source directories
PrivX user directories and host directories
/role-store/api/v1/sourcesList source directories
User and host directories definitions. Common auth will also fetch these upon startup.
Authorizationstringrequired
OAuth2 token
- Default
- "Bearer a-proper-token-goes-here"
Responses
Response examples
Successful response, returns an array of defined sources, returns an empty array if no sources defined
{
"count": 123,
"items": [
{
"id": "eef4aefc-d64e-4c2c-aba4-4914c86ce059",
"created": "2017-01-01T15:05:05Z",
"updated": "2017-01-01T15:05:05Z",
"updated_by": "eef4aefc-d64e-4c2c-aba4-4914c86ce059",
"author": "eef4aefc-d64e-4c2c-aba4-4914c86ce059",
"enabled": true,
"ttl": 86400,
"status_code": "OK",
"status_text": "Connection established",
"name": "A pretty source",
"comment": "A comment",
"tags": [
"string"
],
"username_pattern": [
"string"
],
"external_user_mapping": [
{
"source_id": "string",
"source_search_field": "string"
}
],
"session_password_enabled": true,
"child_session_auto_logout_delay": 900,
"session_password_policy": {
"password_min_length": 16,
"password_max_length": 16,
"use_special_characters": true,
"use_lower_case": true,
"use_upper_case": true,
"use_numbers": true,
"password_entropy": 95,
"password_strength": "STRONG"
},
"connection": {
"type": "LDAP",
"address": "string",
"port": 123,
"service_address_auto_update": true,
"iam_access_key_id": "string",
"iam_secret_access_key": "string",
"iam_session_token": "string",
"iam_fetch_roles": true,
"iam_fetch_role_path_prefix": "string",
"google_cloud_project_ids": [
"string"
],
"google_cloud_config_json": "string",
"openstack_version": "V2",
"openstack_endpoint": "string",
"openstack_username": "string",
"openstack_user_id": "string",
"openstack_password": "string",
"openstack_apikey": "string",
"openstack_domainname": "string",
"openstack_domainid": "string",
"openstack_token_id": "string",
"openstack_tenant_ids": [
"string"
],
"openstack_tenant_names": [
"string"
],
"azure_base_url": "string",
"azure_subscription_id": "string",
"azure_tenant_id": "string",
"azure_client_id": "string",
"azure_client_secret": "string",
"ldap_protocol": "LDAP",
"ldap_base": "string",
"ldap_user_filter": "(&(!(objectclass=computer))(objectclass=user)(!(UserAccountControl:1.2.840.113556.1.4.803:=2))) for Microsoft Active Directory",
"ldap_bind_dn": "CN=Admin,OU=Users,OU=ad,DC=ad,DC=ordain,DC=ssh,DC=com",
"ldap_bind_password": "FooBar",
"ldap_user_dn_pattern": "uid={0},ou=people",
"google_gsuite_domain": "mydomain.com, if left empty fetches all user domains",
"google_gsuite_domain_admin_email": "admin@mydomain.com",
"oidc_enabled": true,
"oidc_issuer": "string",
"oidc_button_title": "string",
"oidc_client_id": "string",
"oidc_client_secret": "string",
"oidc_additional_scopes": [
"string"
],
"oidc_tags_attribute_name": "string",
"attribute_mapping": {},
"mfa_type": "DISABLED",
"mfa_address": "string",
"mfa_port": 123,
"mfa_base_dn": "string",
"domain_controller_fqdn": "string",
"domain_controller_port": 123,
"kerberos_ticket": "string",
"enable_user_authentication": true,
"enable_machine_authentication": true
}
}
]
}/role-store/api/v1/sourcesCreate a source directory
Create a new source directory definition. ID, author, created and updated fields are automatically populated by the server.
enabledbooleanttlintHow often the source data should be refreshed, time in seconds
- Example
- 86400
namestringA name describing the source
- Example
- "A pretty source"
commentstringA comment describing the object
- Example
- "A comment"
tagsarrayArray of tag strings
username_patternarrayArray of wildcarded username patters which should be authenticated against this source
external_user_mappingarrayMapping external users to source users via id+username
source_idstringA shared identifier between an external user source and this directory, used to map an external user to this source.
source_search_fieldstringSearch this field (be that AD/LDAP attribute or a database column) for the user id provided.
session_password_enabledbooleanchild_session_auto_logout_delayintChild session auto logout delay in seconds
- Example
- 900
session_password_policyobjectPassword policy for session password generation
password_min_lengthintMinimum password length, must be large enough to produce at least WEAK passwords and at least 10
- Example
- 16
password_max_lengthintMaximum password length, must be smaller or equal to 99
- Example
- 16
use_special_charactersboolean- Example
- true
use_lower_caseboolean- Example
- true
use_upper_caseboolean- Example
- true
use_numbersboolean- Example
- true
connectionobjectSource connection definition - depending on the type, either aws_iam_source, ad source or ldap_source is defined
typestringType of the source, LDAP, AD or AWS IAM
- Enum
- LDAP
- AD
- GOOGLEGSUITE
- OIDC
- AWS
- GOOGLECLOUD
- OPENSTACK
- AZURE
- LOCAL
addressstringThe address of the LDAP/AD/Local source provider
portintThe port of the LDAP/AD/Local source provider
service_address_auto_updatebooleanShould the host-service addresses be automatically updated if an address change is detected
iam_access_key_idstringAWS access key
iam_secret_access_keystringAWS secret access key
iam_session_tokenstringAWS session token
iam_fetch_rolesbooleanFetch roles from Amazon
iam_fetch_role_path_prefixstringA prefix for roles to be fetched from Amazon
google_cloud_project_idsarrayArray of Google Cloud project IDs
google_cloud_config_jsonstringGoogle Cloud service-account configuration. Base64 encoded JSON blob.
openstack_versionstringThe OpenStack version being configured.
- Enum
- V2
- V3
openstack_endpointstringOpenStack service endpoint url.
openstack_usernamestringOpenStack user name for Identity V2 API.
openstack_user_idstringOpenStack user ID for Identity V3 API, used with Username and DomainID or DomainName
openstack_passwordstringOpenStack password for Identity V2 and V3. Either password or API key is used.
openstack_apikeystringOpenStack API key for Identity V2 and V3. Either password or API key is used.
openstack_domainnamestringOpenStack domain name for Identity V3, used with user name.
openstack_domainidstringOpenStack domain ID for Identity V3, used with user name.
openstack_token_idstringOpenStack token ID.
openstack_tenant_idsarrayArray of OpenStack tenant IDs.
openstack_tenant_namesarrayArray of OpenStack tenant names.
azure_base_urlstringAzure connection endpoint url
azure_subscription_idstringAzure subscription ID
azure_tenant_idstringAzure tenant ID
azure_client_idstringAzure client ID
azure_client_secretstringAzure client secret
ldap_protocolstring- Enum
- LDAP
- LDAPS
- STARTTLS
ldap_basestringThe base LDAP/AD DN of the search string
ldap_user_filterstringThe user filter for the base DN
- Example
- "(&(!(objectclass=computer))(objectclass=user)(!(UserAccountControl:1.2.840.113556.1.4.803:=2))) for Microsoft Active Directory"
ldap_bind_dnstringThe browse account for LDAP/AD connection
- Example
- "CN=Admin,OU=Users,OU=ad,DC=ad,DC=ordain,DC=ssh,DC=com"
ldap_bind_passwordstringThe browse account password for LDAP/AD connection
- Example
- "FooBar"
ldap_user_dn_patternstringWhere to capture the user's distinguished name
- Example
- "uid={0},ou=people"
google_gsuite_domainstring- Example
- "mydomain.com, if left empty fetches all user domains"
google_gsuite_domain_admin_emailstring- Example
- "admin@mydomain.com"
oidc_enabledbooleanoidc_issuerstringoidc_button_titlestringoidc_client_idstringoidc_client_secretstringoidc_additional_scopesarrayoidc_tags_attribute_namestringattribute_mappingobjectAn object containing remote:local mappings for mapping attributes from remote source to local attribute schema.
