System settings
System settings are platform-wide configuration values an Administrator edits in the app. Each setting is a pre-seeded key/value row in the Platform database — the app never creates or deletes settings, only edits the values of rows that already exist.
You edit them under Administration → System Settings (route /admin/system-settings), which only the Administrator role can open. The page has four tabs — Email, Authentication, File Storage, and Integrations. Each tab is read-only until you select Edit, then Save or Cancel.
For the role model behind this access, see Users, roles, and permissions.
How settings are stored
Every setting has a key, a value, a value type, a category, and an optional description. The category groups settings onto the tabs. Sensitive values are encrypted at rest with the install's AES key.
| Value type | Meaning |
|---|---|
String | Plain text |
Int | A 32-bit integer |
Bool | True or False |
EncryptedString | Stored encrypted at rest; plaintext capped at 1200 characters |
Sensitive settings
Three settings hold secrets: the SMTP password, the OIDC client secret, and the ArcGIS API key. All three are EncryptedString and behave the same way:
- The stored secret is never sent to the browser. The tab shows a status pill — Configured or Not set — instead of the value.
- When editing, leave the field blank to keep the current secret. Tick the checkbox to remove the stored value (the per-secret captions are Remove the stored password, Remove the stored secret, and Remove the stored key).
- The values are excluded from logs. If a stored secret can no longer be decrypted (for example, after the AES key changes), the field reads as empty and you must re-enter it.
Email — SMTP
SMTP is used for password resets, user invitations, and notification emails. Email sending is enabled only once both SMTP Host and From Address are set.
| Key | Label | Type | Default | Notes |
|---|---|---|---|---|
SMTP:Host | SMTP Host | String | — | Server hostname (for example, smtp.office365.com). Required to send mail. |
SMTP:Port | Port | Int | 587 | 587 for STARTTLS, 465 for SSL/TLS, 25 for unencrypted. |
SMTP:FromAddress | From Address | String | — | Sender address; must be a valid email. Required to send mail. |
SMTP:FromName | From Name | String | Erde | Sender display name. A blank value reverts to Erde. |
SMTP:Username | Username | String | — | Optional; often the same as From Address. |
SMTP:Password | Password | EncryptedString | — | Sensitive. Write-only; shows Configured or Not set. |
SMTP:Encryption | Encryption | String | STARTTLS | One of the encryption modes below. A blank value reverts to STARTTLS. |
Encryption accepts these values, in picker order: None, STARTTLS, SSL/TLS.
The tab also has a Send Test button that emails a test message to an address you supply. It uses the saved configuration, so save your changes first.
Authentication — ExternalAuth and Authorization
These settings control optional external sign-in and the edit-own grace window. Local email/password sign-in always remains available as a fallback, whatever the mode.
For step-by-step setup of each method — including what to register on your identity provider or configure on your Windows domain — see Configure single sign-on. The table below is the settings reference.
| Key | Label | Type | Default | Notes |
|---|---|---|---|---|
ExternalAuth:Mode | Mode | String | None | One of None, Windows, Oidc, Both. An unrecognized value resolves to None. |
ExternalAuth:Oidc:Authority | Provider URL (Authority) | String | — | OIDC discovery URL; must be an absolute https address. Required when Mode is Oidc or Both. |
ExternalAuth:Oidc:ClientId | Client ID | String | — | Required when Mode is Oidc or Both. |
ExternalAuth:Oidc:ClientSecret | Client Secret | EncryptedString | — | Sensitive. Required while OIDC is enabled; cannot be cleared while it stays on. |
ExternalAuth:Oidc:DisplayName | Display Name | String | Corporate SSO | Login-page button label for OIDC. A blank value reverts to Corporate SSO. |
ExternalAuth:Oidc:TrustUnverifiedEmail | Trust email addresses the provider has not marked as verified | Bool | false | First-time OIDC sign-ins link to the Erde account with the matching email. By default the provider must assert the address is verified (an email_verified or xms_edov claim). Enable only for providers that never send one, such as AD FS or Microsoft Entra ID without the xms_edov optional claim. Takes effect immediately — no restart needed. |
ExternalAuth:Windows:DisplayName | Display Name | String | Windows Sign-in | Login-page button label when Windows sign-in is enabled. A blank value reverts to Windows Sign-in. |
Authorization:EditOwnGracePeriodHours | Edit-own grace period (hours) | Int | 72 (seeded default; a missing or blank value enforces 0) | Hours a contributor may edit or delete records they created. 0 disables it; maximum 720 (30 days). Site and Project locks override the window. |
Mode accepts these values:
| Value | Meaning |
|---|---|
None | No external sign-in; local password only |
Windows | Windows Integrated sign-in |
Oidc | OpenID Connect (displayed as OIDC) |
Both | Windows and OIDC |
Changes to the OIDC provider URL, client ID, and client secret take effect only after the next application restart.
When Mode is Windows or Both, each user must have their Windows Logon Name set on their Erde account before they can sign in with Windows — Erde never creates accounts automatically. See Manage users and roles → Windows single sign-on.
The grace period the server enforces reflects the stored value, treating a missing or unparsable value as 0 (off) rather than the seeded default of 72.
File Storage — FileStorage
These settings govern uploaded files. They are distinct from the file-storage options in the server's configuration file (for example, the storage path).
| Key | Label | Type | Default | Notes |
|---|---|---|---|---|
FileStorage:MaxFileSizeBytes | Maximum file size (bytes) | Int | 104857600 | 100 MB. Accepts 1 up to 524288000 (500 MB), the server's upload ceiling; larger values are rejected because the upload would never reach validation. |
FileStorage:AllowedExtensions | Extensions | String | .xlsx,.xls,.docx,.doc,.csv,.txt,.pdf,.jpg,.jpeg,.png,.gif,.bmp | Comma-separated allow-list. Clearing the field restores the default allow-list above rather than allowing any type. |
Executable and script types (.exe, .bat, .ps1, .sh, and similar) are always blocked, regardless of the allow-list.
Integrations — GIS
| Key | Label | Type | Default | Notes |
|---|---|---|---|---|
GIS:ArcGISApiKey | ArcGIS API Key | EncryptedString | — | Sensitive. Once configured, enables the map views across the product: the Map analysis tool, the Home dashboard map, and the Map tabs on Sites and Locations. |
Permissions
| Action | Role or policy |
|---|---|
| View and edit any setting | Administrator (RequireAdmin) |