Settings Page

Use this page to configure settings for the current tenant, including tenant vault management options. See the following illustration:

When logging in with a Tenant Owner account or an account with the License Plan Management permission, the Authentication Method setting is displayed.

Your configuration options are contained in the following sections of the page:

Tenant

An authorized tenant member (any member with the License Plan Management permission) can use this section to modify the tenant name.

• Name - When you first create a tenant, a default tenant name appears here. Specify a descriptive name for the tenant.

Authentication Method

An authorized tenant member (any member with the License Plan Management permission) can use this section to modify the authentication method of tenant.

The tenant can be configured with two authentication methods: Microsoft Entra ID and Marketplace. The default authentication method is Marketplace Single Sign-On.

Microsoft Entra ID Authentication Method

If an authorized tenant member (any member with the License Plan Management permission) choose method authentication is Microsoft Entra ID setting page will appear more information.

Fill in the Microsoft Entra ID Authentication Method setting in three input fields:

• Login URL - The sign‑in URL generated by the Microsoft Entra ID Enterprise Application.

• Microsoft Identifier ID - The unique identifier (Entity ID) of the Microsoft Entra ID Enterprise Application.

• Certificate - A Base64‑encoded X.509 certificate file downloaded from the Microsoft Entra ID Enterprise Application.

These values are provided by the Microsoft Entra ID Enterprise Application that is configured to authenticate the Microsoft Entra ID tenant with the Shield Guard tenant.

Enter the Shield Guard SSO values in your Microsoft Entra ID Enterprise App (Single sign-on):

• Shield Guard Entity ID - The unique identifier of the Shield Guard SAML Service Provider.
• Shield Guard ACS URL - The Assertion Consumer Service (ACS) URL used by Shield Guard to receive SAML responses.
• Shield Guard Logout URL - The URL used by Shield Guard to handle Single Logout (SLO) requests.

To complete this configuration, users must follow the Microsoft Entra ID Authentication Method Setup Guide instructions provided in the Shield Guard Online Help documentation.

Note: Tenant Conditions for Configuring Microsoft Entra ID Authentication

• During the initial setup, the Shield Guard user must be a Marketplace account holder with either the Tenant Owner or Tenant Admin role, and must have license management permissions. Additionally, the Marketplace account used to log into Shield Guard for this configuration must be associated with an email that already has an Entra ID account.
• The authentication method can only be configured once during the initial setup. It cannot be modified later, and only other configuration details within the settings can be updated.
• Updating the configuration settings also requires the Marketplace user to have either license management permissions or be a Tenant Owner.

Sync Tenant With Microsoft Entra ID

After completing the configuration of Microsoft Entra ID as the authentication method and successfully saving the settings, the system will display the settings for synchronizing tenant user data with Microsoft Entra ID. The user must configure these settings to complete the registration of Microsoft Entra ID authentication for the tenant.

This settings section provides two main functions:

• Synchronize tenant users with Microsoft Entra ID accounts assigned to the App Registration, allowing users authenticated via Microsoft Entra ID to access and manage the tenant.
• Store API authentication configurations to support retrieving user information from Microsoft Entra ID for Shield Guard functionalities, and configure automatic synchronization to add new tenant users from Microsoft Entra ID (users who are newly assigned to the Microsoft Entra ID Enterprise App for the Shield Guard tenant and have not yet been added to the tenant) at scheduled intervals.

Fill in the Entra ID settings in three input fields:

• Client ID - The Application (client) ID of the App Registration in Microsoft Entra ID.
• Tenant ID - The Directory (tenant) ID of your Microsoft Entra ID tenant.
• Secret ID - The client secret generated for the App Registration.
• Secret ID Expired Date - The expiration date of the corresponding client secret.
• Permissions - Defines the user permission roles assigned to new users automatically synchronized from Microsoft Entra ID to the Shield Guard tenant.
• Frequency - Specifies the scheduled interval for automatically synchronizing newly added users from Microsoft Entra ID to the Shield Guard tenant.

To complete this configuration, users must follow the Sync Tenant With Microsoft Entra ID Setup Guide instructions provided in the Shield Guard Online Help documentation.

Policy and Device Status Notifications

To send email notifications to your MarketPlace email address regarding policy and device status, place a check the box. Otherwise, leave the box blank.

Shield Guard sends notifications when a device status changes to “Not Secure,” “Offline,” or “Not Assessed.”

Release Email Notifications

Use Release Email Notifications to view and manage the list of users who receive email notifications when a new release version is published.

The Release Email Notifications feature allows you to:

• View the list of users (email addresses) receiving release notification emails
• Add new users to the notification list
• Remove users who no longer need to receive notifications

Note: Only users with the License Plan Management permission can perform actions such as adding users, removing users, and enabling/disabling Release Email Notifications.

Managing the Release Email Notifications List

The Release Email Notifications list displays the users who will receive release notification emails and shows the following information for each user.

• First Name - The member’s first name.

• Last Name - The member’s last name.

• Email - The member’s email address.

• Date Added - The date and time when the member was added to the list.

In addition to the above information, the Users table includes the following:

• The Date Added column can be used for sorting. Clicking the Date Added column header sorts the list by date. An arrow displayed in the column header indicates the current sort order (ascending or descending).

• The action buttons allow you to perform available functions on the user list, such as Add User and Remove User, as shown in the illustration below.

  

Adding a New User

The Add User function allows you to add a new user to the list of recipients for release notification emails for upcoming release versions.

Note: Only users with the License Plan Management permission can use the Add User function, and only users who have already been invited to the tenant can be added to the list.

To add a new user, follow these steps:

1. On the Release Email Notifications page, click Add User
2. Select or enter the user to be added
3. Save the changes

System behavior:

• Added users will receive email notifications for release versions published after they are added
• Release versions published before the user is added will not trigger notification emails

Removing a User

The Remove User function is used to remove a user from the release email notification list.

Note: Only users with the License Plan Management permission can use the Remove User function.

To remove a user, follow these steps:

1. Select a user from the list
2. Click Remove User
3. Confirm the deletion
4. Save the changes

System behavior:

• Removed users will no longer receive release notification emails
• Removing a user does not affect emails that were sent previously

Notes: If the user list is empty, the status of Release Email Notifications will be OFF, and the system will not send release notification emails.

Tenant Vault Key Management

An authorized tenant member (any member with the License Plan Management permission) can use this section to select a tenant vault key management option for the tenant. The default setting is Decentralized Key Management.

Note: The Tenant Vault Key Management setting applies to the tenant as a whole. It is distinct from the “tenant member vault key management method”, which refers to the vault key management method that must be applied to each individual password vault.

See the following illustration:

• Decentralized Key Management - Require users connecting to this tenant to use Decentralized Key Management. If you select this option, tenant members are restricted to the Decentralized method.

• Decentralized Key Management or Centralized Key Management - Allow users to choose their vault management method. Users have the option to select either Decentralized or Centralized key management.

Note: If you change the Tenant Vault Key Management selection to Decentralized Key Management, any tenant members or pending members who use the Centralized method will be restricted from the tenant. Tenant members using the Decentralized method at the time of the change can continue to use their current vault and key.

Shield Guard sends an email with this information to each restricted member, and also posts a banner in each tenant member’s portal indicating they are currently restricted from the tenant. The banner includes a link to the My Profile page, where the Modify My Vault Key Management window appears and the tenant member can change their vault management method to Decentralized and create a vault master key.