Customer settings
Visible settings
The following lists present all customer settings that are visible and available in a default installation of Omada Identity. For each setting, find its corresponding Key - you can use the Key to change values for the individual setting in the configuration files.
Archiving
| Name | Description | Default value | Access rights |
|---|---|---|---|
| Populate archive database | Copy a number of object versions into the archive database. Key: ArchiveTimerWaitCycle - the number of seconds between each cycle. | 60 | Platform admin |
| Populate archive database | Copy a number of object versions into the archive database. Key: ArchiveVersionBatchSize - the number of object versions in each cycle per object type. | 1000 | System admin |
| Populate archive database (long cycle) | Copies other entities than data object versions into the archive:
The number of seconds between each cycle. On top of that, there is a 60 second interval between the archiving of each of the entities. Key: ArchiveTimerWaitCycleLong | 3600 | System admin |
| Maintenance of the archive database | Purges aged data from the archive database - Data object versions and Survey approvals. It runs on the same schedule as the above (every hour, 60 seconds after the last entity). Key: MaintenanceArchiveEntries - the number of object versions deleted by cycle. Key: MaintenanceArchiveDeleteAfterDays - the number of days after which object versions are deleted. | 30 730 | Platform admin |
Audit trail and authoritative source policy unfolding used by ODW
| Name | Description | Default value | Access rights |
|---|---|---|---|
| Unfold authoritative source policies | Populates the auth source policy definition and unfolds a complete map between policies and identities in the archive database. Sets the interval in seconds between executions. If a policy has been added or one has changed, the task runs a full population which is a heavy-duty task. It runs a full cycle every 22 hours which is a heavy-duty task. Key: ArchiveTimerWaitAuthSourcePolicyCycle | 300 | System admin |
| Populate audit trail decisions | Populates the decision tables in the archive database: Access request approvals, SoD approvals, and Recertification approvals. Sets the interval in seconds between executions. Key: ArchiveTimerWaitAuditTrailCycle | 300 | System admin |
Horizons feature enabled
With the Horizons feature enabled, the Authoritative Source Policies are not used to determine which source system is authoritative for the property on the Identity, Context, or Resource objects in ODW. For more information, go to Authoritative Source Policies.
Customer IAM
| Name | Description | Default value | Access rights |
|---|---|---|---|
| CIAM Terms Documents | Enter or paste the types of documents that CIAM website will check if the newest version has been accepted. Key: CIAMTermsDocuments | Cookie policy, Privacy policy, Terms and conditions | System admin |
| DefaultLanguageCIAM | Language assigned to new CIAM users by default. Key: DefaultLanguageCIAM | 1000 | System admin |
| CIAM portal URL on-prem | Enter or paste the full URL to the CIAM website, including the preceding protocol (http), for example: http://ciam.somecompany.com. Key: CIAMPortalUrl | http://ciam.somecompany.com | Platform admin |
| IP mask for CIAM portal servers on-prem | Enter or paste an IP mask for the CIAM portal servers. Example: 192.168.10., 192.168.11. Key: AllowedImpersonationIPMask | - | Platform admin |
Defaults
| Name | Description | Default value | Access rights |
|---|---|---|---|
| Access Request - Show already assigned resources | Specify if already assigned resources should be visible in the Access Request screen. This can be changed by the user and their choice will be saved in a personal UserSetting. Key: AccessRequestShowAlreadyAssigned, ResourcesDefault | False | System admin |
| Default culture | The default culture (language) that is assigned to new users. The available values in a default installation are en-US, de-DE, da-DK. Your organization may have other cultures/languages available. Key: DefaultCulture | en-US | System admin |
| Default language | The default language that is assigned to new users. Key: DefaultLanguage | 1000 | System admin |
| Default menu item | The default page users see when they open the application in a browser. To find the number for the page you want to display, go to Setup > Master Data > Menu Structure. In the Tree Structure, click the page you want to use as your start page. When the dialog box for that page opens, hold down Ctrl and right-click to open the context menu. Select Query String. The number you need is listed as mi=X, where X is the page number.Key: DefaultMenuItem | 1174 | System admin |
| Default system owner | Specify the data object ID of the default system owner. Used by the self-management extension in RoPE to set an owner if the last owner is removed. If set to 0, the owner will not be set. Key: DefSystemOwner | 0 | System admin |
| Default role folder owner | Specify the data object ID of the default resource folder owner. Used by the self-management extension in RoPE to set an owner if the last owner is removed. If set to 0, the owner will not be set. Key: DefRoleFolderOwner | 0 | System admin |
| Default time zone | Enable that a default time zone is assigned to recently created users. Date time values in Omada Identity are displayed and assumed to be provided in the signed-in users time zone set in My Settings of the signed-in user. If the user's operating system's time zone is different than their time zone, an invalid conversion may occur while saving the value of the data object or customer setting. Therefore, it is required that the user's time zone is the same as the operating system's time zone. Key: DefaultTimeZone | - | System admin |
| Default "Primary Context" Type | Specify the default primary context for identities. There is no system-default context. Key: DefPrimaryContextDOT | OrgUnit | System admin |
| Narrow Role Assignment ValidFrom | If you set this to True, the ValidFrom of new RoleAssignment objects will be narrowed to the ValidFrom of the Identity. If you set this to False, the ValidFrom will set to the values set by the calling method. Key: NarrowRAValidFrom | False | System admin |
| Narrow Role Assignment ValidTo | If you set this to True, the ValidTo of new RoleAssignment objects will be narrowed to the ValidTo of the Identity. If you set this to False, the ValidTo will set to the values set by the calling method. Key: NarrowRAValidTo | False | System admin |
| Fire Events on Deletion of Reference Objects | If disabled, events will not be fired on deletion of a referenced object. Key: FireEventsOnRefObJOnDeletion | True | System admin |
GDPR
| Name | Description | Default value | Access rights |
|---|---|---|---|
| GDPR anonymization value | Set the value used by anonymization import profiles to overwrite the data. Key: GDPRAnonymizationValue | ANONYMIZED | System admin |
Maintenance
| Name | Description | Default value | Access rights |
|---|---|---|---|
| Delete completed processes | Enter or edit the number of completed processes to be marked as deleted. Key: MaintenanceDeleteCompletedProcessesEntries Enter or edit the number of days to pass after completion of a process before the system should mark it as deleted. Key: MaintenanceDeleteCompletedProcessesAfterDays | 3 365 | System admin Platform admin |
| Prevent deleting target objects | Enter or paste a comma-separated lists of process template UIDs. The default value is for Delegation target objects. When the system deletes completed processes, target objects for templates in this list are excluded. Key: MaintenanceCompletedProcessesExcludeTemplates | d78720ac-735b-4496-b79e-d226c09e9bce | System admin |
| Purge aged data object versions | Deletes a chunk of data object versions with an age above the minimum age defined on the data object type. Set the number of object versions deleted per data object type in each cycle. Key: DOVPurgeChunk | 1000 | Platform admin |
| Purge obsolete data object versions | Deletes a chunk of aged data object versions for object types without version history (history is always added for performance reasons). Set the number of object versions deleted per data object type in each cycle. Key: DOVPurgeChunk | 1000 | Platform admin |
| Purge obsolete data object version property value entries | Deletes a chunk of rows from the tblDataObjectVersionPropertyValue* table for non-current data object versions. Those rows are only used for the current object version and only for searching, and are added for performance reasons. Set the number of rows deleted per cycle for each table. Key: PVPurgeChunk | 1000 | Platform admin |
| Purge deleted data objects | Delete a number of data objects which are marked as deleted. Set the number of rows deleted per cycle for each table. Key: MaintenancePurgeObjectEntries - sets the number of data objects deleted per cycle. Key: MaintenancePurgeObjectAfterDays - sets the number of days after the deletion before the object can be deleted | 1 365 | System admin Platform admin |
| Purge deleted work items | Purges work items which are completed or where the process is completed or terminated. Sets the number of work items to purge. Key: MaintenancePurgeDeletedWorkItemsEntries | 3 | System admin |
| Purge deleted processes | Purges process which has been marked as deleted. Key: MaintenancePurgeDeletedProcessesEntries - sets the number of processes to be deleted. Key: MaintenancePurgeDeletedProcessesAfterDays - sets the number of days a process must be marked as deleted before is purged. | 3 365 | System admin Platform admin |
| Pruning of log tables | Deletes a number of rows from the following log tables above a certain age:
Key: MaintenanceLogFileMaxEntries - sets the number of rows deleted on each cycle. Key: MaintenanceLogFileDeleteAfterDays - the minimum age in days of a log entry before it can be deleted | 30 180 | System admin Platform admin |
| Enable maintenance | Enables or disables the maintenance tasks for deleting obsolete data and pruning of log tables. Key: EnableMaintenance | true | Platform admin |
| Enable resource eligibility filtering | Enables eligibility filtering of resources depending on their contexts and the contexts of the chosen identities in Access request. Key: EnableResourceEligibilityFiltering | true | System admin Platform admin |
| Maintenance work week | If the the value is 0 (as by default), it always runs maintenance tasks. If the specified WorkWeekID is not found, it logs a warning and runs maintenance tasks. Key: MaintenanceWorkWeek | 0 | System admin |
| Age of OIS Data Warehouse object versions to delete (days) on-prem | The minimum number of days that object versions can be old, before they should be deleted from the Data Warehouse database. For example: 365 days (1 year). Key: ODWCleanupMinimumAge | - | Platform admin |
| Auto delete warehouse logs on-prem | Specify the maximum age of import logs (in days) that are preserved after running the Clean-up import profile. If set to 0, no import logs are deleted. Key: ODWAutoDeleteLogs | 0 | Platform admin |
| Log maintenance max entries on-prem | Number of rows deleted in each log table in each maintenance cycle. Key: MaintenanceLogFileMaxEntries | 30 | System admin |
| Maximum batch size of OIS Data Warehouse object versions to delete (days) on-prem | The maximum number of days of object versions to include in the deletion process, for example an interval of 14 days. Key: ODWCleanupMaximumBatchSize | - | Platform admin |
Password Reset
| Name | Description | Default value | Access rights |
|---|---|---|---|
| Enable anonymous password reset | Enable or disable the password reset page based on challenge. Key: PWRANONENABLED | True | System admin |
| Password reset enroll questions | Enter or edit the number of questions to show in the password reset enrollment process. Key: PWRNoEnrollQuest | 4 | System admin |
| Password reset enrollment notification | If you set this to True, you enable the system to send notifications to end-users when they successfully enroll for password reset. Key: PWREnrollSuccessNotif | True | System admin |
| Password reset failure notification | If you set this to True, you enable the system to send notifications to end-users when a password reset is not successful. Key: PWRResetFailedNotif | True | System admin |
| Password reset hard lock threshold | Enter or edit the number that specifies the number of allowed reset failures before an identity is hard-locked. Key: PWRHardLockoutCount | 6 | System admin |
| Password reset lookup property | Enter or edit the property used to verify the identity for the password reset. Key: PWRLookupProperty | IDENTITYID | System admin |
| Password reset number of correct answers | Enter or edit the number of correct answers required for the password reset process to be successful. Key: PWRNoCorrectAnswers | 3 | System admin |
| Password reset number of reset questions | Enter or edit the number of questions to show in the password reset process. Key: PWRNoResetQuest | 4 | System admin |
| Password reset owner notification | If you set this to True, you enable the system to send a notification to owners or managers when a user’s password reset is successful. Key: PWRResetSucOwnrNotif | True | System admin |
| Password reset require SSL | If you set this to True, you enable that a secure SSL connection is required when you use the password reset functionality. Key: PWREnforceSSL | True | System admin |
| Password reset AD Management Agent | Enter or paste a system ID for the AD Management Agent if you use this functionality. Key: PWRADSYSTEMID | - | System admin |
| Password reset Azure Management Agent | Enter or paste a system ID for the Azure Management Agent if you use this functionality. Key: PWRAZURESYSTEMID | - | System admin |
| Password reset LDAP Management Agent | Enter or paste a system ID for the LDAP Management Agent if you use this functionality. Key: PWRLDAPSYSTEMID | - | System admin |
| Password reset RoPE Management Agent | Enter or paste a UID for the RoPE Management Agent if you use this functionality. Key: PWRFIMMAUID | - | System admin |
| Password reset soft lock duration | Enter or edit the number to specify the duration (in minutes) of a soft lock of an identity. Key: PWRSoftLockoutMinutes | 3 | System admin |
| Password reset soft lock fail threshold | Enter or edit the number of allowed reset failures before an identity is soft locked. Key: PWRSoftLockoutCount | 3 | System admin |
| Password reset success notification | If you set this to True, the system sends notifications to end-users when the users’ password reset is successful. If you set this to False, the system does not send a notification to the end-users when their password reset is successful. Key: PWRResetSuccessNotif | True | System admin |
| Password reset throttling factor | Throttling of password reset threads by delaying the responses using this factor. Key: PWRThrotFact | 100 | System admin |
| Password reset throttling threshold | Start throttling of password reset threads when failures exceed this threshold. Key: PWRThrotThres | 20 | System admin |
| Password Reset Enforce Password Validation | If You set this to True, changing the password requires providing old password. Key: PWREnforcePWValidationDue to possible security risk does not recommend changing the setting default value. | True | System admin |
Role and Policy Engine
| Name | Description | Default value | Access rights |
|---|---|---|---|
| Attributes to resolve display values for | Enter a comma-separated list of attributes for which you want to resolve ‘human readable’ display values, for example:SM_IDENTITIES, SM_RESOURCES,SM_ORGUNITS,MAILBOXREFKey: AttributesToResolveDispValuesFor | SM_IDENTITIES, SM_RESOURCES, SM_ORGUNITS,MAILBOXREF, AZURERESOURCE | System admin |
| Await fulfillment confirmation from ODW | If you set this to True, you enable the provisioning status OK (Pending confirmation). This status is shown when your provisioning has been fulfilled but may not be usable until it has been confirmed via the Omada Data Warehouse. Key: UseProvStatusOkPendingConfirm | False | System admin |
| Halt processing if resolution issue? | If you set this to True, RoPE halts the processing of a batch if it cannot resolve all resources. This can happen during calculation of identities during an ODW export that contains new resources because RoPE cannot resolve all assigned resources if they have not yet been created as data objects. Key: RoPEHaltOnResolError | False | System admin |
| Ignore indirect ODW assignments | Set if RoPE should ignore indirect resource assignments in the ODW. Key: SkipActualIndirectAssignments | True | System admin |
| Master data cache expiry | Master data cache expiry (in seconds). Key: RoPEMasterDataCacheExpiryPeriod | 600 | System administrators |
| Master data caching | Enables the caching of certain master data from ES in RoPE: objects originating from DataObjects, mainly identity, resource, resource assignment, system, resource type and context. When enabling this setting, RoPE will use substantially more RAM. Key: RoPEMasterDataCache | False | System administrators |
| RoPE: Access Groups | Specify the user groups that should have access to calculation results from RoPE. Key: RoPEAccessGrps | System administrators, Operation administrators, Auditors | System admin |
| RoPE: Pre-validity days | Set the number of days that assignments are pre-valid (or calculated) before their validity period begins. Key: RoPEPreValidityDays | 3 | System admin |
| RoPE: Reference attributes | Specify delimited system names of reference properties to treat as reference attributes in RoPE. If you use the default value, reference properties are treated as string attributes in RoPE. Key: RoPEReferenceAttribs | ROLESREF | System admin |
| RoPE: Skip implicit assignments? | If you set this to True, you disable assignments of implicit enterprise and application roles. Key: RoPESkipImplAssns | False | System admin |
| Skip implicit assignments for technical identities | Set it to True to skip assignments of implicit enterprise and application roles for technical identities. Key: RoPESkipImplAssnsForTechIdent | False | System admin |
| Skip orphan permission assignments | If set to True RoPE will only calculate orphan account assignments for the UNRESOLVED identity. Key: SkipOrphanPermissions | False | System admin |
| Actual accounts view name on-prem | Enter or paste the name of the database view in ODW that is used for retrieving actual accounts. Key: RoPEActualAccountsView | RoPE_Account | Platform admin |
| Actual permissions view name on-prem | Enter or paste the name of the database view in ODW that is used for retrieving actual permissions. Key: RoPEActualPermissionsView | RoPE_ ResourceAssignment | Platform admin |
| Batch size in bulk operations on-prem | The number of records to insert per database bulk operation. Key: RoPEDbBulkSize | 5000 | Platform admin |
| Command timeout (in seconds) on-prem | Enter a number to set the timeout that applies to SQL commands run against the RoPE database and the ODW database. The timeout does not apply to the Omada Identity database. Key: RoPEDbCmdTimeout | 30 | Platform admin |
| Log last status message on-prem | If enabled, the last status message from RoPE is written to the Settings table. Key: LogLastStatus | False | Platform admin |
| Remote API URL on-prem | Enter or paste the URL to the Remote API, for example: _http://MyServer/RoPERemoteApi/_Key: RoPERemoteApiUrl | http://localhost:8010/RoPERemoteApi/ | Platform admin |
| RoPE: Ignore the ODW on-prem | If you set this to True, RoPE runs without using the data from Omada Identity Data Warehouse. If you enable this, it has the following consequences: you must manually maintain the Resource Data Objects for the managed systems in Omada Identity, the Manual Provisioning feature does not work as it relies on reading provisioning confirmations from the Data Warehouse. The Provisioning status information is not going to be accurate as there are no provisioning confirmations available. The same applies to the Compliance status and Compliance workbench. Key: RoPEIgnoreODW | False | Platform admin |
Security
| Name | Description | Default value | Access rights |
|---|---|---|---|
| Access group collection 1 Access group collection 2 Access group collection 3 | Enter a comma-separated list of user group UIDs. This is used in access modifiers to apply a modifier to specified groups. You can define any number of access group keys in this setting. Keys: AccessGroups1, AccessGroups2, AccessGroups3These settings are no longer in use. From version 14 onwards, the access is applied in authorization roles for the relevant access modifiers. | - | System admin |
Administrator rights to code method log  | Require membership of the System administrators group to read the code method log. Key: ReqAdmRightToCodeLog This customer setting is deprecated starting from the November 2024 cloud release and 15.0.3 on-prem release. All access to code method log should be handled using the Code method log authorization element. For more details, read New authorization element: Code method log in November 2024 release highlights. | True | System admin |
| Administrator rights to mail log | When set to True, only members of an administrator user group can see the email details in the Email log view. If False, then the System admin, Operation admin and Service Desk group members can see the mail details. Key: ReqAdmRightToMailLog This customer setting was deprecated in the October 2024 cloud release and 15.0.2 on-prem release. All access to email log and sent emails should be handled using the Email log authorization element. For more details, read: Access to Email log. | True | System admin |
| Allowed file extensions for data object attachments | Files of this type can be uploaded and attached to data objects. Key: DataObjAttachFileExtns | - | System admin |
| Content of the X-Frame-Options HTTP header | Defaults to sameorigin because the application itself uses iframes. If a custom implementation originating from another website uses Omada Identity pages inside a frame, the value of this setting must be cleared. Key: XFrameOptions | sameorigin | System admin |
| Information level on end-user error page | Specify the amount of information to display in an error message. 0 = Timestamp only 1 = Timestamp + Exception.Message 2 = Text hidden but sends Timestamp + Exception.Message 3 = Text hidden, but sends all Information, stacktrace, and so on. 9 = All information, stacktrace, and so on. Key: ErrorUsrInfLevel | 9 | System admin |
| Non-auth role master data admins | A comma-delimited list of user group UIDs. The user groups you specify here are allowed to manage master data that is not controlled by the authorization role logic. If you do not specify any groups, the built-in Administrators groups are granted access. Key: MasterDataAdmins | - | System admin |
| OpenID logout redirect | If this setting is set to True, the users who log out are redirected by their identity provider to the Omada Identity portal. Key: OpenIDLogoutRedirect | False | System admin |
| Sanitize SQL statements | If this setting is set to False the execution of unsafe SQL statements is possible. Key: SqlSanitizeStatements | True | System admin |
| Set new user password | If you set this to True, you enable that a new password dialog box is shown after you have created a new user. If you set this to False, you must manually right-click the name of the new user in the list of users to find the Change Password item on the shortcut menu. Key: SetNewUserPsw | False | System admin |
| Validate the InResponseTo attribute in SAML Assertions | This setting allows you to decide whether to support IdP initiated SAML Logins. You can set this to False if IdP initiated SAML login is required. Key: SAMLInResponseToValidation | True | System admin |
| Enforce SSL access req mobile on-prem | If you set this to True, you enforce the use of SSL in the mobile survey approval function. Key: MobileAccessReqApprovalEnforceSSL | True | Platform admin |
Software version
info
The Software version customer settings are available in a default installation of Omada Identity but are set as read-only and are for informational purposes only. These settings cannot be changed within the interface and should not be changed by other means.
| Name | Description |
|---|---|
| Application Version | Displays the application version. The application version is set during installation. Key: AppVer |
| Initial installation date | Shows the date on which the initial installation of the software took place. Key: InitialInstallDate |
| Initial software version | Contains information about the version of the software used in the initial installation. Key: InitialSWVersion |
| OIS Database Version | Display the version of the Omada Identity database. Key: OimDbVer |
| Database Patch Version on-prem | The version of the database patch. The database patch version for SQL that is set during the installation. Key: DbVer |
Standard Application
| Name | Description | Default value | Access rights |
|---|---|---|---|
| Access Request Require Account For Permission | Decide if the Access Request process requires that a beneficiary has an account in the system for a permission resource being requested. Key: AccessRequestRequireAccountForPermissionAll child resources of a compound resource are traversed. That is, when you request a compound resource, it is checked whether a Calculated Account Resource Assignment (CARA) exists for any child permissions for which the auto-account creation is disabled. If the permission resource is configured as a child in a logical role of a separate application for which auto-account creation is enabled, RoPE calculates the following warning, stating that the account is missing in the physical system. | True | System admin |
| Allow multiple request property system name | This customer setting requires entering the system name of a Boolean property that exists on a Resource DOT as a value. If this property is set to True on a given Role resource, the system allows you to create an access request for this resource, even if it is already assigned to an Identity. Key: AllowMultReqPropSystemname | - | System admin |
| Auto-complete max items | The maximum number of items to show in controls which have the autocomplete functionality, for example, reference and set properties. Key: AutoCompleteMaxItems | 10 | System admin |
| Create identity user as inactive | If you set this to True, the user will be set as inactive. Key: CreateIdentityUserAsInactive | False | System admin |
| Delegation admins | Enter the user group UIDs which have access to setting up delegation on behalf of all others without being their manager. To be visible and used, it must be added manually to the database table tbl.CustomerSetting with a Null value. Key: DelegationAdmins | Null | System admin |
| Delegate exclusively to the delegate | Set it to True to have the effective rights of self management resources removed from the delegator. Key: DelegationExclusive | False | |
| Delegation on behalf of enabled | If enabled, it is possible for managers and delegation administrators to delegate access for a user on behalf of another user. Key: DelegationOnBehalfOf | False | |
| Delegation on behalf of enabled for any manager level | If enabled, it is possible for a manager on any level to delegate access to her subordinates. Key: DelegOnBehalfAnyLvl | False | |
| Enable account creation notification | If set to False, the event definitions and email templates generated automatically when a new system is created are disabled by default. Key: EnableAccountCreationNotification | True | System admin |
| Enable grace period customer setting | When transferring an identity without the usual transfer process, set this setting to True in order to apply the number of days of the Context type's Grace period property to the context assignment. Key: EnableGracePeriodWithoutTransferProcess | False | System admin |
| Enable mobile flow for access requests | If you set this to True, the system generates an approval email with links to approving/rejecting a resource request. Key: EnableMobileAccessReqApproval | False | System admin |
| Global service desk agent mode | Set it to True to allow all members of the Service desk agents user group to have access to all identities in the system regardless of which context they are service desk agent for. Key: GlobalServiceDeskAgentMode | False | System admin |
| Max contractor validity days | Set the number of days in which a contractor can be valid. Key: ContractorMaxValidity | 0 | System admin |
| Maximum number of objects returned in an OData response | Allows you to limit the number of data objects retrieved via OData API in one server response. Enter any value greater than 0 to enable the setting and set the number of entries to return in the OData API response. Key: ODataPageSizeLimit | 0 | System admin |
| Show all identity views in policy forms | If you set this to True, you can select any given identity view in the Identity View property form for SoD Constraint and Assignment Policy. Key: ShowAllIdentityViewsInPolicy, Forms | False | System admin |
| Skip events when resource assignments are updated by the system | Controls whether events should be suppressed when a resource assignment data object is updated by the system. Key: SkipEventsWhenResource, AssignmentsAreUpdatedBySystem | False | System admin |
| Survey approval process template | Specify the unique ID for the survey approval process template. Key: SurveyApprovalProcess, TemplateId | 307c89de-5ca1-45d7-8bbd-9acd1f1dc83e | System admin |
| Unfold child roles | If it is set to False, the child resources are not shown in My Access Requests screen. Key: MyReqUnfoldChildRoles | True | System admin |
| Use Access Request Approval (ed2) on-prem | If you set this to False, you disable the use of the Access Request Approval (ed2). This version is based on the Survey module. Key: UseAccessRequestApprovalEd2 | True | Platform admin |
| Enable filtering by System name | It controls the visibility of the System section in the Service catalog . Key: EnableFilteringBySystemName | True | System admin |
Start import settings
| Name | Description | Default value | Access rights |
|---|---|---|---|
| SQL Agent job proxy | To start the SQL Agent job, enter a credential proxy for the import. This proxy should be for the application pool identity of Omada Identity. Key: SqlAgentJobProxyAccountName | - | System admin |
| SQL Agent job server instance on-prem | Enter the SQL instance for which the SQL Job should be created and invoked. Key: SqlAgentJobServerInstance | localhost | Platform admin |
| SSIS Package server instance on-prem | Enter the SQL Server instance in which the ODW SSIS packages should be stored. Key: SqlAgentJobSSISServerInstance | localhost | Platform admin |
| Start import as SQL Agent job on-prem | If you set this to True, you start the import using a SQL Agent Job instead of Windows Management Instrumentation (WMI). Key: SqlAgentJobUse | False | Platform admin |
Horizons feature enabled
With the Horizons feature enabled, the Start import setting is no longer available.
