User interface properties - CustomerID
autocomplete.invite.userinformation
This property defines whether to retrieve the user information of activated existing users in the role invitation process. There are two possible values:
true
: User information is retrieved.false
: User information is not retrieved.
Default is true
.
Example:
autocomplete.invite.userinformation = false
autocomplete.invite.userinformation.restricted
This property defines whether the restricted version of user information retrieval will be used. The restricted version requires that the user has the organization main user role in the same or parent organization of the user that has been retrieved by the search. There are two possible values:
true:
Restricted retrieval is used.false:
Retrieval has no restrictions.
Default is true.
Example:
autocomplete.invite.userinformation.restricted = true
autocomplete.organizationlist
This property defines whether to use the input auto-completion feature in organization lists. There are two possible values:
true:
Auto-complete feature is on.false:
Auto-complete feature is off.
Default is true.
Example:
autocomplete.organizationlist = false
autocomplete.organizationlist.restricted
This property defines whether to use the autocomplete version that restricts access depending on the user's roles. The restricted version only shows the user the organizations in which the user has a role, as well as the organizations' parent organizations, the parents' parent organizations, and so on, all the way to the top-level organization. There are two possible values:
true:
Restricted retrieval is used.false:
Retrieval has no restrictions.
Default is false
.
Example:
autocomplete.organizationlist.restricted = false
roleinvite.registration
This property defines the registration type role invite is using.
Default is person.
Example:
roleinvite.registration = organization
roleinvite.receiver.approval
This property defines whether role invitations should be approved by the invitee or come effective automatically. There are two possible values:
true:
Role receiver must approve the role.false:
Role is received without the need for the receiver to approve it.
Default is true.
Example:
roleinvite.receiver.approval = true
passwordrecovery.enabled
This property defines if password recovery is possible. There are two possible values:
true:
Password recovery is possible.false:
Password recovery is not possible.
Default is true.
Example:
passwordrecovery.enabled = true
password.reset.email.enabled
This property defines if an email based password reset is possible. There are two possible values:
true:
Password reset is possible.false:
Password reset is not possible.
Default is true.
Example:
password.reset.email.enabled = true
admin.user.edit.strong-authentication
This property defines if strong authentication is required for the administrative user to edit other users in the administrative service. There are two possible values:
true:
Strong authentication is required.false:
Strong authentication is not required.
Default is false.
Example:
admin.user.edit.strong-authentication = false
In organization's approval page it is possible to list approvals from current organization or list approvals from this and sub-organizations. This property defines if this selection is shown. There are two possible values:
true:
Selection option is shown.false:
Selection option is not shown.
Default is false.
Example:
admin.approvals.recursive.selection = false
admin.approvals.recursive.selection.default
In organization's approval page it is possible to list approvals from current organization or list approvals from this and sub-organizations. This property defines if sub-organization approvals are shown by default. There are two possible values:
true:
Sub-organization approvals are shown by default.false:
Sub-organization approvals are not shown by default.
Default is false.
Example:
admin.approvals.recursive.selection = false
ui.selfservice.roles.workflows
This property defines numbers pointing to protection configurations (defined in protection.properties
) that give the logged in user the possibility to request new predefined roles via self-service. The order in which they are listed below also defines the order in the corresponding user interface if more than one is defined. Numbers are delimited by commas. Giving an empty value disables the request predefined roles feature.
More information concerning defining protection configurations can be found from page Protection URL configuration - CustomerID.
Default is <not set>
.
Example:
ui.selfservice.roles.workflows = 1, 3
ui.user.search.attribute.names
This property allows restricting which user attributes can be searched for in different contexts. In See also ui.user.search.strategy for performance considerations. Itis also possible to add custom attributes to this list. A shorter list is better for performance. A longer list is better for getting results based on different attribute values.
Default is firstname, surname, email, mobile
Example:
ui.user.search.attribute.names = firstname, surname, email, mobile, ssn, locale, owncustomattribute
ui.user.search.strategy
This property defines which strategy customerid uses to join the custom attributes. If custom attributes are not configureed in ui.user.search.attribute.names, then this setting is irrelevant. There are three possible alternatives that may be used in conjunction with PostgreSQL tuning to get the best performance:
left_join
This is the default setting. This is adequate for smaller databases. With large databases this strategy may not perform adequetely fast.
inner_join
This strategy may perform better for some data sets, but it will have to be performed two times in the event that that there are users without custom attributes, so there will be additional network cost.
subquery
This strategy has the potential for the best performance in large databases, but it requires that at least PostgreSQL's work_mem
settings are tuned in postgresql.conf
file. In our tests we used the value of 32MB for the work_mem
setting.
Default is left_join
.
Example:
ui.user.search.strategy = subquery
createuser.workflows
This property defines the names of the workflows which can be used with the create user wizard. The order in which they are listed also defines the order in the corresponding user interface if more than one is defined. Giving an empty value disables the create user feature.
More information concerning defining create user workflows can be found from page Create user workflow configuration - CustomerID.
Valid values:
- The names given should point to registration names. So any values given in registration.N properties can be used here.
Default is <not set>
.
Example:
createuser.workflows = createuser
ui.createuser.location
This property defines the location of the create user functionality. It can either be located in the general Users tab or in the Users tab under an organization. There are two possible values:
- general: The create user functionality is located in the general Users tab.
- organization: The create user functionality is located in the organizations Users tab.
An unknown value disables the create user functionality.
Default is general.
Example:
ui.createuser.location = general
ui.createuser.roleadd.enabled
This property defines if additional roles can be added in the create user wizard. The roles defined in the used registration configuration will still be added to the user. There are two possible values:
true:
Additional roles can be added.false:
Additional roles cannot be added.
Default is true.
Example:
ui.createuser.roleadd.enabled = true
selfservice.rolerequest.homeorganization.only
This property defines if roles can only be requested from the user's home organization. There are two possible values:
true:
Allow role requests only from the user's home organization.false:
Allow role requests based on permission settings.
Default is true.
Example:
selfservice.rolerequest.homeorganization.only = true
selfservice.rolerequest.listtype
This property defines the role list type, which guides the selection of roles that can be requested. Valid values are:
blacklist:
Roles defined in the role list cannot be requestedwhitelist:
Roles defined in the role list are the only ones that can be requested
Default is blacklist.
Example:
selfservice.rolerequest.listtype = blacklist
selfservice.rolerequest.rolelist
This property defines a comma-separated role list that guides the selection of requestable roles.
Default is <not set>
.
Example:
selfservice.rolerequest.rolelist = Role1, Role2, Role3, Role6
addrole.A
This property defines if and how a role addition is approved. This configuration only affects role additions performed by a direct role addition operation. This configuration does not affect those situations where the role is assigned to the user as a side effect of a larger operation like for example during a workflow or a backend response handling.
Default is <not set>.
Example:
addrole.A = default
The example below would ask the receiver of the role to approve the receival of the role.
addrole.A.1 = self
The example below would send approvals of role additions related to organization type default to the approvers of the organization where the role is in.
addrole.A.1 = approver
The example below would send approvals of role additions related to organization type default to the approvers of the Company/InternalUsers organization.
addrole.A.1 = approver Company/InternalUsers
organization.label.show
This property defines the organization types that are displayed in the user information list under the organization header in self-service. If this property has not been defined, all organizations the user belongs to are listed.
Default is <not set>.
Example:
organization.label.show = Yhdistys, yritysasiakas
user.registered.changepassword.required
This property defines if a registered/added user must change his or her password when accepted. There are two possible values:
true:
The registered/added user must change his or her password.false:
The registered/added user does not have to change his or her password.
Default is false.
Example:
user.registered.changepassword.required = true
user.self.unremovable.roles
This property defines a list of roles that the user cannot remove themselves from when using the self-service user interface. Other users (and the user herself when using the admin user interface) can still remove these roles from the user if they have the required permissions. The listed roles cannot be removed in any organization.
Default is <not set>.
