Chat now with support
Chat with Support

KACE Systems Management Appliance 13.2 Common Documents - Administrator Guide

About the KACE Systems Management Appliance Getting started
Configuring the appliance
Requirements and specifications Power-on the appliance and log in to the Administrator Console Access the Command Line Console Tracking configuration changes Configuring System-level and Admin-level General Settings Configure appliance date and time settings Managing user notifications Enable Two-Factor Authentication for all users Verifying port settings, NTP service, and website access Configuring network and security settings Configuring Agent settings Configuring session timeout and auto-refresh settings Configuring locale settings Configuring the default theme Configure data sharing preferences About DIACAP compliance requirements Configuring Mobile Device Access Enable fast switching for organizations and linked appliances Linking Quest KACE appliances Configuring history settings
Setting up and using labels to manage groups of items Configuring user accounts, LDAP authentication, and SSO Deploying the KACE Agent to managed devices Using Replication Shares Managing credentials Configuring assets
About the Asset Management component Using the Asset Management Dashboard About managing assets Adding and customizing Asset Types and maintaining asset information Managing Software assets Managing physical and logical assets Maintaining and using manual asset information Managing locations Managing contracts Managing licenses Managing purchase records
Setting up License Compliance Managing License Compliance Setting up Service Desk Configure the Cache Lifetime for Service Desk widgets Creating and managing organizations Importing and exporting appliance resources
Managing inventory
Using the Inventory Dashboard Using Device Discovery Managing device inventory
About managing devices Features available for each device management method About inventory information Tracking changes to inventory settings Managing inventory information Finding and managing devices Registering KACE Agent with the appliance Provisioning the KACE Agent Manually deploying the KACE Agent Using Agentless management Adding devices manually in the Administrator Console or by using the API Forcing inventory updates Managing MIA devices Obtaining Dell warranty information
Managing applications on the Software page Managing Software Catalog inventory
About the Software Catalog Viewing Software Catalog information Adding applications to the Software Catalog Managing License assets for Software Catalog applications Associate Managed Installations with Cataloged Software Using software metering Using Application Control Update or reinstall the Software Catalog
Managing process, startup program, and service inventory Writing custom inventory rules
Deploying packages to managed devices
Distributing software and using Wake-on-LAN Broadcasting alerts to managed devices Running scripts on managed devices Managing Mac profiles Using Task Chains
Patching devices and maintaining security
Using the Security Dashboard About patch management Subscribing to and downloading patches Creating and managing patch schedules Managing patch inventory Managing Windows Feature Updates Managing Dell devices and updates Managing Linux package upgrades Maintaining device and appliance security Manage quarantined file attachments
Using reports and scheduling notifications Monitoring servers
Getting started with server monitoring Working with monitoring profiles Managing monitoring for devices Working with alerts
Using the Service Desk
Configuring Service Desk Using the Service Desk Dashboard Managing Service Desk tickets, processes, and reports
Overview of Service Desk ticket lifecycle Creating tickets from the Administrator Console and User Console Creating and managing tickets by email Viewing tickets and managing comments, work, and attachments Merging tickets Using the ticket escalation process Using Service Desk processes Using Ticket Rules Run Service Desk reports Archiving, restoring, and deleting tickets Managing ticket deletion
Managing Service Desk ticket queues About User Downloads and Knowledge Base articles Customizing Service Desk ticket settings Configuring SMTP email servers
Maintenance and troubleshooting
Maintaining the appliance Troubleshooting the appliance
Appendixes Glossary About us Legal notices

Add and edit LDAP User/Password credentials

Add and edit LDAP User/Password credentials

To easily manage and password LDAP credentials, add those credentials to the Credentials Management page. LDAP User/Password credentials can be created for Mac, Windows, and Linux operating systems.

After you add credentials, you can select them on configuration pages instead of entering the credentials manually each time. In addition, you can add credentials from any of the configuration pages that use them. Credentials added on configuration pages are automatically added to the Credentials Management page.

1.
Go to the Credentials Management page:
a.
Log in to the appliance Administrator Console, https://appliance_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information.
b.
On the left navigation bar, click Settings, then click Credentials.
2.
Select Choose Action > New.
3.
On the Add Credential form, specify credential properties:
NOTE: You can also access this form from pages that use credentials, such as the Discovery Schedule Detail page. Credentials added on these pages are automatically added to the Credentials Management list.

Option

Description

Name

A unique name for the credential. This name appears on the Credentials Management list and in the credential selection drop-down lists on the LDAP Label Detail page. This name is used for identification in Administrator Console, and it is not part of the actual credential on the target device.

Type

The classification of the credential. Select LDAP User/Password to specify LDAP credentials that include user names and passwords.

User or Domain\User

The user name required for the credential.

TIP: The Domain\User format is sometimes required for some Windows configurations.

Password

The password required for the credential.

Show typing

Show the characters in the Password field on the Add Credential form. This option is available only when you are adding credentials. If you are editing existing credentials, the password characters cannot be displayed.

Notes

Any additional information you want to provide about the credential.

4.
Click Save.
The credential appears on the Credentials Management list and it is available for selection in components that use credentials.

Add and edit Google Workspace credentials

Add and edit Google Workspace credentials

To streamline the management of Google Workspace credentials used in Inventory, Distribution, Scripting, and Service Desk, add the applicable credentials to the Credentials Management page.

The appliance can obtain access to a Google Workspace Domain using the Google APIs. The following appliance-managed components can be authenticated through Google API:

Google Workspace Device Discovery and Inventory: This includes both Chromebooks and mobile devices that are managed by a Google Workspace Domain (formerly G Suite). This type of authentication requires the following:
Service Desk Queue Inboud Email: This includes email accounts that are part of a Google Workspace or a public Gmail account. This type of authentication requires the following:

For each of these component types, the appliance supports the following methods authentication by a Google API. The method you choose depends on the components using the Google Workspace credential and the preference or role of the appliance administrator.

Service Account authentication consists of a Service Account Key that is associated with a unique Client ID. A Google Workspace Super Admin can use the Client ID to grant the Service Account Domain Wide Access to a resource.
OAuth Client authentication consists of a OAuth Client ID that is used along with a Client Secret to request and grant access to a particular Google resource using a browser-based workflow.
It requires that the browser used to configure the credential in the Administrator Console connects to the appliance using a host name that is considered public (no private domains).

Start by creating one or more Google Workspace Service Account or OAuth credentials, as applicable. After you add credentials, you can select them on configuration pages instead of entering them manually each time. In addition, you can add credentials from any of the configuration pages that use them. Credentials added on configuration pages are automatically added to the Credentials Management page. The appliance does not validate stored Google OAuth credentials as you enter them, but attempting to save any changes using invalid credentials result in an error.

a.
While still logged in to the Google Cloud console, select APIs & Services, and go to the OAuth consent screen.
f.
Choose Web Application as the Application type.
h.
Provide the following URI: https://<appliance_hostname>/common/authorize.php, where appliance_hostname is the host name of the appliance Administrator Console.
4.
Service Account credentials only (optional). Delegate a domain-wide authority to a Service Account. This step requires Super Admin access to the Google Workspace Admin console.
b.
Under Security > Access and data control > API Controls > Manage Domain Wide Delegation, create a new delegation and provide the Client ID of the Service Account that you created in 2.
5.
Go to the Credentials Management page:
a.
Log in to the appliance Administrator Console, https://appliance_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information.
b.
On the left navigation bar, click Settings, then click Credentials.
6.
Select Choose Action > New.
7.
On the Add Credential form, specify credential properties:

Option

Description

Name

A unique name for the credential. This name appears on the Credentials Management list and in the credential selection drop-down lists in component sections, such as Scripting. This name is used for identification in Administrator Console, and it is not part of the actual credential.

Type

The classification of the credential. Select Google Workspace or GMail, as applicable.

8.
Service Account credentials only. While still on the Add Credential form, specify the credential properties:

Option

Description

Service Account

Select this option.

Impersonation Account

Device Discovery and Inventory only: The email address of an administrator that has access to the devices in the Google Admin console.
Service Desk Queue email only: The email address from which you can receive inbound email.

Service Account Key

Navigate to the JSON file obtained in 2.

Notes

Any additional information you want to provide about the credential.

9.
OAuth credentials only. While still on the Add Credential form, specify the credential properties:

Option

Description

OAuth

Select this option.

Client ID

Your Google developer API Client ID obtained in 3.

Client Secret

Your Google developer API Client Secret obtained in 3.

Show typing

Show the characters in the Client Secret field on the Add Credential form. This option is available only when you are adding credentials. If you are editing existing credentials, the characters in the Client Secret field cannot be displayed.

Authorize Credential

Click, log in, and grant access to the desired Google account on the page that appears.

Device Discovery and Inventory only: The account of an administrator that has access to the devices in the Google Admin console.
Service Desk Queue email only: The email address from which you can receive inbound email.

Notes

Any additional information you want to provide about the credential.

10.
Click Save.

Add and edit SNMP credentials

Add and edit SNMP credentials

To streamline the management of SNMP credentials used in Inventory, Distribution, and Scripting, add those credentials to the Credentials Management page.

After you add credentials, you can select them on configuration pages instead of entering them manually each time. In addition, you can add credentials from any of the configuration pages that use them. Credentials added on configuration pages are automatically added to the Credentials Management page.

