This page describes settings of IHTSDO Tools application in a bare bone Crowd installation

Following Steps are needed to configure ihtsdo-tools application

  1. Setup SSO domain. This step can be ignored if already done
    1. go to
    2. Add in 'SSO domain' field and Add.

  2. Setup new application ihtsdo-tools with password 'ihtsdo-tools'. Password can be anything and can be hashed. But same password must be used in
    1. Go to url

      Use appropriate web url when working on different Crowd server then dev-crowd

    2. Then select Generic Application from 'Application type' list as shown above
    3. Provide ihtsdo-tools identifier in name field and a password in password field.
    4. Add IMS service url in next step
    5. Choose 'IHTSDO User Directory' for directory access and add ihtsdo-users as default authentication user group
    6. On confirmation step, user must click "Add Application" failing which application will not be added.
    7. Upon confirmation ihtsdo-tools application will be added and newly added application will be shown

  3. Add desired groups to be identified with this application. These group must conform to Security Policies. This step must be repeated for any new non nested group of ihtsdo-tools application.
  4. If required groups are not available create them as per Security Policies.
    1. Go to url
    2. Add desired group for example 'ihtsdo-tba-author'
    3. Add Direct Members if required.
    4. then add this newly created group to ihtsdo-tools application
  5. Add localhost, to allowable remote address
  6. Add other known ip(s) of each IHTSDO tools application for example IMS, Refset, TBA etc

  7. Add trusted proxy ips of all nginx machine so that SSO works seamlessly 
    1. Go to
    2. And add ip of proxy.

  8. Remove permission to remove group/user for this application

ihtsdo-users is default user group hence must be configured.

Error rendering macro 'contentbylabel'

parameters should not be empty