AdminUI Settings | AdminUI Documentation

AdminUI is configured using a set of variables that can be provided in various ways, these methods are described here, and if using the NuGet package there is an additional method of configuring AdminUI here.

AdminUI Settings Structure

Note: In AdminUI 4.2.0 and 5.1.0 onwards, the env.js file is no longer used for configuration and changes do not need to be made to this file. It can be removed if you choose.

Logging Settings

AzureAppServiceLogging (Optional) Used for debugging the API - see the enable logging page for more details.
LoggingMinimumLevel Defaults to info. Supported logging levels are
1. debug
2. info
3. warning
4. error
5. critical
LoggingOutputTemplate Defaults to [{Timestamp:dd-MM-yyyy HH:mm:ss} {Level}] {Message}{NewLine}{Exception}. For more infomation see the serilog docs.

Database Settings

DbProvider Supported types and their values are:
1. SqlServer
2. MySql (Note: AdminUI requires the MySQL setting lower_case_table_names to be false)
3. PostgreSql
IdentityConnectionString The connection string for the Identity database (Users, Claim Types, Roles etc.)
IdentityServerConnectionString The connection string for the IdentityServer database (Clients, Resources, Persited Grants etc.)
OperationalConnectionString (Optional) The connection string for the Persisted Grants DbContext. If not supplied, AdminUI will use the IdentityServerConnectionString
DataProtectionConnectionString (Optional) The connection string for the DataProtectionKey DbContext. If not supplied, AdminUI will use the IdentityServerConnectionString. Only needs configuring if you are using a database to store protection keys.
AuditRecordsConnectionString The database connection string for AdminUI audits, if missing will default to the IdentityServerConnectionString
StoredProcedureSchemaPrefix (Optional, only for SqlServer provider) Changes schema name for the stored procedures in SqlServer database providers.
OperationalStoreSchemaName (Optional) Changes schema name for the Operational Store. If you are planning to use this, read about custom database schema names.
ConfigurationStoreSchemaName (Optional) Changes schema name for the Configuration Store. If you are planning to use this, read about custom database schema names.
TimoutLengthInSeconds (Optional) Specifies the migration command timeout duration in seconds when running AdminUI migrations. It defaults to null, meaning the default setting for ConnectionTimeout is used.

AdminUI Configuration

AuthorityUrl The IdentityServer installation protecting AdminUI
UiUrl The AdminUI website
AdminUIClientId The AdminUI client ID, defaults to admin_ui
AdminUICustomScopeName The AdminUI custom scope name, default value is admin_api
AdminUIProfileCustomScopeName The AdminUI profile custom scope name, default value is admin_ui_profile
AdminUIClientSecret The AdminUI client shared secret value in plain text
WebhookClientId The Webhook client ID, defaults to admin_ui_webhooks
WebhookClientSecret The Webhook client secret, defaults to a new GUID
AdminUIJwtTypes Configures supported JWT types in AdminUI, possible values:
1. All (Default) Suppports both Bearer and DPoP tokens
2. Bearer Supports only Bearer tokens
3. DPoP Supports only DPoP tokens
AuditRecordsCulture Language used for generation of audit records, possible values:
1. en-GB (Default) English
2. de German
3. zh-TW Chinese (Traditional)
4. zh-CN Chinese (Simplified)
5. es Spanish
6. fr French
AuditReadActions Defaults to true. If false, no audit records will be generated for read actions (e.g when a user views resources though AdminUI)
RequireHttpsMetadata When true ensures IdentityServer discovery endpoint uses TLS. Should be true for production
PasswordResetEndpoint ...
RegistrationConfirmationEndpoint ...
ResetMFAEndpoint ...
LicenseKey A valid license key for AdminUI
DisableBootstrap If true, bootstrapping will not run on app startup. More information about bootstrapping can be found here. Defaults to false.
ServeUi If true, SPA will be served by AdminUI using packaged static files. Defaults to true.
DisableUiHttpsCheck If true, warning logs when https is not in use are disabled. Defaults to false.
PasswordPolicy
- RequireDigit Defaults to true
- RequireLowercase Defaults to true
- RequireNonAlphanumeric Defaults to true
- RequireUppercase Defaults to true
- RequiredLength Defaults to 6
- RequiredUniqueChars Defaults to 1
UsernamePolicy
- AllowedUserNameCharacters - Defaults to abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-._@+
- RequireUniqueEmail - Defaults to true
- RequireEmail - Defaults to true
ReferenceTokenOptions
- UseReferenceTokens ...
- Secret ...
FeatureFlags
- DefaultUserValidation - Defaults to true. If set to false AdminUI will not prompt you to remove the default user if present.
- AddUserPassword Defaults to false. If true, allows for setting a users password on creation (this is for demo purposes only, do not use in production), see more here
- EnableEnforcerAuthorization - Defaults to false. If set to true will use the Enforcer authorization engine for more fine grained access control. More info can be found in our 6.3 release article
- EnableSharedScopes - Defaults to false. If set to true AdminUI will allow scopes to be shared between protected resources.
- EnableSessionManagement - Defaults to true. Allows the management of the IdentityServer Duende session management feature. If set to false AdminUI will not show the SessionManagment tables when viewing or editing users.
- EnableDynamicAuthentication - Defaults to Disabled. Allows the management of Dynamic Authentication through AdminUI. Options are
  1. Disabled Dynamic Authentication is disabled.
  2. Duende Duende IdentityServer Dynamic Authentication is enabled.
  3. Rsk RSK Dynamic Authentication is enabled.
- EnableRoleClaims - Defaults to false. Allows management of role claim in AdminUI.

Data Protection

DataProtection Used for configuration of Cookie protection and persistence.
- Persistence - The type of persistence can be FileSystem or Database, these require different setup as shown below
  - Type - FileSystem
  - Location - Location to persist keys
    OR
  - Type - Database
  - DbProvider Supported types and their values are:
    1. SqlServer
    2. MySql (Note: AdminUI requires the MySQL setting lower_case_table_names to be false)
    3. PostgreSql
- Protection The certficate or keyvault that will protect the cookies. The two available types are KeyVault and Certifcate. A Certificate can be provided by location or by thumbprint.
  - Type - KeyVault
  - KeyIdentifier - The Azure KeyVault certificate identifier used for key encryption.
  - ClientId (not in new Settings Model, see) - The Application Client Id
  - Vault (not in new Settings Model, see) - The KeyVault public Uri
  - Secret (not in new Settings Model, see) - (Optional) The client secret to use for authentication. Optional valid only for Azure hosted scenarios
    OR
  - Type - Certificate (To protect with certificate you can provide either a thumbprint or a location)
  - CertificateType - Thumbprint
  - Thumbprint - The thumbprint of the certificate that is installed either for the user or the machine.
    OR
  - Type - Certificate (To protect with certificate you can provide either a thumbprint or a location)
  - CertificateType - File
  - Location - The location on disk of the certificate. We recommend using a PFX file as private key access is necessary.
  - Password (Optional) - The password for the certificate

TargetIdentityServer4 Flag `Deprecated from v7.0`

The TargetIdentityServer4 flag in the API Configuration is used to determine what version of IdentityServer you want your AdminUI to target. If you're working with an IdentityServer4 database, you'll want to set this flag to true. If you're working with a Duende IdentityServer database, you'll want to set this flag to false.

This configuration setting will change how AdminUI displays certain entities such as Protected Resources, as well as if it will display certain views.

This setting will also change what migrations will be run by the migration tool.