You are viewing an earlier version of the admin guide. For the latest version, please visit EmpowerID Admin Guide v7.211.0.0.
EmpowerID System Settings
You can use system settings to control many aspects of EmpowerID behavior.
How to change values for any of the system settings
On the navbar expand Infrastructure Admin, then EmpowerID Servers and Settings, and select EmpowerID System Settings.
On the EmpowerID System Settings page, search for the setting that you want to change and click the Edit icon to its left.
In the dialog that appears, you can edit the Value and Description fields, and select whether to Encrypt Data for the setting value. If selected, users cannot view or recover the data within the UI.
After making changes, click Save.
The following table provides the name, default value, and description for each system setting, as well as links to any further information about the setting.
Name | Default Value | Description |
---|---|---|
ABACHighRiskScore | 10000 | Threshold Risk Score to be used in ABAC rules |
AccountInboxFilterToExcludeFromJoin | N/A | Select query to exclude the AccountIDs from getting joined /* Select AccountID from xyz*/ |
AccountInboxFilterToExcludeFromPersonProvision | N/A | Select query to exclude the AccountIDs from getting provisioned /* Select AccountID from xyz*/ |
AccountInboxJoinAndProvisionFilter | A.PersonID IS NULL AND A.Disabled = 0 AND A.Deleted = 0 AND A.AccountTypeID 2 AND A.AccountUsageTypeID = 1 AND LENA.FirstName 0 AND LENA.LastName 0 | Filter for join and provision, only accounts matching the criteria will be included. This filter appends to the AccountInboxJoinFilter for join and to AccountInboxProvisionFilter for provision see AccountInboxing_GetJoinAndProvisionFilter for sample of how to extend |
AccountInboxJoinByBirthDateFirstNameLastName | TRUE | If turned on, the join rule will try to join new discovered accounts to people, based on matches on those fields |
AccountInboxJoinByCustomMatch | /* -- this is a sample of how to extend the join rules with custom logic. There would be two extra rules to join by Department and City/State --uncomment the outer comment to make it active --retrieve personID by Department, first and last name UPDATE A SET A.PersonID = PJoined.PersonID, A.AttributeJoinedBy ='Department' FROM #Accounts A INNER JOIN SELECT MINP.PersonID PersonID, P.Department , P.LastName , P.FirstName FROM Person P WITH NOLOCK WHERE P.Department IS NOT NULL AND P.PersonID 3 GROUP BY P.Department, P.LastName , P.FirstName HAVING COUNT1=1 PJoined ON PJoined.Department = A.Department AND PJoined.LastName = A.LastName AND PJoined.FirstName = A.FirstName WHERE A.PersonID IS NULL --retrieve personID by City and State, first and last name UPDATE A SET A.PersonID = PJoined.PersonID, A.AttributeJoinedBy ='City and State' FROM #Accounts A INNER JOIN SELECT MINP.PersonID PersonID, P.City ,P.State, P.LastName, P.FirstName FROM Person P WITH NOLOCK WHERE P.City IS NOT NULL AND P.State IS NOT NULL AND P.PersonID 3 GROUP BY P.City ,P.State, P.LastName , P.FirstName HAVING COUNT1=1 PJoined ON PJoined.City = A.City AND PJoined.State = A.State AND PJoined.LastName = A.LastName AND PJoined.FirstName = A.FirstName WHERE A.PersonID IS NULL */ | Extra custom rule/s that run at the end of the join rules by executing the SQL. It has to follow the sample code |
AccountInboxJoinByEmailFirstNameLastName | TRUE | If turned on, the join rule will try to join new discovered accounts to people, based on matches on those fields |
AccountInboxJoinByEmployeeIDFirstNameLastName | TRUE | If turned on, the join rule will try to join new discovered accounts to people, based on matches on those fields |
AccountInboxJoinByPersonalEmailFirstNameLastName | TRUE | If turned on, the join rule will try to join new discovered accounts to people, based on matches on those fields |
AccountInboxJoinFilter | A.AllowJoin = 1 | Filter for join, only accounts matching the criteria will be included. This filter appends to the AccountInboxJoinAndProvisionFilter see AccountInboxing_GetJoinFilter for sample of how to extend |
AccountInboxProvisionFilter | A.AllowProvision = 1 AND EXISTSSELECT 1 FROM AccountStore S WHERE A.AccountStoreID = S.AccountStoreID AND S.AllowPersonProvisioning = 1 | Filter for PROVISION, only accounts matching the criteria will be included. This filter appends to the AccountInboxJoinAndProvisionFilter see AccountInboxing_GetProvisionFilter for sample of how to extend |
ADUserCreatePostProcessingAlertEnabled | FALSE | Global Setting to Enable or Disable ADUserCreatePostProcessingAlert |
AllowSetMustChangePasswordAtNextLogon | TRUE | Allow Set Must Change Password At Next Logon |
AllowWebApiMethodInvokeProfiling | TRUE | |
AllowWebApiMethodInvokesWithoutCheck | TRUE | |
API_IISAppName | API | |
ApplicationLauncherOAuthConsumerGUID | f0ade541-52d1-4f60-9201-f58e9dc8f7fb | |
ApplicationLauncherOAuthProviderApplicationGUID | 25629B1D-1585-4D19-A58F-A74D00EA30B0 | |
ApplicationLauncherSamlConnectionID | 1 | |
ApplicationLauncherServiceProviderGuid | ||
Azure-AuthorizationRule | MyPolicy1 | |
Azure-ClientID | ||
Azure-ClientSecret | ||
AzureCosmosWFDataAuthKey | ||
AzureCosmosWFDataSerivceEndPoint | https://eidtest.documents.azure.com:443/ | |
Azure-DataCenterLocation | ||
AzureJobEngineDataConnectionString | ||
AzureManticoreConnectionString | Azure Manticore Storage Container Connection String | |
AzureManticoreContainerName | manticore | The Azure container which holds the session recordings |
AzureNotificationHubConnectionString | Azure Notification Hub Connection String | |
AzureNotificationHubName | Azure Notification Hub Name | |
Azure-Relay | eidtest10 | |
Azure-RelayNamespace | tenantDRelay | |
Azure-ResourceGroup | JobEngine | |
AzureSPOCosmosDocumentDBAuthKey | ||
AzureSPOCosmosDocumentDBServiceEndPointUrl | https://eidtest.documents.azure.com:443/ | |
AzureSPOTableDBStorageDataConnectionString | ||
Azure-SubscriptionID | ||
Azure-TenantID | ||
AzureWebJobDataConnectionString | DefaultEndpointsProtocol=https;AccountName=eidazurejobengine;AccountKey=kNGSID50BEmwdInwNwbOyFmzrO+M/PggUHkSU5Nb9xq/ACzFj0CWn4H5SNALMY17TKJFz7qbnVa8qojP25dVhw==;EndpointSuffix=core.windows.net | |
AzureWebJobHost | FALSE | |
AzureWFDataConnectionString | N/A | Specifies the Azure blob connection string when storing workflow data instance in Azure blob. When using Azure blob, the value of the WorkflowDataFactory setting must be updated from SQL to Azure. |
BOTEnableBot | FALSE | Enables the EmpowerID Bot |
BOTSecret | SI6PAkoG9cY.cwA.lko.Ysq1FIFhEkhAcYelcIkZyaHWkm6kJr0LeiE_JiafgvA | Secret for the EmpowerID bot |
BOTUrl | https://webchat.botframework.com/embed/EmpowerIDBot1 | Url of the EmpowerID Bot |
Captcha-HideAndSkipValidationGloballyForTesting | FALSE | Hide Captcha And Skip Captcha Validation Globally For Testing |
ConsumerSelfRegisterEnabled | TRUE | Consumer Self Registration setting to skip person registration in workflow if set to false |
CoreIdentityProvisionLogic | Enter custom Core Identity provisioning logic | |
CountryISOAlpha2Code | US | Country ISO Alpha 2 code used to mask phone numbers during MFA. Refer to http://www.nationsonline.org/oneworld/country_code_list.htm |
DeviceRegistrationCookieExpirationInDays | 15 | Expiration days of the device registration cookie |
DisableCartCommentRequired | TRUE | DisableCartCommentRequired |
DisableCrossPackagePublishCheck | FALSE | |
DUOAPIHostname | ||
DUOIntergrationKey | ||
DUOSecretKey | ||
EidAuthenticationPassphrase | 761a0e0e0330439286d0a739c7d7553b | |
EidAuthenticationSalt | 016fc391fef14cf0a11e03a7b0814e7c | |
EIDBrowserExtensionChromeID | ompmlbphcpnjopgdoknaibgjagocjbbe | ID of the latest Chrome Browser Extension in the Chrome Store |
EIDBrowserExtensionFFInstallPath | http://www.empowerID.com | Path to the installation location of the Firefox SSO Browser Extension |
EIDBrowserExtensionIEInstallPath | http://crossrider.com/download/ie/81138 | Path to the installation location of the Internet Explorer SSO Browser Extension |
EIDBrowserExtensionVersion | 81138 | ID of the Browser Extension version used to build the URL for download and installation |
EidCdnEnableResourceCheckCache | FALSE | |
EidCdnServerUrl | /EmpowerIDWebCDN | |
EidChromeFrameIEVersion | 8 | |
EidEnableLocalizationDebugging | FALSE | |
EidIdPSessionTimeout | 480 | IdP Portal Session Timeout in minutes |
EidInstallationGUID | a32dd358-317b-4c84-bf10-a145236387c5 | |
EidLoginAfterXFailsShowCaptcha | 4 | After x failures on the login page show the CAPTCHA |
EidMaxReportResults | 500000 | Maximum number of results allowed in the email me as report feature |
EidMultiFactorRetryLimit | 3 | Number of times to retry two-factor authentication before reverting to login page |
EidPasswordlessLoginEnabled | TRUE | Option to enable/disable PasswordlessLogin option on the login page |
EIDPersonExpirationNotificationDaysBefore | 21 | How many days to notify before person expires. Used by PersonExpirationNotification permanent WF |
EIDPushNotificationTimeout | 30 | EmpowerID push notification and registration timeout in seconds |
EmailApprovalByEmailEnabled | FALSE | |
EmailEWSEmailProviderMailboxAccountID | ||
EmailEWSEmailProviderMailServerURL | ||
EmailGlobalBCCRecipient | Sends a copy of every email to the specified email address in any mode as a BCC. | |
EmailSmtpEmailProviderFromAddress | Default from address for all EmpowerID notifications | |
EmailSmtpEmailProviderMailboxAccountID | AccountID of an account that has a vaulted password to be used for authenticated send email | |
EmailSmtpEmailProviderMailServer | dc-exch.addomain.com | Email Server used to send out EmpowerID System email messages |
EmailSmtpEmailProviderUseSSL | TRUE | Use SSL for SMTP |
EmailSmtpPortNumber | 25 | SMTP Port for TLS |
EmailSmtpUseTLS | TRUE | if true and EmailSmtpEmailProviderUseSSL is true, EID uses TLS to connect to the smtp server |
EmailTestMode | FALSE | If true, sends all emails to a specific email address in the EmailTestModeGlobalRecipient settings. |
EmailTestModeGlobalRecipient | Sends a copy of every email to the specified email address in any mode as a recipient. | |
EmpowerID_IISAppName | EmpowerID | |
EmpowerIDWebCDN_IISAppName | EmpowerIDWebCDN | |
EmpowerIDWebIdPForms_IISAppName | EmpowerIDWebIdPForms | |
EmpowerIDWebIdPSmartCard_IISAppName | EmpowerIDWebIdPSmartCard | |
EmpowerIDWebIdPWindows_IISAppName | EmpowerIDWebIdPWindows | |
EmpowerIDWebIdPWSFederation_IISAppName | EmpowerIDWebIdPWSFederation | |
EmpowerIDWebReports_IISAppName | EmpowerIDWebReports | |
EnableBulkRecertification | FALSE | Enables or disables the ability to make a bulk decision for multiple recertification items |
EnableCookieSecureAttribute | TRUE | Flag to enable/disable secure attribute on all the cookies |
EnableRMQServer | FALSE | |
EnableWorkflowRedirectUrl | FALSE | Enables the redirecturl functionality of workflows |
EnvironmentHeaderMessage | Displays a system-wide message at the top banner | |
GoogleMapsAPIKey | AIzaSyAiqp4HyDyFGg6SPad8gAa-hv-eFQz7FwA | API Key that is used with google maps |
GoogleRecaptchaSiteVerifyUrl | https://www.google.com/recaptcha/api/siteverify | Verify url for google recaptcha cannot contain a querystring |
HelpLoginMenuLink | https://docs.empowerid.com/ | Link to external help |
HelpMFALink | https://dotnetworkflow.jira.com/wiki/spaces/E2D/pages/87851239/Multifactor+Authentication | Help link for end user multi-factor authentication |
IdPCacheRefreshInterval | 0 | The interval used to refresh the internal IdP cache for Single Sign On data. If set to ZERO, this setting is DISABLED. |
IdPRuntimeCacheTimeout | 10 | CAUTION: This values should be between 1 and 525,600. The Sliding Expiration Timeout for HTTP Runtime Cache data in the EmpowerID Web IdPs in minutes |
InventorySalesForceAccount | FALSE | setting to verify if account object should be inventoried or not |
IpInfoAccessToken | IpInfo Access Token | |
ITShopIManageGrpAccountMode | TRUE | In IT Shop Resources I manage show the simple mode group account grid not RBAC delegation control |
ITShopIManageGrpRBACSimpleMode | TRUE | In IT Shop Resources I manage show the RBAC delegation control in simple mode |
ITShopMyAccessShowExpiresXDays | 30 | Setting to control which expiring access shows to the user. Only access expiring in X days. |
