Specifies the global farm configuration. All agent nodes in farm shares the same configuration. By default host administration can be accessed from only localhost http://localhost:5000 address.
Warning
Host administration port (5000) should be open to only secured networks and should not be open for public access. In addition to special port host administration panel also protected by a password. On initial setup emakin assigns default password ("verysecret") but it can be changed later from administration panel.
Host configuration contains one or more application definition to as hosted emakin application. Each application definition has multiple domains for multi-tenancy.
Application definition performs isolation at database level and nothing can be shared between application-wide. Domains isolates the process-wide data and cross domain workflows are possible. For example a workflow instance can be started in "foo" domain and next step can be assigned to a user in "bar" domain.
Domains also inherits configuration settings from application if not overridden. For example mail server definitions are inherited from application configuration if domain does not exclusively defines any mail server definition.
Each application configuration contains the following sections;
General Settings
Title
Display name of application
System Administrator e-Mail
Mail address to send configuration errors, critical system wide related notifications.
Static URL
Base web access url for static (like JS, CSS, Image) file urls. If not specified domain url used. It is recommended to set a URL for multi domain environments to improve caching of resources between domains.
Market URL
Process market application url. If not specified "http://market.emakin.com" address is used. If you don't have any special process market environment it is recommended to leave blank.
Mobile Push URL
Mobile push notifications gateway url. If not specified "http://push.emakin.com" address is used by default.
Default Domain Level
Default domain level for new domains.
Domain Expiration Period
Domain deletion period for unprotected domains.
Scheduled Task Limit
Minimum duration of scheduled task intervals.
Process Form Data Limit
Maximum size of form data size in bytes. Set to 5MB by default if set to blank.
Database Settings
Database settings contains a system connection for storing workflow related system data and repository connections for domain specific data. Multiple repository connection can be defined and every new domain assigns to randomly selected repository to distribute process wide data.
System Connection
Database Adapter
Type of database provider for system connections.
Name
Display name of database connection. Used for diagnostics.
Connection String
Connection string of system database.
Archive Connection
Archive connection is used to access archived data and if specified Emakin moves the aged data to archive database automatically and fetches from this database when needed.
Database Adapter
Type of database provider for system connections.
Name
Display name of database connection. Used for diagnostics.
Connection String
Connection string of system database.
Repository Connections
List of repository connections to store domain specific data.
Database Adapter
Type of database provider for database.
Name
Display name of database connection.
Connection String
Connection string of database.
Xml Repositories
List of xml repository connections to store domain specific data. See $XmlRepository for more detail.
Name
Display name of xml repository
Connection String
Connection string of xml repository
File Repositories
List of file repositories. By default emakin store all files in database. When any file repository defined in this section; files are automatically copied to all repositories and cleared database to save space.
Provider
Provider of file repository connection
Name
Display name of file repository
Base Path
Base path of file repository
Is Enabled
Specifies the file repository is active
Integrated Services
List of integrated other applications. These services are used by other features like SSO Login or File access.
Is Enabled ?
Specifies the this service is enabled. Disabling a service also disables other features like login.
Service Type
Type of integrated OpenAuth service.
Name
Identifier of service. Given name will not displayed to end users and only used to identity service in features. Name is required.
Client Id
Open auth client id.
Client Secret
Open auth secret
Service Callback
Specifies the open auth callback type. Some of Open Auth services requires the specify callback address for security and callback address must be same.
Selecting the application callback uses a generic "oauth" callback address with application name. Example; "oauth.emakin.com".
Selecting the domain callback generates the callback address with same with active domain address like "mydomain.emakin.com".
Scopes
Specifies the enabled open auth scopes granted.
Login Services
List of integrated login services to allow user logins.
Login Service
Specifies the type of login service. In addition to builtin Emakin and Active Directory services other integrated open auth services can be used as a login service.
Name
Identifier of login service to display end users.
Is Enabled ?
Specifies the service is enabled. If not enabled service is not displayed to users.
Requires 2FA
Specifies the two factor authentication is required. If checked after service login has succeeded users are also has to enter 2FA code (SMS etc) to login. 2FA provisioning (for example registering mobile number of user) is automatically handled by emakin.
Scopes
Specifies the requested open auth scopes from service. Only displayed for integrated services and not available for builtin services.
Other Services
File Services
Specifies the enabled file access services. File services are allows the select a file from integrated system for end users.
Client Type
Type of file service. Desktop and Web Cam are builtin services. Google Drive and Office 365 also can be selected but requires a integrated service definition.
Service
Type of integrated service. Only displayed for open auth type file services.
Name
Name of file service to display users.
Scopes
Requested open auth service scopes.
Calendar Services
Specifies the enabled calendar services.
Client Type
Type of calendar service. Delegation is built in service. Google and Office 365 also can be selected but requires a integrated service definition.
Service
Type of integrated service. Only displayed for open auth type file services.
Name
Name of file service to display users.
Scopes
Requested open auth service scopes.
Editor Services
Specifies the WOPI based editor services. WOPI services allows the edit files without any upload or download operations.
Name
Name of service to display end users.
Discovery Url
WOPI discovery url
Full Text Services
Specifies the full text extraction service address.
Security
SSL Options
Force SSL ?
Specifies the force SSL connections if http used. If enabled all web access connections automatically redirected to https protocol.
Certificate
Base64 encoded SSL certificate to use. Certificate must in PFX format and password must be set.
Certificate Password
SSL certificate password
User Sessions
Single Session
When selected, only one device session is allowed for all devices in user sessions. Otherwise, no session control is performed.
Use Session Cookie
When selected browser cookie also is used in addition to bearer tokens for preventing the cross site scripting attacks. Since some browsers rejects the cookies to prevent tracking it must be tested before enabled.
Login Token Expiration
It determines the validity period of the tickets produced for system logins such as invitations or password change links. The default value is 10 days in the format 10.00:00:00.
Bearer Token Expiration
It determines the validity period of the tickets produced for user sessions. The ticket is automatically renewed when its validity period is about to expire. The default value is 5 days in the format 5.00:00:00.
Authentication Storage
Determines the storage area of bearer token. Local storage option used for keep bearer token in browser until it is expires and renew if required. Session storage option keeps token temporarily and requires re-authentication when browser window is closed.
Audit Log
Retention Duration
Specifies the keeping duration of audit logs. Default value is 180 days in 180.00:00:00 format.
Password Policy
Minimum Password Length
Determines minimum password length in characters.
Minimum Upper Case Letters
Determines minimum characters of upper case characters (A..Z) in passwords.
Minimum Numeric Letters
Determines minimum characters of upper case characters (0..9) in passwords.
Minimum Lower Case Letters
Determines minimum characters of lower case characters (A..Z) in passwords.
Required Characters
List of at least of one of characters must be included in password. For example if set to "!@" value user passwords must be include '!' or '@' character.
Files
Antivirus Service Url
Specifies the antivirus scanning address to scan files before importing to system. If not specified no scanning is performed.
Allowed File Types
List of allowed file extensions or mime types. If any specified only listed files are allowed to upload.
Denied File Types
List of denied file extensions or mime type.
Time Stamping
Timestamp Server URL
URL of timestamp server to use for digital signatures. Default is empty and error thrown if timestamp required.
Timestamp User
User name of timestamp server for authentication. Default is empty and no authentication is performed.
Timestamp Password
Password of timestamp server for authentication. Default is empty.
e-Mail Services
List of mail SMTP mail services to send mail notifications. Any number of service can be defined and system tries to send mail in service order until it succeeds. Each service definition contains the following settings;
Is Enabled ?
If set no service is disabled and system does not try to use service.
From Address
Specifies the from address of notification mails. For example "emakin@mydomain.com"
From Display Name
Specifies the displayed name of from address to show mail message. For example "Emakin". If leaved blank address is used.
SMTP Server
Name or IP address of mail server.
If service entry expanded following authentication related settings will be displayed;
User Name
User name of SMTP server for authentication. If relay enabled on SMTP server this field can be leaved as blank.
Password
Password of SMTP server for authentication. If relay enabled on SMTP server this field can be leaved as blank.
SMTP Port
Port number to connect SMTP server. If leaved blank default SMTP port is automatically used.
SSL Enabled ?
If selected SSL connection is used to connect SMTP server. By default SSL connection automatically preferred but if this setting checked all connections are forced to use SSL connections.
SMS Services
List of integrated SMS services. Primarily is used for 2FA and if no service defined system uses the push service as SMS gateway.
Is Enabled ?
If set no service is disabled and system does not try to use service.
Name
Identifier of service
SMS Gateway Code
Script to process SMS request. If script returns any not null value system assumes SMS has been sent.
Workers
Configuration of background job workers. This list allows to customize worker queue priority and error handing configurations. Please see Background Jobs page for more detail.
Domains
Lists the subdomains defined in this application and create new sub domains. New domains created from host administration always created as protected state.
Licenses
Lists the previous registered license keys and shows the state of license is valid or not. To enter license paste license contents into "License File" input and click to "Register" button to save. If license is valid license list will be automatically refreshed.