Edit Store

Overview

Settings

General

Attribute Description
DisplayName Name of store
Available Languages Control which languages a user can select in their user profile setting
Default Language Used for Translations logic etc
Default Time Zone Used for profile
Default Culture Used for Translations logic etc
Use new user interface Use new user interface
Hide page headers Hide the "Hej 'DisplayName'" text on frontpage

User Authentication

This tab control which identity provider type and configuration for that provider.

Currently zervicepoint supports ADFS (Active Directory Federation Services) and AzureAD (Azure Active Directory).

What is an identity provider?

An identity provider (abbreviated IdP or IDP) is a system entity that creates, maintains, and manages identity information for principals while providing authentication services to relying applications within a federation or distributed network.

https://en.wikipedia.org/wiki/Identity_provider

AzureAD

Attribute Description
Tenant Id This is a GUID representing the id of the Azure AD tenant where your users authenticate from. You can find this value in Azure AD settings in the Azure portal.
Application Id Used as realm when creating sign in requests to Azure AD. This is a GUID representing the id of the ZervicePoint Azure App. The id may differ between ZervicePoint instances. Ask your Zervicepoint contact.
Credential Identifier This is the name of a credential in the Windows Credential Store that contains the client secret for the application.
WS-Federation Endpoint For federation with Azure AD, typically set to https://login.microsoftonline.com/common/wsfed where "common" can be swapped for the specific tenant domain name or tenant id if you want to have the user logged in to that login screen instead. Both will work.
Metadta endpoint For federation with Azure AD, specify either https://login.microsoftonline.com/<TenantDomainName>/FederationMetadata/2007-06/FederationMetadata.xml for a tenant-specific endpoint, or https://login.microsoftonline.com/common/FederationMetadata/2007-06/FederationMetadata.xml for a tenant-independant endpoint.
Update trusted issuer Check this checkbox and save store to trigger an update of data signing certificates based on the federation metadata.
Trusted issuers to provide access to the store List trusted code-signing thumbprints from identity provider

ADFS

Attribute Description
WS-Federation Endpoint For federation with ADFS, this is the issuer URL, typically https://sts.example.com/adfs/ls where sts.example.com is replaced by the fully qualified name of your ADFS server.
Metadata endpoint This is the URL of the Azure federation metadata document used by Zervicepoint to automatically update the trusted issuers list. (i.e https://sts.example.com/FederationMetadata/2007-06/FederationMetadata.xml)
Update trusted issuer Check this checkbox and save store to trigger an update of data signing certificates based on the federation metadata.
Trusted issuers to provide access to the store List trusted code-signing thumbprints from identity provider

Worker Authentication

This tab control the authentication for the ProvisioningSystem, ProvisioningSystemInventory and ClientWebService.

We recommend using the Key method for authentication instead of using ADFS.

Key

Attribute Description
Client web service url Url of where the ClientWebService website can be reached. Any data source/webservice requests for the store will be sent to this site.
ProvisioningKey List by whom the ProvisioningKey was generated and when. You can only read the key during generation of the key, if you misplace it you must generate a new one. You can also revoke a generated key as well.
Token signing certificate ClientWebService requires token-signing certificates to prevent attackers from altering or counterfeiting data result from a data source/web service.
Data signing certificate Certificate used for signing the data returned to the user web from the client web service

Note

If you want external users to reach your ClientWebService website you will need to make the website accessible externaly. (Usually done via reverse proxy)

ADFS (Legacy)

Attribute Description
Client web service url Url of where the ClientWebService website can be reached. Any data source/webservice requests for the store will be sent to this site.
Provisioning Account Account used to authenticate with ADFS - The ProvisioningSystem and ProvisioningSystemInventory must run as this account.
Trusted issuers to provide access to the store List trusted code-signing thumbprints from identity provider
Token signing certificate ClientWebService requires token-signing certificates to prevent attackers from altering or counterfeiting data result from a data source/web service.
Data signing certificate Certificate used for signing the data returned to the user web from the client web service

Note

If you want external users to reach your ClientWebService website you will need to make the website accessible externaly. (Usually done via reverse proxy)

Api Autentication

Choose between ADFS or Key for accessing the ZP Management API.

Key

Generate a API User. This will grant the user access to the ApiStoreAdministrator role and as well generate a API key to use for authentication.

Check this link for more details.

ADFS

Settings for ADFS is configured in the User Authentication tab.

E-Mail Settings

Attribute Description
SMTP server SMTP Server ProcessSystem will attempt to use for sending e-mail
Port Port to use
Enable SSL Checkbox if SSL should be used
Username Username of account to authenticate with SMTP server
Password Password of account
From address Specify a from address that should be listed in outgoing emails

Administrative Role

Configure the StoreAdministrator role.

See Roles for more details.

Theme

Upload a logo to use.