mfa_typestringMultifactor-authentication-back-end type
- Enum
- DISABLED
- INTERNAL
- RADIUS
- OIDC
- FIDO
mfa_addressstringMultifactor-authentication-back-end address
mfa_portintMultifactor-authentication back-end port
mfa_base_dnstringBase DN of users who need to authenticate using MFA
domain_controller_fqdnstringDomain Controller FQDN for Kerberos authentication
domain_controller_portintDomain Controller port number for Kerberos authentication
kerberos_ticketstringBase64 encoded Kerberos ticket for Kerberos authentication
enable_user_authenticationbooleanIs user authentication enabled for this source
enable_machine_authenticationbooleanIs machine user authentication enabled for this source
Responses
Request examples
{
"enabled": true,
"ttl": 86400,
"name": "A pretty source",
"comment": "A comment",
"tags": [
"string"
],
"username_pattern": [
"string"
],
"external_user_mapping": [
{
"source_id": "string",
"source_search_field": "string"
}
],
"session_password_enabled": true,
"child_session_auto_logout_delay": 900,
"session_password_policy": {
"password_min_length": 16,
"password_max_length": 16,
"use_special_characters": true,
"use_lower_case": true,
"use_upper_case": true,
"use_numbers": true
},
"connection": {
"type": "LDAP",
"address": "string",
"port": 123,
"service_address_auto_update": true,
"iam_access_key_id": "string",
"iam_secret_access_key": "string",
"iam_session_token": "string",
"iam_fetch_roles": true,
"iam_fetch_role_path_prefix": "string",
"google_cloud_project_ids": [
"string"
],
"google_cloud_config_json": "string",
"openstack_version": "V2",
"openstack_endpoint": "string",
"openstack_username": "string",
"openstack_user_id": "string",
"openstack_password": "string",
"openstack_apikey": "string",
"openstack_domainname": "string",
"openstack_domainid": "string",
"openstack_token_id": "string",
"openstack_tenant_ids": [
"string"
],
"openstack_tenant_names": [
"string"
],
"azure_base_url": "string",
"azure_subscription_id": "string",
"azure_tenant_id": "string",
"azure_client_id": "string",
"azure_client_secret": "string",
"ldap_protocol": "LDAP",
"ldap_base": "string",
"ldap_user_filter": "(&(!(objectclass=computer))(objectclass=user)(!(UserAccountControl:1.2.840.113556.1.4.803:=2))) for Microsoft Active Directory",
"ldap_bind_dn": "CN=Admin,OU=Users,OU=ad,DC=ad,DC=ordain,DC=ssh,DC=com",
"ldap_bind_password": "FooBar",
"ldap_user_dn_pattern": "uid={0},ou=people",
"google_gsuite_domain": "mydomain.com, if left empty fetches all user domains",
"google_gsuite_domain_admin_email": "admin@mydomain.com",
"oidc_enabled": true,
"oidc_issuer": "string",
"oidc_button_title": "string",
"oidc_client_id": "string",
"oidc_client_secret": "string",
"oidc_additional_scopes": [
"string"
],
"oidc_tags_attribute_name": "string",
"attribute_mapping": {},
"mfa_type": "DISABLED",
"mfa_address": "string",
"mfa_port": 123,
"mfa_base_dn": "string",
"domain_controller_fqdn": "string",
"domain_controller_port": 123,
"kerberos_ticket": "string",
"enable_user_authentication": true,
"enable_machine_authentication": true
}
}Response examples
Source Successfully created
{
"id": "5bf77342-221c-11ee-be56-0242ac120002"
}/role-store/api/v1/sources/{source_id}Get a source directory
Get source directory by ID.
source_idstringrequired
Source id
Responses
Response examples
Successful response, returns a source if found
{
"id": "eef4aefc-d64e-4c2c-aba4-4914c86ce059",
"created": "2017-01-01T15:05:05Z",
"updated": "2017-01-01T15:05:05Z",
"updated_by": "eef4aefc-d64e-4c2c-aba4-4914c86ce059",
"author": "eef4aefc-d64e-4c2c-aba4-4914c86ce059",
"enabled": true,
"ttl": 86400,
"status_code": "OK",
"status_text": "Connection established",
"name": "A pretty source",
"comment": "A comment",
"tags": [
"string"
],
"username_pattern": [
"string"
],
"external_user_mapping": [
{
"source_id": "string",
"source_search_field": "string"
}
],
"session_password_enabled": true,
"child_session_auto_logout_delay": 900,
"session_password_policy": {
"password_min_length": 16,
"password_max_length": 16,
"use_special_characters": true,
"use_lower_case": true,
"use_upper_case": true,
"use_numbers": true,
"password_entropy": 95,
"password_strength": "STRONG"
},
"connection": {
