Settings Page

5 minute read Last updated on January 22, 2026

Use this page to configure settings for the current tenant, including tenant vault management options. See the following illustration:

When logging in with a Tenant Owner account or an account with the License Plan Management permission, the Authentication Method setting is displayed.

Settings Page With Authentication Method

Your configuration options are contained in the following sections of the page:

Tenant

An authorized tenant member (any member with the License Plan Management permission) can use this section to modify the tenant name.

Name - When you first create a tenant, a default tenant name appears here. Specify a descriptive name for the tenant.

Authentication Method

An authorized tenant member (any member with the License Plan Management permission) can use this section to modify the authentication method of tenant.

The tenant can be configured with two authentication methods: Microsoft Entra ID and Marketplace. The default authentication method is Marketplace Single Sign-On.

Microsoft Entra ID Authentication Method

If an authorized tenant member (any member with the License Plan Management permission) choose method authentication is Microsoft Entra ID setting page will appear more information.

Fill in the Microsoft Entra ID Authentication Method setting in three input fields:

Login URL - The sign‑in URL generated by the Microsoft Entra ID Enterprise Application.
Microsoft Identifier ID - The unique identifier (Entity ID) of the Microsoft Entra ID Enterprise Application.
Certificate - A Base64‑encoded X.509 certificate file downloaded from the Microsoft Entra ID Enterprise Application.

These values are provided by the Microsoft Entra ID Enterprise Application that is configured to authenticate the Microsoft Entra ID tenant with the Shield Guard tenant.

Enter the Shield Guard SSO values in your Microsoft Entra ID Enterprise App (Single sign-on):

Shield Guard Entity ID - The unique identifier of the Shield Guard SAML Service Provider.
Shield Guard ACS URL - The Assertion Consumer Service (ACS) URL used by Shield Guard to receive SAML responses.
Shield Guard Logout URL - The URL used by Shield Guard to handle Single Logout (SLO) requests.

To complete this configuration, users must follow the Microsoft Entra ID Authentication Method Setup Guide instructions provided in the Shield Guard Online Help documentation.

Note: Tenant Conditions for Configuring Microsoft Entra ID Authentication

During the initial setup, the Shield Guard user must be a Marketplace account holder with either the Tenant Owner or Tenant Admin role, and must have license management permissions. Additionally, the Marketplace account used to log into Shield Guard for this configuration must be associated with an email that already has an Entra ID account.
The authentication method can only be configured once during the initial setup. It cannot be modified later, and only other configuration details within the settings can be updated.
Updating the configuration settings also requires the Marketplace user to have either license management permissions or be a Tenant Owner.

Sync Tenant With Microsoft Entra ID

After completing the configuration of Microsoft Entra ID as the authentication method and successfully saving the settings, the system will display the settings for synchronizing tenant user data with Microsoft Entra ID. The user must configure these settings to complete the registration of Microsoft Entra ID authentication for the tenant.

This settings section provides two main functions:

Synchronize tenant users with Microsoft Entra ID accounts assigned to the App Registration, allowing users authenticated via Microsoft Entra ID to access and manage the tenant.
Store API authentication configurations to support retrieving user information from Microsoft Entra ID for Shield Guard functionalities, and configure automatic synchronization to add new tenant users from Microsoft Entra ID (users who are newly assigned to the Microsoft Entra ID Enterprise App for the Shield Guard tenant and have not yet been added to the tenant) at scheduled intervals.

Fill in the Entra ID settings in three input fields:

Client ID - The Application (client) ID of the App Registration in Microsoft Entra ID.
Tenant ID - The Directory (tenant) ID of your Microsoft Entra ID tenant.
Secret ID - The client secret generated for the App Registration.
Secret ID Expired Date - The expiration date of the corresponding client secret.
Permissions - Defines the user permission roles assigned to new users automatically synchronized from Microsoft Entra ID to the Shield Guard tenant.
Frequency - Specifies the scheduled interval for automatically synchronizing newly added users from Microsoft Entra ID to the Shield Guard tenant.

To complete this configuration, users must follow the Sync Tenant With Microsoft Entra ID Setup Guide instructions provided in the Shield Guard Online Help documentation.

Policy and Device Status Notifications

To send email notifications to your MarketPlace email address regarding policy and device status, place a check the box. Otherwise, leave the box blank.

Shield Guard sends notifications when a device status changes to “Not Secure,” “Offline,” or “Not Assessed.”

Tenant Vault Key Management

An authorized tenant member (any member with the License Plan Management permission) can use this section to select a tenant vault key management option for the tenant. The default setting is Decentralized Key Management.

Note: The Tenant Vault Key Management setting applies to the tenant as a whole. It is distinct from the “tenant member vault key management method”, which refers to the vault key management method that must be applied to each individual password vault.

See the following illustration:

Decentralized Key Management - Require users connecting to this tenant to use Decentralized Key Management. If you select this option, tenant members are restricted to the Decentralized method.
Decentralized Key Management or Centralized Key Management - Allow users to choose their vault management method. Users have the option to select either Decentralized or Centralized key management.

Note: If you change the Tenant Vault Key Management selection to Decentralized Key Management, any tenant members or pending members who use the Centralized method will be restricted from the tenant. Tenant members using the Decentralized method at the time of the change can continue to use their current vault and key.

Shield Guard sends an email with this information to each restricted member, and also posts a banner in each tenant member’s portal indicating they are currently restricted from the tenant. The banner includes a link to the My Profile page, where the Modify My Vault Key Management window appears and the tenant member can change their vault management method to Decentralized and create a vault master key.