You can use system settings to control many aspects of EmpowerID behavior. 

To change values for any of the settings

  1. In the navigation sidebar, expand Admin, then EmpowerID Servers and Settings, and select EmpowerID System Settings.
  2. On the EmpowerID System Settings page that appears, search for the setting that you want to change and click the Edit icon to its left.

  3. In the dialog that appears, you can edit the Value and Description fields, and select whether to Encrypt Data for the setting value.

    Do NOT change the Name field for a setting. The name connects the setting value to the option within EmpowerID code, so changing it breaks the connection. 


  4. After making changes, click Save.

To add or delete a setting

  1. To delete a setting, click the Delete button to the left of the setting.

  2. To add a setting, click the Add icon above the grid.


    In the dialog that appears, provide the following values:


  3. Click Save.

System Settings

The following table provides the name, default value, and description for each system setting, as well as links to any further information about the setting.


This is a work in progress. Missing descriptions and links coming soon.


NameValueDescription
ABACEmergencyModeFALSEGlobal setting to determine of the organizations is in a crisis emergency mode
ABACHighRiskScore10000Threshold Risk Score to be used in ABAC rules
AccountInboxJoinAndProvisionFilterA.PersonID IS NULL AND A.Disabled = 0 AND A.Deleted = 0 AND A.AccountTypeID  2 AND A.AccountUsageTypeID = 1  AND LENA.FirstName  0 AND LENA.LastName  0  Filter for join and provision, only accounts matching the criteria will be included. This filter appends to the AccountInboxJoinFilter for join and to AccountInboxProvisionFilter for provision see AccountInboxing_GetJoinAndProvisionFilter for sample of how to extend
AccountInboxJoinByBirthDateFirstNameLastNameTRUEIf turned on, the join rule will try to join new discovered accounts to people, based on matches on those fields
AccountInboxJoinByCustomMatch/* -- this is a sample of how to extend the join rules with custom logic. There would be two extra rules to join by Department and City/State --uncomment the outer comment to make it active --retrieve personID by Department, first and last name UPDATE A SET A.PersonID = PJoined.PersonID, A.AttributeJoinedBy ='Department' FROM #Accounts A INNER JOIN SELECT MINP.PersonID PersonID, P.Department , P.LastName , P.FirstName FROM Person P WITH NOLOCK WHERE P.Department IS NOT NULL AND P.PersonID  3 GROUP BY P.Department, P.LastName , P.FirstName HAVING COUNT1=1 PJoined ON PJoined.Department = A.Department AND PJoined.LastName  = A.LastName AND PJoined.FirstName = A.FirstName WHERE A.PersonID IS NULL --retrieve personID by City and State, first and last name UPDATE A SET A.PersonID = PJoined.PersonID, A.AttributeJoinedBy ='City and State' FROM #Accounts A INNER JOIN SELECT MINP.PersonID PersonID, P.City ,P.State, P.LastName, P.FirstName FROM Person P WITH NOLOCK WHERE P.City IS NOT NULL AND P.State IS NOT NULL AND P.PersonID  3 GROUP BY P.City ,P.State, P.LastName , P.FirstName HAVING COUNT1=1 PJoined ON PJoined.City  = A.City AND PJoined.State  = A.State AND PJoined.LastName  = A.LastName AND PJoined.FirstName = A.FirstName WHERE A.PersonID IS NULL */Extra custom rule/s that run at the end of the join rules by executing the SQL. It has to follow the sample code 
AccountInboxJoinByEmailFirstNameLastNameTRUEIf turned on, the join rule will try to join new discovered accounts to people, based on matches on those fields
AccountInboxJoinByEmployeeIDFirstNameLastNameTRUEIf turned on, the join rule will try to join new discovered accounts to people, based on matches on those fields
AccountInboxJoinByPersonalEmailFirstNameLastNameTRUEIf turned on, the join rule will try to join new discovered accounts to people, based on matches on those fields
AccountInboxJoinFilterA.AllowJoin = 1  Filter for join, only accounts matching the criteria will be included. This filter appends to the AccountInboxJoinAndProvisionFilter see  AccountInboxing_GetJoinFilter for sample of how to extend
AccountInboxProvisionFilterA.AllowProvision = 1 AND EXISTSSELECT 1 FROM AccountStore S WHERE A.AccountStoreID = S.AccountStoreID AND S.AllowPersonProvisioning = 1  Filter for PROVISION, only accounts matching the criteria will be included. This filter appends to the AccountInboxJoinAndProvisionFilter see AccountInboxing_GetProvisionFilter for sample of how to extend
ADUserCreatePostProcessingAlertEnabledFALSEGlobal Setting to Enable or Disable ADUserCreatePostProcessingAlert
AllowSetMustChangePasswordAtNextLogonTRUEAllow Set Must Change Password At Next Logon
AllowWebApiMethodInvokeProfilingTRUE
AllowWebApiMethodInvokesWithoutCheckTRUE
API_IISAppNameAPI
ApplicationLauncherOAuthConsumerGUIDf0ade541-52d1-4f60-9201-f58e9dc8f7fb
ApplicationLauncherOAuthProviderApplicationGUID25629B1D-1585-4D19-A58F-A74D00EA30B0
ApplicationLauncherSamlConnectionID1
ApplicationLauncherServiceProviderGuid

Azure-AuthorizationRuleMyPolicy1
Azure-ClientID

Azure-ClientSecret

AzureCosmosWFDataAuthKey

AzureCosmosWFDataSerivceEndPointhttps://eidtest.documents.azure.com:443/
Azure-DataCenterLocation

AzureJobEngineDataConnectionString

AzureManticoreConnectionString
Azure Manticore Storage Container Connection String
AzureManticoreContainerNamemanticoreThe Azure container which holds the session recordings
AzureNotificationHubConnectionString
Azure Notification Hub Connection String
AzureNotificationHubName
Azure Notification Hub Name
Azure-Relayeidtest10
Azure-RelayNamespacetenantDRelay
Azure-ResourceGroupJobEngine
AzureSPOCosmosDocumentDBAuthKey

AzureSPOCosmosDocumentDBServiceEndPointUrlhttps://eidtest.documents.azure.com:443/
AzureSPOTableDBStorageDataConnectionString

Azure-SubscriptionID

Azure-TenantID

AzureWebJobDataConnectionStringDefaultEndpointsProtocol=https;AccountName=eidazurejobengine;AccountKey=kNGSID50BEmwdInwNwbOyFmzrO+M/PggUHkSU5Nb9xq/ACzFj0CWn4H5SNALMY17TKJFz7qbnVa8qojP25dVhw==;EndpointSuffix=core.windows.net
AzureWebJobHostFALSE
AzureWFDataConnectionString

BOTEnableBotFALSEEnables the EmpowerID Bot
BOTSecretSI6PAkoG9cY.cwA.lko.Ysq1FIFhEkhAcYelcIkZyaHWkm6kJr0LeiE_JiafgvASecret for the EmpowerID bot
BOTUrlhttps://webchat.botframework.com/embed/EmpowerIDBot1Url of the EmpowerID Bot
Captcha-HideAndSkipValidationGloballyForTestingFALSEHide Captcha And Skip Captcha Validation Globally For Testing
ConsumerSelfRegisterEnabledTRUEConsumer Self Registration setting to skip person registration in workflow if set to false
CoreIdentityProvisionLogic
Enter custom Core Identity provisioning logic
CountryISOAlpha2CodeUSCountry ISO Alpha 2 code used to mask phone numbers during MFA. Refer to http://www.nationsonline.org/oneworld/country_code_list.htm
DeviceRegistrationCookieExpirationInDays15Expiration days of the device registration cookie
DisableCartCommentRequiredTRUEDisableCartCommentRequired
DisableCrossPackagePublishCheckFALSE
DUOAPIHostname

DUOIntergrationKey

DUOSecretKey

EidAuthenticationPassphrase761a0e0e0330439286d0a739c7d7553b
EidAuthenticationSalt016fc391fef14cf0a11e03a7b0814e7c
EIDBrowserExtensionChromeIDompmlbphcpnjopgdoknaibgjagocjbbeID of the latest Chrome Browser Extension in the Chrome Store
EIDBrowserExtensionFFInstallPathhttp://www.empowerID.comPath to the installation location of the Firefox SSO Browser Extension
EIDBrowserExtensionIEInstallPathhttp://crossrider.com/download/ie/81138Path to the installation location of the Internet Explorer SSO Browser Extension
EIDBrowserExtensionVersion81138ID of the Browser Extension version used to build the URL for download and installation
EidCdnEnableResourceCheckCacheFALSE
EidCdnServerUrl/EmpowerIDWebCDN
EidChromeFrameIEVersion8
EidEnableLocalizationDebuggingFALSE
EidIdPSessionTimeout480IdP Portal Session Timeout in minutes
EidInstallationGUIDa32dd358-317b-4c84-bf10-a145236387c5
EidLoginAfterXFailsShowCaptcha4After x failures on the login page show the CAPTCHA
EidMaxReportResults500000Maximum number of results allowed in the email me as report feature
EidMultiFactorRetryLimit3Number of times to retry two-factor authentication before reverting to login page
EidPasswordlessLoginEnabledTRUEOption to enable/disable PasswordlessLogin option on the login page
EIDPersonExpirationNotificationDaysBefore21How many days to notify before person expires. Used by PersonExpirationNotification permanent WF
EIDPushNotificationTimeout30EmpowerID push notification and registration timeout in seconds
EmailApprovalByEmailEnabledFALSE
EmailEWSEmailProviderMailboxAccountID

EmailEWSEmailProviderMailServerURL

EmailGlobalBCCRecipient
Sends a copy of every email to the specified email address in any mode as a BCC.
EmailSmtpEmailProviderFromAddress
Default from address for all EmpowerID notifications
EmailSmtpEmailProviderMailboxAccountID
AccountID of an account that has a vaulted password to be used for authenticated send email
EmailSmtpEmailProviderMailServerdc-exch.addomain.comEmail Server used to send out EmpowerID System email messages
EmailSmtpEmailProviderUseSSLTRUEUse SSL for SMTP
EmailSmtpPortNumber25SMTP Port for TLS 
EmailSmtpUseTLSTRUEif true and EmailSmtpEmailProviderUseSSL is true, EID uses TLS to connect to the smtp server   
EmailTestModeFALSEIf true, sends all emails to a specific email address in the EmailTestModeGlobalRecipient settings.
EmailTestModeGlobalRecipient
Sends a copy of every email to the specified email address in any mode as a recipient.
EmpowerID_IISAppNameEmpowerID
EmpowerIDWebCDN_IISAppNameEmpowerIDWebCDN
EmpowerIDWebIdPForms_IISAppNameEmpowerIDWebIdPForms
EmpowerIDWebIdPSmartCard_IISAppNameEmpowerIDWebIdPSmartCard
EmpowerIDWebIdPWindows_IISAppNameEmpowerIDWebIdPWindows
EmpowerIDWebIdPWSFederation_IISAppNameEmpowerIDWebIdPWSFederation
EmpowerIDWebReports_IISAppNameEmpowerIDWebReports
EnableBulkRecertificationFALSEEnables or disables the ability to make a bulk decision for multiple recertification items
EnableCookieSecureAttributeTRUEFlag to enable/disable secure attribute on all the cookies
EnableRMQServerFALSE
EnableWorkflowRedirectUrlFALSEEnables the redirecturl functionality of workflows
EnvironmentHeaderMessage
Displays a system-wide message at the top banner
GoogleMapsAPIKeyAIzaSyAiqp4HyDyFGg6SPad8gAa-hv-eFQz7FwAAPI Key that is used with google maps
GoogleRecaptchaSiteVerifyUrlhttps://www.google.com/recaptcha/api/siteverifyVerify url for google recaptcha cannot contain a querystring
HelpLoginMenuLinkhttps://docs.empowerid.com/Link to external help
HelpMFALinkhttps://dotnetworkflow.jira.com/wiki/spaces/E2D/pages/87851239/Multifactor+AuthenticationHelp link for end user multi-factor authentication
IdPCacheRefreshInterval0The interval used to refresh the internal IdP cache for Single Sign On data. If set to ZERO, this setting is DISABLED.
IdPRuntimeCacheTimeout10CAUTION: This values should be between 1 and 525,600. The Sliding Expiration Timeout for HTTP Runtime Cache data in the EmpowerID Web IdPs in minutes
InventorySalesForceAccountFALSEsetting to verify if account object should be inventoried or not
IpInfoAccessToken
IpInfo Access Token
ITShopIManageGrpAccountModeTRUEIn IT Shop Resources I manage show the simple mode group account grid not RBAC delegation control
ITShopIManageGrpRBACSimpleModeTRUEIn IT Shop Resources I manage show the RBAC delegation control in simple mode
ITShopMyAccessShowExpiresXDays30Setting to control which expiring access shows to the user. Only access expiring in X days.
JoinToCIByBirthDateFirstNameLastNameFALSESet this value to true if you want to join Person to Core Identity by FirstName, LastName and DateOfBirth.
JoinToCIByFirstNameLastNameTRUESet this value to true if you want to join Person to Core Identity by FirstName and LastName.
JoinToCICustomMatchAttributes
Enter a comma separated list of the attributes that should be used to join Person to Core Identity.  For example: to join by DateOfBirth and SSN enter:  DateOfBirth, SocialSecurityNumber
LocaleFlagsEnabledFALSEEnables or disables displaying country flags in the locale picker
LocalePickerEnabledTRUEEnables or disables the language picker in the user interface
LocaleRecordingModeTRUETells the system to record locale keys that are being used
LocalizationDefaultLocaleen-USDefault Fallback Locale
LoginAfterXFailsShowCaptcha4After x failures on the login page show the CAPTCHA
