Soffid allows you to customize the configuration of some attributes of the Console, Syncserver, connectors and add-ons.

If you want to know the Soffid console version check the **component.iam-core.version** parameter.

Parameter	Description
soffid.auth.system	Select the managed system where the account name will be searched on the user login. Defaults to soffid.
soffid.auth.trustedLogin	Set to true to enable the Soffid console to validate passwords on trusted systems. Setting it to false, the password will be validated against internal tables only.
soffid.delegation.disable	Set to true to prevent users to delegate permissions from self service page.
soffid.entitlement.group.holder	Set to optional enables the operator to set a group as the group holder for any entitlement assignment. Set to always enforce that any entitlement assignment must be bound to a holder group. Set to none to disable this feature. This parameter affects to [role holder](https://bookstack.soffid.com/link/62#bkmrk-%C2%A0-1)
soffid.language	Enforce user interface language.
soffid.language.default	Default user interface language (en).
soffid.network.internet	Sets the name for a generic subnet that will hold any host not included on any listed network.
soffid.proxy.trustedIps	Set the IP address of any reverse proxy in front of Soffid servers. When an incoming request is made from any of these trusted IP addresses, the X-Forwarded-for header is taken as the real source IP of the request. In any other case, the X-Forwarded-for header is ignored. This parameter can take a list of IP addresses, separated by commas, like the following ones: - 127.0.0.1 - 192.168.120.1, 192.168.120.2 To allow a range of network IPS, one can use the wildcard(\) symbol, as in the following example: - 127.0.0.1, 192.168.120.\ Starting with Soffid console 3.3.0, the network-address/bits notation is allowed, as in the following example: - 127.0.0.1, 192.168.120.128/25
soffid.propagate.timeout	Timeout in seconds to retry the password validation needed to propagate a managed system notified password change (requires syncserver 1.5.4).
soffid.server.sharedThreads	Number of shared dispatcher threads per synchronization servers (by default 1)
soffid.syslog.server	Hostname or IP address of server hosts SIEM. The SIEM will receive audit information using the syslog protocol.
soffid.task.limit	The maximum number of tasks allowed per transaction. If a simple or complex transaction generates more tasks than specified, these tasks will be kept on hold. Administrators can release them through the monitoring page. (version 2.0+)
soffid.ui.docPath	The path where to store report and workflow documents.
soffid.ui.docServer	URL where is the server to store the files.
soffid.ui.docStrategy	Class responsible for managing report and workflow documents.
soffid.ui.docTempPath	The path where to store temporary files
soffid.ui.docUsername	Username of the doc server.
soffid.ui.docUserPassword	The password of the doc server.
soffid.ui.maxrows	The maximum number of rows to display in searches. The default value is 200 but you can change it.
soffid.ui.timeout	Max time (in milliseconds) a query can take to complete (version 2.0 +).
soffid.ui.wildcarts	Setting the auto value enables the user interface to add wildcards on user queries. Setting it to off disables this feature.
soffid.externalURL	External URL to access to Soffid console.
soffid.kerberos.agent	The name of the Windows server agent so that any incoming Kerberos packets will be authenticated against that domain.
soffid.pam.search.recordings.timeout	Timeout reached in the query, use the parameter to specify a longer timeout in milliseconds. By default, if you don't config this parameter is 60000 milliseconds. (version 3.5.18+)
soffid.nameformat	Parameter to configure how to display the users full name. Where: - %1$s is the first name. - %2$s is the middle name. - %3$s is the last name For instance: ``` %2$s %3$s, %1$s ```

**Parameter**

**Description**

soffid.auth.system

Select the managed system where the account name will be searched on the user login. Defaults to soffid.

soffid.auth.trustedLogin

Set to true to enable the Soffid console to validate passwords on trusted systems. Setting it to false, the password will be validated against internal tables only.

soffid.delegation.disable

Set to true to prevent users to delegate permissions from self service page.

soffid.entitlement.group.holder

Set to **optional** enables the operator to set a group as the group holder for any entitlement assignment. Set to **always** enforce that any entitlement assignment must be bound to a holder group. Set to **none** to disable this feature.

This parameter affects to [role holder](https://bookstack.soffid.com/link/62#bkmrk-%C2%A0-1)

soffid.language

Enforce user interface language.

soffid.language.default

Default user interface language (en).

soffid.network.internet

Sets the name for a generic subnet that will hold any host not included on any listed network.

soffid.proxy.trustedIps

Set the IP address of any reverse proxy in front of Soffid servers. When an incoming request is made from any of these trusted IP addresses, the X-Forwarded-for header is taken as the real source IP of the request. In any other case, the X-Forwarded-for header is ignored. This parameter can take a list of IP addresses, separated by commas, like the following ones: - 127.0.0.1 - 192.168.120.1, 192.168.120.2 To allow a range of network IPS, one can use the wildcard(\*) symbol, as in the following example: - 127.0.0.1, 192.168.120.\* Starting with Soffid console 3.3.0, the network-address/bits notation is allowed, as in the following example: - 127.0.0.1, 192.168.120.128/25

soffid.propagate.timeout

Timeout in seconds to retry the password validation needed to propagate a managed system notified password change (requires syncserver 1.5.4).

soffid.server.sharedThreads

Number of shared dispatcher threads per synchronization servers (by default 1)

soffid.syslog.server

Hostname or IP address of server hosts SIEM. The SIEM will receive audit information using the syslog protocol.

soffid.task.limit

The maximum number of tasks allowed per transaction. If a simple or complex transaction generates more tasks than specified, these tasks will be kept on hold. Administrators can release them through the monitoring page. (version 2.0+)

soffid.ui.docPath

The path where to store report and workflow documents.

soffid.ui.docServer

URL where is the server to store the files.

soffid.ui.docStrategy

Class responsible for managing report and workflow documents.

soffid.ui.docTempPath

The path where to store temporary files

soffid.ui.docUsername

Username of the doc server.

soffid.ui.docUserPassword

The password of the doc server.

soffid.ui.maxrows

The maximum number of rows to display in searches. The default value is 200 but you can change it.

soffid.ui.timeout

Max time (in milliseconds) a query can take to complete (version 2.0 +).

soffid.ui.wildcarts

Setting the auto value enables the user interface to add wildcards on user queries. Setting it to off disables this feature.

soffid.externalURL

External URL to access to Soffid console.

soffid.kerberos.agent

The name of the Windows server agent so that any incoming Kerberos packets will be authenticated against that domain.

soffid.pam.search.recordings.timeout

Timeout reached in the query, use the parameter to specify a longer timeout in milliseconds. By default, if you don't config this parameter is 60000 milliseconds. (version 3.5.18+)

soffid.nameformat

Parameter to configure how to display the users full name. Where: - %1$s is the first name. - %2$s is the middle name. - %3$s is the last name For instance: ``` %2$s %3$s, %1$s ```

Parameter	Description
SSOServer	This parameter indicates which server acts on the workstations that run SSO. This parameter can have different values for any subnet. So you can define ESSO servers allowed for any subnet.
seycon.https.port	Port where synchronization server connects to. This parameter is used by ESSO clients to connect to synchronization servers.
seycon.server.list	Shows where Syncserver and SyncServer backup is installed. When installing the first server synchronization, this parameter is automatically updated. If you want to install a synchronization server backup you must update this parameter manually. Note that proxy synchronization servers are not on this list. See the [Soffid installation guide.](https://bookstack.soffid.com/books/installation/page/getting-started "Getting started")
soffid.sync.engine.threads	This parameter allows you to configure the number of threads available to run the tasks. If you do not fill this parameter, Soffid will run 1 thread for every 50 systems, but never more than twice the number of CPUs of the server. The value of the parameter must be equal or greater than 1. (Available in Sync Server version 3.5.15+)

Parameter	Description
mail.host	Host to send electronic mail messages.
mail.from	Recipient address that will be set as the email sender.
mail.transport.protocol	Set to SMTPS to get secure mail. Default value "SMTP" to use plain SMTP protocol.
mail.auth	Set to true if your mail server requires user authentication.
mail.user	Set your email user name if your mail server requires user authentication.
mail.password	Set your email password if your mail server requires user authentication.
mail.port	25 by default, with this parameter a new port can be set.
mail.smtp.sasl.enable	Set to true to enable SASL.

**Parameter**

**Description**

mail.host

Host to send electronic mail messages.

mail.from

Recipient address that will be set as the email sender.

mail.transport.protocol

Set to SMTPS to get secure mail. Default value "SMTP" to use plain SMTP protocol.

mail.auth

Set to true if your mail server requires user authentication.

mail.user

Set your email user name if your mail server requires user authentication.

mail.password

Set your email password if your mail server requires user authentication.

mail.port

25 by default, with this parameter a new port can be set.

mail.smtp.sasl.enable

Set to true to enable SASL.

Parameter	Description
soffid.scheduler.error.notify	Users to notify when a scheduled task fails.
soffid.bpm.error.notify	Users to notify when a BPM task fails.
soffid.bpm.error.retry	Set to true to always retry any failed BPM task.

Parameter	Description
soffid.server.register	Set to *direct* value to bypass standard workflow needed for a syncserver to join the syncservers security network. Otherwise, the standard approval workflow will be required(Since syncserver 2.6.0). You also can set it to *no-direct*

Parameter	Description
addon.federation.essoidp	Set the Identity Provider identifier to indicate that this will be the authentication provider. For more information, you can visit [the How to add to ESSO a second factor of authentication page](https://bookstack.soffid.com/books/esso/page/how-to-add-to-esso-a-second-factor-of-authentication).

**Parameter**

**Description**

addon.federation.essoidp

Set the Identity Provider identifier to indicate that this will be the authentication provider. For more information, you can visit [the How to add to ESSO a second factor of authentication page](https://bookstack.soffid.com/books/esso/page/how-to-add-to-esso-a-second-factor-of-authentication).

Add new	Allows you to add a new Soffid parameter. You can choose that option on the hamburger menu or clicking the add button (+). To add a new parameter it will be mandatory to fill in the required fields.
Delete	Allows you to delete one or more Soffid parameters by selecting one or more records and next clicking the button with the subtraction symbol (-). To perform that action, Soffid will ask you for confirmation, you could confirm or cancel the operation.
Import	Allows you to upload a CSV file with the parameter list to add, update or delete parameters to Soffid. First, you need to pick up a CSV file, that CSV has to contain a specific configuration. Then you need to check the content to be loaded, it is allowed to choose if you want or not to load a specific attribute. And finally, you need to select the mappings for each column of the CSV file to import the data correctly and to click the Import button. To delete a parameter, the values of the parameter have to be empty ``` "Parameter","Network","Value","Description" "addon.backup.test","","","" ```
Download CSV file	Allows you to download a csv file with the basic information of all Soffid parameters.

Apply changes	Allows you to save the data of a new parameter or to update the data of a specific parameter. To save the data it will be mandatory to fill in the required fields.
Delete	Allows you to delete a specific Soffid parameter. To delete a host you can click on the hamburger icon and then click the delete button (trash icon). Soffid will ask you for confirmation to perform that action, you could confirm or cancel the operation.
Undo	Allows you to quit without applying any changes.