EmpowerID System Settings

ABACHighRiskScore

10000

Threshold Risk Score to be used in ABAC rules

AccountInboxFilterToExcludeFromJoin

N/A

Select query to exclude the AccountIDs from getting joined /* Select AccountID from xyz*/

AccountInboxFilterToExcludeFromPersonProvision

N/A

Select query to exclude the AccountIDs from getting provisioned /* Select AccountID from xyz*/

AccountInboxJoinAndProvisionFilter

A.PersonID IS NULL AND A.Disabled = 0 AND A.Deleted = 0 AND A.AccountTypeID  2 AND A.AccountUsageTypeID = 1  AND LENA.FirstName  0 AND LENA.LastName  0  

Filter for join and provision, only accounts matching the criteria will be included. This filter appends to the AccountInboxJoinFilter for join and to AccountInboxProvisionFilter for provision see AccountInboxing_GetJoinAndProvisionFilter for sample of how to extend

AccountInboxJoinByBirthDateFirstNameLastName

TRUE

If turned on, the join rule will try to join new discovered accounts to people, based on matches on those fields

AccountInboxJoinByCustomMatch

/* -- this is a sample of how to extend the join rules with custom logic. There would be two extra rules to join by Department and City/State --uncomment the outer comment to make it active --retrieve personID by Department, first and last name UPDATE A SET A.PersonID = PJoined.PersonID, A.AttributeJoinedBy ='Department' FROM #Accounts A INNER JOIN SELECT MINP.PersonID PersonID, P.Department , P.LastName , P.FirstName FROM Person P WITH NOLOCK WHERE P.Department IS NOT NULL AND P.PersonID  3 GROUP BY P.Department, P.LastName , P.FirstName HAVING COUNT1=1 PJoined ON PJoined.Department = A.Department AND PJoined.LastName  = A.LastName AND PJoined.FirstName = A.FirstName WHERE A.PersonID IS NULL --retrieve personID by City and State, first and last name UPDATE A SET A.PersonID = PJoined.PersonID, A.AttributeJoinedBy ='City and State' FROM #Accounts A INNER JOIN SELECT MINP.PersonID PersonID, P.City ,P.State, P.LastName, P.FirstName FROM Person P WITH NOLOCK WHERE P.City IS NOT NULL AND P.State IS NOT NULL AND P.PersonID  3 GROUP BY P.City ,P.State, P.LastName , P.FirstName HAVING COUNT1=1 PJoined ON PJoined.City  = A.City AND PJoined.State  = A.State AND PJoined.LastName  = A.LastName AND PJoined.FirstName = A.FirstName WHERE A.PersonID IS NULL */

Extra custom rule/s that run at the end of the join rules by executing the SQL. It has to follow the sample code 

AccountInboxJoinByEmailFirstNameLastName

TRUE

If turned on, the join rule will try to join new discovered accounts to people, based on matches on those fields

AccountInboxJoinByEmployeeIDFirstNameLastName

TRUE

If turned on, the join rule will try to join new discovered accounts to people, based on matches on those fields

AccountInboxJoinByPersonalEmailFirstNameLastName

TRUE

If turned on, the join rule will try to join new discovered accounts to people, based on matches on those fields

AccountInboxJoinFilter

A.AllowJoin = 1  

Filter for join, only accounts matching the criteria will be included. This filter appends to the AccountInboxJoinAndProvisionFilter see  AccountInboxing_GetJoinFilter for sample of how to extend

AccountInboxProvisionFilter

A.AllowProvision = 1 AND EXISTSSELECT 1 FROM AccountStore S WHERE A.AccountStoreID = S.AccountStoreID AND S.AllowPersonProvisioning = 1  

Filter for PROVISION, only accounts matching the criteria will be included. This filter appends to the AccountInboxJoinAndProvisionFilter see AccountInboxing_GetProvisionFilter for sample of how to extend

ADUserCreatePostProcessingAlertEnabled

FALSE

Global Setting to Enable or Disable ADUserCreatePostProcessingAlert

AllowSetMustChangePasswordAtNextLogon

TRUE

Allow Set Must Change Password At Next Logon

AllowWebApiMethodInvokeProfiling

TRUE

AllowWebApiMethodInvokesWithoutCheck

TRUE

API_IISAppName

API

ApplicationLauncherOAuthConsumerGUID

f0ade541-52d1-4f60-9201-f58e9dc8f7fb

ApplicationLauncherOAuthProviderApplicationGUID

25629B1D-1585-4D19-A58F-A74D00EA30B0

ApplicationLauncherSamlConnectionID

1

ApplicationLauncherServiceProviderGuid

Azure-AuthorizationRule

MyPolicy1

Azure-ClientID

Azure-ClientSecret

AzureCosmosWFDataAuthKey

AzureCosmosWFDataSerivceEndPoint

https://eidtest.documents.azure.com:443/

Azure-DataCenterLocation

AzureJobEngineDataConnectionString

AzureManticoreConnectionString

Azure Manticore Storage Container Connection String

AzureManticoreContainerName

manticore

The Azure container which holds the session recordings

AzureNotificationHubConnectionString

Azure Notification Hub Connection String

AzureNotificationHubName

Azure Notification Hub Name

Azure-Relay

eidtest10

Azure-RelayNamespace

tenantDRelay

Azure-ResourceGroup

JobEngine

AzureSPOCosmosDocumentDBAuthKey

AzureSPOCosmosDocumentDBServiceEndPointUrl

https://eidtest.documents.azure.com:443/

AzureSPOTableDBStorageDataConnectionString

Azure-SubscriptionID

Azure-TenantID

AzureWebJobDataConnectionString

DefaultEndpointsProtocol=https;AccountName=eidazurejobengine;AccountKey=kNGSID50BEmwdInwNwbOyFmzrO+M/PggUHkSU5Nb9xq/ACzFj0CWn4H5SNALMY17TKJFz7qbnVa8qojP25dVhw==;EndpointSuffix=core.windows.net

AzureWebJobHost

FALSE

AzureWFDataConnectionString

N/A

Specifies the Azure blob connection string when storing workflow data instance in Azure blob. When using Azure blob, the value of the WorkflowDataFactory setting must be updated from SQL to Azure.

