Skip to main content

Settings

The Settings page is accessible via the gear icon in the left navigation. It is divided into five categories, each opening its own sub-page.

Settings Overview

TileDescription
BrandingApplication logos for dark and light mode
Server SettingsPublic hostname/port and TLS certificate for this app
LoggingLog level, file rotation, request/response logging
IDIAL Container CommunicationTimeouts and logging for IDIAL container requests
OpenID Connect (OIDC)Single sign-on via an external identity provider

Branding

The Branding page allows customizing the logos displayed in the application. By default, the BxC logos are used.

Branding

Custom company logos can be uploaded separately for Dark Mode Logo and Light Mode Logo via Upload Logo. If your application is only operated in one mode, it is sufficient to set only the corresponding logo.


Server Settings

The Server Settings page contains the central network and TLS configuration for IDIAL-APP.

Server Settings

Public Hostname and Port

FieldDescription
Public HostnameDNS name under which clients reach this app. Must match the Common Name or a SAN in the TLS certificate. Also used to automatically generate CRL URLs.
Public PortHTTPS port of the application (default: 443)

Click Save to apply the hostname and port before uploading a new TLS certificate.

Revocation Check

The Revocation Check setting controls how IDIAL-APP validates the revocation status of TLS certificates via CRL (Certificate Revocation List):

OptionBehavior
Off (do not check)CRL checking is disabled — no CRL server reachability required
Soft (warning on problems)CRL is checked; if problems occur (e.g. CRL server unreachable or expired CRL), a warning is issued but operation is not interrupted
Strict (error on problems)CRL is strictly validated; if the check fails, the certificate is treated as invalid

Active Server Certificate

The Active Server Certificate section displays the currently active TLS certificate with status badges, subject, issuer, validity period, subject alternative names (SAN), and the SHA-256 fingerprint.

Out of the box, a self-signed certificate is active, which is marked as untrusted. After uploading a valid PKI certificate, the section shows App trusts this certificate and all checks are marked green:

Server Certificate Trusted

warning

This server does not support graceful reload — applying a new certificate requires a manual restart of the app. Plan the timing of certificate changes accordingly.

Upload a New TLS Certificate

The Upload New TLS Certificate section allows you to upload a PKCS12 bundle (.p12 / .pfx) containing the new server certificate and private key. The upload is a two-step process: first verify, then apply.

The PKCS12 can be provided in two ways — select the appropriate tab:

  • File — upload the file directly from the file system
  • Base64 Text — paste the PKCS12 content as base64-encoded text

Then fill in the PKCS12 Password field and click Verify. The application analyzes the certificate and displays the validation result:

TLS Verification Result

The following checks are performed:

CheckMeaning
Key-Cert-MatchPrivate key and certificate belong together
ChainThe certificate chain is complete
ValidityThe certificate is within its validity period
Key UsageKey usage is set correctly
EKUExtended Key Usage matches server authentication
SAN-HostThe configured public hostname is included as a SAN in the certificate
Basic ConstraintsBasic constraints are set correctly
AlgorithmThe signature algorithm is secure
SourcesCertificate sources could be resolved
Crit. Ext.Critical extensions are known and correct
Revocation StatusThe certificate is not revoked (according to the configured revocation check)

When all checks pass, click Apply. The certificate is saved and activated immediately. A toast notification Server certificate applied confirms success.

info

The certificate must be issued by a CA stored in the IDIAL-APP Trust Store for the SAN-Host check to pass. Load the CA certificates into the Trust Store before uploading the server certificate (see Initialization guide, Step 5).


Logging

The Logging page controls the logging behavior of IDIAL-APP.

Logging

ParameterDescription
File LoggingEnables or disables writing log messages to a file
File Log LevelLog detail level for the file log: TRACE, DEBUG, INFO, WARN, ERROR (most to least verbose)
Log RotationNumber of days after which old log files are archived (default: 30 days)
Console LoggingEnables or disables writing log messages to the container console
Console Log LevelLog detail level for the console log
Request/Response LoggingLogs all incoming REST requests and outgoing responses. Warning: can massively increase log file size, even at higher log levels

Changes are applied by clicking Save.

tip

For production use, we recommend File Log Level: INFO and Console Log Level: INFO. The DEBUG level generates very large log files and should only be used for troubleshooting. The TRACE level provides maximum detail for in-depth analysis.


IDIAL Container Communication

The IDIAL Container Communication page configures timeout behavior and logging for communication between IDIAL-APP and the connected IDIAL containers.

IDIAL Container Communication

ParameterDescription
Request Timeout (seconds)Timeout for all IDIAL container requests except the connection test (1–300 s, default: 30 s)
Connection Test Timeout (seconds)Timeout for the systeminfo connection test, which is called frequently to check the online status of containers (1–60 s, default: 10 s)
IDIAL Request/Response LoggingLogs all HTTP traffic to and from IDIAL containers. Increases log volume significantly

Changes are applied by clicking Save.


OpenID Connect (OIDC)

The OpenID Connect (OIDC) page allows connecting an external identity provider (IdP) for single sign-on. Users can then authenticate via the IdP and, upon successful login, gain access to IDIAL-APP.

OpenID Connect Configuration

Basic Configuration

First, enable the Activated toggle in the top-right corner. Then fill in the following fields:

FieldDescription
Provider NameDisplay name of the identity provider — shown as the label on the SSO button on the login page
Issuer URLDiscovery endpoint of the IdP (e.g. https://login.microsoftonline.com/<tenant>/v2.0) — use Test to verify reachability
Client IDThe client ID of this application from the IdP registration
Client SecretThe application's client secret — leave empty to keep the currently saved secret
Redirect URIAutomatically generated and read-only — must be registered as a redirect URI in the IdP application registration
ScopesOAuth2 scopes requested during login (default: openid, profile, email)
Groups ClaimName of the claim in the ID token that contains group memberships (default: groups)
Groups Overflow BehaviorBehavior when the groups claim contains too many entries: Deny Login
Session DurationValidity period of an OIDC session in minutes (default: 60)
Just-in-Time User ProvisioningWhen enabled, user accounts are automatically created in IDIAL-APP on first login

Role Assignment Mode

The Role Assignment Mode determines how IDIAL-APP roles are assigned to authenticated users:

  • Manual — Roles are managed exclusively in IDIAL-APP's user management. The IdP provides no role information. Use this mode when role management is handled centrally within IDIAL-APP.

  • Automatic (Claim Mapping) — Roles are assigned automatically based on claims in the IdP's ID token. This mode is recommended when role information is already maintained in the IdP.

Automatic Role Mapping

When Automatic (Claim Mapping) mode is active, the Automatic Role Assignment section appears:

Automatic Role Mapping

FieldDescription
Claim NameName of the claim in the ID token that contains the role values (e.g. roles, groups, team_access.roles)
Fallback RolesRoles assigned to users when no claim value matches a configured mapping. Useful when all authenticated users should receive at least one base role (e.g. IDIAL User).

Below the fallback roles, separate input fields are shown for each IDIAL-APP role (Administrator, User Manager, IDIAL Administrator, IDIAL Operator, IDIAL User). Enter the claim values that the IdP sends for each role (e.g. a group UUID or role name). Use + Add to enter multiple claim values per role.

Test Mapping

At the bottom of the page, the Test Mapping section allows you to enter comma-separated claim values to simulate a login and verify the resulting role assignment — without performing an actual sign-in.

info

Obtain the OIDC configuration from your identity provider's documentation and the application registration settings. The redirect URI and issuer URL must exactly match the values in the IdP registration.