Global System Settings
Overview
In the Administration application, it is possible to configure global system settings. Application-specific settings are managed in the corresponding application.
For other application settings see also:
General information
In general tabulator, the following information can be found:
- Application page title (in browser): Enter the text that will be added to the title in the browser toolbar. The entered page title text is added to the currently visited page of the application.
- Logo shown in Reports: Click the selection button to specify or edit the location of an image that should be used as a company logo for reports.
- Prefix for custom Schema Objects: This prefix is used when a new data definition or configuration item is created as part of customization.
- Profile Dialog: Choose a dialog that opens via the user avatar → Profile action. For security reasons, if the selected dialog contains User Role configuration it cannot be modified by the user.
- Max allowed entries to be exported from Grid: (for DWP v.11.0.1 and higher) Defines the maximum number of rows to be exported while exporting the data from the grids. Default: 10000. See also Export Data: Changing limits section.
- Open Edit Dialog (read-only) in case Preview is not available: Enable this option to open Edit dialog instead of Preview whenever Preview is not available (preview displaying is not enabled, not available for the application, or restricted by the user permissions). A Dialog will be opened in read-only mode with all the actions that should have been available for the respective Preview, so it will look like a Preview.
- Feedback Enabled: Enable this option to activate the customer feedback form shown in the application header.
- Environment Type: Defines the role that an ESM instance fulfills, categorized as either "Production," "Testing," or "Development." Selecting the correct value is crucial for accurately calculating license utilization and determining any potential overusage. Read more about Environment Types
Database
Database Server, Database Name, and Database Account: These are the non-editable fields pertaining to the Web server access to the database.
Version
The current version of the Matrix42 platform is shown on the global setting preview page:
Secure Token Service
Configure application login and user authorization options. Select the necessary checkboxes to enable the following login options:
1. Single sign-on enabled |
Select only this check-box to call the Windows Authentication login form. The authentication form is shown on top of the standard login page of the Matrix42 Software Asset & Service Management: |
2. Browser credentials enabled |
Allows to login using cached login credentials. Enables "Use Browser Credentials" button on the application login page: |
3. SAML2 enabled |
Activates SAML2 in the application.
When application login with enabled SAML2 and Single Sign On fails or results in an error message due to outdated or incorrect SAML configuration use the force login page to bypass the error and adjust the secure token service login settings: To log in with your valid credentials add the force login page parameter to your URL: https://myhost.mydomain.com/wm?ForceLoginPage For more information see the SAML2 configuration guide page. |
4. Use Matrix42 MyWorkspace |
Access is configured in a dedicated area of the Administration application, as described below. |
5. Allow User Registration |
Allow User Registration option activates user sign-up to the system with an e-mail address and enables password recovery on the login page: For more details, see also Sign-Up & Password Recovery page. |
E-mails
- Mailing Enabled: Activate or deactivate e-mail traffic.
- SMTP Server: Name of the e-mail server.
- Default Sender: Sender address for e-mails. By default, e-mails triggered by the compliance rules are sent from this address. Send E-mail action e-mails use the default notification settings of the Service Desk.
- Mode: Use this field to specify the e-mail sending mode:
- Send E-mail (default): e-mails are sent directly to the recipients and not stored. Failed or Not Sent e-mails are stored in the system database (SPSEmailClassBase Data Definition) and shown on the E-mails page of the Administration application. Once successfully sent, the e-mails are no longer available in the database and consequently on the E-mails page;
- Send E-mail and store it in the Database: all e-mails regardless of e-mail status are saved in the database are stored in the SPSEmailClassBase Data Definition and displayed on the E-mails page;
- Write E-mails to Specified Folder: all e-mails are saved in the specified folder of the application server. This option requires the path to the e-mail folder.
- E-mail Folder: folder in which your e-mails are stored on the application server.
- Use SMTP Authentication: Select this checkbox if you want to log on to the SMTP server with a user account and select one of the options as provided below.
- Use Integrated Security (Use Service Account): Select this option if you want to log on to the SMTP server with an internal service account of Matrix42 Digital Workspace Platform.
- Use following Credentials: Select this option if you want to log on to the SMTP server with your network account and fill out the credentials.
- Account: User account with which you log on to the mail server.
- Password: Password with which you log on to the mail server.
- Use SSL: Select this checkbox if you want to use a secure SSL connection to send e-mails.
- SSL Protocol: (for DWP v.11.0.1 and higher) this property can be configured for enabled Use SSL option. The default value is Auto, other possible options include TLS 1.0, TLS 1.1, TLS 1.2 or TLS 1.3.
- Use Network Credentials container to pass credentials: Select this checkbox if your system environment requires this special way of transferring login information to the SMTP server.
-
Modern Authentication (OAuth 2.0): this option is available since DWP v.11.0.1 and higher. Select this option if you want to log on to the SMTP server with modern authentication based on OAuth 2.0 which enables authentication features like multi-factor authentication (MFA), smart cards, certificate-based authentication (CBA), and third-party SAML identity providers. Configure the following properties:
- Mailbox Email Address: e-mail address that is used for sending emails is required for OAuth 2.0 authentication option.
- Service Connection: pre-configure and select the necessary Service Connection. For more details see also Microsoft Exchange configuration page and Gmail configuration for emailing.
- Use SSL: Select this checkbox if you want to use a secure SSL connection to send e-mails.
- SSL Protocol: this property can be configured for the enabled Use SSL option. Choose from the suggested options:
- Auto (default)
- TLS 1.0
- TLS 1.1
- TLS 1.2
- TLS 1.3
- Software Asset & Service Management URL: If e-mails contain links to the console, this URL is used. By default, the fully qualified name of the server is included in the URL. However, if the application can only be called by using the short name, this name should be specified here.
- Software Asset & Service Management URL for UUX: If e-mails contain links to the UUX, this URL is used. By default, the fully qualified name of the server is included in the URL. However, if the application can only be called by using the short name, this name should be specified here.
- Recipients In Single Mail: Maximum number of e-mail addresses that can be specified as recipients in a single e-mail. For example, if you want to send an e-mail to 100 people and 20 was entered in this field, then five e-mails are sent, and each of these five e-mails is sent to 20 recipients.
- Max Threads: Maximum number of e-mails that the e-mail robot can process simultaneously.
- Skip Threshold: Maximum number of recipients per e-mail. The e-mail will not be sent if this number is exceeded. If the number of recipients is unlimited, enter 0.
- Attempts to Send: Specify the number of unsuccessful e-mail sending attempts. When this number is exceeded, the status of e-mails on the E-mails page is set to Failed.
- Clean Up Mails after (Days): After the number of days (default value is 90) that is specified in this field, all e-mails stored in the database will be deleted. If this field is empty, the e-mails are never deleted.
- Header/Footer: Allows setting the default Header, Footer, and signature for all email notifications sent by the System. For more information, see also E-mail Configurations.
- Split Mails by Recipients Domains: The option is designed for cases the Mail Server has a special configuration that does not allow sending emails with the recipients from different domains. When activated the dedicated E-mail will be generated for every mail domain used in the recipient list. This behavior can be activated only directly in the production database with the following command and iisreset:
UPDATE SPSAlertingConfiguration Set RecipientsSplitDomain = 1
- Don’t attach embedded images as attachments to email: (for DWP v.11.0.1 and higher) Enable this option to generate emails without embedded images attached. Default: disabled.
Matrix42 MyWorkspace
Integration: Matrix42 Accounts Integration settings enable the Matrix42 Accounts Data Provider to import Matrix42 Accounts.
- Enterprise Name: The name of your company as has been specified on your company's user profile page at https://accounts.matrix42.com/ when creating an access token.
- Server: The API server used to access Matrix42 Accounts.
- Access Token: Access token that needs to be generated manually on your company's user profile page at https://accounts.matrix42.com/.
Single Sign-On settings enable log-in to the Matrix42 Digital Workspace Platform with a Matrix42 Account:
- Enabled: Select the checkbox to enable the ability to log in to Matrix42 Digital Workspace Platform with a Matrix42 Account.
- Scope, Client Id, Client Secret: After your application has been registered with Matrix42 Access Control System (ACS) by the ACS service administrator, you will receive the scope, client ID, and client secret values. The scope, client ID, and client secret are used by the application each time a user selects to be logged in by using their Matrix42 Account. If this data is valid and the corresponding account has been previously imported by the Matrix42 Accounts Data Provider, ACS authenticates the user and logs in the user to Matrix42 Digital Workspace Platform.
Engines
These settings relate to the system services of Matrix42 Digital Workspace Platform. They can be changed only after you have consulted Matrix42.
Mobile Applications
Basic settings for support of Facebook, Twitter and push notifications for Matrix42 mobile application.
Download the Matrix42 mobile application from the App Store or Google Play.
Common Settings:
- Facebook is Available: enable the check-box and configure access to the company's Facebook account:
- Facebook Alias: username or the alias of the page;
- Facebook Access Token: an access token is needed any time the application calls the Facebook API. Access tokens are obtained via a number of methods, as described in the Facebook for Developers documentation.
- Twitter is Available: enable the check-box and configure access to the company's Twitter account. All fields are mandatory:
- Twitter Access Secret: authorization password, used with the Access Token every time the client (in this case the mobile application) wants to access the data.
- Twitter Access Token: is issued to the client once the client successfully authenticates using the Consumer Key and Consumer Secret. Access Token defines the privileges of the client and what data the client can and cannot access;
- Twitter Consumer Key: API key associated with the Twitter application. ;
- Twitter Consumer Secret: the client password that is used to authenticate with the Twitter authentication server;
- Twitter Alias: the account's screen name, handle, or alias;
- Show address field in Contacts
Configured social media access delivers the latest news from the company's Facebook and Twitter accounts to the News page of the Matrix42 mobile application.
- Push Notifications: starting from the 10.0.4 version of the DWP, push notifications settings are available in a stand-alone section of the Global System settings. For more information see Push Notifications page.
Security
- Additional Login Delay (ms): one of the security options that is useful in case of brute force attacks. It is not set by default. Set the numeric value to define the delay during the login.
- Lock accounts after failed login attempts: Select this checkbox to make user accounts unavailable after a certain number of unsuccessful logins to the Matrix42 Self Service Portal or the Matrix42 Enterprise Service Management.
- Number of failed attempts: Number of unsuccessful login attempts after which the accounts should be locked. This field becomes active after you select the Lock accounts after failed login attempts checkbox.
- Enable automatic accounts unlocking: Select this checkbox if you want the system to automatically unlock the previously locked accounts. This checkbox becomes active after you select the Lock accounts after failed login attempts checkbox.
- Time until automatic unlock: Time period (in minutes) that should pass after an account has been locked and until it will be automatically unlocked. This field becomes active after you select the Enable automatic accounts unlocking checkbox.
- Session lifetime (in hours): Number of hours for session lifetime. For security reasons, the maximum possible session lifetime can not exceed 48 hours. See also, Secure Token Service configuration
- Activate CAPTCHA: another security option that deters bot attacks on the system login page
- disabled (default): CAPTCHA is not shown
- enabled: after 3 failed login attempts along with the user credentials the user is prompted to enter the text from the CAPTCHA
CAPTCHA example on the login page
- Enable less secure filtering methods for data in REST API requests (not recommended): available for DWP v.12.1.0 and higher
- disabled (default): the system processes the Filter Expression requests that are configured as Parametrized Filter Expressions in the Layout Designer. If there are layouts that were not adjusted to Parametrized Filter Expressions and still directly refer to the Data Model value in the request, the system will not process such requests. It will display a warning for such Layouts in the System Diagnostics, and while editing the Layout in the Layout Designer. See also, Parametrized Filter Expressions and Why using Filter Expression is unsafe?
- enabled (default): Filter Expressions that have already been present in the system before the introduction of the Parametrized Filter Expressions can be processed by the system without issues. New Filter Expressions created in such an unsafe way, referring directly to the Data Model value in the request, can not be created in the Layouts. To create a new Filter Expression refer to the Parametrized Filter Expression approach as described here.
For versions starting from 12.0.3 this functionality works only for Administrators or by activating the setting “AllowParameterizedFiltersOnly” in "SPSGlobalConfigurationClassBase" directly in database.
- Extra origins: (for DWP v.11.0.1 and higher) Comma-separated list of allowed domains for cross-origin resource sharing. It forces CORS policy to add the entered values to the allowlist. Default value: empty.
Regional Settings
- Default UI Language: Default language of the Matrix42 Digital Workspace Platform user interface.
- Supported User Languages: Languages into which the Matrix42 Digital Workspace Platform user interface is currently localized.
- Default System Language: Default language of the system that is used for writing logs or sending e-mails within Matrix42 Digital Workspace Platform.
- Supported Mail Languages: Languages that can be used in e-mails that are sent within Matrix42 Digital Workspace Platform.
Workflows
Choose one of the suggested options for the Workflow Engine Definition:
- Use legacy Workflow Engine (AppFabric): The System uses AppFabric for processing Workflow commands.
-
[TECHNICAL PREVIEW] Use Matrix42 Worker together with Legacy Workflow Engine (AppFabric): This option combines two workflow processing methods and is considered as an interim solution before the complete and ultimate migration to the new engine using Matrix42 Workers. The System uses Matrix42 Workers for starting and processing all Workflows marked as “Use Matrix42 Worker”. Workflows that are either incompatible or have already been started on legacy Workflow Engine will keep using AppFabric for execution.
This option requires additional configuration of the Matrix42 Worker:-
Enabled: select the checkbox to enable the new workflow processes running on the Cloud Worker;
-
Matrix42 Deployment Ring: deployment rings provide a way to separate the Matrix42 Worker service users into deployment groups. Each deployment ring reduces the risk of issues derived from the deployment of the features and updates by firstly aiming at the most adaptable users who are willing to use the latest updates as soon as possible and gradually extending the targeted audience to those who are the least adaptable for the changes and tend to minimize the risks that might be caused by any system update.
-
Early Adopters: receive new builds first and often early, even before the update is deployed broadly across the organization;
-
Technical Preview: intermediate stage;
-
Release: broadly deployed and stable release version.
-
-
Server connection and authentication settings fields:
-
Application Server Token User
-
Authentication Server URL
-
Connector Id
-
Client Key
-
Client Secret
-
-
Click "Setup Authentication" button and follow the instructions to get the necessary connection credentials.
Technical Preview implementation must not be used in production.
-
Use Matrix42 Worker: The System uses only Matrix42 Workers to execute all kinds of Workflow operations.
Frontend Settings
This section is available in DWP v.11.0.1 and higher.
- Auto Login: Allow/deny auto-login (by bypassing the login screen) while accessing the workspace. By default is disabled.
- Allow Non Windows Auto Login: Allow/deny the logins that originated out of Windows login credentials. By default is disabled.
- Force New Look for everyone: applies New Look design for all users in the system. See also, New Look Overview and How to apply New Look.
- View Opening Mode (for DWP v.12.0.5 and higher): allows customizing your interaction experience for previews and actions across Landing Pages, Dashboards, and Tiles. Available options:
- Full Screen (default): the preview opens full screen
- Side Panel: the preview is displayed next to the selected page element
Side Panel View Opening Mode displaying example
- Default page size option for Dataset View: The default value of items to be shown while opening the pages with the grids. By default is set to 50 items. Must be one of the values defined in the Available page size options for Dataset View, see below. See also Search in UUX: Paging section.
- Available page size options for Dataset View: The possible predefined values for page size. The list of values will be shown on the UI to let the user change the default value of page size. The default options are 10,20,50,100,200. See also Search in UUX: Paging section.
- Show Hidden Values in Search (for DWP v.11.0.2 and higher): allows managing the hidden option displayed in the column search of the Pickup. By default is enabled. Disable this option to remove the hidden option of the Pickup from the column search. See also Pickup Data Properties: Hidden.
- Max File Size: The maximum file size to upload (in Mb). The default value is 20.
- Max Words Per Condition: Defines the maximum words per condition while using pickup filter search (i.e. on a Grid column). By default is set to 50. See also Search in UUX: Text filtering criteria section.
- Max Recent Searches: Maximum items to be shown in the Recents tab. By default is set to 5 items. See also Applications: Creating an Application section.
- Link Allow Protocols: A comma-separated list of protocols allowed for the embedded links. By default includes mailto,notes,callto,tel.
Login Page
This section is available in DWP v.12.0.4 and above.
These settings are related to the login page appearance.
The login page in DWP v.12.0.4 and above has changed and now it looks like on the next screenshot.
It is customizable by setting the expected values to the fields on this page:
General
- Welcome Title: Text to be displayed as a welcome title. It is localizable.
- Welcome Title Color: Color to use for a welcome title.
- Welcome Text: Text to be displayed below a welcome title. Might be used for a short description. It is localizable.
- Text Color: Color to be used with all the regular text on a login page.
- Button Color: Color to be used as a foreground to active buttons.
- Button Text Color: Color to be used as a text color on active buttons.
- Logo: Image to be used as a logo on the login page.
- Background Image: Image to be used as a general login page background.
Left Panel
- Left Foreground Color: Color to be used on a left panel as a color. It will be overlayed with the Left Foreground Image if it is set.
- Left Foreground Image: Image to be used on a left panel as a foreground.
Right Panel
- Right Foreground Color: Color to be used on the right panel as a color. It will be overlayed with the Right Foreground Image if it is set.
- Show Right Panel: Indicates if the right panel is supposed to be shown. It is checked by default. If unchecked, the left panel will be repositioned to a page center.
- Right Foreground Image Behavior: Used to set how foreground image will be applied on a right panel. Possible options: Stretch, Repeat or Original.
- Right Foreground Image: Image to be used on a right panel as a foreground.
See also: