You can use system settings to control many aspects of EmpowerID behavior.

To change values for any of the settings

In the navigation sidebar, expand Admin, then EmpowerID Servers and Settings, and select EmpowerID System Settings.
On the EmpowerID System Settings page that appears, search for the setting that you want to change and click the Edit icon to its left.
In the dialog that appears, you can edit the Value and Description fields, and select whether to Encrypt Data for the setting value.

Do NOT change the Name field for a setting. The name connects the setting value to the option within EmpowerID code, so changing it breaks the connection.
After making changes, click Save.

To add or delete a setting

To delete a setting, click the Delete button to the left of the setting.
To add a setting, click the Add icon above the grid.

In the dialog that appears, provide the following values:
- Name — Enter a name for the setting. This value cannot have spaces, and must correspond to the name of the setting in code.
- Value — Enter a value to pass into the setting.
- Description — Enter a description that gives administrators information about what kind of value to enter and what it accomplishes.
- Created Date — Optionally enter a date to display to anyone editing the setting. If left blank, this value is provided automatically.
- Encrypt Data — Select this option to encrypt the Value text to protect sensitive data.
Click Save.

System Settings

The following table provides the name, default value, and description for each system setting, as well as links to any further information about the setting.

This is a work in progress. Missing descriptions and links coming soon.

Name	Value	Description
ABACEmergencyMode	FALSE	Global setting to determine of the organizations is in a crisis emergency mode
ABACHighRiskScore	10000	Threshold Risk Score to be used in ABAC rules
AccountInboxJoinAndProvisionFilter	A.PersonID IS NULL AND A.Disabled = 0 AND A.Deleted = 0 AND A.AccountTypeID 2 AND A.AccountUsageTypeID = 1 AND LENA.FirstName 0 AND LENA.LastName 0	Filter for join and provision, only accounts matching the criteria will be included. This filter appends to the AccountInboxJoinFilter for join and to AccountInboxProvisionFilter for provision see AccountInboxing_GetJoinAndProvisionFilter for sample of how to extend
AccountInboxJoinByBirthDateFirstNameLastName	TRUE	If turned on, the join rule will try to join new discovered accounts to people, based on matches on those fields
AccountInboxJoinByCustomMatch	/* -- this is a sample of how to extend the join rules with custom logic. There would be two extra rules to join by Department and City/State --uncomment the outer comment to make it active --retrieve personID by Department, first and last name UPDATE A SET A.PersonID = PJoined.PersonID, A.AttributeJoinedBy ='Department' FROM #Accounts A INNER JOIN SELECT MINP.PersonID PersonID, P.Department , P.LastName , P.FirstName FROM Person P WITH NOLOCK WHERE P.Department IS NOT NULL AND P.PersonID 3 GROUP BY P.Department, P.LastName , P.FirstName HAVING COUNT1=1 PJoined ON PJoined.Department = A.Department AND PJoined.LastName = A.LastName AND PJoined.FirstName = A.FirstName WHERE A.PersonID IS NULL --retrieve personID by City and State, first and last name UPDATE A SET A.PersonID = PJoined.PersonID, A.AttributeJoinedBy ='City and State' FROM #Accounts A INNER JOIN SELECT MINP.PersonID PersonID, P.City ,P.State, P.LastName, P.FirstName FROM Person P WITH NOLOCK WHERE P.City IS NOT NULL AND P.State IS NOT NULL AND P.PersonID 3 GROUP BY P.City ,P.State, P.LastName , P.FirstName HAVING COUNT1=1 PJoined ON PJoined.City = A.City AND PJoined.State = A.State AND PJoined.LastName = A.LastName AND PJoined.FirstName = A.FirstName WHERE A.PersonID IS NULL */	Extra custom rule/s that run at the end of the join rules by executing the SQL. It has to follow the sample code
AccountInboxJoinByEmailFirstNameLastName	TRUE	If turned on, the join rule will try to join new discovered accounts to people, based on matches on those fields
AccountInboxJoinByEmployeeIDFirstNameLastName	TRUE	If turned on, the join rule will try to join new discovered accounts to people, based on matches on those fields
AccountInboxJoinByPersonalEmailFirstNameLastName	TRUE	If turned on, the join rule will try to join new discovered accounts to people, based on matches on those fields
AccountInboxJoinFilter	A.AllowJoin = 1	Filter for join, only accounts matching the criteria will be included. This filter appends to the AccountInboxJoinAndProvisionFilter see AccountInboxing_GetJoinFilter for sample of how to extend
AccountInboxProvisionFilter	A.AllowProvision = 1 AND EXISTSSELECT 1 FROM AccountStore S WHERE A.AccountStoreID = S.AccountStoreID AND S.AllowPersonProvisioning = 1	Filter for PROVISION, only accounts matching the criteria will be included. This filter appends to the AccountInboxJoinAndProvisionFilter see AccountInboxing_GetProvisionFilter for sample of how to extend
ADUserCreatePostProcessingAlertEnabled	FALSE	Global Setting to Enable or Disable ADUserCreatePostProcessingAlert
AllowSetMustChangePasswordAtNextLogon	TRUE	Allow Set Must Change Password At Next Logon
AllowWebApiMethodInvokeProfiling	TRUE
AllowWebApiMethodInvokesWithoutCheck	TRUE
API_IISAppName	API
ApplicationLauncherOAuthConsumerGUID	f0ade541-52d1-4f60-9201-f58e9dc8f7fb
ApplicationLauncherOAuthProviderApplicationGUID	25629B1D-1585-4D19-A58F-A74D00EA30B0
ApplicationLauncherSamlConnectionID	1
ApplicationLauncherServiceProviderGuid
Azure-AuthorizationRule	MyPolicy1
Azure-ClientID
Azure-ClientSecret
AzureCosmosWFDataAuthKey
AzureCosmosWFDataSerivceEndPoint	https://eidtest.documents.azure.com:443/
Azure-DataCenterLocation
AzureJobEngineDataConnectionString
AzureManticoreConnectionString		Azure Manticore Storage Container Connection String
AzureManticoreContainerName	manticore	The Azure container which holds the session recordings
AzureNotificationHubConnectionString		Azure Notification Hub Connection String
AzureNotificationHubName		Azure Notification Hub Name
Azure-Relay	eidtest10
Azure-RelayNamespace	tenantDRelay
Azure-ResourceGroup	JobEngine
AzureSPOCosmosDocumentDBAuthKey
AzureSPOCosmosDocumentDBServiceEndPointUrl	https://eidtest.documents.azure.com:443/
AzureSPOTableDBStorageDataConnectionString
Azure-SubscriptionID
Azure-TenantID
AzureWebJobDataConnectionString	DefaultEndpointsProtocol=https;AccountName=eidazurejobengine;AccountKey=kNGSID50BEmwdInwNwbOyFmzrO+M/PggUHkSU5Nb9xq/ACzFj0CWn4H5SNALMY17TKJFz7qbnVa8qojP25dVhw==;EndpointSuffix=core.windows.net
AzureWebJobHost	FALSE
AzureWFDataConnectionString
BOTEnableBot	FALSE	Enables the EmpowerID Bot
BOTSecret	SI6PAkoG9cY.cwA.lko.Ysq1FIFhEkhAcYelcIkZyaHWkm6kJr0LeiE_JiafgvA	Secret for the EmpowerID bot
BOTUrl	https://webchat.botframework.com/embed/EmpowerIDBot1	Url of the EmpowerID Bot
Captcha-HideAndSkipValidationGloballyForTesting	FALSE	Hide Captcha And Skip Captcha Validation Globally For Testing
ConsumerSelfRegisterEnabled	TRUE	Consumer Self Registration setting to skip person registration in workflow if set to false
CoreIdentityProvisionLogic		Enter custom Core Identity provisioning logic
CountryISOAlpha2Code	US	Country ISO Alpha 2 code used to mask phone numbers during MFA. Refer to http://www.nationsonline.org/oneworld/country_code_list.htm
DeviceRegistrationCookieExpirationInDays	15	Expiration days of the device registration cookie
DisableCartCommentRequired	TRUE	DisableCartCommentRequired
DisableCrossPackagePublishCheck	FALSE
DUOAPIHostname
DUOIntergrationKey
DUOSecretKey
EidAuthenticationPassphrase	761a0e0e0330439286d0a739c7d7553b
EidAuthenticationSalt	016fc391fef14cf0a11e03a7b0814e7c
EIDBrowserExtensionChromeID	ompmlbphcpnjopgdoknaibgjagocjbbe	ID of the latest Chrome Browser Extension in the Chrome Store
EIDBrowserExtensionFFInstallPath	http://www.empowerID.com	Path to the installation location of the Firefox SSO Browser Extension
EIDBrowserExtensionIEInstallPath	http://crossrider.com/download/ie/81138	Path to the installation location of the Internet Explorer SSO Browser Extension
EIDBrowserExtensionVersion	81138	ID of the Browser Extension version used to build the URL for download and installation
EidCdnEnableResourceCheckCache	FALSE
EidCdnServerUrl	/EmpowerIDWebCDN
EidChromeFrameIEVersion	8
EidEnableLocalizationDebugging	FALSE
EidIdPSessionTimeout	480	IdP Portal Session Timeout in minutes
EidInstallationGUID	a32dd358-317b-4c84-bf10-a145236387c5
EidLoginAfterXFailsShowCaptcha	4	After x failures on the login page show the CAPTCHA
EidMaxReportResults	500000	Maximum number of results allowed in the email me as report feature
EidMultiFactorRetryLimit	3	Number of times to retry two-factor authentication before reverting to login page
EidPasswordlessLoginEnabled	TRUE	Option to enable/disable PasswordlessLogin option on the login page
EIDPersonExpirationNotificationDaysBefore	21	How many days to notify before person expires. Used by PersonExpirationNotification permanent WF
EIDPushNotificationTimeout	30	EmpowerID push notification and registration timeout in seconds
EmailApprovalByEmailEnabled	FALSE
EmailEWSEmailProviderMailboxAccountID
EmailEWSEmailProviderMailServerURL
EmailGlobalBCCRecipient		Sends a copy of every email to the specified email address in any mode as a BCC.
EmailSmtpEmailProviderFromAddress		Default from address for all EmpowerID notifications
EmailSmtpEmailProviderMailboxAccountID		AccountID of an account that has a vaulted password to be used for authenticated send email
EmailSmtpEmailProviderMailServer	dc-exch.addomain.com	Email Server used to send out EmpowerID System email messages
EmailSmtpEmailProviderUseSSL	TRUE	Use SSL for SMTP
EmailSmtpPortNumber	25	SMTP Port for TLS
EmailSmtpUseTLS	TRUE	if true and EmailSmtpEmailProviderUseSSL is true, EID uses TLS to connect to the smtp server
EmailTestMode	FALSE	If true, sends all emails to a specific email address in the EmailTestModeGlobalRecipient settings.
EmailTestModeGlobalRecipient		Sends a copy of every email to the specified email address in any mode as a recipient.
EmpowerID_IISAppName	EmpowerID
EmpowerIDWebCDN_IISAppName	EmpowerIDWebCDN
EmpowerIDWebIdPForms_IISAppName	EmpowerIDWebIdPForms
EmpowerIDWebIdPSmartCard_IISAppName	EmpowerIDWebIdPSmartCard
EmpowerIDWebIdPWindows_IISAppName	EmpowerIDWebIdPWindows
EmpowerIDWebIdPWSFederation_IISAppName	EmpowerIDWebIdPWSFederation
EmpowerIDWebReports_IISAppName	EmpowerIDWebReports
EnableBulkRecertification	FALSE	Enables or disables the ability to make a bulk decision for multiple recertification items
EnableCookieSecureAttribute	TRUE	Flag to enable/disable secure attribute on all the cookies
EnableRMQServer	FALSE
EnableWorkflowRedirectUrl	FALSE	Enables the redirecturl functionality of workflows
EnvironmentHeaderMessage		Displays a system-wide message at the top banner
GoogleMapsAPIKey	AIzaSyAiqp4HyDyFGg6SPad8gAa-hv-eFQz7FwA	API Key that is used with google maps
GoogleRecaptchaSiteVerifyUrl	https://www.google.com/recaptcha/api/siteverify	Verify url for google recaptcha cannot contain a querystring
HelpLoginMenuLink	https://docs.empowerid.com/	Link to external help
HelpMFALink	https://dotnetworkflow.jira.com/wiki/spaces/E2D/pages/87851239/Multifactor+Authentication	Help link for end user multi-factor authentication
IdPCacheRefreshInterval	0	The interval used to refresh the internal IdP cache for Single Sign On data. If set to ZERO, this setting is DISABLED.
IdPRuntimeCacheTimeout	10	CAUTION: This values should be between 1 and 525,600. The Sliding Expiration Timeout for HTTP Runtime Cache data in the EmpowerID Web IdPs in minutes
InventorySalesForceAccount	FALSE	setting to verify if account object should be inventoried or not
IpInfoAccessToken		IpInfo Access Token
ITShopIManageGrpAccountMode	TRUE	In IT Shop Resources I manage show the simple mode group account grid not RBAC delegation control
ITShopIManageGrpRBACSimpleMode	TRUE	In IT Shop Resources I manage show the RBAC delegation control in simple mode
ITShopMyAccessShowExpiresXDays	30	Setting to control which expiring access shows to the user. Only access expiring in X days.
JoinToCIByBirthDateFirstNameLastName	FALSE	Set this value to true if you want to join Person to Core Identity by FirstName, LastName and DateOfBirth.
JoinToCIByFirstNameLastName	TRUE	Set this value to true if you want to join Person to Core Identity by FirstName and LastName.
JoinToCICustomMatchAttributes		Enter a comma separated list of the attributes that should be used to join Person to Core Identity. For example: to join by DateOfBirth and SSN enter: DateOfBirth, SocialSecurityNumber
LocaleFlagsEnabled	FALSE	Enables or disables displaying country flags in the locale picker
LocalePickerEnabled	TRUE	Enables or disables the language picker in the user interface
LocaleRecordingMode	TRUE	Tells the system to record locale keys that are being used
LocalizationDefaultLocale	en-US	Default Fallback Locale
LoginAfterXFailsShowCaptcha	4	After x failures on the login page show the CAPTCHA
LoginLookupAccountByPersonLogonNameToValidatePassword	TRUE	Attempt to validate the password against each of the person's accounts that belong to an Account Store where pass-through authentication is enabled
LoginNameEnableGenerate	TRUE	Enables the Generate endpoint of the LoginName
LoginPageAccountUnlockEnabled	TRUE	Specifies whether or not the account unlock button is enabled on the login page
LoginPageBotEnabled	TRUE	Enable the chat with bot button on the login page
LoginPageConsumerSelfRegisterEnabled	FALSE	Specifies whether or not the self register button is enabled on the login page
LoginPageemaillostusernameEnabled	TRUE	Specifies whether or not mail to username is enabled on the login page
LoginPagePartnerSelfRegisterEnabled	TRUE	Specifies whether or no the partner self register page is enabled on the login page
LoginPagepasswordresetcenterEnabled	TRUE	Specifies whether or not password reset center is enabled on the login page
LoginPageRequestOathTokenEnabled	TRUE	Specifies whether or not request oath token is enabled on the login page
LoginPageSupplierCompanyRegistrationEnabled	TRUE	Specifies whether or not the Supplier Company Registration link is enabled on the login page
MaximumLoginTravelSpeed	450	Maximum Login Travel Speed
MessageBusSettings	[{Id:8f0cade0-99d0-43f5-96e8-b0bbdc8bea7a,PluginType:Syslog,MessageEntryType:Error,ConnectionString:192.168.254.138:514,AuxiliarySettings:{Publisher:null,Subscriber:null,Topic:null}},{Id:55fb5db1-4c65-4070-9307-f038393c7f3a,PluginType:Syslog,MessageEntryType:Information,ConnectionString:192.168.254.138:514,AuxiliarySettings:{Publisher:null,Subscriber:null,Topic:null}}]
MobileClientOAuthApplicationID	A05391D2-D4B0-49F5-9D3B-A8AF009B7247	EmpowerID Mobile Client OAuthProviderApplicationID
OathTokenIssuerName	EmpowerID Dev	Name of the Oath Token Issuer
OAuth_IISAppName	OAuth
OAuthConsumerGUID	91A7642F-0313-4496-9125-D4DB2782D111	OAuth connection for Twilio API access
OwnerRequiredAssigneeTypeID	1	For Responsible Party control - OwnerRequiredAssigneeTypeID - set a value to only allow that type to be assigned - 1 Person 2 Account 3 Group 4 Business Role and Location 5 Management Role 7 Query-Based Collection
PA-BusinessRoleDetails-Custom1	CustomAttribute1,CustomAttribute2,CustomAttribute3,CustomAttribute4,CustomAttribute5,CustomAttribute6,CustomAttribute7,CustomAttribute8,CustomAttribute9,CustomAttribute10	Page attributes for Business Role viewone page custom attributes 1-10
PA-BusinessRoleDetails-Custom11	CustomAttribute11,CustomAttribute12,CustomAttribute13,CustomAttribute14,CustomAttribute15,CustomAttribute16,CustomAttribute17,CustomAttribute18,CustomAttribute19,CustomAttribute20	Page attributes for Business Role viewone page custom attributes 11-20
PA-BusinessRoleDetails-Extension1	ExtensionAttribute1,ExtensionAttribute2,ExtensionAttribute3,ExtensionAttribute4,ExtensionAttribute5,ExtensionAttribute6,ExtensionAttribute7,ExtensionAttribute8,ExtensionAttribute9,ExtensionAttribute10	Page attributes for Business Role viewone page extension attributes 1-10
PA-BusinessRoleDetails-Extension11	ExtensionAttribute11,ExtensionAttribute12,ExtensionAttribute13,ExtensionAttribute14,ExtensionAttribute15,ExtensionAttribute16,ExtensionAttribute17,ExtensionAttribute18,ExtensionAttribute19,ExtensionAttribute20	Page attributes Business Role viewone page extension attributes 11-20
PA-BusinessRoleLocationDetails-Custom1	CustomAttribute1,CustomAttribute2,CustomAttribute3,CustomAttribute4,CustomAttribute5,CustomAttribute6,CustomAttribute7,CustomAttribute8,CustomAttribute9,CustomAttribute10	Page attributes for Business Role Location viewone page custom attributes 1-10
PA-BusinessRoleLocationDetails-Custom11	CustomAttribute11,CustomAttribute12,CustomAttribute13,CustomAttribute14,CustomAttribute15,CustomAttribute16,CustomAttribute17,CustomAttribute18,CustomAttribute19,CustomAttribute20	Page attributes for Business Role Location viewone page custom attributes 11-20
PA-BusinessRoleLocationDetails-Extension	ExtensionAttribute1,ExtensionAttribute2,ExtensionAttribute3,ExtensionAttribute4,ExtensionAttribute5,ExtensionAttribute6,ExtensionAttribute7,ExtensionAttribute8,ExtensionAttribute9,ExtensionAttribute10,ExtensionAttribute11,ExtensionAttribute12,ExtensionAttribute13,ExtensionAttribute14,ExtensionAttribute15	Page attributes for Business Role Location viewone page extension attributes 1-15
Page-PersonDetails-ManageTab-ShowRow1	TRUE	Page-PersonDetails-ShowRow1 to show the first row of attributes
Page-PersonDetails-ManageTab-ShowRow2	FALSE	Page-PersonDetails-ShowRow2 to show the 2nd row of attributes
Page-PersonDetails-ManageTab-ShowRow3	TRUE	Page-PersonDetails-ShowRow3 to show the 3rd row of attributes
Page-PersonDetails-ManageTab-ShowRow4	TRUE	Page-PersonDetails-ShowRow4 to show the 4th row of attributes
PA-GroupDetails-Custom1	CustomAttribute1,CustomAttribute2,CustomAttribute3,CustomAttribute4,CustomAttribute5,CustomAttribute6,CustomAttribute7,CustomAttribute8,CustomAttribute9,CustomAttribute10	Page attributes for Group Viewone Custom attributes 1-10
PA-GroupDetails-Custom11	CustomAttribute11,CustomAttribute12,CustomAttribute13,CustomAttribute14,CustomAttribute15,CustomAttribute16,CustomAttribute17,CustomAttribute18,CustomAttribute19,CustomAttribute20	Page attributes for Group Viewone Custom attributes 11-20
PA-GroupDetails-Extension1	ExtensionAttribute1,ExtensionAttribute2,ExtensionAttribute3,ExtensionAttribute4,ExtensionAttribute5,ExtensionAttribute6,ExtensionAttribute7,ExtensionAttribute8,ExtensionAttribute9,ExtensionAttribute10	Page attributes for Group Viewone extension attributes 1-10
PA-GroupDetails-Extension11	ExtensionAttribute11,ExtensionAttribute12,ExtensionAttribute13,ExtensionAttribute14,ExtensionAttribute15,ExtensionAttribute16,ExtensionAttribute17,ExtensionAttribute18,ExtensionAttribute19,ExtensionAttribute20	Page attributes for Group Viewone extension attributes 11-20
PA-LocationDetails-Custom1	CustomAttribute1,CustomAttribute2,CustomAttribute3,CustomAttribute4,CustomAttribute5,CustomAttribute6,CustomAttribute7,CustomAttribute8,CustomAttribute9,CustomAttribute10	Location viewone page attributes custom attributes 1-10
PA-LocationDetails-Custom11	CustomAttribute11,CustomAttribute12,CustomAttribute13,CustomAttribute14,CustomAttribute15,CustomAttribute16,CustomAttribute17,CustomAttribute18,CustomAttribute19,CustomAttribute20	Location viewone page attributes custom attributes 11-20
PA-LocationDetails-Extension1	ExtensionAttribute1,ExtensionAttribute2,ExtensionAttribute3,ExtensionAttribute4,ExtensionAttribute5,ExtensionAttribute6,ExtensionAttribute7,ExtensionAttribute8,ExtensionAttribute9,ExtensionAttribute10	Location viewone page attributes extension attribute 1-10
PA-LocationDetails-Extension11	ExtensionAttribute11,ExtensionAttribute12,ExtensionAttribute13,ExtensionAttribute14,ExtensionAttribute15,ExtensionAttribute16,ExtensionAttribute17,ExtensionAttribute18,ExtensionAttribute19,ExtensionAttribute20	Location viewone page attributes extension attributes 11-20
PA-ManagementRoleDetails-Extension1	ExtensionAttribute1,ExtensionAttribute2,ExtensionAttribute3,ExtensionAttribute4,ExtensionAttribute5,ExtensionAttribute6,ExtensionAttribute7,ExtensionAttribute8,ExtensionAttribute9,ExtensionAttribute10	Management role viewone page attributes extension attributes 1-10
PA-ManagementRoleDetails-Extension11	ExtensionAttribute11,ExtensionAttribute12,ExtensionAttribute13,ExtensionAttribute14,ExtensionAttribute15,ExtensionAttribute16,ExtensionAttribute17,ExtensionAttribute18,ExtensionAttribute19,ExtensionAttribute20	Management Role viewone page attributes extension attributes 11-20
PAMMFAEnabled	TRUE	Enable or disable Multi-Factor Authentication options for Privileged Access Management
PAMOtherAccessOptionsEnabled	FALSE	Hides or shows other access request methods - like Request Elevation to local admin or a temp local admin account
PA-PersonDetails-Activity-Advanced	ValidFrom,ValidUntil,PersonOrganizationStatusFriendlyName,TerminationBusinessProcessTaskID,AllowLoginOnlyUsingOwnedAccount,PasswordManagerPolicyID,ProfileManagerLastUpdated,AgreementVersion,RiskFactorTotal,RiskFactorLastCalculated,PersonUsageTypeFriendlyName,IsPrivPersonForPersonID,CreatedDate,ModifiedDate	PA-PersonDetails-Activity-Advanced
PA-PersonDetails-Activity-General	Active,LockedUntil,Login,LastLoginDate,PersonPasswordExpirationDate,LastPasswordChangedDate,MustChangePasswordOnNextLogin,PersonEnrolled,LastEnrollmentTime,IsOutOfOffice	PA-PersonDetails-Activity-General
PA-PersonDetails-Advanced	Active,LockedUntil,PersonProofingStatusFriendlyName,ValidFrom,ValidUntil,ValidUntilExtended,PersonOrganizationStatusFriendlyName,TerminationBusinessProcessTaskID,AllowLoginOnlyUsingOwnedAccount,AllowAttributeSync,AllowPasswordOperations,PasswordManagerPolicyID,PasswordManagerLockedUntil,ProfileManagerLastUpdated,AgreementVersion,RiskFactorTotal,RiskFactorLastCalculated,PersonID,CreatedDate,ModifiedDate,ResourceID,PreviousPersonManagerID,FuturePersonManagerID,GeneratedFromAccountID	PA-PersonDetails-Advanced
PA-PersonDetails-Contact	Telephone,MobilePhone,Fax,Email,PersonalEmail,Address	PA-PersonDetails-Contact
PA-PersonDetails-Extension1	ExtensionAttribute1,ExtensionAttribute2,ExtensionAttribute3,ExtensionAttribute4,ExtensionAttribute5,ExtensionAttribute6,ExtensionAttribute7,ExtensionAttribute8,ExtensionAttribute9,ExtensionAttribute10	PA-PersonDetails-Extension1
PA-PersonDetails-Extension11	ExtensionAttribute11,ExtensionAttribute12,ExtensionAttribute13,ExtensionAttribute14,ExtensionAttribute15,ExtensionAttribute16,ExtensionAttribute17,ExtensionAttribute18,ExtensionAttribute19,ExtensionAttribute20	PA-PersonDetails-Extension11
PA-PersonDetails-General	Login,LocaleFriendlyName,DefaultHomePage,AboutMe,Notes,LastLoginDate,PersonPasswordExpirationDate,LastPasswordChangedDate,MustChangePasswordOnNextLogin,PersonEnrolled,LastEnrollmentTime,IsOutOfOffice,MiddleName,SecondLastName,BirthName,PersonalTitle,IsExternal,EmployeeID,EmployeeIDOther,JobCode	PA-PersonDetails-General
PA-PersonDetails-LegalEntity	LegalEntityCountryName,BranchName,BranchLocationPOID,BranchLocationCityKey,DivisionShortName,ContractTypeName,UnitShortName	Page attributes for view one person details page manage tab
PA-PersonDetails-PositionInfo	MainPosition,PositionCity,PositionCountry,PositionUnitKey,PositionUnitName,Assistant,TitleShortName,TWCodeShortName,TWCodeName,TWCodeGroup	Page attributes for person details page manage tab
PA-PersonDetails-Report-Authentication	RequireSecondFactor,LoginRequireDeviceRegistration,AllowLoginOnlyUsingOwnedAccount,AllowAttributeSync,AllowPasswordOperations,PasswordManagerPolicyID,AgreementVersion	PA-PersonDetails-Report-Authentication
PA-PersonDetails-Report-General	Active,LockedUntil,ValidFrom,ValidUntil,PersonOrganizationStatusFriendlyName,TerminationBusinessProcessTaskID,ProfileManagerLastUpdated,RiskFactorTotal,RiskFactorLastCalculated,IsPrivPersonForPersonID,PersonID,CreatedDate,ModifiedDate,ResourceID	PA-PersonDetails-Report-General
PA-PersonDetails-Work	Title,Department,Office,Company,Location	PA-PersonDetails-Work
PA-RecertAttestationPersonDirectDetails-Contact	Email,Telephone,MobilePhone,Fax,PersonalEmail,Address	PA-RecertAttestationPersonDirectDetails-Contact
PA-RecertAttestationPersonDirectDetails-Work	Title,Department,Office,Company,Location,OrgRoleOrgZoneFriendlyName	PA-RecertAttestationPersonDirectDetails-Work
PA-ViewSelf-ActivityHistory-Advanced	ValidFrom,ValidUntil,PersonOrganizationStatusFriendlyName,TerminationBusinessProcessTaskID,LoginRequireDeviceRegistration,RequireSecondFactor,AllowLoginOnlyUsingOwnedAccount,PasswordManagerPolicyID,ProfileManagerLastUpdated,AgreementVersion,RiskFactorTotal,RiskFactorLastCalculated,IsPrivPersonForPersonID,CreatedDate,ModifiedDate	View self page activity history tab advanced section attributes
PA-ViewSelf-Advanced	Active,LockedUntil,ValidFrom,ValidUntilLocalTime,PersonOrganizationStatusFriendlyName,TerminationBusinessProcessTaskID,AllowLoginOnlyUsingOwnedAccount,AllowAttributeSync,AllowPasswordOperations,PasswordManagerPolicyID,PasswordManagerLockedUntil,ProfileManagerLastUpdated,AgreementVersion,RiskFactorTotal,RiskFactorLastCalculated,IsPrivPersonForPersonID,PersonID,CreatedDate,ModifiedDate,ResourceID	View self Report tab advanced section attributes
PA-ViewSelf-Authentication	RequireSecondFactor,LoginRequireDeviceRegistration,AllowLoginOnlyUsingOwnedAccount,AllowAttributeSync,AllowPasswordOperations,PasswordManagerPolicyID,AgreementVersion	View self page report tab authentication attributes
PA-ViewSelf-Contact	Telephone,MobilePhone,Fax,Email,PersonalEmail,Address	Viewself contact section attributes
PA-ViewSelf-Extension1	ExtensionAttribute1,ExtensionAttribute2,ExtensionAttribute3,ExtensionAttribute4,ExtensionAttribute5,ExtensionAttribute6,ExtensionAttribute7,ExtensionAttribute8,ExtensionAttribute9,ExtensionAttribute10	View self page report tab extension attributes 1-11
PA-ViewSelf-Extension11	ExtensionAttribute11,ExtensionAttribute12,ExtensionAttribute13,ExtensionAttribute14,ExtensionAttribute15,ExtensionAttribute16,ExtensionAttribute17,ExtensionAttribute18,ExtensionAttribute19,ExtensionAttribute20	View self page report tab extension attributes 11-20
PA-ViewSelf-General	Active,LockedUntil,Login,LastLoginDate,PersonPasswordExpirationDate,LastPasswordChangedDate,MustChangePasswordOnNextLogin,PersonEnrolled,LastEnrollmentTime,IsOutOfOffice	View self page activity tab general section attributes
PA-ViewSelf-Work	Title,Department,Office,Company,Location,PersonManagerName	View self work section attributes
PreferredCountry	us,de,ch	Enter the country short codes one after the other in the above format to set them as the preferred countries to show at the top of the drop-down list in the International Telephone Input field.
PSMAWSBucketName		Privileged Session Manager Amazon AWS S3 bucket to store recordings
PSMAWSRegionEndpoint		Privileged Session Manager Amazon AWS region for S3 bucket to store recordings
PSMAzureBucketName	Recordings	Privileged Session Manager Azure bucket name to store recordings
PSMClientKey	bcb5909d-a600-413c-a9a3-406afa551307	Privileged Session Manager OAuth Client API key for ClickOnce client
PSMClientURL	https://rdp.empowersso.com/start	URL for Privileged Session Manager clickonce client Manticore https://s3.amazonaws.com/manticoredevrick/SecureAccessGateway.application / https://54.146.165.121/myrtille
PSMClientURLDefault	https://gatewayprod.empoweriam.com	Gateway PROD RDP Manticore v2.0
PSMEnabled	TRUE	Determines whether the Privileged Session Manager RDP proxy is enabled in the user interface for this installation
PSMOAuthConsumerGUID	3a2a8bc2-7d90-4930-a589-3a061ae234cb	Privileged Session Manager RDP client OAuth credentials for Amazon AWS account for storing recordings
PSMRecordKeyStrokes	TRUE	Determines whether recordings are captured for the privileged session manager
PSMStorageMode	AZURE	Determines whether recordings are stored on AWS, AZURE, or in a UNC network folder location.
PSMUNCStorageLocation		When PSMStorageMode is set to UNC, the UNC path to a network folder for storage of recordings
PublishToAzureConnectionString
PublishToStorage
PublishToTFSLocalPath
PublishToTFSPath
PublishToTFSURL
PublishToUNC
ReCaptchaAuthConsumerGUID	d68cbddb-a2a8-4de3-8daf-f1ff7f999134	Google API key and secret for Recaptcha
Recertification-AllowSelectSuggestedRole	FALSE	Allow selection of a suggested Business Role and Location when revoking a recertification
Recertification-AutoProcessBusinessRoleAndLocationRevocations	TRUE	Enable auto delete business Role and Location re-certification revocations
Recertification-EnableConditionalApproval	FALSE	Enables the decision button for conditional approval where a time constraint must be selected
Recertification-ShowCertifierPhoto	TRUE	Shows or hides the current certifier photo on the Manager review screen
RemoveDiacriticsForEmailAndAlias	FALSE
RemoveDiacriticsForEmailAndAlias_ReplaceEszett	FALSE
RestrictCountries	ad, ae, af, ag, ai, al, am, an, ao, aq, ar, as, at, au, aw, ax, az, ba, bb, bd, be, bf, bg, bh, bi, bj, bl, bm, bn, bo, br, bs, bt, bv, bw, by, bz, ca, cc, cd, cf, cg, ch, ci, ck, cl, cm, cn, co, cr, cu, cv, cx, cy, cz, de, dj, dk, dm, do, dz, ec, ee, eg, eh, er, es, et, fi, fj, fk, fm, fo, fr, ga, gb, gd, ge, gf, gg, gh, gi, gl, gm, gn, gp, gq, gr, gs, gt, gu, gw, gy, hk, hm, hn, hr, ht, hu, id, ie, il, im, in, io, iq, ir, is, it, je, jm, jo, jp, ke, kg, kh, ki, km, kn, kp, kr, kw, ky, kz, la, lb, lc, li, lk, lr, ls, lt, lu, lv, ly, ma, mc, md, me, mf, mg, mh, mk, ml, mm, mn, mo, mp, mq, mr, ms, mt, mu, mv, mw, mx, my, mz, na, nc, ne, nf, ng, ni, nl, no, np, nr, nu, nz, om, pa, pe, pf, pg, ph, pk, pl, pm, pn, pr, ps, pt, pw, py, qa, re, ro, rs, ru, rw, sa, sb, sc, sd, se, sg, sh, si, sj, sk, sl, sm, sn, so, sr, ss, st, sv, sy, sz, tc, td, tf, tg, th, tj, tk, tl, tm, tn, to, tr, tt, tv, tw, tz, ua, ug, um, us, uy, uz, va, vc, ve, vg, vi, vn, vu, wf, ws, ye, yt, za, zm, zw	Represents the array of countries that are allowed to show up in the International Telephone Input field. Remove the countries you don't want on the drop-down list.
RMQAssemblyType	TheDotNetFactory.Framework.RMQueue.RabbitMQ.dll
RMQConnectionString
RunEmpowerIDJobAsync	TRUE
RunWorkflowLocally	TRUE	Global setting to determine if workflow should run in UI w3p
SignUpInitialCountry	ch	The Initial country for the Telephone input field in the sign up page. The value needs to be two letter short for the country according to the TelInput index eg. Central African Republic - cf \| Chile - cl \| Cambodia - kh
SyncOffice365License	FALSE	Optionally synch O365 to ExtensionAttribute23 of the account
TaskRenotificationEmailIsBulk	FALSE	If set to true and when no custom email template exists, default task re-notification bulk email will be sent in bulk
TerminatePersonAdvancedInitiator	2	PersonID for initiator of the TerminatePersonAdvance workflow which is called by a permanent workflow for people whose ValidUntil has expired.
TwilioFromPhone	1.61E+10	The from phone number used in twilio communications
TwilioMessagingServiceID		ID of the messaging service being used to send SMS//MG0d8f5224acb980fd5ac52054f9ced3a1
TwilioOTPAppName	Twilio	The name of the Twilio OAuth Application whose credentials are being used to send SMS and Voice messages
TwilioProviderAssemblyQualifiedName	TheDotNetFactory.Framework.Api.Operations.Services.TwilioDirectProvider, TheDotNetFactory.Framework.Api.Operations, Version=0.0.0.0	The provider that will handle sending twilio communications
TwilioRemoteProviderHost	http://localhost:13943/api/twilio	If using the remote twilio provider, this is the url that is used to connect to the remote provider
UseTwilioMessagingService	FALSE	To use Twilio Messaging service to send SMS and Voice, set to True.
WebCdnPath	c:\source\EID\2014HF\Root\UI\Web Sites\EmpowerID.Web\EmpowerID.Web.Cdn
WebUIRuntimeCacheTimeout	20	The Sliding Expiration Timeout for HTTP Runtime Cache data in the EmpowerID Web UI in minutes
WorkflowDataFactory	SQL
YubicoOTPApiKey		Yubico OTP API Key
YubicoOTPClientID		Yubico OTP ClientID