"type": "LDAP",
"address": "string",
"port": 123,
"service_address_auto_update": true,
"iam_access_key_id": "string",
"iam_secret_access_key": "string",
"iam_session_token": "string",
"iam_fetch_roles": true,
"iam_fetch_role_path_prefix": "string",
"google_cloud_project_ids": [
"string"
],
"google_cloud_config_json": "string",
"openstack_version": "V2",
"openstack_endpoint": "string",
"openstack_username": "string",
"openstack_user_id": "string",
"openstack_password": "string",
"openstack_apikey": "string",
"openstack_domainname": "string",
"openstack_domainid": "string",
"openstack_token_id": "string",
"openstack_tenant_ids": [
"string"
],
"openstack_tenant_names": [
"string"
],
"azure_base_url": "string",
"azure_subscription_id": "string",
"azure_tenant_id": "string",
"azure_client_id": "string",
"azure_client_secret": "string",
"ldap_protocol": "LDAP",
"ldap_base": "string",
"ldap_user_filter": "(&(!(objectclass=computer))(objectclass=user)(!(UserAccountControl:1.2.840.113556.1.4.803:=2))) for Microsoft Active Directory",
"ldap_bind_dn": "CN=Admin,OU=Users,OU=ad,DC=ad,DC=ordain,DC=ssh,DC=com",
"ldap_bind_password": "FooBar",
"ldap_user_dn_pattern": "uid={0},ou=people",
"google_gsuite_domain": "mydomain.com, if left empty fetches all user domains",
"google_gsuite_domain_admin_email": "admin@mydomain.com",
"oidc_enabled": true,
"oidc_issuer": "string",
"oidc_button_title": "string",
"oidc_client_id": "string",
"oidc_client_secret": "string",
"oidc_additional_scopes": [
"string"
],
"oidc_tags_attribute_name": "string",
"attribute_mapping": {},
"mfa_type": "DISABLED",
"mfa_address": "string",
"mfa_port": 123,
"mfa_base_dn": "string",
"domain_controller_fqdn": "string",
"domain_controller_port": 123,
"kerberos_ticket": "string",
"enable_user_authentication": true,
"enable_machine_authentication": true
}
}/role-store/api/v1/sources/{source_id}Update a source directory
Update a source directory by ID.
enabledbooleanttlintHow often the source data should be refreshed, time in seconds
- Example
- 86400
namestringA name describing the source
- Example
- "A pretty source"
commentstringA comment describing the object
- Example
- "A comment"
tagsarrayArray of tag strings
username_patternarrayArray of wildcarded username patters which should be authenticated against this source
external_user_mappingarrayMapping external users to source users via id+username
source_idstringA shared identifier between an external user source and this directory, used to map an external user to this source.
source_search_fieldstringSearch this field (be that AD/LDAP attribute or a database column) for the user id provided.
session_password_enabledbooleanchild_session_auto_logout_delayintChild session auto logout delay in seconds
- Example
- 900
session_password_policyobjectPassword policy for session password generation
password_min_lengthintMinimum password length, must be large enough to produce at least WEAK passwords and at least 10
- Example
- 16
password_max_lengthintMaximum password length, must be smaller or equal to 99
- Example
- 16
use_special_charactersboolean- Example
- true
use_lower_caseboolean- Example
- true
use_upper_caseboolean- Example
- true
use_numbersboolean- Example
- true
connectionobjectSource connection definition - depending on the type, either aws_iam_source, ad source or ldap_source is defined
typestringType of the source, LDAP, AD or AWS IAM
- Enum
- LDAP
- AD
- GOOGLEGSUITE
- OIDC
- AWS
- GOOGLECLOUD
- OPENSTACK
- AZURE
- LOCAL
addressstringThe address of the LDAP/AD/Local source provider
portintThe port of the LDAP/AD/Local source provider
service_address_auto_updatebooleanShould the host-service addresses be automatically updated if an address change is detected
iam_access_key_idstringAWS access key
iam_secret_access_keystringAWS secret access key
iam_session_tokenstringAWS session token
iam_fetch_rolesbooleanFetch roles from Amazon
iam_fetch_role_path_prefixstringA prefix for roles to be fetched from Amazon
google_cloud_project_idsarrayArray of Google Cloud project IDs
google_cloud_config_jsonstringGoogle Cloud service-account configuration. Base64 encoded JSON blob.
openstack_versionstringThe OpenStack version being configured.
