3.9.1 General

The General tab displays and allows you to manage essential Realm-level configurations in ZTrust. Here, administrators can customize realm properties, security settings, and endpoint details.

Fig 3.9.1.a: Realm Settings, General Settings for Realm

Within the General tab, you'll find the Realm details displayed.

Realm ID

• A mandatory field that displays the unique identifier of the realm.

• This value is automatically generated and cannot be modified.

Display Name

• Specifies the name displayed on the ZTrust login page.

• You can customize this field to reflect your organization’s branding or identity.

Fig 3.9.1.b: Realm Settings, Specify the Display name

HTML Display Name

• Defines the name displayed on the login page but allows HTML customization.

• Use this option if you want to add custom styling or HTML elements to the display name for a personalized login experience.

Frontend URL

• Specifies the frontend URL for the realm.

• Used in conjunction with the default hostname provider to replace the base URL for frontend requests specific to a particular realm.

Require SSL

Determines whether SSL (Secure Sockets Layer) is enforced for realm-specific requests. Options include:

• All Requests → SSL is required for every request. (Recommended for maximum security)

• External Requests → SSL is required only for external requests.

• None → SSL is not required for any requests. (Not recommended for production environments)

Fig 3.9.1.c: Realm Settings, Specify the Required SSL

ACR to LoA Mapping

• Here, in the Login settings of a Realm, you can specify which Authentication Context Class Reference (ACR) value is mapped to which Level of Authentication (LoA).

• ACR values may vary, but LoA must always be numeric.

• Can be configured at both the realm and client levels, though it is recommended to keep mappings consistent at the realm level.

Fig 3.9.1.d: Realm Settings, Specify the ACR to LoA Mapping

User Managed Access

• A toggle button that enables or disables user-managed resource permissions.

• Enabled (ON): Users can manage their resources and permissions via the Account Management Console.

• Disabled (OFF): Restricts this ability; only administrators can manage permissions.

Unmanaged Attributes

Controls the handling of user attributes not explicitly defined in the user profile configuration. Options include:

• Disabled (Default): Unmanaged attributes are not available in any context, including registration, account management, and the admin console.

• Enabled: Attributes are recognized and accessible in all contexts.

• Only administrators can view: Unmanaged attributes are read-only for users and are visible only in the admin console and via API.

• Only administrators can write: Attributes are read-only for users and editable only by administrators through the console or API.

Fig 3.9.1.e: Realm Settings, Specify the Unmanaged Attributes

Endpoints

• Displays all configured endpoints associated with the realm.

• In ZTrust, endpoints are typically configured using OpenID Connect and SAML protocols for authentication and identity management.

Save & Revert

• Save: Click Save to apply and confirm any changes made in this section.

• Revert: Click Revert to discard unsaved changes and restore the previous configuration.