Configuring EmowerID System Settings

Owned by Phillip Hanegan
Last updated: Aug 17, 2020
10 min read

You can use system settings to control many aspects of EmpowerID behavior. 

How to change values for any of the system settings

  1. On the navbar expand Infrastructure Admin, then EmpowerID Servers and Settings, and select EmpowerID System Settings.

  2. On the EmpowerID System Settings page, search for the setting that you want to change and click the Edit icon to its left.

     

  3. In the dialog that appears, you can edit the Value and Description fields, and select whether to Encrypt Data for the setting value. When encrypting data, that data is invisible in the UI.

     

  4. After making changes, click Save.

The following table provides the name, default value, and description for each system setting, as well as links to any further information about the setting.

Name

Default Value

Description

Name

Default Value

Description

ABACEmergencyMode

FALSE

Global setting to determine of the organizations is in a crisis emergency mode

ABACHighRiskScore

10000

Threshold Risk Score to be used in ABAC rules

AccountInboxJoinAndProvisionFilter

A.PersonID IS NULL AND A.Disabled = 0 AND A.Deleted = 0 AND A.AccountTypeID  2 AND A.AccountUsageTypeID = 1  AND LENA.FirstName  0 AND LENA.LastName  0  

Filter for join and provision, only accounts matching the criteria will be included. This filter appends to the AccountInboxJoinFilter for join and to AccountInboxProvisionFilter for provision see AccountInboxing_GetJoinAndProvisionFilter for sample of how to extend

AccountInboxJoinByBirthDateFirstNameLastName

TRUE

If turned on, the join rule will try to join new discovered accounts to people, based on matches on those fields

AccountInboxJoinByCustomMatch

/* -- this is a sample of how to extend the join rules with custom logic. There would be two extra rules to join by Department and City/State --uncomment the outer comment to make it active --retrieve personID by Department, first and last name UPDATE A SET A.PersonID = PJoined.PersonID, A.AttributeJoinedBy ='Department' FROM #Accounts A INNER JOIN SELECT MINP.PersonID PersonID, P.Department , P.LastName , P.FirstName FROM Person P WITH NOLOCK WHERE P.Department IS NOT NULL AND P.PersonID  3 GROUP BY P.Department, P.LastName , P.FirstName HAVING COUNT1=1 PJoined ON PJoined.Department = A.Department AND PJoined.LastName  = A.LastName AND PJoined.FirstName = A.FirstName WHERE A.PersonID IS NULL --retrieve personID by City and State, first and last name UPDATE A SET A.PersonID = PJoined.PersonID, A.AttributeJoinedBy ='City and State' FROM #Accounts A INNER JOIN SELECT MINP.PersonID PersonID, P.City ,P.State, P.LastName, P.FirstName FROM Person P WITH NOLOCK WHERE P.City IS NOT NULL AND P.State IS NOT NULL AND P.PersonID  3 GROUP BY P.City ,P.State, P.LastName , P.FirstName HAVING COUNT1=1 PJoined ON PJoined.City  = A.City AND PJoined.State  = A.State AND PJoined.LastName  = A.LastName AND PJoined.FirstName = A.FirstName WHERE A.PersonID IS NULL */

Extra custom rule/s that run at the end of the join rules by executing the SQL. It has to follow the sample code 

AccountInboxJoinByEmailFirstNameLastName

TRUE

If turned on, the join rule will try to join new discovered accounts to people, based on matches on those fields

AccountInboxJoinByEmployeeIDFirstNameLastName

TRUE

If turned on, the join rule will try to join new discovered accounts to people, based on matches on those fields

AccountInboxJoinByPersonalEmailFirstNameLastName

TRUE

If turned on, the join rule will try to join new discovered accounts to people, based on matches on those fields

AccountInboxJoinFilter

A.AllowJoin = 1  

Filter for join, only accounts matching the criteria will be included. This filter appends to the AccountInboxJoinAndProvisionFilter see  AccountInboxing_GetJoinFilter for sample of how to extend

AccountInboxProvisionFilter

A.AllowProvision = 1 AND EXISTSSELECT 1 FROM AccountStore S WHERE A.AccountStoreID = S.AccountStoreID AND S.AllowPersonProvisioning = 1  

Filter for PROVISION, only accounts matching the criteria will be included. This filter appends to the AccountInboxJoinAndProvisionFilter see AccountInboxing_GetProvisionFilter for sample of how to extend

ADUserCreatePostProcessingAlertEnabled

FALSE

Global Setting to Enable or Disable ADUserCreatePostProcessingAlert

AllowSetMustChangePasswordAtNextLogon

TRUE

Allow Set Must Change Password At Next Logon

AllowWebApiMethodInvokeProfiling

TRUE



AllowWebApiMethodInvokesWithoutCheck

TRUE



API_IISAppName

API



ApplicationLauncherOAuthConsumerGUID

f0ade541-52d1-4f60-9201-f58e9dc8f7fb



ApplicationLauncherOAuthProviderApplicationGUID

25629B1D-1585-4D19-A58F-A74D00EA30B0



ApplicationLauncherSamlConnectionID

1



ApplicationLauncherServiceProviderGuid





Azure-AuthorizationRule

MyPolicy1



Azure-ClientID





Azure-ClientSecret





AzureCosmosWFDataAuthKey





AzureCosmosWFDataSerivceEndPoint

https://eidtest.documents.azure.com:443/



Azure-DataCenterLocation





AzureJobEngineDataConnectionString





AzureManticoreConnectionString



Azure Manticore Storage Container Connection String

AzureManticoreContainerName

manticore

The Azure container which holds the session recordings

AzureNotificationHubConnectionString



Azure Notification Hub Connection String

AzureNotificationHubName



Azure Notification Hub Name

Azure-Relay

eidtest10



Azure-RelayNamespace

tenantDRelay



Azure-ResourceGroup

JobEngine



AzureSPOCosmosDocumentDBAuthKey





AzureSPOCosmosDocumentDBServiceEndPointUrl

https://eidtest.documents.azure.com:443/



AzureSPOTableDBStorageDataConnectionString





Azure-SubscriptionID





Azure-TenantID





AzureWebJobDataConnectionString

DefaultEndpointsProtocol=https;AccountName=eidazurejobengine;AccountKey=kNGSID50BEmwdInwNwbOyFmzrO+M/PggUHkSU5Nb9xq/ACzFj0CWn4H5SNALMY17TKJFz7qbnVa8qojP25dVhw==;EndpointSuffix=core.windows.net



AzureWebJobHost

FALSE



AzureWFDataConnectionString

N/A

Specifies the Azure blob connection string when storing workflow data instance in Azure blob. When using Azure blob, the value of the WorkflowDataFactory setting must be updated from SQL to Azure.

BOTEnableBot

FALSE

Enables the EmpowerID Bot

BOTSecret

SI6PAkoG9cY.cwA.lko.Ysq1FIFhEkhAcYelcIkZyaHWkm6kJr0LeiE_JiafgvA

Secret for the EmpowerID bot

BOTUrl

https://webchat.botframework.com/embed/EmpowerIDBot1

Url of the EmpowerID Bot

Captcha-HideAndSkipValidationGloballyForTesting

FALSE

Hide Captcha And Skip Captcha Validation Globally For Testing

ConsumerSelfRegisterEnabled

TRUE

Consumer Self Registration setting to skip person registration in workflow if set to false

CoreIdentityProvisionLogic



Enter custom Core Identity provisioning logic

CountryISOAlpha2Code

US

Country ISO Alpha 2 code used to mask phone numbers during MFA. Refer to http://www.nationsonline.org/oneworld/country_code_list.htm

DeviceRegistrationCookieExpirationInDays

15

Expiration days of the device registration cookie

DisableCartCommentRequired

TRUE

DisableCartCommentRequired

DisableCrossPackagePublishCheck

FALSE



DUOAPIHostname





DUOIntergrationKey





DUOSecretKey





EidAuthenticationPassphrase

761a0e0e0330439286d0a739c7d7553b



EidAuthenticationSalt

016fc391fef14cf0a11e03a7b0814e7c



EIDBrowserExtensionChromeID

ompmlbphcpnjopgdoknaibgjagocjbbe

ID of the latest Chrome Browser Extension in the Chrome Store

EIDBrowserExtensionFFInstallPath

http://www.empowerID.com

Path to the installation location of the Firefox SSO Browser Extension

EIDBrowserExtensionIEInstallPath

http://crossrider.com/download/ie/81138

Path to the installation location of the Internet Explorer SSO Browser Extension

EIDBrowserExtensionVersion

81138

ID of the Browser Extension version used to build the URL for download and installation

EidCdnEnableResourceCheckCache

FALSE



EidCdnServerUrl

/EmpowerIDWebCDN



EidChromeFrameIEVersion

8



EidEnableLocalizationDebugging

FALSE



EidIdPSessionTimeout

480

IdP Portal Session Timeout in minutes

EidInstallationGUID

a32dd358-317b-4c84-bf10-a145236387c5



EidLoginAfterXFailsShowCaptcha

4

After x failures on the login page show the CAPTCHA

EidMaxReportResults

500000

Maximum number of results allowed in the email me as report feature

EidMultiFactorRetryLimit

3

Number of times to retry two-factor authentication before reverting to login page

EidPasswordlessLoginEnabled

TRUE

Option to enable/disable PasswordlessLogin option on the login page

EIDPersonExpirationNotificationDaysBefore

21

How many days to notify before person expires. Used by PersonExpirationNotification permanent WF

EIDPushNotificationTimeout

30

EmpowerID push notification and registration timeout in seconds

EmailApprovalByEmailEnabled

FALSE



EmailEWSEmailProviderMailboxAccountID





EmailEWSEmailProviderMailServerURL





EmailGlobalBCCRecipient



Sends a copy of every email to the specified email address in any mode as a BCC.

EmailSmtpEmailProviderFromAddress



Default from address for all EmpowerID notifications

EmailSmtpEmailProviderMailboxAccountID



AccountID of an account that has a vaulted password to be used for authenticated send email

EmailSmtpEmailProviderMailServer

dc-exch.addomain.com

Email Server used to send out EmpowerID System email messages

EmailSmtpEmailProviderUseSSL

TRUE

Use SSL for SMTP

EmailSmtpPortNumber

25

SMTP Port for TLS 

EmailSmtpUseTLS

TRUE

if true and EmailSmtpEmailProviderUseSSL is true, EID uses TLS to connect to the smtp server   

EmailTestMode

FALSE

If true, sends all emails to a specific email address in the EmailTestModeGlobalRecipient settings.

EmailTestModeGlobalRecipient



Sends a copy of every email to the specified email address in any mode as a recipient.

EmpowerID_IISAppName

EmpowerID



EmpowerIDWebCDN_IISAppName

EmpowerIDWebCDN



EmpowerIDWebIdPForms_IISAppName

EmpowerIDWebIdPForms



EmpowerIDWebIdPSmartCard_IISAppName

EmpowerIDWebIdPSmartCard



EmpowerIDWebIdPWindows_IISAppName

EmpowerIDWebIdPWindows



EmpowerIDWebIdPWSFederation_IISAppName

EmpowerIDWebIdPWSFederation



EmpowerIDWebReports_IISAppName

EmpowerIDWebReports



EnableBulkRecertification

FALSE

Enables or disables the ability to make a bulk decision for multiple recertification items

EnableCookieSecureAttribute

TRUE

Flag to enable/disable secure attribute on all the cookies

EnableRMQServer

FALSE



EnableWorkflowRedirectUrl

FALSE

Enables the redirecturl functionality of workflows

EnvironmentHeaderMessage



Displays a system-wide message at the top banner

GoogleMapsAPIKey

AIzaSyAiqp4HyDyFGg6SPad8gAa-hv-eFQz7FwA

API Key that is used with google maps

GoogleRecaptchaSiteVerifyUrl

https://www.google.com/recaptcha/api/siteverify

Verify url for google recaptcha cannot contain a querystring

HelpLoginMenuLink

https://docs.empowerid.com/

Link to external help

HelpMFALink

https://dotnetworkflow.jira.com/wiki/spaces/E2D/pages/87851239/Multifactor+Authentication

Help link for end user multi-factor authentication

IdPCacheRefreshInterval

0

The interval used to refresh the internal IdP cache for Single Sign On data. If set to ZERO, this setting is DISABLED.

IdPRuntimeCacheTimeout

10

CAUTION: This values should be between 1 and 525,600. The Sliding Expiration Timeout for HTTP Runtime Cache data in the EmpowerID Web IdPs in minutes

InventorySalesForceAccount

FALSE

setting to verify if account object should be inventoried or not

IpInfoAccessToken



IpInfo Access Token

ITShopIManageGrpAccountMode

TRUE

In IT Shop Resources I manage show the simple mode group account grid not RBAC delegation control

ITShopIManageGrpRBACSimpleMode

TRUE

In IT Shop Resources I manage show the RBAC delegation control in simple mode

ITShopMyAccessShowExpiresXDays

30

Setting to control which expiring access shows to the user. Only access expiring in X days.

JoinToCIByBirthDateFirstNameLastName

FALSE

Set this value to true if you want to join Person to Core Identity by FirstName, LastName and DateOfBirth.

JoinToCIByFirstNameLastName

TRUE

Set this value to true if you want to join Person to Core Identity by FirstName and LastName.

JoinToCICustomMatchAttributes



Enter a comma separated list of the attributes that should be used to join Person to Core Identity.  For example: to join by DateOfBirth and SSN enter:  DateOfBirth, SocialSecurityNumber

LocaleFlagsEnabled

FALSE

Enables or disables displaying country flags in the locale picker

LocalePickerEnabled

TRUE

Enables or disables the language picker in the user interface

LocaleRecordingMode

TRUE

Tells the system to record locale keys that are being used

LocalizationDefaultLocale

en-US

Default Fallback Locale

LoginAfterXFailsShowCaptcha

4

After x failures on the login page show the CAPTCHA

LoginLookupAccountByPersonLogonNameToValidatePassword

TRUE

Attempt to validate the password against each of the person's accounts that belong to an Account Store where pass-through authentication is enabled

LoginNameEnableGenerate

TRUE

Enables the Generate endpoint of the LoginName

LoginPageAccountUnlockEnabled

TRUE

Specifies whether or not the account unlock button is enabled on the login page

LoginPageBotEnabled

TRUE

Enable the chat with bot button on the login page

LoginPageConsumerSelfRegisterEnabled

FALSE

Specifies whether or not the self register button is enabled on the login page

LoginPageemaillostusernameEnabled

TRUE

Specifies whether or not mail to username is enabled on the login page

LoginPagePartnerSelfRegisterEnabled

TRUE

Specifies whether or no the partner self register page is enabled on the login page

LoginPagepasswordresetcenterEnabled

TRUE

Specifies whether or not password reset center is enabled on the login page

LoginPageRequestOathTokenEnabled

TRUE

Specifies whether or not request oath token is enabled on the login page

LoginPageSupplierCompanyRegistrationEnabled

TRUE

Specifies whether or not the Supplier Company Registration link is enabled on the login page

MaximumLoginTravelSpeed

450

Maximum Login Travel Speed

MessageBusSettings

[{Id:8f0cade0-99d0-43f5-96e8-b0bbdc8bea7a,PluginType:Syslog,MessageEntryType:Error,ConnectionString:192.168.254.138:514,AuxiliarySettings:{Publisher:null,Subscriber:null,Topic:null}},{Id:55fb5db1-4c65-4070-9307-f038393c7f3a,PluginType:Syslog,MessageEntryType:Information,ConnectionString:192.168.254.138:514,AuxiliarySettings:{Publisher:null,Subscriber:null,Topic:null}}]



MobileClientOAuthApplicationID

A05391D2-D4B0-49F5-9D3B-A8AF009B7247

EmpowerID Mobile Client OAuthProviderApplicationID

OathTokenIssuerName

EmpowerID Dev

Name of the Oath Token Issuer

OAuth_IISAppName

OAuth



OAuthConsumerGUID

91A7642F-0313-4496-9125-D4DB2782D111

OAuth connection for Twilio API access

OwnerRequiredAssigneeTypeID

1

For Responsible Party control - OwnerRequiredAssigneeTypeID - set a value to only allow that type to be assigned - 1 Person 2 Account 3 Group 4 Business Role and Location 5 Management Role 7 Query-Based Collection

PA-BusinessRoleDetails-Custom1

CustomAttribute1,CustomAttribute2,CustomAttribute3,CustomAttribute4,CustomAttribute5,CustomAttribute6,CustomAttribute7,CustomAttribute8,CustomAttribute9,CustomAttribute10

Page attributes for Business Role viewone page custom attributes 1-10

PA-BusinessRoleDetails-Custom11

CustomAttribute11,CustomAttribute12,CustomAttribute13,CustomAttribute14,CustomAttribute15,CustomAttribute16,CustomAttribute17,CustomAttribute18,CustomAttribute19,CustomAttribute20

Page attributes for Business Role viewone page custom attributes 11-20

PA-BusinessRoleDetails-Extension1

ExtensionAttribute1,ExtensionAttribute2,ExtensionAttribute3,ExtensionAttribute4,ExtensionAttribute5,ExtensionAttribute6,ExtensionAttribute7,ExtensionAttribute8,ExtensionAttribute9,ExtensionAttribute10

Page attributes for Business Role viewone page extension attributes 1-10

PA-BusinessRoleDetails-Extension11

ExtensionAttribute11,ExtensionAttribute12,ExtensionAttribute13,ExtensionAttribute14,ExtensionAttribute15,ExtensionAttribute16,ExtensionAttribute17,ExtensionAttribute18,ExtensionAttribute19,ExtensionAttribute20

Page attributes Business Role viewone page extension attributes 11-20

PA-BusinessRoleLocationDetails-Custom1

CustomAttribute1,CustomAttribute2,CustomAttribute3,CustomAttribute4,CustomAttribute5,CustomAttribute6,CustomAttribute7,CustomAttribute8,CustomAttribute9,CustomAttribute10

Page attributes for Business Role Location viewone page custom attributes 1-10

PA-BusinessRoleLocationDetails-Custom11

CustomAttribute11,CustomAttribute12,CustomAttribute13,CustomAttribute14,CustomAttribute15,CustomAttribute16,CustomAttribute17,CustomAttribute18,CustomAttribute19,CustomAttribute20

Page attributes for Business Role Location viewone page custom attributes 11-20

PA-BusinessRoleLocationDetails-Extension

ExtensionAttribute1,ExtensionAttribute2,ExtensionAttribute3,ExtensionAttribute4,ExtensionAttribute5,ExtensionAttribute6,ExtensionAttribute7,ExtensionAttribute8,ExtensionAttribute9,ExtensionAttribute10,ExtensionAttribute11,ExtensionAttribute12,ExtensionAttribute13,ExtensionAttribute14,ExtensionAttribute15

Page attributes for Business Role Location viewone page extension attributes 1-15

Page-PersonDetails-ManageTab-ShowRow1

TRUE

Page-PersonDetails-ShowRow1 to show the first row of attributes

Page-PersonDetails-ManageTab-ShowRow2

FALSE

Page-PersonDetails-ShowRow2 to show the 2nd row of attributes

Page-PersonDetails-ManageTab-ShowRow3

TRUE

Page-PersonDetails-ShowRow3 to show the 3rd row of attributes

Page-PersonDetails-ManageTab-ShowRow4

TRUE

Page-PersonDetails-ShowRow4 to show the 4th row of attributes

PA-GroupDetails-Custom1

CustomAttribute1,CustomAttribute2,CustomAttribute3,CustomAttribute4,CustomAttribute5,CustomAttribute6,CustomAttribute7,CustomAttribute8,CustomAttribute9,CustomAttribute10

Page attributes for Group Viewone Custom attributes 1-10

PA-GroupDetails-Custom11

CustomAttribute11,CustomAttribute12,CustomAttribute13,CustomAttribute14,CustomAttribute15,CustomAttribute16,CustomAttribute17,CustomAttribute18,CustomAttribute19,CustomAttribute20

Page attributes for Group Viewone Custom attributes 11-20

PA-GroupDetails-Extension1

ExtensionAttribute1,ExtensionAttribute2,ExtensionAttribute3,ExtensionAttribute4,ExtensionAttribute5,ExtensionAttribute6,ExtensionAttribute7,ExtensionAttribute8,ExtensionAttribute9,ExtensionAttribute10

Page attributes for Group Viewone extension attributes 1-10

PA-GroupDetails-Extension11

ExtensionAttribute11,ExtensionAttribute12,ExtensionAttribute13,ExtensionAttribute14,ExtensionAttribute15,ExtensionAttribute16,ExtensionAttribute17,ExtensionAttribute18,ExtensionAttribute19,ExtensionAttribute20

Page attributes for Group Viewone extension attributes 11-20

PA-LocationDetails-Custom1

CustomAttribute1,CustomAttribute2,CustomAttribute3,CustomAttribute4,CustomAttribute5,CustomAttribute6,CustomAttribute7,CustomAttribute8,CustomAttribute9,CustomAttribute10

Location viewone page attributes custom attributes 1-10

PA-LocationDetails-Custom11

CustomAttribute11,CustomAttribute12,CustomAttribute13,CustomAttribute14,CustomAttribute15,CustomAttribute16,CustomAttribute17,CustomAttribute18,CustomAttribute19,CustomAttribute20

Location viewone page attributes custom attributes 11-20

PA-LocationDetails-Extension1

ExtensionAttribute1,ExtensionAttribute2,ExtensionAttribute3,ExtensionAttribute4,ExtensionAttribute5,ExtensionAttribute6,ExtensionAttribute7,ExtensionAttribute8,ExtensionAttribute9,ExtensionAttribute10

Location viewone page attributes extension attribute 1-10

PA-LocationDetails-Extension11

ExtensionAttribute11,ExtensionAttribute12,ExtensionAttribute13,ExtensionAttribute14,ExtensionAttribute15,ExtensionAttribute16,ExtensionAttribute17,ExtensionAttribute18,ExtensionAttribute19,ExtensionAttribute20

Location viewone page attributes extension attributes 11-20

PA-ManagementRoleDetails-Extension1

ExtensionAttribute1,ExtensionAttribute2,ExtensionAttribute3,ExtensionAttribute4,ExtensionAttribute5,ExtensionAttribute6,ExtensionAttribute7,ExtensionAttribute8,ExtensionAttribute9,ExtensionAttribute10

Management role viewone page attributes extension attributes 1-10

PA-ManagementRoleDetails-Extension11

ExtensionAttribute11,ExtensionAttribute12,ExtensionAttribute13,ExtensionAttribute14,ExtensionAttribute15,ExtensionAttribute16,ExtensionAttribute17,ExtensionAttribute18,ExtensionAttribute19,ExtensionAttribute20

Management Role viewone page attributes extension attributes 11-20

PAMMFAEnabled

TRUE

Enable or disable Multi-Factor Authentication options for Privileged Access Management

PAMOtherAccessOptionsEnabled

FALSE

Hides or shows other access request methods - like Request Elevation to local admin or a temp local admin account

PA-PersonDetails-Activity-Advanced

ValidFrom,ValidUntil,PersonOrganizationStatusFriendlyName,TerminationBusinessProcessTaskID,AllowLoginOnlyUsingOwnedAccount,PasswordManagerPolicyID,ProfileManagerLastUpdated,AgreementVersion,RiskFactorTotal,RiskFactorLastCalculated,PersonUsageTypeFriendlyName,IsPrivPersonForPersonID,CreatedDate,ModifiedDate

PA-PersonDetails-Activity-Advanced

PA-PersonDetails-Activity-General

Active,LockedUntil,Login,LastLoginDate,PersonPasswordExpirationDate,LastPasswordChangedDate,MustChangePasswordOnNextLogin,PersonEnrolled,LastEnrollmentTime,IsOutOfOffice

PA-PersonDetails-Activity-General

PA-PersonDetails-Advanced

Active,LockedUntil,PersonProofingStatusFriendlyName,ValidFrom,ValidUntil,ValidUntilExtended,PersonOrganizationStatusFriendlyName,TerminationBusinessProcessTaskID,AllowLoginOnlyUsingOwnedAccount,AllowAttributeSync,AllowPasswordOperations,PasswordManagerPolicyID,PasswordManagerLockedUntil,ProfileManagerLastUpdated,AgreementVersion,RiskFactorTotal,RiskFactorLastCalculated,PersonID,CreatedDate,ModifiedDate,ResourceID,PreviousPersonManagerID,FuturePersonManagerID,GeneratedFromAccountID

PA-PersonDetails-Advanced

PA-PersonDetails-Contact

Telephone,MobilePhone,Fax,Email,PersonalEmail,Address

PA-PersonDetails-Contact

PA-PersonDetails-Extension1

ExtensionAttribute1,ExtensionAttribute2,ExtensionAttribute3,ExtensionAttribute4,ExtensionAttribute5,ExtensionAttribute6,ExtensionAttribute7,ExtensionAttribute8,ExtensionAttribute9,ExtensionAttribute10

PA-PersonDetails-Extension1

PA-PersonDetails-Extension11

ExtensionAttribute11,ExtensionAttribute12,ExtensionAttribute13,ExtensionAttribute14,ExtensionAttribute15,ExtensionAttribute16,ExtensionAttribute17,ExtensionAttribute18,ExtensionAttribute19,ExtensionAttribute20

PA-PersonDetails-Extension11

PA-PersonDetails-General

Login,LocaleFriendlyName,DefaultHomePage,AboutMe,Notes,LastLoginDate,PersonPasswordExpirationDate,LastPasswordChangedDate,MustChangePasswordOnNextLogin,PersonEnrolled,LastEnrollmentTime,IsOutOfOffice,MiddleName,SecondLastName,BirthName,PersonalTitle,IsExternal,EmployeeID,EmployeeIDOther,JobCode

PA-PersonDetails-General

PA-PersonDetails-LegalEntity

LegalEntityCountryName,BranchName,BranchLocationPOID,BranchLocationCityKey,DivisionShortName,ContractTypeName,UnitShortName

Page attributes for view one person details page manage tab

PA-PersonDetails-PositionInfo

MainPosition,PositionCity,PositionCountry,PositionUnitKey,PositionUnitName,Assistant,TitleShortName,TWCodeShortName,TWCodeName,TWCodeGroup

Page attributes for person details page manage tab 

PA-PersonDetails-Report-Authentication

RequireSecondFactor,LoginRequireDeviceRegistration,AllowLoginOnlyUsingOwnedAccount,AllowAttributeSync,AllowPasswordOperations,PasswordManagerPolicyID,AgreementVersion

PA-PersonDetails-Report-Authentication

PA-PersonDetails-Report-General

Active,LockedUntil,ValidFrom,ValidUntil,PersonOrganizationStatusFriendlyName,TerminationBusinessProcessTaskID,ProfileManagerLastUpdated,RiskFactorTotal,RiskFactorLastCalculated,IsPrivPersonForPersonID,PersonID,CreatedDate,ModifiedDate,ResourceID

PA-PersonDetails-Report-General

PA-PersonDetails-Work

Title,Department,Office,Company,Location

PA-PersonDetails-Work

PA-RecertAttestationPersonDirectDetails-Contact

Email,Telephone,MobilePhone,Fax,PersonalEmail,Address

PA-RecertAttestationPersonDirectDetails-Contact

PA-RecertAttestationPersonDirectDetails-Work

Title,Department,Office,Company,Location,OrgRoleOrgZoneFriendlyName

PA-RecertAttestationPersonDirectDetails-Work

PA-ViewSelf-ActivityHistory-Advanced

ValidFrom,ValidUntil,PersonOrganizationStatusFriendlyName,TerminationBusinessProcessTaskID,LoginRequireDeviceRegistration,RequireSecondFactor,AllowLoginOnlyUsingOwnedAccount,PasswordManagerPolicyID,ProfileManagerLastUpdated,AgreementVersion,RiskFactorTotal,RiskFactorLastCalculated,IsPrivPersonForPersonID,CreatedDate,ModifiedDate

View self page activity history tab advanced section attributes

PA-ViewSelf-Advanced

Active,LockedUntil,ValidFrom,ValidUntilLocalTime,PersonOrganizationStatusFriendlyName,TerminationBusinessProcessTaskID,AllowLoginOnlyUsingOwnedAccount,AllowAttributeSync,AllowPasswordOperations,PasswordManagerPolicyID,PasswordManagerLockedUntil,ProfileManagerLastUpdated,AgreementVersion,RiskFactorTotal,RiskFactorLastCalculated,IsPrivPersonForPersonID,PersonID,CreatedDate,ModifiedDate,ResourceID

View self Report tab advanced section attributes

PA-ViewSelf-Authentication

RequireSecondFactor,LoginRequireDeviceRegistration,AllowLoginOnlyUsingOwnedAccount,AllowAttributeSync,AllowPasswordOperations,PasswordManagerPolicyID,AgreementVersion

View self page report tab authentication attributes

PA-ViewSelf-Contact

Telephone,MobilePhone,Fax,Email,PersonalEmail,Address

Viewself contact section attributes

PA-ViewSelf-Extension1

ExtensionAttribute1,ExtensionAttribute2,ExtensionAttribute3,ExtensionAttribute4,ExtensionAttribute5,ExtensionAttribute6,ExtensionAttribute7,ExtensionAttribute8,ExtensionAttribute9,ExtensionAttribute10

View self page report tab extension attributes 1-11

PA-ViewSelf-Extension11

ExtensionAttribute11,ExtensionAttribute12,ExtensionAttribute13,ExtensionAttribute14,ExtensionAttribute15,ExtensionAttribute16,ExtensionAttribute17,ExtensionAttribute18,ExtensionAttribute19,ExtensionAttribute20

View self page report tab extension attributes 11-20

PA-ViewSelf-General

Active,LockedUntil,Login,LastLoginDate,PersonPasswordExpirationDate,LastPasswordChangedDate,MustChangePasswordOnNextLogin,PersonEnrolled,LastEnrollmentTime,IsOutOfOffice

View self page activity tab general section attributes

PA-ViewSelf-Work

Title,Department,Office,Company,Location,PersonManagerName

View self work section attributes

PreferredCountry

us,de,ch

Enter the country short codes one after the other in the above format to set them as the preferred countries to show at the top of the drop-down list in the International Telephone Input field.

PSMAWSBucketName



Privileged Session Manager Amazon AWS S3 bucket to store recordings

PSMAWSRegionEndpoint



Privileged Session Manager Amazon AWS region for S3 bucket to store recordings

PSMAzureBucketName

Recordings

Privileged Session Manager Azure bucket name to store recordings

PSMClientKey

bcb5909d-a600-413c-a9a3-406afa551307

Privileged Session Manager OAuth Client API key for ClickOnce client

PSMClientURL

https://rdp.empowersso.com/start

URL for Privileged Session Manager clickonce client Manticore  https://s3.amazonaws.com/manticoredevrick/SecureAccessGateway.application /  https://54.146.165.121/myrtille

PSMClientURLDefault

https://gatewayprod.empoweriam.com

Gateway PROD RDP Manticore v2.0

PSMEnabled

TRUE

Determines whether the Privileged Session Manager RDP proxy is enabled in the user interface for this installation

PSMOAuthConsumerGUID

3a2a8bc2-7d90-4930-a589-3a061ae234cb

Privileged Session Manager RDP client OAuth credentials for Amazon AWS account for storing recordings

PSMRecordKeyStrokes

TRUE

Determines whether recordings are captured for the privileged session manager

PSMStorageMode

AZURE

Determines whether recordings are stored on AWS, AZURE, or in a UNC network folder location.

PSMUNCStorageLocation



When PSMStorageMode is set to UNC, the UNC path to a network folder for storage of recordings

PublishToAzureConnectionString





PublishToStorage





PublishToTFSLocalPath





PublishToTFSPath





PublishToTFSURL





PublishToUNC





ReCaptchaAuthConsumerGUID

d68cbddb-a2a8-4de3-8daf-f1ff7f999134

Google API key and secret for Recaptcha

Recertification-AllowSelectSuggestedRole

FALSE

Allow selection of a suggested Business Role and Location when revoking a recertification

Recertification-AutoProcessBusinessRoleAndLocationRevocations

TRUE

Enable auto delete business Role and Location re-certification revocations

Recertification-EnableConditionalApproval

FALSE

Enables the decision button for conditional approval where a time constraint must be selected

Recertification-ShowCertifierPhoto

TRUE

Shows or hides the current certifier photo on the Manager review screen

RemoveDiacriticsForEmailAndAlias

FALSE



RemoveDiacriticsForEmailAndAlias_ReplaceEszett

FALSE



RestrictCountries

ad, ae, af, ag, ai, al, am, an, ao, aq, ar, as, at, au, aw, ax, az, ba, bb, bd, be, bf, bg, bh, bi, bj, bl, bm, bn, bo, br, bs, bt, bv, bw, by, bz, ca, cc, cd, cf, cg, ch, ci, ck, cl, cm, cn, co, cr, cu, cv, cx, cy, cz, de, dj, dk, dm, do, dz, ec, ee, eg, eh, er, es, et, fi, fj, fk, fm, fo, fr, ga, gb, gd, ge, gf, gg, gh, gi, gl, gm, gn, gp, gq, gr, gs, gt, gu, gw, gy, hk, hm, hn, hr, ht, hu, id, ie, il, im, in, io, iq, ir, is, it, je, jm, jo, jp, ke, kg, kh, ki, km, kn, kp, kr, kw, ky, kz, la, lb, lc, li, lk, lr, ls, lt, lu, lv, ly, ma, mc, md, me, mf, mg, mh, mk, ml, mm, mn, mo, mp, mq, mr, ms, mt, mu, mv, mw, mx, my, mz, na, nc, ne, nf, ng, ni, nl, no, np, nr, nu, nz, om, pa, pe, pf, pg, ph, pk, pl, pm, pn, pr, ps, pt, pw, py, qa, re, ro, rs, ru, rw, sa, sb, sc, sd, se, sg, sh, si, sj, sk, sl, sm, sn, so, sr, ss, st, sv, sy, sz, tc, td, tf, tg, th, tj, tk, tl, tm, tn, to, tr, tt, tv, tw, tz, ua, ug, um, us, uy, uz, va, vc, ve, vg, vi, vn, vu, wf, ws, ye, yt, za, zm, zw

Represents the array of countries that are allowed to show up in the International Telephone Input field. Remove the countries you don't want on the drop-down list.

RMQAssemblyType

TheDotNetFactory.Framework.RMQueue.RabbitMQ.dll



RMQConnectionString





RunEmpowerIDJobAsync

TRUE



RunWorkflowLocally

TRUE

Global setting to determine if workflow should run in UI w3p 

SignUpInitialCountry

ch

The Initial country for the Telephone input field in the sign up page. The value needs to be two letter short for the country according to the TelInput index eg. Central African Republic - cf | Chile - cl | Cambodia - kh

SyncOffice365License

FALSE

Optionally synch O365 to ExtensionAttribute23 of the account

TaskRenotificationEmailIsBulk

FALSE

If set to true and when no custom email template exists, default task re-notification bulk email will be sent in bulk

TerminatePersonAdvancedInitiator

2

PersonID for initiator of the TerminatePersonAdvance workflow which is called by a permanent workflow for people whose ValidUntil has expired.

TwilioFromPhone

1.61E+10

The from phone number used in twilio communications

TwilioMessagingServiceID



ID of the messaging service being used to send SMS//MG0d8f5224acb980fd5ac52054f9ced3a1

TwilioOTPAppName

Twilio

The name of the Twilio OAuth Application whose credentials are being used to send SMS and Voice messages

TwilioProviderAssemblyQualifiedName

TheDotNetFactory.Framework.Api.Operations.Services.TwilioDirectProvider, TheDotNetFactory.Framework.Api.Operations, Version=0.0.0.0

The provider that will handle sending twilio communications

TwilioRemoteProviderHost

http://localhost:13943/api/twilio

If using the remote twilio provider, this is the url that is used to connect to the remote provider

UseTwilioMessagingService

FALSE

To use Twilio Messaging service to send SMS and Voice, set to True.

WebCdnPath

c:\source\EID\2014HF\Root\UI\Web Sites\EmpowerID.Web\EmpowerID.Web.Cdn



WebUIRuntimeCacheTimeout

20

The Sliding Expiration Timeout for HTTP Runtime Cache data in the EmpowerID Web UI in minutes

WorkflowDataFactory

SQL

This setting specifies the storage location for workflow instance data. There are two possible values, SQL and Azure.

  • SQL — Workflow instance data is stored in the EmpowerID SQL-based Identity Warehouse

  • Azure — Workflow instance data is stored in Azure blob; if selected, the connection string to the Azure blob must be added as the value of the AzureWFDataConnectionString setting.

YubicoOTPApiKey



Yubico OTP API Key

YubicoOTPClientID



Yubico OTP ClientID