# General ## AppConfig:ActiveDirectory:Keytab *Linux: AppConfig\_\_ActiveDirectory\_\_Keytab* **Value:** Output from New-SCEPmanADPrincipal **Description:** The encoded Kerberos keytab of the service principal created by New-SCEPmanADPrincipal. The keytab is encrypted using the public key of SCEPmans CA certificate which allows for a secure transfer of this information. Technically, the encryption is a PKCS#7 encrypted to the CA certificate's private key. While the keytab itself is sensitive information, this encypted value can only be decrypted by the CA certificate and SCEPman holds the keytab only in memory, so it requires no special security precautions like configuring this value in a Key Vault secret instead of an environment variable. ## AppConfig:ActiveDirectory:GroupFilter *Linux: AppConfig\_\_ActiveDirectory\_\_GroupFilter* **Value:** Comma-separated list of AD groups specified by their SID **Description:** This setting allows to limit the usage of the endpoint to members of the specified Active Directory groups. ## AppConfig:ActiveDirectory:RenewalThresholdPercentage *Linux: AppConfig\_\_ActiveDirectory\_\_RenewalThresholdPercentage* **Value:** Floating point number of the percentage. Default is 0.2 (20%) **Description:** If the remaining validity of a certificate falls below this percentage of the total certificate validity, a renewal should be triggered on the client side. ## AppConfig:ActiveDirectory:BaseUrl *Linux: AppConfig\_\_ActiveDirectory\_\_BaseUrl* **Value:** **Description:** This defines the base URL of the Active Directory endpoint that will be displayed on the SCEPman homepage and will be returned in the policies requested by your clients. Defaults to AppConfig:BaseUrl {% hint style="info" %} This setting should only be set if you require your Active Directory endpoint to be accessed at a different URL than SCEPman in general. {% endhint %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.scepman.com/scepman-configuration/application-settings/active-directory/general.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.