text/microsoft-resx 2.0 System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 Are You Sure You Wish To Delete {0}? Add User Delete User Do you want anonymous visitors to be able to register for an account on the site Allow Registration? Error Saving Settings Settings Settings Saved Successfully Users Delete Edit Roles The number of minutes a user should be locked out Lockout Duration: The maximum number of sign in attempts before a user is locked out Maximum Failures: Indicate if passwords must contain a digit Require Digit? The minimum length for a password Minimum Length: Indicate if passwords must contain a lower case character Require Lowercase? Indicate if passwords must contain a non-alphanumeric character (ie. punctuation) Require Punctuation? Indicate if passwords must contain an upper case character Require Uppercase? Configuration Updated. Please Select Restart Application For These Changes To Be Activated. The minimum number of unique characters which a password must contain Unique Characters: Do you want to allow users to sign in using a username and password that is managed locally on this site? Note that you should only disable this option if you have already sucessfully configured an external login provider, or else you may lock yourself out of the site. Allow Login? The authority url or issuer url associated with the identity provider Authority: The endpoint for obtaining an authorization code Authorization Url: The client id for the identity provider Client ID: The client secret for the identity provider Client Secret: Do you want new users to be created automatically? If you disable this option, users must already be registered on the site in order to sign in with their external login. Create New Users? Provide any email domain filter criteria (separated by commas). Domains to exclude should be prefixed with an exclamation point (!). For example 'microsoft.com,!hotmail.com' would include microsoft.com email addresses but not hotmail.com email addresses. Domain Filter: Optionally specify the type name of the email address claim provided by the identity provider. The typical value is 'email'. Email Claim: External Login Settings Lockout Settings The discovery endpoint for obtaining metadata for this identity provider. Only specify if the identity provider does not use the standard approach (ie. /.well-known/openid-configuration) Metadata Url: Password Settings Indicate if the identity provider supports proof key for code exchange (PKCE) Use PKCE? Specify a friendly name for the external login provider which will be displayed on the Login page Provider Name: Select the external login provider type Provider Type: The redirect url (or callback url) which usually needs to be registered with the identity provider Redirect Url: A list of scopes to request from the identity provider (separated by commas). If none are specified, standard Scopes will be used by default. Scopes: The endpoint for obtaining an auth token Token Url: The endpoint for obtaining user information. This should be an API endpoint or page url which contains the users email address. User Info Url: Optionally provide the audience for the token Audience: User Settings You can choose to use a custom authentication cookie name for each site. However please be aware that if you want to share an authentication cookie between sites on the same domain they need to use a consistent cookie name. Also be aware that changing the authentication cookie name will logout all current users. Cookie Name: Create Token Optionally provide the issuer of the token Issuer: The number of minutes for which a token should be valid Lifetime: If you want to want to provide API access, please specify a secret which will be used to encrypt your tokens. The secret should be 16 characters or more to ensure optimal security. Please note that if you change this secret, all existing tokens will become invalid and will need to be regenerated. Secret: Select the Create Token button to generate a long-lived access token (valid for 1 year). Be sure to store this token in a safe location as you will not be able to access it in the future. Token: Token Settings Do you want users to use two factor authentication? Note that you should use the Disabled option until you have successfully verified that the Notification Job in Scheduled Jobs is enabled and your SMTP options in Site Settings are configured or else you will lock yourself out. Two Factor? Disabled Optional Required Last Login Specify the type name of the unique user identifier claim provided by the identity provider. The default value is 'sub'. Identifier Claim: Optionally specify any additional parameters as name/value pairs to send to the identity provider (separated by commas if there are multiple). Parameters: Optionally provide the type name of the roles claim provided by the identity provider (the standard default is 'roles'). If role names from the identity provider do not exactly match your site role names, please use the Role Claim Mappings. Roles Claim: Optionally provide a comma delimited list of role names provided by the identity provider, as well as mappings to your site roles. For example if the identity provider includes an 'Admin' role name and you want it to map to the 'Administrators' site role you should specify 'Admin:Administrators'. Role Claim Mappings: This option will add or remove role assignments so that the site roles exactly match the roles provided by the identity provider for a user Synchronize Roles? Optionally provide a comma delimited list of user profile claim type names provided by the identity provider, as well as mappings to your user profile definition. For example if the identity provider includes a 'given_name' claim and you have a 'FirstName' user profile definition you should specify 'given_name:FirstName'. User Profile Claims: User Name Name Email Import Users Authorization Code Authorization Code + ID Token Authorization Code + ID Token + Access Token Authorization Code + Access Token ID Token ID Token + Access Token None Access Token Authorization Response Type: Specify the authorization response type. The default is Authorization Code which is considered to be the most secure option based on the latest OAuth specification. Do you want existing users to perform an additional email verification step to link their external login? If you disable this option, existing users will be linked automatically. Verify Existing Users? Enabling this option will set a permanent cookie in conjunction with the Cookie Expiration Timespan, which will automatically sign in users the next time they visit the site. By default the site will use session cookies. Always Remember User? You can choose to use a custom authentication cookie expiration timespan for each site (e.g. '08:00:00' for 8 hours). The default is 14 days if not specified. Cookie Expiration Timespan: Review Claims? This option will record the full list of Claims returned by the Provider in the Event Log. It should only be used for testing purposes. External Login will be restricted when this option is enabled. Optionally specify the type name of the user's name claim provided by the identity provider. The typical value is 'name'. Name Claim: Select the external login provider Provider: Info OAuth 2.0 OpenID Connect (OIDC)