Skip to content

Commit 3a36833

Browse files
stuart-jaeckel-netwrixstuart-jaeckel-netwrix
committed
ran scripts for aic 11.6
1 parent c599e79 commit 3a36833

File tree

76 files changed

+635
-239
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

76 files changed

+635
-239
lines changed

docs/accessinformationcenter/11.6/accessrequests/interface/changes.md

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -25,9 +25,12 @@ The table displays the following information for selected trustee:
2525
- Update Type – Indicates if group membership was added or removed to process the change
2626
- Member Name – sAMAccountName associated with the domain user whose membership was being changed
2727

28-
**NOTE:** The table data grid functions the same way as other Access Information Center table grids.
28+
:::note
29+
The table data grid functions the same way as other Access Information Center table grids.
2930
See the
3031
[Data Grid Features](/docs/accessinformationcenter/11.6/admin/navigate/datagrid.md) topic
3132
for additional information.
33+
:::
34+
3235

3336
Click **OK** to close the window.

docs/accessinformationcenter/11.6/accessrequests/overview.md

Lines changed: 14 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -18,15 +18,21 @@ folders, SharePoint sites, Active Directory (AD) groups, AD distribution lists,
1818
Administrators groups.All data available within the Access Information Center is collected by
1919
Netwrix Enterprise Auditor according to the targeted environments.
2020

21-
_Remember,_ owners are assigned to resources in the Resource Owners interface. Only resources with
21+
:::tip
22+
Remember, owners are assigned to resources in the Resource Owners interface. Only resources with
2223
assigned owners can be included in the Self-Service Access Requests workflow. These resources must
2324
also have the Allow access requests option selected.
25+
:::
2426

25-
**_RECOMMENDED:_** When deploying the Access Information Center in an organization to enable
27+
28+
:::info
29+
When deploying the Access Information Center in an organization to enable
2630
Self-Service Access Requests, notifications should be sent to assigned owners as well as domain
2731
users. See the
2832
[Owner Confirmation Request Email](/docs/accessinformationcenter/11.6/owneroverview/confirmationrequest.md)
2933
topic for additional information.
34+
:::
35+
3036

3137
The Your Access portal provides domain users with the ability to view current access to managed
3238
resources, request access to resources, and view the request status for pending and processed
@@ -40,12 +46,12 @@ to the Your Access portal at login. See the
4046
[Your Access Portal Overview](/docs/accessinformationcenter/11.6/youraccessportal/overview.md)
4147
topic for additional information.
4248

43-
Who Can Manage Self-Service Access Requests (Request Administrators)?
49+
**Who Can Manage Self-Service Access Requests (Request Administrators)?**
4450

4551
- Access Information Center Administrators
4652
- Access Information Center Security Team Members
4753

48-
Who Participates in Self-Service Access Requests?
54+
**Who Participates in Self-Service Access Requests?**
4955

5056
- Domain Users — Submit requests for access to resources or membership in groups
5157
- Owners — Approve or deny access requests
@@ -64,11 +70,14 @@ Prerequisites:
6470
[Notifications Page](/docs/accessinformationcenter/11.6/admin/configuration/notifications.md)
6571
topic for additional information.
6672

67-
**NOTE:** By default, the Access Information Center is configured to send notifications only to
73+
:::note
74+
By default, the Access Information Center is configured to send notifications only to
6875
the primary owner. However, this can be customized to send notifications to all assigned owners.
6976
See the
7077
[Notifications Page](/docs/accessinformationcenter/11.6/admin/configuration/notifications.md)
7178
topic for additional information.
79+
:::
80+
7281

7382
- Access Information Center configured to commit AD changes
7483
- Resources and groups must be known to the Access Information Center, having been audited by

docs/accessinformationcenter/11.6/admin/additionalconfig/aliasserver.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -17,7 +17,7 @@ The Response Server Host Name parameter can be modified in the
1717
`AccessInformationCenter.Service.exe.config` file, which is located in the Access Information Center
1818
installation directory:
1919

20-
…\STEALTHbits\Access Information Center
20+
**…\STEALTHbits\Access Information Center**
2121

2222
Follow the steps to supply an alias server host name for notification hyperlinks.
2323

docs/accessinformationcenter/11.6/admin/additionalconfig/commitchanges.md

Lines changed: 8 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -24,12 +24,15 @@ of the following access levels to a specific resource: Read, Modify, or Full Con
2424
[Access Groups](/docs/accessinformationcenter/11.6/resourceowners/accessgroups.md)
2525
topic for additional information.
2626

27-
**NOTE:** The Access Information Center can only commit group membership changes to domains it has
27+
:::note
28+
The Access Information Center can only commit group membership changes to domains it has
2829
access to, that is the domain where it resides or domains with a trust that are known to it. Also,
2930
the Active Directory service account must have the required permissions for all applicable domains.
3031
See the
3132
[Multiple Domains](/docs/accessinformationcenter/11.6/admin/configuration/activedirectory.md#multiple-domains)
3233
topic for additional information.
34+
:::
35+
3336

3437
## Best Practice for Least Privilege
3538

@@ -50,8 +53,11 @@ two options for assigning the Active Directory service account:
5053
[Active Directory Page](/docs/accessinformationcenter/11.6/admin/configuration/activedirectory.md)
5154
topic for additional information.
5255

53-
**_RECOMMENDED:_** The best practice is to create at least two OUs for ease of organization: a
56+
:::info
57+
The best practice is to create at least two OUs for ease of organization: a
5458
security group OU and a distribution list group OU.
59+
:::
60+
5561

5662
**Step 3 –** Apply delegation to these OUs to grant the minimal rights of **Allow Read Members** and
5763
**Allow Write Members** to the Active Directory service account.

docs/accessinformationcenter/11.6/admin/additionalconfig/emailtemplates.md

Lines changed: 32 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -32,56 +32,66 @@ Substitution Tokens are only valid for certain Notification message templates. B
3232
the Substitution Tokens, the value or string they represent, and the message templates in which they
3333
may be used.
3434

35-
| Substitution Token | Description | Applicable Template(s) |
36-
| --------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------- |
37-
| @AccessName@ | Descriptive name of the type of access being requested (Read, Modify, etc.) to a resource | AccessRequestConfirm AccessRequestExpired AccessRequestStatus |
38-
| @Changes@ | Number of review changes | EntitlementReviewUpdates |
39-
| @LoginUrl@ | URL that allows a user to access the default (login) page | AccessRequestConfirm AccessRequestReminder OwnershipChangeNotification ReminderDigest |
40-
| @RequestCount@ | Numerically formatted count of pending access requests | ReminderDigest |
41-
| @ResourceDescription@ | Description of resource - To use the resource's description in emails instead of the path, replace @ResourcePath@ with @ResourceDescription@ | AccessRequestConfirm AccessRequestStatus OwnershipConfirm ReminderDigest |
42-
| @ResourcePath@ | Path of the current resource - To use the resources’ description in emails instead of the path, replace @ResourcePath@ with @ResourceDescription@ | AccessRequestConfirm AccessRequestExpired AccessRequestStatus EntitlementReviewUpdates OwnershipConfirm ReminderDigest |
43-
| @ResourceType@ | Type of resource | AccessRequestConfirm AccessRequestExpired AccessRequestStatus EntitlementReviewUpdates OwnershipConfirm ReminderDigest |
44-
| @ResourceUrl@ | URL specifically created to respond to a request | AccessRequestConfirm EntitlementReviewReminder OwnershipConfirm |
45-
| @ResponseCount@ | Numerically formatted count of pending reviews or access requests | AccessRequestReminder ReminderDigest |
46-
| @ReviewCount@ | Numerically formatted count of pending reviews | ReminderDigest |
47-
| @ReviewName@ | Name of the resource review | EntitlementReviewUpdates |
48-
| @ReviewType@ | Type of resource review | EntitlementReviewUpdates |
49-
| @StatusText@ | Status of an access request (Confirmed, Declined, Waiting) | AccessRequestStatus |
50-
| @UserName@ | Name of the user who submitted the access request | AccessRequestConfirm AccessRequestStatus EntitlementReviewUpdates |
51-
| @UserNotes@ | Any notes the user submitted as part of the access request | AccessRequestConfirm AccessRequestStatus |
35+
| Substitution Token | Description | Applicable Template(s) |
36+
| --------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------- |
37+
| @AccessName@ | Descriptive name of the type of access being requested (Read, Modify, etc.) to a resource | AccessRequestConfirm AccessRequestExpired AccessRequestStatus |
38+
| @Changes@ | Number of review changes | EntitlementReviewUpdates |
39+
| @LoginUrl@ | URL that allows a user to access the default (login) page | AccessRequestConfirm AccessRequestReminder OwnershipChangeNotification ReminderDigest |
40+
| @RequestCount@ | Numerically formatted count of pending access requests | ReminderDigest |
41+
| @ResourceDescription@ | Description of resource <ul><li>To use the resource's description in emails instead of the path, replace @ResourcePath@ with @ResourceDescription@</li></ul> | AccessRequestConfirm AccessRequestStatus OwnershipConfirm ReminderDigest |
42+
| @ResourcePath@ | Path of the current resource <ul><li>To use the resources’ description in emails instead of the path, replace @ResourcePath@ with @ResourceDescription@</li></ul> | AccessRequestConfirm AccessRequestExpired AccessRequestStatus EntitlementReviewUpdates OwnershipConfirm ReminderDigest |
43+
| @ResourceType@ | Type of resource | AccessRequestConfirm AccessRequestExpired AccessRequestStatus EntitlementReviewUpdates OwnershipConfirm ReminderDigest |
44+
| @ResourceUrl@ | URL specifically created to respond to a request | AccessRequestConfirm EntitlementReviewReminder OwnershipConfirm |
45+
| @ResponseCount@ | Numerically formatted count of pending reviews or access requests | AccessRequestReminder ReminderDigest |
46+
| @ReviewCount@ | Numerically formatted count of pending reviews | ReminderDigest |
47+
| @ReviewName@ | Name of the resource review | EntitlementReviewUpdates |
48+
| @ReviewType@ | Type of resource review | EntitlementReviewUpdates |
49+
| @StatusText@ | Status of an access request (Confirmed, Declined, Waiting) | AccessRequestStatus |
50+
| @UserName@ | Name of the user who submitted the access request | AccessRequestConfirm AccessRequestStatus EntitlementReviewUpdates |
51+
| @UserNotes@ | Any notes the user submitted as part of the access request | AccessRequestConfirm AccessRequestStatus |
52+
5253

5354
## Customize Email Templates
5455

5556
Email templates are shipped in a ZIP file and stored in the Access Information Center installation
5657
directory:
5758

58-
…\STEALTHbits\Access Information Center
59+
**…\STEALTHbits\Access Information Center**
5960

6061
Follow the steps to customize the email templates.
6162

62-
**NOTE:** To successfully modify these Notifications email templates, a familiarity with basic HTML
63+
:::note
64+
To successfully modify these Notifications email templates, a familiarity with basic HTML
6365
is necessary.
66+
:::
67+
6468

6569
![Templates Zip file in the Installation Directory](/img/product_docs/accessinformationcenter/11.6/admin/additionalconfig/emailtemplateszipfile.webp)
6670

6771
**Step 1 –** Navigate to the Access Information Center installation directory:
6872

69-
…\STEALTHbits\Access Information Center
73+
**…\STEALTHbits\Access Information Center**
7074

7175
**Step 2 –** Unzip the `Templates.zip` file and save the contents to a folder within this directory
7276
named `Templates`.
7377

74-
**CAUTION:** The customized email templates must be in the `Templates` folder within the
78+
:::warning
79+
The customized email templates must be in the `Templates` folder within the
7580
installation directory to be preserved during future application upgrades.
81+
:::
82+
7683

7784
![Unzipped Email Templates in Templates Folder](/img/product_docs/accessinformationcenter/11.6/admin/additionalconfig/emailtemplatesunzipped.webp)
7885

7986
**Step 3 –** Locate the desired HTML message template.
8087

8188
**Step 4 –** Open the file with a text editor, e.g. Notepad, and customize the email body.
8289

83-
**NOTE:** Using a tool other than a text editor to edit HTML files, such as a WYSIWYG web page
90+
:::note
91+
Using a tool other than a text editor to edit HTML files, such as a WYSIWYG web page
8492
editor which may drastically alter the underlying HTML code, is not supported.
93+
:::
94+
8595

8696
**Step 5 –** Email subject lines can be edited by changing the text between the opening `<title>`
8797
tag and the closing `</title>` tag.

docs/accessinformationcenter/11.6/admin/additionalconfig/entraidsso.md

Lines changed: 13 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -10,8 +10,11 @@ The Access Information Center can be configured to use Microsoft Entra ID Single
1010
configured, users are directed to the Microsoft Entra ID login page, and can log in using their
1111
existing Entra credentials.
1212

13-
**NOTE:** If enabled, only Microsoft Entra ID SSO can be used for logging in. Other accounts,
13+
:::note
14+
If enabled, only Microsoft Entra ID SSO can be used for logging in. Other accounts,
1415
including the default administrator account, cannot be used.
16+
:::
17+
1518

1619
The following is required to use Microsoft Entra ID SSO:
1720

@@ -81,15 +84,18 @@ Microsoft Entra ID SSO in the Access Information Center config file.
8184
To enable Microsoft Entra ID SSO for the Access Information Center, the config file needs to be
8285
updated with values from Microsoft Entra ID. Follow the steps to enable the SSO.
8386
84-
_Remember,_ Enabling Entra ID SSO requires SSL to be enabled. If this was not done during the
87+
:::tip
88+
Remember, Enabling Entra ID SSO requires SSL to be enabled. If this was not done during the
8589
installation, then you must manually configure it. See the
8690
[Securing the Access Information Center](/docs/accessinformationcenter/11.6/installation/secure.md)
8791
topic for additional information.
92+
:::
93+
8894
8995
**Step 1 –** Open the `AccessInformationCenter.Service.exe.config` file in a text editor, such as
9096
Notepad. The file is located in the Access Information Center installation directory:
9197
92-
…\Program Files\STEALTHbits\Access Information Center
98+
**…\Program Files\STEALTHbits\Access Information Center**
9399
94100
![Parameters in the config file](/img/product_docs/accessinformationcenter/11.6/admin/additionalconfig/configfileentrasso.webp)
95101
@@ -103,9 +109,12 @@ as follows:
103109
    <add key="WsFederationReply" value="" />
104110
```
105111
106-
**NOTE:** For new installations of the Access Information Center these parameters are already in the
112+
:::note
113+
For new installations of the Access Information Center these parameters are already in the
107114
config file. If you have upgraded from a previous version, then you need to manually add them as the
108115
config file is retained during an upgrade to maintain the existing settings.
116+
:::
117+
109118
110119
**Step 3 –** Add the required values for the parameters from your Microsoft Entra ID application:
111120

docs/accessinformationcenter/11.6/admin/additionalconfig/recommendations.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -12,7 +12,7 @@ data). By default, these recommendations are based on a 90-day sample of activit
1212
configuration can be changed by editing the `AccessInformationCenter.Service.exe.config` file in the
1313
Access Information Center installation directory:
1414

15-
…\STEALTHbits\Access Information Center
15+
**…\STEALTHbits\Access Information Center**
1616

1717
Follow the steps to modify the activity days parameter.
1818

0 commit comments

Comments
 (0)