--- title: UMA configuration reference description: This topic provides reference information for UMA global settings and UMA datastore settings. See the general Reference for reference information on global services. component: pingam version: 8.1 page_id: pingam:uma:uma-reference canonical_url: https://docs.pingidentity.com/pingam/8.1/uma/uma-reference.html keywords: ["User-Managed Access (UMA)", "Configuration", "Resources", "Storage", "Audit", "Pending Requests", "Resource Labels"] page_aliases: ["uma-guide:uma-reference.adoc"] section_ids: server-uma: UMA properties uma-ref-resource-set-store: UMA resource store uma-ref-external-resource-set-store: External UMA resource store configuration uma-ref-audit-store: UMA audit store uma-ref-external-audit-store: External UMA audit store configuration uma-ref-pending-store: Pending requests store uma-ref-external-pending-store: External pending requests store configuration uma-ref-labels-store: UMA resource labels store uma-ref-external-labels-store: External UMA resource labels store configuration --- # UMA configuration reference This topic provides reference information for UMA global settings and UMA datastore settings. See the general [Reference](../am-reference/preface.html) for reference information on global services. * To configure UMA global settings, go to Configure > Global Settings > UMA Provider. For more information, see [UMA provider](../setup/services-configuration.html#global-uma). * To configure UMA datastore settings: * Go to Configure > Server Defaults > UMA to configure the settings for all your servers. * Go to Deployment > Servers > *server name* > UMA to configure the settings for one server. For more information, see [UMA properties](#server-uma). ## UMA properties UMA server settings are inherited by default. ### UMA resource store The following settings appear on the UMA Resource Store tab: * Store Mode Specifies the datastore where AM stores UMA tokens. Possible values are: * `Default Token Store`: AM stores UMA tokens in the configuration datastore. * `External Token Store`: AM stores UMA tokens in an external datastore. * Root Suffix Specifies the base DN for storage information in LDAP format, such as `dc=uma-resources,dc=example,dc=com`. * Max Connections Specifies the maximum number of connections to the datastore. ### External UMA resource store configuration AM honors the following properties when `External Token Store` is selected under the Resource Sets Store tab: * SSL/TLS Enabled When enabled, AM uses SSL or TLS to connect to the external datastore. Make sure AM trusts the datastore's certificate when using this option. * Connection String(s) An ordered list of connection strings for external datastores. The format is `HOST:PORT[|SERVERID[|SITEID]]`, where `HOST:PORT` specify the FQDN and port of the datastore, and `SERVERID` and `SITEID` are optional parameters that let you prioritize the particular connection when used by the specified node(s). Multiple connection strings must be comma-separated, for example, `uma-ldap1.example.com:1636|1|1, uma-ldap2.example.com:1636|2|1`. AM uses the first connection string in the list unless the server is unreachable. In this case, it tries the next connection strings in the order in which they're defined. In production environments, you should specify more than one connection string for failover purposes. * Login Id The username AM uses to authenticate to the datastore. For example, `uid=am-uma-bind-account,ou=admins,dc=uma,dc=example,dc=com`. This user must be able to read and write to the root suffix of the datastore. * Password The password associated with the login ID property. * Heartbeat The time period, in seconds, that AM should send a heartbeat request to the datastore to ensure that the connection does not remain idle. Default: `10` ### UMA audit store The following settings appear on the UMA Audit Store tab: * Store Mode Specifies the datastore where AM stores audit information generated when users access UMA resources. Possible values are: * `Default Token Store`: AM stores UMA audit information in the configuration datastore. * `External Token Store`: AM stores UMA audit information in an external datastore. * Root Suffix Specifies the base DN for storage information in LDAP format, such as `dc=uma-audit,dc=example,dc=com`. * Max Connections Specifies the maximum number of connections to the datastore. ### External UMA audit store configuration AM honors the following properties when `External Token Store` is selected under the UMA Audit Store tab: * SSL/TLS Enabled When enabled, AM uses SSL or TLS to connect to the external datastore. Make sure AM trusts the datastore's certificate when using this option. * Connection String(s) An ordered list of connection strings for external datastores. The format is `HOST:PORT[|SERVERID[|SITEID]]`, where `HOST:PORT` specify the FQDN and port of the datastore, and `SERVERID` and `SITEID` are optional parameters that let you prioritize the particular connection when used by the specified node(s). Multiple connection strings must be comma-separated, for example, `uma-ldap1.example.com:1636|1|1, uma-ldap2.example.com:1636|2|1`. AM uses the first connection string in the list unless the server is unreachable. In this case, it tries the next connection strings in the order in which they're defined. In production environments, you should specify more than one connection string for failover purposes. * Login Id The username AM uses to authenticate to the datastore. For example, `uid=am-uma-bind-account,ou=admins,dc=uma,dc=example,dc=com`. This user must be able to read and write to the root suffix of the datastore. * Password The password associated with the login ID property. * Heartbeat The time period, in seconds, that AM should send a heartbeat request to the datastore to ensure that the connection does not remain idle. Default: `10` ### Pending requests store The following settings appear on the Pending Requests Store tab: * Store Mode Specifies the datastore where AM stores pending requests to UMA resources. Possible values are: * `Default Token Store`: AM stores UMA pending requests in the configuration datastore. * `External Token Store`: AM stores UMA pending requests in an external datastore. * Root Suffix Specifies the base DN for storage information in LDAP format, such as `dc=uma-pending,dc=example,dc=com`. * Max Connections Specifies the maximum number of connections to the datastore. ### External pending requests store configuration AM honors the following properties when `External Token Store` is selected under the Pending Requests Store tab: * SSL/TLS Enabled When enabled, AM uses SSL or TLS to connect to the external datastore. Make sure AM trusts the datastore's certificate when using this option. * Connection String(s) An ordered list of connection strings for external datastores. The format is `HOST:PORT[|SERVERID[|SITEID]]`, where `HOST:PORT` specify the FQDN and port of the datastore, and `SERVERID` and `SITEID` are optional parameters that let you prioritize the particular connection when used by the specified node(s). Multiple connection strings must be comma-separated, for example, `uma-ldap1.example.com:1636|1|1, uma-ldap2.example.com:1636|2|1`. AM uses the first connection string in the list unless the server is unreachable. In this case, it tries the next connection strings in the order in which they're defined. In production environments, you should specify more than one connection string for failover purposes. * Login Id The username AM uses to authenticate to the datastore. For example, `uid=am-uma-bind-account,ou=admins,dc=uma,dc=example,dc=com`. This user must be able to read and write to the root suffix of the datastore. * Password The password associated with the login ID property. * Heartbeat The time period, in seconds, that AM should send a heartbeat request to the datastore to ensure that the connection does not remain idle. Default: `10` ### UMA resource labels store The following settings appear on the UMA Resource Labels Store tab: * Store Mode Specifies the datastore where AM stores user-created labels used for organizing UMA resources. Possible values are: * `Default Token Store`: AM stores user-created labels in the configuration datastore. * `External Token Store`: AM stores user-created labels in an external datastore. * Root Suffix Specifies the base DN for storage information in LDAP format, such as `dc=uma-resources-labels,dc=example,dc=com`. * Max Connections Specifies the maximum number of connections to the datastore. ### External UMA resource labels store configuration AM honors the following properties when `External Token Store` is selected under the UMA Resource Labels Store tab. * SSL/TLS Enabled When enabled, AM uses SSL or TLS to connect to the external datastore. Make sure AM trusts the datastore's certificate when using this option. * Connection String(s) An ordered list of connection strings for external datastores. The format is `HOST:PORT[|SERVERID[|SITEID]]`, where `HOST:PORT` specify the FQDN and port of the datastore, and `SERVERID` and `SITEID` are optional parameters that let you prioritize the particular connection when used by the specified node(s). Multiple connection strings must be comma-separated, for example, `uma-ldap1.example.com:1636|1|1, uma-ldap2.example.com:1636|2|1`. AM uses the first connection string in the list unless the server is unreachable. In this case, it tries the next connection strings in the order in which they're defined. In production environments, you should specify more than one connection string for failover purposes. * Login Id The username AM uses to authenticate to the datastore. For example, `uid=am-uma-bind-account,ou=admins,dc=uma,dc=example,dc=com`. This user must be able to read and write to the root suffix of the datastore. * Password The password associated with the login ID property. * Heartbeat The time period, in seconds, that AM should send a heartbeat request to the datastore to ensure that the connection does not remain idle. Default: `10`