• United States (English)
• Brazil (Português)
• China (中文)
• France (Français)
• Germany (Deutsch)
• Italy (Italiano)
• Japan (日本語)
• Korea (한국어)
• Mexico (Español)

• Sign In
• Create Support Account

FREE TRIALS

• Become a portal pro
• Download
• Print
• My Downloads ()

• Support
• Technical Documentation
• Security Management Platform Global Settings Current
• Security Management Platform Global Settings Current - User Guide

Security Management Platform Global Settings Current - User Guide

Table of Contents  

Working with Security Management Platform Global Settings Overview of Security Management Platform Global Settings

Organizations Microsoft Entra tenants

Signing up for Security Management Platform Global Settings

Organizations and regions Signing in to Security Management Platform Quest Security Management Platform Cookie Policy

Modifying Your Consent

Security Management Platform subscriptions

Managing organizations and regions

Geographic regions Multiple organizations Creating a new organization Displaying the organization ID and deployment region Switching organizations Editing organization settings

Restricting access to organizations Renaming organizations

Deleting organizations Security Management Platform endpoint requirements

Adding users and groups to an organization

Users, groups, and roles

Default roles and permissions

Access Control: Roles

Viewing role permissions Creating a custom role Editing a custom role Assigning a role to a user Deleting a custom role

Organization access for Microsoft Entra users

Adding a user to your organization and assigning a role Editing user roles Removing a user from the organization

Organization access through Microsoft Entra group membership

Adding a group to your organization and assigning a role Filtering the groups displayed Editing group roles Removing groups from the organization

Joining an organization prerequisites

Managing your Microsoft Entra tenants and on-premises domains

Tenants overview Adding tenants

GCC and GCC High tenants Prerequisites for adding tenants

Displaying a tenant name change

Managing admin consent permissions

About admin consent status Granting and regranting admin consent About the Status and Actions column About the Microsoft Authentication Library (MSAL) About revoking admin consent

Removing a tenant Managing your on-premises domains On-premises agent prerequisites On-premises agent supported operating systems On-premises agent system configuration requirements On-premises agent endpoint requirements Adding an on-premises agent

About agent installation Agent service account configuration Secure LDAP configuration and deployment Installing the agent using the command shell

Configuring an agent Editing an agent configuration Automatic updates for on-premises agents Removing an agent Adding an Active Directory domain

Editing a domain configuration

Removing a domain

Security Management Platform Home page

Masthead

Masthead drop-down menu

Announcements and global notifications

Managing global notifications

Information window Security Management Platform Status page Side navigation panel Dashboard

Tenant filter Needs your attention! Product tiles

Configuring settings

Organization Access Control Subscriptions

Subscription details Managing subscriptions

Sharing a subscription via email address Sharing a subscription via serial number Changing Owner When Moving from Trial to Paid Subscription

Subscription expiry

Stage 1: Your subscription expires in X days Stage 2: Subscription expired. Access denied. Stage 3: Subscription expired. Service disabled. Stage 4: Subscription expired. Grace period ended. Stage 5: Subscription expired. Data deleted.

Activity trail Notifications

Managing Notification Templates: Required Permissions Configuring Audit Notification Templates Configuring Security Management Platform Notification Templates Configuring Identity Recovery for Active Directory Notification Templates Configuring Identity Recovery for Microsoft Entra ID Notification Templates Configuring Migration - Self-Service Notification Templates

Documentation roadmap

Global settings

Release Notes

More resources

Technical Support

Current operational status Contact support Module product support pages Information and discussion: Quest community forums

• Viewing Topics 5 - 8 of 114

×

Signing up for Security Management Platform Global Settings

Security Management Platform is a Software as a Service (SaaS) application. SaaS is a software licensing and delivery model in which application software is licensed on a subscription basis. The Security Management Platform software is hosted in the cloud by Quest Software and made available to users through the internet. This section contains information regarding signing up for the Security Management Platform service.

 

Organizations and regions	An overview of organizations and regions. For details on configuring organizations and regions after you sign up, see Managing organizations and regions.
Signing in to Security Management Platform	Information on how to sign up for Security Management Platform and enable multi-factor authentication.
Quest Security Management Platform Cookie Policy	Information on managing your cookie policies.
Security Management Platform subscriptions	You must start a trial or purchase a subscription to begin using Security Management Platform Global Settings services.

Organizations and regions

Security Management Platform management is based on the concepts of organizations. When you sign up for the Security Management Platform service, you create an organization and you become the organization administrator. The organization can then subscribe to modules. Organization administrators can use the tools provided by the modules to perform administrative actions on Microsoft Entra tenants. You can add additional organization administrators and module administrators that have access to specific modules.

For most Security Management Platform use cases, a customer creates a single organization. Multiple administrators and multiple tenants can be added to the organization.

NOTE: Recovery account recommendation Quest recommends having an external account added to an organization that could be used in case access is lost. This external account should be a Microsoft Entra account from a tenant that is different from any user accounts normally used to access a Security Management Platform organization. For details see Microsoft’s documentation Manage emergency access accounts in Microsoft Entra ID.

 

CAUTION: Adding a tenant to multiple organizations. Adding the same tenant to multiple organizations can result in conflicting application of policies and settings. When using multiple organizations to manage a tenant, the organization administrators must coordinate their management activities.

An Azure region is a set of data centers deployed within a geographic area. Selecting the correct region for your organization lets you achieve higher performance and supports your requirements regarding data location. Specifying the region for your organization determines the geographical region where your data is stored.

During sign up, you can choose the region where your Security Management Platform data will be hosted. The following regions are currently supported:

•

Australia

•

Canada

•

Europe

•	United Kingdom

•	United States

For more information, see Geographic regions.

Signing in to Security Management Platform

Signing into Security Management Platform is done through Microsoft Entra ID. Authenticating through Microsoft Entra ID provides native granular control and allows you to manage your configuration from a central location. It allows configuring advanced security layers through your own conditional access policies, such as MFA, integration with OKTA and other applications that work with the Microsoft Authentication Library (MSAL).

A Microsoft Entra ID access token (constrained to the Quest Security Management Platform application) is obtained when the user navigates through the authentication process. This Microsoft Entra ID access token has a lifetime limit of 10 minutes after which it is automatically refreshed if the user is actively using the application. The user is automatically logged out following a period of inactivity. If the user token is revoked in Microsoft Entra ID, the user will continue to have access to Security Management Platform until the token expiry, for a maximum of 10 minutes. User access to Security Management Platform organization can be also revoked within Security Management Platform by a Security Management Platform Organization Administrator, resulting in access loss after token expiry.

To enable multi-factor authentication (MFA) when signing in to Security Management Platform

NOTE: Multi-factor authentication (MFA) increases the security of the sign in process. With MFA, a user is granted access only after presenting two or more pieces of evidence (or factors) to an authentication mechanism.

1	Go to the web page quest-on-demand.com.

2	On the Welcome to Quest Security Management Platform page, click Sign in with Microsoft.

3	Sign in using your Microsoft MFA-enabled account.

As part of the login process with Microsoft Entra ID, users must consent to the set of minimal permissions required by the Quest Security Management Platform application.

Permission	Description
View your basic profile	Permission required for Quest to access users name and email to display the logged in user.
Maintain access to data you have given it access to	Permission is automatically included and required by Microsoft for Single Page Applications as it gives access to critical refresh tokens for proper functionality. This permission scope is required for single sign on (SSO) and allows a refresh token to be returned from the authentication flow to avoid Security Management Platform prompting the user every time their primary authentication token times out.

By default, all users are allowed to consent to applications for permissions that do not require administrator consent. This behavior might be disabled in some Microsoft Entra tenants and may require tenant administrators to enable user consent flow for the Quest Security Management Platform application.

NOTE:   • The ability to consent on behalf of your organization is available if logging in as the global administrator in the tenant. • The ability to request consents will only be available if the global administrator has enabled the admin consent workflow. See Microsoft documentation.

4	Click Create New Organization.

5	Enter a name for your Security Management Platform organization.

6	Select the deployment region where you want your data to reside.

7	Click Create New Organization.

You are signed in as the Security Management Platform administrator for the new organization.

Quest Security Management Platform Cookie Policy

Our website requires certain cookies to function properly (these are essential). In addition, we may use other cookies—with your consent—to:

•	Enhance your experience

•	Analyze website performance and traffic

NOTE: We also share information about your use of our site with social media, advertising, and analytics providers, as described in our Cookie Use Policy.

When you open Security Management Platform, you’ll see options to review the cookie policy and manage your preferences. You can choose to:

•	Accept cookies

•	Reject all cookies

•	Manage my cookies

To customize your cookie settings:

1	Select Manage my Cookies.

You can choose which types of cookies to allow. Click the category headings to learn more and adjust settings. Blocking some cookies may affect site functionality and available services.

•

Strictly Necessary Cookies (Always active.) These cookies are required for the website to function and cannot be disabled in our system. They are typically set in response to actions you take, such as setting privacy preferences, logging in, or completing forms. You can block or receive alerts about these cookies through your browser settings, but some parts of the site may not work properly. These cookies do not store personally identifiable information.

•

Performance Cookies (Disabled by default). You can enable these cookies to help us measure and improve site performance. They show which pages are popular and how visitors navigate the site. All data is aggregated and anonymous. If you disable them, we will know when you visit the Security Management Platform site or be able to monitor performance.

Confirm your selections by clicking Confirm my choices.

•  Previous
• Viewing Topics 5 - 8 of 114
• Next 

Search this document Search all documents

×

 Welcome to Quest Support

You can find online support help for Quest *product* on an affiliate support site. Click continue to be directed to the correct support content and assistance for *product*.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating