Services configuration

• True (default): The view permissions feature is enabled.
• False: The view permissions feature is disabled.

• True (default): Show the asset type of the target asset in the title of relation tables on an asset page. The target asset can be either the head or the tail of the relation, depending on which asset page you have open.
• False: Hide the asset type of the target asset.

The default value is true.

• True: Use the new, refreshed navigation of the Collibra user interface.
• False (default): Use the classic navigation of the Collibra user interface.

The Cron schedule to send emails only at specific times. With this, you can send emails in batches and avoid an overload of mails.

Keep in mind that these emails are only workflow emails and have nothing to do with the notification schedule.

If you create an invalid Cron pattern, Collibra Data Intelligence Cloud stops responding.

• True: Use TLS (Transport Layer Security) to connect to your SMTP server.
• False (default): Do not use TLS to connect to your SMTP server.

The days of the week on which Collibra sends notifications. The days are represented by numbers from 1 to 7, where 1 represents Sunday.

Per row you can add one day.

• True: The users receive a monthly summary.
• False (default): The users do not receive a monthly summary.

• True (default): The "Data sets you might like" section is included on the Data Catalog Home page. This section shows data sets you might be interested in, as determined by the recommender, which takes into account your data sets and the data sets of similar users.
• False: The "Data sets you might like" section is not included on the Data Catalog Home page.

The schedule (CRON job) by which the data set recommender looks for recommended data sets for a user.

By default the data set recommender does this every night.

The amount of business assets that have to be related to two data sets before the data sets are considered to be similar.

This percentage is expressed by a decimal where 1,00 equals 100%.

The amount of assets that have to be related to both schemas before the schemas are considered to be similar.

This percentage is expressed by a decimal where 1,00 equals 100%.

The percentage that determines to what extent assets with a similar name become more important.

The ranking in the search engine results always has an impact on the suggestion score. However, similarity between the asset names can also be taken into account. If you decrease this percentage, the ranking of the search results becomes more important for the suggestion score, while the similarity between the asset names becomes less important. If you increase the percentage, assets with similar names will receive a higher suggestion score.

This percentage is expressed by a decimal where 1,00 equals 100%. You can enter a value greater than 1,00.

An ordered comma-separated list of values that define the importance of properties for recommendations. The order of the values reflects the importance of the value.

This setting is only used for data set recommendations if your Collibra does not yet have enough data for relevant results from the active recommendations algorithms.

Possible values:

• CERTIFIED: Data sets that are certified are considered more relevant.
• POPULARITY: The number of visits to the data set page.

• True (default): A wildcard (asterisk) is automatically added to each search query. An asterisk is not added in the following exceptions:
  • If the query contains a tilde (~).
  • If the query ends with a quotation mark (").

  Note This applies only to queries via the user interface. A wildcard is not added automatically for REST API queries.

• False: No wildcard is added to the search query.

The amount of resources scanned in one go for the search query.

The default value is 5,000. The maximum value is 30,000.

Maximum batch size for relations reindex.

The tokenizer that is used. Currently two tokenizers are supported:

• Standard (default): This tokenizer uses the word break rules from the Unicode Text Segmentation algorithm, as specified in Unicode Standard Annex #29.
• Character: This tokenizer sees words as groups of all alphanumeric characters together with a configurable list of extra characters. This can be used if you know for sure which characters should keep certain words together. For example, if you want to keep words with a dash ( - ) together, you have to add the dash in the allowedCharacters parameter.

The boost factor of data classes.

The boost factor of attribute types.

• Field key: The attribute type ID.
• Field value: The boost factor of the attribute type.

• True (default): If the name of an asset is exactly the same as the search text, put it at the top of the search results regardless of boost factors.
• False: Use the regular search order, taking into account boost factors.

The boost factor of asset types.

• Field key: The asset type ID.
• Field value: The boost factor of the asset type.

The time limit, in milliseconds, after which an index query is logged in Elasticsearch.

If the value is set to 0 (zero), all index queries are logged.

Changes to this setting require a full reindex of your Collibra Data Intelligence Cloud environment.

The maximum amount of statistics entries that the buffer can contain before saving them in the database.

The default value is 10.

The maximum amount of time in milliseconds to keep statistic entries in memory before saving them in the database.

The default values is 10,000.

• True: Use quotes for every cell in the CSV.
• False (default): Only use quotes when necessary.

• True: API call logging is enabled.
• False (default): API call logging is disabled.

The content of the HTTP-header X-Frame-Options. This is set on all rendered pages and is used to avoid clickjacking attacks. By default, only pages with the same origin can use the rendered pages in a frame.

• True: A user can only open one session.

• False (default): A user can open multiple sessions.

• True: The Office research integration is always allowed guest access via REST, regardless of the general Guest access setting.

• False (default): The general Guest access setting is kept.

Note Currently, The Office research integration is only available when Collibra Data Intelligence Cloud is publicly available, which is why this override setting is necessary.

Text widgets can contain full HTML. However, this means an attacker could potentially execute an XSS attack by injecting malicious HTML. For more information, see the Troubleshooting section.

• True: Potentially dangerous HTML elements are removed from text attributes when you save the text field.

• False (default): No HTML elements are removed from text attributes when you save the text field.

• True: Anyone that can access the URL, has viewing rights to the system.
• False (default): The user is asked to sign in before having access to any data.

• True: Schema fields are shown during an introspection.
• False (default): Schema fields are hidden during an introspection.

• True: The LDAP integration is enabled.
• False (default): The LDAP integration is disabled.

• True (default): LDAP data is synchronized with Collibra when an initial data set is bootstrapped.
• False: LDAP data is synchronized with Collibra only when the LDAP synchronization job is triggered.

The page size that is used when retrieving users during synchronization.

The default value is 500. You can set it to 0 to disable paging.

Note This is a global setting. If you are working with multiple LDAP servers, only the value for the main server is taken into account.

The page size that is used when retrieving groups.

You can set it to 0 to disable paging.

Note This is a global setting. If you are working with multiple LDAP servers, only the value for the main server is taken into account.

Specifies the time limit in milliseconds for all LDAP searches.

The default value is 120,000.

You can set it to 0 to disable the time limit.

• True (default): The synchronization job is enabled.
• False: The synchronization job is disabled.

The schedule to perform an LDAP synchronization (CRON).

The default value for this setting is daily at midnight.

If you create an invalid Cron pattern, Collibra Data Intelligence Cloud stops responding.

The middle name field of the LDAP directory, this is usually givenName.

The language and locale of the user. It has to contain a language code and may contain a country code.

• The language has to be an ISO language code.
• The country has to be an ISO country code.

Examples: pl, en_US, nl_BE.

The LDAP property that defines to which groups the user belongs. If there is a group entry in the LDAP directory, use the Group field mapping settings.

An additional email list.

The name of the group to use in the application.

• True: Passwords have to contain one or more digits.
• False (default): Passwords do not have to contain digits.

• True: Passwords have to contain one or more non-alphanumeric (special) characters.
• False (default): Passwords do not have to contain non-alphanumeric characters.

• True: Passwords have to contain one or more upper-case characters.
• False: (default) Passwords do not have to contain upper-case characters.

• True: Passwords have to contain one or more lower-case characters.
• False (default): Passwords do not have to contain lower-case characters.

• True: Passwords cannot be the username.
• False (default): Passwords can be the username.

The number of months before users have to change their passwords.

Set it to 0 if users never have to change their passwords.

The number of consecutive failed login attempts that are allowed before the user account is disabled.

Set it to 0 for unlimited attempts.

• True: The validity of a request is checked with a CSRF token.
• False (default): The validity of a request is not checked with a CSRF token.

• True: The HTTP referrer header is used to identify the origin of the request.
• False (default): The HTTP referrer header is not used to identify the origin of the request. It is recommended to leave this option disabled.

The SSO mode of Collibra.

The possible values are:

• SAML_ATTRIBUTES
• SAML_LDAP
• SSO_HEADER
• SSO_HEADER_LDAP
• DISABLED

The name of the header to be checked. The contents of this header is used for the search query, which is SSO_HEADER = username.

The value of the actual query depends on DN and possibly Attribute.

If the SSO mode is SSO_HEADER_LDAP or SAML_LDAP, this field determines whether the distinguished name (DN) or attribute is used:

• True: The header has to contain the distinguished name (DN) of the user in the LDAP.
• False (default): The header has to contain the value of Attribute.

If the SSO mode is DISABLED, SSO_HEADER or SAML_ATTRIBUTES, this field is ignored.

This field is only used if the SSO mode is SSO_HEADER_LDAP or SAML_LDAP, and if DN is False.

If the above criteria are met, the LDAP has to contain this value.

If users try to sign in via SSO, they still need a user account in Collibra. You can either create the user accounts automatically when they sign in, or create the user accounts manually or via LDAP synchronization

• True: User accounts are not created automatically.
• False (default): User accounts are created automatically.

When SSO is enabled, a user can still navigate to the /signin page and try to log in via that page. However, you can disable that page.

• True: Users cannot access the Collibra signin page.
• False (default): Users can access the Collibra signin page

The entity ID inside the metadata to be referenced.

Note A metadata file can describe multiple entity IDs, make sure to use in the entity ID from the correct metadata file.

The mappings of attributes in the SAML response. The values are used as keys to look for in the SAML response.

Examples of attribute fields are first name, last name, address information, phone numbers and so on.

The mapping for the user's first name.

This attribute is optional. The value can be empty.

The mapping for the user's last name.

This attribute is optional. The value can be empty.

The mapping for the user's email address.

This attribute is optional for existing users, but mandatory for new users.

Warning If the email address is invalid when you synchronize, the user is deactivated and the user information is not updated.

The mapping (attribute) which indicates to which Collibra groups the user should be added. If the groups don't exist yet, they will be created. This attribute can have multiple values (groups) or the groups can be sent as a comma-separated list of groups.

If passing groups in this attribute, you must set Groups DGC Managed to False.

Option to configure that groups should be managed by Collibra, or that groups should be set by the SAML assertion (SAML+Attributes mode).

This option is only relevant if Mode is SAML_ATTRIBUTES.

• True: The groups are fully managed by Collibra. In the UI the admin has the option to assign groups to users, without it being overwritten by SAML.
• False (default): The groups are managed by the SAML assertions. In this case the groups are managed by the SAML IDP. Be sure to configure the Group attribute in the Attribute Fields section.

Field that determines the value of the Entity ID parameter in the service provider metadata returned by Collibra. The default value is empty, in which case Collibra uses the value of the Base URL field.

Enter a custom value if the base URL does not match the audience configured in your SAML identity provider.

Warning The value of the audience restriction in the SAML response has to be exactly the same as the value of this field.

Note SSO does not work if the Service Provider Entity ID field contains the base URL with trailing forward slash (for example www.collibra.com/), and the audience of your IDP contains the base URL without a trailing forward slash (for example www.collibra.com).
Both values need to be exactly the same. In this case, you can resolve the issue by changing the value in the configuration of your IDP, or the value of this field. It does not matter whether both have a trailing forward slash or not, as long as they contain the same value.

• True: Authentication requests have to be signed.
• False (default): Authentication request don't have to be signed.

• True (default): The SP authentication request forces re-authentication.
• False: The SP authentication request does not force re-authentication.

• True: The reauthentication has to happen in the background.
• False (default): The reauthentication does not have to happen in the background.

This is only relevant if Force authn is True.

Name ID that is used in the SP authentication. The default value is urn:oasis:names:tc:SAML:2.0:nameid-format:persistent.

The Name ID value is mandatory.

• True (default): The IDP can create a name ID to fulfill the SP authentication request.
• False: The IDP cannot create a name ID to fulfill the SP authentication request.

• True: The validation of the client IP address in the assertion message is disabled.
• False (default): The validation of the client IP address in the assertion message is enabled.

Settings for the SAML requested authentication context. The IDP uses the authentication context to authenticate the user. By default, the authentication context mandates user/password authentication over HTTPS.

• True: The requested authentication context section is not sent in the SAML request.
• False (default): The requested authentication context section is sent in the SAML request.

The comparison type that is transmitted in the requested authentication context.

Possible values:

• minimum
• maximum
• better
• exact (default value)

For more information about the comparison type values, refer to the SAML specifications.

The list of class references in the requested authentication context. You can separate list items with the pipe character (|).

For more information about this list, refer to the SAML specifications.

The list of class declarations in the requested authentication context. You can separate list items with the pipe character (|).

For more information about this list, refer to the SAML specifications.

Enable the support for encrypted SAML responses.

• DISABLED: Collibra only accepts plain-text SAML responses.
• OPTIONAL: Collibra can handle both encrypted and plain-text SAML responses.
• FORCED: Collibra only accepts encrypted SAML responses.

Once OPTIONAL or FORCED is selected, the encryption key pair is generated and added to the Collibra SAML keystore. A self-signed certificate is generated and works in most situations. If your IdP rejects self-signed certificates, you will have to add a certificate that is signed by a trusted 3rd party.

• True: Redirect the user to a specific website after signing out.
• False (default): Redirect the user to the sign-in page after signing out.

The option to disable Formula Injection into Excel. When enabling this option, an escape character is added at the beginning of Excel formulas during the export and is removed when importing formulas.

The escape character will be added to fields that start with one of the following characters:

• equation: =
• plus: +
• minus: -
• at-sign: @

This option is enabled by default.

The URL to retrieve public key information needed to verify the authenticity of JSON Web Tokens (JWTs), issued by an authorization server.

This setting is required to enable JWT authentication.

A case-insensitive comma-separated list of accepted JWT media types coming in the typ header parameter.

Leave blank if the authorization server does not provide a media type parameter.

The default values is at+jwt,jwt.

A comma-separated list of accepted JWT algorithms coming in the alg header parameter. See https://tools.ietf.org/html/rfc7518#section-3.1 for details.

Leave blank to accept all digital signature algorithms.

The accepted issuer coming in the iss JWT claim.

Leave blank if the authorization server does not provide an issuer claim.

A comma-separated list of accepted audience values for the aud claim.

The value for this field is a configuration setting in your authorization server, which identifies your Collibra environment as the intended recipient of the JWT.

Leave blank if the authorization server does not provide an audience claim.

The name of the JWT claim containing the principal's identity. See https://tools.ietf.org/html/rfc7519#section-4.1.2 for details.

Defaults to the standard subject claim, sub.

Change this setting only if your authorization server has other means of identifying the principal, for example, a client_id claim.

This setting is required if JWT authentication is enabled.

A list of AWS regions Data Catalog is allowed to connect to. For example, eu-west-3 and us-east-2. For a list of all AWS locations, see the AWS documentation.

If you want to allow Collibra to make a connection to any AWS region, leave the field empty.

An option to enable database registration via Edge.

• True: Register a data source via Edge.
• False: Register a data source via Jobserver only.

Note Enabling data source registration via Edge does not prevent you from registering a data source via Jobserver as well.

The list of registered Jobserver instances.

The name of the Jobserver as it will appear when you register a data source in Data Catalog.

The name is a freely chosen name but it is recommended to only use alphanumerical characters and dashes, for example Jobserver-1.

You will have to use this name as the ID of the gateway and in the address of this configuration.

The protocol that is used for the communication between the Data Governance Center service and the Jobserver service.

It is recommended to use HTTPS, especially if the services are hosted in different network segments.

The address (IP address, URL, hostname) of the Jobserver.

The certificate of the trusted CA needed to validate the server certificate. If blank, the default truststore will be used. The default truststore is defined in the SSL configuration section of the DGC service.

The CA certificate of the server party (Jobserver).

The client certificate offered by the DGC service to the server. If blank, you cannot select mutual authentication as the Jobserver service authentication level.

The private key of the DGC service's certificate.

The approximate maximum disk size of the data in MB that will be used to profile a table. The value cannot exceed 10,000.

A comma separated list of strings enclosed in double quotes. A value that matches one of those expressions is considered an empty value.

Please note that a database null value is always considered an empty value, for example "", "na" and "none".

An option to anonymize sensitive data.

• True: Content in columns with data type Text or Geo is removed or replaced by a random hash value before the profiling results are sent to the cloud.
• False (default): No content is removed or replaced by a random hash value.

• True: Provisioning to Tableau is enabled.
• False (default): Provisioning to Tableau is disabled.

The maximum number of import jobs that can be executed at the same time via the API. This is to avoid memory issues.

Default value is 4, set to 0 if there is no limit.

• True: Workflow tasks appear in the sidebar on both resource pages an the task management page. Task forms appear in the sidebar instead of dialog boxes. Users can seamlessly complete their tasks from the task management page and have a side-by-side view of the tasks and resource details on resource pages.
• False (default): Workflow tasks appear in the task bar on resource pages and in a sidebar on the task management page. Task forms appear in dialog boxes. The behavior is the same as with older versions of Collibra.

• True: Show the new Settings landing page in your Collibra environment.
• False (default): Use the classic Settings page in your Collibra environment.

• True: Tables can be sorted on multiple columns.
• False (default): Tables can be sorted on one column.

Cloud provider - AWS or GCP

The GUID of your Collibra environment.

Note This field is configured by Collibra Cloud Ops.

The name of the AWS S3 bucket in which your reporting data is stored.

Note This field is configured by Collibra Cloud Ops.

The AWS S3 region in which your data is processed.

Note This field is configured by Collibra Cloud Ops.

A pattern with the format "/zip/insights_%s.zip", where "%s" is replaced by the Collibra Insights snapshot date.

Note This field is configured by Collibra Cloud Ops.

The Tableau URL pattern, which should contain {reportName}.

• True: Data Catalog experience is enabled. This will improve the layout of Data Catalog's asset pages, such as those of Data Set, Schema, Table and Column assets.
• False: Data Catalog experience is disabled.

The time limit, in seconds, after which a diagram stops fetching data.

The value must be a positive integer and cannot be greater than 3,600 (one hour).

The default value is 300.

Example A value of 300 means that if a diagram hasn’t fetched all data within 300 seconds, the diagram stops fetching data and an empty diagram with a notification is shown.

The maximum number of nodes plus edges that will be fetched by the backend, to build a diagram.

The value must be a positive integer and cannot be greater than 100,000.

The default value is 10,000.

Example A value of 10,000 means that if the total number of nodes plus edges is greater than 10,000, the diagram does not load and a notification is shown.

The maximum number of visible nodes plus edges that can be shown on the page.

The value must be a positive integer and cannot be greater than 10,000.

The default value is 2,000.

Example A value of 2,000 means that if the total number of visible nodes and edges is greater than 2,000, the diagram does not load and a notification is shown.

The system-wide maximum number of flow relations between the start node and any other diagram node.

The value must be an integer between 1 and 100.

The default value is 50.