LoginLookupAccountByPersonLogonNameToValidatePasswordTRUEAttempt to validate the password against each of the person's accounts that belong to an Account Store where pass-through authentication is enabled
LoginNameEnableGenerateTRUEEnables the Generate endpoint of the LoginName
LoginPageAccountUnlockEnabledTRUESpecifies whether or not the account unlock button is enabled on the login page
LoginPageBotEnabledTRUEEnable the chat with bot button on the login page
LoginPageConsumerSelfRegisterEnabledFALSESpecifies whether or not the self register button is enabled on the login page
LoginPageemaillostusernameEnabledTRUESpecifies whether or not mail to username is enabled on the login page
LoginPagePartnerSelfRegisterEnabledTRUESpecifies whether or no the partner self register page is enabled on the login page
LoginPagepasswordresetcenterEnabledTRUESpecifies whether or not password reset center is enabled on the login page
LoginPageRequestOathTokenEnabledTRUESpecifies whether or not request oath token is enabled on the login page
LoginPageSupplierCompanyRegistrationEnabledTRUESpecifies whether or not the Supplier Company Registration link is enabled on the login page
MaximumLoginTravelSpeed450Maximum Login Travel Speed
MessageBusSettings[{Id:8f0cade0-99d0-43f5-96e8-b0bbdc8bea7a,PluginType:Syslog,MessageEntryType:Error,ConnectionString:192.168.254.138:514,AuxiliarySettings:{Publisher:null,Subscriber:null,Topic:null}},{Id:55fb5db1-4c65-4070-9307-f038393c7f3a,PluginType:Syslog,MessageEntryType:Information,ConnectionString:192.168.254.138:514,AuxiliarySettings:{Publisher:null,Subscriber:null,Topic:null}}]
MobileClientOAuthApplicationIDA05391D2-D4B0-49F5-9D3B-A8AF009B7247EmpowerID Mobile Client OAuthProviderApplicationID
OathTokenIssuerNameEmpowerID DevName of the Oath Token Issuer
OAuth_IISAppNameOAuth
OAuthConsumerGUID91A7642F-0313-4496-9125-D4DB2782D111OAuth connection for Twilio API access
OwnerRequiredAssigneeTypeID1For Responsible Party control - OwnerRequiredAssigneeTypeID - set a value to only allow that type to be assigned - 1 Person 2 Account 3 Group 4 Business Role and Location 5 Management Role 7 Query-Based Collection
PA-BusinessRoleDetails-Custom1CustomAttribute1,CustomAttribute2,CustomAttribute3,CustomAttribute4,CustomAttribute5,CustomAttribute6,CustomAttribute7,CustomAttribute8,CustomAttribute9,CustomAttribute10Page attributes for Business Role viewone page custom attributes 1-10
PA-BusinessRoleDetails-Custom11CustomAttribute11,CustomAttribute12,CustomAttribute13,CustomAttribute14,CustomAttribute15,CustomAttribute16,CustomAttribute17,CustomAttribute18,CustomAttribute19,CustomAttribute20Page attributes for Business Role viewone page custom attributes 11-20
PA-BusinessRoleDetails-Extension1ExtensionAttribute1,ExtensionAttribute2,ExtensionAttribute3,ExtensionAttribute4,ExtensionAttribute5,ExtensionAttribute6,ExtensionAttribute7,ExtensionAttribute8,ExtensionAttribute9,ExtensionAttribute10Page attributes for Business Role viewone page extension attributes 1-10
PA-BusinessRoleDetails-Extension11ExtensionAttribute11,ExtensionAttribute12,ExtensionAttribute13,ExtensionAttribute14,ExtensionAttribute15,ExtensionAttribute16,ExtensionAttribute17,ExtensionAttribute18,ExtensionAttribute19,ExtensionAttribute20Page attributes Business Role viewone page extension attributes 11-20
PA-BusinessRoleLocationDetails-Custom1CustomAttribute1,CustomAttribute2,CustomAttribute3,CustomAttribute4,CustomAttribute5,CustomAttribute6,CustomAttribute7,CustomAttribute8,CustomAttribute9,CustomAttribute10Page attributes for Business Role Location viewone page custom attributes 1-10
PA-BusinessRoleLocationDetails-Custom11CustomAttribute11,CustomAttribute12,CustomAttribute13,CustomAttribute14,CustomAttribute15,CustomAttribute16,CustomAttribute17,CustomAttribute18,CustomAttribute19,CustomAttribute20Page attributes for Business Role Location viewone page custom attributes 11-20
PA-BusinessRoleLocationDetails-ExtensionExtensionAttribute1,ExtensionAttribute2,ExtensionAttribute3,ExtensionAttribute4,ExtensionAttribute5,ExtensionAttribute6,ExtensionAttribute7,ExtensionAttribute8,ExtensionAttribute9,ExtensionAttribute10,ExtensionAttribute11,ExtensionAttribute12,ExtensionAttribute13,ExtensionAttribute14,ExtensionAttribute15Page attributes for Business Role Location viewone page extension attributes 1-15
Page-PersonDetails-ManageTab-ShowRow1TRUEPage-PersonDetails-ShowRow1 to show the first row of attributes
Page-PersonDetails-ManageTab-ShowRow2FALSEPage-PersonDetails-ShowRow2 to show the 2nd row of attributes
Page-PersonDetails-ManageTab-ShowRow3TRUEPage-PersonDetails-ShowRow3 to show the 3rd row of attributes
Page-PersonDetails-ManageTab-ShowRow4TRUEPage-PersonDetails-ShowRow4 to show the 4th row of attributes
PA-GroupDetails-Custom1CustomAttribute1,CustomAttribute2,CustomAttribute3,CustomAttribute4,CustomAttribute5,CustomAttribute6,CustomAttribute7,CustomAttribute8,CustomAttribute9,CustomAttribute10Page attributes for Group Viewone Custom attributes 1-10
PA-GroupDetails-Custom11CustomAttribute11,CustomAttribute12,CustomAttribute13,CustomAttribute14,CustomAttribute15,CustomAttribute16,CustomAttribute17,CustomAttribute18,CustomAttribute19,CustomAttribute20Page attributes for Group Viewone Custom attributes 11-20
PA-GroupDetails-Extension1ExtensionAttribute1,ExtensionAttribute2,ExtensionAttribute3,ExtensionAttribute4,ExtensionAttribute5,ExtensionAttribute6,ExtensionAttribute7,ExtensionAttribute8,ExtensionAttribute9,ExtensionAttribute10Page attributes for Group Viewone extension attributes 1-10
PA-GroupDetails-Extension11ExtensionAttribute11,ExtensionAttribute12,ExtensionAttribute13,ExtensionAttribute14,ExtensionAttribute15,ExtensionAttribute16,ExtensionAttribute17,ExtensionAttribute18,ExtensionAttribute19,ExtensionAttribute20Page attributes for Group Viewone extension attributes 11-20
PA-LocationDetails-Custom1CustomAttribute1,CustomAttribute2,CustomAttribute3,CustomAttribute4,CustomAttribute5,CustomAttribute6,CustomAttribute7,CustomAttribute8,CustomAttribute9,CustomAttribute10Location viewone page attributes custom attributes 1-10
PA-LocationDetails-Custom11CustomAttribute11,CustomAttribute12,CustomAttribute13,CustomAttribute14,CustomAttribute15,CustomAttribute16,CustomAttribute17,CustomAttribute18,CustomAttribute19,CustomAttribute20Location viewone page attributes custom attributes 11-20
PA-LocationDetails-Extension1ExtensionAttribute1,ExtensionAttribute2,ExtensionAttribute3,ExtensionAttribute4,ExtensionAttribute5,ExtensionAttribute6,ExtensionAttribute7,ExtensionAttribute8,ExtensionAttribute9,ExtensionAttribute10Location viewone page attributes extension attribute 1-10
PA-LocationDetails-Extension11ExtensionAttribute11,ExtensionAttribute12,ExtensionAttribute13,ExtensionAttribute14,ExtensionAttribute15,ExtensionAttribute16,ExtensionAttribute17,ExtensionAttribute18,ExtensionAttribute19,ExtensionAttribute20Location viewone page attributes extension attributes 11-20
PA-ManagementRoleDetails-Extension1ExtensionAttribute1,ExtensionAttribute2,ExtensionAttribute3,ExtensionAttribute4,ExtensionAttribute5,ExtensionAttribute6,ExtensionAttribute7,ExtensionAttribute8,ExtensionAttribute9,ExtensionAttribute10Management role viewone page attributes extension attributes 1-10
PA-ManagementRoleDetails-Extension11ExtensionAttribute11,ExtensionAttribute12,ExtensionAttribute13,ExtensionAttribute14,ExtensionAttribute15,ExtensionAttribute16,ExtensionAttribute17,ExtensionAttribute18,ExtensionAttribute19,ExtensionAttribute20Management Role viewone page attributes extension attributes 11-20
PAMMFAEnabledTRUEEnable or disable Multi-Factor Authentication options for Privileged Access Management
PAMOtherAccessOptionsEnabledFALSEHides or shows other access request methods - like Request Elevation to local admin or a temp local admin account
PA-PersonDetails-Activity-AdvancedValidFrom,ValidUntil,PersonOrganizationStatusFriendlyName,TerminationBusinessProcessTaskID,AllowLoginOnlyUsingOwnedAccount,PasswordManagerPolicyID,ProfileManagerLastUpdated,AgreementVersion,RiskFactorTotal,RiskFactorLastCalculated,PersonUsageTypeFriendlyName,IsPrivPersonForPersonID,CreatedDate,ModifiedDatePA-PersonDetails-Activity-Advanced
PA-PersonDetails-Activity-GeneralActive,LockedUntil,Login,LastLoginDate,PersonPasswordExpirationDate,LastPasswordChangedDate,MustChangePasswordOnNextLogin,PersonEnrolled,LastEnrollmentTime,IsOutOfOfficePA-PersonDetails-Activity-General
PA-PersonDetails-AdvancedActive,LockedUntil,PersonProofingStatusFriendlyName,ValidFrom,ValidUntil,ValidUntilExtended,PersonOrganizationStatusFriendlyName,TerminationBusinessProcessTaskID,AllowLoginOnlyUsingOwnedAccount,AllowAttributeSync,AllowPasswordOperations,PasswordManagerPolicyID,PasswordManagerLockedUntil,ProfileManagerLastUpdated,AgreementVersion,RiskFactorTotal,RiskFactorLastCalculated,PersonID,CreatedDate,ModifiedDate,ResourceID,PreviousPersonManagerID,FuturePersonManagerID,GeneratedFromAccountIDPA-PersonDetails-Advanced
PA-PersonDetails-ContactTelephone,MobilePhone,Fax,Email,PersonalEmail,AddressPA-PersonDetails-Contact
PA-PersonDetails-Extension1ExtensionAttribute1,ExtensionAttribute2,ExtensionAttribute3,ExtensionAttribute4,ExtensionAttribute5,ExtensionAttribute6,ExtensionAttribute7,ExtensionAttribute8,ExtensionAttribute9,ExtensionAttribute10PA-PersonDetails-Extension1
PA-PersonDetails-Extension11ExtensionAttribute11,ExtensionAttribute12,ExtensionAttribute13,ExtensionAttribute14,ExtensionAttribute15,ExtensionAttribute16,ExtensionAttribute17,ExtensionAttribute18,ExtensionAttribute19,ExtensionAttribute20PA-PersonDetails-Extension11
PA-PersonDetails-GeneralLogin,LocaleFriendlyName,DefaultHomePage,AboutMe,Notes,LastLoginDate,PersonPasswordExpirationDate,LastPasswordChangedDate,MustChangePasswordOnNextLogin,PersonEnrolled,LastEnrollmentTime,IsOutOfOffice,MiddleName,SecondLastName,BirthName,PersonalTitle,IsExternal,EmployeeID,EmployeeIDOther,JobCodePA-PersonDetails-General
PA-PersonDetails-LegalEntityLegalEntityCountryName,BranchName,BranchLocationPOID,BranchLocationCityKey,DivisionShortName,ContractTypeName,UnitShortNamePage attributes for view one person details page manage tab
PA-PersonDetails-PositionInfoMainPosition,PositionCity,PositionCountry,PositionUnitKey,PositionUnitName,Assistant,TitleShortName,TWCodeShortName,TWCodeName,TWCodeGroupPage attributes for person details page manage tab 
PA-PersonDetails-Report-AuthenticationRequireSecondFactor,LoginRequireDeviceRegistration,AllowLoginOnlyUsingOwnedAccount,AllowAttributeSync,AllowPasswordOperations,PasswordManagerPolicyID,AgreementVersionPA-PersonDetails-Report-Authentication
PA-PersonDetails-Report-GeneralActive,LockedUntil,ValidFrom,ValidUntil,PersonOrganizationStatusFriendlyName,TerminationBusinessProcessTaskID,ProfileManagerLastUpdated,RiskFactorTotal,RiskFactorLastCalculated,IsPrivPersonForPersonID,PersonID,CreatedDate,ModifiedDate,ResourceIDPA-PersonDetails-Report-General
PA-PersonDetails-WorkTitle,Department,Office,Company,LocationPA-PersonDetails-Work
PA-RecertAttestationPersonDirectDetails-ContactEmail,Telephone,MobilePhone,Fax,PersonalEmail,AddressPA-RecertAttestationPersonDirectDetails-Contact
PA-RecertAttestationPersonDirectDetails-WorkTitle,Department,Office,Company,Location,OrgRoleOrgZoneFriendlyNamePA-RecertAttestationPersonDirectDetails-Work
PA-ViewSelf-ActivityHistory-AdvancedValidFrom,ValidUntil,PersonOrganizationStatusFriendlyName,TerminationBusinessProcessTaskID,LoginRequireDeviceRegistration,RequireSecondFactor,AllowLoginOnlyUsingOwnedAccount,PasswordManagerPolicyID,ProfileManagerLastUpdated,AgreementVersion,RiskFactorTotal,RiskFactorLastCalculated,IsPrivPersonForPersonID,CreatedDate,ModifiedDateView self page activity history tab advanced section attributes
PA-ViewSelf-AdvancedActive,LockedUntil,ValidFrom,ValidUntilLocalTime,PersonOrganizationStatusFriendlyName,TerminationBusinessProcessTaskID,AllowLoginOnlyUsingOwnedAccount,AllowAttributeSync,AllowPasswordOperations,PasswordManagerPolicyID,PasswordManagerLockedUntil,ProfileManagerLastUpdated,AgreementVersion,RiskFactorTotal,RiskFactorLastCalculated,IsPrivPersonForPersonID,PersonID,CreatedDate,ModifiedDate,ResourceIDView self Report tab advanced section attributes
PA-ViewSelf-AuthenticationRequireSecondFactor,LoginRequireDeviceRegistration,AllowLoginOnlyUsingOwnedAccount,AllowAttributeSync,AllowPasswordOperations,PasswordManagerPolicyID,AgreementVersionView self page report tab authentication attributes
PA-ViewSelf-ContactTelephone,MobilePhone,Fax,Email,PersonalEmail,AddressViewself contact section attributes
PA-ViewSelf-Extension1ExtensionAttribute1,ExtensionAttribute2,ExtensionAttribute3,ExtensionAttribute4,ExtensionAttribute5,ExtensionAttribute6,ExtensionAttribute7,ExtensionAttribute8,ExtensionAttribute9,ExtensionAttribute10View self page report tab extension attributes 1-11
PA-ViewSelf-Extension11ExtensionAttribute11,ExtensionAttribute12,ExtensionAttribute13,ExtensionAttribute14,ExtensionAttribute15,ExtensionAttribute16,ExtensionAttribute17,ExtensionAttribute18,ExtensionAttribute19,ExtensionAttribute20View self page report tab extension attributes 11-20
PA-ViewSelf-GeneralActive,LockedUntil,Login,LastLoginDate,PersonPasswordExpirationDate,LastPasswordChangedDate,MustChangePasswordOnNextLogin,PersonEnrolled,LastEnrollmentTime,IsOutOfOfficeView self page activity tab general section attributes
PA-ViewSelf-WorkTitle,Department,Office,Company,Location,PersonManagerNameView self work section attributes
PreferredCountryus,de,chEnter the country short codes one after the other in the above format to set them as the preferred countries to show at the top of the drop-down list in the International Telephone Input field.
PSMAWSBucketName
Privileged Session Manager Amazon AWS S3 bucket to store recordings
PSMAWSRegionEndpoint
Privileged Session Manager Amazon AWS region for S3 bucket to store recordings
PSMAzureBucketNameRecordingsPrivileged Session Manager Azure bucket name to store recordings
PSMClientKeybcb5909d-a600-413c-a9a3-406afa551307Privileged Session Manager OAuth Client API key for ClickOnce client
PSMClientURLhttps://rdp.empowersso.com/startURL for Privileged Session Manager clickonce client Manticore  https://s3.amazonaws.com/manticoredevrick/SecureAccessGateway.applicationhttps://54.146.165.121/myrtille
PSMClientURLDefaulthttps://gatewayprod.empoweriam.comGateway PROD RDP Manticore v2.0
PSMEnabledTRUEDetermines whether the Privileged Session Manager RDP proxy is enabled in the user interface for this installation
PSMOAuthConsumerGUID3a2a8bc2-7d90-4930-a589-3a061ae234cbPrivileged Session Manager RDP client OAuth credentials for Amazon AWS account for storing recordings
PSMRecordKeyStrokesTRUEDetermines whether recordings are captured for the privileged session manager
PSMStorageModeAZUREDetermines whether recordings are stored on AWS, AZURE, or in a UNC network folder location.
PSMUNCStorageLocation
When PSMStorageMode is set to UNC, the UNC path to a network folder for storage of recordings
PublishToAzureConnectionString

PublishToStorage

PublishToTFSLocalPath

PublishToTFSPath

PublishToTFSURL

PublishToUNC

ReCaptchaAuthConsumerGUIDd68cbddb-a2a8-4de3-8daf-f1ff7f999134Google API key and secret for Recaptcha
Recertification-AllowSelectSuggestedRoleFALSEAllow selection of a suggested Business Role and Location when revoking a recertification
Recertification-AutoProcessBusinessRoleAndLocationRevocationsTRUEEnable auto delete business Role and Location re-certification revocations
Recertification-EnableConditionalApprovalFALSEEnables the decision button for conditional approval where a time constraint must be selected
Recertification-ShowCertifierPhotoTRUEShows or hides the current certifier photo on the Manager review screen
RemoveDiacriticsForEmailAndAliasFALSE
RemoveDiacriticsForEmailAndAlias_ReplaceEszettFALSE
RestrictCountriesad, ae, af, ag, ai, al, am, an, ao, aq, ar, as, at, au, aw, ax, az, ba, bb, bd, be, bf, bg, bh, bi, bj, bl, bm, bn, bo, br, bs, bt, bv, bw, by, bz, ca, cc, cd, cf, cg, ch, ci, ck, cl, cm, cn, co, cr, cu, cv, cx, cy, cz, de, dj, dk, dm, do, dz, ec, ee, eg, eh, er, es, et, fi, fj, fk, fm, fo, fr, ga, gb, gd, ge, gf, gg, gh, gi, gl, gm, gn, gp, gq, gr, gs, gt, gu, gw, gy, hk, hm, hn, hr, ht, hu, id, ie, il, im, in, io, iq, ir, is, it, je, jm, jo, jp, ke, kg, kh, ki, km, kn, kp, kr, kw, ky, kz, la, lb, lc, li, lk, lr, ls, lt, lu, lv, ly, ma, mc, md, me, mf, mg, mh, mk, ml, mm, mn, mo, mp, mq, mr, ms, mt, mu, mv, mw, mx, my, mz, na, nc, ne, nf, ng, ni, nl, no, np, nr, nu, nz, om, pa, pe, pf, pg, ph, pk, pl, pm, pn, pr, ps, pt, pw, py, qa, re, ro, rs, ru, rw, sa, sb, sc, sd, se, sg, sh, si, sj, sk, sl, sm, sn, so, sr, ss, st, sv, sy, sz, tc, td, tf, tg, th, tj, tk, tl, tm, tn, to, tr, tt, tv, tw, tz, ua, ug, um, us, uy, uz, va, vc, ve, vg, vi, vn, vu, wf, ws, ye, yt, za, zm, zwRepresents the array of countries that are allowed to show up in the International Telephone Input field. Remove the countries you don't want on the drop-down list.
RMQAssemblyTypeTheDotNetFactory.Framework.RMQueue.RabbitMQ.dll
RMQConnectionString

RunEmpowerIDJobAsyncTRUE
RunWorkflowLocallyTRUEGlobal setting to determine if workflow should run in UI w3p 
SignUpInitialCountrychThe Initial country for the Telephone input field in the sign up page. The value needs to be two letter short for the country according to the TelInput index eg. Central African Republic - cf | Chile - cl | Cambodia - kh
SyncOffice365LicenseFALSEOptionally synch O365 to ExtensionAttribute23 of the account
TaskRenotificationEmailIsBulkFALSEIf set to true and when no custom email template exists, default task re-notification bulk email will be sent in bulk
TerminatePersonAdvancedInitiator2PersonID for initiator of the TerminatePersonAdvance workflow which is called by a permanent workflow for people whose ValidUntil has expired.
TwilioFromPhone1.61E+10The from phone number used in twilio communications
TwilioMessagingServiceID
ID of the messaging service being used to send SMS//MG0d8f5224acb980fd5ac52054f9ced3a1
TwilioOTPAppNameTwilioThe name of the Twilio OAuth Application whose credentials are being used to send SMS and Voice messages
TwilioProviderAssemblyQualifiedNameTheDotNetFactory.Framework.Api.Operations.Services.TwilioDirectProvider, TheDotNetFactory.Framework.Api.Operations, Version=0.0.0.0The provider that will handle sending twilio communications
TwilioRemoteProviderHosthttp://localhost:13943/api/twilioIf using the remote twilio provider, this is the url that is used to connect to the remote provider
UseTwilioMessagingServiceFALSETo use Twilio Messaging service to send SMS and Voice, set to True.
WebCdnPathc:\source\EID\2014HF\Root\UI\Web Sites\EmpowerID.Web\EmpowerID.Web.Cdn
WebUIRuntimeCacheTimeout20The Sliding Expiration Timeout for HTTP Runtime Cache data in the EmpowerID Web UI in minutes
WorkflowDataFactorySQL
YubicoOTPApiKey
Yubico OTP API Key
YubicoOTPClientID
Yubico OTP ClientID






concepts:

Overview of the EmpowerID Identity Warehouse

Overview of Inventory

Account Inbox Overview

Overview of Attribute Flow

Overview of Projection and Enforcement



tasks:

Managing User Accounts and Groups