title: Configuration Reference category: Administration tags: configuration, settings, reference, system, advanced priority: Normal
Configuration Reference
This is the complete reference for all configuration sections available in the IdentityCenter Configuration Center at /admin/configuration. Each section controls a specific aspect of the application's behavior.
Accessing the Configuration Center
- Log in as an administrator
- Navigate to Administration > Configuration
- Select the configuration section from the sidebar
Important: Changes to most settings take effect immediately. Some settings (such as database and security changes) may require an application restart.
GeneralSettings
Controls the application's display and regional preferences.
| Setting | Description | Default | Example |
|---|---|---|---|
| Application Name | Display name shown in the header and emails | IdentityCenter |
Contoso IdentityCenter |
| Timezone | Default timezone for date/time display | UTC |
Eastern Standard Time |
| Date Format | Date display format | yyyy-MM-dd |
MM/dd/yyyy |
| Time Format | Time display format | HH:mm:ss |
hh:mm tt |
| DateTime Format | Combined date and time format | yyyy-MM-dd HH:mm:ss |
MM/dd/yyyy hh:mm tt |
| Default Page Size | Number of items per page in data grids | 25 |
50 |
| Company Name | Organization name used in emails and reports | (empty) | Contoso Ltd |
| Support Email | Contact email shown in notifications | (empty) | support@company.com |
DatabaseSettings
Manages database connection and optimization parameters.
| Setting | Description | Default | Notes |
|---|---|---|---|
| Connection String | SQL Server connection string | Set during installation | Contains server, database, and auth info |
| Command Timeout | Default query timeout in seconds | 30 |
Increase for large datasets |
| Enable Optimization | Automatic index maintenance | true |
Managed by DatabaseOptimizationService |
| Optimization Schedule | When auto-optimization runs | Weekly | Cron expression for Quartz.NET |
| Statistics Update | Auto-update query statistics | true |
Helps query optimizer performance |
| Max Retry Count | Retries for transient DB errors | 3 |
Uses exponential backoff |
Tip: The connection string is set during initial setup via the QuickConfig wizard. To change it later, update the value here and restart the application. See Performance Tuning for connection pool optimization.
SecuritySettings
Controls authentication, authorization, and access security.
| Setting | Description | Default | Recommendation |
|---|---|---|---|
| Password Minimum Length | Minimum password characters | 8 |
12 or higher |
| Require Uppercase | At least one uppercase letter | true |
Keep enabled |
| Require Lowercase | At least one lowercase letter | true |
Keep enabled |
| Require Digit | At least one number | true |
Keep enabled |
| Require Special Character | At least one special character | true |
Keep enabled |
| Session Timeout | Idle session expiration (minutes) | 30 |
15-60 depending on environment |
| Max Login Attempts | Failed attempts before lockout | 5 |
3-5 for high security |
| Lockout Duration | Account lockout time (minutes) | 15 |
15-30 |
| Enable MFA | Multi-factor authentication | false |
Enable for production |
| MFA Provider | MFA method (TOTP, email, etc.) | TOTP |
TOTP is most reliable |
| Remember Me Duration | Persistent login cookie (days) | 14 |
0 to disable |
| Force Password Change | Require change on first login | true |
Keep enabled |
Password Policy Examples
| Environment | Length | Complexity | Lockout |
|---|---|---|---|
| Development | 6 | Minimal | 10 attempts |
| Standard | 8 | All types | 5 attempts, 15 min |
| High Security | 14 | All types + history | 3 attempts, 30 min |
EmailSettings
Configures SMTP connectivity and email behavior. See Email Configuration for detailed setup instructions.
| Setting | Description | Default | Notes |
|---|---|---|---|
| SMTP Server | Mail server hostname | (empty) | Required for email functionality |
| SMTP Port | Port number | 587 |
587 (TLS), 465 (SSL), 25 (plain) |
| Use TLS | Enable TLS encryption | true |
Always enable for production |
| SMTP Username | Authentication username | (empty) | Often the From address |
| SMTP Password | Authentication password | (empty) | Stored encrypted |
| From Address | Default sender email | (empty) | noreply@company.com |
| From Display Name | Sender display name | IdentityCenter |
Appears in recipient's inbox |
| Max Emails Per Hour | Rate limit (hourly) | 100 |
Match provider limits |
| Max Emails Per Day | Rate limit (daily) | 1000 |
Match provider limits |
| Max Retries | Delivery retry attempts | 3 |
For transient failures |
| Retry Interval | Minutes between retries | 15 |
Exponential backoff |
LoggingSettings
Controls log verbosity, retention, and forwarding.
| Setting | Description | Default | Notes |
|---|---|---|---|
| Default Log Level | Minimum level for all components | Information |
Set to Debug only for troubleshooting |
| Retention Days | How long to keep log entries | 30 |
30-90 for production |
| Max Log Entries | Maximum stored entries | 100000 |
Auto-purges oldest when exceeded |
| Enable External Forwarding | Send logs to external system | false |
For SIEM integration |
| External Endpoint | Syslog/HTTP endpoint URL | (empty) | Your SIEM ingestion URL |
| External Format | Log format for forwarding | JSON |
JSON or Syslog |
Per-Component Log Levels
Override the default level for specific components:
| Component | Recommended Production Level | Debug Level |
|---|---|---|
SyncProjectOrchestrator |
Information | Debug |
DirectoryQueryService |
Warning | Debug |
DatabaseOptimizationService |
Information | Debug |
EmailQueueProcessingJob |
Information | Debug |
LlmService |
Warning | Debug |
ChatHub |
Warning | Debug |
Microsoft.AspNetCore |
Warning | Information |
Microsoft.EntityFrameworkCore |
Warning | Information |
See Log Analysis & Diagnostics for guidance on using logs effectively.
ChatAISettings
Configures the AI-powered chat assistant and intelligence features.
| Setting | Description | Default | Notes |
|---|---|---|---|
| LLM Provider | AI service provider | Anthropic |
Currently supported: Anthropic |
| API Key | Provider API key | (empty) | Required for AI features |
| Model | LLM model identifier | claude-sonnet-4-20250514 |
Balance of speed and quality |
| Temperature | Response randomness (0.0-1.0) | 0.3 |
Lower = more deterministic |
| Max Tokens | Maximum response length | 4096 |
Increase for longer responses |
| Enable Chat | Enable the ChatHub feature | true |
Requires valid API key |
| Enable Insights | Enable AI-powered insights | true |
ContextualInsightService |
| Streaming Enabled | Stream responses in real-time | true |
Better user experience |
| RAG Enabled | Retrieval-augmented generation | true |
Grounds responses in your data |
Note: The Anthropic API version used is
2023-06-01. The API key is stored encrypted and is never displayed in the UI after saving.
IdentityProviderSettings
Configures external identity providers for single sign-on.
| Setting | Description | Default | Notes |
|---|---|---|---|
| Enable SSO | Allow external authentication | false |
Enable to use SAML/OIDC |
| Provider Type | Protocol type | (none) | SAML 2.0 or OpenID Connect |
| Entity ID | Service provider identifier | (auto-generated) | Your app's SAML entity ID |
| Metadata URL | IdP metadata endpoint | (empty) | For automatic configuration |
| Client ID | OIDC client identifier | (empty) | From your IdP registration |
| Client Secret | OIDC client secret | (empty) | Stored encrypted |
| Authority URL | OIDC authority endpoint | (empty) | https://login.microsoftonline.com/{tenant} |
| Callback Path | Authentication callback URL | /signin-oidc |
Must match IdP configuration |
| Sign Out Path | Logout callback URL | /signout-callback-oidc |
For federated logout |
Common Provider Configurations
| Provider | Type | Key Settings |
|---|---|---|
| Azure AD / Entra ID | OIDC | Authority: https://login.microsoftonline.com/{tenant}/v2.0 |
| Okta | OIDC | Authority: https://{org}.okta.com/oauth2/default |
| AD FS | SAML | Metadata: https://adfs.company.com/federationmetadata/... |
| Ping Identity | OIDC | Authority: https://auth.pingone.com/{env}/as |
TicketingSettings
Configures integration with external service desk systems.
| Setting | Description | Default | Notes |
|---|---|---|---|
| Enable Ticketing | Enable service desk integration | false |
Requires endpoint configuration |
| Provider | Ticketing system type | (none) | ServiceNow, Jira |
| Endpoint URL | API base URL | (empty) | Service desk REST API endpoint |
| Username | API authentication username | (empty) | Service account credentials |
| Password / API Token | Authentication secret | (empty) | Stored encrypted |
| Default Project | Default project/queue for tickets | (empty) | Jira project key or ServiceNow queue |
| Ticket Template | Default ticket template | (empty) | Maps IdentityCenter data to ticket fields |
Ticket Field Mapping
Map IdentityCenter fields to your ticketing system's fields:
| IdentityCenter Field | ServiceNow Field | Jira Field |
|---|---|---|
| Violation Description | Short Description | Summary |
| Policy Name | Category | Labels |
| Severity | Priority | Priority |
| Affected User | Assigned To | Assignee |
| Remediation Action | Description | Description |
MaintenanceSettings
Configures automated maintenance tasks and cleanup schedules.
| Setting | Description | Default | Notes |
|---|---|---|---|
| Enable Maintenance Windows | Schedule maintenance periods | true |
Pauses sync during maintenance |
| Maintenance Schedule | When maintenance runs | Sunday 2:00 AM |
Cron expression |
| Auto Cleanup | Automatically purge old data | true |
Respects retention settings |
| Sync History Retention | Days to keep sync run history | 90 |
Older runs are purged |
| Audit Log Retention | Days to keep audit entries | 365 |
Compliance consideration |
| Temp File Cleanup | Remove temporary files | true |
Exports, uploads, cache |
| Temp File Max Age | Days before temp files are deleted | 7 |
Prevents disk usage growth |
| Backup Reminder | Remind admins to verify backups | true |
Monthly notification |
SeedDataSettings
Manages re-seeding of default templates, policies, and configuration data.
| Setting | Description | Notes |
|---|---|---|
| Re-seed Email Templates | Restore default email templates | Does not overwrite customized templates |
| Re-seed Policies | Restore default policy templates | Creates missing defaults only |
| Re-seed Schedule Templates | Restore default schedule templates | For Quartz.NET job schedules |
| Re-seed Roles | Restore default application roles | Admin, User, Auditor |
| Seed on Startup | Automatically check for missing seed data | Runs via DatabaseMigrationService V005 |
Tip: Re-seeding is safe -- it only creates items that are missing. It will not overwrite customized templates or policies. Use this if you accidentally deleted a default template or role.
AdvancedSettings
Developer and diagnostic options. Use with caution in production.
| Setting | Description | Default | Warning |
|---|---|---|---|
| Debug Mode | Enable detailed error pages | false |
Never enable in production |
| Show SQL Queries | Log all SQL queries | false |
High performance impact |
| Enable Swagger | Show API documentation UI | false |
Security risk if exposed |
| Experimental Features | Enable beta features | false |
May be unstable |
| Circuit Detail Errors | Show detailed Blazor errors | false |
Exposes internal details |
| Developer Logging | Verbose framework logging | false |
Extreme log volume |
Important: AdvancedSettings are intended for development and troubleshooting only. Enabling these options in production can expose sensitive information and degrade performance. Always reset to defaults after debugging.
Configuration File Reference
Settings can also be managed via appsettings.json for deployment automation:
{
"GeneralSettings": {
"ApplicationName": "IdentityCenter",
"Timezone": "Eastern Standard Time",
"DateFormat": "yyyy-MM-dd"
},
"SecuritySettings": {
"PasswordMinimumLength": 12,
"SessionTimeoutMinutes": 30,
"MaxLoginAttempts": 5
},
"Email": {
"Smtp": {
"Server": "smtp.office365.com",
"Port": 587,
"UseSsl": true
}
},
"Logging": {
"DefaultLevel": "Information",
"RetentionDays": 30
}
}
Settings configured through the UI take precedence over appsettings.json values. The JSON file serves as the initial default configuration.