Configuring EmowerID System Settings

ABACEmergencyMode

FALSE

Global setting to determine of the organizations is in a crisis emergency mode

ABACHighRiskScore

10000

Threshold Risk Score to be used in ABAC rules

AccountInboxJoinAndProvisionFilter

A.PersonID IS NULL AND A.Disabled = 0 AND A.Deleted = 0 AND A.AccountTypeID  2 AND A.AccountUsageTypeID = 1  AND LENA.FirstName  0 AND LENA.LastName  0  

Filter for join and provision, only accounts matching the criteria will be included. This filter appends to the AccountInboxJoinFilter for join and to AccountInboxProvisionFilter for provision see AccountInboxing_GetJoinAndProvisionFilter for sample of how to extend

AccountInboxJoinByBirthDateFirstNameLastName

TRUE

If turned on, the join rule will try to join new discovered accounts to people, based on matches on those fields

AccountInboxJoinByCustomMatch

/* -- this is a sample of how to extend the join rules with custom logic. There would be two extra rules to join by Department and City/State --uncomment the outer comment to make it active --retrieve personID by Department, first and last name UPDATE A SET A.PersonID = PJoined.PersonID, A.AttributeJoinedBy ='Department' FROM #Accounts A INNER JOIN SELECT MINP.PersonID PersonID, P.Department , P.LastName , P.FirstName FROM Person P WITH NOLOCK WHERE P.Department IS NOT NULL AND P.PersonID  3 GROUP BY P.Department, P.LastName , P.FirstName HAVING COUNT1=1 PJoined ON PJoined.Department = A.Department AND PJoined.LastName  = A.LastName AND PJoined.FirstName = A.FirstName WHERE A.PersonID IS NULL --retrieve personID by City and State, first and last name UPDATE A SET A.PersonID = PJoined.PersonID, A.AttributeJoinedBy ='City and State' FROM #Accounts A INNER JOIN SELECT MINP.PersonID PersonID, P.City ,P.State, P.LastName, P.FirstName FROM Person P WITH NOLOCK WHERE P.City IS NOT NULL AND P.State IS NOT NULL AND P.PersonID  3 GROUP BY P.City ,P.State, P.LastName , P.FirstName HAVING COUNT1=1 PJoined ON PJoined.City  = A.City AND PJoined.State  = A.State AND PJoined.LastName  = A.LastName AND PJoined.FirstName = A.FirstName WHERE A.PersonID IS NULL */

Extra custom rule/s that run at the end of the join rules by executing the SQL. It has to follow the sample code 

AccountInboxJoinByEmailFirstNameLastName

TRUE

If turned on, the join rule will try to join new discovered accounts to people, based on matches on those fields

AccountInboxJoinByEmployeeIDFirstNameLastName

TRUE

If turned on, the join rule will try to join new discovered accounts to people, based on matches on those fields

AccountInboxJoinByPersonalEmailFirstNameLastName

TRUE

If turned on, the join rule will try to join new discovered accounts to people, based on matches on those fields

AccountInboxJoinFilter

A.AllowJoin = 1  

Filter for join, only accounts matching the criteria will be included. This filter appends to the AccountInboxJoinAndProvisionFilter see  AccountInboxing_GetJoinFilter for sample of how to extend

AccountInboxProvisionFilter

A.AllowProvision = 1 AND EXISTSSELECT 1 FROM AccountStore S WHERE A.AccountStoreID = S.AccountStoreID AND S.AllowPersonProvisioning = 1  

Filter for PROVISION, only accounts matching the criteria will be included. This filter appends to the AccountInboxJoinAndProvisionFilter see AccountInboxing_GetProvisionFilter for sample of how to extend