JoinToCIByBirthDateFirstNameLastName | FALSE | Set this value to true if you want to join Person to Core Identity by FirstName, LastName and DateOfBirth. |
JoinToCIByFirstNameLastName | TRUE | Set this value to true if you want to join Person to Core Identity by FirstName and LastName. |
JoinToCICustomMatchAttributes | Enter a comma separated list of the attributes that should be used to join Person to Core Identity. For example: to join by DateOfBirth and SSN enter: DateOfBirth, SocialSecurityNumber | |
LocaleFlagsEnabled | FALSE | Enables or disables displaying country flags in the locale picker |
LocalePickerEnabled | TRUE | Enables or disables the language picker in the user interface |
LocaleRecordingMode | TRUE | Tells the system to record locale keys that are being used |
LocalizationDefaultLocale | en-US | Default Fallback Locale |
LoginAfterXFailsShowCaptcha | 4 | After x failures on the login page show the CAPTCHA |
LoginLookupAccountByPersonLogonNameToValidatePassword | TRUE | Attempt to validate the password against each of the person's accounts that belong to an Account Store where pass-through authentication is enabled |
LoginNameEnableGenerate | TRUE | Enables the Generate endpoint of the LoginName |
LoginPageAccountUnlockEnabled | TRUE | Specifies whether or not the account unlock button is enabled on the login page |
LoginPageBotEnabled | TRUE | Enable the chat with bot button on the login page |
LoginPageConsumerSelfRegisterEnabled | FALSE | Specifies whether or not the self register button is enabled on the login page |
LoginPageemaillostusernameEnabled | TRUE | Specifies whether or not mail to username is enabled on the login page |
LoginPagePartnerSelfRegisterEnabled | TRUE | Specifies whether or no the partner self register page is enabled on the login page |
LoginPagepasswordresetcenterEnabled | TRUE | Specifies whether or not password reset center is enabled on the login page |
LoginPageRequestOathTokenEnabled | TRUE | Specifies whether or not request oath token is enabled on the login page |
LoginPageSupplierCompanyRegistrationEnabled | TRUE | Specifies whether or not the Supplier Company Registration link is enabled on the login page |
MaximumLoginTravelSpeed | 450 | Maximum Login Travel Speed |
MessageBusSettings | [{Id:8f0cade0-99d0-43f5-96e8-b0bbdc8bea7a,PluginType:Syslog,MessageEntryType:Error,ConnectionString:192.168.254.138:514,AuxiliarySettings:{Publisher:null,Subscriber:null,Topic:null}},{Id:55fb5db1-4c65-4070-9307-f038393c7f3a,PluginType:Syslog,MessageEntryType:Information,ConnectionString:192.168.254.138:514,AuxiliarySettings:{Publisher:null,Subscriber:null,Topic:null}}] | |
MobileClientOAuthApplicationID | A05391D2-D4B0-49F5-9D3B-A8AF009B7247 | EmpowerID Mobile Client OAuthProviderApplicationID |
OathTokenIssuerName | EmpowerID Dev | Name of the Oath Token Issuer |
OAuth_IISAppName | OAuth | |
OAuthConsumerGUID | 91A7642F-0313-4496-9125-D4DB2782D111 | OAuth connection for Twilio API access |
OwnerRequiredAssigneeTypeID | 1 | For Responsible Party control - OwnerRequiredAssigneeTypeID - set a value to only allow that type to be assigned - 1 Person 2 Account 3 Group 4 Business Role and Location 5 Management Role 7 Query-Based Collection |
PA-BusinessRoleDetails-Custom1 | CustomAttribute1,CustomAttribute2,CustomAttribute3,CustomAttribute4,CustomAttribute5,CustomAttribute6,CustomAttribute7,CustomAttribute8,CustomAttribute9,CustomAttribute10 | Page attributes for Business Role viewone page custom attributes 1-10 |
PA-BusinessRoleDetails-Custom11 | CustomAttribute11,CustomAttribute12,CustomAttribute13,CustomAttribute14,CustomAttribute15,CustomAttribute16,CustomAttribute17,CustomAttribute18,CustomAttribute19,CustomAttribute20 | Page attributes for Business Role viewone page custom attributes 11-20 |
PA-BusinessRoleDetails-Extension1 | ExtensionAttribute1,ExtensionAttribute2,ExtensionAttribute3,ExtensionAttribute4,ExtensionAttribute5,ExtensionAttribute6,ExtensionAttribute7,ExtensionAttribute8,ExtensionAttribute9,ExtensionAttribute10 | Page attributes for Business Role viewone page extension attributes 1-10 |
PA-BusinessRoleDetails-Extension11 | ExtensionAttribute11,ExtensionAttribute12,ExtensionAttribute13,ExtensionAttribute14,ExtensionAttribute15,ExtensionAttribute16,ExtensionAttribute17,ExtensionAttribute18,ExtensionAttribute19,ExtensionAttribute20 | Page attributes Business Role viewone page extension attributes 11-20 |
PA-BusinessRoleLocationDetails-Custom1 | CustomAttribute1,CustomAttribute2,CustomAttribute3,CustomAttribute4,CustomAttribute5,CustomAttribute6,CustomAttribute7,CustomAttribute8,CustomAttribute9,CustomAttribute10 | Page attributes for Business Role Location viewone page custom attributes 1-10 |
PA-BusinessRoleLocationDetails-Custom11 | CustomAttribute11,CustomAttribute12,CustomAttribute13,CustomAttribute14,CustomAttribute15,CustomAttribute16,CustomAttribute17,CustomAttribute18,CustomAttribute19,CustomAttribute20 | Page attributes for Business Role Location viewone page custom attributes 11-20 |
PA-BusinessRoleLocationDetails-Extension | ExtensionAttribute1,ExtensionAttribute2,ExtensionAttribute3,ExtensionAttribute4,ExtensionAttribute5,ExtensionAttribute6,ExtensionAttribute7,ExtensionAttribute8,ExtensionAttribute9,ExtensionAttribute10,ExtensionAttribute11,ExtensionAttribute12,ExtensionAttribute13,ExtensionAttribute14,ExtensionAttribute15 | Page attributes for Business Role Location viewone page extension attributes 1-15 |
Page-PersonDetails-ManageTab-ShowRow1 | TRUE | Page-PersonDetails-ShowRow1 to show the first row of attributes |
Page-PersonDetails-ManageTab-ShowRow2 | FALSE | Page-PersonDetails-ShowRow2 to show the 2nd row of attributes |
Page-PersonDetails-ManageTab-ShowRow3 | TRUE | Page-PersonDetails-ShowRow3 to show the 3rd row of attributes |
Page-PersonDetails-ManageTab-ShowRow4 | TRUE | Page-PersonDetails-ShowRow4 to show the 4th row of attributes |
PA-GroupDetails-Custom1 | CustomAttribute1,CustomAttribute2,CustomAttribute3,CustomAttribute4,CustomAttribute5,CustomAttribute6,CustomAttribute7,CustomAttribute8,CustomAttribute9,CustomAttribute10 | Page attributes for Group Viewone Custom attributes 1-10 |
PA-GroupDetails-Custom11 | CustomAttribute11,CustomAttribute12,CustomAttribute13,CustomAttribute14,CustomAttribute15,CustomAttribute16,CustomAttribute17,CustomAttribute18,CustomAttribute19,CustomAttribute20 | Page attributes for Group Viewone Custom attributes 11-20 |
PA-GroupDetails-Extension1 | ExtensionAttribute1,ExtensionAttribute2,ExtensionAttribute3,ExtensionAttribute4,ExtensionAttribute5,ExtensionAttribute6,ExtensionAttribute7,ExtensionAttribute8,ExtensionAttribute9,ExtensionAttribute10 | Page attributes for Group Viewone extension attributes 1-10 |
PA-GroupDetails-Extension11 | ExtensionAttribute11,ExtensionAttribute12,ExtensionAttribute13,ExtensionAttribute14,ExtensionAttribute15,ExtensionAttribute16,ExtensionAttribute17,ExtensionAttribute18,ExtensionAttribute19,ExtensionAttribute20 | Page attributes for Group Viewone extension attributes 11-20 |
PA-LocationDetails-Custom1 | CustomAttribute1,CustomAttribute2,CustomAttribute3,CustomAttribute4,CustomAttribute5,CustomAttribute6,CustomAttribute7,CustomAttribute8,CustomAttribute9,CustomAttribute10 | Location viewone page attributes custom attributes 1-10 |
PA-LocationDetails-Custom11 | CustomAttribute11,CustomAttribute12,CustomAttribute13,CustomAttribute14,CustomAttribute15,CustomAttribute16,CustomAttribute17,CustomAttribute18,CustomAttribute19,CustomAttribute20 | Location viewone page attributes custom attributes 11-20 |
PA-LocationDetails-Extension1 | ExtensionAttribute1,ExtensionAttribute2,ExtensionAttribute3,ExtensionAttribute4,ExtensionAttribute5,ExtensionAttribute6,ExtensionAttribute7,ExtensionAttribute8,ExtensionAttribute9,ExtensionAttribute10 | Location viewone page attributes extension attribute 1-10 |
PA-LocationDetails-Extension11 | ExtensionAttribute11,ExtensionAttribute12,ExtensionAttribute13,ExtensionAttribute14,ExtensionAttribute15,ExtensionAttribute16,ExtensionAttribute17,ExtensionAttribute18,ExtensionAttribute19,ExtensionAttribute20 | Location viewone page attributes extension attributes 11-20 |
PA-ManagementRoleDetails-Extension1 | ExtensionAttribute1,ExtensionAttribute2,ExtensionAttribute3,ExtensionAttribute4,ExtensionAttribute5,ExtensionAttribute6,ExtensionAttribute7,ExtensionAttribute8,ExtensionAttribute9,ExtensionAttribute10 | Management role viewone page attributes extension attributes 1-10 |
PA-ManagementRoleDetails-Extension11 | ExtensionAttribute11,ExtensionAttribute12,ExtensionAttribute13,ExtensionAttribute14,ExtensionAttribute15,ExtensionAttribute16,ExtensionAttribute17,ExtensionAttribute18,ExtensionAttribute19,ExtensionAttribute20 | Management Role viewone page attributes extension attributes 11-20 |
PAMMFAEnabled | TRUE | Enable or disable Multi-Factor Authentication options for Privileged Access Management |
PAMOtherAccessOptionsEnabled | FALSE | Hides or shows other access request methods - like Request Elevation to local admin or a temp local admin account |
PA-PersonDetails-Activity-Advanced | ValidFrom,ValidUntil,PersonOrganizationStatusFriendlyName,TerminationBusinessProcessTaskID,AllowLoginOnlyUsingOwnedAccount,PasswordManagerPolicyID,ProfileManagerLastUpdated,AgreementVersion,RiskFactorTotal,RiskFactorLastCalculated,PersonUsageTypeFriendlyName,IsPrivPersonForPersonID,CreatedDate,ModifiedDate | PA-PersonDetails-Activity-Advanced |
PA-PersonDetails-Activity-General | Active,LockedUntil,Login,LastLoginDate,PersonPasswordExpirationDate,LastPasswordChangedDate,MustChangePasswordOnNextLogin,PersonEnrolled,LastEnrollmentTime,IsOutOfOffice | PA-PersonDetails-Activity-General |
PA-PersonDetails-Advanced | Active,LockedUntil,PersonProofingStatusFriendlyName,ValidFrom,ValidUntil,ValidUntilExtended,PersonOrganizationStatusFriendlyName,TerminationBusinessProcessTaskID,AllowLoginOnlyUsingOwnedAccount,AllowAttributeSync,AllowPasswordOperations,PasswordManagerPolicyID,PasswordManagerLockedUntil,ProfileManagerLastUpdated,AgreementVersion,RiskFactorTotal,RiskFactorLastCalculated,PersonID,CreatedDate,ModifiedDate,ResourceID,PreviousPersonManagerID,FuturePersonManagerID,GeneratedFromAccountID | PA-PersonDetails-Advanced |
PA-PersonDetails-Contact | Telephone,MobilePhone,Fax,Email,PersonalEmail,Address | PA-PersonDetails-Contact |
PA-PersonDetails-Extension1 | ExtensionAttribute1,ExtensionAttribute2,ExtensionAttribute3,ExtensionAttribute4,ExtensionAttribute5,ExtensionAttribute6,ExtensionAttribute7,ExtensionAttribute8,ExtensionAttribute9,ExtensionAttribute10 | PA-PersonDetails-Extension1 |
PA-PersonDetails-Extension11 | ExtensionAttribute11,ExtensionAttribute12,ExtensionAttribute13,ExtensionAttribute14,ExtensionAttribute15,ExtensionAttribute16,ExtensionAttribute17,ExtensionAttribute18,ExtensionAttribute19,ExtensionAttribute20 | PA-PersonDetails-Extension11 |
PA-PersonDetails-General | Login,LocaleFriendlyName,DefaultHomePage,AboutMe,Notes,LastLoginDate,PersonPasswordExpirationDate,LastPasswordChangedDate,MustChangePasswordOnNextLogin,PersonEnrolled,LastEnrollmentTime,IsOutOfOffice,MiddleName,SecondLastName,BirthName,PersonalTitle,IsExternal,EmployeeID,EmployeeIDOther,JobCode | PA-PersonDetails-General |
PA-PersonDetails-LegalEntity | LegalEntityCountryName,BranchName,BranchLocationPOID,BranchLocationCityKey,DivisionShortName,ContractTypeName,UnitShortName | Page attributes for view one person details page manage tab |
PA-PersonDetails-PositionInfo | MainPosition,PositionCity,PositionCountry,PositionUnitKey,PositionUnitName,Assistant,TitleShortName,TWCodeShortName,TWCodeName,TWCodeGroup | Page attributes for person details page manage tab |
PA-PersonDetails-Report-Authentication | RequireSecondFactor,LoginRequireDeviceRegistration,AllowLoginOnlyUsingOwnedAccount,AllowAttributeSync,AllowPasswordOperations,PasswordManagerPolicyID,AgreementVersion | PA-PersonDetails-Report-Authentication |
PA-PersonDetails-Report-General | Active,LockedUntil,ValidFrom,ValidUntil,PersonOrganizationStatusFriendlyName,TerminationBusinessProcessTaskID,ProfileManagerLastUpdated,RiskFactorTotal,RiskFactorLastCalculated,IsPrivPersonForPersonID,PersonID,CreatedDate,ModifiedDate,ResourceID | PA-PersonDetails-Report-General |
PA-PersonDetails-Work | Title,Department,Office,Company,Location | PA-PersonDetails-Work |
PA-RecertAttestationPersonDirectDetails-Contact | Email,Telephone,MobilePhone,Fax,PersonalEmail,Address | PA-RecertAttestationPersonDirectDetails-Contact |
PA-RecertAttestationPersonDirectDetails-Work | Title,Department,Office,Company,Location,OrgRoleOrgZoneFriendlyName | PA-RecertAttestationPersonDirectDetails-Work |
PA-ViewSelf-ActivityHistory-Advanced | ValidFrom,ValidUntil,PersonOrganizationStatusFriendlyName,TerminationBusinessProcessTaskID,LoginRequireDeviceRegistration,RequireSecondFactor,AllowLoginOnlyUsingOwnedAccount,PasswordManagerPolicyID,ProfileManagerLastUpdated,AgreementVersion,RiskFactorTotal,RiskFactorLastCalculated,IsPrivPersonForPersonID,CreatedDate,ModifiedDate | View self page activity history tab advanced section attributes |
PA-ViewSelf-Advanced | Active,LockedUntil,ValidFrom,ValidUntilLocalTime,PersonOrganizationStatusFriendlyName,TerminationBusinessProcessTaskID,AllowLoginOnlyUsingOwnedAccount,AllowAttributeSync,AllowPasswordOperations,PasswordManagerPolicyID,PasswordManagerLockedUntil,ProfileManagerLastUpdated,AgreementVersion,RiskFactorTotal,RiskFactorLastCalculated,IsPrivPersonForPersonID,PersonID,CreatedDate,ModifiedDate,ResourceID | View self Report tab advanced section attributes |
PA-ViewSelf-Authentication | RequireSecondFactor,LoginRequireDeviceRegistration,AllowLoginOnlyUsingOwnedAccount,AllowAttributeSync,AllowPasswordOperations,PasswordManagerPolicyID,AgreementVersion | View self page report tab authentication attributes |
PA-ViewSelf-Contact | Telephone,MobilePhone,Fax,Email,PersonalEmail,Address | Viewself contact section attributes |
PA-ViewSelf-Extension1 | ExtensionAttribute1,ExtensionAttribute2,ExtensionAttribute3,ExtensionAttribute4,ExtensionAttribute5,ExtensionAttribute6,ExtensionAttribute7,ExtensionAttribute8,ExtensionAttribute9,ExtensionAttribute10 | View self page report tab extension attributes 1-11 |
PA-ViewSelf-Extension11 | ExtensionAttribute11,ExtensionAttribute12,ExtensionAttribute13,ExtensionAttribute14,ExtensionAttribute15,ExtensionAttribute16,ExtensionAttribute17,ExtensionAttribute18,ExtensionAttribute19,ExtensionAttribute20 | View self page report tab extension attributes 11-20 |
PA-ViewSelf-General | Active,LockedUntil,Login,LastLoginDate,PersonPasswordExpirationDate,LastPasswordChangedDate,MustChangePasswordOnNextLogin,PersonEnrolled,LastEnrollmentTime,IsOutOfOffice | View self page activity tab general section attributes |
PA-ViewSelf-Work | Title,Department,Office,Company,Location,PersonManagerName | View self work section attributes |
PreferredCountry | us,de,ch | Enter the country short codes one after the other in the above format to set them as the preferred countries to show at the top of the drop-down list in the International Telephone Input field. |
PSMAWSBucketName | Privileged Session Manager Amazon AWS S3 bucket to store recordings | |
PSMAWSRegionEndpoint | Privileged Session Manager Amazon AWS region for S3 bucket to store recordings | |
PSMAzureBucketName | Recordings | Privileged Session Manager Azure bucket name to store recordings |
PSMClientKey | bcb5909d-a600-413c-a9a3-406afa551307 | Privileged Session Manager OAuth Client API key for ClickOnce client |
PSMClientURL | https://rdp.empowersso.com/start | URL for Privileged Session Manager clickonce client Manticore https://s3.amazonaws.com/manticoredevrick/SecureAccessGateway.application / https://54.146.165.121/myrtille |
PSMClientURLDefault | https://gatewayprod.empoweriam.com | Gateway PROD RDP Manticore v2.0 |
PSMEnabled | TRUE | Determines whether the Privileged Session Manager RDP proxy is enabled in the user interface for this installation |
PSMOAuthConsumerGUID | 3a2a8bc2-7d90-4930-a589-3a061ae234cb | Privileged Session Manager RDP client OAuth credentials for Amazon AWS account for storing recordings |
PSMRecordKeyStrokes | TRUE | Determines whether recordings are captured for the privileged session manager |
PSMStorageMode | AZURE | Determines whether recordings are stored on AWS, AZURE, or in a UNC network folder location. |
PSMUNCStorageLocation | When PSMStorageMode is set to UNC, the UNC path to a network folder for storage of recordings | |
PublishToAzureConnectionString | ||
PublishToStorage | ||
PublishToTFSLocalPath | ||
PublishToTFSPath | ||
PublishToTFSURL | ||
PublishToUNC | ||
ReCaptchaAuthConsumerGUID | d68cbddb-a2a8-4de3-8daf-f1ff7f999134 | Google API key and secret for Recaptcha |
Recertification-AllowSelectSuggestedRole | FALSE | Allow selection of a suggested Business Role and Location when revoking a recertification |
Recertification-AutoProcessBusinessRoleAndLocationRevocations | TRUE | Enable auto delete business Role and Location re-certification revocations |
Recertification-EnableConditionalApproval | FALSE | Enables the decision button for conditional approval where a time constraint must be selected |
Recertification-ShowCertifierPhoto | TRUE | Shows or hides the current certifier photo on the Manager review screen |
RemoveDiacriticsForEmailAndAlias | FALSE | |
RemoveDiacriticsForEmailAndAlias_ReplaceEszett | FALSE | |
RestrictCountries | ad, ae, af, ag, ai, al, am, an, ao, aq, ar, as, at, au, aw, ax, az, ba, bb, bd, be, bf, bg, bh, bi, bj, bl, bm, bn, bo, br, bs, bt, bv, bw, by, bz, ca, cc, cd, cf, cg, ch, ci, ck, cl, cm, cn, co, cr, cu, cv, cx, cy, cz, de, dj, dk, dm, do, dz, ec, ee, eg, eh, er, es, et, fi, fj, fk, fm, fo, fr, ga, gb, gd, ge, gf, gg, gh, gi, gl, gm, gn, gp, gq, gr, gs, gt, gu, gw, gy, hk, hm, hn, hr, ht, hu, id, ie, il, im, in, io, iq, ir, is, it, je, jm, jo, jp, ke, kg, kh, ki, km, kn, kp, kr, kw, ky, kz, la, lb, lc, li, lk, lr, ls, lt, lu, lv, ly, ma, mc, md, me, mf, mg, mh, mk, ml, mm, mn, mo, mp, mq, mr, ms, mt, mu, mv, mw, mx, my, mz, na, nc, ne, nf, ng, ni, nl, no, np, nr, nu, nz, om, pa, pe, pf, pg, ph, pk, pl, pm, pn, pr, ps, pt, pw, py, qa, re, ro, rs, ru, rw, sa, sb, sc, sd, se, sg, sh, si, sj, sk, sl, sm, sn, so, sr, ss, st, sv, sy, sz, tc, td, tf, tg, th, tj, tk, tl, tm, tn, to, tr, tt, tv, tw, tz, ua, ug, um, us, uy, uz, va, vc, ve, vg, vi, vn, vu, wf, ws, ye, yt, za, zm, zw | Represents the array of countries that are allowed to show up in the International Telephone Input field. Remove the countries you don't want on the drop-down list. |
RMQAssemblyType | TheDotNetFactory.Framework.RMQueue.RabbitMQ.dll | |
RMQConnectionString | ||
RunEmpowerIDJobAsync | TRUE | |
RunWorkflowLocally | TRUE | Global setting to determine if workflow should run in UI w3p |
SignUpInitialCountry | ch | The Initial country for the Telephone input field in the sign up page. The value needs to be two letter short for the country according to the TelInput index eg. Central African Republic - cf | Chile - cl | Cambodia - kh |
SyncOffice365License | FALSE | Optionally synch O365 to ExtensionAttribute23 of the account |
TaskRenotificationEmailIsBulk | FALSE | If set to true and when no custom email template exists, default task re-notification bulk email will be sent in bulk |
TerminatePersonAdvancedInitiator | 2 | PersonID for initiator of the TerminatePersonAdvance workflow which is called by a permanent workflow for people whose ValidUntil has expired. |
TwilioFromPhone | 1.61E+10 | The from phone number used in twilio communications |
TwilioMessagingServiceID | ID of the messaging service being used to send SMS//MG0d8f5224acb980fd5ac52054f9ced3a1 | |
TwilioOTPAppName | Twilio | The name of the Twilio OAuth Application whose credentials are being used to send SMS and Voice messages |
TwilioProviderAssemblyQualifiedName | TheDotNetFactory.Framework.Api.Operations.Services.TwilioDirectProvider, TheDotNetFactory.Framework.Api.Operations, Version=0.0.0.0 | The provider that will handle sending twilio communications |
TwilioRemoteProviderHost | http://localhost:13943/api/twilio | If using the remote twilio provider, this is the url that is used to connect to the remote provider |
UseTwilioMessagingService | FALSE | To use Twilio Messaging service to send SMS and Voice, set to True. |
WebCdnPath | c:\source\EID\2014HF\Root\UI\Web Sites\EmpowerID.Web\EmpowerID.Web.Cdn | |
WebUIRuntimeCacheTimeout | 20 | The Sliding Expiration Timeout for HTTP Runtime Cache data in the EmpowerID Web UI in minutes |
WorkflowDataFactory | SQL | This setting specifies the storage location for workflow instance data. There are two possible values, SQL and Azure.
|
YubicoOTPApiKey | Yubico OTP API Key | |
YubicoOTPClientID | Yubico OTP ClientID |