy Editor, go to Messages.
  2. Select Challenge/Response Keys.
  3. Enter a key value and enter again to confirm.
  4. Click Set Key.

To configure Challenge/Response Authorization:

  1. In the Policy Editor, go to Messages.
  2. Select a message template or select an existing message.
  3. Select Challenge / Response Authorization to activate the feature.
  4. Set the following:
    • Header text:The text that introduces the challenge/response authorization.
    • Hint text: The text that is in the response code field for challenge/response messages.
    • Authorization period (per application): Set this option to determine the length of time a successfully returned challenge code is active for.
    • Suppress messages once authorized (Windows only): If the Authorization period is not set to One Use Only, the Suppress messages once authorized option is enabled and configurable.
    • Show Information Tip (Windows only): Select to add helpful information for the end user.
    • Information Tip Text: Add text that appears above the challenge and response code fields. In Windows, this only appears if the Show Information Tip option above is selected.
    • Error Message Text: Add text to display to the end user if they enter an incorrect response code.
    • Maximum Attempts: Select from Unlimited and Three Attempts.
    • Maximum Attempts Exceeded Message Text: The message is only displayed when Three Attempts is selected. Add text to display to the end user if they exceed the allowed number of challenge/response attempts.