ADUserCreatePostProcessingAlertEnabled

FALSE

Global Setting to Enable or Disable ADUserCreatePostProcessingAlert

AllowSetMustChangePasswordAtNextLogon

TRUE

Allow Set Must Change Password At Next Logon

AllowWebApiMethodInvokeProfiling

TRUE

AllowWebApiMethodInvokesWithoutCheck

TRUE

API_IISAppName

API

ApplicationLauncherOAuthConsumerGUID

f0ade541-52d1-4f60-9201-f58e9dc8f7fb

ApplicationLauncherOAuthProviderApplicationGUID

25629B1D-1585-4D19-A58F-A74D00EA30B0

ApplicationLauncherSamlConnectionID

1

ApplicationLauncherServiceProviderGuid

Azure-AuthorizationRule

MyPolicy1

Azure-ClientID

Azure-ClientSecret

AzureCosmosWFDataAuthKey

AzureCosmosWFDataSerivceEndPoint

https://eidtest.documents.azure.com:443/

Azure-DataCenterLocation

AzureJobEngineDataConnectionString

AzureManticoreConnectionString

Azure Manticore Storage Container Connection String

AzureManticoreContainerName

manticore

The Azure container which holds the session recordings

AzureNotificationHubConnectionString

Azure Notification Hub Connection String

AzureNotificationHubName

Azure Notification Hub Name

Azure-Relay

eidtest10

Azure-RelayNamespace

tenantDRelay

Azure-ResourceGroup

JobEngine

AzureSPOCosmosDocumentDBAuthKey

AzureSPOCosmosDocumentDBServiceEndPointUrl

https://eidtest.documents.azure.com:443/

AzureSPOTableDBStorageDataConnectionString

Azure-SubscriptionID

Azure-TenantID

AzureWebJobDataConnectionString

DefaultEndpointsProtocol=https;AccountName=eidazurejobengine;AccountKey=kNGSID50BEmwdInwNwbOyFmzrO+M/PggUHkSU5Nb9xq/ACzFj0CWn4H5SNALMY17TKJFz7qbnVa8qojP25dVhw==;EndpointSuffix=core.windows.net

AzureWebJobHost

FALSE

AzureWFDataConnectionString

N/A

Specifies the Azure blob connection string when storing workflow data instance in Azure blob. When using Azure blob, the value of the WorkflowDataFactory setting must be updated from SQL to Azure.

BOTEnableBot

FALSE

Enables the EmpowerID Bot

BOTSecret

SI6PAkoG9cY.cwA.lko.Ysq1FIFhEkhAcYelcIkZyaHWkm6kJr0LeiE_JiafgvA

Secret for the EmpowerID bot

BOTUrl

https://webchat.botframework.com/embed/EmpowerIDBot1

Url of the EmpowerID Bot

Captcha-HideAndSkipValidationGloballyForTesting

FALSE

Hide Captcha And Skip Captcha Validation Globally For Testing

ConsumerSelfRegisterEnabled

TRUE

Consumer Self Registration setting to skip person registration in workflow if set to false

CoreIdentityProvisionLogic

Enter custom Core Identity provisioning logic

CountryISOAlpha2Code

US

Country ISO Alpha 2 code used to mask phone numbers during MFA. Refer to http://www.nationsonline.org/oneworld/country_code_list.htm

DeviceRegistrationCookieExpirationInDays

15

Expiration days of the device registration cookie

DisableCartCommentRequired

TRUE

DisableCartCommentRequired

DisableCrossPackagePublishCheck

FALSE

DUOAPIHostname

DUOIntergrationKey

DUOSecretKey

EidAuthenticationPassphrase

761a0e0e0330439286d0a739c7d7553b

EidAuthenticationSalt

016fc391fef14cf0a11e03a7b0814e7c

EIDBrowserExtensionChromeID

ompmlbphcpnjopgdoknaibgjagocjbbe

ID of the latest Chrome Browser Extension in the Chrome Store

EIDBrowserExtensionFFInstallPath

http://www.empowerID.com

Path to the installation location of the Firefox SSO Browser Extension

EIDBrowserExtensionIEInstallPath

http://crossrider.com/download/ie/81138

Path to the installation location of the Internet Explorer SSO Browser Extension

EIDBrowserExtensionVersion

81138

ID of the Browser Extension version used to build the URL for download and installation

EidCdnEnableResourceCheckCache

FALSE

EidCdnServerUrl

/EmpowerIDWebCDN

EidChromeFrameIEVersion

8

EidEnableLocalizationDebugging

FALSE

EidIdPSessionTimeout

480

IdP Portal Session Timeout in minutes

EidInstallationGUID

a32dd358-317b-4c84-bf10-a145236387c5

EidLoginAfterXFailsShowCaptcha

4

After x failures on the login page show the CAPTCHA

EidMaxReportResults

500000

Maximum number of results allowed in the email me as report feature

EidMultiFactorRetryLimit

3

Number of times to retry two-factor authentication before reverting to login page

EidPasswordlessLoginEnabled

TRUE

Option to enable/disable PasswordlessLogin option on the login page

EIDPersonExpirationNotificationDaysBefore

21

How many days to notify before person expires. Used by PersonExpirationNotification permanent WF

EIDPushNotificationTimeout

30

EmpowerID push notification and registration timeout in seconds

EmailApprovalByEmailEnabled

FALSE

EmailEWSEmailProviderMailboxAccountID

EmailEWSEmailProviderMailServerURL

EmailGlobalBCCRecipient

Sends a copy of every email to the specified email address in any mode as a BCC.