- Enum
- V2
- V3
openstack_endpointstringOpenStack service endpoint url.
openstack_usernamestringOpenStack user name for Identity V2 API.
openstack_user_idstringOpenStack user ID for Identity V3 API, used with Username and DomainID or DomainName
openstack_passwordstringOpenStack password for Identity V2 and V3. Either password or API key is used.
openstack_apikeystringOpenStack API key for Identity V2 and V3. Either password or API key is used.
openstack_domainnamestringOpenStack domain name for Identity V3, used with user name.
openstack_domainidstringOpenStack domain ID for Identity V3, used with user name.
openstack_token_idstringOpenStack token ID.
openstack_tenant_idsarrayArray of OpenStack tenant IDs.
openstack_tenant_namesarrayArray of OpenStack tenant names.
azure_base_urlstringAzure connection endpoint url
azure_subscription_idstringAzure subscription ID
azure_tenant_idstringAzure tenant ID
azure_client_idstringAzure client ID
azure_client_secretstringAzure client secret
ldap_protocolstring- Enum
- LDAP
- LDAPS
- STARTTLS
ldap_basestringThe base LDAP/AD DN of the search string
ldap_user_filterstringThe user filter for the base DN
- Example
- "(&(!(objectclass=computer))(objectclass=user)(!(UserAccountControl:1.2.840.113556.1.4.803:=2))) for Microsoft Active Directory"
ldap_bind_dnstringThe browse account for LDAP/AD connection
- Example
- "CN=Admin,OU=Users,OU=ad,DC=ad,DC=ordain,DC=ssh,DC=com"
ldap_bind_passwordstringThe browse account password for LDAP/AD connection
- Example
- "FooBar"
ldap_user_dn_patternstringWhere to capture the user's distinguished name
- Example
- "uid={0},ou=people"
google_gsuite_domainstring- Example
- "mydomain.com, if left empty fetches all user domains"
google_gsuite_domain_admin_emailstring- Example
- "admin@mydomain.com"
oidc_enabledbooleanoidc_issuerstringoidc_button_titlestringoidc_client_idstringoidc_client_secretstringoidc_additional_scopesarrayoidc_tags_attribute_namestringattribute_mappingobjectAn object containing remote:local mappings for mapping attributes from remote source to local attribute schema.
mfa_typestringMultifactor-authentication-back-end type
- Enum
- DISABLED
- INTERNAL
- RADIUS
- OIDC
- FIDO
mfa_addressstringMultifactor-authentication-back-end address
mfa_portintMultifactor-authentication back-end port
mfa_base_dnstringBase DN of users who need to authenticate using MFA
domain_controller_fqdnstringDomain Controller FQDN for Kerberos authentication
domain_controller_portintDomain Controller port number for Kerberos authentication
kerberos_ticketstringBase64 encoded Kerberos ticket for Kerberos authentication
enable_user_authenticationbooleanIs user authentication enabled for this source
enable_machine_authenticationbooleanIs machine user authentication enabled for this source
Responses
Request examples
{
"enabled": true,
"ttl": 86400,
"name": "A pretty source",
"comment": "A comment",
"tags": [
"string"
],
"username_pattern": [
"string"
],
"external_user_mapping": [
{
"source_id": "string",
"source_search_field": "string"
}
],
"session_password_enabled": true,
"child_session_auto_logout_delay": 900,
"session_password_policy": {
"password_min_length": 16,
"password_max_length": 16,
"use_special_characters": true,
"use_lower_case": true,
"use_upper_case": true,
"use_numbers": true
},
"connection": {
"type": "LDAP",
"address": "string",
"port": 123,
"service_address_auto_update": true,
"iam_access_key_id": "string",
"iam_secret_access_key": "string",
"iam_session_token": "string",
"iam_fetch_roles": true,
"iam_fetch_role_path_prefix": "string",
"google_cloud_project_ids": [
"string"
],
"google_cloud_config_json": "string",
"openstack_version": "V2",
"openstack_endpoint": "string",
"openstack_username": "string",
"openstack_user_id": "string",
"openstack_password": "string",
"openstack_apikey": "string",
"openstack_domainname": "string",
"openstack_domainid": "string",
"openstack_token_id": "string",
"openstack_tenant_ids": [
"string"
],
"openstack_tenant_names": [
"string"
],
"azure_base_url": "string",
"azure_subscription_id": "string",
"azure_tenant_id": "string",
"azure_client_id": "string",
"azure_client_secret": "string",
"ldap_protocol": "LDAP",
"ldap_base": "string",
"ldap_user_filter": "(&(!(objectclass=computer))(objectclass=user)(!(UserAccountControl:1.2.840.113556.1.4.803:=2))) for Microsoft Active Directory",
"ldap_bind_dn": "CN=Admin,OU=Users,OU=ad,DC=ad,DC=ordain,DC=ssh,DC=com",
"ldap_bind_password": "FooBar",
"ldap_user_dn_pattern": "uid={0},ou=people",
"google_gsuite_domain": "mydomain.com, if left empty fetches all user domains",
"google_gsuite_domain_admin_email": "admin@mydomain.com",
"oidc_enabled": true,
"oidc_issuer": "string",
"oidc_button_title": "string",
"oidc_client_id": "string",
"oidc_client_secret": "string",
"oidc_additional_scopes": [
"string"
],
"oidc_tags_attribute_name": "string",
"attribute_mapping": {},
"mfa_type": "DISABLED",
"mfa_address": "string",
"mfa_port": 123,
"mfa_base_dn": "string",
"domain_controller_fqdn": "string",
"domain_controller_port": 123,
"kerberos_ticket": "string",
"enable_user_authentication": true,
"enable_machine_authentication": true
}
}Response examples
Source successfully updated
Empty response
/role-store/api/v1/sources/{source_id}Delete a source directory
Delete source directory by ID.
source_idstringrequired
Source id
Responses
Response examples
Source Successfully deleted
Empty response
/role-store/api/v1/sources/refreshRefresh source directories
Fetch hosts from local host directory, or users from any user directory.
Array of strings
- Format
- uuid
Responses
Response examples
Successful response, refresh started for listed directories.
{
"id": "eef4aefc-d64e-4c2c-aba4-4914c86ce059",
"created": "2017-01-01T15:05:05Z",
"updated": "2017-01-01T15:05:05Z",
"updated_by": "eef4aefc-d64e-4c2c-aba4-4914c86ce059",
"author": "eef4aefc-d64e-4c2c-aba4-4914c86ce059",
"enabled": true,
"ttl": 86400,
"status_code": "OK",
"status_text": "Connection established",
"name": "A pretty source",
"comment": "A comment",
"tags": [
"string"
],
"username_pattern": [
"string"
],
"external_user_mapping": [
{
"source_id": "string",
"source_search_field": "string"
}
],
"session_password_enabled": true,
"child_session_auto_logout_delay": 900,
"session_password_policy": {
"password_min_length": 16,
"password_max_length": 16,
"use_special_characters": true,
"use_lower_case": true,
"use_upper_case": true,
"use_numbers": true,
"password_entropy": 95,
"password_strength": "STRONG"
},
"connection": {
"type": "LDAP",
"address": "string",
"port": 123,
"service_address_auto_update": true,
"iam_access_key_id": "string",
"iam_secret_access_key": "string",
"iam_session_token": "string",
"iam_fetch_roles": true,
"iam_fetch_role_path_prefix": "string",
"google_cloud_project_ids": [
"string"
],
"google_cloud_config_json": "string",
"openstack_version": "V2",
"openstack_endpoint": "string",
"openstack_username": "string",
"openstack_user_id": "string",
"openstack_password": "string",
"openstack_apikey": "string",
"openstack_domainname": "string",
"openstack_domainid": "string",
"openstack_token_id": "string",
"openstack_tenant_ids": [
"string"
],
"openstack_tenant_names": [
"string"
],
"azure_base_url": "string",
"azure_subscription_id": "string",
"azure_tenant_id": "string",
"azure_client_id": "string",
"azure_client_secret": "string",
"ldap_protocol": "LDAP",
"ldap_base": "string",
"ldap_user_filter": "(&(!(objectclass=computer))(objectclass=user)(!(UserAccountControl:1.2.840.113556.1.4.803:=2))) for Microsoft Active Directory",
"ldap_bind_dn": "CN=Admin,OU=Users,OU=ad,DC=ad,DC=ordain,DC=ssh,DC=com",
"ldap_bind_password": "FooBar",
"ldap_user_dn_pattern": "uid={0},ou=people",
"google_gsuite_domain": "mydomain.com, if left empty fetches all user domains",
"google_gsuite_domain_admin_email": "admin@mydomain.com",
"oidc_enabled": true,
"oidc_issuer": "string",
"oidc_button_title": "string",
"oidc_client_id": "string",
"oidc_client_secret": "string",
"oidc_additional_scopes": [
"string"
],
"oidc_tags_attribute_name": "string",
"attribute_mapping": {},
"mfa_type": "DISABLED",
"mfa_address": "string",
"mfa_port": 123,
"mfa_base_dn": "string",
"domain_controller_fqdn": "string",
"domain_controller_port": 123,
"kerberos_ticket": "string",
"enable_user_authentication": true,
"enable_machine_authentication": true
}
}Was this page helpful?