v1.38.0
Configuration options for CiviForm branding.
Admin readable
Small logo for the civic entity used on the login page.
- Type: string
Admin writeable
The short display name of the civic entity, will use 'TestCity' if not set. Required.
- Type: string
Admin writeable
The full display name of the civic entity, will use 'City of TestCity' if not set. Required.
- Type: string
Admin readable
- Type: string
Configures connections to external services the CiviForm server relies on.
Admin readable
What identity provider to use for applicants. Required.
- Type: string
- Allowed values:
idcs
login-radius
generic-oidc
login-gov
auth0
disabled
Admin readable
URI to create a new account in the applicant identity provider.
- Type: string
Admin writeable
The name of the portal that applicants log into, used in sentences like 'Log into your APPLICANT_PORTAL_NAME account.' Required.
- Type: string
IDCS_CLIENT_ID
Managed secret
An opaque public identifier for apps that use OIDC (OpenID Connect) to request data from authorization servers, specifically communicating with IDCS. A Civiform instance is always the client.
- Type: string
IDCS_SECRET
Managed secret
A secret known only to the client (Civiform) and authorization server, specifically for IDCS OIDC systems. This secret essentially acts as the client’s “password” for accessing data from the auth server.
- Type: string
IDCS_DISCOVERY_URI
Server setting
A URL that returns a JSON listing of OIDC (OpenID Connect) data associated with the IDCS auth provider.
- Type: string
LOGIN_RADIUS_API_KEY
Server setting
The API key used to interact with LoginRadius.
- Type: string
LOGIN_RADIUS_METADATA_URI
Server setting
The base URL to construct SAML endpoints, based on the SAML2 spec.
- Type: string
LOGIN_RADIUS_SAML_APP_NAME
Server setting
The name for the app, based on the SAML2 spec.
- Type: string
LOGIN_RADIUS_KEYSTORE_NAME
Server setting
Name of the SAML2 keystore, used to store digital certificates and private keys for SAML auth.
- Type: string
LOGIN_RADIUS_KEYSTORE_PASS
Server setting
The password used the protect the integrity of the SAML keystore file.
- Type: string
LOGIN_RADIUS_PRIVATE_KEY_PASS
Server setting
The password used to protect the private key of the SAML digital certificate.
- Type: string
APPLICANT_OIDC_PROVIDER_LOGOUT
Server setting
- Type: bool
APPLICANT_OIDC_OVERRIDE_LOGOUT_URL
Server setting
By default the 'end_session_endpoint' from the auth provider discovery metadata file is used as the logout endpoint. However for some integrations that standard flow might not work and we need to override logout URL.
- Type: string
APPLICANT_OIDC_POST_LOGOUT_REDIRECT_PARAM
Server setting
URL param used to pass the post logout redirect url in the logout request to the auth provider. It defaults to 'post_logout_redirect_uri' if this variable is unset. If this variable is set to the empty string, the post logout redirect url is not passed at all and instead it needs to be hardcoded on the the auth provider (otherwise the user won't be redirected back to civiform after logout).
- Type: string
APPLICANT_OIDC_PROVIDER_NAME
Server setting
The name of the OIDC (OpenID Connect) auth provider (server), such as “Auth0” or “LoginRadius”.
- Type: string
APPLICANT_OIDC_CLIENT_ID
Server setting
An opaque public identifier for apps that use OIDC (OpenID Connect) to request data from authorization servers. A Civiform instance is always the client.
- Type: string
APPLICANT_OIDC_CLIENT_SECRET
Managed secret
A secret known only to the client (Civiform) and authorization server. This secret essentially acts as the client’s “password” for accessing data from the auth server.
- Type: string
APPLICANT_OIDC_DISCOVERY_URI
Server setting
A URL that returns a JSON listing of OIDC (OpenID Connect) data associated with a given auth provider.
- Type: string
APPLICANT_OIDC_RESPONSE_MODE
Server setting
Informs the auth server of the desired auth processing flow, based on the OpenID Connect spec.
- Type: string
APPLICANT_OIDC_RESPONSE_TYPE
Server setting
Informs the auth server of the mechanism to be used for returning response params from the auth endpoint, based on the OpenID Connect spec.
- Type: string
APPLICANT_OIDC_ADDITIONAL_SCOPES
Server setting
Scopes the client (CiviForm) is requesting in addition to the standard scopes the OpenID Connect spec provides.
- Type: string
APPLICANT_OIDC_LOCALE_ATTRIBUTE
Server setting
The locale of the user, such as “en-US”.
- Type: string
APPLICANT_OIDC_EMAIL_ATTRIBUTE
Server setting
The OIDC attribute name for the user’s email address.
- Type: string
APPLICANT_OIDC_FIRST_NAME_ATTRIBUTE
Server setting
The OIDC attribute name for the user’s first name.
- Type: string
APPLICANT_OIDC_MIDDLE_NAME_ATTRIBUTE
Server setting
The OIDC attribute name for the user’s middle name.
- Type: string
APPLICANT_OIDC_LAST_NAME_ATTRIBUTE
Server setting
The OIDC attribute name for the user’s last name.
- Type: string
LOGIN_GOV_CLIENT_ID
Server setting
An opaque public identifier for apps that use OIDC (OpenID Connect) to request data from authorization servers, specifically communicating with Login.gov. A Civiform instance is always the client.
- Type: string
LOGIN_GOV_DISCOVERY_URI
Server setting
A URL that returns a JSON listing of OIDC (OpenID Connect) data associated with a given auth provider, specifically for Login.gov.
- Type: string
LOGIN_GOV_ADDITIONAL_SCOPES
Server setting
Scopes the client (CiviForm) is requesting in addition to the standard scopes the OpenID Connect spec provides. Scopes should be separated by a space.
- Type: string
LOGIN_GOV_ACR_VALUE
Server setting
Authentication Context Class Reference requests. ial/1 is for open registration, email only. ial/2 is for requiring identity verification.
- Type: string
- Allowed values:
http://idmanagement.gov/ns/assurance/ial/1
http://idmanagement.gov/ns/assurance/ial/2
Admin readable
What identity provider to use for admins.
- Type: string
- Allowed values:
adfs
generic-oidc-admin
ADFS_CLIENT_ID
Server setting
An opaque public identifier for apps that use OIDC (OpenID Connect) to request data from authorization servers, specifically communicating with ADFS. A Civiform instance is always the client.
- Type: string
ADFS_SECRET
Managed secret
A secret known only to the client (Civiform) and authorization server. This secret essentially acts as the client’s “password” for accessing data from the auth server.
- Type: string
ADFS_DISCOVERY_URI
Server setting
A URL that returns a JSON listing of OIDC (OpenID Connect) data associated with the IDCS auth provider.
- Type: string
ADFS_ADMIN_GROUP
Server setting
The name of the admin group in Active Directory, typically used to tell if a user is a global admin.
- Type: string
ADFS_ADDITIONAL_SCOPES
Server setting
Scopes the client (CiviForm) is requesting in addition to the standard scopes the OpenID Connect spec provides. Scopes should be separated by a space.
- Type: string
AD_GROUPS_ATTRIBUTE_NAME
Server setting
The attribute name for looking up the groups associated with a particular user.
- Type: string
ADMIN_OIDC_PROVIDER_NAME
Server setting
The name of the OIDC (OpenID Connect) auth provider (server), such as 'Auth0' or 'Okta'.
- Type: string
ADMIN_OIDC_CLIENT_ID
Server setting
An opaque public identifier for apps that use OIDC (OpenID Connect) to request data from authorization servers. A Civiform instance is always the client.
- Type: string
ADMIN_OIDC_CLIENT_SECRET
Server setting
A secret known only to the client (Civiform) and authorization server. This secret essentially acts as the client’s “password” for accessing data from the auth server.
- Type: string
ADMIN_OIDC_DISCOVERY_URI
Server setting
A URL that returns a JSON listing of OIDC (OpenID Connect) data associated with a given auth provider.
- Type: string
ADMIN_OIDC_RESPONSE_MODE
Server setting
Informs the auth server of the desired auth processing flow, based on the OpenID Connect spec.
- Type: string
ADMIN_OIDC_RESPONSE_TYPE
Server setting
Informs the auth server of the mechanism to be used for returning response params from the auth endpoint, based on the OpenID Connect spec.
- Type: string
ADMIN_OIDC_USE_CSRF
Server setting
OIDC client should provide CSRF protection.
- Type: bool
ADMIN_OIDC_ID_GROUPS_ATTRIBUTE_NAME
Server setting
Name of attribute that provides the groups associated with an account.
- Type: string
ADMIN_OIDC_ADMIN_GROUP_NAME
Server setting
Name of group that indicates an account is a global admin.
- Type: string
ADMIN_OIDC_ADDITIONAL_SCOPES
Server setting
Scopes the client (CiviForm) is requesting in addition to the standard scopes the OpenID Connect spec provides.
- Type: string
Configures the connection to the PostgreSQL database.
Server setting
- Type: bool
Server setting
Sets how many connections to the database are maintained.
- Type: int
Server setting
The database URL.
- Type: string
Managed secret
The username used to connect to the database.
- Type: string
Managed secret
The password used to connect to the database.
- Type: string
Server setting
Determines which kind of ExecutorService to use for the default dispatcher. The default is 'fork-join-executor'
- Type: string
Server setting
Min number of threads to cap factor-based parallelism number to for the 'fork-join-executor'
- Type: int
Server setting
Max number of threads to cap factor-based parallelism number to for the 'fork-join-executor'
- Type: int
Server setting
The parallelism factor is used to determine thread pool size for the 'fork-join-executor' using the following formula: ceil(available processors * factor). Resulting size is then bounded by the parallelism-min and parallelism-max values.
- Type: int
Server setting
The size of the thread pool for the 'thread-pool-executor' type. If not defined, this will use the default core and max pool sizes.
- Type: int
Server setting
The number of messages that are processed in a batch before the thread is returned to the pool. Set to 1 for as fair as possible.
- Type: int
Server setting
Region where the AWS SES service exists. If STORAGE_SERVICE_NAME is set to 'aws', it is also the region where the AWS s3 service exists.
- Type: string
Server setting
The email address used for the 'from' email header for emails sent by CiviForm.
- Type: string
Configuration options for the application file upload storage provider
Server setting
What static file storage provider to use.
- Type: string
- Allowed values:
s3
azure-blob
Server setting
s3 bucket to store files in.
- Type: string
Server setting
The max size (in Mb) of files uploaded to s3.
- Type: string
Server setting
The azure account name where the blob storage service exists.
- Type: string
Server setting
Azure blob storage container name to store files in.
- Type: string
Server setting
- Type: string
Configuration options for the ESRI GIS client and address validation/correction feature.
Admin readable
- Type: string
Admin readable
Human readable labels used to present the service area validation options in CiviForm’s admin UI.
- Type: index-list
Admin readable
The value CiviForm uses to validate if an address is in a service area.
- Type: index-list
Admin readable
- Type: index-list
Admin readable
The attribute CiviForm checks from the service area validation response to get the service area validation ID.
- Type: index-list
Admin readable
The number of tries CiviForm will attempt requests to external Esri services.
- Type: int
Admin writeable
This email address is listed in the footer for applicants to contact support. Required.
- Type: string
Admin writeable
This email address receives error notifications from CiviForm when things break.
- Type: string
Server setting
If this is a staging deployment, the application notification email is sent to this email address instead of the program administrator's email address.
- Type: string
Server setting
If this is a staging deployment, the application notification email is sent to this email address instead of the trusted intermediary's email address.
- Type: string
Server setting
If this is a staging deployment, the application notification email is sent to this email address instead of the applicant's email address.
- Type: string
Text specific to a civic entity.
Admin writeable
The text for a link on the Common Intake confirmation page that links to more resources. Shown when the applicant is not eligible for any programs in CiviForm.
- Type: string
Admin writeable
The HREF for a link on the Common Intake confirmation page that links to more resources. Shown when the applicant is not eligible for any programs in CiviForm.
- Type: string
- Validation regular expression:
^(http://|https://).+
- Regular expression examples:
http://my-civiform.org
should match.https://my-civiform.org
should match.my-civiform.org
should not match.
Managed secret
- Type: string
Admin readable
The URL of the CiviForm deployment. Must start with 'https://' or 'http://'. Required.
- Type: string
- Validation regular expression:
^(http://|https://).+
- Regular expression examples:
http://my-civiform.org
should match.https://my-civiform.org
should match.my-civiform.org
should not match.
Server setting
DNS name of the staging deployment. Must not start with 'https://' or 'http://'.
- Type: string
- Validation regular expression:
^(?!http://|https://).+
- Regular expression examples:
my-civiform.org
should match.http://my-civiform.org
should not match.https://my-civiform.org
should not match.
Server setting
The languages that applicants can choose from when specifying their language preference and that admins can choose from when adding translations for programs and applications.
- Type: index-list
Admin readable
A Java time zone ID indicating the time zone for this CiviForm deployment. All times in the system will be calculated in this zone. Default value is 'America/Los_Angeles' Required.
- Type: string
Admin readable
The tag of the docker image this server is running inside. Is added as a HTML meta tag with name 'civiform-build-tag'. If SHOW_CIVIFORM_IMAGE_TAG_ON_LANDING_PAGE is set to true, is also shown on the login page if CIVIFORM_VERSION is the empty string or set to 'latest'.
- Type: string
Admin readable
The release version of CiviForm. For example: v1.18.0. If SHOW_CIVIFORM_IMAGE_TAG_ON_LANDING_PAGE is set to true, is also shown on the login page if it a value other than the empty string or 'latest'.
- Type: string
Admin readable
Where to find the IP address for incoming requests. Default is "DIRECT" where the IP address of the request is the originating IP address. If "FORWARDED" then request has been reverse proxied and the originating IP address is stored in the X-Forwarded-For header.
- Type: string
- Allowed values:
DIRECT
FORWARDED
Configuration options for CiviForm observability features.
Admin readable
If enabled, allows server Prometheus metrics to be retrieved via the '/metrics' URL path. If disabled, '/metrics' returns a 404.
- Type: bool
Admin readable
The Google Analytics tracking ID. If set, Google Analytics JavaScript scripts are added to the CiviForm pages.
- Type: string
Managed secret
A cryptographic secret salt used for salting API keys before storing their hash values in the database. This value should be kept strictly secret. If one suspects the secret has been leaked or otherwise comprised it should be changed and all active API keys should be retired and reissued. Default value is 'changeme'.
- Type: string
Server setting
When true prevents the CiviForm admin from issuing API keys that allow callers from all IP addresses (i.e. a CIDR mask of /0).
- Type: bool
Admin readable
An integer specifying the maximum number of entries returned in a page of results for the applications export API.
- Type: int
Configuration options for the CiviForm Job Runner.
Server setting
An integer specifying the polling interval in seconds for the durable job system. A smaller number here increases the polling frequency, which results in jobs running sooner when they are scheduled to be run immediately, at the cost of more pressure on the database. Default value is 5.
- Type: int
Server setting
An integer specifying the timeout in minutes for durable jobs i.e. how long a single job is allowed to run before the system attempts to interrupt it. Default value is 30.
- Type: int
Server setting
The number of server threads available for the durable job runner. More than a single thread will the server execute multiple jobs in parallel. Default value is 1.
- Type: int
Configuration options to enable or disable optional or in-development features.
Admin writeable
Enables the feature that allows for service area validation of a corrected address. ESRI_ADDRESS_CORRECTION_ENABLED needs to be enabled.
- Type: bool
Admin writeable
Enables the feature that allows address correction for address questions.
- Type: bool
Admin writeable
If enabled, allows questions to be optional in programs. Is enabled by default.
- Type: bool
Admin writeable
If enabled, CiviForm Admins are able to see all applications for all programs. Is disabled by default.
- Type: bool
Admin writeable
If enabled, the value of CIVIFORM_IMAGE_TAG will be shown on the login screen. Is disabled by default.
- Type: bool
Admin writeable
Enables the Common Intake Form feature.
- Type: bool
Server setting
If this is a staging deployment and this variable is set to true, a robots noindex metadata tag is added to the CiviForm pages. This causes the staging site to not be listed on search engines.
- Type: bool
Server setting
If this is a staging deployment and this variable is set to true, the 'DEMO MODE. LOGIN AS:' buttons are not shown on the login page.
- Type: bool
Admin writeable
Enables the API docs tab on CiviForm.
- Type: bool
Last modified 1mo ago