The Identity Hub Configuration
For instances of The Identity Hub that are installed on-premises or in the cloud as a non-shared instance, a number of application wide configuration parameters are available.
Settings can be configured on different levels (depending on the TIH version you host):
- the web.config file (1)
- Azure configuration (2)
- Database (3)
All settings are configurable in the web.config value.
For maintenance reasons some settings are also configurable through the Azure Configuration for in cloud scenarios.
Most settings which are also configurable at the database level, can be updated at runtime. Although they are cached, they can be updated without reboot or recycle of the IIS worker processes.
Configuration Parameters
| Parameter | Description | Default | Configuration levels |
|---|---|---|---|
| APPINSIGHTS_INSTRUMENTATIONKEY | The key to the Azure Application Insights instance to use. See https://azure.microsoft.com/en-us/services/application-insights for more info. | None | 2 |
| BccMailAddress | The email address to send all mails sent by The Identity Hub to in BCC. This can for instance be a Helpdesk address. | None | 3 |
| CustomSiteCssFile | The name of the custom css file to load when using Customizations. | None | 3 |
| EnableAuditing | If set to true the Auditing is active. |
true |
3 |
| EndUserFAQPageUrl | The link to a custom Frequently Asked Page shown at the bottom of the authenticate page | https://docs.theidentityhub.com/FAQ-Authenticate.html | 3 |
| ErrorWarningHelpEmailAddresses | The email address to use when the user clicks the send mail on the warning page | helpdesk@theidentityhub.com | 3 |
| FixedUserLanguage | The fixed culture to present the UI of The Identity Hub in, regardless of the user’s browser and OS settings. Examples: nl-BE, fr-BE, en-US | None | 3 |
| GoogleAnalyticsTrackingId | The Id of the Google Analytics instance to use for The Identity Hub. | None | 1 |
| GoogleTagManagerId | The Id of Google Tag Manager to use for The Identity Hub. Setting this property will add the necessary (production) scripts to each page | None | 1 |
| HapIssuerName | The issuer name for the claims of the build in Username/Password Account Provider. | urn:theidentityhub:up:{0} | 1 |
| HubUrl | The URL of the The Identity Hub installation | None | 3 |
| IssuerName | The issuer name for the claims generated by The Identity Hub. | urn:theidentityhub:{0} | 1 |
| LogonSessionSlidingExpiration | When set to true the session for The Identity Hub is extended each time the user browses the site. See LogonSessionValidity. |
true |
3 |
| LogonSessionValidity | The number of minutes the session for The Identity Hub is valid. See LogonSessionSlidingExpiration. | 60 | 3 |
| OnPremiseCSPHeader | The complete CSP header to be used. Should include all sources used by The Identity Hub as well | None ( a CSP header is dynamically built) | 3 |
| PrivateKeyEncryptionCertificateThumbprint | The thumbprint name of the current (new) certificate used to encrypt certificate private keys uploaded to The Identity Hub before storing them in the database. When specified takes precedence over PrivateKeyEncryptionCertificateSubjectName | None | 1 |
| PrivateKeyEncryptionSecondaryCertificateThumbprint | The thumbprint of the certificate previously used (old) to encrypt certificate private keys uploaded to The Identity Hub before storing them in the database. When specified takes precedence over PrivateKeyEncryptionSecondaryCertificateSubjectName | None | 1 |
| PrivateKeyEncryptionCertificateSubjectName | The subject name of the current (new) certificate used to encrypt certificate private keys uploaded to The Identity Hub before storing them in the database. | None | 1 |
| PrivateKeyEncryptionSecondaryCertificateSubjectName | The subject name of the certificate previously used (old) to encrypt certificate private keys uploaded to The Identity Hub before storing them in the database. | None | 1 |
| ReCaptchaSecretKey | The Google ReCaptcha secret key for the instance of ReCaptcha to be used by The Identity Hub. | None | 1 |
| ReCaptchaSiteKey | The Google ReCaptcha site key for the instance of ReCaptcha to be used by The Identity Hub. | None | 1 |
| ShadowCopyProviders | If set to true will shadow copy the Custom Providers. |
false |
2 |
| ShadowCopyAccountProviders | If set to true will shadow copy the Custom Account Providers. |
false |
2 |
| SmtpFrom, SmtpHost, SmtpPassword, SmtpUserName | Required SMTP settings used by The Identity Hub to send emails | No default, but required | 2 |
| TraceDatabaseQueriesWhenVerboseTracingIsActive | When set to true will trace all the database queries when tracing is set to Verbose. This setting should be used with care and only activated for diagnostic purposes as it generates a lot of tracing data. |
false |
3 |
| UseOnPremiseCustomizations | When set to true will load and enable customizations. |
false |
2 |
| UseOnPremiseCustomizationsFileShare | The network path of the folder where the customizations are located. | None | 1 |
| UseOnPremiseCustomizationsUseDefaultTenantCustomizations | When set to true will apply default customizations when customizations for the specific Tenant are not found. If set to false will use the default The Identity Hub layout when customizations for the specific Tenant are not found. |
true |
2 |
| ValidateCertificates | When set to true validates all certificates uploaded and used by The Identity Hub. When set to false performs no validation. |
true |
3 |