Skip to main content

Soffid parameters


Soffid allows you to customize the configuration of some attributes of the Console, Syncserver, connectors and add-ons.

There are several types of parameters.

  • Informative parameters, such as the versions of internal components of Soffid.
  • Parameters used as attributes in Soffid screens, such as the values of the look & feel fields.
  • There are also parameters that can be modified, such as some configuration data for the synchronization server.
  • There are new attributes that can be included to expand the functionality of Soffid, such as mail server data.

If you want to know the Soffid console version check the component.iam-core.version parameter.

Standard attributes

  • Name: code used to identify the parameter.
  • Value: parameter value.
  • Network (optional): network to which this parameter would be assigned.
  • Description (optional): a brief description of the parameter.


Soffid parameters query actions

Add new

Allows you to add a new Soffid parameter. You can choose that option on the hamburger menu or clicking the add button (+).

To add a new parameter it will be mandatory to fill in the required fields.


Allows you to delete one or more Soffid parameters by selecting one or more records and next clicking the button with the subtraction symbol (-).

To perform that action, Soffid will ask you for confirmation, you could confirm or cancel the operation. 


Allows you to upload a CSV file with the parameter list to add, update or delete parameters to Soffid.

First, you need to pick up a CSV file, that CSV has to contain a specific configuration. Then you need to check the content to be loaded, it is allowed to choose if you want or not to load a specific attribute. And finally, you need to select the mappings for each column of the CSV file to import the data correctly and to click the Import button.

To delete a parameter, the values of the parameter have to be empty


Download CSV file

Allows you to download a csv file with the basic information of all Soffid parameters. 

Soffid parameters detail actions

Apply changes

Allows you to save the data of a new parameter or to update the data of a specific parameter. To save the data it will be mandatory to fill in the required fields.


Allows you to delete a specific Soffid parameter. To delete a host you can click on the hamburger icon and then click the delete button (trash icon).

Soffid will ask you for confirmation to perform that action, you could confirm or cancel the operation.


Allows you to quit without applying any changes.

List of parameters sort by functionality




Select the managed system where the account name will be searched on user login. Defaults to soffid.


Set to true to enable Soffid console to validate passwords on trusted systems. Setting it to false, the password will be validated against internal tables only.


Set to true to prevent users to delegate its permissions from self service page.

Set to optional enables the operator to set a group as the group holder for any entitlement assignment.

Set to always to enforce that any entitlement assignment must be bound to a holder group.

Set to none to disable this feature. 

This parameter affects to role holder


Enforce user interface language.


Default user interface language (en).

Sets the name for a generic subnet that will hold any host not included on any listed network.


Set the IP address of any reverse proxy in front of Soffid servers.
When an incoming request is made from any of these trusted IP addresses, the X-Forwarded-for header is taken as the real source IP of the request. In any other case, the X-Forwarded-for header is ignored.

This paremetr can take list of IP addresses, separated by commas, like the followin ones:


To allow a range of network IPS, one cane use the wildcard(*) symbol, as in the following example:

  •, 192.168.120.*

Starting with Soffid console 3.3.0, the network-address/bits notation is allowed, as in the following example:



Timeout in seconds to retry the password validation needed to propagate a managed system notified password change (requires syncserver 1.5.4).


Number of shared dispatcher threads per synchronization servers (by default 1)


Hostname or IP addess of server hosts SIEM. The SIEM will receive audit information using syslog protocol.


The maximum number of tasks allowed per transaction. If a simple or complex transaction generates more tasks than specified, these tasks will be kept on hold. Administrator can release them through the monitoring page. (version 2.0+)


Path where to store report and workflows documents.


URL where is the server to store the files.


Class responsible for managing report and workflow documents.


The path where to store temporary files


Username of the doc server.


The password of the doc server.


The maximum number of rows to display in searches. The default value is 200 but you can change it.


Max time (in milliseconds) a query can take to complete (version 2.0 +).


Setting the auto value enables the user interface to add wildcards on user queries. Setting it to off disables this feature.


External URL to access to Soffid console.


SSOServer This parameter indicates which server acts on the workstations that run SSO. This parameter can have different values for any subnet. So you can define ESSO servers allowed for any subnet.
seycon.https.port Port where synchronization server connects to. This parameter is used by ESSO clients to connect to synchronization servers.
seycon.server.list  Shows where Syncserver and SyncServer backup is installed. When installing the first server synchronization, this parameter is automatically updated. If you want to install a synchronization server backup you must update this parameter manually. Note that proxy synchronization servers are not in this list. See the Soffid installation guide.

Mail server



Host to send electronic mail messages.


Recepient address that will be set as the email sender.


Set to SMTPS to get secure mail. Default value "smtp" to use plain SMTP protocol.


Set to true if your mail server requires user authentication.


Set your email user name if your mail server requires user authentication.


Set your email password if your mail server requires user authentication.


25 by default, with this parameter a new port can be set.


Set to true to enable SASL.

Job notifications




Users to notify when a scheduled task fails. 


Users to notify when a BPM task fails.


Set to true to always retry any failed BPM task.

Syncserver provisioning


Set to direct value to bypass standard workflow needed for a syncserver to join the syncservers security network. Otherwise, the standard approval workflow will be required(Since syncserver 2.6.0). You also can set to no-direct