Edit Store
Overview
Settings
General
| Attribute | Description |
|---|---|
| DisplayName | Name of store |
| Available Languages | Control which languages a user can select in their user profile setting |
| Default Language | Used for Translations logic etc |
| Default Time Zone | Used for profile |
| Default Culture | Used for Translations logic etc |
| Use new user interface | Use new user interface |
| Hide page headers | Hide the "Hej 'DisplayName'" text on frontpage |
User Authentication
This tab control which identity provider type and configuration for that provider.
Currently zervicepoint supports ADFS (Active Directory Federation Services) and AzureAD (Azure Active Directory).
What is an identity provider?
An identity provider (abbreviated IdP or IDP) is a system entity that creates, maintains, and manages identity information for principals while providing authentication services to relying applications within a federation or distributed network.
AzureAD
| Attribute | Description |
|---|---|
| Tenant Id | This is a GUID representing the id of the Azure AD tenant where your users authenticate from. You can find this value in Azure AD settings in the Azure portal. |
| Application Id | Used as realm when creating sign in requests to Azure AD. This is a GUID representing the id of the ZervicePoint Azure App. The id may differ between ZervicePoint instances. Ask your Zervicepoint contact. |
| Credential Identifier | This is the name of a credential in the Windows Credential Store that contains the client secret for the application. |
| WS-Federation Endpoint | For federation with Azure AD, typically set to https://login.microsoftonline.com/common/wsfed where "common" can be swapped for the specific tenant domain name or tenant id if you want to have the user logged in to that login screen instead. Both will work. |
| Metadta endpoint | For federation with Azure AD, specify either https://login.microsoftonline.com/<TenantDomainName>/FederationMetadata/2007-06/FederationMetadata.xml for a tenant-specific endpoint, or https://login.microsoftonline.com/common/FederationMetadata/2007-06/FederationMetadata.xml for a tenant-independant endpoint. |
| Update trusted issuer | Check this checkbox and save store to trigger an update of data signing certificates based on the federation metadata. |
| Trusted issuers to provide access to the store | List trusted code-signing thumbprints from identity provider |
ADFS
| Attribute | Description |
|---|---|
| WS-Federation Endpoint | For federation with ADFS, this is the issuer URL, typically https://sts.example.com/adfs/ls where sts.example.com is replaced by the fully qualified name of your ADFS server. |
| Metadata endpoint | This is the URL of the Azure federation metadata document used by Zervicepoint to automatically update the trusted issuers list. (i.e https://sts.example.com/FederationMetadata/2007-06/FederationMetadata.xml) |
| Update trusted issuer | Check this checkbox and save store to trigger an update of data signing certificates based on the federation metadata. |
| Trusted issuers to provide access to the store | List trusted code-signing thumbprints from identity provider |
Worker Authentication
This tab control the authentication for the ProvisioningSystem, ProvisioningSystemInventory and ClientWebService.
We recommend using the Key method for authentication instead of using ADFS.
Key
| Attribute | Description |
|---|---|
| Client web service url | Url of where the ClientWebService website can be reached. Any data source/webservice requests for the store will be sent to this site. |
| ProvisioningKey | List by whom the ProvisioningKey was generated and when. You can only read the key during generation of the key, if you misplace it you must generate a new one. You can also revoke a generated key as well. |
| Token signing certificate | ClientWebService requires token-signing certificates to prevent attackers from altering or counterfeiting data result from a data source/web service. |
| Data signing certificate | Certificate used for signing the data returned to the user web from the client web service |
Note
If you want external users to reach your ClientWebService website you will need to make the website accessible externaly. (Usually done via reverse proxy)
ADFS (Legacy)
| Attribute | Description |
|---|---|
| Client web service url | Url of where the ClientWebService website can be reached. Any data source/webservice requests for the store will be sent to this site. |
| Provisioning Account | Account used to authenticate with ADFS - The ProvisioningSystem and ProvisioningSystemInventory must run as this account. |
| Trusted issuers to provide access to the store | List trusted code-signing thumbprints from identity provider |
| Token signing certificate | ClientWebService requires token-signing certificates to prevent attackers from altering or counterfeiting data result from a data source/web service. |
| Data signing certificate | Certificate used for signing the data returned to the user web from the client web service |
Note
If you want external users to reach your ClientWebService website you will need to make the website accessible externaly. (Usually done via reverse proxy)
Api Autentication
Choose between ADFS or Key for accessing the ZP Management API.
Key
Generate a API User. This will grant the user access to the ApiStoreAdministrator role and as well generate a API key to use for authentication.
Check this link for more details.
ADFS
Settings for ADFS is configured in the User Authentication tab.
E-Mail Settings
| Attribute | Description |
|---|---|
| SMTP server | SMTP Server ProcessSystem will attempt to use for sending e-mail |
| Port | Port to use |
| Enable SSL | Checkbox if SSL should be used |
| Username | Username of account to authenticate with SMTP server |
| Password | Password of account |
| From address | Specify a from address that should be listed in outgoing emails |
Administrative Role
Configure the StoreAdministrator role.
See Roles for more details.
Theme
Upload a logo to use.