ICC --action Reconfigure reference

Name

Reconfigure an existing instance:

ICC --action Reconfigure

The --help parameter can show more information about the command:

ICC --action Reconfigure --help

Synopsis

Print out a short help for the command:

ICC [-a|--action] Reconfigure [-h|--help]

Change user's password:

ICC [-a|--action] Reconfigure [-n|--name] "<INSTANCE_NAME>" [-c|--change-user-password] [-u|--username] "<USER_NAME>" [-p|--password] "<PASSWORD>" [-f|--configuration-file] "<FILE_PATH>" [-i|--pincode] "<PIN_CODE>"

Change the instance's signing certificate using a certificate from the server's Windows Certificate store (Local Machine\Personal):

ICC [-a|--action] Reconfigure [-n|--name] "<INSTANCE_NAME>" [-s|--change-signing-certificate] [-t|--thumbprint] "<CERTIFICATE_THUMBPRINT>" [-f|--configuration-file] "<FILE_PATH>" [-i|--pincode] "<PIN_CODE>"

Change the instance's signing certificate using a certificate from Azure Key Vault:

ICC [-a|--action] Reconfigure [-n|--name] "<INSTANCE_NAME>" [-s|--change-signing-certificate] [--use-azure-key-vault] [--key-vault-mode] "<KEY_VAULT_MODE>" [--azure-tenant-id] "<AZURE_TENANT_ID>" [--application-client-id] "<APPLICATION_CLIENT_ID>" [--application-client-secret] "<APPLICATION_CLIENT_SECRET>" [--azure-key-vault-url] "<AZURE_KEY_VAULT_URL>" [--certificate-name] "<CERTIFICATE_NAME>" [--key-name] "<KEY_NAME>" [--base64-encoded-certificate] "<BASE64_ENCODED_CERTIFICATE>" [-f|--configuration-file] "<FILE_PATH>" [-i|--pincode] "<PIN_CODE>"

Deploy the Safewhere Admin:

ICC [-a|--action] Reconfigure [-n|--name] "<INSTANCE_NAME>" [-d|--deploy-safewhere-admin] [-f|--configuration-file] "<FILE_PATH>" [-i|--pincode] "<PIN_CODE>"

Enable the multi subnet failover:

ICC [-a|--action] Reconfigure [-n|--name] "<INSTANCE_NAME>" [-m|--enable-multi-subnet-failover] [-f|--configuration-file] "<FILE_PATH>" [-i|--pincode] "<PIN_CODE>"

Configure security settings for Identify and Safewhere Admin:

ICC [-a|--action] Reconfigure [-n|--name] "<INSTANCE_NAME>" [--configure-security-settings] "<TRUE_OR_FALSE>" [--identify-security-settings-xml-configuration] "<BASE64_ENCODED_XML_CONFIGURATION>" [--safewhere-admin-security-settings-xml-configuration] "<BASE64_ENCODED_XML_CONFIGURATION>" [-f|--configuration-file] "<FILE_PATH>" [-i|--pincode] "<PIN_CODE>"

Unlock a user account in case it has been locked out:

ICC [-a|--action] Reconfigure [-n|--name] "<INSTANCE_NAME>" [--unlock-user] [--name-claim-type] "<NAME_CLAIM_TYPE>" [--name-claim-value] "<NAME_CLAIM_VALUE>" [-f|--configuration-file] "<FILE_PATH>"

Options

Common options:

  • -n|--name "<INSTANCE_NAME>" - Specifies the name of an existing instance that you want to reconfigure.
  • -f|--configuration-file "<FILE_PATH>" - Specifies the path of the configuration file used for database connection. For more information about the configuration file, see Database connection configuration JSON schema
  • -i|--pincode "<PIN_CODE>" - Provides a 6-digit PIN code for an existing instance with PIN protection.

Change a user's password:

  • -c|--change-user-password - Specifies the change user password action.
  • -u|--username "<USER_NAME>" - Specifies the user name of an existing user who you want to change password.
  • -p|--password "<PASSWORD>" - Specifies the new password.

Change the instance's signing certificate using a certificate from the server's certificate store (Local Machine\Personal):

  • -s|--change-signing-certificate - Specifies the change signing certificate action.
  • -t|--thumbprint "<CERTIFICATE_THUMBPRINT>" - Specifies the thumbprint of a certificate in the server's certificate store (Local Machine\Personal).

Change the instance's signing certificate using a certificate from Azure Key Vault:

  • -s|--change-signing-certificate - Specifies the change signing certificate action.
  • --use-azure-key-vault - Configure the signing certificate using a certificate from Azure Key Vault
  • --key-vault-mode "<KEY_VAULT_MODE>" - Specifies the following key vault modes: Certificate, Key.
  • --azure-tenant-id "<AZURE_TENANT_ID>" - Specifies the Azure Key Vault tenant ID.
  • --application-client-id "<APPLICATION_CLIENT_ID> - Specifies the application client ID.
  • --application-client-secret "<APPLICATION_CLIENT_SECRET> - Specifies the application client secret.
  • --azure-key-vault-url "<AZURE_KEY_VAULT_URL>" - Specifies the Azure Key Vault URL.
  • --certificate-name "<CERTIFICATE_NAME>" - Specifies the certificate name which will be used as the signing certificate. This parameter is required when the value of the Key Vault mode is Certificate.
  • --key-name "<KEY_NAME>" - Specifies the key name which will be used as the signing certificate. This parameter is required when the value of the Key Vault mode is Key.
  • --base64-encoded-certificate "<BASE64_ENCODED_CERTIFICATE>" - Specifies the base64-encoded certificate which will be used as the signing certificate. This parameter is required when the value of the Key Vault mode is Certificate.

Deploy the Safewhere Admin:

  • -d|--deploy-safewhere-admin - Specifies the Deploy Safewhere Admin action.

Enable the multi subnet failover option:

  • -m|--enable-multi-subnet-failover - Specifies the enable multi subnet failover action.

Note: This reconfigure option is not yet supported for the MariaDB database provider.

Configure security settings for Identify and Safewhere Admin:

  • --configure-security-settings "<TRUE_OR_FALSE>" - The value(case-insensitive) is one of the following: True, False.

    • "True": allow you to customize security settings for XML configuration of Identify and Safewhere Admin. This parameter used in conjunction with --identify-security-settings-xml-configuration and --safewhere-admin-security-settings-xml-configuration.
    • "False": Specifies that you don't want to use security settings for XML configuration of Identify and Safewhere Admin.

  • --identify-security-settings-xml-configuration "<BASE64_ENCODED_XML_CONFIGURATION>" - Specifies the value of <system.webServer> XML block in Base64-encoded format. If you leave it empty, the default value will be used.

  • --safewhere-admin-security-settings-xml-configuration "<BASE64_ENCODED_XML_CONFIGURATION>" - Specifies the value of <system.webServer> XML block in Base64-encoded format. If you leave it empty, the default value will be used.

Unlock a user:

  • --unlock-user - Specifies unlocking a user account.
  • --name-claim-type "<NAME_CLAIM_TYPE>" - Specify the claim type to locate the user account to unlock. If not specified, the default name claim type is http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name.
  • --name-claim-value "<NAME_CLAIM_VALUE>" - Specify the claim value to locate the user account to unlock.

Examples

Change a user's password

ICC --action Reconfigure --name "identifyinstance" --change-user-password --username "admin" --password "OhCQd0GRD72LjMUw2pIh" --configuration-file "C:\identify-configuration\database_connection.json"

If an Identify instance has PIN protection, you must include the --pincode "<PIN_CODE>" argument. For example: --pincode "337755".

Change the instance's signing certificate

  • Change the instance's signing certificate using a certificate from the server's Windows Certificate store (Local Machine\Personal)
ICC --action Reconfigure --name "identifyinstance" --change-signing-certificate --thumbprint "3C1FD735A4035E3B78D33444DE5327C393AA282E" --configuration-file "C:\identify-configuration\database_connection.json"
  • Change the instance's signing certificate using a certificate from Azure Key Vault that uses the Certificate mode for the Key vault mode setting:
ICC --action Reconfigure --name "identifycli" --change-signing-certificate --use-azure-key-vault --key-vault-mode "Certificate" --azure-tenant-id "ea8f8esp-0476-50ca-88fd-l40cx0a1e345" --application-client-id "694c7ezx-2e2a-4d29-925q-0d84agg610a4" --application-client-secret "5I~T1n85a=FLQoTeax?Z=Rp3U[I5sB:." --azure-key-vault-url "https://safewherekeyvault.vault.azure.net/" --certificate-name "IdentifySigningCertificate" --configuration-file "C:\identify-configuration\database_connection.json"
  • Change the instance's signing certificate using a certificate from Azure Key Vault that uses the Key mode for the Key vault mode setting:
ICC --action Reconfigure --name "identifycli" --change-signing-certificate --use-azure-key-vault --key-vault-mode "Key" --azure-tenant-id "ea8f8esp-0476-50ca-88fd-l40cx0a1e345" --application-client-id "694c7ezx-2e2a-4d29-925q-0d84agg610a4" --application-client-secret "5I~T1n85a=FLQoTeax?Z=Rp3U[I5sB:." --azure-key-vault-url "https://safewherekeyvault.vault.azure.net/" --key-name "IdentifySigningCertificate" --base64-encoded-certificate "<BASE64_ENCODED_CERTIFICATE>" --configuration-file "C:\identify-configuration\database_connection.json"

If an Identify instance has PIN protection, you must include the --pincode "<PIN_CODE>" argument. For example: --pincode "337755".

Deploy a Safewhere Admin

Deploy a Safewhere Admin site for an existing instance:

ICC --action Reconfigure --name "identifyinstance" --deploy-safewhere-admin --configuration-file "C:\identify-configuration\database_connection.json"

If an Identify instance has PIN protection, you must include the --pincode "<PIN_CODE>" argument. For example: --pincode "337755".

Enable multi subnet failover

Enable multi subnet failover for an existing instance:

ICC --action Reconfigure --name "identifyinstance" --enable-multi-subnet-failover --configuration-file "C:\identify-configuration\database_connection.json"

If an Identify instance has PIN protection, you must include the --pincode "<PIN_CODE>" argument. For example: --pincode "337755".

Configure security header settings

Configure security settings for Identify and Safewhere Admin:

ICC --action Reconfigure --configure-security-settings "<TRUE_OR_FALSE>" --name "identifyinstance" --identify-security-settings-xml-configuration "<BASE64_ENCODED_XML_CONFIGURATION>" --safewhere-admin-security-settings-xml-configuration "<BASE64_ENCODED_XML_CONFIGURATION>" --configuration-file "C:\identify-configuration\database_connection.json"
  • For the --identify-security-settings-xml-configuration parameter, you can use the default value, Base64-encode it and replace <BASE64_ENCODED_XML_CONFIGURATION> with the encoded value.
  • For the --safewhere-admin-security-settings-xml-configuration parameter, you can use the default value, Base64-encode it and replace <BASE64_ENCODED_XML_CONFIGURATION> with the encoded value.
  • Use this site to do BASE64 encode.

If an Identify instance has PIN protection, you must include the --pincode "<PIN_CODE>" argument. For example: --pincode "337755".

Unlock a user

Unlock a user account:

ICC --action Reconfigure --name "identifyinstance" --unlock-user --name-claim-type "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" --name-claim-value "admin" --configuration-file "C:\identify-configuration\database_connection.json"

If an Identify instance has PIN protection, you must include the --pincode "<PIN_CODE>" argument. For example: --pincode "337755".