EmailSmtpEmailProviderFromAddress

Default from address for all EmpowerID notifications

EmailSmtpEmailProviderMailboxAccountID

AccountID of an account that has a vaulted password to be used for authenticated send email

EmailSmtpEmailProviderMailServer

dc-exch.addomain.com

Email Server used to send out EmpowerID System email messages

EmailSmtpEmailProviderUseSSL

TRUE

Use SSL for SMTP

EmailSmtpPortNumber

25

SMTP Port for TLS 

EmailSmtpUseTLS

TRUE

if true and EmailSmtpEmailProviderUseSSL is true, EID uses TLS to connect to the smtp server   

EmailTestMode

FALSE

If true, sends all emails to a specific email address in the EmailTestModeGlobalRecipient settings.

EmailTestModeGlobalRecipient

Sends a copy of every email to the specified email address in any mode as a recipient.

EmpowerID_IISAppName

EmpowerID

EmpowerIDWebCDN_IISAppName

EmpowerIDWebCDN

EmpowerIDWebIdPForms_IISAppName

EmpowerIDWebIdPForms

EmpowerIDWebIdPSmartCard_IISAppName

EmpowerIDWebIdPSmartCard

EmpowerIDWebIdPWindows_IISAppName

EmpowerIDWebIdPWindows

EmpowerIDWebIdPWSFederation_IISAppName

EmpowerIDWebIdPWSFederation

EmpowerIDWebReports_IISAppName

EmpowerIDWebReports

EnableBulkRecertification

FALSE

Enables or disables the ability to make a bulk decision for multiple recertification items

EnableCookieSecureAttribute

TRUE

Flag to enable/disable secure attribute on all the cookies

EnableRMQServer

FALSE

EnableWorkflowRedirectUrl

FALSE

Enables the redirecturl functionality of workflows

EnvironmentHeaderMessage

Displays a system-wide message at the top banner

GoogleMapsAPIKey

AIzaSyAiqp4HyDyFGg6SPad8gAa-hv-eFQz7FwA

API Key that is used with google maps

GoogleRecaptchaSiteVerifyUrl

https://www.google.com/recaptcha/api/siteverify

Verify url for google recaptcha cannot contain a querystring

HelpLoginMenuLink

https://docs.empowerid.com/

Link to external help

HelpMFALink

https://dotnetworkflow.jira.com/wiki/spaces/E2D/pages/87851239/Multifactor+Authentication

Help link for end user multi-factor authentication

IdPCacheRefreshInterval

0

The interval used to refresh the internal IdP cache for Single Sign On data. If set to ZERO, this setting is DISABLED.

IdPRuntimeCacheTimeout

10

CAUTION: This values should be between 1 and 525,600. The Sliding Expiration Timeout for HTTP Runtime Cache data in the EmpowerID Web IdPs in minutes

InventorySalesForceAccount

FALSE

setting to verify if account object should be inventoried or not

IpInfoAccessToken

IpInfo Access Token

ITShopIManageGrpAccountMode

TRUE

In IT Shop Resources I manage show the simple mode group account grid not RBAC delegation control

ITShopIManageGrpRBACSimpleMode

TRUE

In IT Shop Resources I manage show the RBAC delegation control in simple mode

ITShopMyAccessShowExpiresXDays

30

Setting to control which expiring access shows to the user. Only access expiring in X days.

JoinToCIByBirthDateFirstNameLastName

FALSE

Set this value to true if you want to join Person to Core Identity by FirstName, LastName and DateOfBirth.

JoinToCIByFirstNameLastName

TRUE

Set this value to true if you want to join Person to Core Identity by FirstName and LastName.

JoinToCICustomMatchAttributes

Enter a comma separated list of the attributes that should be used to join Person to Core Identity.  For example: to join by DateOfBirth and SSN enter:  DateOfBirth, SocialSecurityNumber

LocaleFlagsEnabled

FALSE

Enables or disables displaying country flags in the locale picker

LocalePickerEnabled

TRUE

Enables or disables the language picker in the user interface

LocaleRecordingMode

TRUE

Tells the system to record locale keys that are being used

LocalizationDefaultLocale

en-US

Default Fallback Locale

LoginAfterXFailsShowCaptcha

4

After x failures on the login page show the CAPTCHA

LoginLookupAccountByPersonLogonNameToValidatePassword

TRUE

Attempt to validate the password against each of the person's accounts that belong to an Account Store where pass-through authentication is enabled

LoginNameEnableGenerate

TRUE

Enables the Generate endpoint of the LoginName

LoginPageAccountUnlockEnabled

TRUE

Specifies whether or not the account unlock button is enabled on the login page

LoginPageBotEnabled

TRUE

Enable the chat with bot button on the login page

LoginPageConsumerSelfRegisterEnabled

FALSE

Specifies whether or not the self register button is enabled on the login page

LoginPageemaillostusernameEnabled

TRUE

Specifies whether or not mail to username is enabled on the login page

LoginPagePartnerSelfRegisterEnabled

TRUE

Specifies whether or no the partner self register page is enabled on the login page

LoginPagepasswordresetcenterEnabled

TRUE

Specifies whether or not password reset center is enabled on the login page

LoginPageRequestOathTokenEnabled

TRUE

Specifies whether or not request oath token is enabled on the login page

LoginPageSupplierCompanyRegistrationEnabled

TRUE

Specifies whether or not the Supplier Company Registration link is enabled on the login page

MaximumLoginTravelSpeed

450

Maximum Login Travel Speed

MessageBusSettings

[{Id:8f0cade0-99d0-43f5-96e8-b0bbdc8bea7a,PluginType:Syslog,MessageEntryType:Error,ConnectionString:192.168.254.138:514,AuxiliarySettings:{Publisher:null,Subscriber:null,Topic:null}},{Id:55fb5db1-4c65-4070-9307-f038393c7f3a,PluginType:Syslog,MessageEntryType:Information,ConnectionString:192.168.254.138:514,AuxiliarySettings:{Publisher:null,Subscriber:null,Topic:null}}]

MobileClientOAuthApplicationID

A05391D2-D4B0-49F5-9D3B-A8AF009B7247

EmpowerID Mobile Client OAuthProviderApplicationID

OathTokenIssuerName

EmpowerID Dev

Name of the Oath Token Issuer

OAuth_IISAppName

OAuth

OAuthConsumerGUID

91A7642F-0313-4496-9125-D4DB2782D111

OAuth connection for Twilio API access

OwnerRequiredAssigneeTypeID

1

For Responsible Party control - OwnerRequiredAssigneeTypeID - set a value to only allow that type to be assigned - 1 Person 2 Account 3 Group 4 Business Role and Location 5 Management Role 7 Query-Based Collection

PA-BusinessRoleDetails-Custom1

CustomAttribute1,CustomAttribute2,CustomAttribute3,CustomAttribute4,CustomAttribute5,CustomAttribute6,CustomAttribute7,CustomAttribute8,CustomAttribute9,CustomAttribute10

Page attributes for Business Role viewone page custom attributes 1-10

PA-BusinessRoleDetails-Custom11

CustomAttribute11,CustomAttribute12,CustomAttribute13,CustomAttribute14,CustomAttribute15,CustomAttribute16,CustomAttribute17,CustomAttribute18,CustomAttribute19,CustomAttribute20

Page attributes for Business Role viewone page custom attributes 11-20

PA-BusinessRoleDetails-Extension1

ExtensionAttribute1,ExtensionAttribute2,ExtensionAttribute3,ExtensionAttribute4,ExtensionAttribute5,ExtensionAttribute6,ExtensionAttribute7,ExtensionAttribute8,ExtensionAttribute9,ExtensionAttribute10

Page attributes for Business Role viewone page extension attributes 1-10

PA-BusinessRoleDetails-Extension11

ExtensionAttribute11,ExtensionAttribute12,ExtensionAttribute13,ExtensionAttribute14,ExtensionAttribute15,ExtensionAttribute16,ExtensionAttribute17,ExtensionAttribute18,ExtensionAttribute19,ExtensionAttribute20

Page attributes Business Role viewone page extension attributes 11-20

PA-BusinessRoleLocationDetails-Custom1

CustomAttribute1,CustomAttribute2,CustomAttribute3,CustomAttribute4,CustomAttribute5,CustomAttribute6,CustomAttribute7,CustomAttribute8,CustomAttribute9,CustomAttribute10

Page attributes for Business Role Location viewone page custom attributes 1-10

PA-BusinessRoleLocationDetails-Custom11

CustomAttribute11,CustomAttribute12,CustomAttribute13,CustomAttribute14,CustomAttribute15,CustomAttribute16,CustomAttribute17,CustomAttribute18,CustomAttribute19,CustomAttribute20

Page attributes for Business Role Location viewone page custom attributes 11-20

PA-BusinessRoleLocationDetails-Extension

ExtensionAttribute1,ExtensionAttribute2,ExtensionAttribute3,ExtensionAttribute4,ExtensionAttribute5,ExtensionAttribute6,ExtensionAttribute7,ExtensionAttribute8,ExtensionAttribute9,ExtensionAttribute10,ExtensionAttribute11,ExtensionAttribute12,ExtensionAttribute13,ExtensionAttribute14,ExtensionAttribute15

Page attributes for Business Role Location viewone page extension attributes 1-15

Page-PersonDetails-ManageTab-ShowRow1

TRUE

Page-PersonDetails-ShowRow1 to show the first row of attributes

Page-PersonDetails-ManageTab-ShowRow2

FALSE

Page-PersonDetails-ShowRow2 to show the 2nd row of attributes

Page-PersonDetails-ManageTab-ShowRow3

TRUE

Page-PersonDetails-ShowRow3 to show the 3rd row of attributes

Page-PersonDetails-ManageTab-ShowRow4

TRUE

Page-PersonDetails-ShowRow4 to show the 4th row of attributes

PA-GroupDetails-Custom1

CustomAttribute1,CustomAttribute2,CustomAttribute3,CustomAttribute4,CustomAttribute5,CustomAttribute6,CustomAttribute7,CustomAttribute8,CustomAttribute9,CustomAttribute10

Page attributes for Group Viewone Custom attributes 1-10

PA-GroupDetails-Custom11

CustomAttribute11,CustomAttribute12,CustomAttribute13,CustomAttribute14,CustomAttribute15,CustomAttribute16,CustomAttribute17,CustomAttribute18,CustomAttribute19,CustomAttribute20

Page attributes for Group Viewone Custom attributes 11-20

PA-GroupDetails-Extension1

ExtensionAttribute1,ExtensionAttribute2,ExtensionAttribute3,ExtensionAttribute4,ExtensionAttribute5,ExtensionAttribute6,ExtensionAttribute7,ExtensionAttribute8,ExtensionAttribute9,ExtensionAttribute10

Page attributes for Group Viewone extension attributes 1-10

PA-GroupDetails-Extension11

ExtensionAttribute11,ExtensionAttribute12,ExtensionAttribute13,ExtensionAttribute14,ExtensionAttribute15,ExtensionAttribute16,ExtensionAttribute17,ExtensionAttribute18,ExtensionAttribute19,ExtensionAttribute20

Page attributes for Group Viewone extension attributes 11-20

PA-LocationDetails-Custom1

CustomAttribute1,CustomAttribute2,CustomAttribute3,CustomAttribute4,CustomAttribute5,CustomAttribute6,CustomAttribute7,CustomAttribute8,CustomAttribute9,CustomAttribute10

Location viewone page attributes custom attributes 1-10

PA-LocationDetails-Custom11

CustomAttribute11,CustomAttribute12,CustomAttribute13,CustomAttribute14,CustomAttribute15,CustomAttribute16,CustomAttribute17,CustomAttribute18,CustomAttribute19,CustomAttribute20

Location viewone page attributes custom attributes 11-20

PA-LocationDetails-Extension1

ExtensionAttribute1,ExtensionAttribute2,ExtensionAttribute3,ExtensionAttribute4,ExtensionAttribute5,ExtensionAttribute6,ExtensionAttribute7,ExtensionAttribute8,ExtensionAttribute9,ExtensionAttribute10

Location viewone page attributes extension attribute 1-10

PA-LocationDetails-Extension11

ExtensionAttribute11,ExtensionAttribute12,ExtensionAttribute13,ExtensionAttribute14,ExtensionAttribute15,ExtensionAttribute16,ExtensionAttribute17,ExtensionAttribute18,ExtensionAttribute19,ExtensionAttribute20

Location viewone page attributes extension attributes 11-20

PA-ManagementRoleDetails-Extension1

ExtensionAttribute1,ExtensionAttribute2,ExtensionAttribute3,ExtensionAttribute4,ExtensionAttribute5,ExtensionAttribute6,ExtensionAttribute7,ExtensionAttribute8,ExtensionAttribute9,ExtensionAttribute10

Management role viewone page attributes extension attributes 1-10

PA-ManagementRoleDetails-Extension11

ExtensionAttribute11,ExtensionAttribute12,ExtensionAttribute13,ExtensionAttribute14,ExtensionAttribute15,ExtensionAttribute16,ExtensionAttribute17,ExtensionAttribute18,ExtensionAttribute19,ExtensionAttribute20

Management Role viewone page attributes extension attributes 11-20

PAMMFAEnabled

TRUE

Enable or disable Multi-Factor Authentication options for Privileged Access Management

PAMOtherAccessOptionsEnabled

FALSE

Hides or shows other access request methods - like Request Elevation to local admin or a temp local admin account

PA-PersonDetails-Activity-Advanced

ValidFrom,ValidUntil,PersonOrganizationStatusFriendlyName,TerminationBusinessProcessTaskID,AllowLoginOnlyUsingOwnedAccount,PasswordManagerPolicyID,ProfileManagerLastUpdated,AgreementVersion,RiskFactorTotal,RiskFactorLastCalculated,PersonUsageTypeFriendlyName,IsPrivPersonForPersonID,CreatedDate,ModifiedDate

PA-PersonDetails-Activity-Advanced

PA-PersonDetails-Activity-General

Active,LockedUntil,Login,LastLoginDate,PersonPasswordExpirationDate,LastPasswordChangedDate,MustChangePasswordOnNextLogin,PersonEnrolled,LastEnrollmentTime,IsOutOfOffice

PA-PersonDetails-Activity-General

PA-PersonDetails-Advanced

Active,LockedUntil,PersonProofingStatusFriendlyName,ValidFrom,ValidUntil,ValidUntilExtended,PersonOrganizationStatusFriendlyName,TerminationBusinessProcessTaskID,AllowLoginOnlyUsingOwnedAccount,AllowAttributeSync,AllowPasswordOperations,PasswordManagerPolicyID,PasswordManagerLockedUntil,ProfileManagerLastUpdated,AgreementVersion,RiskFactorTotal,RiskFactorLastCalculated,PersonID,CreatedDate,ModifiedDate,ResourceID,PreviousPersonManagerID,FuturePersonManagerID,GeneratedFromAccountID

PA-PersonDetails-Advanced

PA-PersonDetails-Contact

Telephone,MobilePhone,Fax,Email,PersonalEmail,Address

PA-PersonDetails-Contact

PA-PersonDetails-Extension1

ExtensionAttribute1,ExtensionAttribute2,ExtensionAttribute3,ExtensionAttribute4,ExtensionAttribute5,ExtensionAttribute6,ExtensionAttribute7,ExtensionAttribute8,ExtensionAttribute9,ExtensionAttribute10

PA-PersonDetails-Extension1

PA-PersonDetails-Extension11

ExtensionAttribute11,ExtensionAttribute12,ExtensionAttribute13,ExtensionAttribute14,ExtensionAttribute15,ExtensionAttribute16,ExtensionAttribute17,ExtensionAttribute18,ExtensionAttribute19,ExtensionAttribute20

PA-PersonDetails-Extension11

PA-PersonDetails-General

Login,LocaleFriendlyName,DefaultHomePage,AboutMe,Notes,LastLoginDate,PersonPasswordExpirationDate,LastPasswordChangedDate,MustChangePasswordOnNextLogin,PersonEnrolled,LastEnrollmentTime,IsOutOfOffice,MiddleName,SecondLastName,BirthName,PersonalTitle,IsExternal,EmployeeID,EmployeeIDOther,JobCode

PA-PersonDetails-General

PA-PersonDetails-LegalEntity

LegalEntityCountryName,BranchName,BranchLocationPOID,BranchLocationCityKey,DivisionShortName,ContractTypeName,UnitShortName

Page attributes for view one person details page manage tab

PA-PersonDetails-PositionInfo

MainPosition,PositionCity,PositionCountry,PositionUnitKey,PositionUnitName,Assistant,TitleShortName,TWCodeShortName,TWCodeName,TWCodeGroup

Page attributes for person details page manage tab 

PA-PersonDetails-Report-Authentication

RequireSecondFactor,LoginRequireDeviceRegistration,AllowLoginOnlyUsingOwnedAccount,AllowAttributeSync,AllowPasswordOperations,PasswordManagerPolicyID,AgreementVersion

PA-PersonDetails-Report-Authentication

PA-PersonDetails-Report-General

Active,LockedUntil,ValidFrom,ValidUntil,PersonOrganizationStatusFriendlyName,TerminationBusinessProcessTaskID,ProfileManagerLastUpdated,RiskFactorTotal,RiskFactorLastCalculated,IsPrivPersonForPersonID,PersonID,CreatedDate,ModifiedDate,ResourceID

PA-PersonDetails-Report-General

PA-PersonDetails-Work

Title,Department,Office,Company,Location

PA-PersonDetails-Work

PA-RecertAttestationPersonDirectDetails-Contact

Email,Telephone,MobilePhone,Fax,PersonalEmail,Address

PA-RecertAttestationPersonDirectDetails-Contact

PA-RecertAttestationPersonDirectDetails-Work

Title,Department,Office,Company,Location,OrgRoleOrgZoneFriendlyName

PA-RecertAttestationPersonDirectDetails-Work

PA-ViewSelf-ActivityHistory-Advanced

ValidFrom,ValidUntil,PersonOrganizationStatusFriendlyName,TerminationBusinessProcessTaskID,LoginRequireDeviceRegistration,RequireSecondFactor,AllowLoginOnlyUsingOwnedAccount,PasswordManagerPolicyID,ProfileManagerLastUpdated,AgreementVersion,RiskFactorTotal,RiskFactorLastCalculated,IsPrivPersonForPersonID,CreatedDate,ModifiedDate

View self page activity history tab advanced section attributes

PA-ViewSelf-Advanced

Active,LockedUntil,ValidFrom,ValidUntilLocalTime,PersonOrganizationStatusFriendlyName,TerminationBusinessProcessTaskID,AllowLoginOnlyUsingOwnedAccount,AllowAttributeSync,AllowPasswordOperations,PasswordManagerPolicyID,PasswordManagerLockedUntil,ProfileManagerLastUpdated,AgreementVersion,RiskFactorTotal,RiskFactorLastCalculated,IsPrivPersonForPersonID,PersonID,CreatedDate,ModifiedDate,ResourceID

View self Report tab advanced section attributes

PA-ViewSelf-Authentication

RequireSecondFactor,LoginRequireDeviceRegistration,AllowLoginOnlyUsingOwnedAccount,AllowAttributeSync,AllowPasswordOperations,PasswordManagerPolicyID,AgreementVersion

View self page report tab authentication attributes

PA-ViewSelf-Contact

Telephone,MobilePhone,Fax,Email,PersonalEmail,Address

Viewself contact section attributes

PA-ViewSelf-Extension1

ExtensionAttribute1,ExtensionAttribute2,ExtensionAttribute3,ExtensionAttribute4,ExtensionAttribute5,ExtensionAttribute6,ExtensionAttribute7,ExtensionAttribute8,ExtensionAttribute9,ExtensionAttribute10

View self page report tab extension attributes 1-11

PA-ViewSelf-Extension11

ExtensionAttribute11,ExtensionAttribute12,ExtensionAttribute13,ExtensionAttribute14,ExtensionAttribute15,ExtensionAttribute16,ExtensionAttribute17,ExtensionAttribute18,ExtensionAttribute19,ExtensionAttribute20

View self page report tab extension attributes 11-20

PA-ViewSelf-General

Active,LockedUntil,Login,LastLoginDate,PersonPasswordExpirationDate,LastPasswordChangedDate,MustChangePasswordOnNextLogin,PersonEnrolled,LastEnrollmentTime,IsOutOfOffice

View self page activity tab general section attributes

PA-ViewSelf-Work

Title,Department,Office,Company,Location,PersonManagerName

View self work section attributes

PreferredCountry

us,de,ch

Enter the country short codes one after the other in the above format to set them as the preferred countries to show at the top of the drop-down list in the International Telephone Input field.

PSMAWSBucketName

Privileged Session Manager Amazon AWS S3 bucket to store recordings

PSMAWSRegionEndpoint

Privileged Session Manager Amazon AWS region for S3 bucket to store recordings

PSMAzureBucketName

Recordings

Privileged Session Manager Azure bucket name to store recordings

PSMClientKey

bcb5909d-a600-413c-a9a3-406afa551307

Privileged Session Manager OAuth Client API key for ClickOnce client

PSMClientURL

https://rdp.empowersso.com/start

URL for Privileged Session Manager clickonce client Manticore  https://s3.amazonaws.com/manticoredevrick/SecureAccessGateway.application /  https://54.146.165.121/myrtille

PSMClientURLDefault

https://gatewayprod.empoweriam.com

Gateway PROD RDP Manticore v2.0

PSMEnabled

TRUE

Determines whether the Privileged Session Manager RDP proxy is enabled in the user interface for this installation

PSMOAuthConsumerGUID

3a2a8bc2-7d90-4930-a589-3a061ae234cb

Privileged Session Manager RDP client OAuth credentials for Amazon AWS account for storing recordings

PSMRecordKeyStrokes

TRUE

Determines whether recordings are captured for the privileged session manager

PSMStorageMode

AZURE

Determines whether recordings are stored on AWS, AZURE, or in a UNC network folder location.

PSMUNCStorageLocation

When PSMStorageMode is set to UNC, the UNC path to a network folder for storage of recordings

PublishToAzureConnectionString

PublishToStorage

PublishToTFSLocalPath

PublishToTFSPath

PublishToTFSURL

PublishToUNC

ReCaptchaAuthConsumerGUID

d68cbddb-a2a8-4de3-8daf-f1ff7f999134

Google API key and secret for Recaptcha

Recertification-AllowSelectSuggestedRole

FALSE

Allow selection of a suggested Business Role and Location when revoking a recertification

Recertification-AutoProcessBusinessRoleAndLocationRevocations

TRUE

Enable auto delete business Role and Location re-certification revocations

Recertification-EnableConditionalApproval

FALSE

Enables the decision button for conditional approval where a time constraint must be selected

Recertification-ShowCertifierPhoto

TRUE

Shows or hides the current certifier photo on the Manager review screen

RemoveDiacriticsForEmailAndAlias

FALSE

RemoveDiacriticsForEmailAndAlias_ReplaceEszett

FALSE

RestrictCountries

ad, ae, af, ag, ai, al, am, an, ao, aq, ar, as, at, au, aw, ax, az, ba, bb, bd, be, bf, bg, bh, bi, bj, bl, bm, bn, bo, br, bs, bt, bv, bw, by, bz, ca, cc, cd, cf, cg, ch, ci, ck, cl, cm, cn, co, cr, cu, cv, cx, cy, cz, de, dj, dk, dm, do, dz, ec, ee, eg, eh, er, es, et, fi, fj, fk, fm, fo, fr, ga, gb, gd, ge, gf, gg, gh, gi, gl, gm, gn, gp, gq, gr, gs, gt, gu, gw, gy, hk, hm, hn, hr, ht, hu, id, ie, il, im, in, io, iq, ir, is, it, je, jm, jo, jp, ke, kg, kh, ki, km, kn, kp, kr, kw, ky, kz, la, lb, lc, li, lk, lr, ls, lt, lu, lv, ly, ma, mc, md, me, mf, mg, mh, mk, ml, mm, mn, mo, mp, mq, mr, ms, mt, mu, mv, mw, mx, my, mz, na, nc, ne, nf, ng, ni, nl, no, np, nr, nu, nz, om, pa, pe, pf, pg, ph, pk, pl, pm, pn, pr, ps, pt, pw, py, qa, re, ro, rs, ru, rw, sa, sb, sc, sd, se, sg, sh, si, sj, sk, sl, sm, sn, so, sr, ss, st, sv, sy, sz, tc, td, tf, tg, th, tj, tk, tl, tm, tn, to, tr, tt, tv, tw, tz, ua, ug, um, us, uy, uz, va, vc, ve, vg, vi, vn, vu, wf, ws, ye, yt, za, zm, zw

Represents the array of countries that are allowed to show up in the International Telephone Input field. Remove the countries you don't want on the drop-down list.

RMQAssemblyType

TheDotNetFactory.Framework.RMQueue.RabbitMQ.dll

RMQConnectionString

RunEmpowerIDJobAsync

TRUE

RunWorkflowLocally

TRUE

Global setting to determine if workflow should run in UI w3p 

SignUpInitialCountry

ch

The Initial country for the Telephone input field in the sign up page. The value needs to be two letter short for the country according to the TelInput index eg. Central African Republic - cf | Chile - cl | Cambodia - kh

SyncOffice365License

FALSE

Optionally synch O365 to ExtensionAttribute23 of the account

TaskRenotificationEmailIsBulk

FALSE

If set to true and when no custom email template exists, default task re-notification bulk email will be sent in bulk

TerminatePersonAdvancedInitiator

2

PersonID for initiator of the TerminatePersonAdvance workflow which is called by a permanent workflow for people whose ValidUntil has expired.

TwilioFromPhone

1.61E+10

The from phone number used in twilio communications

TwilioMessagingServiceID

ID of the messaging service being used to send SMS//MG0d8f5224acb980fd5ac52054f9ced3a1

TwilioOTPAppName

Twilio

The name of the Twilio OAuth Application whose credentials are being used to send SMS and Voice messages

TwilioProviderAssemblyQualifiedName

TheDotNetFactory.Framework.Api.Operations.Services.TwilioDirectProvider, TheDotNetFactory.Framework.Api.Operations, Version=0.0.0.0

The provider that will handle sending twilio communications

TwilioRemoteProviderHost

http://localhost:13943/api/twilio

If using the remote twilio provider, this is the url that is used to connect to the remote provider

UseTwilioMessagingService

FALSE

To use Twilio Messaging service to send SMS and Voice, set to True.

WebCdnPath

c:\source\EID\2014HF\Root\UI\Web Sites\EmpowerID.Web\EmpowerID.Web.Cdn

WebUIRuntimeCacheTimeout

20

The Sliding Expiration Timeout for HTTP Runtime Cache data in the EmpowerID Web UI in minutes

WorkflowDataFactory

SQL

This setting specifies the storage location for workflow instance data. There are two possible values, SQL and Azure.

• SQL — Workflow instance data is stored in the EmpowerID SQL-based Identity Warehouse

• Azure — Workflow instance data is stored in Azure blob; if selected, the connection string to the Azure blob must be added as the value of the AzureWFDataConnectionString setting.
  
  

YubicoOTPApiKey

Yubico OTP API Key

YubicoOTPClientID

Yubico OTP ClientID