Settings Overview
Learn about the customization options available.
Table of Contents
Settings are global, however, they can be configured to specific levels in the Settings screen by clicking the plus sign.
Multi-Level Settings allows you to use the same settings you are familiar with and apply them to specific parts of the hierarchy. You can move, copy, or delete an existing setting's from the Action's Menu. Moving or copying a setting can be applied to a whole company, whole location, or just a computer. Some settings can only be applied to certain levels and may invoke an error.
What is a Global setting?
Settings applied to all companies inside the MSP. Global settings cannot be deleted by default.
You can add a setting by clicking the blue +
This button will only be available to those with permission to add a setting.
-
Administrators: Can view, add, edit, and delete all settings.
-
Technician Level 3: Same as Administrator, except they can only view global settings.
-
Technician Level 2 & 1: Cannot view settings at all.
Note: An error will appear if a user attempts to create a setting for one that already exists. See more here on user roles.
Setting Options
Admin Portal & Mobile App Authentication
Agent Customizations & Behavior
Admin Portal
Dark Mode Background Color
- Default value: #11161c
- This is the main background color used when in Dark mode. You can edit the color and enable it globally.
Dark Mode Foreground Content Sections Color
- Default value: #19212b
- This is the main background color used for foreground content sections when in Dark Mode. You can edit the color and enable it globally.
Logo
- Default value: the AutoElevate logo
- Upload your company logo here. This is currently only visible on the Admin Portal in the top left corner of the screen. The recommended size would be a height of 34px, as we leave some padding around the edges to ensure it looks good in the space.
Primary Color
- Default value: #c52928
SideBar Background Color
- Default value: #19212b
SideBar Header Background Color
- Default value: #262f3d
- The color used for the SideBar Header background.
Admin Portal & Mobile App Authentication
Admin Portal Session Lifetime
Default value: 24 Hours
Set how long a user's login session should expire on the Admin Portal. Adjustable in 1-hour increments from 1 to 24 hours (max)
Mobile App Additional Authentication
Default value: Disabled
Controls whether or not the mobile app will require re-authentication from the user every time they:
- Opening the App or Logging In
- Scanning Technician Mode QR Code
- Approving a request with a rule,
- Approving a request one-time
Also, configure if a PIN code/passcode can be used as an alternative to biometric or fingerprint authentication.
This feature applies to all users.
Mobile App Session Lifetime
Default value: Disabled
Set the amount of time a user's login session should expire on the Mobile App. Adjustable in Hours in Days up to the maximum of 7 days
Singled Sign On (SSO) with Azure AD
Default value: Disabled
For more information on Single Sign On, please see this article.
Agent Customizations & Behavior
Agent Dialog Message Overrides
Alert Title
Default value: the name of your account
The title bar for all dialogs. It can be changed, as an example, to “Your Company Name - Privilege Management System.”
Denial Callbacks
Default value: Disabled
Controls whether or not a dialog box will appear for the end-user if an elevation Request is denied.
"Denial Callbacks" will happen (if enabled) when you "Deny" a Request for elevation after the initial 60-second timer has expired. If you "Deny" something, the end-user will not receive a dialog box telling them it has been denied. Most Companies will handle that via their ticketing system in the automated tickets that we create or reach out to the client since denials are less frequent than approvals. If you enable "Denial Callbacks," our agent will pop up a dialog telling the user about the denial.
Event Logging
Default value: Disabled
- For more information on this setting, please see article Event Logging.
Elevation Request Explanation
Default value: Disabled
Gives the end-user the option to include an explanation when making an Elevation Request. Agent version 2.9.0.0+ required.
Just-in-Time Admin Login
Default value: Disabled
Enables technicians to access a computer as a signed-in Admin user by scanning a QR code to authenticate, making it easy and secure to perform critical tasks.
Logo (Square)
Default value: No image set
Upload your company logo here. This is currently only visible on the Admin Log in Credential Provider. The recommended size is a height and width of 192px.
Technician Mode Authentication
Default value: Enabled
For more information on this setting, please see this article.
Technician Mode Hotkey
Default value: Enabled
Controls whether or not the CTRL-ALT-A combination that opens Technician Mode is registered as a global hotkey on the Computer.
Timer Interval (Seconds)
Default value: 60
When an end-user makes an elevation Request, a timer counts down from the time specified here.
UAC Loading Overlay
Default value: Enabled
When a UAC appears, and the agent is examining it, this overlay will appear next to the UAC, letting the end user know that they should wait a few moments while we examine the file they are trying to elevate.
Agent Security
Block Requests from "AppData\Local\Temp"
Default value: Disabled
Turning this feature on will prevent any Request where the file attempting elevation originates from the current user's "AppData\Local\Temp" directory. Additionally, much malware is run from the "AppData\Local\Temp" directory, so as a safety measure, when we detect a file being run from there, an alert will display "Can Not Verify Source File(s)". We ask the end-user to right-click on the originating file so that we can properly identify it.
Excluded Admin Users (for Remove Admin Privileges feature)
Default value: Empty list
List of local accounts that you do NOT wish to be removed from the local Administrators group when the "Remove Admin Privileges" setting is enabled. (As an example: Administrator, MSPAdmin, local-admin) For more information on the Remove Admin Privileges feature, please see this article.
Remove Admin Privileges
Default value: Disabled
When enabled, the agent automatically removes the "currently logged in" user from the local Administrators group. The user would then need to logout/login for their Admin Privileges to be completely removed. This functionality does NOT affect domain group membership OR modify domain groups on the local machine.
NOTE: To avoid negatively affecting accounts that should never be removed from the local Administrators group, please be sure to set a list of "Excluded Admin Users" before enabling this setting.
For more information, please see this article.
System Elevation Fallback
Default value: Disabled
If in the rare case that one of the other elevation types fail, System elevation will be used as a fallback. This will launch the application with a system token.
Enabling this setting may allow some things to being elevated if there are issues with Admin or User elevation but it will launch the application with a System token, which in most cases is not desirable.
For more information on System Elevation and other elevation types, please see this article.
Technician Mode Timeout (Minutes)
Default value: 15
In order to prevent unauthorized access in the event that Technician Mode was accidentally left running on a client computer, it will automatically close after the amount of time specified here.
For more information on Technician Mode, please see this article.
User Elevation Local Password Storage
Default value: Enabled
When "User Elevation" occurs for the 1st time for any given user, the agent will prompt the user to enter their password which is then stored securely in Microsoft’s "Windows Credential Manager" for future use in the automated elevation process. This password remains only on the local machine and is never sent over the network or internet and is not stored on AutoElevate servers.
Disabling this setting will force the user to enter their password every time a User Elevation occurs and thus will not store that password in the "Windows Credential Manager".
For more information on User Elevation and other elevation types, please see this article.
Just-in-Time Admin Login
Just-in-Time Admin - Authorized Roles & Users
Default value: Not set
Specifies which user roles or individual users are authorized to use the Just-in-Time Admin feature.
For more information on this setting, please see this article.
Just-in-Time Admin Configuration
Default value: Not set
Specifies the name of the local user to override or create and whether that user should be deleted after logoff.
For more information on this setting, please see this article.
Requests & Rules
Default Elevation Type
Default value: Admin Elevation
Specifies which Elevation Type is selected by default when approving a Request. This can be overridden at the time of the Request by selecting a different type before approving.
For more information on elevation types, please see this article.