API clients control site-specific behavior and data collection when users interact with the Registration UI or OAuth API operations through the flow configuration layer. Default Settings will be applied to all API clients unless overridden at the API client level. Settings can be managed through the Console or using the client and settings operations.

Below is a list of settings available for use with the Registration experience. Additional settings may also be created for use within custom email templates; see Modify transactional emails or more info.

backplane_bus

The name of the backplane bus. For Backplane versions 1.* only.

backplane_password

The Backplane client password. For Backplane versions 1.* only.

backplane_server

The Backplane server your application will be publishing to. For Backplane versions 1.* only.

backplane_username

The Backplane client username. For Backplane versions 1.* only.

backplane_version

The Backplane protocol version you should use. Values available are: v1.0, v1.1, v1.2. For Backplane versions 1.* only.

capture_server_url

The URL of the server hosting the Registration application. The Capture server is typically located in the janraincapture.com domain. For example:

capture\_server\_url = "test.us-dev.janraincapture.com"

ccp_edit_form

Default:  ccp_editProfileForm
Data type: string

Specifies the form used when editing a user profile in the Console. If the setting is not configured, Console will default to using the ccp_editProfileForm form, or if that does not exist then the editProfileForm form.

To change the form used for editing user profiles, add the ccp_edit_form setting and set the value to the new form name.

If you use an alternate form for editing user profiles in the Console, it’s recommended that you preface the form name with the string value ccp_ (e.g., ccp_custom_edit_form).

ccp_enable_email_send_buttons

Default: true
Data type: boolean

Specifies whether the Resend Verification and the Send Password buttons are visible when editing a user profile in the Console. By default, agents who have the appropriate agent roles will see these buttons any time they access a user profile:

If you click Resend Verification, you’ll send an email to the user asking him or her to verify their email address. If you click Send Password, you’ll email the user a link they can click if they need to reset their password.

However, these options work only if you are using ​Akamai​'s native email service or an ​Akamai​ email connector to send transactional emails. If you are not using ​Akamai​ to send transactional emails, they won’t actually send email address verification or password reset emails. In that case, you might want to hide the two buttons by setting ccp_enable_email_send_buttons to false.

Do that, and the two buttons will no longer be visible in the Console:

To re-enable the buttons, either delete the ccp_enable_email_send_buttons setting or set its value to true.

ccp_flow_locale

Default: en-US
Data type: string

Specifies the flow locale used for Console actions such as creating and editing user profiles and sending emails. By default, the locale is set to US English (en-US). However, you can change the locale by adding the ccp_flow_locale setting and assigning it the appropriate IETF language tag.

Note that the flow locale only affects certain actions within the Console: it does not localize or otherwise change the Console UI. Note, too that you will get unexpected results if you set ccp_flow_locale to a flow locale that does not exist. If you get unexpected results after changing the flow locale, delete the ccp_flow_locale setting. The Console will then use default flow locale.

ccp_flow_name

Default: standard
Datatype: string

Specifies the name of the flow used for Console actions such as creating and editing user profiles and sending emails. By default, the flow name is set to standard. However, you can change the name by adding the ccp_flow_name setting and assigning it the flow name.

You will get unexpected results if you set ccp_flow_name to a flow name that does not exist. If you get unexpected results after changing the flow name, delete the ccp_flow_name setting. The Console will then use the default flow name

ccp_flow_version

Default: HEAD
Data type: string

Specifies the version number of the flow used for Console actions such as creating and editing user profiles and sending emails. By default, the flow version is set to HEAD, which indicates that Console uses the latest version of the flow. However, you can cause Console to use a specific version of the flow by adding the ccp_flow_version setting and assigning it the version number.

You will get unexpected results if you set ccp_flow_version to a version number that does not exist. If you get unexpected results after changing the version number, delete the ccp_flow_version setting. The Console will the use the default HEAD flow version.

ccp_recover_password_form

Default: ccp_forgotPasswordForm
Data type: string

Specifies the form used when sending password reset emails from the Console. If this setting is not configured, Console will default to using the ccp_forgotPasswordForm form, or if that does not exist then the forgotPasswordForm form.

To change the form used for sending password reset emails, add the ccp_recover_password_form setting and set the value to the new form name.

If you use an alternate form for sending password reset emails, it’s recommended that you preface the form name with the string value ccp_ (e.g., ccp_custom_password_form).

ccp_registration_form

Default: ccp_registrationForm
Data type: string

Specifies the form used when creating user profiles in the Console. If the setting is not configured, Console will default to using the ccp_registrationForm form, or if that does not exist then the registrationForm form.

To change the form used for creating user profiles, add the ccp_registration_form setting and set the value to the new form name.

If you use an alternate form for creating user profiles, it’s recommended that you preface the form name with the string value ccp_ (e.g., ccp_custom_registration_form).

ccp_verify_email_form

Default: ccp_resendVerificationForm
Datatype: string

Specifies the form used when sending email verification emails from the Console. If this setting is not configured, Console will default to using the ccp_resendVerificationForm form, or if that does not exist then the resendVerificationForm form.

To change the form sending verification emails, add the ccp_verify_email_form setting and set the value to the new form name.

If you use an alternate form for sending verification emails, it’s recommended that you preface the form name with the string value ccp_ (e.g., ccp_custom_verify_email_form).

deactivation_deletion_delay

The number of days that must elapse before deactivated accounts can be deleted by the system. If the delay period has not expired, a new user will not be able to register by using a unique identifier (such as displayName) that is currently assigned to the deactivated account. Instead, the new user is prompted to choose a different identifier. If the delay period has expired, the deactivated account is deleted and the new user can use their preferred identifier.

Even if the delay period has expired, deactivated accounts are not automatically deleted. Instead, accounts remain in the system until a new user tries to register by using one of the account’s unique identifiers.

If you set the delay to 0, deactivated accounts are deleted the first time a user tries to register using one of the unique identifiers. If you do not configure a value for deactivation_deletion_delay, deactivated accounts will never be automatically deleted. Instead, these accounts can be removed by using the Entity API and calling entity.delete.

default_flow_locale

The fallback flow locale setting for Customer Care Portal if ccp_flow_locale is not set.

default_flow_name

The flow used with OAuth API operations if you do not set the flow parameter.

This is also the fallback flow name setting for Customer Care Portal if ccp_flow_name is not set.

default_flow_version

The flow used with OAuth API operations if you do not set the flow_version parameter.

This is also the fallback flow version setting for Customer Care Portal if ccp_flow_version is not set.

email_method

Required

Method for generating emails during the registration flow. If ​Akamai​ is managing your transactional emails this should always be set to ses_sync. If ​Akamai​ is not managing your emails this should always be set to firehose. See Customize transactional emails for more information.

email_sender_address

Default: noreply@janrain.com

This setting specifies the sender email address for transactional emails. If only an email address is included, for example, customer@example.com, the sender name will appear as “noreply”. A friendly sender name can be set for the email address using the format "Customer Name" <customer@example.com>.

See Customize transactional emails or more information on how to enable a new sender address with ​Akamai​'s email service.

{entity_type}_distinguisher_field

A single schema attribute that can be used to restrict agent access to certain records in the Console. For more information, see Restrict agent activity by profile type. For example:

user_distinguisher_field = primaryAddress.country

This setting may only be set at the Default Settings level; it is not supported as a setting per API client. This is an entity-type specific setting.

{entity_type}_distinguisher_field_values

A list of allowable values that may be selected to restrict agent access to certain records in the Console for the configured distinguisher field. For example:

user_distinguisher_field_values = ["AU", "CA", "DE", "FR", "IT", "ES", "UK"]

This setting may only be set at the Default Settings level; it is not supported as a setting per API client. This is an entity-type specific setting.

{entity_type}_search_allow_empty

Default: true
Datatype: boolean

When set to false search results are not automatically displayed any time you open the Manage Profiles page in the Console. Instead, you see a message similar to this:

To view user information, you’ll need to create and run a search query. Note that this setting also prevents you from leaving the query field blank, clicking Search, and then returning all of your user profiles.

To restore the default behavior (all your profiles are displayed any time you open the Manage Profiles page), set this value to true.

{entity_type}_search_display_fields

The list of schema attributes with friendly display names that will appear as search result columns in the Console. The order indicates the column ordering from left to right. For each column, you must include a JSON object with the schema attribute as the name and the column display name as the title. For example:

user_search_display_fields = [{"name": "givenName", "title": "First Name"}, {"name": "familyName", "title": "Last Name"}, {"name": "email", "title": "Email"}, {"name": "primaryAddress.phone", "title": "Phone"}, {"name": "birthday", "title": "Birthday"}, {"name": "created", "title": "Created"} ]

This setting may only be set at the Default Settings level; it is not supported as a setting per API client. This is an entity-type specific setting.

{entity_type}_search_query_fields

The list of schema attributes that may be searched against when using the basic search functionality in the Console. For more information, see User profile searches .

For example:

user_search_query_fields = ["displayName", "email"]

This setting may only be set at the Default Settings level; it is not supported as a setting per API client. This is an entity-type specific settings.

jump_publish_settings

When publishing client settings to the server, this specifies the default settings that will be published in the /settings/widget/publish API call. For example:

{"minimum_age": {"type": "natural"}, "legal_acceptance_URL_2": {"type": "string"}, "legal_acceptance_URL_1": {"type": "string"}}

login_attempts

Default: 6

The number of traditional login or password reset attempts a user can make in a given timespan (see login_attempts_threshold) before getting locked out. This feature is intended for preventing brute force login attacks, so the count includes both successful and failed login attempts.

login_attempts_threshold

Default: 60

The time in seconds before a user’s number of attempts (see login_attempts) counter resets to 0. The counter starts at the beginning of the threshold time period based on a sliding window rather than the exact time of the user’s last attempt.

native_scoped_access

Default: false
Data type: boolean

When using the OAuth APIs, setting this to true will restrict the response on a successful login or registration to the attributes defined in the userData object in the flow specified in the call.

password_recover_url

Required

The base URL used when generating a password reset link. For example, in the password reset email shown below, the base URL is http://customer-dev.janrain.com/widgets/d4771c3c6fae/?screenToRender=resetPasswordRequestCode: 

postLoginScreens

Required

If your flow has been configured to utilize post login screens this is a comma-separated list defining the order in which the screens should be evaluated. For example:

registrationUnderage,requirementsPostLogin,legalAcceptanceScreen

recover_code_lifetime

Default: 15 minutes (900 seconds)

Sets the duration, in seconds, that the password recover link is valid.

Note that this setting only affects the oauth/forgot_password_native API operation and Hosted Login.

redirect_uri_allow_list

Default: Not configured

Helps minimize the chances of an Identity Cloud redirect being hijacked. If you configure the redirect_uri_allow_list setting you can specify the domains that the janraincapture.com/widget/* endpoints can redirect users to. For example, if you have a custom domain you setting and values might look like this:

redirect_uri_allow_list = "example.com", "akamai.com"

Be sure and use only domain names in your allowlist, and be sure you separate individual domains by using commas. See Protect Capture redirects for more information.

If you use a janrain.com domain set the allowlist value to an empty string:

redirect_uri_allow_list = ""

rpx_app_id

Required

The unique identifier of your Social Login application. This can be found in the settings page of your Social Login dashboard.

rpx_custom_realm

The realm of your Social Login application if you are using a custom subdomain. This is the fully-qualified domain name aliased to an ​Akamai​ endpoint. See Change your application domain for more information. If you are using a standard Identity Cloud domain, see rpx_realm.

rpx_key

Required

The API key (secret) of your Social Login application. This can be found on the Manage Application page in the Console.

rpx_realm

Required

The realm of your Social Login application if you are using a standard Identity Cloud domain; you can find this value on the Manage Application page in the Console. This is identifiable as the subdomain to rpxnow.com in your application domain. If you are using a custom subdomain, see the entry for rpx_custom_realm.

rpx_server

Default: https://rpxnow.com

The server URL of the Social Login application. It should always be set to https://rpxnow.com. You can verify this by looking on the Manage Application page in the Console.

site_name

Used in email templates to specify the name of the site where the email was triggered from. For example:

"Identity Cloud Education Center"

user_entity_type

Default: user

This setting determines the entity type (schema table) that this client ID will use to read and write data. For example:

my_custom_entity\type

verification_code_lifetime

Default: 7 days (604800 seconds)

Sets the duration, in seconds, that an email verification code is valid.

verify_email_url

Required

The base URL used when generating an email verification link. For example, in the password reset email shown below, the base URL is http://customer-dev.janrain.com/widgets/d4771c3c6fae/?screenToRender=verifyEmail: