Documentation > Administration > Settings

Settings Guide

Section-by-section reference for the Settings page. Each section documents what the controls do, where they're stored, and which permission gates them.

Email / SMTP

SMTP relay used for password-reset emails, alert notifications (Pro+), and report delivery (Pro+). Reads / writes email.smtp.* in /etc/sysmanage.yaml. Test-send button validates credentials before saving.

OpenTelemetry (Pro+)

Default OTEL backend endpoint (OTLP HTTP / gRPC / Prometheus remote-write), default sampling rate, default exporter TLS settings. Per-host overrides happen on the host's Deploy OpenTelemetry dialog. Permission: Deploy OpenTelemetry.

Graylog (Pro+)

Graylog input URL, port, TLS CA, and default sources to forward (syslog / journald / log file globs). Per-host attach happens via the host's Connect to Graylog action. Permission: Enable Graylog Integration.

Grafana (Pro+)

Grafana base URL + admin token. The engine auto-provisions the SysManage Postgres datasource and the starter dashboard pack on connect. See the Grafana setup guide. Permission: Enable Grafana Integration.

Antivirus Defaults (Pro+)

Default AV product per platform, default scan schedule (daily / weekly / monthly + time-of-day), definition-update cadence. Used as starting values when creating a new AV deployment policy. Permission: Manage Antivirus Defaults. See Antivirus management.

Firewall Defaults (Pro+)

Default firewall roles available for assignment, default policy templates per platform (UFW / firewalld / pf / npf / Windows / macOS), and rule conflict-detection sensitivity. Permissions: Add Firewall Role, Edit Firewall Role, Delete Firewall Role, Edit Firewall Ports.

Branding (Pro+)

Replace the default SysManage logo + report header / footer for white-label deployments. Logos are uploaded as PNG / SVG; report templates are HTML+CSS that the reporting engine substitutes per generated report.

Auto-Approve Tokens

UUID tokens that, when included in a host's first registration, bypass manual approval. Created automatically when a child host is provisioned with auto-approve enabled. List + revoke from this tab. Tokens are single-use: cleared from the database the moment the matching agent registers.

Access Groups (Pro+)

Group-based RBAC scoping. Each access group lists which hosts the members can see and act on. Pair with security roles (RBAC) for the per-permission gating. Default access group lets any user in it auto-approve registrations matching its scope.

Registration Keys

Pre-shared keys an unattended-install agent can present at registration in lieu of an approval click. Useful for OS images that bake the agent in: the registration-key value goes in the agent's /etc/sysmanage-agent.yaml and matches against this list.

Upgrade Profiles (Pro+)

Named software-update policies: which packages to auto-apply, which to defer, blackout windows, max-concurrency. Assigned to fleet groups so a "production" profile can be more conservative than "staging".

Package Compliance Lists (Pro+)

Allowlist / blocklist of packages. Hosts with a blocklisted package present (or required-allowlist package missing) appear in the Compliance Engine's non-compliant report. Configurable per fleet group.

Security Roles (RBAC)

Permission catalog: every action in the UI is gated by a named permission (e.g. Reboot Host, Create Child Host). Roles are sets of permissions; users get one or more roles. See the RBAC reference for the full permission list.