# Configuration > Global Settings

Configuration > Global Settings

# Tenants

## Definition

<p class="callout success">Soffid is multi tenant. This means that one can configure many differente tenants to manage disjoints groups of identities and applications. </p>

Each Soffid object, including applications, systems, roles, users, and accounts are bound to a single tenant.

Of course, there is a special tenant named master. Master tenant administrators can jump to any other tenant with administration privileges.

<p class="callout info">Soffid recommends connecting directly to the specific tenant to configure it correctly. You have more information about this topic in the [Tenant access section](#bkmrk-tenant-access).</p>

## Screen overview

<iframe allowfullscreen="allowfullscreen" height="314" src="//www.youtube.com/embed/H8tL8n_jkxM?rel=0" width="560"></iframe>

[![image.png](https://bookstack.soffid.com/uploads/images/gallery/2025-08/scaled-1680-/QNQQzUiJrDbDXJLT-image.png)](https://bookstack.soffid.com/uploads/images/gallery/2025-08/QNQQzUiJrDbDXJLT-image.png)

[![image.png](https://bookstack.soffid.com/uploads/images/gallery/2025-08/scaled-1680-/yKHxbpdgC1gdi1md-image.png)](https://bookstack.soffid.com/uploads/images/gallery/2025-08/yKHxbpdgC1gdi1md-image.png)

## Related objects

- [Authorizations](https://bookstack.soffid.com/books/soffid-4-reference-guide/page/authorizations "Authorizations"): to exclude authorizations in the tenants
- [Synchronization servers](https://bookstack.soffid.com/books/soffid-4-reference-guide/page/synchronization-servers "Synchronization servers"): syncservers availbles to manage the tenant

## Standard attributes

- **Name:** Set a short name for the tenant.
- **Description:** Enter a long description for the tenant
- **Enabled:** Usually set to yes. If it's set to NO, no user will be able to log in to that tenant, and no provisioning or automated task will be ran on that tenant.
- **Disabled permissions:** By default, tenant administrator permissions are restricted, so they are not able to bypass tenant borders and access to other tenant information. To achive this, the following permissions are disabled by default, but some others can be added: 
    - Open the tenants management page
    - Use the tenant micro-service
    - Manage sync servers
- **Assigned servers**: By default, the new tenant will not be able to use any sync server unless it is authorized to. So, one can create a sync server for a specific tenant that cannot be used by any other tenant.

## Actions

### Table actions

<table border="1" id="bkmrk-add-new-allows-you-t" style="border-collapse: collapse; width: 100%; height: 154.047px;"><colgroup><col style="width: 17.5261%;"></col><col style="width: 82.5037%;"></col></colgroup><tbody><tr style="height: 30.0312px;"><td style="height: 30.0312px;">**Add new**</td><td style="height: 30.0312px;">Allows you to create a new Tenant.

</td></tr><tr style="height: 30.0312px;"><td style="height: 30.0312px;">**Download CSV file**</td><td style="height: 30.0312px;">Allows you to download a CSV file with the tenant information displayed in the table.</td></tr></tbody></table>

### Tenant actions

<table border="1" id="bkmrk-apply-changes-allow-" style="height: 211.766px; width: 96.4286%;"><tbody><tr><td style="width: 17.4289%;">**Apply changes**

</td><td style="width: 82.5711%;">Allows you to save the data of a new tenant or to update the data of a specific tenant. To save the data it will be mandatory to fill in the required fields.

</td></tr><tr style="height: 21.5938px;"><td style="width: 17.4289%; height: 21.5938px;">**Export**

</td><td style="width: 82.5711%; height: 21.5938px;">The process will generate a compressed file with all the information contained in the Tenant. It includes even the connectors configurations, mappings and global settings.

</td></tr><tr style="height: 63.3906px;"><td style="width: 17.4289%; height: 63.3906px;">**Delete Tenant**

</td><td style="width: 82.5711%; height: 63.3906px;">Allows you to delete the tenant. To perform that action, Soffid will ask you for confirmation, you could confirm or cancel the operation. Remember that this action will delete all data from the tentant. We recommend saving a backup using the Export option beforehand.

</td></tr><tr style="height: 46.5938px;"><td style="width: 17.4289%; height: 46.5938px;">**Login**

</td><td style="width: 82.5711%; height: 46.5938px;">If you have permission to log into a different tenant, you can use this option to access to it. This option is not intended for normal usage, but for administrative purposes

</td></tr><tr style="height: 80.1875px;"><td style="width: 17.4289%; height: 80.1875px;"><span style="color: rgb(0, 0, 0);">**Import**</span>

</td><td style="width: 82.5711%; height: 80.1875px;"><span style="color: rgb(0, 0, 0);">The user can upload the previously exported tenant. The process will restore all the information contained in the Tenant, including connectors configurations, mappings and global settings.If the Tenant already exists, the process will not replace it. A new tenant will be created with a new name. If you want to replace the existing tenant, remove it before uploading the tenant export file.</span>

</td></tr><tr><td style="width: 17.4289%;">**Undo**

</td><td style="width: 82.5711%;">Allows you to quit without applying any changes.

</td></tr></tbody></table>

## Others

### Tenant access

#### Option 1: direct access to the tenant 

When users are connecting to Soffid console, the master tenant is displayed by default. In order to directly connect to any tenant, a DNS entry with the tenant name must be added to your DNS server.

For instance, if you have deployed a Soffid console with the DNS name **console.soffid4.local**, the DNS name **test.console.soffid4.local** will be used to access to the **test** tenant.

[![image.png](https://bookstack.soffid.com/uploads/images/gallery/2025-08/scaled-1680-/7D8RvF87VYIscfuj-image.png)](https://bookstack.soffid.com/uploads/images/gallery/2025-08/7D8RvF87VYIscfuj-image.png)

<p class="callout warning">Note that you must configure the **hostName** Soffid parameter in the master with your DNS name</p>

[![image.png](https://bookstack.soffid.com/uploads/images/gallery/2025-08/scaled-1680-/CsraLloxKyBJlQZa-image.png)](https://bookstack.soffid.com/uploads/images/gallery/2025-08/CsraLloxKyBJlQZa-image.png)

[![image.png](https://bookstack.soffid.com/uploads/images/gallery/2025-09/scaled-1680-/jv6Vc5AklgitDrYt-image.png)](https://bookstack.soffid.com/uploads/images/gallery/2025-09/jv6Vc5AklgitDrYt-image.png)

#### Option 2: access through the master

You can also configure the login page using the **soffid.auth.showTenant** Soffid parameter. If the parameter value is true, Soffid will display a new box in the login page to write the tenant name to login.

[![image.png](https://bookstack.soffid.com/uploads/images/gallery/2025-08/scaled-1680-/f9aJxvaL8ykzeh4F-image.png)](https://bookstack.soffid.com/uploads/images/gallery/2025-08/f9aJxvaL8ykzeh4F-image.png)

[![image.png](https://bookstack.soffid.com/uploads/images/gallery/2025-09/scaled-1680-/dOeog4AvrMsxFxak-image.png)](https://bookstack.soffid.com/uploads/images/gallery/2025-09/dOeog4AvrMsxFxak-image.png)

###   

# License and plugin

## Definition

### License

<p class="callout success">Soffid 4 requires a valid licence to enable its features.  
</p>

<p class="callout warning">The licence token must be provided by Soffid and will enable the modules you have contracted for the duration of the contract. A new licence token will be provided upon each renewal.</p>

### Plugin

<p class="callout success">Soffid provides you additional functionality that allows installing addons and server plugins. There are two main types of addons: **system connectors** and **console addons**.</p>

<p class="callout info">You can download existing addons and plugins developed by Soffid by visiting [http://download.soffid.com/download](http://download.soffid.com/download) or [http://download.soffid.com/download/enterprise](http://download.soffid.com/download/enterprise) if you have a Soffid user with authorization.</p>

<p class="callout success">In Soffid version 4, a marketplace has been implemented that allows you to upload or update add-ons or connectors directly from the Console.</p>

<p class="callout warning">An addon or plugin, must be upload into a **Master** tenant, the other tenant will inherit these installed addons and plugins.</p>

<p class="callout info">Addons and plugins can be developed using [Addon Development Guide.](https://bookstack.soffid.com/books/addon-development-getting-started "Addon development Getting started") </p>

#### System connectors

Also referred as plugins, there are little pieces of software able to manage identities on some type of systems. They can be generic plugins (SQL or LDAP plugins) or custom specific plugins.

The system connector is configured when the administrator creates an agent. An agent can be viewed as a configured instance of a plugin.

In order to upgrade existing (running) plugins, the synchronization server that hosts this plugin must be restarted from the system monitoring screen.

A connector can contain one or more types of agents, and you can create as many agents (of the same type or not) as you want to connect to Soffid.

#### Console addons

Add important features to Soffid console. A console addon can contain common classes, data models, transactional services, web services, and web interfaces.

In order to apply addon changes, the console must be restarted. It can be restarted from this page by clicking on the restart console button.

Some add-ons, such as Federation, also require restarting the synchronisation servers.

<p class="callout info">From this page, you will be able to upload and upgrade server plugins, as well and enable or disable them.</p>

## Screen overview

[![image.png](https://bookstack.soffid.com/uploads/images/gallery/2025-08/scaled-1680-/9s7jWg5dES5xW3Sb-image.png)](https://bookstack.soffid.com/uploads/images/gallery/2025-08/9s7jWg5dES5xW3Sb-image.png)

[![image.png](https://bookstack.soffid.com/uploads/images/gallery/2025-08/scaled-1680-/e6xOcxWEnzcmWMBU-image.png)](https://bookstack.soffid.com/uploads/images/gallery/2025-08/e6xOcxWEnzcmWMBU-image.png)

## Related objects

- [Tenants](https://bookstack.soffid.com/books/soffid-4-reference-guide/page/tenants): the plugins are managed in the master tenant.
- [Agents](https://bookstack.soffid.com/books/soffid-4-reference-guide/page/agents "Agents"): used to configure a system connector, agents are located inside the connector plugins.

## Standard attributes

### Table attributes

- **Plugin**: identified name of the plugin or addon deployed.
- **Version**: version of the plugin or addon.
- **Deployed by**: user that deployed the addon or plugin.
- **Date**: date and time of the deployment.

<p class="callout info">When a plugin is disabled, it is displayed as strikethrough.</p>

### Plugin attributes

- **Name:** identified name of the plugin or addon deployed.
- **Version**: name + version.
- **Enabled**: if enabled is Yes, the plugin or addon will be available to use it.
- **Components**: component list that make up the plugin or addon.

## Actions

#### Table actions

<table border="1" id="bkmrk-add-new-soffid-4-all" style="border-collapse: collapse; width: 100%; height: 422.002px;"><colgroup><col style="width: 19.697%;"></col><col style="width: 80.4113%;"></col></colgroup><tbody><tr style="height: 223.082px;"><td style="height: 223.082px;">**Add new**</td><td style="height: 223.082px;"><p class="callout success">Soffid 4 allows you to install and update plugins through the new Addons marketplace feature.</p>

<p class="callout warning">To access the marketplace, you must have a valid token to use Soffid and have configured the Console via https.</p>

<details><summary>Images</summary>

[![image.png](https://bookstack.soffid.com/uploads/images/gallery/2025-08/scaled-1680-/zT1zIAZQODssapPc-image.png)](https://bookstack.soffid.com/uploads/images/gallery/2025-08/zT1zIAZQODssapPc-image.png)

[![image.png](https://bookstack.soffid.com/uploads/images/gallery/2025-08/scaled-1680-/3uHXtG1pAm5kUzIA-image.png)](https://bookstack.soffid.com/uploads/images/gallery/2025-08/3uHXtG1pAm5kUzIA-image.png)

[![image.png](https://bookstack.soffid.com/uploads/images/gallery/2025-08/scaled-1680-/uw0ef7PG97IxCUUu-image.png)](https://bookstack.soffid.com/uploads/images/gallery/2025-08/uw0ef7PG97IxCUUu-image.png)

[![image.png](https://bookstack.soffid.com/uploads/images/gallery/2025-08/scaled-1680-/SnyiSzFTnWhDKIWL-image.png)](https://bookstack.soffid.com/uploads/images/gallery/2025-08/SnyiSzFTnWhDKIWL-image.png)

</details></td></tr><tr style="height: 80.1136px;"><td style="height: 80.1136px;">**Upload**</td><td style="height: 80.1136px;">Allows you to upload and install a new plugin or addon. You must pick a file, that file has to be a valid add-on or plugin. Once the file is selected, it will be uploaded automatically. Then, you must restart the Sync server or Console depending on the uploaded plugin. Soffid will tell you which one to restart once the plugin has loaded.</td></tr><tr style="height: 29.7017px;"><td style="height: 29.7017px;">**Delete plugin**</td><td style="height: 29.7017px;">Allows you to delete one or more plugins or addons, you must select one or more records from the list and click this button. To perform that action, Soffid will ask you for confirmation, you could confirm or cancel the operation.</td></tr><tr style="height: 29.7017px;"><td style="height: 29.7017px;">**Download CSV file**</td><td style="height: 29.7017px;">Allows you to download a CSV file with all the information about plugins.</td></tr><tr style="height: 29.7017px;"><td style="height: 29.7017px;">**Restart Console**</td><td style="height: 29.7017px;">Allows you to restart the console to apply addon changes. That operation will be mandatory when you load an addon.</td></tr><tr style="height: 29.7017px;"><td style="height: 29.7017px;">**License manager**</td><td style="height: 29.7017px;"><p class="callout success">To activate the features of Soffid 4, you must apply a token with the Soffid licence you have purchased.</p>

<p class="callout warning">Local testing or developer environments also require a token. The ‘Licence manager’ option lists valid tokens, old tokens, and tokens pending acceptance and use.</p>

<details><summary>Images</summary>

[![image.png](https://bookstack.soffid.com/uploads/images/gallery/2025-08/scaled-1680-/U4mQkiQRGniNqgV8-image.png)](https://bookstack.soffid.com/uploads/images/gallery/2025-08/U4mQkiQRGniNqgV8-image.png)

</details></td></tr></tbody></table>

#### Plugin actions

<table border="1" id="bkmrk-apply-changes-allows" style="height: 186.797px; width: 96.1905%;"><tbody><tr style="height: 46.5938px;"><td style="width: 17.8437%; height: 46.5938px;">**Apply changes (dick button)**</td><td style="width: 82.1563%; height: 46.5938px;">Allows you to update the plugin. Only the "Enabled" attribute can be modified.