Example:
user.self.unremovable.roles = OrganizationMainUser
user.self.unremovable.roles.{organizationtype}
This property defines a list of roles that the user cannot remove themselves from when using the self-service user interface. Other users (and the user herself when using the admin user interface) can still remove these roles from the user if they have the required permissions. The listed roles cannot be removed when in the organization with the given organization type.
Default is <not set>.
Example: Users cannot remove themselves from the OrganizationAdmin role if the role is in an organization with organization type henkiloasiakas.
user.self.unremovable.roles.henkiloasiakas = OrganizationAdmin
ui.role.invite.userinfo.fields
This property defines those user info fields that are present in role invitations. Possible values are the same as in registration user input fields. However acceptTerms field cannot be used. There is also one extra field that can be used only in role invitations: storingorganization.
Default is firstname,
surname.
Example:
ui.role.invite.userinfo.fields = firstname, surname, mobile
ui.role.invite.userinfo.optional
This property defines those user info fields that are optional in the role invitation.
Default is <not set>.
Example:
ui.role.invite.userinfo.optional = mobile
ui.role.invite.userinfo.disabled
This property defines those user info fields that are disabled in the role invitation.
Default is <not set>.
Example:
ui.role.invite.userinfo.disabled = ssn
ui.role.invite.message.enabled
This property whether inviting user can add a personalized message to role invites.
Default is true.
Example:
ui.role.invite.message.enabled = false
ui.support.organization.categories
This property defines if organization listings are categorized or not. Categorization has a negative effect on performance. There are two possible values:
true:
Categorization is used.false:
Categorization is now used.
Default is true.
Example:
ui.support.organization.categories = true
ui.organization.listing.limit
This property defines the maximum number of organizations that will be presented in listings without requiring confirmation.
Default is 100.
Example:
ui.organization.listing.limit = 100
ui.selfservice.userinfo.fields.order
This property defines the fields and the order of those user info fields that are present in the user's self-service view.
Default is firstname, surname, login, email, mobile, ssn.
Example:
ui.selfservice.userinfo.fields.order = firstname, surname, login, email, mobile, ssn
ui.admin.userinfo.fields.order
This property defines the fields and the order of those user info fields that are present in the administrator's user interface.
Default is firstname, surname, login, email, mobile, ssn.
Example:
ui.admin.userinfo.fields.order = firstname, surname, login, email, mobile, ssn
ui.admin.organizationinfo.fields.order
This property defines the fields and the order of those organization info fields that are present in the administrator's organization view. There are three built-in values that can be used:
friendlyname:
Shows the friendly name of the organization.technicalname:
Shows the technical name of the organization.type:
Shows the organization type of the organization (was previously called "class").
You may also use any custom attributes that have been defined for the organization.
Default is friendlyname, technicalname, type.
Example:
ui.admin.organizationinfo.fields.order = technicalname, friendlyname
ui.admin.approvalinfo.fields.order
This property defines the fields and the order of those user info fields that are present in the administrator's user approval view.
This extra field can be used in approval fields: tupasname
If organization attributes are used in approval workflows they can be used here with the organization.-prefix
Default is firstname, surname, email, mobile, login, ssn, tupasname.
Example:
ui.admin.approvalinfo.fields.order = firstname, surname, email, mobile, login, ssn, tupasname, customerid
ui.admin.approvalinfo.fields.required
This property defines the fields and the order of those user info fields that are required in the administrator's user approval view.
Default is <empty>.
Example:
ui.admin.approvalinfo.fields.required = customerid
ui.organization.roles.recursive
This property defines if sub-organization roles are listed in organization's roles page. This selection affects to all organizations in the system. There are two possible values:
true:
Sub-organization roles are also shown.false:
Only direct roles are shown
Default is false.
Example:
ui.organization.roles.recursive = true
ui.show.poweredby
This property defines if the Powered By text is shown in the user interface or not. There are two possible values:
true:
Powered By text is shown in the user interface.false:
Powered By text is not shown in the user interface.
Default is true.
Example:
ui.show.poweredby = true