1.
Go to the Credentials Management page:
a.
Log in to the appliance Administrator Console, https://appliance_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information.
b.
On the left navigation bar, click Settings, then click Credentials.
2.
Select Choose Action > New.
3.
On the Add Credential form, provide the following information:

Option

Description

Name

A unique name for the credential. This name appears on the Credentials Management list and in the credential selection drop-down lists in component sections, such as Scripting. This name is used for identification in Administrator Console, and it is not part of the actual credential.

Type

The classification of the credential. Select SNMP to specify SNMP credentials.

Option

Description

SNMP v1 or v2c

SNMP credentials that do not use authentication or encryption.

Community String

For SNMP v1 or v2c, the community string to query. The default is Public. The Public String is required for SNMP v1 or v2c.

Notes

Any additional information you want to provide about the credential.

Option

Description

SNMP v3

SNMP credentials that require authentication and encryption algorithms to increase security.

Security Name

For SNMP v3, the name of the USM (user-based security model) user account. This account, and any passwords required for authentication and encryption, must be set up on target devices.

Security Level

For SNMP v3, the level of security. Security levels include:

authPriv: The highest level of SNMP v3 security, which uses both authentication and encryption. To use this level, you must specify all the SNMP V3 Authentication and Privacy settings.
authNoPriv: The mid-range of SNMP v3 security, which uses authentication only. Communications are not encrypted. To use this level, you must specify the Authentication settings.
noAuthNoPriv: The lowest level of SNMP v3 security. Communications are not encrypted.

Authentication Password

For SNMP v3, the password used to authenticate communications when authPriv or authNoPriv security levels are selected. This password is associated with the USM user and must be set up on target devices.

Protocol

For SNMP v3, the protocol used for communications. Protocols include:

SHA: Secure hash algorithm, SHA-1.
MD5: Message Digest 5. Faster than SHA, but considered to be less secure.

Privacy Password

For SNMP v3, the password used to authenticate communications when the authPriv security level is selected. This password is associated with the USM user and must be set up on target devices.

Protocol

For SNMP v3, the protocol used for the privacy password. Protocols include:

DES: Data Encryption Standard. This algorithm has a 56-bit key size and is considered to be less secure than AES.
AES: Advanced Encryption Standard. The appliance supports the 128-bit key size.

Notes

Any additional information you want to provide about the credential.

6.
Click Save.

Add and edit Microsoft Office 365 OAuth credentials

Add and edit Microsoft Office 365 OAuth credentials

To easily use Office 365 credentials used in Service Desk email communication, add them to the Credentials Management page.

After you add credentials, you can select them in configuration pages instead of entering them manually each time. In addition, you can add credentials from any of the configuration pages that use them. Credentials added on configuration pages are automatically added to the Credentials Management page. The appliance does not validate stored Office 365 credentials as you enter them, but attempting to save any changes using invalid credentials result in an error.

1.
Go to the Credentials Management page:
a.
Log in to the appliance Administrator Console, https://appliance_hostname/admin. Or, if the Show organization menu in admin header option is enabled in the appliance General Settings, select an organization in the drop-down list in the top-right corner of the page next to the login information.
b.
On the left navigation bar, click Settings, then click Credentials.
2.
Select Choose Action > New.
3.
On the Add Credential form, specify credential properties:

Option

Description

Name

A unique name for the credential. This name appears on the Credentials Management list and in the credential selection drop-down lists in component sections, such as Service Desk email settings. This name is used for identification in Administrator Console, and it is not part of the actual credential.

Type

The classification of the credential. Select Office365 OAuth to specify credentials for Office 365.

Client ID

Your Office 365 Client ID.

Client Secret

Your Office 365 Client Secret.

Show typing

Show the characters in the Client Secret field on the Add Credential form. This option is available only when you are adding credentials. If you are editing existing credentials, the characters in the Client Secret field cannot be displayed.

Azure AD Tenant Type

Select your Azure AD tenant type from the available options. The tenant type must match the one selected when registering your Azure AD application in the Azure AD admin portal.

Multitenant & Personal Microsoft Accounts - Default: Use this option to grant access to the widest range of Microsoft identities and to enable multi-tenancy. All users with a work or school, or personal Microsoft account can access your application or API using this credential. It applies to schools and businesses that use Office 365 as well as personal accounts that are used to sign in to services like Xbox or Skype. This is the default setting.
Azure AD directory - Multitenant: Use this option to grant access to business or educational users, and to enable multitenancy. All users with a work or school account from Microsoft can use your application or API. This includes schools and businesses that use Office 365.
Personal Microsoft Accounts only: Use this option to grant access to personal accounts that are used to sign in to services like Xbox or Skype.
Organizational directory only (Single tenant): Use this option to grant access to the users associated with your organization.

Authorize Credential

Click, log in, and grant access to the desired Office 365 account on the page that appears.

Notes

Any additional information you want to provide about the credential.

4.
Click Save.
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating