This article provides guidance on how to configure your system, authentication, and integration settings and monitor system activity in the Appian Administration Console. The administration console is where system administrators can update certain configuration properties through the web interface. Users must be system administrators to make changes in the Administration Console.
To access the Administration Console, navigate your browser to the following URL:
1
https://yoursite.example.com/suite/admin
Only users of type System Administrator can access the Administration Console and make changes to the configurations. The Administrator user is specifically prohibited from accessing the Administration Console in order to ensure that all changes can be traced to a specific named user rather than a shared account.
All changes made through the Administration Console are logged to an audit log. The log captures the username of the user that made the change along with the previous and new values of the changed property.
See also: Appian Administration Console Logging
The following pages relate to system administration.
The Branding page allows you to manage the name, logos, and colors that appear throughout the Tempo interface. The branding settings only apply to the web interface. For branding of the mobile interfaces see the Custom Mobile Applications documentation.
Clicking the Save Changes button will cause the updated values to become live in the system. As a best practice, experiment with various color configurations in a development environment before applying them to a production system.
All branding modifications result in an audit log message with the username of the user who made the change, the previous values, and the new values.
Note that the Branding configurations only apply to Tempo. To learn about custom styling for embedded interfaces, see Themes.
Logo.#416b88.#ffffff.#f8e85b.#222222.#1d659c.#ebf1f7.#1d659c.#1d659c.#666666.#ffffff.The Data Retention page allows you to manage the following settings:
Allow News Entry Deletion - Allow users to delete news entries and social tasks that they have authored, as long as nobody has commented. The default is that news entry deletion is allowed.
Enable Periodic Cleanup of Export Packages - Allow export packages (zip files) to be automatically deleted after the specified number of days. The default is 30 days. Appian recommends setting 30 days or less for export package cleanup to ensure optimum disk space.
The Deployment page allows you to manage the following settings:
Warning: before enabling this feature, check with your database administrator to see if it is acceptable for Appian to automatically run DDL statements in this environment. If Appian does not have DDL privileges on the database level, automatic schema updates will fail, even if this feature is enabled.
The File Upload page allows customers to manage the following settings:
File type verification can be toggled on and off through the checkbox labeled "Block any file with an extension that does not match the underlying file type". To fully leverage this powerful feature, we recommend enabling it in coordination with a list of extensions to allow rather than a list of extensions to block. We recommend this for two reasons:
The Internationalization page allows you to set the primary language and time zone displayed to users. This page also controls the calendar types and languages that are enabled for the site.
The table below lists the default languages available for selection. Text is only translated in the interfaces listed below, as supported. When a new version of Appian adds support for a new language, the translated interfaces may only include support for the Tempo and Mobile interfaces.
| Language | Language Code | Interface Support | |||
|---|---|---|---|---|---|
| Tempo/Mobile | Administration Console | Appian Designer | Portal | ||
| Arabic | [ar] | Yes/No | Yes | Yes | No |
| Chinese (Simplified) | [zh_CN] | Yes | Yes | Yes | Yes |
| Chinese (Traditional) | [zh_HK] | Yes | Yes | Yes | Yes |
| Dutch (Netherlands) | [nl] | Yes | Yes | Yes | Yes |
| English (United Kingdom) | [en_GB] | Yes | Yes | Yes | Yes |
| English (United States) | [en_US] | Yes | Yes | Yes | Yes |
| French (Canada) | [fr_CA] | Yes | Yes | Yes | Yes |
| French (France) | [fr_FR] | Yes | Yes | Yes | Yes |
| German (Germany) | [de] | Yes | Yes | Yes | Yes |
| Italian (Italy) | [it] | Yes | Yes | Yes | Yes |
| Japanese (Japan) | [ja] | Yes | Yes | Yes | Yes |
| Polish (Poland) | [pl] | Yes | Yes | Yes | Yes |
| Portugese (Brazil) | [pt] | Yes | Yes | Yes | Yes |
| Russian (Russian) | [ru] | Yes | Yes | Yes | Yes |
| Spanish (Mexico) | [es] | Yes | Yes | Yes | Yes |
| Swedish (Sweden) | [sv] | Yes | Yes | Yes | Yes |
Enabling a language makes it available for users to select as their language setting. To enable a language, select it from the Enabled Languages dropdown and click Save. When enabling language settings, consider:
Appian must have at least have one language enabled. If no languages are selected, you must enable at least one language before you can save your changes.
For Appian for Mobile Device applications, start and task forms appear in the language and locale preference set in Appian, News feed entries appear in the language they were entered, and the remaining aspects of the mobile application, such as button names and titles, are determined by the device's language setting. The device's language setting does not need to be enabled as a language in Appian to translate the button names correctly.
The text that appears in the Process Modeler is not translated into languages other than English (United States).
When language is set to Arabic, the interface displays from right-to-left rather than left-to-right and default alignment for interface components and grid columns is right rather than left.
A language can be disabled by clearing the check from the dropdown that corresponds to the language. When a language is disabled, the primary language for the site is displayed for users whose preferred language setting is set to the disabled language. Users then can select a new preferred language from one of the remaining languages that are enabled for the site.
To specify a primary language for your site, select a language from the Primary Language dropdown. The primary language is used for users who have not selected their own preferred language. Note that only enabled languages are listed here.
To use the primary language for all users regardless of their preferred language, select the Always override users' selected language checkbox.
NOTE: Selecting the Always override users' selected language checkbox ensures that user preferences are never enforced. Irrespective of user preferences, the primary setting is then always applied.
The preferred language setting governs the format of dates and numbers that are displayed by the system. For example, if the preferred language is set to English - United States, the date is displayed with the month preceding the day. The same date, when the preferred language is set to Spanish, is displayed with the day preceding the month.
The following table lists the date and time formats used when a certain default locale is selected as the preferred language (or as the only enabled language).
| Preferred Language | Date and Time Format | Example |
|---|---|---|
| US English (en_US) | Month Day, Year Hour:Minute AM/PM | Dec 15, 2010 3:32 PM |
| UK English (en_GB) | Day Month Year Hour:Minute | 15 Dec 2010 15:32 |
| French (ca_FR) | Year-Month-Day Hour:Minute | 2010-12-15 15:32 |
| Spanish (es_MX) | Day/Month/Year Hour:Minute | 15/12/2010 15:32 |
Hours displayed in US English use a 12-hour clock with an AM or PM designation.
The separators between digits in a number change based on the preferred language. For example, if the preferred language is English - United States, a comma (,) is used as a separator (1,000). If however, the preferred language is set to German - Germany, a full stop (.) is used as the separator (1.000).
According to the US Naval Observatory, the Gregorian calendar is the internationally accepted civil calendar. This is the default calendar used in Appian.
To change the default Gregorian calendar to a different calendar type, select a calendar from the Primary Calendar dropdown. Options include the calendar types listed below.
Islamic Calendar Types
You can select from three types of Islamic calendars, which use slightly different leap year patterns and different means for calculation.
| Type | Leap Years | Description |
|---|---|---|
| 1 | 2 5 7 10 13 16 18 21 24 26 29 | Kūshyār ibn Labbān (11th cent. CE) Ulugh Beg (15th cent. CE) Similar to the "Kuwaiti algorithm" |
| 2 | 2 5 7 10 13 15 18 21 24 26 29 | Most Commonly Used |
| Um Al Qura Calendar تقويم أم القرى |
Not applicable | Based on observation or astronomical calculation. |
The leap year patterns are based on the following logic:
The difference between calendar type 1 and type 2 centers on when the leap day is added.
The difference between the Type 1 and Type 2 leap-year schemes are shown in the following table, which lists the remainder for each year in the 30 year cycle.
| Year | Type 1 remainder | Type 2 remainder | Year | Type 1 remainder | Type 2 remainder | Year | Type 1 remainder | Type 2 remainder |
|---|---|---|---|---|---|---|---|---|
| 1 | 11/30 | 11/30 | 11 | 1/30 | 1/30 | 21 | 7/10 * | 7/10 * |
| 2 | 22/30 * | 22/30 * | 12 | 2/5 | 2/5 | 22 | 1/15 | 1/15 |
| 3 | 1/10 | 1/10 | 13 | 23/30 * | 23/30 * | 23 | 13/30 | 13/30 |
| 4 | 7/15 | 7/15 | 14 | 2/15 | 2/15 | 24 | 4/5 * | 4/5 * |
| 5 | 5/6 * | 5/6 * | 15 | 1/2 * | 1/2 | 25 | 1/6 | 1/6 |
| 6 | 1/5 | 1/5 | 16 | -2/15 | 13/15 * | 26 | 8/15 * | 8/15 * |
| 7 | 17/30 * | 17/30 * | 17 | 7/30 | 7/30 | 27 | -1/10 | -1/10 |
| 8 | -1/15 | -1/15 | 18 | 3/5 * | 3/5 * | 28 | 4/15 | 4/15 |
| 9 | 3/10 | 3/10 | 19 | -1/30 | -1/30 | 29 | 19/30 * | 19/30 * |
| 10 | 2/3 * | 2/3 * | 20 | 1/3 | 1/3 | 30 | 0 | 0 |
Islamic Calendar Epoch
The epoch defines the starting point of the Calendar (the first day of year one). The following epochs can be selected for Islamic Type 1 and 2 calendars.
| Epoch | Day 1 / Year 1 | Description |
|---|---|---|
| A | 15/July/622 CE/Julian | Thursday or Astronomical Epoch |
| B | 16/July/622 CE/Julian | Friday or Civil Epoch |
To override all users' preferred calendar settings with the primary calendar type, select the Always override users' selected calendar checkbox when selecting the primary calendar type.
NOTE: Selecting the Always override users' selected calendar checkbox ensures that user preferences are never enforced. Irrespective of user preferences, the primary setting is then always applied.
Language preferences and time zone preferences affect how dates and times may be displayed. For example, a process start time of Oct 12, 2011 at 5:00 pm Eastern is displayed differently for a user with Spanish language and Central time zone preferences.
| Process start time | User’s Preferred Setting | User’s Preferred Time Zone | Displayed start time |
|---|---|---|---|
| Oct 12, 2011 at 5:00 PM Eastern Daylight Time | Spanish - Mexico | Ciudad de México (México) (America/Mexico_City) | 12/10/2011 at 4:00 PM GMT-05:00 |
As with languages, system administrators must also specify a primary time zone for the site. At installation, the primary time zone is set to Greenwich Mean Time (GMT). To specify another primary time zone for the site, click the Primary Time Zone dropdown and select a time zone from the list. This recommended list is based on the selected language. System adminstrator’s can override the default list of recommended time zones or add a list for a new locale by modifying the custom.properties file.
To override all users' preferred time zone settings with the primary time zone, select the Always override users' selected time zone checkbox.
When selecting a Continental US time zone, we recommend using the following settings.
A process model can take a specific time zone, which is used by each process spawned from the model. Alternatively, models can be configured to use the time zone preference of the user who starts the process model. This is set in the process model's properties.
NOTE: Selecting the Always override users' selected time zones checkbox ensures that user preferences are never enforced. Irrespective of user preferences, the primary setting is then always applied.
The Mobile page allows you to manage settings for your organization's mobile devices:
Prompt Users to Download App - Displays a redirect page to encourage users to open links in the native mobile application (if already installed), or to install the application. Once enabled this page shows up for any link that is invoked on a mobile device. The logo displayed on this page can be configured by changing the Logo on the Branding page. The default logo is the Appian logo. The background color for the 'Open in App' button can be configured by changing the Accent Color, also on the Branding page.
Android App Download Link - Download URL for the Android application. The default URL is the Appian for Mobile Devices Android application.
The redirect page will not be displayed from the Safari browser running on iPadOS, due to a change made by Apple that makes Safari running on an iPad indistinguishable from Safari running on a desktop.
Newer versions of mobile device operating systems frequently include security enhancements. For example, Android 4.0 includes OS-level protection from tapjacking, a form of UI redress attack, and Android 4.4 includes updates to the Android Key Store. You can specify that only devices that have these new security features can connect to your Appian installation by setting the minimum required mobile OS version. Your setting should be based on your organization's security requirements as well as what percentage of your users use the different operating system versions.
See also:
The Permissions page allows you to control user actions to various actions on Tempo.
The User Profile section allows you to specify what information users are allowed to update from their user profiles, and whether users will be able to see the profile details of other users.
The fields that are set to be not editable here are displayed but disabled to users in their user profiles. Each checkbox on the page corresponds to a set of user profile fields as follows:
If this option is selected (the default) users will be able to see the profile details of a user if that user's role map has no viewers configured and notification emails sent by Appian will include users' display names. If unselected, no users will see that user's details unless they are explicitly added in the viewers role of that user and notification emails sent by Appian will only include users' usernames, not their display names. Regardless of the value given for this property, if the viewers role is non-empty, only those users set in the viewers role will be able to see that user's profile details.
Update Quick Apps settings on the Permissions page in the Appian Administration Console. This section contains the configurations to enable Quick App creation.
This link opens the Quick App Creators group. Adding users to this role gives them access to the Quick Apps Designer.
The data source chosen in this dropdown is the location where tables will be generated and updated for new Quick Apps. No Quick Apps can be created until a value is selected here.
Changing this value will only affect new Quick Apps. Any existing Quick Apps will remain connected to the data source selected at the time they were created, even when the Quick App is updated from the Quick Apps Designer.
The Appian user must have the following permissions to the connected data source for Quick Apps to work correctly: CREATE, ALTER, DROP, INSERT, UPDATE, and DELETE.
This section contains the configurations to control Tempo access.
This link opens the Tempo Users group. By default, all users can access Tempo. Removing members or membership rules from this group will prevent those users from accessing Tempo.
The Plug-ins page lists the plug-ins that are currently deployed to the site. The total number of deployed plug-ins are listed in parentheses in the grid title.
Reminder: All plug-ins are use-at-your-own-risk, and their functionality is not guaranteed by Appian. All plug-ins should be tested thoroughly. For more details about individual plug-ins, visit the Appian AppMarket.
For each plug-in the following information is given:
After checking the "Allow" checkboxes for the plug-ins that should have access to the Encryption Service public API, click the Save Changes button to save the changes or click the Reset Changes button to return to the previously-persisted state.
Aside from the toggle to allow or deny access to the Encryption Service, all of the information that appears in the grid is derived from the information given by the plug-in developer in the plug-in manifest file included with the deployed plug-in. It is not editable through this interface.
Changing the access of a plug-in results in a audit log message with the username of the user who made the change, the previous value, and the new value.
See also:
On Cloud sites only, administrators can deploy Cloud-approved plug-ins by clicking the Deploy New Plug-ins button. On clicking this button, a modal dialog will open revealing a grid containing all cloud-approved plug-ins that are supported for your site's version of Appian. Click on a plug-in's name in the grid to view details and deploy the plug-in immediately to your site. Should the plug-in fail to deploy, check the application server logs for an error message containing more information on what happened.
The Sign-in Page Links page allows you to add custom links to the sign-in page. The links will appear on the sign-in page in the same order in which they are arranged in the administration console.
The maximum number of links is five and only links that use the http, https, or mailto protocols are allowed.
The User Start Pages page allows you to configure which pages users start on when they first log into Appian or if they navigate to the base Appian URL with or without the application context (e.g. acme.appian.com or acme.appian.com/suite). Note that if a user navigates to a specific environment (e.g. Tempo) or page (e.g. a record view), he will not be redirected to his configured start page.
You can add rows to the grid to configure different groups of users to have different start pages. Only public and restricted groups can be selected, not personal groups. If a user belongs to multiple groups that have different start pages configured, his start page will be the highest one in the grid that corresponds to a group that he belongs to.
You can also configure the Default Start Page, which is the start page for all users who don't belong to any of the groups configured in the grid.
To minimize data entry errors, copy and paste start page URLs directly instead of typing them in manually.
Clicking the Save Changes button will cause the configured start pages to take effect in the system.
An audit log captures all historical values in this page.
See also: Appian Administration Console Logging
The following pages relate to authentication administration. Unless otherwise indicated in the setting section, these settings do not apply to users who authenticate through SAML.
The API Keys page allows you to create and manage Service Accounts and API keys, which can be used to invoke Appian Web APIs. This page allows you to:
If you need to create a new service account, you can easily do so by clicking the plus icon to the right of the Service Account picker on the API key creation modal. This prompts you to provide a username.
Service accounts should be created in each environment with the same username and placed in the same groups so that permissions can be promoted to higher environments.
The created service account will have its first name set to the selected username and its last name set to "Service Account". It will be automatically assigned the Service Account role.
Existing users can be converted to service accounts by placing them in the Service Accounts system group. When a service account is removed from the system group or deactivated, all API keys associated with that service account cease to work. Although they won't work, these keys will continue to exist until they are manually deleted.
To create a new API key, click the Create button. This will prompt you to provide a unique description and select a service account to associate with the key.
When the key is generated, the designer should immediately copy the value and store it externally. Appian will never show the value of the API key a second time.
When creating an API key, the API key should be tied to a service account with the same username and given the same description in each environment. API keys can only be used for the environment they're created in.
There are three ways to invalidate an API key:
The Appian Authentication page allows you to control password strength requirements and password expiration policies.
Appian hashes passwords using an industry standard hashing algorithm and only stores the hashed values of passwords. When passwords are entered, they are similarly hashed using the same algorithm, and the result is compared against the stored value.
The Password Format section allows setting the following:
1.A-Z and a-z) allowed in a password. The default is 0.a-z) allowed in a password. The default is 0.A-Z) allowed in a password. The default is 0.0.0. Special characters include: ! " # $ % & ' ( ) \* + , - . / : ; < = > ? @ [ \ ] ^ _ \` { | } ~0 and 24, inclusive. The default is 1, meaning that the user's current password may not be reused but that other previous passwords may be reused.The configurations in this section apply only to passwords managed by Appian and do not apply to accounts that authenticate with LDAP or SAML.
For information and details regarding the configuration of the Remember Me Authentication, see also: Remember Me Authentication
Appian Cloud installations have different default settings than on-premises installations. The following default password policies are in place for Appian Cloud users:
7 characters long.1 numeric character.1 letter.4 passwords used.The Remember Me section allows you to enable and disable remember me and set the length of time a user may go between logins. This configuration applies only to users who authenticate with Appian's native authentication or via LDAP and does not apply to users who authenticate against a SAML identity provider.
See also: Remember Me
The Password Expiration section allows setting the following:
10080 minutes, which is one week.0. This setting does not affect temporary passwords or the ability for an administrator to reset a user's password.When a password expires, the user must change the password before they are allowed to proceed past the Appian log-in page.
The configurations in this section apply only to passwords managed by Appian and do not apply to accounts that authenticate with LDAP or SAML.
Appian Cloud installations have different default settings than on-premises installations. The following default password policies are in place for Appian Cloud users:
90 days.7 days before it happens.Initial passwords for Appian Cloud are temporary passwords. The system prompts users to reset their password immediately after logging into Appian Cloud.
The Forgot Password section allows setting the following:
Enable Forgot Password from Sign-In Page - Should users be able to reset their passwords from the sign-in page? If enabled, users will be able to reset their passwords by clicking the "Forgot your password?" link on sign-in page and following the steps provided.
Password Reset Link Duration (Minutes) - How long should password reset links be valid? A user following an expired link will need to re-enter their username to receive a new link before they can reset their password. When this value changes, the change is applied retroactively to existing links.
When this feature is enabled, only users that meet the following requirements will be able to reset their passwords:
If either SAML or LDAP are enabled for all users, the Enable Forgot Password from Sign-In Page checkbox will disabled and unchecked because when these authentication features are enabled, Appian does not have control over users' credentials. If, however, only some users authenticate through LDAP or SAML, the feature can be enabled, and the "Forgot your password?" link will appear on the sign-in page for all users.
Use import customization files to change the value between environments with different authentication configurations.
Use of this feature can be audited through the Forgot Password Requests and Password Resets audit logs.
User accounts that have difficulty supplying the proper credentials are temporarily locked (prevented from making a login attempt) when the user (or someone attempting to log in as the user) tries too many incorrect passwords. The system does this by keeping track of the number of failed login attempts for each account. The failed login count is reset automatically after some time has passed from the last failed attempt. This prevents the user from accumulating a large number of failed login attempts over a long period of time.
The Account Locking section allows setting the following:
6.30 minutes.30 minutes.The failed login count is reset if the account is unlocked by an administrator.
When you specify a deactivation interval, that same interval must elapse before user accounts begin to be deactivated. For example, if you specify an inactivity deactivation interval of 90 (90 days) on April 1st, a user account that does not successfully log in between April 1st and June 30th is deactivated. In this scenario, a user account that has not logged in since January 1st also remains active until June 30th, as you did not activate the policy until 90 days after the user account became inactive
User accounts that are deactivated due to inactivity are listed at the INFO level in db_PE_yyyy-mm-dd_hhmm.log in the <APPIAN_HOME>/logs/ directory.
The system user Administrator is never automatically deactivated.
Appian Cloud installations have different default settings than on-premises installations. The following default password policies are in place for Appian Cloud users:
Activity from the Appian Mobile applications and SharePoint web parts does not count towards the number of active sessions a user has and requests from the mobile applications and SharePoint web parts are never blocked because a user has reached the concurrent session limit.
See also:
The Terms of Service section allows you to set a message on the sign-in page that users must click to accept before entering the system.
When you change the terms of service, all Remember Me authentication sessions will be invalidated and users will need to input their username and password the next time they sign-in to Appian.
The LDAP Authentication page allows you to configure Appian to authenticate users against an external directory server, like Microsoft Active Directory, via LDAP rather than its native authentication.
In order to prevent you from locking yourself out of Appian, if your configuration requires that the user you are currently logged in as must authenticate via LDAP then you must successfully test your configuration using the "Test" button before saving it.
It is not possible to configure Appian such that a given user may authenticate with either LDAP or native Appian authentication. Each account may only authenticate against one or the other.
LDAP authentication settings cannot be imported or exported from the administration console.
The SAML Authentication page allows you to configure Appian to authenticate users against external SAML identity providers, like Microsoft ADFS or Shibboleth, rather than against Appian's native authentication.
When configuring your SAML identity provider, it is important to ensure that the metadata file uploaded to Appian is consistent with the configurations defined with the identity provider. Specifically, the entity ID or issuer ID in the uploaded IdP metadata file must match the issuer ID found in the SAML response. Appian requires the entity ID within IdP metadata files to be unique across multiple SAML configurations. Attempting to upload IdP metadata files containing identical entity IDs will result in an error and be prevented by the system. It is not recommended to manually modify an IdP metadata file, prior to uploading to Appian in order to circumvent this restriction, as this may result in users not being able to access Appian.
For more information see, SAML Authentication.
The Users page allows you to:
Users cannot be imported or exported from the administration console.
See also: User Management
The Infrastructure page shows you all the Appian environments in your organization and lets you control how those environments are allowed to interact with each other. For example, you can let designers in your development environment view metrics for process models that are running in production.
If your environment leverages Trusted IP Addresses, please be aware that Appian Cloud outbound IP addresses will need to be allowed in order for the infrastructure to work.
To manually add an environment to your infrastructure, action by a system administrator in both environments is required.
First, a system administrator sends a request to add a new environment by clicking Add New Environment and entering the URL for a remote environment. This adds a notification to the top of their infrastructure page:
Outgoing requests can be withdrawn at any time.
Once the request is sent, an email notification is sent to system administrators in the target environment, linking them to the infrastructure page. Here, they can view their incoming requests:
Incoming requests can be approved, denied, or ignored. Each request times out after 7 days.
When Cloud customers upgrade to 19.1, their environments will be pre-configured.
When the infrastructure page loads, your environment will send a test request to each environment in its infrastructure. This request is used to check the connection status of an environment and display an icon accordingly.
System administrators can enable and disable communication with each environment. When both environments have communication enabled, they can leverage infrastructure capabilities. If either environment disables communication, all infrastructure capabilities between the two environments are disabled.
| Icon | Connection Status |
|---|---|
 |
Enabled: this is the only status where infrastructure capabilities can be leveraged |
 |
Disabled by remote environment |
 |
Disabled by current environment |
 |
Disabled by both environments |
 |
Connection error with connection enabled by current environment |
 |
Connection error with connection disabled by current environment |
Adding an environment to your Infrastructure only enables communication with the environment you're in. Just because your environment is connected with two environments doesn't mean those two environments are connected to each other.
Finally, system administrators can remove environments from their infrastructure. This removes their environment from the remote environment's infrastructure as well.
When an environment is removed from your infrastructure, the environment will need to go through the request/approval process to be added back.
The following pages relate to integration administration.
There are two types of SSL certificates that can be managed in the Admin Console: Client Certificates and Trusted Server Certificates.
Some web services require transport-level client certificate authentication when setting up an SSL connection. The Client Certificates tab of the Certificates page allows you to expose certificates for use by the HTTP integration and HTTP connected system objects, the Call Web Service smart service, the webservicequery() expression function, and the webervicewrite() expression function.
Non-HTTP connected systems do not support SSL. These client certificates currently only apply to integrations that use an HTTP connected system, an OpenAPI connected system, or no connected system at all.
The main view of the Client Certificates page is a grid view of all of the client certificates in the system. Initially the grid will be empty. Click New Client Certificate to upload a new certificate. The certificate must be formatted as a PEM file. If the certificate is protected by a password you should enter the password in the password field. This password will not be stored. The certificate will be stored in an encrypted format in the Appian data source.
There is no way to download a certificate from this page. Store a copy outside of Appian as well as uploading one here.
All modifications result in an audit log message with the username of the user who made the change, the previous values, and the new values.
Client certificates cannot be imported or exported from the administration console.
Some web services, such as those that utilize self-signed or internal SSL certificates, require an administrator to explicitly trust certain server certificates for authentication. The Trusted Server Certificates tab of the Certificates page allows administrators to upload a server certificates that should be trusted by integrations, connected systems, the Call Web Service smart service, the webservicequery() expression function, and the webervicewrite() expression function.
The main view of the Trusted Server Certificates page is a grid view of all of the trusted certificates that have been added through Trusted Server Certificates grid. Initially the grid will be empty. Click New Trusted Server Certificate to upload a new certificate. The certificate must be formatted as a PEM file. The certificate will be stored in an encrypted format in the Appian data source.
There is no way to download a certificate from this page. Store a copy outside of Appian as well as uploading one here.
All modifications result in an audit log message with the username of the user who made the change, the previous values, and the new values.
Trusted server certificates cannot be imported or exported from the administration console.
The data sources page lets you integrate Appian with external databases using a JDBC connection by adding, updating, and removing named connection configurations called data sources. These data sources are available for designers to use in their applications through data stores and the Query Database smart service.
A data source consists of the following fields:
You cannot create a data source with the same name as the Appian data source, as specified in the conf.data.APPIAN_DATA_SOURCE property in custom.properties.
See also: Business Data Sources
The Email page allows you to enable or disable the ability for Appian to send email.
The Embedded Interfaces page allows you to manage origins and themes for embedding interfaces on external web sites.
The Origins section allows you to add and remove from the list of hosts that are allowed to make cross-origin resource sharing requests to your Appian site. If an Appian interface is embedded on a web site that uses a different host than Appian, that host must be added to the allowed origins list. Origins should be entered using the host as it is typed in the browser address bar with the port (if it's different than the protocol default) but without the protocol, like server.example.com or server.example.com:8080.
By default, the list is empty. The prevention of unauthorized cross-origin requests is an important part of web application security, so only trusted hosts should be added to this list.
Adding or removing a host results in an audit log message with the username of the user who made the change, the previous list of allowed hosts, and the new list.
See also: Embedded Interfaces
The Themes section allows you to configure any number of themes with custom font and color styling. A theme can be optionally applied to the interfaces that are embedded in an external web page. This allows custom styling of embedded interfaces in order to make them more consistent with the host web page.
Note that themes can only be applied to embedded interfaces. Learn more about Tempo branding and sites branding.
All modifications to themes result in an audit log message with the username of the user who made the change, the previous values, and the new values.
See also: Themes for Embedded Interfaces
The HTTP Proxy page allows you to configure a proxy server for outgoing HTTP and HTTPS connections. The proxy is used by following integration features:
*.google.com will match www.google.com and docs.google.com.realtime.machinelearning.*.amazonaws.com*api.cognitive.microsoft.comlanguage.googleapis.comThe Legacy Web Services page allows you to manage processes exposed as web services. The interface for configuring legacy web services opens in a new browser tab.
We recommend designers instead use web APIs and the Start Process smart service to expose process models to external systems.
Legacy web services cannot be imported or exported from the administration console.
This page allows you to configure Appian's Task Viewer Add-in for Microsoft Outlook.
/suite/integrations/office/outlook, that serves up the content to embed in Outlook is enabled. The endpoint can only serve up content when embedded in Outlook and does not expose sensitive data to unauthenticated users.The Third-Party Credentials page allows you to manage credentials to external systems. These credentials are stored in the Secure Credentials Store and can be used by authorized plug-ins through the public API as well as by built-in smart services and functions such as the Call Web Service smart service and the webservicequery expression function.
The main view of the Third-Party Credentials page is a grid view of all of the configured sets of credentials. Initially the grid will be empty. Click Create to create a new entry.
A form with the following fields will display, allowing for the creation of a new set of credentials for connecting to an external system.
true if the connection was successful. As a best practice, define the expression in a rule and use the rule here. When testing the connection, the expression only has access to the current credentials on the form and you must use the unique identifier key as generated to retrieve the credentials from the Secure Credentials Store. If testing using a function that is provided in a plug-in, that plug-in must be in the authorization list.Deleting individual credentials fields will cause all site-wide and per-user values for that field to be deleted. Deleting a set of third-party credentials from the grid on the main page will cause all site-wide and per-user values for the entire set of credentials fields to be deleted.
All credential changes result in a audit log message with the username of the user who made the change, the previous values, and the new values.
See also:
The following pages relate to monitoring your Appian installation.
The Current User Activity page allows you to see which users are currently active on your site.
User activity is stored for 1 hour and only the most recent 1000 entries are displayed.
When a user logs out of the system, they are removed from the list of recent activity.
It is possible for the same user to appear in the list twice if they are connected from two different browsers or mobile clients.
Current user activity information cannot be imported or exported from the administration console.
The Document Reports page shows the following usage information about documents in the system:
Note that user avatars are stored as documents, so views of user images are counted as downloads.
The Import History page allows you to see all the imports that have occurred on the system during the last 30 days. This includes imports from:
ImportExportService
Clicking the document icon on the last column of the grid will download the import log for the corresponding import.
Import history information cannot be imported or exported from the administration console.
The Rule Performance page allows you to see the historical performance of all of the rules in the system. It contains a table of rule name, the number of times that rule has been executed, the average execution time, the minimum execution time, and the maximum execution time.
A moving window of thirty days of performance metrics are gathered and stored as end users execute the rules. The evaluation times recorded do not include the evaluation of the rules when they are executed in Appian Designer.
Clicking on the name of a rule will bring up more details on the performance of that rule, including graphs of the performance over time. These graphs are the same as the ones found in the historical performance trends in the performance view.
This page contains performance data for rule objects, including expression rules, interfaces, query rules, integrations, and decisions.
Rule performance information cannot be imported or exported from the administration console.
All settings can be imported and exported from the Admin Console, except for those on the following tabs:
For security reasons, credential values are not exported. It is possible to provide values during import using an import customization file.
The Export Settings dialog can be accessed via the Export button in the administration console header.
The Export Settings dialog shows a list of all available admin console settings available to be exported. This grid can be filtered by clicking on the Show Filters link; settings can be filtered on category or modified date. After performing an export the confirmation dialog will provide a link to the administration console package. If the exported settings require an import customization file then this file will be generated at export time and be available to download from the confirmation dialog as well.
The Import Settings dialog can be accessed via the Import button in the administration console header.
The Import Settings dialog allows you to import an admin console package to the system. Additionally, an import customization file and an application or patch package can be uploaded so that all three can be imported together. This can be used when your application relies on admin console settings to import correctly or vice versa. For example, you are deploying a brand new application and you need to import the application data store along with a new data source that the data store points to. See the Application Deployment Guidelines page for more information.
On This Page
