AdminUI Settings

AdminUI is configured using a set of variables that can be provided in various ways, these methods are described here.

AdminUI Settings Structure

Note: In AdminUI 4.2.0 and 5.1.0 onwards, the env.js file is no longer used for configuration and changes do not need to be made to this file. It can be removed if you choose.

Logging Settings

• AzureAppServiceLogging (Optional) Used for debugging the API - see the enable logging page for more details.
• LoggingMinimumLevel Defaults to info. Supported logging levels are
  1. debug
  2. info
  3. warning
  4. error
  5. critical
• LoggingOutputTemplate Defaults to [{Timestamp:dd-MM-yyyy HH:mm:ss} {Level}] {Message}{NewLine}{Exception}. For more infomation see the serilog docs.

Database Settings

• DbProvider Supported types and their values are:
  1. SqlServer
  2. MySql (Note: AdminUI requires the MySQL setting lower_case_table_names to be false)
  3. PostgreSql
• IdentityConnectionString The connection string for the Identity database (Users, Claim Types, Roles etc.)
• OpenIddictConnectionString The connection string for the OpenIddict server database (Applications, Scopes, Authorizations and Tokens)
• AuditRecordsConnectionString (Optional) The connection string for the Audit DbContext. Only needs configuring if you want to see and store audit records.
• DataProtectionConnectionString (Optional) The connection string for the DataProtectionKey DbContext. Only needs configuring if you are using a database to store protection keys.
• MigrationOptions (Optional) Defaults to None. Enables automatically running AdminUI migrations on starting up. There is more to know about migrations here.

AdminUI Configuration

• AuthorityUrl The OpenIddict server installation protecting AdminUI
• UiUrl The AdminUI website
• AdminUIClientId The AdminUI client ID, defaults to admin_ui
• AdminUICustomScopeName The AdminUI custom scope name, default value is admin_api
• AdminUIProfileCustomScopeName The AdminUI profile custom scope name, default value is admin_ui_profile
• AdminUIClientSecret The AdminUI client shared secret value in plain text
• WebhookClientId The Webhook client ID, defaults to admin_ui_webhooks
• WebhookClientSecret The Webhook client secret, defaults to a new GUID
• RequireHttpsMetadata When true ensures OpenIddict discovery endpoint uses TLS. Should be true for production
• LicenseKey A valid license key for AdminUI
• DisableBootstrap If true, bootstrapping will not run on app startup. More information about bootstrapping can be found here. Defaults to false.
• ServeUi If true, SPA will be served by AdminUI using packaged static files. Defaults to true.
• DisableUiHttpsCheck If true, warning logs when https is not in use are disabled. Defaults to false.
• PasswordPolicy
  • RequireDigit Defaults to true
  • RequireLowercase Defaults to true
  • RequireNonAlphanumeric Defaults to true
  • RequireUppercase Defaults to true
  • RequiredLength Defaults to 6
  • RequiredUniqueChars Defaults to 1
• UsernamePolicy
  • AllowedUserNameCharacters - Defaults to abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-._@+
  • RequireUniqueEmail Defaults to true
  • RequireEmail - Defaults to true
• ReferenceTokenOptions
  • UseReferenceTokens ...
  • Secret ...
• FeatureFlags
  • DefaultUserValidation Defaults to true. If set to false AdminUI will not prompt you to remove the default user if present.
  • AddUserPassword Defaults to false. If true, allows for setting a users password on creation (this is for demo purposes only, do not use in production), see more here
  • EnableEnforcerAuthorization Defaults to false. If set to true will use the Enforcer authorization engine for more fine grained access control.
  • EnableRoleClaims - Defaults to false. Allows management of role claim in AdminUI.
  • EnableConfigurationPersistence - Defaults to false. Allows persistence of Access Policy and Webhook settings. Read how to setup before configuring.
• CustomGrantTypes List of strings that will be suggested as part of the APIs
• SupportedLanguages List of strings of culture codes that will provide languages to be configured in some Scopes and Applications settings. Example for English, Spanish and French: ["en", "es", "fr"]
• CustomAccessPolicies List of AccessPolicyOption objects. Used to add access permissions to AdminUI. More detail.
  • AccessPolicyOption Single permission rule entry.
    • Type
    • Value
    • Permission Options are:
      1. None
      2. UserManagerReadOnly
      3. UserManager
      4. AuthorizationServerManagerReadOnly (OpenIddict Manager ReadOnly)
      5. AuthorizationServerManager (OpenIddict Manager)
      6. AllReadOnly
      7. All
• CustomClaimTypes List of ClaimTypes to add on top of the default ones in the UI. Each of these ClaimTypes have the following settings:
  • Id Required
  • Name Required
  • DisplayName
  • Description
  • IsRequired
  • ValueType Options are:
    1. String
    2. Int
    3. DateTime
    4. Boolean
    5. Enum
  • RegularExpressionValidationRule
  • RegularExpressionValidationFailureDescription
  • AllowedValues List of strings

Webhooks

• WebhookOptions Used to configure webhooks credentials and endpoints.
  • ClientId
  • ClientSecret
  • Webhooks Dictionary to configure the 4 webhooks AdminUI provides. Options are:
    • UserRegistration
    • PasswordReset
    • MfaReset
    • Each of these webhooks have the following settings:
      • Url
      • Scopes Single string of whitespace separated scopes list

Data Protection

• DataProtection Used for configuration of Cookie protection and persistence.
  • Persistence - The type of persistence can be FileSystem or Database, these require different setup as shown below
    • Type - FileSystem
    • Location - Location to persist keys
      OR
    • Type - Database
    • DbProvider Supported types and their values are:
      1. SqlServer
      2. MySql (Note: AdminUI requires the MySQL setting lower_case_table_names to be false)
      3. PostgreSql
  • Protection The certficate or keyvault that will protect the cookies. The two available types are KeyVault and Certifcate. A Certificate can be provided by location or by thumbprint.
    • Type - KeyVault
    • KeyIdentifier - The Azure KeyVault certificate identifier used for key encryption.
      Note: You also have to configure KeyVault access.
      OR
    • Type - Certificate (To protect with certificate you can provide either a thumbprint or a location)
    • CertificateType - Thumbprint
    • Thumbprint - The thumbprint of the certificate that is installed either for the user or the machine.
      OR
    • Type - Certificate (To protect with certificate you can provide either a thumbprint or a location)
    • CertificateType - File
    • Location - The location on disk of the certificate. We recommend using a PFX file as private key access is necessary.
    • Password (Optional) - The password for the certificate