MasterSettingKey Fields

If provided it will enable Application Insights logging for frontend

Should the Application Insights logging be enabled?

The application version. This is the major/minor version of the application and should not be changed!. The build version (such as 76.02.0.0) is not written here, but can be found on the application’s About screen. (Not visible in Customer Settings.)

DbVer - Database Patch Version. This is set to the SQL server patch version. This value is set during installation and should not be changed. The version will be updated for every SQL script change.

Enable anonymous access to mobile survey approval page

Enable the SignalR ServiceBus Scale out feature. Connection string taken from master setting SignalRServiceBusConnctionString

Enable the SignalR SQL Scale out feature. The Enterprise server SQL database is used as the backend.

Event Hub connection string. The string can be encrypted.

Enable history tracking?

The master setting can be populated with system names of Identity properties which can be used as used names when logging on to the ES. The list is comma-separated. For CIAM the value can be LIVEID,GOOGLEID,FACEBOOKID,LINKEDINID

Is the environment an OIS SaaS environment?

When LockMode is set to 1, all data object save operations are serialized which will decrease the scalability and decrease the probability of a deadlock.

Maximum number of failed logon attempts using the ES password before the user is inactivated

Maximum number of days between an ES authentication password change

Comma separated list of claim types to search for in a JWT token to derive the username. The first one with a value will be returned. For AzureAD v1 it should be "upn" for users from the directory and "email" for liveid users. For Google it should be "email".

The name of the the OpenID state cookie.

Days before the password expiry where we issue a warning after logging on

Enable the password reset client for Active Directory

Enable the password reset client for Azure AD

Enable the password reset client for ES Basic Authentication

Enable the password reset client for FIM

Enable the password reset client for LDAP

Enable the password reset client for OPS

When set to True, the the qualified user name "domainname\username", for instance DOM01\cso. If the authentication system presents the username as an email address, the username is transformed to the legacy format

Can optionally be configured with a URL to an index page which will replace the main.aspx page.

The NameID format in the SAML request. For AzureAD it should be "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" For ForgeRock it should be "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" For PingFederate and Okta it can be one or the other.

The name of the the SAML request id cookie.

The session cookie is by default required to be secure, i.e. must be transported on SSL In development, demo and test environments it can be ok to run insecure session cookies although the session can then be hijacked with network sniffing.

The name of the the session cookie.

SignalR ServiceBus connection string. The string can be encrypted.

When set to false, the OIM performance counters are not initialized. Can improve the startup time of the OIM windows services.

TempDir Temporary Directory. Set through the Omada Enterprise Configuration tool. The ASP.NET User should have read access to this folder. Omada recommends using C:\omadaent_temp.

Use Cloud Application Gateway

Enables verification of web request source origin