System Settings
You can use system settings to control many aspects of EmpowerID behavior.
To change values for any of the settings
In the navigation sidebar, expand Admin, then EmpowerID Servers and Settings, and select EmpowerID System Settings.
On the EmpowerID System Settings page that appears, search for the setting that you want to change and click the Edit icon to its left.
In the dialog that appears, you can edit the Value and Description fields, and select whether to Encrypt Data for the setting value.
After making changes, click Save.
To add or delete a setting
To delete a setting, click the Delete button to the left of the setting.
To add a setting, click the Add icon above the grid.
In the dialog that appears, provide the following values:Name — Enter a name for the setting. This value cannot have spaces, and must correspond to the name of the setting in code.
Value — Enter a value to pass into the setting.
Description — Enter a description that gives administrators information about what kind of value to enter and what it accomplishes.
Created Date — Optionally enter a date to display to anyone editing the setting. If left blank, this value is provided automatically.
Encrypt Data — Select this option to encrypt the Value text to protect sensitive data.
Click Save.
System Settings
The following table provides the name, default value, and description for each system setting, as well as links to any further information about the setting.
This is a work in progress. Missing descriptions and links coming soon.
Name | Value | Description |
|---|---|---|
ABACEmergencyMode | FALSE | Global setting to determine of the organizations is in a crisis emergency mode |
ABACHighRiskScore | 10000 | Threshold Risk Score to be used in ABAC rules |
AccountInboxJoinAndProvisionFilter | A.PersonID IS NULL AND A.Disabled = 0 AND A.Deleted = 0 AND A.AccountTypeID 2 AND A.AccountUsageTypeID = 1 AND LENA.FirstName 0 AND LENA.LastName 0 | Filter for join and provision, only accounts matching the criteria will be included. This filter appends to the AccountInboxJoinFilter for join and to AccountInboxProvisionFilter for provision see AccountInboxing_GetJoinAndProvisionFilter for sample of how to extend |
AccountInboxJoinByBirthDateFirstNameLastName | TRUE | If turned on, the join rule will try to join new discovered accounts to people, based on matches on those fields |
AccountInboxJoinByCustomMatch | /* -- this is a sample of how to extend the join rules with custom logic. There would be two extra rules to join by Department and City/State --uncomment the outer comment to make it active --retrieve personID by Department, first and last name UPDATE A SET A.PersonID = PJoined.PersonID, A.AttributeJoinedBy ='Department' FROM #Accounts A INNER JOIN SELECT MINP.PersonID PersonID, P.Department , P.LastName , P.FirstName FROM Person P WITH NOLOCK WHERE P.Department IS NOT NULL AND P.PersonID 3 GROUP BY P.Department, P.LastName , P.FirstName HAVING COUNT1=1 PJoined ON PJoined.Department = A.Department AND PJoined.LastName = A.LastName AND PJoined.FirstName = A.FirstName WHERE A.PersonID IS NULL --retrieve personID by City and State, first and last name UPDATE A SET A.PersonID = PJoined.PersonID, A.AttributeJoinedBy ='City and State' FROM #Accounts A INNER JOIN SELECT MINP.PersonID PersonID, P.City ,P.State, P.LastName, P.FirstName FROM Person P WITH NOLOCK WHERE P.City IS NOT NULL AND P.State IS NOT NULL AND P.PersonID 3 GROUP BY P.City ,P.State, P.LastName , P.FirstName HAVING COUNT1=1 PJoined ON PJoined.City = A.City AND PJoined.State = A.State AND PJoined.LastName = A.LastName AND PJoined.FirstName = A.FirstName WHERE A.PersonID IS NULL */ | Extra custom rule/s that run at the end of the join rules by executing the SQL. It has to follow the sample code |
AccountInboxJoinByEmailFirstNameLastName | TRUE | If turned on, the join rule will try to join new discovered accounts to people, based on matches on those fields |
AccountInboxJoinByEmployeeIDFirstNameLastName | TRUE | If turned on, the join rule will try to join new discovered accounts to people, based on matches on those fields |
AccountInboxJoinByPersonalEmailFirstNameLastName | TRUE | If turned on, the join rule will try to join new discovered accounts to people, based on matches on those fields |
AccountInboxJoinFilter | A.AllowJoin = 1 | Filter for join, only accounts matching the criteria will be included. This filter appends to the AccountInboxJoinAndProvisionFilter see AccountInboxing_GetJoinFilter for sample of how to extend |
AccountInboxProvisionFilter | A.AllowProvision = 1 AND EXISTSSELECT 1 FROM AccountStore S WHERE A.AccountStoreID = S.AccountStoreID AND S.AllowPersonProvisioning = 1 | Filter for PROVISION, only accounts matching the criteria will be included. This filter appends to the AccountInboxJoinAndProvisionFilter see AccountInboxing_GetProvisionFilter for sample of how to extend |
ADUserCreatePostProcessingAlertEnabled | FALSE | Global Setting to Enable or Disable ADUserCreatePostProcessingAlert |
AllowSetMustChangePasswordAtNextLogon | TRUE | Allow Set Must Change Password At Next Logon |
AllowWebApiMethodInvokeProfiling | TRUE |
|
AllowWebApiMethodInvokesWithoutCheck | TRUE |
|
API_IISAppName | API |
|
ApplicationLauncherOAuthConsumerGUID | f0ade541-52d1-4f60-9201-f58e9dc8f7fb |
|
ApplicationLauncherOAuthProviderApplicationGUID | 25629B1D-1585-4D19-A58F-A74D00EA30B0 |
|
ApplicationLauncherSamlConnectionID | 1 |
|
ApplicationLauncherServiceProviderGuid |
|
|
Azure-AuthorizationRule | MyPolicy1 |
|
Azure-ClientID |
|
|
Azure-ClientSecret |
|
|
AzureCosmosWFDataAuthKey |
|
|
AzureCosmosWFDataSerivceEndPoint | https://eidtest.documents.azure.com:443/ |
|
Azure-DataCenterLocation |
|
|
AzureJobEngineDataConnectionString |
|
|
AzureManticoreConnectionString |
| Azure Manticore Storage Container Connection String |
AzureManticoreContainerName | manticore | The Azure container which holds the session recordings |
AzureNotificationHubConnectionString |
| Azure Notification Hub Connection String |
AzureNotificationHubName |
| Azure Notification Hub Name |
Azure-Relay | eidtest10 |
|
Azure-RelayNamespace | tenantDRelay |
|
Azure-ResourceGroup | JobEngine |
|
AzureSPOCosmosDocumentDBAuthKey |
|
|
AzureSPOCosmosDocumentDBServiceEndPointUrl | https://eidtest.documents.azure.com:443/ |
|
AzureSPOTableDBStorageDataConnectionString |
|
|
Azure-SubscriptionID |
|
|
Azure-TenantID |
|
|
AzureWebJobDataConnectionString | DefaultEndpointsProtocol=https;AccountName=eidazurejobengine;AccountKey=kNGSID50BEmwdInwNwbOyFmzrO+M/PggUHkSU5Nb9xq/ACzFj0CWn4H5SNALMY17TKJFz7qbnVa8qojP25dVhw==;EndpointSuffix=core.windows.net |
|
AzureWebJobHost | FALSE |
|
AzureWFDataConnectionString |
|
|
BOTEnableBot | FALSE | Enables the EmpowerID Bot |
BOTSecret | SI6PAkoG9cY.cwA.lko.Ysq1FIFhEkhAcYelcIkZyaHWkm6kJr0LeiE_JiafgvA | Secret for the EmpowerID bot |
BOTUrl | https://webchat.botframework.com/embed/EmpowerIDBot1 | Url of the EmpowerID Bot |
Captcha-HideAndSkipValidationGloballyForTesting | FALSE | Hide Captcha And Skip Captcha Validation Globally For Testing |
ConsumerSelfRegisterEnabled | TRUE | Consumer Self Registration setting to skip person registration in workflow if set to false |
CoreIdentityProvisionLogic |
| Enter custom Core Identity provisioning logic |
CountryISOAlpha2Code | US | Country ISO Alpha 2 code used to mask phone numbers during MFA. Refer to http://www.nationsonline.org/oneworld/country_code_list.htm |
DeviceRegistrationCookieExpirationInDays | 15 | Expiration days of the device registration cookie |
DisableCartCommentRequired | TRUE | DisableCartCommentRequired |
DisableCrossPackagePublishCheck | FALSE |
|
DUOAPIHostname |
|
|
DUOIntergrationKey |
|
|
DUOSecretKey |
|
|
EidAuthenticationPassphrase | 761a0e0e0330439286d0a739c7d7553b |
|
EidAuthenticationSalt | 016fc391fef14cf0a11e03a7b0814e7c |
|
EIDBrowserExtensionChromeID | ompmlbphcpnjopgdoknaibgjagocjbbe | ID of the latest Chrome Browser Extension in the Chrome Store |
EIDBrowserExtensionFFInstallPath | http://www.empowerID.com | Path to the installation location of the Firefox SSO Browser Extension |
EIDBrowserExtensionIEInstallPath | http://crossrider.com/download/ie/81138 | Path to the installation location of the Internet Explorer SSO Browser Extension |
EIDBrowserExtensionVersion | 81138 | ID of the Browser Extension version used to build the URL for download and installation |
EidCdnEnableResourceCheckCache | FALSE |
|
EidCdnServerUrl | /EmpowerIDWebCDN |
|
EidChromeFrameIEVersion | 8 |
|
EidEnableLocalizationDebugging | FALSE |
|
EidIdPSessionTimeout | 480 | IdP Portal Session Timeout in minutes |
EidInstallationGUID | a32dd358-317b-4c84-bf10-a145236387c5 |
|
EidLoginAfterXFailsShowCaptcha | 4 | After x failures on the login page show the CAPTCHA |
EidMaxReportResults | 500000 | Maximum number of results allowed in the email me as report feature |
EidMultiFactorRetryLimit | 3 | Number of times to retry two-factor authentication before reverting to login page |
EidPasswordlessLoginEnabled | TRUE | Option to enable/disable PasswordlessLogin option on the login page |
EIDPersonExpirationNotificationDaysBefore | 21 | How many days to notify before person expires. Used by PersonExpirationNotification permanent WF |
EIDPushNotificationTimeout | 30 | EmpowerID push notification and registration timeout in seconds |
EmailApprovalByEmailEnabled | FALSE |
|
EmailEWSEmailProviderMailboxAccountID |
|
|
EmailEWSEmailProviderMailServerURL |
|
|
EmailGlobalBCCRecipient |
| Sends a copy of every email to the specified email address in any mode as a BCC. |
EmailSmtpEmailProviderFromAddress |
| Default from address for all EmpowerID notifications |
EmailSmtpEmailProviderMailboxAccountID |
| AccountID of an account that has a vaulted password to be used for authenticated send email |
EmailSmtpEmailProviderMailServer | dc-exch.addomain.com | Email Server used to send out EmpowerID System email messages |
EmailSmtpEmailProviderUseSSL | TRUE | Use SSL for SMTP |
EmailSmtpPortNumber | 25 | SMTP Port for TLS |
EmailSmtpUseTLS | TRUE | if true and EmailSmtpEmailProviderUseSSL is true, EID uses TLS to connect to the smtp server |
EmailTestMode | FALSE | If true, sends all emails to a specific email address in the EmailTestModeGlobalRecipient settings. |
EmailTestModeGlobalRecipient |
| Sends a copy of every email to the specified email address in any mode as a recipient. |
EmpowerID_IISAppName | EmpowerID |
|
EmpowerIDWebCDN_IISAppName | EmpowerIDWebCDN |
|
EmpowerIDWebIdPForms_IISAppName | EmpowerIDWebIdPForms |
|
EmpowerIDWebIdPSmartCard_IISAppName | EmpowerIDWebIdPSmartCard |
|
EmpowerIDWebIdPWindows_IISAppName | EmpowerIDWebIdPWindows |
|
EmpowerIDWebIdPWSFederation_IISAppName | EmpowerIDWebIdPWSFederation |
|
EmpowerIDWebReports_IISAppName | EmpowerIDWebReports |
|
EnableBulkRecertification | FALSE | Enables or disables the ability to make a bulk decision for multiple recertification items |
EnableCookieSecureAttribute | TRUE | Flag to enable/disable secure attribute on all the cookies |
EnableRMQServer | FALSE |
|
EnableWorkflowRedirectUrl | FALSE | Enables the redirecturl functionality of workflows |
EnvironmentHeaderMessage |
| Displays a system-wide message at the top banner |