The primedocs.config file is the central configurational file for the serverside primedocs applicaitons.

It is in the installation directory (per default in C:\inetpub\wwwroot\primedocs\primedocs.config).

Features can be activated and deactivated via the primedocs.config.

Note that an incorrect configuration can lead to errors and that certain features are relevant in terms of licensing! Please contact our support for this.

Followingly please find some examples:

Default installation

The GUIDs, passwords, secrets, URLs and ConnectionStrings should not be copied from the example below. During installation, the GUIDs, passwords and secrets are automatically created randomly.

The standard OnPrem installation relies on Windows Authentication.

<primedocs operationDbConnectionString="Data Source=your-sql-server.yourcorp.local;Initial Catalog=primedocs_Prod_Operation;User ID=primedocsuser;Password=password_here;MultipleActiveResultSets=True"
           databaseLoggingEnabled="false">
  <datasources>
    <add id="9e769582-b411-43fa-b8f6-d15ea3d83dde" isPrimary="true" dbConnectionString="Data Source=your-sql-server.yourcorp.local;Initial Catalog=primedocs_Prod;User ID=primedocsuser;Password=password_here;MultipleActiveResultSets=True;Encrypt=False" name="primedocs" />
  </datasources>
  <clients>
    <!-- Windows Client OIDC Settings -->
    <add id="710be047-475a-4991-90b3-351ea93d6908" oidcClientId="DefaultClient" oidcClientSecret="G754ePPG0SBC" userAuthType="FromLogin" />
    <!-- WebApi to invoke the Connect (DCS) -->
    <add id="84234199-5448-4d73-8182-b5623e51e99c" basicAuth="CONNECT-USER:izieAoETHS04" mappedToPrimarySid="CONNECT-USER" />
  </clients>
  <apps>
    <add id="e185dddd-2cb4-43e2-a6fe-cf4272dd3401" name="Service" url="https://your-url.local/service/" logFilePath="Service\" type="Service" />
    <add id="9ef34d3a-13b5-4f06-b437-b300474beb6d" name="IdentityServer" url="https://your-url.local/ids/" logFilePath="IdS\" type="IdentityServer" />
    <add id="c74a324d-7c36-4d2f-b422-f2fdad41f81e" name="HealthMonitor" url="https://your-url.local/healthmonitor/" type="HealthMonitor" />
    <add id="f7199131-de81-4d40-a254-39e7db9660f0" name="DataSourceAdminApp" url="https://your-url.local/datasourceadminapp/" logFilePath="DataSourceAdminApp\" type="DataSourceAdminApp" />
    <add id="279b5480-27e5-4a09-bf9f-4c10d1770c76" name="App" url="https://your-url.local/app/" logFilePath="App\" type="App" />    
    <add id="f25dc7b9-d989-4d03-89ff-3ee17bf7d020" name="JobHost" logFilePath="JobHost\" type="JobHost" />
    <add id="1cdca9fc-780b-477e-af20-29be64bf8dae" name="Connect" url="https://your-url.local/connect/" logFilePath="Connect\" type="Connect" />
    <add id="1d28ed6f-74d4-4942-b254-b287db6e1cf9" name="AddressService" url="https://your-url.local/addressservice/" logFilePath="AddressService\" type="AddressService" />
    <add id="a7ee7e49-b0eb-472c-aecb-cc0ca5257342" name="WebApi" url="https://your-url.local/webapi/" logFilePath="WebApi\" type="WebApi" />
    <add id="822a4c62-ed2d-4165-9bb1-eb979632c0aa" name="AdminApp" url="https://your-url.local/adminapp/" logFilePath="AdminApp\" type="AdminApp" />
  </apps>
  <identity signingCertFilePath="cert.pfx"
            signingCertPassword="kWFgDhRAMgKk"
            introspectionSecret="1Ubp4Efp6H3G">
    <providers>
      <winAuth authority="https://your-url.local/IdSWindowsAuth" 
               clientId="winauth" clientSecret="winauth-L2VDmPzm7PbK" />
    </providers>	
  </identity>
  <service streamBufferSizeInBytes="81920">
    <syncBehavior maxConcurrentClients="30" initialAverageSyncTimeInSeconds="10" timeoutInSeconds="120" />
  </service>
  <healthMonitor basicAuth="user:YHBAe5oAwsi2" clientSecret="healthmonitor-s5iZRGCWZ7ZE" intervalInSeconds="600"/>
</primedocs>

Default installation with Entra ID

If you would like to log in using your Entra ID (formerly Azure Active Directory) instead of Windows authentication, follow the steps at Entra ID Apps.
The clientId/clientSecret for the "user application" and the clientId/clientSecret for access to the DataSourceAdminApp (Dashboard) must be stored in primedocs.config:

<primedocs operationDbConnectionString="Data Source=your-sql-server.yourcorp.local;Initial Catalog=primedocs_Prod_Operation;User ID=primedocsuser;Password=password_here;MultipleActiveResultSets=True"
           databaseLoggingEnabled="false">
  <datasources>
    <add id="9e769582-b411-43fa-b8f6-d15ea3d83dde" isPrimary="true" dbConnectionString="Data Source=your-sql-server.yourcorp.local;Initial Catalog=primedocs_Prod;User ID=primedocsuser;Password=password_here;MultipleActiveResultSets=True;Encrypt=False" name="primedocs" 
         allowedForTenant="{TENANTGUID}"
    />
  </datasources>
  <clients>
    <!-- Windows Client OIDC Settings -->
    <add id="710be047-475a-4991-90b3-351ea93d6908" oidcClientId="DefaultClient" oidcClientSecret="G754ePPG0SBC" userAuthType="FromLogin" />
    <!-- WebApi to invoke the Connect (DCS) -->
    <add id="84234199-5448-4d73-8182-b5623e51e99c" basicAuth="CONNECT-USER:izieAoETHS04" mappedToPrimarySid="CONNECT-USER" />
  </clients>
  <apps>
    <add id="e185dddd-2cb4-43e2-a6fe-cf4272dd3401" name="Service" url="https://your-url.local/service/" logFilePath="Service\" type="Service" />
    <add id="9ef34d3a-13b5-4f06-b437-b300474beb6d" name="IdentityServer" url="https://your-url.local/ids/" logFilePath="IdS\" type="IdentityServer" />
    <add id="c74a324d-7c36-4d2f-b422-f2fdad41f81e" name="HealthMonitor" url="https://your-url.local/healthmonitor/" type="HealthMonitor" />
    <add id="f7199131-de81-4d40-a254-39e7db9660f0" name="DataSourceAdminApp" url="https://your-url.local/datasourceadminapp/" logFilePath="DataSourceAdminApp\" type="DataSourceAdminApp" />
    <add id="279b5480-27e5-4a09-bf9f-4c10d1770c76" name="App" url="https://your-url.local/app/" logFilePath="App\" type="App" />    
    <add id="f25dc7b9-d989-4d03-89ff-3ee17bf7d020" name="JobHost" logFilePath="JobHost\" type="JobHost" />
    <add id="1cdca9fc-780b-477e-af20-29be64bf8dae" name="Connect" url="https://your-url.local/connect/" logFilePath="Connect\" type="Connect" />
    <add id="1d28ed6f-74d4-4942-b254-b287db6e1cf9" name="AddressService" url="https://your-url.local/addressservice/" logFilePath="AddressService\" type="AddressService" />
    <add id="a7ee7e49-b0eb-472c-aecb-cc0ca5257342" name="WebApi" url="https://your-url.local/webapi/" logFilePath="WebApi\" type="WebApi" />
    <add id="822a4c62-ed2d-4165-9bb1-eb979632c0aa" name="AdminApp" url="https://your-url.local/adminapp/" logFilePath="AdminApp\" type="AdminApp" />
  </apps>
  <identity signingCertFilePath="cert.pfx"
    signingCertPassword="kWFgDhRAMgKk"
    introspectionSecret="1Ubp4Efp6H3G">
    <providers>
      <office365Auth authority="
https://login.microsoftonline.com/{TENANTGUID}"
        clientId="{CLIENTID}"
        clientSecret="{CLIENTSECRET}"
        microsoftAppDelegateScopes="email openid profile User.Read offline_access" />
      <!-- AzureAD App for authentication instead of hardcoded admins -->
      <dataSourceAdminAppAuth clientId="{CLIENTID-DATASOURCEADMINAPP}"
        clientSecret="{CLIENTSECRET-DATASOURCEADMINAPP}"
        authority="
https://login.microsoftonline.com/{TENANTGUID}"
        microsoftAppDelegateScopes="email openid profile offline_access" />
    </providers>
  </identity>
  <service streamBufferSizeInBytes="81920">
    <syncBehavior maxConcurrentClients="30" initialAverageSyncTimeInSeconds="10" timeoutInSeconds="120" />
  </service>
  <healthMonitor basicAuth="user:YHBAe5oAwsi2" clientSecret="healthmonitor-s5iZRGCWZ7ZE" intervalInSeconds="600"/>
</primedocs>

Note that you must replace the {TENANTGUID} with the id from Entra ID.

Without-IdS Option

<primedocs>
  <datasources>
    <add id="26735c39-3d6e-44c6-b701-f5ab6cc429fd" isPrimary="true" dbConnectionString="Data Source=your-sql-server.yourcorp.local;Initial Catalog=primedocs_Prod;User ID=primedocsuser;Password=password_here;MultipleActiveResultSets=True;Encrypt=False" name="primedocs" />
  </datasources>
  <apps>
    <add id="7e132bcb-b088-4cb2-b717-30174884b8f4" name="Service" url="https://your-url.local/service/" logFilePath="Service\" type="Service" />
    <add id="60e0654e-9e62-4df2-8b24-4d00f2677cfa" name="HealthMonitor" url="https://your-url.local/healthmonitor/" type="HealthMonitor" />
    <add id="80e85dff-e533-42df-b8f3-930598d9b955" name="JobHost" logFilePath="JobHost\" type="JobHost" />
    <add id="f7199131-de81-4d40-a254-39e7db9660f0" name="DataSourceAdminApp" url="https://your-url.local/datasourceadminapp/" logFilePath="DataSourceAdminApp\" type="DataSourceAdminApp" />
    <add id="c5667157-6cce-4da6-93ce-464b68947349" name="Connect" url="https://your-url.local/connect/" logFilePath="Connect\" type="Connect" />
    <add id="7ee9d094-e728-4e36-91ea-8fb64aa6b765" name="AddressService" url="https://your-url.local/addressservice/" logFilePath="AddressService\" type="AddressService" />
  </apps>
  <service streamBufferSizeInBytes="81920">
    <syncBehavior maxConcurrentClients="30" initialAverageSyncTimeInSeconds="10" timeoutInSeconds="120" />
  </service>
  <healthMonitor basicAuth="user:iPvKHKDmvlwP" clientSecret="healthmonitor-k9VBA5TXke9P" intervalInSeconds="600"/>
</primedocs>

cert.pfx

The cert.pfx specified in primedocs.config is used to sign the authentication tokens and has no reference to TLS/SSL certificates.

The certificate is generated during installation; the certificate is always generated with these parameters:

Admin API

Via the Admin API third-party systems can access primedocs' APIs. This requires the following registration in the primedocs.config: