Advanced Config Settings

Identity Panel has a number of advanced settings that can be accessed through various config files. Each of these settings has been pre-initialized by the installer to a sane default. However, many enterprise environments have specific requirements or constraints that can only be met by adjusting these advanced settings.

If you suspect your environment may require special settings customization, you can use this documentation, and obtain further support from SoftwareIDM.

Web config.json

Product Name

The Product Name that appears in the header of the Panel platform web application can be adjusted using Application:Product . However, if your license SKU specifies a product name, the license value will override the app settings value.

"Application": {
    "Product": "Identity Panel"
}

Database Connections

The Mongo DB connection string and database are selected by the Data:DefaultConnection:MongoDB key.

The search engine connection string is in the SearchConnectionString key.

These values will generally need to be customized in a High Availability deployment. For best security, you should restrict remote access to ports 27017 and 9306 on the web server(s), since these are the default ports for database communications.

"Data": {
  "DefaultConnection": {
    "MongoDB": "IdentityPanelDB_vNext",
    "MongoConnectionString": "mongodb://localhost:27017",
    "SearchConnectionString": "http://localhost:9200"
  }
}

Azure Authentication

The config.json file Can be used to switch from Windows authentication to Azure AD Open ID Connect authentication.

To do so, change Auth:Mode from "Windows" to "Azure". You will also need to register an application in your Azure tenant, and edit the values in the AzureAD section.

Report Limits

The config.json file has object, join, and cell count limits to prevent accidental DoS operations using the reporting engine. Depending on the size of your environment it may be necessary to revise these limits upwards.

"Report": {
  "ObjectLimit": "200000",
  "JoinLimit": "600000",
  "CellLimit": "5000000"
}

PanelTools config.json

REST Settings

The client application has several settings that can be used to influence calls to the REST API.

The Application:Host setting contains the URL of the web application. This may be set to a load balanced URL, or to a specific web server. The value of this connection string is initialized by the installer. If you change the bindings in IIS after installation you will need to update this value.

By default, the client applications use integrated authentication to login to the web application as the current user. It is possible to switch to Azure authentication using the Auth section. To do so, change the Mode key to "Azure", and populate the API key configured in your Azure Tenant.

By default, the client applications allow 300 seconds before timeout for requests. These timeouts can be overridden with the Rest:TimeoutSeconds key.

DLL Paths

The Panel platform client applications use an AssemblyResolveHandler to keep dlls organized.

By default, dlls are search for in the lib, lib\Extensions, and Modules folders. The path locations for these folders are given in the application config files. In addition, the default path is given for the MSOnline PowerShell module.

If you write PowerShell steps that import modules not not installed in the GAC, or if you reference non-GAC and non-local dlls in a custom extension, it may be necessary to add additional keys to the DllPath section.

Mongo DB Config

The settings for Mongo DB are controlled by mongodb.config. Documentation for Mongo DB config settings is available at MongoDB Configuration Options.

The most common change you may have to make is to move the database to a drive with more free space. To to this:

  1. Stop the SoftwareIDM Identity Panel Database service
  2. Change the path(s) in mongodb.cfg
  3. Move the data\db folder
  4. Restart the database service
logpath=C:\Program Files\SoftwareIDM\IdentityPanelWeb\MongoDB\log\mongo.log
dbpath=C:\Program Files\SoftwareIDM\IdentityPanelWeb\MongoDB\data\db
journal=true
quiet=true

Elastic Search Config

The settings for full text search are controlled by elasticsearch.yml. Documentation for the Elastic Full Text search platform is available at Elastic Search Documentation.

The most common changes you may have to make to elasticsearch.yml, would be to revise file paths to move the search indices to a different drive, and to increase the memory limits for better performance.

The path.data value represents the location of the index files, and thus the majority of the data used.

To change the file paths:

  1. Stop the SoftwareIDM.Elastic service
  2. Change the paths in elasticsearch.yml
  3. Move folders and files to the new location
  4. Restart the search service.

Copyright © SoftwareIDM

Table of Contents