</td></tr><tr style="height: 63.3906px;"><td style="width: 17.8437%; height: 63.3906px;">**Delete plugin**</td><td style="width: 82.1563%; height: 63.3906px;">Allows you to delete and desinstall a specific plugin. To delete a plugin, you can click on the "three point" icon and then click the delete plugin button. Soffid will ask you for confirmation to perform that action, you could confirm or cancel the operation.

</td></tr><tr style="height: 30px;"><td style="width: 17.8437%; height: 30px;">**Undo**</td><td style="width: 82.1563%; height: 30px;">Allows you to undo any changes.</td></tr><tr style="height: 46.8125px;"><td style="width: 17.8437%; height: 46.8125px;">**Apply changes**</td><td style="width: 82.1563%; height: 46.8125px;">Allows you to update the plugin. Only the "Enabled" attribute can be modified. Once you apply changes, the plugin details page will be closed.</td></tr></tbody></table>

## Others

### First access to Soffid

Once Soffid is installed and you access the console with the admin user, the only option enabled will be this screen.

<details id="bkmrk-image"><summary>Image</summary>

![image.png](https://bookstack.soffid.com/uploads/images/gallery/2025-09/scaled-1680-/NBeKhaoFZLc2vBVN-image.png)

[![image.png](https://bookstack.soffid.com/uploads/images/gallery/2025-09/scaled-1680-/k0EYbLbHq54gFzbL-image.png)](https://bookstack.soffid.com/uploads/images/gallery/2025-09/k0EYbLbHq54gFzbL-image.png)

</details>You should now access it and click "Licence manager" button to search for and accept the token that has been provided to you, but for this step to be possible, you must first configure the console in https. This step is explained in the Soffid 4 installation manual.

Once we have the console in https and have enabled the licence token, you will be able to access the contracted modules and this will be indicated in the page title.

<details id="bkmrk-image-1"><summary>Image</summary>

[![image.png](https://bookstack.soffid.com/uploads/images/gallery/2025-09/scaled-1680-/KDABpExiBGXU0M4E-image.png)](https://bookstack.soffid.com/uploads/images/gallery/2025-09/KDABpExiBGXU0M4E-image.png)

[![image.png](https://bookstack.soffid.com/uploads/images/gallery/2025-09/scaled-1680-/Y4JoShiNCaq9Whum-image.png)](https://bookstack.soffid.com/uploads/images/gallery/2025-09/Y4JoShiNCaq9Whum-image.png)

[![image.png](https://bookstack.soffid.com/uploads/images/gallery/2025-09/scaled-1680-/BXrGJ220X6nhVRDl-image.png)](https://bookstack.soffid.com/uploads/images/gallery/2025-09/BXrGJ220X6nhVRDl-image.png)

[![image.png](https://bookstack.soffid.com/uploads/images/gallery/2025-09/scaled-1680-/LJujj4T5Nq7fT00R-image.png)](https://bookstack.soffid.com/uploads/images/gallery/2025-09/LJujj4T5Nq7fT00R-image.png)

[![image.png](https://bookstack.soffid.com/uploads/images/gallery/2025-09/scaled-1680-/UsZip7OqGfm7LfCH-image.png)](https://bookstack.soffid.com/uploads/images/gallery/2025-09/UsZip7OqGfm7LfCH-image.png)

[![image.png](https://bookstack.soffid.com/uploads/images/gallery/2025-09/scaled-1680-/Zk58fniHXTScXs1l-image.png)](https://bookstack.soffid.com/uploads/images/gallery/2025-09/Zk58fniHXTScXs1l-image.png)

[![image.png](https://bookstack.soffid.com/uploads/images/gallery/2025-09/scaled-1680-/1bYVCJTLNNo9hiXB-image.png)](https://bookstack.soffid.com/uploads/images/gallery/2025-09/1bYVCJTLNNo9hiXB-image.png)

</details>### Access without token

When you access the ‘Licence manager’ and there are no tokens available, you must contact Soffid.

Please remember that the username used must be the one for the Soffid platform. It will be the same one that allows you to access our support portal or the downloads page.

<details id="bkmrk-image-%C2%A0-%C2%A0-%C2%A0"><summary>Image</summary>

[![image.png](https://bookstack.soffid.com/uploads/images/gallery/2025-09/scaled-1680-/KDABpExiBGXU0M4E-image.png)](https://bookstack.soffid.com/uploads/images/gallery/2025-09/KDABpExiBGXU0M4E-image.png)

[![image.png](https://bookstack.soffid.com/uploads/images/gallery/2025-09/scaled-1680-/Hu480PcC4jpUQy7y-image.png)](https://bookstack.soffid.com/uploads/images/gallery/2025-09/Hu480PcC4jpUQy7y-image.png)

[![image.png](https://bookstack.soffid.com/uploads/images/gallery/2025-09/scaled-1680-/tBGFCAmB2gS7zBjC-image.png)](https://bookstack.soffid.com/uploads/images/gallery/2025-09/tBGFCAmB2gS7zBjC-image.png)

</details>

# Look & feel

## Definition

<p class="callout success">Soffid's Look &amp; feel page allows you to adjust the Console styles to your organization.</p>

In this configuration page, the customization of two sections is allowed:

- Images:  
    
    - You can change the image of the logo that appears on the login page.
    - You can change the image of the logo that appears in the left bar.
    - You can change the image of the logo that appears in the top bar.
- Colors: 
    - You can change the colors of the Soffid components and text.

Changes made on this page affect the entire Console.

<p class="callout warning">Some changes may require updating the browser several times because some items are in the browser's cache.</p>

## Screen overview

[![image.png](https://bookstack.soffid.com/uploads/images/gallery/2025-09/scaled-1680-/0jP7ciJeVvSs1Djl-image.png)](https://bookstack.soffid.com/uploads/images/gallery/2025-09/0jP7ciJeVvSs1Djl-image.png)

## Standard attributes

Images

<table border="1" id="bkmrk-apply-changes-allow-" style="width: 96.4286%; height: 89.6355px;"><tbody><tr style="height: 29.8785px;"><td style="width: 19.3827%; height: 29.8785px;">**Login image**

</td><td style="width: 80.4938%; height: 29.8785px;">Logo used on the login and logout screens. Image in png or jpg format.

</td></tr><tr style="height: 29.8785px;"><td style="width: 19.3827%; height: 29.8785px;">**Left bar image**

</td><td style="width: 80.4938%; height: 29.8785px;">This image will appear in the menu on the left. Image in png or jpg format.

</td></tr><tr style="height: 29.8785px;"><td style="width: 19.3827%; height: 29.8785px;">**Top bar image**

</td><td style="width: 80.4938%; height: 29.8785px;">This image will appear in the menu on the top bar. Image in png or jpg format.

</td></tr></tbody></table>

Colors

<table border="1" id="bkmrk-primary-login%2Flogout" style="width: 96.4286%; height: 89.6355px;"><tbody><tr style="height: 29.8785px;"><td style="width: 19.3827%; height: 29.8785px;">**Primary**

</td><td style="width: 80.4938%; height: 29.8785px;">Login/logout background. Buttons. Page icons. Table selections.

</td></tr><tr style="height: 29.8785px;"><td style="width: 19.3827%; height: 29.8785px;">**Secondary**

</td><td style="width: 80.4938%; height: 29.8785px;">Icons in the menu pages.

</td></tr><tr style="height: 29.8785px;"><td style="width: 19.3827%; height: 29.8785px;">**Terciary**

</td><td style="width: 80.4938%; height: 29.8785px;">Buttons. Page icons.

</td></tr></tbody></table>

## Actions

For the images

<table border="1" id="bkmrk-pick-a-file-allows-y"><tbody><tr><td style="width: 157px;">**Pick a file**

</td><td style="width: 652px;">Allows you to pick a file to load. The file must have a specific configuration

</td></tr></tbody></table>

For the page

<table border="1" id="bkmrk-reset-values-allows-"><tbody><tr><td style="width: 157px;">**Reset values**

</td><td style="width: 652px;">Allows you to return to the default Soffid values.

</td></tr><tr><td style="width: 157px;">**Confirm changes**

</td><td style="width: 652px;">Allows you to apply the changes made.

</td></tr></tbody></table>

## Examples

### Top icon, left bar, icons page, and colors

[![image.png](https://bookstack.soffid.com/uploads/images/gallery/2025-09/scaled-1680-/ZfLFyo49aBwWhBVO-image.png)](https://bookstack.soffid.com/uploads/images/gallery/2025-09/ZfLFyo49aBwWhBVO-image.png)

### Login page with logo and colors

[![image.png](https://bookstack.soffid.com/uploads/images/gallery/2025-09/scaled-1680-/6WsyGdPUeSBDHPdI-image.png)](https://bookstack.soffid.com/uploads/images/gallery/2025-09/6WsyGdPUeSBDHPdI-image.png)

# Soffid parameters

## Definition

<p class="callout success">Soffid allows you to customize the configuration of some attributes of the Console, Syncserver, connectors and add-ons.</p>

There are several types of parameters.

- Informative parameters, such as the versions of internal components of Soffid.
- Parameters used as attributes in Soffid screens, such as the values of the look &amp; feel fields.
- There are also parameters that can be modified, such as some configuration data for the synchronization server.
- There are new attributes that can be included to expand the functionality of Soffid, such as mail server data.

<p class="callout info">If you want to know the Soffid console version check the **component.iam-core.version** parameter.</p>

## Screen overview

[![image.png](https://bookstack.soffid.com/uploads/images/gallery/2025-08/scaled-1680-/Ph3J9GdsPzTWShu0-image.png)](https://bookstack.soffid.com/uploads/images/gallery/2025-08/Ph3J9GdsPzTWShu0-image.png)

[![image.png](https://bookstack.soffid.com/uploads/images/gallery/2025-08/scaled-1680-/dDoPDeNnwawdncNX-image.png)](https://bookstack.soffid.com/uploads/images/gallery/2025-08/dDoPDeNnwawdncNX-image.png)

## Standard attributes

- **Parameter**: code/name used to identify the parameter.
- **Value**: parameter value.
- **Network** (optional): network to which this parameter would be assigned.
- **Description** (optional): a brief description of the parameter.

## Actions

### Table actions

<table border="1" id="bkmrk-query-allows-to-sear-0" style="height: 132px; width: 96.4286%;"><tbody><tr style="height: 45px;"><td style="width: 19.6614%; height: 45px;">**Add new**

</td><td style="width: 80.3386%; height: 45px;">Allows you to add a new Soffid parameter. To add a new parameter it will be mandatory to fill in the required fields.

</td></tr><tr style="height: 29px;"><td style="width: 19.6614%; height: 29px;">**Delete parameter**

</td><td style="width: 80.3386%; height: 29px;">Allows you to delete one or more Soffid parameters by selecting one or more records and next clicking this button. To perform that action, Soffid will ask you for confirmation, you could confirm or cancel the operation.

</td></tr><tr><td style="width: 19.6614%; height: 29px;">**Download CSV file**

</td><td style="width: 80.3386%; height: 29px;">Allows you to download a csv file with the basic information of all Soffid parameters.

</td></tr><tr style="height: 29px;"><td style="width: 19.6614%; height: 29px;">**Import**

</td><td style="width: 80.3386%; height: 29px;">Allows you to upload a CSV file with the parameter list to add, update or delete parameters to Soffid.

First, you need to pick up a CSV file, that CSV has to contain a specific configuration. Then you need to check the content to be loaded, it is allowed to choose if you want or not to load a specific attribute. And finally, you need to select the mappings for each column of the CSV file to import the data correctly and to click the Import button.

To delete a parameter, the values of the parameter have to be empty

```
"Parameter","Network","Value","Description"
"addon.backup.test","","",""
```

</td></tr></tbody></table>

### Detail actions

<table border="1" id="bkmrk-apply-changes-allow-" style="border-collapse: collapse; border-width: 1px; width: 96.3095%;"><tbody><tr><td style="width: 27.4734%;">**Apply changes (disk button)**

</td><td style="width: 72.5266%;">Allows you to save the data of a new parameter or to update the data of a specific parameter. To save the data it will be mandatory to fill in the required fields.

</td></tr><tr><td style="width: 27.4734%;">**Delete parameter**

</td><td style="width: 72.5266%;">Allows you to delete a specific Soffid parameter. To delete a parameter you can click on the "three points" icon and then click the delete parameter button.

Soffid will ask you for confirmation to perform that action, you could confirm or cancel the operation.

</td></tr><tr><td style="width: 27.4734%;">**Undo**

</td><td style="width: 72.5266%;">Allows you to quit without applying any changes.

</td></tr><tr><td style="width: 27.4734%;">**Apply changes**

</td><td style="width: 72.5266%;">Allows you to save the data of a new parameter or to update the data of a specific parameter. Once you apply changes, the plugin details page will be closed.

</td></tr></tbody></table>

## List of parameters sorted by functionality

### Console

<table border="1" class="wrapped confluenceTable tablesorter tablesorter-default" id="bkmrk-parameter-descriptio" role="grid" style="height: 1578.94px; border-collapse: collapse; width: 96.5476%;"><colgroup><col style="width: 28.0238%;"></col><col style="width: 71.9762%;"></col></colgroup><thead><tr class="tablesorter-headerRow" role="row" style="height: 29.7969px;"><th aria-disabled="false" aria-label="Parameter: Ascending sort applied, activate to apply a descending sort" aria-sort="ascending" class="confluenceTh tablesorter-header sortableHeader tablesorter-headerAsc" data-column="0" role="columnheader" scope="col" style="height: 29.7969px; width: 221px;" tabindex="0"><div>**Parameter**</div></th><th aria-disabled="false" aria-label="Description: No sort applied, activate to apply an ascending sort" aria-sort="none" class="confluenceTh tablesorter-header sortableHeader tablesorter-headerUnSorted" data-column="1" role="columnheader" scope="col" style="height: 29.7969px; width: 588px;" tabindex="0"><div>**Description**</div></th></tr></thead><tbody aria-live="polite" aria-relevant="all"><tr role="row" style="height: 46.5938px;"><td class="confluenceTd" style="height: 46.5938px; width: 221px;">soffid.auth.system

</td><td class="confluenceTd" style="height: 46.5938px; width: 588px;">Select the managed system where the account name will be searched on the user login. Defaults to soffid.

</td></tr><tr role="row" style="height: 46.5938px;"><td class="confluenceTd" style="height: 46.5938px; width: 221px;">soffid.auth.trustedLogin

</td><td class="confluenceTd" style="height: 46.5938px; width: 588px;">Set to true to enable the Soffid console to validate passwords on trusted systems. Setting it to false, the password will be validated against internal tables only.

</td></tr><tr role="row" style="height: 29.7969px;"><td class="confluenceTd" style="height: 29.7969px; width: 221px;">soffid.delegation.disable

</td><td class="confluenceTd" style="height: 29.7969px; width: 588px;">Set to true to prevent users to delegate permissions from self service page.

</td></tr><tr role="row" style="height: 143.375px;"><td class="confluenceTd" style="height: 143.375px; width: 221px;">soffid.entitlement.group.holder

</td><td class="confluenceTd" style="height: 143.375px; width: 588px;">Set to **optional** enables the operator to set a group as the group holder for any entitlement assignment.

Set to **always** enforce that any entitlement assignment must be bound to a holder group.

Set to **none** to disable this feature.

<p class="callout info">This parameter affects to [role holder](https://bookstack.soffid.com/link/62#bkmrk-%C2%A0-1)</p>

</td></tr><tr role="row" style="height: 29.7969px;"><td class="confluenceTd" style="height: 29.7969px; width: 221px;">soffid.language

</td><td class="confluenceTd" style="height: 29.7969px; width: 588px;">Enforce user interface language.

</td></tr><tr role="row" style="height: 29.7969px;"><td class="confluenceTd" style="height: 29.7969px; width: 221px;">soffid.language.default

</td><td class="confluenceTd" style="height: 29.7969px; width: 588px;">Default user interface language (en).

</td></tr><tr role="row" style="height: 46.5938px;"><td class="confluenceTd" style="height: 46.5938px; width: 221px;">soffid.network.internet

</td><td class="confluenceTd" style="height: 46.5938px; width: 588px;">Sets the name for a generic subnet that will hold any host not included on any listed network.

</td></tr><tr style="height: 318.469px;"><td style="width: 221px; height: 318.469px;">soffid.proxy.trustedIps

</td><td style="width: 588px; height: 318.469px;">Set the IP address of any reverse proxy in front of Soffid servers.  
When an incoming request is made from any of these trusted IP addresses, the X-Forwarded-for header is taken as the real source IP of the request. In any other case, the X-Forwarded-for header is ignored.

This parameter can take a list of IP addresses, separated by commas, like the following ones:

- 127.0.0.1
- 192.168.120.1, 192.168.120.2

To allow a range of network IPS, one can use the wildcard(\*) symbol, as in the following example:

- 127.0.0.1, 192.168.120.\*

Starting with Soffid console 3.3.0, the network-address/bits notation is allowed, as in the following example:

- 127.0.0.1, 192.168.120.128/25

</td></tr><tr role="row" style="height: 46.5938px;"><td class="confluenceTd" style="height: 46.5938px; width: 221px;">soffid.propagate.timeout

</td><td class="confluenceTd" style="height: 46.5938px; width: 588px;">Timeout in seconds to retry the password validation needed to propagate a managed system notified password change (requires syncserver 1.5.4).

</td></tr><tr role="row" style="height: 29.7969px;"><td class="confluenceTd" style="height: 29.7969px; width: 221px;">soffid.server.sharedThreads

</td><td class="confluenceTd" style="height: 29.7969px; width: 588px;">Number of shared dispatcher threads per synchronization servers (by default 1)

</td></tr><tr role="row" style="height: 46.5938px;"><td class="confluenceTd" style="height: 46.5938px; width: 221px;">soffid.syslog.server

</td><td class="confluenceTd" style="height: 46.5938px; width: 588px;">Hostname or IP address of server hosts SIEM. The SIEM will receive audit information using the syslog protocol.

</td></tr><tr role="row" style="height: 63.3906px;"><td class="confluenceTd" style="height: 63.3906px; width: 221px;">soffid.task.limit

</td><td class="confluenceTd" style="height: 63.3906px; width: 588px;">The maximum number of tasks allowed per transaction. If a simple or complex transaction generates more tasks than specified, these tasks will be kept on hold. Administrators can release them through the monitoring page. (version 2.0+)

</td></tr><tr role="row" style="height: 29.7969px;"><td class="confluenceTd" style="height: 29.7969px; width: 221px;">soffid.ui.docPath

</td><td class="confluenceTd" style="height: 29.7969px; width: 588px;">The path where to store report and workflow documents.

</td></tr><tr role="row" style="height: 29.7969px;"><td class="confluenceTd" style="height: 29.7969px; width: 221px;">soffid.ui.docServer

</td><td class="confluenceTd" style="height: 29.7969px; width: 588px;">URL where is the server to store the files.

</td></tr><tr role="row" style="height: 29.7969px;"><td class="confluenceTd" style="height: 29.7969px; width: 221px;">soffid.ui.docStrategy

</td><td class="confluenceTd" style="height: 29.7969px; width: 588px;">Class responsible for managing report and workflow documents.

</td></tr><tr role="row" style="height: 29.7969px;"><td class="confluenceTd" style="height: 29.7969px; width: 221px;">soffid.ui.docTempPath

</td><td class="confluenceTd" style="height: 29.7969px; width: 588px;">The path where to store temporary files

</td></tr><tr role="row" style="height: 29.7969px;"><td class="confluenceTd" style="height: 29.7969px; width: 221px;">soffid.ui.docUsername

</td><td class="confluenceTd" style="height: 29.7969px; width: 588px;">Username of the doc server.

</td></tr><tr role="row" style="height: 29.7969px;"><td class="confluenceTd" style="height: 29.7969px; width: 221px;">soffid.ui.docUserPassword

</td><td class="confluenceTd" style="height: 29.7969px; width: 588px;">The password of the doc server.

</td></tr><tr role="row" style="height: 46.5938px;"><td class="confluenceTd" style="height: 46.5938px; width: 221px;">soffid.ui.maxrows

</td><td class="confluenceTd" style="height: 46.5938px; width: 588px;">The maximum number of rows to display in searches. The default value is 200 but you can change it.

</td></tr><tr role="row" style="height: 29.7969px;"><td class="confluenceTd" style="height: 29.7969px; width: 221px;">soffid.ui.timeout

</td><td class="confluenceTd" style="height: 29.7969px; width: 588px;">Max time (in milliseconds) a query can take to complete (version 2.0 +).

</td></tr><tr role="row" style="height: 46.5938px;"><td class="confluenceTd" style="height: 46.5938px; width: 221px;">soffid.ui.wildcarts

</td><td class="confluenceTd" style="height: 46.5938px; width: 588px;">Setting the auto value enables the user interface to add wildcards on user queries. Setting it to off disables this feature.

</td></tr><tr style="height: 29.7969px;"><td style="width: 221px; height: 29.7969px;">soffid.externalURL

</td><td style="width: 588px; height: 29.7969px;">External URL to access to Soffid console.

</td></tr><tr style="height: 46.5938px;"><td style="width: 221px; height: 46.5938px;">soffid.kerberos.agent

</td><td style="width: 588px; height: 46.5938px;">The name of the Windows server agent so that any incoming Kerberos packets will be authenticated against that domain.

</td></tr><tr style="height: 63.3906px;"><td style="width: 221px; height: 63.3906px;">soffid.pam.search.recordings.timeout

</td><td style="width: 588px; height: 63.3906px;">Timeout reached in the query, use the parameter to specify a longer timeout in milliseconds. By default, if you don't config this parameter is 60000 milliseconds.

(version 3.5.18+)

</td></tr><tr style="height: 173.609px;"><td style="width: 221px; height: 173.609px;">soffid.nameformat

</td><td style="width: 588px; height: 173.609px;">Parameter to configure how to display the users full name. Where:

- %1$s is the first name.
- %2$s is the middle name.
- %3$s is the last name

For instance:

```
%2$s %3$s, %1$s  
```

</td></tr><tr style="height: 10px;"><td style="width: 221px; height: 10px;">soffid.issue.next

</td><td style="width: 588px; height: 10px;">Allows you to initialize the parameter to indicate what will be the ID of the next issue.

1 will be the default value.

</td></tr><tr style="height: 46.5938px;"><td style="width: 221px; height: 46.5938px;">soffid.upload.maxsize

</td><td style="width: 588px; height: 46.5938px;">Allows you to set a maximum value in bytes for uploading files to Soffid.  
If this parameter is not configured, the value will be 100000000 bytes (100Mb).

</td></tr></tbody></table>

### Syncserver

<div id="bkmrk-parameter-descriptio-0"><table border="1" class="wrapped confluenceTable tablesorter tablesorter-default" role="grid" style="height: 297.547px; border-collapse: collapse; width: 96.4286%;"><colgroup><col style="width: 27.0667%;"></col><col style="width: 72.9195%;"></col></colgroup><thead><tr class="tablesorter-headerRow" role="row" style="height: 29.7969px;"><th aria-disabled="false" aria-label="Parameter: No sort applied, activate to apply an ascending sort" aria-sort="none" class="confluenceTh tablesorter-header sortableHeader tablesorter-headerUnSorted" data-column="0" role="columnheader" scope="col" style="width: 219px; height: 29.7969px;" tabindex="0"><div>**Parameter**</div></th><th aria-disabled="false" aria-label="Description: No sort applied, activate to apply an ascending sort" aria-sort="none" class="confluenceTh tablesorter-header sortableHeader tablesorter-headerUnSorted" data-column="1" role="columnheader" scope="col" style="width: 590px; height: 29.7969px;" tabindex="0"><div>**Description**</div></th></tr></thead><tbody aria-live="polite" aria-relevant="all"><tr role="row" style="height: 63.3906px;"><td class="confluenceTd" style="width: 219px; height: 63.3906px;">SSOServer</td><td class="confluenceTd" style="width: 590px; height: 63.3906px;">This parameter indicates which server acts on the workstations that run SSO. This parameter can have different values for any subnet. So you can define ESSO servers allowed for any subnet.</td></tr><tr role="row" style="height: 46.5938px;"><td class="confluenceTd" style="width: 219px; height: 46.5938px;">seycon.https.port</td><td class="confluenceTd" style="width: 590px; height: 46.5938px;">Port where synchronization server connects to. This parameter is used by ESSO clients to connect to synchronization servers.</td></tr><tr role="row" style="height: 85.7812px;"><td class="confluenceTd" style="width: 219px; height: 85.7812px;">seycon.server.list </td><td class="confluenceTd" style="width: 590px; height: 85.7812px;">Shows where Syncserver and SyncServer backup is installed. When installing the first server synchronization, this parameter is automatically updated. If you want to install a synchronization server backup you must update this parameter manually. Note that proxy synchronization servers are not on this list. See the [Soffid installation guide.](https://bookstack.soffid.com/books/installation/page/getting-started "Getting started")</td></tr><tr style="height: 71.9844px;"><td style="width: 219px; height: 71.9844px;">soffid.sync.engine.threads</td><td style="width: 590px; height: 71.9844px;">This parameter allows you to configure the number of threads available to run the tasks. If you do not fill this parameter, Soffid will run 1 thread for every 50 systems, but never more than twice the number of CPUs of the server. The value of the parameter must be equal or greater than 1. (Available in Sync Server version 3.5.15+)

</td></tr></tbody></table>

</div>### Mail server

<table border="1" class="wrapped confluenceTable tablesorter tablesorter-default" id="bkmrk-parameter-descriptio-1" role="grid" style="height: 254.016px; border-collapse: collapse; width: 97.0238%;"><colgroup><col style="width: 26.7485%;"></col><col style="width: 73.1288%;"></col></colgroup><thead><tr class="tablesorter-headerRow" role="row" style="height: 35.4375px;"><th aria-disabled="false" aria-label="Parameter: No sort applied, activate to apply an ascending sort" aria-sort="none" class="confluenceTh tablesorter-header sortableHeader tablesorter-headerUnSorted" data-column="0" role="columnheader" scope="col" style="width: 218px; height: 35.4375px;" tabindex="0">**Parameter**

</th><th aria-disabled="false" aria-label="Description: No sort applied, activate to apply an ascending sort" aria-sort="none" class="confluenceTh tablesorter-header sortableHeader tablesorter-headerUnSorted" data-column="1" role="columnheader" scope="col" style="width: 596px; height: 35.4375px;" tabindex="0">**Description**

</th></tr></thead><tbody aria-live="polite" aria-relevant="all"><tr role="row" style="height: 10px;"><td class="confluenceTd" style="width: 218px; height: 10px;">mail.host

</td><td class="confluenceTd" style="width: 596px; height: 10px;">Host to send electronic mail messages.

</td></tr><tr role="row" style="height: 29.7969px;"><td class="confluenceTd" style="width: 218px; height: 29.7969px;">mail.from

</td><td class="confluenceTd" style="width: 596px; height: 29.7969px;">Recipient address that will be set as the email sender.

</td></tr><tr role="row" style="height: 29.7969px;"><td class="confluenceTd" style="width: 218px; height: 29.7969px;">mail.transport.protocol

</td><td class="confluenceTd" style="width: 596px; height: 29.7969px;">Set to SMTPS to get secure mail. Default value "SMTP" to use plain SMTP protocol.

</td></tr><tr role="row" style="height: 29.7969px;"><td class="confluenceTd" style="width: 218px; height: 29.7969px;">mail.auth

</td><td class="confluenceTd" style="width: 596px; height: 29.7969px;">Set to true if your mail server requires user authentication.

</td></tr><tr role="row" style="height: 29.7969px;"><td class="confluenceTd" style="width: 218px; height: 29.7969px;">mail.user

</td><td class="confluenceTd" style="width: 596px; height: 29.7969px;">Set your email user name if your mail server requires user authentication.

</td></tr><tr role="row" style="height: 29.7969px;"><td class="confluenceTd" style="width: 218px; height: 29.7969px;">mail.password

</td><td class="confluenceTd" style="width: 596px; height: 29.7969px;">Set your email password if your mail server requires user authentication.

</td></tr><tr style="height: 29.7969px;"><td style="width: 218px; height: 29.7969px;">mail.port

</td><td style="width: 596px; height: 29.7969px;">25 by default, with this parameter a new port can be set.

</td></tr><tr style="height: 29.7969px;"><td style="width: 218px; height: 29.7969px;">mail.smtp.sasl.enable

</td><td style="width: 596px; height: 29.7969px;">Set to true to enable SASL.

</td></tr></tbody></table>

### Job notifications

<div id="bkmrk-parameter-descriptio-2"><table border="1" class="wrapped confluenceTable tablesorter tablesorter-default" role="grid" style="border-collapse: collapse;"><colgroup><col></col><col></col></colgroup><thead><tr class="tablesorter-headerRow" role="row"><th aria-disabled="false" aria-label="Parameter: No sort applied, activate to apply an ascending sort" aria-sort="none" class="confluenceTh tablesorter-header sortableHeader tablesorter-headerUnSorted" data-column="0" role="columnheader" scope="col" style="width: 215px;" tabindex="0">**Parameter**

</th><th aria-disabled="false" aria-label="Description: No sort applied, activate to apply an ascending sort" aria-sort="none" class="confluenceTh tablesorter-header sortableHeader tablesorter-headerUnSorted" data-column="1" role="columnheader" scope="col" style="width: 597px;" tabindex="0">**Description**

</th></tr></thead><tbody aria-live="polite" aria-relevant="all"><tr role="row"><td class="confluenceTd" colspan="1" style="width: 215px;">soffid.scheduler.error.notify

</td><td class="confluenceTd" colspan="1" style="width: 597px;">Users to notify when a scheduled task fails.

</td></tr><tr role="row"><td class="confluenceTd" colspan="1" style="width: 215px;">soffid.bpm.error.notify

</td><td class="confluenceTd" colspan="1" style="width: 597px;">Users to notify when a BPM task fails.

</td></tr><tr role="row"><td class="confluenceTd" colspan="1" style="width: 215px;">soffid.bpm.error.retry

</td><td class="confluenceTd" colspan="1" style="width: 597px;">Set to true to always retry any failed BPM task.

</td></tr></tbody></table>

</div>### Syncserver provisioning

<div id="bkmrk-parameter-descriptio-3"><table class="wrapped confluenceTable tablesorter tablesorter-default" role="grid" style="height: 82.7969px; width: 96.4286%;"><colgroup><col style="width: 26.1728%;"></col><col style="width: 73.7037%;"></col></colgroup><thead><tr class="tablesorter-headerRow" role="row" style="height: 29.7969px;"><th aria-disabled="false" aria-label="Parameter: No sort applied, activate to apply an ascending sort" aria-sort="none" class="confluenceTh tablesorter-header sortableHeader tablesorter-headerUnSorted" data-column="0" role="columnheader" scope="col" style="width: 212px; height: 29.7969px;" tabindex="0"><div>**Parameter**</div></th><th aria-disabled="false" aria-label="Description: No sort applied, activate to apply an ascending sort" aria-sort="none" class="confluenceTh tablesorter-header sortableHeader tablesorter-headerUnSorted" data-column="1" role="columnheader" scope="col" style="width: 597px; height: 29.7969px;" tabindex="0"><div>**Description**</div></th></tr></thead><tbody aria-live="polite" aria-relevant="all"><tr role="row" style="height: 53px;"><td class="confluenceTd" colspan="1" style="width: 212px; height: 53px;">soffid.server.register</td><td class="confluenceTd" colspan="1" style="width: 597px; height: 53px;">Set to ***direct*** value to bypass standard workflow needed for a syncserver to join the syncservers security network. Otherwise, the standard approval workflow will be required(Since syncserver 2.6.0). You also can set it to ***no-direct***

</td></tr></tbody></table>

</div>### Addon federation

<table class="wrapped confluenceTable tablesorter tablesorter-default" id="bkmrk-parameter-descriptio-4" role="grid" style="height: 81.7969px; width: 96.4286%;"><colgroup><col style="width: 26.1728%;"></col><col style="width: 73.7037%;"></col></colgroup><thead><tr class="tablesorter-headerRow" role="row" style="height: 29.7969px;"><th aria-disabled="false" aria-label="Parameter: No sort applied, activate to apply an ascending sort" aria-sort="none" class="confluenceTh tablesorter-header sortableHeader tablesorter-headerUnSorted" data-column="0" role="columnheader" scope="col" style="width: 212px; height: 29.7969px;" tabindex="0"><div>**Parameter**</div></th><th aria-disabled="false" aria-label="Description: No sort applied, activate to apply an ascending sort" aria-sort="none" class="confluenceTh tablesorter-header sortableHeader tablesorter-headerUnSorted" data-column="1" role="columnheader" scope="col" style="width: 597px; height: 29.7969px;" tabindex="0"><div>**Description**</div></th></tr></thead><tbody aria-live="polite" aria-relevant="all"><tr role="row" style="height: 52px;"><td class="confluenceTd" colspan="1" style="width: 212px; height: 52px;">addon.federation.essoidp</td><td class="confluenceTd" colspan="1" style="width: 597px; height: 52px;">Set the Identity Provider identifier to indicate that this will be the authentication provider.

For more information, you can visit [the How to add to ESSO a second factor of authentication page](https://bookstack.soffid.com/books/esso/page/how-to-add-to-esso-a-second-factor-of-authentication).

</td></tr></tbody></table>

### Identity Self Service and emails

<table class="wrapped confluenceTable tablesorter tablesorter-default" id="bkmrk-parameter-descriptio-5" role="grid" style="height: 81.7969px; width: 96.4286%;"><colgroup><col style="width: 26.1728%;"></col><col style="width: 73.7037%;"></col></colgroup><thead><tr class="tablesorter-headerRow" role="row" style="height: 29.7969px;"><th aria-disabled="false" aria-label="Parameter: No sort applied, activate to apply an ascending sort" aria-sort="none" class="confluenceTh tablesorter-header sortableHeader tablesorter-headerUnSorted" data-column="0" role="columnheader" scope="col" style="width: 212px; height: 29.7969px;" tabindex="0"><div>**Parameter**</div></th><th aria-disabled="false" aria-label="Description: No sort applied, activate to apply an ascending sort" aria-sort="none" class="confluenceTh tablesorter-header sortableHeader tablesorter-headerUnSorted" data-column="1" role="columnheader" scope="col" style="width: 597px; height: 29.7969px;" tabindex="0"><div>**Description**</div></th></tr></thead><tbody aria-live="polite" aria-relevant="all"><tr role="row" style="height: 52px;"><td class="confluenceTd" colspan="1" style="width: 212px; height: 52px;">AutoSSOURL</td><td class="confluenceTd" colspan="1" style="width: 597px; height: 52px;">This parameter is used to retrieve the URL that the end user of Identiry Self Service will see.

It is used in various Soffid modules:  
\- When the soffid.externalURL parameter has not been specified  
\- In the reports add-on for emails

</td></tr></tbody></table>

## Exclude menu options

To exclude default menu options for all users of the Soffid console, the following steps can be followed

<span style="color: #a6d100; font-weight: bold; font-size: 18px;">1. </span>To exclude some menu options from your Soffid console, you must edit the **system.properties** file of this console. You can find this file in the following path: **/opt/soffid/iam-console-3/conf/**

<span style="color: #a6d100; font-weight: bold; font-size: 18px;">2. </span>Add the **soffid.menu.hidden** parameter to the **system.properties** file. The value of this parameter can be the menu options name that you can find in the [console.yaml](https://bookstack.soffid.com/attachments/63) file.

[![image-1685525691139.png](https://bookstack.soffid.com/uploads/images/gallery/2023-05/scaled-1680-/image-1685525691139.png)](https://bookstack.soffid.com/uploads/images/gallery/2023-05/image-1685525691139.png)

<span style="color: #a6d100; font-weight: bold; font-size: 18px;">3. </span>Restart the Soffid console.

# User types

## Description

<p class="callout success">User type is the way to categorize users and allows configuring different password policies. Those policies can be more or less restrictive depending on the user's risk. For instance, internal users (automatically created) are different from external ones.</p>

Therefore, this field is very useful for the following cases:

- Sort or list the users on the user's page or in the reports
- Apply different password policies
- Apply restrictions on the synchronization of Soffid to the target systems
- Ease configuration in automatic rules or custom scripts

<p class="callout warning">Be in mind that a user always must belong to a User Type.</p>

## Screen overview

[![image.png](https://bookstack.soffid.com/uploads/images/gallery/2025-08/scaled-1680-/c5xqBfF4ioeslLUk-image.png)](https://bookstack.soffid.com/uploads/images/gallery/2025-08/c5xqBfF4ioeslLUk-image.png)

[![image.png](https://bookstack.soffid.com/uploads/images/gallery/2025-08/scaled-1680-/DAlKgP3WMBFpq4l7-image.png)](https://bookstack.soffid.com/uploads/images/gallery/2025-08/DAlKgP3WMBFpq4l7-image.png)

## Related objects

- [Users](https://bookstack.soffid.com/books/adv/page/users): each user must be assigned a user type.
- [Accounts](https://bookstack.soffid.com/books/adv/page/accounts "Accounts"): the shared or privileged accounts also require having selected a user type to associate it with a password policy
- [Agents](https://bookstack.soffid.com/books/adv/page/agents): for agents not based on "Manual account creation", you must select the user types that can be synchronised.

## Standard attributes

- **Short name**: internal code used to identify the user type.
- **Description**: brief description of the user type.
- **Managed**: (yes|no) if not managed, users belonging to this category will not be propagated to final systems. You must use it when you are developing a PoC.

## Actions

#### User type table

<table border="1" id="bkmrk-add-new-allows-you-t" style="border-collapse: collapse; width: 100%; height: 118.807px;"><colgroup><col style="width: 19.8161%;"></col><col style="width: 80.2923%;"></col></colgroup><tbody><tr style="height: 29.7017px;"><td style="height: 29.7017px;">**Add new**</td><td style="height: 29.7017px;">Allows you to create a new User type. To add a new User type it will be mandatory to fill in the required fields</td></tr><tr style="height: 29.7017px;"><td style="height: 29.7017px;">**Delete user type**</td><td style="height: 29.7017px;">Allows you to remove one or more User type by selecting one or more records and next clicking this button. To perform that action, Soffid will ask you for confirmation, you could confirm or cancel the operation.</td></tr><tr style="height: 29.7017px;"><td style="height: 29.7017px;">**Download CSV file**</td><td style="height: 29.7017px;">Allows you to download a csv file with the basic information of all user types. </td></tr><tr style="height: 29.7017px;"><td style="height: 29.7017px;">**Import**</td><td style="height: 29.7017px;">Allows you to upload a CSV file with the User type list to add or update User types to Soffid.

First, you need to pick up a CSV file, that CSV has to contain a specific configuration. Then you need to check the content to be loaded, it is allowed to choose if you want or not to load a specific attribute. And finally, you need to select the mappings for each column of the CSV file to import the data correctly and to click the Import button.

</td></tr><tr><td>**View**</td><td>Allows you to show and hide columns in the table.

You can also set the order in which the columns will be displayed.

</td></tr></tbody></table>

#### User type detail

<table border="1" id="bkmrk-apply-changes-%28disk-" style="border-collapse: collapse; width: 100%; height: 202.827px;"><colgroup><col style="width: 19.9025%;"></col><col style="width: 80.0867%;"></col></colgroup><tbody><tr style="height: 46.5057px;"><td style="height: 46.5057px;">**Apply changes (disk button)**</td><td style="height: 46.5057px;">Allows you to save the data of a new User type or to update the data of a specific User type. To save the data it will be mandatory to fill in the required fields.</td></tr><tr style="height: 80.1136px;"><td style="height: 80.1136px;">**Delete**</td><td style="height: 80.1136px;">Allows you to delete the User type. To delete a host you can click on the hamburger icon and then click the delete button (trash icon).

Soffid will ask you for confirmation to perform that action, you could confirm or cancel the operation.

</td></tr><tr style="height: 29.7017px;"><td style="height: 29.7017px;">**Undo**</td><td style="height: 29.7017px;">Allows you to undo any changes made.</td></tr><tr style="height: 46.5057px;"><td style="height: 46.5057px;">**Apply changes (disk button)**</td><td style="height: 46.5057px;">Allows you to save the data of a new User type or to update the data of a specific User type. To save the data it will be mandatory to fill in the required fields. Once you apply changes, the details page will be closed.</td></tr></tbody></table>

<div id="bkmrk--0"></div>

# Group types

## Description

Companies are organized in different business units, departments or workgroups. In Soffid, they all are named as groups. These group can be categorized by a **group type**.

<p class="callout info">Group types can be used in the definition of Holder Groups. Some roles can be assigned to a user only through a group enabled for it. When a user no longer belongs to a group, it is not allow assign that role to the user.</p>

A user always belongs to a user type, but groups do not necessarily have to belong a group type.

## Screen overview

[![image.png](https://bookstack.soffid.com/uploads/images/gallery/2025-08/scaled-1680-/CiJ2XuI0mcSa8MkN-image.png)](https://bookstack.soffid.com/uploads/images/gallery/2025-08/CiJ2XuI0mcSa8MkN-image.png)

[![image.png](https://bookstack.soffid.com/uploads/images/gallery/2025-08/scaled-1680-/wgpJMT2619eTp7IA-image.png)](https://bookstack.soffid.com/uploads/images/gallery/2025-08/wgpJMT2619eTp7IA-image.png)

## Related objects

1. [Groups](https://bookstack.soffid.com/books/soffid-4-reference-guide/page/groups): the group type is an attribute of groups.
2. [Users](https://bookstack.soffid.com/books/soffid-4-reference-guide/page/users): users belong to a group or secondary group.
3. [Metadata](https://bookstack.soffid.com/books/soffid-4-reference-guide/page/metadata): to add atrributes for the holder group relation in the com.soffid.iam.iga.api.UserGroup object.

## Standard attributes

- **Name**: name (or code) of the organizational unit.
- **Description**: description of the organizational unit.
- **Role holder**: (yes|no), when this attribute is active (yes), all the groups of this type of organizational unit could be assigned to a user as a domain of a role.

## Actions

#### Group type table

<table id="bkmrk-query-allows-to-sear-0"><tbody><tr><td style="width: 170px;">**Add new**

</td><td style="width: 639px;">Allows you to create a new Group type. To add a new Group type it will be mandatory to fill in the required fields

</td></tr><tr><td style="width: 170px;">**Delete group type**

</td><td style="width: 639px;">Allows you to remove one or more Group types by selecting one or more records and next clicking this button. To perform that action, Soffid will ask you for confirmation, you could confirm or cancel the operation.

</td></tr><tr><td style="width: 170px; height: 29px;">**Download CSV file**

</td><td style="width: 639px; height: 29px;">Allows you to download a csv file with the basic information of all groups types.

</td></tr><tr><td style="width: 170px;">**Import**

</td><td style="width: 639px;">Allows you to upload a CSV file with the Group type list to add or update Group types to Soffid. First, you need to pick up a CSV file, that CSV has to contain a specific configuration. Then you need to check the content to be loaded, it is allowed to choose if you want or not to load a specific attribute. And finally, you need to select the mappings for each column of the CSV file to import the data correctly and to click the Import button.

</td></tr></tbody></table>

#### Group type detail

<table id="bkmrk-apply-changes-allow-"><tbody><tr><td style="width: 175px;">**Apply changes (disk button)**

</td><td style="width: 634px;">Allows you to save the data of a new Group type or to update the data of a specific Group type. To save the data it will be mandatory to fill in the required fields.

</td></tr><tr><td style="width: 175px;">**Delete group type**

</td><td style="width: 634px;">Allows you to delete the Group type. To delete a host you can click on the "three potins" icon and then click the delete group type button. Soffid will ask you for confirmation to perform that action, you could confirm or cancel the operation.

</td></tr><tr style="height: 35px;"><td style="width: 175px; height: 35px;">**Undo**

</td><td style="width: 634px; height: 35px;">Allows you to undo any changes made.

</td></tr><tr><td style="width: 175px;">**Apply changes**

</td><td style="width: 634px;">Allows you to save the data of a new Group type or to update the data of a specific Group type. To save the data it will be mandatory to fill in the required fields. Once you apply changes, the details page will be closed.

</td></tr></tbody></table>

## About role holder (and holder group)

In some organizations is necessary to assign roles that affect only a part of the structure, for instance, a department, a division or a country. A **Holder Group** can be defined as a collection of entities (referred to as "holders") that share similar characteristics, roles, permissions, or access requirements. The concept of a Holder Group simplifies the management of identities by enabling administrators to apply policies, assign roles, and manage permissions at the group level rather than individually.

The role holder is the role that requires to be assigned to a group, and the holder group is the group that can be assigned role permission.

To configure correctly this functionality you have to apply the next steps:

1. Create at least one organizational unit (Group Type) with the role holder attribute active (yes).
2. Assign groups to the organizational unit (with the attribute type of the group).
3. Also, you can include new custom attributes to this membership relation, go to Metadata page and select the GroupUser to add these attributes.
4. In the soffid parameters page, create a new parameter named **soffid.entitlement.group.holder**. It can have one of these three values: 
    1. Set to **optional** enables the operator to set a group as the group holder for any entitlement assignment.
    2. Set to **always** to enforce that any entitlement assignment must be bound to a holder group.
    3. Set to **none** to disable this feature

Now you can start to apply this configuration to the users:

- In the Users page, select a user.
- In the Groups tab, add a new group.
- In the Roles tab, add a new role and select the holder group in the optional scope.
- If the holder group column is hidden, you can add with the option Add or remove columns.

# Metadata

## Description

<p class="callout success">The Metadata functionality allows expanding the Soffid objects, their attributes, and their data types. Also, it allows expanding custom objects.</p>

<p class="callout info">By default, there is a list of **built-in objects**, but it is possible to create new **custom objects** and add new **custom attributes** to each of them.</p>

It is usual to add custom attributes in the User built-in object to hold additional information.

Each attribute has a **data type**, it may be a basic type as a String (simple text), integer value, date, or something more complex as a reference to a custom object, or a popup to select a manager. In this way, one can build relationships between objects.

### Built-in objects

The **built-in objects** are the objects that are part of the <u>Soffid core</u>. It can not be removed, but more custom attributes can be added.

The following objects are Soffid well-known objects that can be customized by means of this screen. All of them are tagged as **Built-in objects**.

- Account
- Group
- Host
- InformationSystem
- MailList
- ProcessInstance
- Role
- RoleAccount
- User
- UserGroup


### Custom objects

The **custom objects** are the objects created by the administrator to extend the Soffid underlying data model. All of them are marked as **Built-in type** **No**.

Each custom object type created by the administrator is displayed at the custom objects menu options.


## Screen overview

<iframe allowfullscreen="allowfullscreen" height="314" src="//www.youtube.com/embed/idXJ35DLuo4?rel=0&autoplay=0" width="560"></iframe>

[![image.png](https://bookstack.soffid.com/uploads/images/gallery/2025-08/scaled-1680-/i1NebwtoYPtkmCoN-image.png)](https://bookstack.soffid.com/uploads/images/gallery/2025-08/i1NebwtoYPtkmCoN-image.png)

[![image.png](https://bookstack.soffid.com/uploads/images/gallery/2025-09/scaled-1680-/0BQiLPoiftsCbGE1-image.png)](https://bookstack.soffid.com/uploads/images/gallery/2025-09/0BQiLPoiftsCbGE1-image.png)

## Related objects

- [Account](https://bookstack.soffid.com/books/soffid-4-reference-guide/page/accounts "Accounts") : account object
- [Group](https://bookstack.soffid.com/books/soffid-4-reference-guide/page/groups "Groups") : group object
- [Host](https://bookstack.soffid.com/books/soffid-4-reference-guide/page/hosts "Hosts") : host object
- [InformationSystem](https://bookstack.soffid.com/books/soffid-4-reference-guide/page/information-systems "InformationSystem") : informationSystem object
- [MailList](https://bookstack.soffid.com/books/soffid-4-reference-guide/page/mail-lists "MailList"): mailList object
- ProcessInstance : workflows: 
    - [My tasks](https://bookstack.soffid.com/books/soffid-4-reference-guide/page/my-tasks) : pending workflows where the user has to perform an action in order to continue their workflow.
    - [My requests](https://bookstack.soffid.com/books/soffid-4-reference-guide/page/my-requests) : the workflows that the user can initiate are listed here.
    - [My requests &gt; Query request status](https://bookstack.soffid.com/books/soffid-4-reference-guide/page/my-requests-query-request-status) : to search for all processes started by oneself.
    - [Process Search](https://bookstack.soffid.com/books/soffid-4-reference-guide/page/process-search) : to search for all processes.
- [Role](https://bookstack.soffid.com/books/soffid-4-reference-guide/page/roles "Role") : role object
- RoleAccount : this is the grant, the relation between [user](https://bookstack.soffid.com/books/soffid-4-reference-guide/page/users "user") and [role](https://bookstack.soffid.com/books/soffid-4-reference-guide/page/roles "role")
- [User](https://bookstack.soffid.com/books/soffid-4-reference-guide/page/users "User") : user object
- UserGroup : seconday [group](https://bookstack.soffid.com/books/soffid-4-reference-guide/page/groups "groups") relation in [user](https://bookstack.soffid.com/books/soffid-4-reference-guide/page/users "user") page

## Standard attributes

### Table attributes

- **Name:** name of the custom object. This field is mandatory.
- **Description**: a brief description of the custom object. This field is mandatory.
- **Built-in type**: yes when is a native object, no when it is a created custom object
- **Write access**: allows you to select the proper roles with permissions to write. This field is only displayed when the Public object value is No
- **Read access**: allows you to select the proper roles with permissions to read. This field is only displayed when the Public object value is No
- **Public object**: if you select the Yes option, the object will be visible to all the users with the proper permissions. If you select the No option, you must indicate what roles can Read and what roles can Write this object.
- **Use textual index**: allows you to check the Yes option if you want to use the Textual index for searching data in this object.

### Object attributes

- **Object type**: code/name to identify a built-in type or a custom object.
- **Description**: a brief description of the object.
- **Use textual index**: allows you to select the Yes option if you want to use the Textual index for searching data in this object.
- **Public object**: only for custom objects. If you select the Yes option, the object will be visible to all the users with the proper permissions (role with authorization). If you select the No option, you must indicate what roles can Read and what roles can Write this object.

<p class="callout info">For more information, you can visit [the Textual index page.](https://bookstack.soffid.com/books/soffid-3-reference-guide/chapter/textual-index)</p>

### Attribute attributes

- **Code**: short name used by scripts and connectors to access the underlying information. It is suggested to use short names without blanks or special characters to make it easier to use.
- **Label**: text displayed just beside the attribute value. It is advised to use short descriptions in order to keep the screen cleaner.

<p class="callout info">In Soffid 4, labels are now multilanguage. Once you have saved a new attribute, you can modify it by clicking on the language icon.</p>

<details id="bkmrk-image"><summary>Image</summary>

[![image.png](https://bookstack.soffid.com/uploads/images/gallery/2025-09/scaled-1680-/rJM2UsqNd4VEYkGo-image.png)](https://bookstack.soffid.com/uploads/images/gallery/2025-09/rJM2UsqNd4VEYkGo-image.png)

</details>- **Data type**: The attributes can have different data types 
    - <span style="text-decoration: underline;">Basics</span>
        - - String: a text
            - Number: a number
            - Password: a text that will be stored encrypted in the database. This field will never be displayed to the end user.
            - Binary: raw information, probably images or documents.
            - Boolean: true/fasle, it is displayed as a switch button
            - Photo: an image that is displayed as a small image.
            - Date: a date with a calendar popup.
            - <span style="color: rgb(0, 0, 0);">Date and time: a date and time with a calendar popup.</span>
            - E-mail: a text with email format. the mail domain must exist in Soffid to be saved.
            - <span style="color: rgb(0, 0, 0);">HTML: rich text.</span>
            - <span style="color: rgb(0, 0, 0);">Separator: a separator is a label to group attributes according to some criteria</span>
            - <span style="color: rgb(0, 0, 0);">SSO HTML input: used primarily for the web SSO engine includes an input field and a value.</span>
            - <span style="color: rgb(0, 0, 0);">Attachment: files starored as files</span>
    - <span style="text-decoration: underline;">Soffid objects</span>
        - - Account
            - User
            - Group
            - Group type
            - Role
            - Information System
            - Host
            - Network
            - User Type
            - Mail domain
            - Mail list
            - Operating system
            - Printer
            - Target system (agent)
    - <span style="text-decoration: underline;">Custom objects</span>: any other custom object created by the administrator.
- **Letter case**: different options for modifying the text once it has been entered 
    - Keep as entered by the user
    - Upper case letters
    - Lower case letters
- **User hint**: Text used to indicate to the user how the text should be entered.

<details id="bkmrk-image-1"><summary>Image</summary>

[![image.png](https://bookstack.soffid.com/uploads/images/gallery/2025-09/scaled-1680-/Jt8NqfW9YqfusVUQ-image.png)](https://bookstack.soffid.com/uploads/images/gallery/2025-09/Jt8NqfW9YqfusVUQ-image.png)

</details>- **Description**: text field to write a brief description of the attribute. In Soffid

<p class="callout info">In Soffid 4, you can now see it in the attribute by hovering over the round information icon.</p>

<details id="bkmrk-image-2"><summary>Image</summary>

[![image.png](https://bookstack.soffid.com/uploads/images/gallery/2025-09/scaled-1680-/P6LrEGTbtZ3SFWAn-image.png)](https://bookstack.soffid.com/uploads/images/gallery/2025-09/P6LrEGTbtZ3SFWAn-image.png)

</details>- **Required**: enabling this box will enforce the user to enter a value for this attribute at any object. Set no to allow objects without value. If you try to save without a value, an error message is displayed.

<details id="bkmrk-image-3"><summary>Image</summary>

[![image.png](https://bookstack.soffid.com/uploads/images/gallery/2025-09/scaled-1680-/HnVyPii1Zs2kZZ4Z-image.png)](https://bookstack.soffid.com/uploads/images/gallery/2025-09/HnVyPii1Zs2kZZ4Z-image.png)

</details>- **Include in quick search**: the system will find any object that contains all the words included in the text search at any of the most relevant attributes. For instance, a quick search of "John Joe" will find users named "Joe Johnson" or "Johnathan Joel" as the first and last marked to be included in the quick search. If you enable the quick search for any new attribute, the same query will find a user named "Joe Williams" whose new attribute value is "John".
- **Prevent duplicated values**: mark this field as a unique key for the object type. There is no chance of two objects with the same attribute value. Soffid smart engine will avoid the creation of duplicated objects.
- **Multiple values**: some attributes can contain multiple values for the same object. For instance, an attribute containing the languages a user can speak can be multi-valued, as a user can speak multiple languages.
- **Maximum number of rows to display**: when an attribute is multivalued, the screen size can grow a lot. To prevent such a big form, the system will only display a maximum number of values, and a scroll bar will appear to browse through the attribute values.
- **Size**: primarily for string attributes, specify the maximum length in characters of the attribute value.
- **Values**: primarily, for attributes of data type String, you can specify the allowed values for the attribute. Then, the text box to the data type String is replaced by a drop-down list. Also, you can define a "code:label" for the value, the "code" is used internally and the "label" is displayed in the drop-down list, e.g. "ESP:Spain".
- <span style="color: rgb(0, 0, 0);">**Administrator visibility**: sets the maximum visibility level for administrators. If the visibility level is set to read-only, the administrator will not be allowed to modify it. If the visibility is set to hidden, the administrator will not be able to query it. A user is considered as administrator when has the role SOFFID\_ADMIN.</span><span style="color: rgb(0, 0, 0);">This field is only used in the user object built-in attributes.</span>
- <span style="color: rgb(0, 0, 0);">**Operator visibility**: sets the maximum visibility level for operators. If the visibility level is set to read-only, the operator will not be allowed to modify it. If the visibility is set to hidden, the operator will not be able to query it. A user is considered as an operator when has permission to open the users management page but lacks the role SOFFID\_ADMIN.</span><span style="color: rgb(0, 0, 0);">This field is only used in the user object built-in attributes.</span>
- <span style="color: rgb(0, 0, 0);">**User visibility**: sets the maximum visibility level for end-users. If the visibility level is set to read-only, the user will not be allowed to modify it. If the visibility is set to hidden, the user will not be able to query it. Mind that even an administrator is considered to be a user rather than an administrator or operator when accessing their own identity.</span><span style="color: rgb(0, 0, 0);">This field is only used in the user object built-in attributes.</span>
- **Visibility expression**: write an optional BeanShell expression to check if the field should be displayed or not. The expression should return true or false. The following variables are exposed to the expression: 
    - ownerObject: current object owning the attribute.
    - value: current attribute value.
    - requestContext: tip about the screen using the attribute.
    - inputField: the ZK input object (ZK Framework).
    - inputFields: a map to get access to any other ZK input object (ZK Framework).
    - serviceLocator: locator to use any Soffid engine microservice.

```Shell
// Sample to enable company name attribute only when the user is of type E (external)
return "E".equals(object{"userType"});
```

- **Validation expression**: write an optional BeanShell expression to check if the field value is acceptable or not. The expression should return true if the value is acceptable. If the expression returns false or any other object, a warning message will be displayed. When the expression returns a string value, the return value will be considered the warning message to present to the end-user. The following variables are exposed to the expression:
    
    
    - ownerObject: current object owning the attribute
    - value: current value to evaluate.
    - requestContext: tip about the screen using the attribute
    - inputField: the ZK input object (ZK Framework).
    - inputFields: a map to get access to any other ZK input object (ZK Framework).
    - serviceLocator: locator to use any Soffid engine microservice.

```shell
// Sample for checking birthDate is greater than 18 years old
c = java.util.Calendar.getInstance();
c.add(-18, c.YEAR);
if (birthDate == null || birthDate.before(c.getTime()) return true;
else return "Birth date should be before "+ new java.text.SimpleDateFormat().format(c.getTime());

```

- **onLoad trigger**: write an optional BeanShell expression that will be executed just after preparing the user interface. The script can modify in any way the inputField object before it is displayed, but cannot modify other input fields. The following variables are exposed to the expression:
    
    
    - ownerObject: current object owning the attribute
    - value: current value to evaluate.
    - requestContext: tip about the screen using the attribute
    - inputField: the ZK input object (ZK Framework).
    - inputFields: a map to get access to any other ZK input object (ZK Framework).
    - serviceLocator: locator to use any Soffid engine microservice.

```shell
// Sample to set contract number attribute to read only if the attribute company is empty
// Place as an on-load trigger in the contract number field
if (ownerObject.attributes.get("company") == null || ownerObject.attributes.get("company").trim().isEmpty())
  inputField.setReadonly(true);
else
  inputField.setReadonly(false);
```

- **onChange trigger**: write an optional BeanShell expression that will be executed just after the user has changed the object value. The script can modify in any way the inputField object or any other input fields. The following variables are exposed to the expression:
    
    
    - ownerObject: current object owning the attribute.
    - value: current value to evaluate.
    - requestContext: tip about the screen using the attribute.
    - inputField: the ZK input object (ZK Framework).
    - inputFields: a map to get access to any other ZK input object (ZK Framework).
    - serviceLocator: locator to use any Soffid engine microservice.

```shell
// Sample trigger to set contract number attribute to read only when the company attribute gets empty
// Place as an on-change trigger in the contract field
contractField = inputFields.get("contractNumber");
if (value == null || value.trim().isEmpty())
  contractField.setReadonly(true);
else
  contractField.setReadonly(false);
contractField.invalidate(); // Redraw contract number field

```

```shell
......
inputFields.get("contractNumber").getValue();
```

- <span style="color: rgb(0, 0, 0);">**You can add a SCIM expression**: exclusive for Soffid objects (users, groups, roles...). Write an optional SCIM query using the SCIM standard to filter valid results for a specific field.</span>

<p class="callout success">You can access to [SCIM Chapter](https://bookstack.soffid.com/books/soffid-3-reference-guide/chapter/scim "SCIM") for more information</p>

## Actions

#### Table actions

<table border="1" id="bkmrk-add-or-remove-column"><tbody><tr><td style="width: 191.818px;">**Add new**

</td><td style="width: 606.364px;">Allows you to add a new custom object in the system. To add a new custom object it is necessary to fill in the required fields. By default, it will have two mandatory attributes, name and description.

</td></tr><tr><td style="width: 191.818px;">**Delete metadata**

</td><td style="width: 606.364px;">Allows you to remove one or more custom objects by selecting one or more records and next clicking this button. To perform that action, Soffid will ask you for confirmation, you could confirm or cancel the operation.

</td></tr><tr><td style="width: 191.818px;">**Download CSV file**

</td><td style="width: 606.364px;">Allows you to download a CSV file with the basic information of all metadata.

</td></tr><tr><td>**View**

</td><td>Allows you to show and hide columns in the table.

You can also set the order in which the columns will be displayed.

</td></tr></tbody></table>

#### Metadata detail

<table border="1" id="bkmrk-delete-allows-to-rem" style="width: 98.3951%; height: 598.109px;"><tbody><tr style="height: 29.7969px;"><td style="width: 23.985%; height: 29.7969px;">**Refresh**

</td><td style="width: 76.0737%; height: 29.7969px;">Allows you to refresh all the metadata information.

</td></tr><tr style="height: 35.1875px;"><td style="width: 23.985%; height: 35.1875px;">**Download CSV file**

</td><td style="width: 76.0737%; height: 35.1875px;">Allows you to download a CSV file with the basic information of the metadata object.

</td></tr><tr style="height: 113.781px;"><td style="width: 23.985%; height: 113.781px;">**Import**

</td><td style="width: 76.0737%; height: 113.781px;">Allows you to upload a CSV file with the attribute metadata to add or update attribute metadata to Soffid.

First, you need to pick up a CSV file, that CSV has to contain a specific configuration. Then you need to check the content to be loaded, it is allowed to choose if you want or not to load a specific attribute. And finally, you need to select the mappings for each column of the CSV file to import the data correctly and click the Import button.

</td></tr><tr style="height: 80.1875px;"><td style="width: 23.985%; height: 80.1875px;">**Delete metadata**

</td><td style="width: 76.0737%; height: 80.1875px;">Allows you to delete the metadata object. To delete a metadata you can click on the "three points" icon and then click the delete metadata button.

Soffid will ask you for confirmation to perform that action, you could confirm or cancel the operation.

</td></tr><tr style="height: 63.3906px;"><td style="width: 23.985%; height: 63.3906px;">**Set to default**

</td><td style="width: 76.0737%; height: 63.3906px;">Only for built-in objects. Allows you to set the factory setting. Sometimes, usually after an upgrade, it is advisable to reset the built-in attributes of a built-in object. In that case, the properties of the attribute will be changed to the factory setting ones.

</td></tr><tr style="height: 29.7969px;"><td style="width: 23.985%; height: 29.7969px;">**Expand all**</td><td style="width: 76.0737%; height: 29.7969px;">Displays all the attributes of the different blocks.</td></tr><tr style="height: 29.7969px;"><td style="width: 23.985%; height: 29.7969px;">**Collapse all**</td><td style="width: 76.0737%; height: 29.7969px;">Hide all attributes of the different blocks.</td></tr><tr style="height: 29.7969px;"><td style="width: 23.985%; height: 29.7969px;">**"Types of views"**</td><td style="width: 76.0737%; height: 29.7969px;">Change the view type: Classic view, Modern view, Compact design.</td></tr><tr style="height: 46.5938px;"><td style="width: 23.985%; height: 46.5938px;">**Add new**

</td><td style="width: 76.0737%; height: 46.5938px;">Allows you to add a new attribute metadata.

</td></tr><tr style="height: 63.3906px;"><td style="width: 23.985%; height: 63.3906px;">**Delete**</td><td style="width: 76.0737%; height: 63.3906px;">Allows you to remove one or more attributes by selecting one or more records and next clicking this button. To perform that action, Soffid will ask you for confirmation, you could confirm or cancel the operation.</td></tr><tr style="height: 29.7969px;"><td style="width: 23.985%; height: 29.7969px;">**Undo**

</td><td style="width: 76.0737%; height: 29.7969px;">Allows you to quit without applying any changes made.

</td></tr><tr style="height: 46.5938px;"><td style="width: 23.985%; height: 46.5938px;">**Apply changes**

</td><td style="width: 76.0737%; height: 46.5938px;">Allows you to save the data of a new metadata object or to update the data of a specific metadata object. To save the data it will be mandatory to fill in the required fields.

</td></tr></tbody></table>

#### Metadata attributes detail

<table border="1" id="bkmrk-delete-allows-you-to" style="width: 94.881%; height: 209.969px;"><tbody><tr style="height: 44.1875px;"><td style="width: 23.995%; height: 44.1875px;">**Delete**

</td><td style="width: 76.005%; height: 44.1875px;">Allows you to delete the metadata object. Soffid will ask you for confirmation to perform that action, you could confirm or cancel the operation.

</td></tr><tr style="height: 29.7969px;"><td style="width: 23.995%; height: 29.7969px;">**Expand all**</td><td style="width: 76.005%; height: 29.7969px;">Displays all the attributes of the different blocks.</td></tr><tr style="height: 29.7969px;"><td style="width: 23.995%; height: 29.7969px;">**Collapse all**</td><td style="width: 76.005%; height: 29.7969px;">Hide all attributes of the different blocks.</td></tr><tr style="height: 29.7969px;"><td style="width: 23.995%; height: 29.7969px;">**"Types of views"**</td><td style="width: 76.005%; height: 29.7969px;">Change the view type: Classic view, Modern view, Compact design.</td></tr><tr style="height: 29.7969px;"><td style="width: 23.995%; height: 29.7969px;">**Undo**

</td><td style="width: 76.005%; height: 29.7969px;">Allows you to quit without applying any changes made.

</td></tr><tr style="height: 46.5938px;"><td style="width: 23.995%; height: 46.5938px;">**Apply changes**

</td><td style="width: 76.005%; height: 46.5938px;">Allows you to save the data of a new metadata object or to update the data of a specific metadata object. To save the data it will be mandatory to fill in the required fields.

</td></tr></tbody></table>

# Network intelligence

## Description

Two extended Soffid features are activated on this page.

### Network intelliegence

<p class="callout success">On the one hand, we have **Network intelligence**, which enables the possibility of validating that accounts and passwords have not been compromised in the end systems with which Soffid is integrated.</p>

Once this feature is activated, you will be able to use two new functionalities: on the one hand, more detailed **geolocation** information about the IP address used to access Soffid, and on the other hand, **external validation of your account and password** to confirm that this data has not been compromised in any previously published security breach.

To activate password validation, you must enable it in the password policies.

- Check breached password

Four new issues will also appear that can be configured:

- breached-account-password
- breached-email
- breached-password
- expired-breached-password

A new process has been created to plan for the validation of email domains.

- <div id="bkmrk-network-intelligence-1"><div id="bkmrk-network-intelligence-2"><span id="bkmrk-network-intelligence-3">Network intelligence verify domains</span></div></div><div class="form" id="bkmrk-"><div class="form compact-view" id="bkmrk--1"></div></div>

And algo

### AI in Soffid

<p class="callout success">On the other hand, we have the **Chat-bot**, which enables our AI to be consulted both on its specific screen and in all components that allow scripts to be written.</p>

Once this feature is activated, you will be able to access the **chat box** page to consult information about Soffid. You will also be able to use the **AI assistant** that appears in all script-type fields.

The token used can be obtained by you yourself by accessing the Gemini page for this purpose, see the [Request a token for the AI](https://bookstack.soffid.com/books/soffid-4-reference-guide/page/network-intelligence#bkmrk-request-a-token-for- "Request a token for the AI") point.

## Screen overview

[![image.png](https://bookstack.soffid.com/uploads/images/gallery/2025-09/scaled-1680-/wnikLSI1yUlNCHq1-image.png)](https://bookstack.soffid.com/uploads/images/gallery/2025-09/wnikLSI1yUlNCHq1-image.png)

## Related objects

- **Network intelligence**
    - [Password policies](https://bookstack.soffid.com/books/soffid-4-reference-guide/page/password-policies "Password policies") : to enable the validation accounts
    - [Issue policies](https://bookstack.soffid.com/books/soffid-4-reference-guide/page/issue-policies "Issue policies") : for the new issues type
    - [Scheduled tasks](https://bookstack.soffid.com/books/soffid-4-reference-guide/page/scheduled-tasks "Scheduled tasks") : a new process can be scheduled to check the current accounts and systems
    - [Users](https://bookstack.soffid.com/books/soffid-4-reference-guide/page/users "Users") : when changing a password.
    - [Accounts](https://bookstack.soffid.com/books/soffid-4-reference-guide/page/accounts "Accounts") : when changing a password.
- **Chat-bot**
    - [Soffid chat-bot](https://bookstack.soffid.com/books/soffid-4-reference-guide/page/soffid-chat-bot "Soffid chat-bot") : to chat with our AI.
    - [Custom scripts](https://bookstack.soffid.com/books/soffid-4-reference-guide/page/custom-scripts-addon-admin) : to use the AI.
    - All pages with script can use the AI to help you with the scripting:  
        
        - [Agents](https://bookstack.soffid.com/books/soffid-4-reference-guide/page/agents "Agents") : properties, mappings and triggers.
        - [Account naming rules](https://bookstack.soffid.com/books/soffid-4-reference-guide/page/account-naming-rules "Account naming rules") : Create account condition and script.
        - [Role assignment rules](https://bookstack.soffid.com/books/soffid-4-reference-guide/page/role-assignment-rules "Role assignment rules") : Expression.
        - [Password policies](https://bookstack.soffid.com/books/soffid-4-reference-guide/page/password-policies "Password policies") : Password validation script.
        - [PAM policies](https://bookstack.soffid.com/books/soffid-4-reference-guide/page/pam-policies "PAM policies") : Expression.
        - [BPM editor](https://bookstack.soffid.com/books/soffid-4-reference-guide/page/bpm-editor-addon-bpm "BPM editor (addon bpm)") : Scritps.
        - [Attribute definition](https://bookstack.soffid.com/books/soffid-4-reference-guide/page/attribute-definition-addon-federation "Attribute definition") : Value.
        - [Metadata](https://bookstack.soffid.com/books/soffid-4-reference-guide/page/metadata "Metadata") : attribute value scripts

## Standard attributes

- **Network Intelligence License**  
    
    - **Token** : token that enables this functionality. This token is provided by Soffid if your licence includes it.
- **Gemini token**  
    
    - **Token** : token that enables this functionality. You can generate this token yourself; we will explain how to do so later on.

## Actions

<table border="1" id="bkmrk-expand-all-displays-" style="border-collapse: collapse; width: 100%; height: 118.807px;"><colgroup><col style="width: 17.7573%;"></col><col style="width: 82.2319%;"></col></colgroup><tbody><tr style="height: 29.7017px;"><td style="height: 29.7017px;">**Expand all**</td><td style="height: 29.7017px;">Displays all the attributes of the different blocks.</td></tr><tr style="height: 29.7017px;"><td style="height: 29.7017px;">**Collapse all**</td><td style="height: 29.7017px;">Hide all attributes of the different blocks.</td></tr><tr style="height: 29.7017px;"><td style="height: 29.7017px;">**"Types of views"**</td><td style="height: 29.7017px;">Change the view type: Classic view, Modern view, Compact design.</td></tr><tr style="height: 29.7017px;"><td style="height: 29.7017px;">**Apply changes**</td><td style="height: 29.7017px;">Save the tokens in case they are valid.</td></tr></tbody></table>

## Others

### Token not allowed

The token for network intelligence is only saved if it is valid.

[![image.png](https://bookstack.soffid.com/uploads/images/gallery/2025-08/scaled-1680-/nY5pFA0EIyGE13LJ-image.png)](https://bookstack.soffid.com/uploads/images/gallery/2025-08/nY5pFA0EIyGE13LJ-image.png)

### Access without a token

When attempting to use this feature without having previously enabled it, the console displays the error: **No token configured. Please configure it on the network intelligence page**.

[![image.png](https://bookstack.soffid.com/uploads/images/gallery/2025-08/scaled-1680-/i5qlByMLHktBKR5E-image.png)](https://bookstack.soffid.com/uploads/images/gallery/2025-08/i5qlByMLHktBKR5E-image.png)

[![image.png](https://bookstack.soffid.com/uploads/images/gallery/2025-08/scaled-1680-/JMmT8PwQ8GbyzlmU-image.png)](https://bookstack.soffid.com/uploads/images/gallery/2025-08/JMmT8PwQ8GbyzlmU-image.png)

### Request a token for the AI

To use our AI functionality, you must request a token from the Gemini service. Here's how to do it.

Go to the next page: [https://ai.google.dev/gemini-api/docs/api-key](https://ai.google.dev/gemini-api/docs/api-key)

Go to "Google AI Studio".

Login with a Google account.

[![image.png](https://bookstack.soffid.com/uploads/images/gallery/2025-08/scaled-1680-/Je6TR4GCIJI8xxEw-image.png)](https://bookstack.soffid.com/uploads/images/gallery/2025-08/Je6TR4GCIJI8xxEw-image.png)

Select "Get API key".

[![image.png](https://bookstack.soffid.com/uploads/images/gallery/2025-08/scaled-1680-/ERIvoXJ5jjhHDsKP-image.png)](https://bookstack.soffid.com/uploads/images/gallery/2025-08/ERIvoXJ5jjhHDsKP-image.png)

"Accept".

[![image.png](https://bookstack.soffid.com/uploads/images/gallery/2025-08/scaled-1680-/4lQ7aH2biIBy2W9m-image.png)](https://bookstack.soffid.com/uploads/images/gallery/2025-08/4lQ7aH2biIBy2W9m-image.png)

Click on "Create API key" button.

[![image.png](https://bookstack.soffid.com/uploads/images/gallery/2025-08/scaled-1680-/ZJ8ZmKZWt0rBdsI3-image.png)](https://bookstack.soffid.com/uploads/images/gallery/2025-08/ZJ8ZmKZWt0rBdsI3-image.png)

Wait a few seconds.

[![image.png](https://bookstack.soffid.com/uploads/images/gallery/2025-08/scaled-1680-/SbLn2zrvpSF1gjmL-image.png)](https://bookstack.soffid.com/uploads/images/gallery/2025-08/SbLn2zrvpSF1gjmL-image.png)

You finally have your key to be used on Soffid.

[![image.png](https://bookstack.soffid.com/uploads/images/gallery/2025-08/scaled-1680-/KL8gvjtU7yoTbsNj-image.png)](https://bookstack.soffid.com/uploads/images/gallery/2025-08/KL8gvjtU7yoTbsNj-image.png)

# User backup configure & restore (backup addon)

## Description

<p class="callout success">On the **User backup configure &amp; restore page**, you could search, check and restore the user's snapshots.</p>

<p class="callout info">Also on this screen, you can also configure the frequency and number of backups to be performed.</p>

## Screen overview

[![image.png](https://bookstack.soffid.com/uploads/images/gallery/2025-12/scaled-1680-/p2GaFi2Z8k9colt2-image.png)](https://bookstack.soffid.com/uploads/images/gallery/2025-12/p2GaFi2Z8k9colt2-image.png)

## Related objects

- [Users](https://bookstack.soffid.com/books/adv/page/users): new Backups tab in the Users page, user object has backups
- [Groups](https://bookstack.soffid.com/books/soffid-4-reference-guide/page/groups "Groups"): user assignments to groups have backup
- [Accounts](https://bookstack.soffid.com/books/soffid-4-reference-guide/page/accounts "Accounts"): user's accounts have backup
- [Roles](https://bookstack.soffid.com/books/soffid-4-reference-guide/page/roles "Roles"): user's roles (grants) have backup
- [Mail lists](https://bookstack.soffid.com/books/soffid-4-reference-guide/page/mail-lists "Mail Lists"): user's mail lists have backup

## Standard attributes

- **User Name**: userName of a user
- **Valid since**: date and time when this backup started
- **Valid until**: if it is not the last backup, date and time when this backup finished
- **Download**: XML file with the user snapshot info.

## Actions

#### Table actions

<table border="1" id="bkmrk-add-or-remove-column" style="width: 100%; height: 338.722px;"><tbody><tr style="height: 35.4688px;"><td style="width: 18.7152%; height: 35.4688px;">**Query**

</td><td style="width: 81.298%; height: 35.4688px;">Allows you to query users through different search systems, [Basic and Advanced](https://bookstack.soffid.com/books/soffid-4-reference-guide/page/search-types "Search Types").

</td></tr><tr style="height: 142.014px;"><td style="width: 18.7152%; height: 142.014px;">**Restore**

</td><td style="width: 81.298%; height: 142.014px;">Allows you to restore one or more user's snapshots.

First of all, you need select one or more snapshots.

Second, you need to click the "Restore" button.

Then Soffid will run the restore process.

<details><summary>Image</summary>

[![image.png](https://bookstack.soffid.com/uploads/images/gallery/2025-12/scaled-1680-/ZkbLRnc7wkbrP4jM-image.png)](https://bookstack.soffid.com/uploads/images/gallery/2025-12/ZkbLRnc7wkbrP4jM-image.png)

[![image.png](https://bookstack.soffid.com/uploads/images/gallery/2025-12/scaled-1680-/NqLZL1YP83jdfjJn-image.png)](https://bookstack.soffid.com/uploads/images/gallery/2025-12/NqLZL1YP83jdfjJn-image.png)

</details></td></tr><tr style="height: 46.6667px;"><td style="width: 18.7152%; height: 46.6667px;">**Download CSV File**

</td><td style="width: 81.298%; height: 46.6667px;">Allows you to download a CSV file with the basic information of all backups, with the same columns as displayed in the table.

</td></tr><tr style="height: 21.2396px;"><td style="width: 18.7152%; height: 21.2396px;">**Configure backup**

</td><td style="width: 81.298%; height: 21.2396px;">Allows you to configure the backup parameters.

</td></tr><tr style="height: 46.6667px;"><td style="width: 18.7152%; height: 46.6667px;">**View**</td><td style="width: 81.298%; height: 46.6667px;">Allows you to show and hide columns in the table.

You can also set the order in which the columns will be displayed.

</td></tr><tr style="height: 46.6667px;"><td style="width: 18.7152%; height: 46.6667px;">**Download**

</td><td style="width: 81.298%; height: 46.6667px;">Allows you to download an XML file with the user. You only need to click on the download icon of one of the records and save the file on your computer.

</td></tr></tbody></table>

#### Configure backup button

With the "Configure backup" button, you can configure the frequency and number of backups. These are the available parameters:

- **Minimum delay between backups**: if the value is 1, when a backup is created, the system will not create a new backup until 1 day later, even if there has been more than one change during that period.
- <div class="label">**Number of backups to keep alive**: if the value is 10, when 10 backups are reached, the oldest backup will be deleted when the next one is created.</div><div class="container wrapped singlevalue" id="bkmrk--1"></div>
- <div class="label">**Enable entitlements history**: enable the history of roles assigned to users.</div>

<details id="bkmrk-image"><summary>Image</summary>

[![image.png](https://bookstack.soffid.com/uploads/images/gallery/2025-12/scaled-1680-/iGSB9seMdLvf60x0-image.png)](https://bookstack.soffid.com/uploads/images/gallery/2025-12/iGSB9seMdLvf60x0-image.png)

[![image.png](https://bookstack.soffid.com/uploads/images/gallery/2025-12/scaled-1680-/8tWdt1UczBxprb6P-image.png)](https://bookstack.soffid.com/uploads/images/gallery/2025-12/8tWdt1UczBxprb6P-image.png)

</details>## Others

#### Backup tab on user's page

On the users screen, when you select a user, this addon enables the **Backups tab**.

<details id="bkmrk-image-1"><summary>Image</summary>

[![image.png](https://bookstack.soffid.com/uploads/images/gallery/2025-12/scaled-1680-/GTTAgRzgcrwNMTny-image.png)](https://bookstack.soffid.com/uploads/images/gallery/2025-12/GTTAgRzgcrwNMTny-image.png)

</details>This tab displays the **user's backups**.

<details id="bkmrk-image-2"><summary>Image</summary>

[![image.png](https://bookstack.soffid.com/uploads/images/gallery/2025-12/scaled-1680-/yBLghnWKr7kceH2Q-image.png)](https://bookstack.soffid.com/uploads/images/gallery/2025-12/yBLghnWKr7kceH2Q-image.png)

</details>There are also several **buttons** with the rest of the items that can have backup.

<details id="bkmrk-image-3"><summary>Image</summary>

[![image.png](https://bookstack.soffid.com/uploads/images/gallery/2025-12/scaled-1680-/Cj1WEp9hnf5LVHn8-image.png)](https://bookstack.soffid.com/uploads/images/gallery/2025-12/Cj1WEp9hnf5LVHn8-image.png)

</details>These are the buttons:

- **Groups History**: user assignments to groups have backup
- **Accounts History**: user's accounts have backup
- **Roles History**: user's roles (grants) have backup
- **Mail lists History**: user's mail lists have backup

<details id="bkmrk-image-4"><summary>Image</summary>

[![image.png](https://bookstack.soffid.com/uploads/images/gallery/2025-12/scaled-1680-/iwumbrGuDGmb8x0I-image.png)](https://bookstack.soffid.com/uploads/images/gallery/2025-12/iwumbrGuDGmb8x0I-image.png)

[![image.png](https://bookstack.soffid.com/uploads/images/gallery/2025-12/scaled-1680-/CSUo0aFdpBlodoJs-image.png)](https://bookstack.soffid.com/uploads/images/gallery/2025-12/CSUo0aFdpBlodoJs-image.png)

[![image.png](https://bookstack.soffid.com/uploads/images/gallery/2025-12/scaled-1680-/blAsYnbIuKcd4h18-image.png)](https://bookstack.soffid.com/uploads/images/gallery/2025-12/blAsYnbIuKcd4h18-image.png)

[![image.png](https://bookstack.soffid.com/uploads/images/gallery/2025-12/scaled-1680-/Ui4y96dvOaSuBQ0U-image.png)](https://bookstack.soffid.com/uploads/images/gallery/2025-12/Ui4y96dvOaSuBQ0U-image.png)

</details>In any of the four options, when selecting an old record, the ‘**Restore**’ button will appear and this object can be restored to the user.

<details id="bkmrk-image-5"><summary>Image</summary>

[![image.png](https://bookstack.soffid.com/uploads/images/gallery/2025-12/scaled-1680-/2sxT0ez2wGNPXlb6-image.png)](https://bookstack.soffid.com/uploads/images/gallery/2025-12/2sxT0ez2wGNPXlb6-image.png)

</details>

# Export settings and objects (admin addon)

## Description

<p class="callout success">Soffid has the functionality that allows you to **export configuration**, Soffid objects, and objects from target systems in a ZIP file.</p>

Every object or configuration will be downloaded into the ZIP in a binary file. This ZIP file could be imported into another Soffid tenant to be used.

<p class="callout info">For more information, you can visit the [Import settings and objects](https://bookstack.soffid.com/books/soffid-4-reference-guide/page/import-settings-and-objects-admin-addon "Import settings and objects (admin addon)") page.</p>

Once you open the **Export settings and objects**, you must select the configuration, objects, and target system objects you want to export. Then you only need to click the **Generate export file** button to download the ZIP that will contain all the previous information selected.

<p class="callout warning">It is not allowed to export the basic configuration and configuration parameters of an agent for security reasons. You must create them manually and make sure you put the same names as in the source system if you are going to import accounts.</p>

## Screen overview

[![image.png](https://bookstack.soffid.com/uploads/images/gallery/2025-12/scaled-1680-/scQrXhae1WZlbrAH-image.png)](https://bookstack.soffid.com/uploads/images/gallery/2025-12/scQrXhae1WZlbrAH-image.png)

[![image.png](https://bookstack.soffid.com/uploads/images/gallery/2025-12/scaled-1680-/52y0fw1Jrc4Z40hV-image.png)](https://bookstack.soffid.com/uploads/images/gallery/2025-12/52y0fw1Jrc4Z40hV-image.png)

## Related objects

#### Configuration

- [Metadata](https://bookstack.soffid.com/books/soffid-4-reference-guide/page/metadata "Metadata")
- [Plugins](https://bookstack.soffid.com/books/soffid-4-reference-guide/page/license-and-plugin "License and plugin")
- [Business process definition](https://bookstack.soffid.com/books/soffid-4-reference-guide/page/business-process-definition "Business process definition")
- [Custom scripts](https://bookstack.soffid.com/books/soffid-4-reference-guide/page/custom-scripts-addon-admin "Custom scripts (addon admin)")
- [User types](https://bookstack.soffid.com/books/soffid-4-reference-guide/page/user-types "User types")
- [Group types](https://bookstack.soffid.com/books/soffid-4-reference-guide/page/group-types "Group types")
- [<span style="color: rgb(0, 0, 0);">Account naming rules</span>](https://bookstack.soffid.com/books/soffid-4-reference-guide/page/account-naming-rules "Account naming rules")
- [Password policies](https://bookstack.soffid.com/books/soffid-4-reference-guide/page/password-policies "Password policies")
- [Mail domains](https://bookstack.soffid.com/books/soffid-4-reference-guide/page/mail-domains "Mail Domains")
- [Authorizations](https://bookstack.soffid.com/books/soffid-4-reference-guide/page/authorizations "Authorizations")

#### Objects

- [Users](https://bookstack.soffid.com/books/soffid-4-reference-guide/page/users "Users")
- [Information systems](https://bookstack.soffid.com/books/soffid-4-reference-guide/page/information-systems "Information systems")
- [Groups](https://bookstack.soffid.com/books/soffid-4-reference-guide/page/groups "Groups")
- [Hosts](https://bookstack.soffid.com/books/soffid-4-reference-guide/page/hosts "Hosts")
- [Networks](https://bookstack.soffid.com/books/soffid-4-reference-guide/page/networks "Networks")
- [Mail lists](https://bookstack.soffid.com/books/soffid-4-reference-guide/page/mail-lists "Mail Lists")
- [Role assignment rules](https://bookstack.soffid.com/books/soffid-4-reference-guide/page/role-assignment-rules "Role assignment rules")
- [Segregation of duties](https://bookstack.soffid.com/books/soffid-4-reference-guide/page/segregation-of-duties "Segregation of Duties")
- [Application access tree](https://bookstack.soffid.com/books/soffid-4-reference-guide/page/application-access-tree "Application access tree")
- [Custom objects](https://bookstack.soffid.com/books/soffid-4-reference-guide/page/custom-objects "Custom objects") : the custom objects created on the Metadata page

#### Web SSO settings

- [Attributes](https://bookstack.soffid.com/books/federation/page/attribute-definition "Attribute definition")
- [Policies](https://bookstack.soffid.com/books/soffid-4-reference-guide/page/attribute-sharing-policies-addon-federation "Attribute sharing policies (addon federation)")

#### Target system objects

- [Systems](https://bookstack.soffid.com/books/soffid-4-reference-guide/page/agents "Agents")
- [Accounts](https://bookstack.soffid.com/books/soffid-4-reference-guide/page/accounts "Accounts")
- [Roles](https://bookstack.soffid.com/books/soffid-4-reference-guide/page/roles "Roles")
- [Granted permissions](https://bookstack.soffid.com/books/soffid-4-reference-guide/page/roles "Roles")
- [Attribute mappings](https://bookstack.soffid.com/books/soffid-4-reference-guide/page/agents "Agents")


## Actions

<table border="1" id="bkmrk-expand-all-displays-" style="border-collapse: collapse; width: 100%; height: 119.514px;"><colgroup><col style="width: 20.3052%;"></col><col style="width: 79.5909%;"></col></colgroup><tbody><tr style="height: 29.8785px;"><td style="height: 29.8785px;">**Expand all**</td><td style="height: 29.8785px;">Displays all the attributes of the different blocks.</td></tr><tr style="height: 29.8785px;"><td style="height: 29.8785px;">**Collapse all**</td><td style="height: 29.8785px;">Hide all attributes of the different blocks.</td></tr><tr style="height: 29.8785px;"><td style="height: 29.8785px;">**"Types of views"**</td><td style="height: 29.8785px;">Change the view type: Classic view, Modern view, Compact design.</td></tr><tr style="height: 29.8785px;"><td style="height: 29.8785px;">**Generate export file**</td><td style="height: 29.8785px;">By clicking this button, Soffid will generate a ZIP file with the objects and configuration that you have selected and will download it to your computer.</td></tr></tbody></table>

## Others

#### Exporting and importing

You can **export all the components** you are using in your Soffid implementation, so <span style="text-decoration: underline;">you can use them as a backup</span> in case something happens, <span style="text-decoration: underline;">or to generate a new test environment</span>.

Once the zip file has been generated, you can import it on the [Import settings and objects](https://bookstack.soffid.com/books/soffid-4-reference-guide/page/import-settings-and-objects-admin-addon "Import settings and objects (admin addon)") page, but do not worry about the exported objects. On the import screen itself, once the zip file has been uploaded, <span style="text-decoration: underline;">the screen will allow you to choose the objects you want to update</span> in your Soffid instance.

<div id="bkmrk--2"></div>

# Import settings and objects (admin addon)

## Description

<p class="callout success">Soffid has the functionality that allows you to **import configuration**, Soffid objects, and objects from target systems from a ZIP file.</p>

This ZIP file must be generated by the export action from another Soffid tenant.

<p class="callout info">For more information, you can visit the [Export settings and objects](https://bookstack.soffid.com/books/soffid-4-reference-guide/page/export-settings-and-objects-admin-addon "Export settings and objects (admin addon)") page.</p>

Once you **pick the file to import**, Soffid will display all the objects and configurations that you can load. You must select the proper objects and settings to import or enable the Load everything option. And finally, you must click the Proceed buttons to launch the import process. Once the process is finished, Soffid will display the result and allows you to download the log file.

<p class="callout warning">It is not allowed to import the basic configuration and configuration parameters of an agent for security reasons. You must create them manually and make sure you put the same names as in the source system if you are going to import accounts.</p>

## Screen overview

[![image.png](https://bookstack.soffid.com/uploads/images/gallery/2025-12/scaled-1680-/SkppodKgmSSTs14S-image.png)](https://bookstack.soffid.com/uploads/images/gallery/2025-12/SkppodKgmSSTs14S-image.png)

[![image.png](https://bookstack.soffid.com/uploads/images/gallery/2025-12/scaled-1680-/6obcjZdoEbNz6ZbI-image.png)](https://bookstack.soffid.com/uploads/images/gallery/2025-12/6obcjZdoEbNz6ZbI-image.png)

[![image.png](https://bookstack.soffid.com/uploads/images/gallery/2025-12/scaled-1680-/KhgglS0osEMdjUtQ-image.png)](https://bookstack.soffid.com/uploads/images/gallery/2025-12/KhgglS0osEMdjUtQ-image.png)

## Related objects

#### Configuration

- [Metadata](https://bookstack.soffid.com/books/soffid-4-reference-guide/page/metadata "Metadata")
- [Plugins](https://bookstack.soffid.com/books/soffid-4-reference-guide/page/license-and-plugin "License and plugin")
- [Business process definition](https://bookstack.soffid.com/books/soffid-4-reference-guide/page/business-process-definition "Business process definition")
- [Custom scripts](https://bookstack.soffid.com/books/soffid-4-reference-guide/page/custom-scripts-addon-admin "Custom scripts (addon admin)")
- [User types](https://bookstack.soffid.com/books/soffid-4-reference-guide/page/user-types "User types")
- [Group types](https://bookstack.soffid.com/books/soffid-4-reference-guide/page/group-types "Group types")
- [Account naming rules](https://bookstack.soffid.com/books/soffid-4-reference-guide/page/account-naming-rules "Account naming rules")
- [Password policies](https://bookstack.soffid.com/books/soffid-4-reference-guide/page/password-policies "Password policies")
- [Mail domains](https://bookstack.soffid.com/books/soffid-4-reference-guide/page/mail-domains "Mail Domains")
- [Authorizations](https://bookstack.soffid.com/books/soffid-4-reference-guide/page/authorizations "Authorizations")

#### Objects

- [Users](https://bookstack.soffid.com/books/soffid-4-reference-guide/page/users "Users")
- [Information systems](https://bookstack.soffid.com/books/soffid-4-reference-guide/page/information-systems "Information systems")
- [Groups](https://bookstack.soffid.com/books/soffid-4-reference-guide/page/groups "Groups")
- [Hosts](https://bookstack.soffid.com/books/soffid-4-reference-guide/page/hosts "Hosts")
- [Networks](https://bookstack.soffid.com/books/soffid-4-reference-guide/page/networks "Networks")
- [Mail lists](https://bookstack.soffid.com/books/soffid-4-reference-guide/page/mail-lists "Mail Lists")
- [Role assignment rules](https://bookstack.soffid.com/books/soffid-4-reference-guide/page/role-assignment-rules "Role assignment rules")
- [Segregation of duties](https://bookstack.soffid.com/books/soffid-4-reference-guide/page/segregation-of-duties "Segregation of Duties")
- [Application access tree](https://bookstack.soffid.com/books/soffid-4-reference-guide/page/application-access-tree "Application access tree")
- [Custom objects](https://bookstack.soffid.com/books/soffid-4-reference-guide/page/custom-objects "Custom objects") : the custom objects created on the Metadata page

#### Web SSO settings

- [Attributes](https://bookstack.soffid.com/books/federation/page/attribute-definition "Attribute definition")
- [Policies](https://bookstack.soffid.com/books/soffid-4-reference-guide/page/attribute-sharing-policies-addon-federation "Attribute sharing policies (addon federation)")

#### Target system objects

- [Systems](https://bookstack.soffid.com/books/soffid-4-reference-guide/page/agents "Agents")
- [Accounts](https://bookstack.soffid.com/books/soffid-4-reference-guide/page/accounts "Accounts")
- [Roles](https://bookstack.soffid.com/books/soffid-4-reference-guide/page/roles "Roles")
- [Granted permissions](https://bookstack.soffid.com/books/soffid-4-reference-guide/page/roles "Roles")
- [Attribute mappings](https://bookstack.soffid.com/books/soffid-4-reference-guide/page/agents "Agents")



## Actions

#### Pick up page

<table border="1" id="bkmrk-pick-a-file-select-t" style="border-collapse: collapse; width: 100%;"><colgroup><col style="width: 21.9719%;"></col><col style="width: 77.9242%;"></col></colgroup><tbody><tr><td>**Pick a file**</td><td>Select the backup's file</td></tr></tbody></table>

#### Configuration page

<table border="1" id="bkmrk-load-eveything-enabl" style="border-collapse: collapse; width: 100%;"><colgroup><col style="width: 21.9338%;"></col><col style="width: 78.0795%;"></col></colgroup><tbody><tr><td style="width: 184.976px; height: 29.8785px;">**Load eveything**</td><td style="width: 624px; height: 29.8785px;">Enable it if you want to load all the backup, disable it if you want to select the object to import</td></tr><tr><td style="width: 184.976px; height: 29.8785px;">**Remove objects not present in the export file**</td><td style="width: 624px; height: 29.8785px;">Remove the Soffid objects not present in the export file, enable it if you want the exact image of the source system, disable it if you want to keep the object that only exist in this Soffid instance</td></tr><tr><td style="width: 184.976px; height: 29.8785px;">**Back**</td><td style="width: 624px; height: 29.8785px;">Go back to "Pick a file"</td></tr><tr><td style="width: 184.976px; height: 29.8785px;">**Proceed**

</td><td style="width: 624px; height: 29.8785px;">Allows you to start the import process.</td></tr></tbody></table>

#### Results page

<table border="1" id="bkmrk-restart-go-back-to-t" style="border-collapse: collapse; width: 100%;"><colgroup><col style="width: 21.9338%;"></col><col style="width: 77.9603%;"></col></colgroup><tbody><tr><td style="width: 184.976px; height: 29.8785px;">**Restart**</td><td style="width: 624px; height: 29.8785px;">Go back to the configuration page</td></tr><tr><td style="width: 184.976px; height: 46.6667px;">**Download log**</td><td style="width: 624px; height: 46.6667px;">Allows you to download a log with the details of the importation</td></tr></tbody></table>