Web UI Settings Page
The Settings page in the Web UI has settings for both the Web UI and overall server functionality (replicating many settings found in KeyConfigure). It also contains an Information page that lists important details of your server, including the license Serial and Seat count, server Version, Host, and Platform. This is useful information when working with support.
Note that there are Web Service Settings in KeyConfigure under the Config menu as well. These are the same as those in the Network section of this page. Printer settings and many other items are also found in KeyConfigure.
Main Items
These items are sub navigation options in the main navigation sidebar. These are shown when you click the ^ triangle next to Settings.
Accounts
The equivalent of the Admin Access window in KeyConfigure, this page is used to manage privileged Accounts, Roles, and Groups. Please see the linked document for full details.
- You can right click on an account/role/group to access a context menu to delete items.
- You can drag and drop Groups and Roles into the relevant box under an Account to add rights.
An additional feature in the Web UI is the ability to set the default Form (see below) used by each Account when viewing Computers, Devices, and Purchases.
Actions
New in 7.9, Actions allow you to build various kinds of automations. These can be very powerful, and therefore possibly dangerous if you were to accidentally create an infinite loop of conditions between two actions, or flood someone's email with system changes. Be sure to test your Actions and consider their conditions carefully.
There are 3 basic Types of Actions, each of which will offer different conditions for creating them.
- Send Mail on Event - As indicated, this will send an email when something occurs. For example, if the amount of RAM changes in any computer, send an alert, provided it is not in a divison that contains "Thin Clients" and is not getting RAM data for the first time. Macros can be used to format the contents of the email.
- Call a Webhook - Use this to make a call to an external system to make a change based on an event in the KeyServer. For example (purely hypothetical), when a computer is moved to Dormant, call on another web based system to remove the computer from your DNS system.
- Change Computer/Device on Event - Based on one property change, make another property change. For example if a computer is moved to the Disposed Life Stage, also move it to a Dormant Login status.
- Change actions have a visual filter builder that is the same as what you see when building a Filter on the Computers or Devices pages. This allows for each field selection, logical operator choice, and variable editing.
- Email actions on the other hand are special. It is a purely manual method that goes back to making Filters in KeyConfigure. However, instead of using the field names from the Tables documentation, use the Macros as shown below (do NOT include the braces). Note you can also use a macro by itself to test for "truth" of that condition. For example, (event.from) tests to see if there is a from value on the event, so you could filter out all events where it's the initial population of the field by the client and only trigger on change.
Filters
You can create filter criteria on Actions. These differ based on the type of action:
Click here for available Macros in Actions.
Actions can customize their results using macros that change depending on the details of the trigger event. Macros are enclosed in double braces and can be placed within most fields of the action. For example, to embed the current date, use {{now.date}}
There are five macro groups. The specific macros that are available depend on the type of action, as indicated below.
- now (all action types)
- connection (Mail, Webhook)
- mail (Mail)
- event (all action types)
- object (all action types, when event has a subjectid/subjecttype)
Now Group
now.datetime (2022-09-25 20:01:52) now.date (2022-09-25) now.time (20:01:52) now.iso (2022-09-25T20:01:52-0400) now.rfc (Sun, 25 Sep 2022 20:01:52 -0400) now.day (Sunday) now.month (September) now.unix (1664150512)
Connection Group
connection.host connection.server connection.version connection.admin connection.section connection.weburl
Mail Group
mail.from mail.recipients mail.date mail.uuid
Event Group
Computer / Device History (event.class = trail)
event.class event.instance event.when event.subjecttype event.subjectid event.subjectname event.hexid event.txtid event.what event.from event.into
Admin Journal (event.class = journal)
event.class event.instance event.latest event.when event.what event.code event.subjecttype event.subjectid event.subjectname event.hexid event.txtid event.topicid event.count event.admin event.comment event.notes event.level event.committed event.repealed event.multiple event.failure event.agentless event.resolvable event.dateonly event.deadline event.sectionid event.resolved.when event.resolved.result event.resolved.admin
Usage Log (event.class = usage)
event.class event.instance event.when event.what event.reason event.duration event.othertime event.foreground event.count event.gmtoffset event.flags event.closed event.tunnel event.authed event.remote event.mobile event.address event.expansion event.user event.client event.program event.product event.family event.policy event.computer event.division
Object Group
object.fieldname (full object per subjecttype/subjectid of event)
For a list of fields see the Tables Documentation. Note the special case of object.division which will operation the division Name rather than the ID. Note you must use the full field name that appears after 'computer' for example, not a short name from the database. That is, to get the last session time for example you'd use object.lastlogin.
Examples
An example of using these might be an email for alerting you when a Division is deleted from the system:
{{event.subjecttype}} {{event.subjectname}} deleted by {{event.admin}} at {{event.when}}
This would yield: "division a-test.layer2 deleted by Yadin at 2022-10-11 12:44:23" for example.
Alerts
Use this screen to configure the Alert actions for various system events. For more details see Alerts in KeyConfigure.
Extras
This is used for activating extra plugins supplied with the platform, as well as adding custom modules developed by Sassafras. Simply check the box of an Extra to enable it, or drag in the custom bundle supplied by Sassafras. Reload your browser to see the Extra main navigation item, which has a dashboard style layout.
Forms
New in 7.9, Forms allow you to customize the detail view of objects. This includes Computers, Devices, and Purchases. You can then assign a Form to an Account as the default view. In this way you can for example have a tech or workstudy that has a more simple view of asset fields rather than the full list of all panes and attributes you normally see. By stripping out fields they are not concerned with, and putting all items that are important from different panes into a single view, it can make rapid update of asset records during physical inventory much smoother. It also allows you to add custom fields that do not appear in asset records at all, be they informational text or external reference links.
Forms can contain multiple Tabs, and each tab can contain multiple Boxes in multiple Columns. This allows great flexibility in layout. Click the Gear on any Form name (top left), Tab (top after the Form), or Box (in the form contents) to change labels and properties. Drag and drop fields and object types from the right into the main display to change your form layout and available fields.
Models
This page is for the definition of Hardware Replacement models. These can be defined for Computers or Devices. The layout of this page and the record details therein are very much like the Computers and Devices pages. Overall the intended use is to create preset configurations to link to hardware records as reference of their baseline or Replacement models. This can then be leveraged in the Hardware Replacement Extra.
Each Model will be in a Category for easy filtering, just like the Devices page. You can create Folders to organize models in any way you like (e.g. years or departments). And like other list pages, you can leverage powerful Filters to narrow your view of items. The Ribbon also has the typical tools to Add a new record, and choose your display Columns and Grouping criteria.
The Details you can define in a Model are pretty straight forward. Specifications will be useful in the Hardware Replacement Extra when reviewing the current and planned replacement stats of a computer. The Purchase pane of these records will also play a significant part in the use of the Extra, particularly the Cost.
Note that Computers and Devices have fields in their Purchase pane to link to both a base model as well as a replacement model. This sets up the relationships that are used in the replacement Extra.
Scripts
On this page you can enable various Admin Scripts for use in both the Web UI and KeyConfigure. If you are provided a script bundle by Sassafras Software you can drop it in the area at the top of the page to load it on the server. Otherwise you can simply check the box ☑ for any script to enable it. If there is a newer version of the script available there will be an Update button on the right side of the screen for that script. Some scripts only work in KeyConfigure and are marked as such. Once a script is loaded there will be one or more icons you can click to configure ⚙, run ▷, or schedule 🕓 it.
Time Sets
While you can easily create Time Sets by way of setting Open Hours in a Map Floorplan, sometimes you want to manually create time sets for more advanced purposes. You can also create custom Date Ranges for easy preset use in Reports. For more details see Time Sets in KeyConfigure.
Topics
These items are listed in the sub navigation pane of the main Settings window, which is displayed when you click on Settings.
The ✓ ⓘ button at the bottom (next to Save) is used to toggle the verbose information for the various settings on many sub pages and is on by default. The screenshots below are with this information toggled off for brevity.
Remember to click Save when making changes to any settings or they will not be applied in most cases.
Here you can set the Color Theme for the Web UI from a selection of choices, which changes the main header bar. Colors of individual Widgets on the Dashboard can be configured per widget but will use the chosen theme by default. If you wish to customize the theme outside of the preset choices contact Sassafras Software Support.
You can also rename the Web UI Title and its browser tabs to anything you like for site branding. This name appears in the upper left by the Sassafras Software logo. Remember to click Save to the left to apply your name choice. Browser caching can create refresh issues, so keep that in mind if you're not seeing your change apply as expected.
There are also two options for controlling the login window behavior and retention of login sessions.
The first option on this pane is for setting the Primary Map for the Maps section as well as the functions mentioned in the setting option. This allows you to override the Default Map Tab.
Next, you can drag and drop a PNG format Logo for use on your Map Floorplans. This will appear in the Models library when editing a Floorplan.
By default, we use Open Street Maps for the geographic display on Map Tabs, but you can use Google Maps if you like. Simply obtain a Google Maps API Key (costs may apply) and insert it in this field. Alternately, if you choose to use GIS software to create a custom Tile Layer for Open Street Maps, you can point to your tile server to customize your Maps display.
If you use PaperCut in your environment, you can add configuration to pull devices (Printers and virtual Queues) from that service into KeyServer. The fields are well commented, and this is also configurable in KeyConfigure in General Settings. Note that currently only a single PaperCut server is supported, but you may use IPP in your Printer Details to query individual printers.
Compatibility Notice: - PaperCut version 18.3 and higher are fully supported with the settings documented here. Prior to 18.3 we are unable to automatically update the printer status as a key identifier is missing from the printer export. If you manually populate this value in each printer record, then status can be updated. We do not support any version prior to 17 as the needed API does not exist.
Click here for instructions for manually setting IDs to fetch status updates.
In order for KeyServer to update the Status of a Printer we need the Service ID of that device. Prior to PaperCut 18.3 it is not possible to retrieve that programmatically, so it would need to be set individually per device. For each printer imported from PaperCut, you will need to do the following:
Click here for details on required PaperCut permissions.
The account used for pulling printers from PaperCut needs to have certain permissions, but does not need to be a full admin. Configure the account you wish to use in PaperCut under Options -> Admin Rights -> Edit the account in question.
Ensure the account has these permissions:
Access Dashboard
Access printers section
Access devices and site sections
Access reports section
Access Central Reports
Click here to see instructions on how to find the token.
Log in to your PaperCut server and click on Options
Click in the upper right on the Actions button and choose Config Editor (advanced) from the drop down menu
In the search field enter auth.webservices.auth-token and click the green arrow.
If there is no Value for the auth-token, type one in (make sure it's secure) and click Update. Copy the Value for the token into the configuration field in KeyServer and Save the settings.
Note that you can only set the update frequency in General Settings in KeyConfigure. By default status will be updated every 5 minutes.
Click here for notes on PaperCut Security
There are a couple security items worth noting so they are not overlooked. These are the Allowed admin IP addresses and the auth.webservices.allowed-addresses options.
- Under an admin login, go to Options -> Advanced and scroll down to the Security section. In the field for Allowed admin IP addresses ensure you have the IP address of the KeyServer in addition to whatever other IPs may be needed in your environment normally.
- Under Options -> Actions -> Config Editor search for webservices.
In the auth.webservices.allowed-addresses field ensure the IP of the Keyserver is added if it's not set to the default unrestricted (*) value.
You can also see this under Options -> Advanced -> Security in the Allowed XML Web Services field:
These settings are for managing the communication with the Sassafras Software Product Recognition Service. You can control the time of day these checks occur, perform an immediate contact (handy when trying to get new inventory recognized ASAP, and customize other settings.
See also PRS Settings
This section allows customization of client and product audits. Client audit frequency is defaulted to 2 weeks, but many sites upon consideration of traffic impact set this to daily for expedient updates of client inventory changes. Once a PRS check (see above) completes relative to a client audit, a Product audit normalizes install counts into our standard definitions and families. You can use the Now button to do this on demand when expediting a new image audit for example.
See also Audit Settings
While infrequently used in an age when server infrastructure is virtual and means you have full VSS level backups, we still provide a traditional file level backup of all local database files.
See also Backups
An important part of server service administration is alerting, and in order for scheduled report emails to be sent we need mail settings. Use this section to define when and to whom system alerts and dail status emails are sent, and how email should be relayed.
See also E-Mail Settings
Manage the global server alarm settings for disk space and server license consumption thresholds. See also Alerts.
This section allows configuration of authentication against a directory system or other service for KeyConfigure and Web UI logins. You can choose from a wide selection of Authentication Modules depending on the server platform you are running on. For example, Active Directory is only available when running the server on Windows. Each module has unique settings, but some options are global.
You can decide if Guest browsing should be enabled or if authentication is required to access the Web UI. The External Groups section allows quick and simple mapping of various directory system groups to various default roles. Options include:
- Manager Account - Full administrator rights
- Support Account - Lower permissions appropriate for middle tier IT staff
- Staff Account - Limited permissions appropriate for technical employees outside of IT
- Community Account - Guest level access
- Create Accounts as Needed - This will make accounts in the server and grant them any roles based on external group reference (see Accounts above for more on that aspect). Otherwise they can be manually assigned roles in KeyConfigure after they get created on first login attempt (which will be denied).
- Determine Access on Demand - This will resolve any group membership against roles configured in KeyConfigure and grant access without making a local account in the server.
- Disallow Login - Do not allow the account to log in
You can then choose how to handle Unknown External Logins. This means any account for which there is no simple preset mapping in these options, and no manually created account in Admin Access. Generally you would either Disallow these attempts, or map them to Community so it's the same as if they were a Guest. You can however set this to Create as needed or Determine on demand and use specific Roles pointed to designated external groups to create more complex login assignments.
See also Admin Authentication and Auth Modules
The main use of client authentication is to enable automatic allocation of computers into Divisions based on directory organization (e.g. replicate OU mapping in AD). Note we do not replicate the entire AD, individual changes are made when a client contacts the server as relates to the division that computer is in. While it can be used to force authentication to the server to get a client session, that is exceedingly rare.
See also Client Authentication
This page allows you to very easily fetch the latest client installers from Sassafras Software and enable them for client self updates. It will show a green dot in the navigation when updates are available, and you can click Apply to fetch them and activate the update settings.
Ensure you click Save in the main settings list to actually save the configuration changes.
See also Client Self Updates
Determining how to identify computers is a critical part of initial setup. In recent time Computer Name is the most popular choice as it allows for easily swapping out systems in lab spaces. If names are the same, new computer replace old computer in place in the software. However, you lose the ability to have full lifecycle tracking that way. Serial number can be a good alternative for unique tracking, but some times obscure hardware does not provide the serial very well. MAC address was the old standard, but in recent years external network interfaces has made this problematic as that identifier is now unreliable to be present. The decision of what you use should be well considered before initial client deployment. Note there are further considerations if you have "thin client" services. Changing these on an established server can have notable considerations and you are encouraged to proceed with caution and consult with Sassafras Software Support for assistance.
See also Computer ID Types
On this page you can set default values for various fields used in the Details of Computers, Devices, and Purchases. See Custom Columns and Custom Values pages for full details on defining custom fields, device types, and lifecycle stages.
In the event of troubleshooting, this section is used to elevate logging levels to assist with diagnostics. The logs are written to the diagnostic.log file in the KeyServer Data Folder on the server. Note that no granular item can record at a higher level than the general setting.
See also Log File Management
Configure the various global settings for Policy Idle Times.
See also the Privacy, Idle, and Misc sections of General Settings
This section allows you to customize the various settings for the Sassafras Server Web UI Service (formerly known as KeyReporter).
See also Web Service Settings
Allows for adding custom software license files (vendor provided) and configuration files (Sassafras provided) to the server. Traditionally RDP access to the host server was needed for these additions.
See various information about your server including version, license data, and server platform. Also shows a detailed list of file/folder sizes in the server data folder.
Account Settings
If you click your user name in the upper right of the Header Bar and choose Edit Account, you will find a couple account options. Note the Edit Account option only shows if you are using an account of sufficient privilege, but NOT the root Administrator.
You can change your Email address, which will find an associated Gravatar icon for the Account menu. This is purely cosmetic.
If you are logged in by https, you will be able to change your Password, assuming this is an internal account with sufficient rights (passwords from external authentication sources like AD can not be changed through our software).
Notes can be used to store anything you like.
Show Basic User Interface will cause the Side Bar to not show expanding menu items, such as various Dashboards when that header item is chosen and the report builder items. Note that having full admin rights overrides this having an effect.
The Get Access Token button is used for external authentication methods that can use a token instead of username/password pairs. This can be useful for service account access like API calls. Added in 7.8.0.4, the token is good for 3 years when generated as of 7.8.0.7.