BOTEnableBot

FALSE

Enables the EmpowerID Bot

BOTSecret

SI6PAkoG9cY.cwA.lko.Ysq1FIFhEkhAcYelcIkZyaHWkm6kJr0LeiE_JiafgvA

Secret for the EmpowerID bot

BOTUrl

https://webchat.botframework.com/embed/EmpowerIDBot1

Url of the EmpowerID Bot

Captcha-HideAndSkipValidationGloballyForTesting

FALSE

Hide Captcha And Skip Captcha Validation Globally For Testing

ConsumerSelfRegisterEnabled

TRUE

Consumer Self Registration setting to skip person registration in workflow if set to false

CoreIdentityProvisionLogic

Enter custom Core Identity provisioning logic

CountryISOAlpha2Code

US

Country ISO Alpha 2 code used to mask phone numbers during MFA. Refer to http://www.nationsonline.org/oneworld/country_code_list.htm

DeviceRegistrationCookieExpirationInDays

15

Expiration days of the device registration cookie

DisableCartCommentRequired

TRUE

DisableCartCommentRequired

DisableCrossPackagePublishCheck

FALSE

DUOAPIHostname

DUOIntergrationKey

DUOSecretKey

EidAuthenticationPassphrase

761a0e0e0330439286d0a739c7d7553b

EidAuthenticationSalt

016fc391fef14cf0a11e03a7b0814e7c

EIDBrowserExtensionChromeID

ompmlbphcpnjopgdoknaibgjagocjbbe

ID of the latest Chrome Browser Extension in the Chrome Store

EIDBrowserExtensionFFInstallPath

http://www.empowerID.com

Path to the installation location of the Firefox SSO Browser Extension

EIDBrowserExtensionIEInstallPath

http://crossrider.com/download/ie/81138

Path to the installation location of the Internet Explorer SSO Browser Extension

EIDBrowserExtensionVersion

81138

ID of the Browser Extension version used to build the URL for download and installation

EidCdnEnableResourceCheckCache

FALSE

EidCdnServerUrl

/EmpowerIDWebCDN

EidChromeFrameIEVersion

8

EidEnableLocalizationDebugging

FALSE

EidIdPSessionTimeout

480

IdP Portal Session Timeout in minutes

EidInstallationGUID

a32dd358-317b-4c84-bf10-a145236387c5

EidLoginAfterXFailsShowCaptcha

4

After x failures on the login page show the CAPTCHA

EidMaxReportResults

500000

Maximum number of results allowed in the email me as report feature

EidMultiFactorRetryLimit

3

Number of times to retry two-factor authentication before reverting to login page

EidPasswordlessLoginEnabled

TRUE

Option to enable/disable PasswordlessLogin option on the login page

EIDPersonExpirationNotificationDaysBefore

21

How many days to notify before person expires. Used by PersonExpirationNotification permanent WF

EIDPushNotificationTimeout

30

EmpowerID push notification and registration timeout in seconds

EmailApprovalByEmailEnabled

FALSE

EmailEWSEmailProviderMailboxAccountID

EmailEWSEmailProviderMailServerURL

EmailGlobalBCCRecipient

Sends a copy of every email to the specified email address in any mode as a BCC.

EmailSmtpEmailProviderFromAddress

Default from address for all EmpowerID notifications

EmailSmtpEmailProviderMailboxAccountID

AccountID of an account that has a vaulted password to be used for authenticated send email

EmailSmtpEmailProviderMailServer

dc-exch.addomain.com

Email Server used to send out EmpowerID System email messages

EmailSmtpEmailProviderUseSSL

TRUE

Use SSL for SMTP

EmailSmtpPortNumber

25

SMTP Port for TLS 

EmailSmtpUseTLS

TRUE

if true and EmailSmtpEmailProviderUseSSL is true, EID uses TLS to connect to the smtp server   

EmailTestMode

FALSE

If true, sends all emails to a specific email address in the EmailTestModeGlobalRecipient settings.

EmailTestModeGlobalRecipient

Sends a copy of every email to the specified email address in any mode as a recipient.

EmpowerID_IISAppName

EmpowerID

EmpowerIDWebCDN_IISAppName

EmpowerIDWebCDN

EmpowerIDWebIdPForms_IISAppName

EmpowerIDWebIdPForms

EmpowerIDWebIdPSmartCard_IISAppName

EmpowerIDWebIdPSmartCard

EmpowerIDWebIdPWindows_IISAppName

EmpowerIDWebIdPWindows

EmpowerIDWebIdPWSFederation_IISAppName

EmpowerIDWebIdPWSFederation

EmpowerIDWebReports_IISAppName

EmpowerIDWebReports

EnableBulkRecertification

FALSE

Enables or disables the ability to make a bulk decision for multiple recertification items

EnableCookieSecureAttribute