User Interface
| Name | Description | Default value | Access rights |
|---|---|---|---|
| Access request - popularity period | Period (number of days in the past) to include when searching for popular direct assignments. Key: AccessRequestPopularityPeriod | 30 | System admin |
| Access request - popularity enabled | Set this to True to enable the access request popularity feature. The resources will then be sorted by the direct assignments' popularity within the selected context. Key: ARPopularityEnabled | True | System admin |
| Allow Mass Update | If you set this to False, you disable the possibility to mass update data objects. Key: AllowMassUpdate | True | System admin |
| Auto collapse form sections in Request Access | You can enable auto collapse of form sections in the Request Access process. Key: AutoCollapseRAFormSections | True | System admin |
| Clear compensation control on SoD re-evaluation | SoD re-evaluation processes clear the compensating control. This can be prevented with this setting. Key: SoDReEvaluationClearCompControl | False | System admin |
| Clear reason on SoD re-evaluation | SoD re-evaluation processes clear the reason text. This can be prevented with this setting. Key: SoDReEvaluationClearReason | False | System admin |
| Default dashboard | Specify the default dashboard to display when a user clicks the logo in the upper-left corner of the Omada Identity user interface. Key: DefaultDashboard | My dashboard | System admin |
| Disable debug context menu | If you set this to True, you disable the debug context menu that you make appear by hitting CTRL+right-click. In production environments it may be relevant to turn off this setting to avoid impact on system speed and security. Key: DisableDebugCntxMenu | False | System admin |
| Disable "Reference Tree" dialog | If you set this to True, you disable the Reference tree dialog box. Key: DisableRefTree | False | System admin |
| Enable Access Req Attributes by default | If you set this to False, you disable the use of attributes in access requests by default. Key: EnabAcsReqAttrsByDef | True | System admin |
| Hide change password menu item | If you set this to True, the Change password item in horzmenu.aspx is hidden. Key: HideChangePasswordMenuItem | False | System admin |
| Items displayed in Access request resource selection | Configures the number of items displayed per page in the Access Request Resource selection grid. Key: ARItemsPerPageThe configurable range of displayed items is limited between 1 and 1000 per page. | 5,10,20 | System admin |
| Items displayed per page | Edit or remove the number of items that are displayed per page in list pages across the user interface. You must write the numbers as comma-separated values, for example, 40,60, 0 shows all items on all list pages. Key: ItemsPerPage | 20,40 | System admin |
| KPI Widget Style | CSS class name for KPI widgets. Default if empty. To switch to the fully colored KPI tile style, use the value Colorful. Key: KPIWidgetStyle | System admin | |
| Limited Mode Execution Time Threshold | If the rendering time of a data object view takes more seconds than this value, then sorting on property fields is automatically disabled Key: LimitedModeExecutionTimeThreshold | 3 | System admin |
| Limited Mode Threshold | If the rendering time of a data object view takes more than configured amount of time or it contains more than this no. of data objects, then counting is automatically disabled Key: LimitedModeThreshold | 1000 | System admin |
| Require explicit Work Item acceptance | Decide if explicit acceptance of an activity is required before you can carry out any work on an activity. If you set the setting to True, you enable that assignees must make explicitly accept an activity before they can complete a work item. If you set the setting to False, the auto accept feature is automatically ignored. Key: ReqExpWorkItemAccept | False | System admin |
| Require update access for reassignments | If you set this to True, only users who have update access can perform reassignments. This imposes restrictions on the users who can perform reassignments. Key: ReqUpdAcsForReassn | False | System admin |
| Services menu dashboard | Enter the name of the page you want to open when you click the Services button in the left-hand menu. Key: ServicesMenuDashboard | Services menu | System admin |
| Skip window status text | Key: SkipWindowStatusText | True | System admin |
| Show print on headline | If you set this to True, a Print icon appears between the Help icon and shortcut menu icon on list screens and not on the headline context menu. If you set this to False, the Print function is listed in the headline context menu (shortcut menu) for DataObjectList, WorkItemList, and WorkItemDlg.Key: ShowPrintOnHeadline | False | System admin |
| Treat CodeMethod Errors Friendly | Decide if you want to display a non-fatal error message to the user when exceptions to code methods occur. If you set this to False, no error messages are shown in the Omada Identity user interface. Instead, they redirect to an error page that displays in the main information area. If you need to see the error message despite of the validation method for the end-user, you can throw an exception in the code method called Omada.OE.CodeMethodLib.FriendlyException.Key: TreatCMErrsFriendly | True | System admin |
| UI Theme | Enter the name of the user interface theme to use with your organization’s version of Omada Identity. Key: UITheme | Default | System admin |
| UI Theme Primary Color | The primary color used in the UI theme. Key: UiThemePrimaryColor | #002838 | System admin |
| UI Theme Secondary Color | The secondary color used in the UI theme. Key: UiThemeSecondaryColor | #58C1A1 | System admin |
| UI Homepage shortcuts | You can remove shortcuts by editing the JSON file in the UiHomePageActions. To do that, simply remove the whole item object. Key: UiHomePageActions | - | System admin |
| Number of queries resources | It limits the number of resources displayed in the dropdown. Key: numberOfQueriedResources | 50 | System admin |
| Service catalog Access request | It filters resources, systems and business context. Key: enableSearchFiltering | - | System admin |
| The Language field in the My settings page is read only | The setting must be True when the Language field is maintained using Governance for Omada Identity. Key: ActUserLanguageReadOnly | True | System admin |
| The Regional settings field in the My settings page is read only | The setting must be True when the Regional settings field is maintained using Governance for Omada Identity. Key: ActUserCultureReadOnly | False | System admin |
| The Time zone field in the My settings page is read only | The setting must be True when the Time zone field is maintained using Governance for Omada Identity. Key: ActUserTimeZoneReadOnly | False | System admin |
| Global search in the new UI identities | This setting enables global search in new UI identities and My identities view. Key: GlobalSearchInNewUIIdentities | True | System admin |
| Use new UI Request flow | This setting enables new UI request flow. Key: UseNewUIRequestFlow | True | System admin |
| Access Request: Enable filter suggestions for resource types and systems | Adds filter suggestion chips for resource types and systems in the new Access request process. Enabling this feature may have negative impact on resource search performance, especially in environments with large databases of resource types or systems. Key: EnableFilterSuggestionsForResourceTypesAndSystems | False | System admin |
| Launch approval process with timer service | When set to true, the approval process is launched by the timer service rather than as part of the request access process. Key: LaunchApprovalProcessWithTimerService | False | System admin |
Warehouse
| Name | Description | Default value | Access rights |
|---|---|---|---|
| SQL task timeout | Type the number of seconds for timeout for SQL tasks. You must not set this to 0 in a production environment! Key: ODWSqlTimeOut | 7200 | System admin |
| Enable Analysis Services on-prem | Controls whether to use Analysis Services to provide KPIs and key figures for dashboards. Key: EnableAnalysisServices | True | Platform admin |
| Import errors per object from OIS on-prem | The number of import errors allowed per object when importing data from Enterprise Server to ODW. When set to 0, imports will fail on the first error. Set it to a positive number to enable imports to pass even if a number of errors are discovered. The entered value is the maximum number of errors allowed for each of the object types being imported (Account, Resource, and so on). Key: ODWImportErrorsPerObject | 0 | System admin |
| Maximum date on-prem | Enter a value to define the range of the Time dimension in Omada Identity Data Warehouse. The Time dimension is a reference for audit trail and trend reports. The setting should include any audit trail time and trend chart range. Key: ODWMaxDate | - | Platform admin |
| Minimum date on-prem | Enter a value to define the range of the Time dimension in Omada Identity Data Warehouse. The Time dimension is a reference for audit trail and trend reports. The setting should include any audit trail time and trend chart range. Key: ODWMinDate | - | Platform admin |
| Number of concurrent requests on-prem | Enter the maximum number of concurrent requests during export. If you set the value to 1, parallel export will be disabled. Key: ODWNumberOfConcurrentRequests | 10 | Platform admin |
| Maximum number of objects per request on-prem | Enter a number between 1 and 1000 to control the maximum number of objects that can be sent in a single request from ODW to ES. The import algorithm will dynamically choose the number of objects in each request, but these will not exceed the chosen configuration value. Key: ODWMaximumObjectsPerRequest | 200 | Platform admin |
| OLE task timeout on-prem | Enter the number of seconds for timeout for OLE DB components in data flow tasks. You must not set this to 0 in a production environment! Key: ODWOleDbTimeOut | 7200 | Platform admin |
Warehouse Post Processing
| Name | Description | Default value | Access rights |
|---|---|---|---|
| Access Unfolding Depth | Enter a number that defines how far you want to unfold access rights for identities. The default value is 1. This grants every identity access to itself and its immediate children. If you change it to 2, you grant identities access to children and grandchildren. In short, every increase of one number allows access to a further generation. If you set it to a high value, for example, 25, this unfolds the full hierarchy. Key: ODWAccessUnfoldingDepth | 1 | System admin |
Primary Identity Picker
| Name | Description | Default value | Access rights |
|---|---|---|---|
| Identity Picker Rules | Type a comma-separated list of the rules that Omada Identity Data Warehouse should evaluate. It can be one or more of the following rules: ValidFromTo, ActiveStatusValues, and SourceSystemNames. The names are not case-sensitive. The fallback rule applies if: you do not specify any values, the selected rules will result in more than one identity being selected. The fallback rule is to set the Identity with the lowest ObjectID (meaning the identity that was imported first into the data warehouse) to primary. Key: ODWIdentityPickerRules | ValidFromTo - it means that all rules that are valid as of now are included. So any Identity where ValidFrom < Now < ValidTo.ActiveStatusValuesSourceSystemNames | System admin |
| Rules Active Status Values | If you enter a value, any rows in which the identity status contains one of the values specified are included, for example, if the setting contains Active,Pending, it means that all rows with Active or Pending in the status column are included. The evaluation is not case-sensitive. Key: ODWRulesActiveStatusValues | - | System admin |
| Source System Names | If you enter a value to represent the name of a source system, the system then evaluates source systems in the order you have entered them, for example, if you enter GDB1, GDB2, this means that GDB1 has the highest priority and GDB2 has second priority. The system filters rows and sorts based on the order of source systems. Key: ODWSourceSystemNames | - | System admin |
Horizons feature enabled
With the Horizons feature enabled, the Primary Identity Picker customer settings are no longer available. They are replaced by the Identity merge feature.
Visible settings On-premises
Archiving
| Name | Description | Default value | Access rights |
|---|---|---|---|
| Archive version batch size | Number of object versions handled for each data object type per cycle. The value can be increased up to 30 000 for initial load scenarios. Key: ArchiveVersionBatchSize | 1000 | System admin |
| Maintenance archive delete after days | Delete objects versions in the archive after these amount of days. Key: MaintenanceArchiveDeleteAfterDays | 730 | System admin |
| Maintenance archive entries | Number of object versions deleted in each archive maintenance cycle. Key: MaintenanceArchiveEntries | 30 | System admin |
| Time lapse between long cycles | Enter or edit the number of seconds before the long running archiving cycle begins. Key: ArchiveTimerWaitCycleLong | 3600 | Platform admin |
| Time lapse between short cycles | Enter or edit the number of seconds before the normal archiving cycle begins. Key: ArchiveTimerWaitCycle | 60 | Platform admin |
Data Warehouse
| Name | Description | Default value | Access rights |
|---|---|---|---|
| Active Directory category ID | System category ID for Active Directory being used when running reports in Windows authentication Key: ActiveDirectoryCategoryID | AD | System admin |
| SSRS password | Encrypted password for the user which will be used to authenticate against SSRS when loading reports. Key: SSRSPassword | - | System admin |
| SSRS URL | The URL for the SQL Server Reporting Services Server (SSRS). Edit the Value field of a valid URL if you have installed the ODW Integration package. Key: SSRSURL | 0 | Platform admin |
| SSRS user name | User name for the user which will be used to authenticate against SSRS when loading reports. Key: SSRSUserName | - | System admin |
| Timeout when transferring data from warehouse to portal | Controls the maximum number of seconds that warehouse is waiting for a response from the portal before it will timeout. Key: ODWDataExchangeIdleTimeout | 600 | System admin |
Environment
| Name | Description | Default value | Access rights |
|---|---|---|---|
| Allow feature packages content modifications | When enabled, it is possible to modify and delete built-in objects and objects originating from feature packages Key: AllowFeaturePackageModifications | False | Platform admin |
| Configuration Mode | If you set this to True, you disable caching of configuration objects. If you set this to False, data objects, including objects related to environment configuration, will be cached and changes will not be reflected immediately. For more information, see the Caching section in this guide. Key: ConfigurationMode | False | Platform admin |
| Disable Full Text Index searching | If you set this to False, you enable the full-text search. Key: DisableFTISearch | True | Platform admin |
| Enable Configuration Logging | If you set this to True, you enable logging of configuration changes. This is important for transportation purposes. Key: EnabConfigChngLogng | False | System admin |
| Enable system event logging | If you set this to True, you enable generation of detailed logs for events related to governance, configuration, employment, and operations. Key: EnableSystemEventLogging | False | Platform admin |
| Execute timers in the System Users time zone | When this setting is set to True, it allows the timers to run in the time zone of the system user instead of UTC time. When the local time is shifted between Daylight Saving Time and Standard Time, this setting changes the moment in local time when the timers are executed. To change the time zone for the system, go to https://enterpriseserver/userdlg.aspx?U=1054 (the first part of the URL matches the URL of your system). Key: RunTimerInSysUserTZ | False | System admin |
| Full Text search with option hash join | Adds the OPTION (HASH JOIN) to the full text SQL search, to prevent time-outs and a CPU usage when executing global search queries with FullTextIndex (FTI). Key: FTIOptionHashJoin | False | System admin |
| Log when data objects are read by users? | If you set this to True, you enable logging of read/access data objects by users. Key: LogReadHistory | False | Platform admin |
| Maximum IDs in SQL WHERE clause | Setting to optimize the SQL query searches on a list of values. When the number of values exceeds the threshold defined in this setting, the statement is going from listing the values to a temporary JOIN table. Key: MaxIdsInWhereIn | 5 | System admin |
| OPS WCF Client Timeout (in minutes) | Set the timeout value for Windows Communication Foundation requests (in minutes). Key: OpsWcfTimeOut | 5 | System admin |
| SoD evaluation expiry days | The validity period for a violation evaluation. Key:SoDEvalExpDays | 180 | System admin |
| Timers with minimum period override | Comma separated list of timer names which can override default minimum period of 15 minutes. Key: TimerPeriodOverride Timers should be added carefully as they can impact system stability. | Empty | Platform admin |
| WebService Retry Policy Key | Enter the name of the policy to use a retry policy for Web Service calls. Key: WebServiceRetryPolicy | NoRetryPolicy | Platform admin |
| Validation of configuration in startup | If you set this to False, the validation of the CodeMethod configurations and Access Modifier configurations during startup is skipped. Key: ConfigValidationInAppStart | True | Platform admin |
Mail
| Name | Description | Minimum value | Maximum value | Default value | Access rights |
|---|---|---|---|---|---|
| Mail queue batch size | The number of messages in the queue processed per cycle. Key: MailQueueBatchSize | 1 | 30,000 | 10 | Platform admin |
| Mail queue delivery retries | The number of times a mail delivery is retried. The "retries counter" (also referred to as Mail queue delivery retries) indicates the number of attempts made to deliver a mail from the queue. Key: MailDeliveryNumberOfRetries | 0 | 10 | 1 | Platform admin |
| Mail queue delivery retry period | The period between a mail delivery retry (minutes). Key: MailDeliveryRetryPeriod | 1 | 1440 | 60 | Platform admin |
| Mail sender display name | The value of that setting will appear alongside the email address in the emails sent from the application to the users. Key: MailSenderName | - | - | Omada Identity Suite | System admin |
| Support email | If an error occurs and is displayed in the main screen area, you are provided with a link for reporting the error. Specify the email address that receives the error report. This is used with error.aspx. Key: SupportEmail | - | - | - | Platform admin |
| Support email (auto) | Some error reports are generated by the system without the user’s knowledge. The system generates some error reports without the user’s knowledge. Specify here an email address to which the system must automatically deliver these error report to. A practical solution can be to use a different email address for auto-generated error reports, instead of an email address that you use for regular support email. This allows you to distinguish between the types of support emails. This is used with global.aspx. Key: SupportEmailAuto This customer setting became deprecated in release 14.0.14. Convert it to use the MailQueue and the NotificationSettings configuration object. | - | - | - | Platform admin |
Microsoft SQL Server Integration Services
| Name | Description | Default value | Access rights |
|---|---|---|---|
| Execution user | Enter or paste the name of the user who runs ad-hoc imports. Key: SSISExecutionUser | - | Platform admin |
| Execution user password | Enter the password for the user who runs ad-hoc imports. You can use the string encryption tool to enter the encrypted password. Key: SSISExecutionUserPassword | - | Platform admin |
| Installation path | Enter the path on which you or your organization have installed Microsoft SSIS. Key: SSISInstallationPath | - | Platform admin |
| Servername | Enter the name of the server on which SSIS is running. Key: SSIServer | localhost | Platform admin |
| Use Kerberos | If you set this to True, you enable the use of Kerberos authentication on your system. Key: SSISUseKerberos | False | Platform admin |
Source System Data
| Name | Description | Default value | Access rights |
|---|---|---|---|
| Identities are uploaded to staging DB | If you set this to True, you enable all identities to be uploaded to the staging database. The system performs a number of validations when you upload access data. This setting affects only offline systems. Key: IdentitiesAreUploadedToStagingDB | - | Platform admin |
Tracing
| Name | Description | Default value | Access rights |
|---|---|---|---|
| Add call stack parameter to SQL queries | When enabled a call stack parameter is added to SQL queries. Key: AddCallStackSqlParam | False | Platform admin |
| Log web services execution time | Should only be used for tracing/debugging purposes. Key: LogWSExecTimes | False | Platform admin |
| Trace mode | In trace mode additional logging is turned on for ease of troubleshooting. Key: TraceMode | False | Platform admin |
| Track changes to provisioning claims? | When enabled it is logged when a provisioning claim is changed. Key: LogProvisioningClaims | False | Platform admin |
Website
| Name | Description | Default value | Access rights |
|---|---|---|---|
| Website Main Page | The main and starting page of the website. To use alternate starting page, enter the address for that alternate starting page here. Key: WebSiteMainPage | Main.aspx | Platform admin |
| Website URL | The full URL of the site, including the protocol and path, for example, https://www.omadaenterprise.com This URL is included in email templates as a reference URL. For security considerations, you may need to add the installation URL to your web browser local intranet zone. Key: WebSiteURL | http://enterpriseserver/ | Platform admin |
| Enable Activity Log | Enables writing logs to the dbo.tblActLog table. If this setting is enabled, logs are written to tblActLog table. If this setting is disabled, logs are not written to tblActLog table. If this setting is not defined, logs are written to tblActLog table. Key: EnableActivityLog Web request activity information is always written to the configured OIS logging targets, regardless of the EnableActivityLog customer setting. | true | Platform admin |
Other
| Name | Description | Default value | Access rights |
|---|---|---|---|
| License key | Contains the license key for . You can enter a new license key if you need to. You can see a more user-friendly breakdown of the license details in License view and update the license from there. Key: LicenseKey | - | Platform admin |
| Partner information | Enter any information that you want to show to the partner, for example Omada is your support partner Leave this field blank if you do not want to specify any information. Key: PartnerInformationMessage | - | Platform admin |
| Partner website | Enter or paste the URL of the partner’s website. Leave this field blank if you do not want to include this information. Key: PartnerInformationURL | - | Platform admin |
Hidden settings
In addition to the default customer settings available directly from the Customer Settings view, you can set various other customer settings if you want to. By default, these settings are not visible in the Omada Identity's user interface.
info
You should not change any of these settings unless you are absolutely sure that you need to change them. We recommend that you consult Omada’s support before you make any changes to these settings. For these settings, the most important element you need is the Key.
| Key | Description | Default |
|---|---|---|
AllowORExpressions | Allow or -expressions in data object filters. Note that such expressions are very resource-exhaustive for the system to run. | False |
AllowReqChValFlag | If you set this setting to True, you enable that the setting Requires Change Value appears on forms in the Omada Identity user interface. | False |
AllowViewHistory | If you set this to True, there is a History link on the context menu for a page (including dataobjlst.aspx). This setting provides access to reports containing historical information about the view. | False |
AllowViewPrint | If you set this to True, the Print command is available in the context menu for the page in dataobjlst.aspx. This allows printing from views. | False |
AllowWorkItemReject | If you set this to True, the user can select No when they review new work items. | True |
BrowsRegionOptions | Use this setting to take the regional options from the browser rather than from the User profile. | - |
BypassValidation | Allows users to click Apply without field validations. | False |
| CSVFormat | 0 = Normal format 1 = Repeat line for every reference/set property value For each multi-value reference property value or multi-value set property value, an additional line in the output containing the value appears. | 0 |
CustomHTMLTitle | Enable a custom HTML title for Omada Identity by using the customer setting CustomHTMLTitleinsert into tblcustomersetting ([key], name, description, valuestr, type)values('CustomHTMLTitle', 'Custom HTML Title', '', 'Identity and Access Portal', 0) | - |
DefaultAccountType | Specify the UID of an account type. Normally, the account type for a resource is specified on either the resource or resource folder object, but if the system cannot find any account types for a resource, it uses the DefaultAccountType instead. | - |
DisableAutoAppStringUpdate | Disables the automatic update of AppString. | - |
DisableOUPreDelete | If you set this to True, you disable the PreDelete application event, which moves child org units to the parent org unit for deleted org unit objects. | False |
EnableLangHelp | Enable language-specific help. | False |
EnforceOptimLock | Disable the optimistic lock on a data object save which validates that two users are not overwriting each other’s changes. You can disable the validation if the users do not edit the data object fields at the same time, for example, when using two different forms. | - |
EventMailMax | Specify the maximum number of emails that the system can send out at one time. | 50 |
ExecutedSystemUpdateActions | Executed system update actions | - |
FavIconPath | Enables a custom icon and specifies its path. | - |
FIMTypeNameLegacy | Enable the Omada Identity Management Agent for FIM to use the version 9 (and earlier) data object type names for resources, resource folders, resource types and more. The default value is False. | False |
FocusFirstFormFld | If you set this to False, you can prevent that the first form field is focused when opening the form. When focusing the first form field, the scroll state is sometimes not maintained. | - |
ForcemailSender | Enable those emails are always sent from the configured email sender address. Use this setting in situations where a particular user outside the mail system cannot send emails. In this case, the emails are always sent from the configured email sender’s address. | False |
FTISearchFiles | Enable searches in attached files when the full-text index search is enabled. | False |
HideActUsrGrpMember | Hide user group memberships in My Settings. | - |
HideActWorkItemLink | Hide active work item links in the data object’s dialog box. | False |
HideFormLabelMenu | If you set this setting to True, the context menu for labels in data object forms is hidden. | False |
HideIndexSectionImg | If you set this setting to True, the type image on proctmplindex.aspx and menuindex.aspx is hidden. | False |
HideLookupBtn | Hide the lookup icon for drop-down set properties. | False |
HideReassnPckMySlf | Hide the Pick Myself button on Activity reassign dialog box. | - |
IgnDispNameFormatMax | Enable the update of display names even if the limit has been exceeded. | - |
LicenseKey | Contains the license key for the Omada Identity. You can enter or paste a new license key if you need to. | - |
ListRightPadding | Right-padding in pixels in AppList grids. | 0 |
LockActInstAssnFld | If you set this to True, you cannot change the assignee after it is created. This is because the assignee field is locked on activitydlg.aspx when it displays an activity. | - |
LogIdenticalEntriesInSurveys | Do not delete old versions of log entries. By default, survey changes update the existing log entries: the previous log entry is deleted, and a new entry is created with the information from both the old and the new event. If a separate entry is needed every time the survey property (decision) is modified, the value should be changed to True. | False |
MailBcc | Send a copy of each email to a specified email address. | - |
MassUpdateObjects | Set the maximum number of data objects that you can mass update. By default, maximum number of objects allowed for mass update is 200. It can be changed in the Click event dialog box in Setup > Administration > User Interface > UI Actions > Mass****update in ES. | 500 |
MaxReportObjs | Set the maximum number of returned report objects. Used for dataobjprint.aspx, dataobjcsv.aspx, and dataobjpdf.aspx. A setting of 0 is unlimited, but for performance reasons, Omada does not recommend that you set the value at this number. This setting is similar to MaxListObjects, but it affects the report objects, that is, the number of objects returned when downloading from a view which is governed by MaxListObjects. After any changes to this setting, you must make an IISRESET. | 2000 |
NotifInactiveUsers | Disable notification emails for inactive users. | |
OISInstanceGUID | Unique ID for this Omada Identity instance | - |
SurveyPDFReportsLogo | Specify an alternate logo file for the Survey Question report. Place the file itself in the root of the Images folder. | Base64 encoded logo image |
PrcTmplDdlCritScr | If you set this to True, this setting adds a dropdown list for selection of process templates on the criteria search screen in process object views. | False |
PreventReassignActiveUser | If you set this to True, you enable a functionality to prevent users from reassigning activities to themselves. | False |
PreventReassignActiveUserAllowSysAdm | If you set this to True, you allow System administrators to be able reassign activities to themselves regardless of the PreventReassignActiveUser setting. | - |
PropWithLogLoadMode | You can load properties that have a log in one of four modes. * 0 shows the history formatted in the active user’s time zone. The default mode. * 1 shows the entire history formatted with UTC time zone and without boldface markup of the heading of each log entry. * 2 is on-demand mode, loading the entire history formatted as 0 on user click. * 3 loads all data object versions and formatting as 0. You can use this setting when there are many properties. | 0 |
ReqAdmRightToMailLog | Require administrator rights to the mail log. If this value is set to False, the UI actions for showing the mail log will be visible to everyone. All access to email log and sent emails should be handled using the Email log authorization element. For more details, read: Access to Email log. | True |
RequireChangeSet | Ensures that the system logs configuration changes in a changeset. If you set this to True, the system throws an exception if you make changes outside of the changeset. | False |
RoPEDefaultActualAccountType | Specify an account type to use for "actual state" calculated resource assignments (CRAs) when an actual assignment does not state an account type. | - |
RunTimerInSysUserTZ | If you set this to True, the timers run in the system user’s time zone. By default, timers run on the defined UTC time, which gives a deviation in the local time between summer time and winter time. | False |
ShowWorkItemVotingPanel | Hides or shows the voting panel in the work item’s dialog box normally shown for voting activities. You can enable this setting by creating a ValuebBool customer setting with the key ShowWorkItemVotingPanel with the value False.INSERT INTO [dbo].[tblCustomerSetting]([Key],[Name],[Description],[ValueBool],[Type],[Category])VALUES ('ShowWorkItemVotingPanel','Show Voting Panel','Show Voting Panel in the WorkItem dialog',0,0,'User Interface') | False |
SkipProcTmplIdxEnc | Specifies whether HTML encoding is skipped for the descriptions shown below each process template in proctmplindex.aspx. | False |
SkipWebSiteURLInitDl | If you set this to True, the core website URL is inserted without any initial dialog box when WebSiteURL is used in an email template. | False |
Solution | Specify the type of solution. 0 = Omada Enterprise (not used) 1 = Omada Identity | 1 |
SuppressSaveWarning | This setting suppresses the save data object warning while uploading a file to an unsaved data object. If you set this setting to True, the data object is saved automatically before uploading a file. | False |
SurveysWithDisabledPartialSubmit | Specify UIDs for survey templates where submitting partially answered surveys should be disabled. | - |
TraceEventExecutionTime | If set to True, a trace is written to the tblEventLog with the execution time of every application event handler. It can be used to find expensive event handlers. | False |
TraceEventOnEntry | If set to True, a trace of the method name and method arguments is written into tblEventLog before entering the event handler method. | False |
UnresolvedIdentityId | Specify the UID of the Unresolved identity. In RoPE, all accounts that do not have a Confirmed ownership are calculated as belonging to the unresolved identity. | - |
UpdateOwnIdentityProperties | Properties that end-users can update on their own identity. | - |
UseAuthLevels | If you set this setting to True, the Auth level setting is displayed in the user group view. | False |
UseProcDisNm | Specify whether to use the display name or the NameMultiLang property in a view when you display FixedField.Process. | False |
UseTransferProcessV2 | You can switch to the new survey-based transfer process by setting it to True. In addition to change the customer setting, you need to enable the new event definition that launches the transfer process and disable the old Launch Transfer identity process event definition. | False |
ViewFilterWildcard | Decide if a right-side wildcard should be applied to filter expressions for text properties passed to a view using the query string, the FILTEREXPRS parameter. This only affects the criteria screen, DataObjViewCrit.aspx. | - |
WIFormTitleName | Use the activity name in the form header instead of the description. | - |
DefaultValidityForAccessRequest | Defines the default validity in days for access request and extend request in new UI (-1= unlimited). Key: DefaultValidityForAccessRequest | 30 |