User interface properties - CustomerID

autocomplete.invite.userinformation

This property defines whether to retrieve the user information of activated existing users in the role invitation process. There are two possible values:

  • true: User information is retrieved.
  • false: User information is not retrieved.

Default is true.

Example:

autocomplete.invite.userinformation = false


autocomplete.invite.userinformation.restricted

This property defines whether the restricted version of user information retrieval will be used. The restricted version requires that the user has the organization main user role in the same or parent organization of the user that has been retrieved by the search. There are two possible values:

  • true: Restricted retrieval is used.
  • false: Retrieval has no restrictions.

Default is true.
Example:

autocomplete.invite.userinformation.restricted = true

autocomplete.organizationlist

This property defines whether to use the input auto-completion feature in organization lists. There are two possible values:

  • true: Auto-complete feature is on.
  • false: Auto-complete feature is off.

Default is true.
Example:

autocomplete.organizationlist = false

autocomplete.organizationlist.restricted

This property defines whether to use the autocomplete version that restricts access depending on the user's roles. The restricted version only shows the user the organizations in which the user has a role, as well as the organizations' parent organizations, the parents' parent organizations, and so on, all the way to the top-level organization. There are two possible values:

  • true: Restricted retrieval is used.
  • false: Retrieval has no restrictions.

Default is false.
Example:

autocomplete.organizationlist.restricted = false

roleinvite.registration

This property defines the registration type role invite is using.
Default is person.
Example:

roleinvite.registration = organization

roleinvite.receiver.approval

This property defines whether role invitations should be approved by the invitee or come effective automatically. There are two possible values:

  • true: Role receiver must approve the role.
  • false: Role is received without the need for the receiver to approve it.

Default is true.
Example:

roleinvite.receiver.approval = true

passwordrecovery.enabled

This property defines if password recovery is possible. There are two possible values:

  • true: Password recovery is possible.
  • false: Password recovery is not possible.

Default is true.
Example:

passwordrecovery.enabled = true

password.reset.email.enabled

This property defines if an email based password reset is possible. There are two possible values:

  • true: Password reset is possible.
  • false: Password reset is not possible.

Default is true.
Example:

password.reset.email.enabled = true

admin.user.edit.strong-authentication

This property defines if strong authentication is required for the administrative user to edit other users in the administrative service. There are two possible values:

  • true: Strong authentication is required.
  • false: Strong authentication is not required.

Default is false.
Example:

admin.user.edit.strong-authentication = false


In organization's approval page it is possible to list approvals from current organization or list approvals from this and sub-organizations. This property defines if this selection is shown. There are two possible values:

  • true: Selection option is shown.
  • false: Selection option is not shown.

Default is false.
Example:

admin.approvals.recursive.selection = false

admin.approvals.recursive.selection.default

In organization's approval page it is possible to list approvals from current organization or list approvals from this and sub-organizations. This property defines if sub-organization approvals are shown by default. There are two possible values:

  • true: Sub-organization approvals are shown by default.
  • false: Sub-organization approvals are not shown by default.

Default is false.
Example:

admin.approvals.recursive.selection = false

ui.selfservice.roles.workflows

This property defines numbers pointing to protection configurations (defined in protection.properties) that give the logged in user the possibility to request new predefined roles via self-service. The order in which they are listed below also defines the order in the corresponding user interface if more than one is defined. Numbers are delimited by commas. Giving an empty value disables the request predefined roles feature.
More information concerning defining protection configurations can be found from page Protection URL configuration - CustomerID.
Default is <not set>.
Example:

ui.selfservice.roles.workflows = 1, 3

ui.user.search.attribute.names

This property allows restricting which user attributes can be searched for in different contexts. In See also ui.user.search.strategy for performance considerations. Itis also possible to add custom attributes to this list. A shorter list is better for performance. A longer list is better for getting results based on different attribute values.
Default is firstname, surname, email, mobile

Example:

ui.user.search.attribute.names = firstname, surname, email, mobile, ssn, locale, owncustomattribute

ui.user.search.strategy

This property defines which strategy customerid uses to join the custom attributes. If custom attributes are not configureed in ui.user.search.attribute.names, then this setting is irrelevant. There are three possible alternatives that may be used in conjunction with PostgreSQL tuning to get the best performance:

left_join

This is the default setting. This is adequate for smaller databases. With large databases this strategy may not perform adequetely fast.

inner_join

This strategy may perform better for some data sets, but it will have to be performed two times in the event that that there are users without custom attributes, so there will be additional network cost.

subquery

This strategy has the potential for the best performance in large databases, but it requires that at least PostgreSQL's work_mem settings are tuned in postgresql.conf file. In our tests we used the value of 32MB for the work_mem setting.

Default is left_join.
Example:

ui.user.search.strategy = subquery

createuser.workflows

This property defines the names of the workflows which can be used with the create user wizard. The order in which they are listed also defines the order in the corresponding user interface if more than one is defined. Giving an empty value disables the create user feature.
More information concerning defining create user workflows can be found from page Create user workflow configuration - CustomerID.
Valid values:

  • The names given should point to registration names. So any values given in registration.N properties can be used here.

Default is <not set>.
Example:

createuser.workflows = createuser

ui.createuser.location

This property defines the location of the create user functionality. It can either be located in the general Users tab or in the Users tab under an organization. There are two possible values:

  • general: The create user functionality is located in the general Users tab.
  • organization: The create user functionality is located in the organizations Users tab.

An unknown value disables the create user functionality.
Default is general.
Example:

ui.createuser.location = general

ui.createuser.roleadd.enabled

This property defines if additional roles can be added in the create user wizard. The roles defined in the used registration configuration will still be added to the user. There are two possible values:

  • true: Additional roles can be added.
  • false: Additional roles cannot be added.

Default is true.
Example:

ui.createuser.roleadd.enabled = true

selfservice.rolerequest.homeorganization.only

This property defines if roles can only be requested from the user's home organization. There are two possible values:

  • true: Allow role requests only from the user's home organization.
  • false: Allow role requests based on permission settings.

Default is true.
Example:

selfservice.rolerequest.homeorganization.only = true

selfservice.rolerequest.listtype

This property defines the role list type, which guides the selection of roles that can be requested. Valid values are:

  • blacklist: Roles defined in the role list cannot be requested
  • whitelist: Roles defined in the role list are the only ones that can be requested

Default is blacklist.
Example:

selfservice.rolerequest.listtype = blacklist

selfservice.rolerequest.rolelist

This property defines a comma-separated role list that guides the selection of requestable roles.
Default is <not set>.
Example:

selfservice.rolerequest.rolelist = Role1, Role2, Role3, Role6

addrole.A

This property defines if and how a role addition is approved. This configuration only affects role additions performed by a direct role addition operation. This configuration does not affect those situations where the role is assigned to the user as a side effect of a larger operation like for example during a workflow or a backend response handling.
Default is <not set>.
Example:

addrole.A = default

The example below would ask the receiver of the role to approve the receival of the role.

addrole.A.1 = self

The example below would send approvals of role additions related to organization type default to the approvers of the organization where the role is in.

addrole.A.1 = approver

The example below would send approvals of role additions related to organization type default to the approvers of the Company/InternalUsers organization.

addrole.A.1 = approver Company/InternalUsers

organization.label.show

This property defines the organization types that are displayed in the user information list under the organization header in self-service. If this property has not been defined, all organizations the user belongs to are listed.
Default is <not set>.
Example:

organization.label.show = Yhdistys, yritysasiakas

user.registered.changepassword.required

This property defines if a registered/added user must change his or her password when accepted. There are two possible values:

  • true: The registered/added user must change his or her password.
  • false: The registered/added user does not have to change his or her password.

Default is false.
Example:

user.registered.changepassword.required = true

user.self.unremovable.roles

This property defines a list of roles that the user cannot remove themselves from when using the self-service user interface. Other users (and the user herself when using the admin user interface) can still remove these roles from the user if they have the required permissions. The listed roles cannot be removed in any organization.
Default is <not set>.
Example:

user.self.unremovable.roles = OrganizationMainUser

user.self.unremovable.roles.{organizationtype}

This property defines a list of roles that the user cannot remove themselves from when using the self-service user interface. Other users (and the user herself when using the admin user interface) can still remove these roles from the user if they have the required permissions. The listed roles cannot be removed when in the organization with the given organization type.
Default is <not set>.
Example: Users cannot remove themselves from the OrganizationAdmin role if the role is in an organization with organization type henkiloasiakas.

user.self.unremovable.roles.henkiloasiakas = OrganizationAdmin

ui.role.invite.userinfo.fields

This property defines those user info fields that are present in role invitations. Possible values are the same as in registration user input fields. However acceptTerms field cannot be used. There is also one extra field that can be used only in role invitations: storingorganization.
Default is firstname, surname.
Example:

ui.role.invite.userinfo.fields = firstname, surname, mobile

ui.role.invite.userinfo.optional

This property defines those user info fields that are optional in the role invitation.
Default is <not set>.
Example:

ui.role.invite.userinfo.optional = mobile

ui.role.invite.userinfo.disabled

This property defines those user info fields that are disabled in the role invitation.
Default is <not set>.
Example:

ui.role.invite.userinfo.disabled = ssn

ui.role.invite.message.enabled

This property whether inviting user can add a personalized message to role invites.
Default is true. 
Example:

ui.role.invite.message.enabled = false

ui.support.organization.categories

This property defines if organization listings are categorized or not. Categorization has a negative effect on performance. There are two possible values:

  • true: Categorization is used.
  • false: Categorization is now used.

Default is true.
Example:

ui.support.organization.categories = true

ui.organization.listing.limit

This property defines the maximum number of organizations that will be presented in listings without requiring confirmation.
Default is 100.
Example:

ui.organization.listing.limit = 100

ui.selfservice.userinfo.fields.order

This property defines the fields and the order of those user info fields that are present in the user's self-service view.
Default is firstname, surname, login, email, mobile, ssn.
Example:

ui.selfservice.userinfo.fields.order = firstname, surname, login, email, mobile, ssn

ui.admin.userinfo.fields.order

This property defines the fields and the order of those user info fields that are present in the administrator's user interface.
Default is firstname, surname, login, email, mobile, ssn.
Example:

ui.admin.userinfo.fields.order = firstname, surname, login, email, mobile, ssn

ui.admin.organizationinfo.fields.order

This property defines the fields and the order of those organization info fields that are present in the administrator's organization view. There are three built-in values that can be used:

  • friendlyname: Shows the friendly name of the organization.
  • technicalname: Shows the technical name of the organization.
  • type: Shows the organization type of the organization (was previously called "class").

You may also use any custom attributes that have been defined for the organization.
Default is friendlyname, technicalname, type.
Example:

ui.admin.organizationinfo.fields.order = technicalname, friendlyname

ui.admin.approvalinfo.fields.order

This property defines the fields and the order of those user info fields that are present in the administrator's user approval view.

This extra field can be used in approval fields: tupasname
If organization attributes are used in approval workflows they can be used here with the organization.-prefix
Default is firstname, surname, email, mobile, login, ssn, tupasname.
Example:

ui.admin.approvalinfo.fields.order = firstname, surname, email, mobile, login, ssn, tupasname, customerid

ui.admin.approvalinfo.fields.required

This property defines the fields and the order of those user info fields that are required in the administrator's user approval view.
Default is <empty>.
Example:

ui.admin.approvalinfo.fields.required = customerid

ui.organization.roles.recursive

This property defines if sub-organization roles are listed in organization's roles page. This selection affects to all organizations in the system. There are two possible values:

  • true: Sub-organization roles are also shown.
  • false: Only direct roles are shown

Default is false.
Example:

ui.organization.roles.recursive = true

ui.show.poweredby

This property defines if the Powered By text is shown in the user interface or not. There are two possible values:

  • true: Powered By text is shown in the user interface.
  • false: Powered By text is not shown in the user interface.

Default is true.
Example:

ui.show.poweredby = true