mobile gateway
Download Specoauth
Required Scopes:
admin Get registration status of PrivX to Mobile Gateway
All Scopes
-
admin· Admin scope - used for built-in SSH PrivX admin account -
licensesManage· Clients with license manage scope -
service· Microservice scope - used for communication between SSH PrivX microservices -
user· Normal users
- Flow Type:
- authorization_code
- Auth URL:
- https://api.x.com/v1/auth/auth
- Token URL:
- https://api.x.com/v1/auth/auth
Response
Registration status
{
"product_id": "product-sha256-sdHe7CJqHwCY4WePe-BgYNGF8sd6fe8ier2Buemz4xM=",
"status": "REGISTERED",
"used_sources": {
"count": 1,
"items": [
{
"id": "eef4aefc-d64e-4c2c-aba4-4914c86ce059",
"created": "2017-01-01T15:05:05Z",
"updated": "2017-01-01T15:05:05Z",
"updated_by": "eef4aefc-d64e-4c2c-aba4-4914c86ce059",
"author": "eef4aefc-d64e-4c2c-aba4-4914c86ce059",
"enabled": true,
"ttl": 86400,
"status_code": "OK",
"status_text": "Connection established",
"name": "A pretty source",
"comment": "A comment",
"tags": [
"string"
],
"username_pattern": [
"string"
],
"external_user_mapping": [
{
"source_id": "string",
"source_search_field": "string"
}
],
"session_password_enabled": true,
"child_session_auto_logout_delay": 900,
"session_password_policy": {
"password_min_length": 16,
"password_max_length": 16,
"use_special_characters": true,
"use_lower_case": true,
"use_upper_case": true,
"use_numbers": true,
"password_entropy": 95,
"password_strength": "STRONG"
},
"connection": {
"type": "LDAP",
"address": "string",
"port": 123,
"service_address_auto_update": true,
"iam_access_key_id": "string",
"iam_secret_access_key": "string",
"iam_session_token": "string",
"iam_fetch_roles": true,
"iam_fetch_role_path_prefix": "string",
"google_cloud_project_ids": [
"string"
],
"google_cloud_config_json": "string",
"openstack_version": "V2",
"openstack_endpoint": "string",
"openstack_username": "string",
"openstack_user_id": "string",
"openstack_password": "string",
"openstack_apikey": "string",
"openstack_domainname": "string",
"openstack_domainid": "string",
"openstack_token_id": "string",
"openstack_tenant_ids": [
"string"
],
"openstack_tenant_names": [
"string"
],
"azure_base_url": "string",
"azure_subscription_id": "string",
"azure_tenant_id": "string",
"azure_client_id": "string",
"azure_client_secret": "string",
"ldap_protocol": "LDAP",
"ldap_base": "string",
"ldap_user_filter": "(&(!(objectclass=computer))(objectclass=user)(!(UserAccountControl:1.2.840.113556.1.4.803:=2))) for Microsoft Active Directory",
"ldap_bind_dn": "CN=Admin,OU=Users,OU=ad,DC=ad,DC=ordain,DC=ssh,DC=com",
"ldap_bind_password": "FooBar",
"ldap_user_dn_pattern": "uid={0},ou=people",
"google_gsuite_domain": "mydomain.com, if left empty fetches all user domains",
"google_gsuite_domain_admin_email": "admin@mydomain.com",
"oidc_enabled": true,
"oidc_issuer": "string",
"oidc_button_title": "string",
"oidc_client_id": "string",
"oidc_client_secret": "string",
"oidc_additional_scopes": [
"string"
],
"oidc_tags_attribute_name": "string",
"attribute_mapping": {},
"mfa_type": "DISABLED",
"mfa_address": "string",
"mfa_port": 123,
"mfa_base_dn": "string",
"domain_controller_fqdn": "string",
"domain_controller_port": 123,
"kerberos_ticket": "string",
"enable_user_authentication": true,
"enable_machine_authentication": true
}
}
]
}
}Empty response
Empty response
Empty response
Empty response
Empty response
Empty response
Empty response
Empty response
Empty response
Empty response
Empty response
Empty response
Empty response
Internal Server Error
{
"error_code": "GENERAL_ERROR",
"error_message": "string",
"property": "string",
"details": [
null
]
}error_code
string
required
Standard error code denoting the error type
- Enum
-
- GENERAL_ERROR
- BAD_REQUEST
- PERMISSION_DENIED
- INVALID_REQUEST_DATA
- REQUIRED_VALUE_MISSING
- VALUE_OUT_OF_BOUNDS
- VALUE_INCORRECT_TYPE
- VALUE_INCORRECT_FORMAT
- VALUE_DUPLICATE
- CONFIGURATION_ERROR
- OUT_OF_RESOURCES
- MAX_LOAD
- TOO_MANY_CONNECTIONS
- DATABASE_ERROR
- CACHE_ERROR
- INTRA_SERVICE_COMMUNICATION_ERROR
error_message
string
Textual, human readable error message
property
string
The property name causing an error
details
array[]
An array of errors describing error in more detail
reference (error)
recursiveproduct_id
string
Product ID
- Example
- "product-sha256-sdHe7CJqHwCY4WePe-BgYNGF8sd6fe8ier2Buemz4xM="
status
string
- Enum
-
- REGISTERED
- UNREGISTERED
used_sources
object (used_sources)
List of directories using mobile mfa
count
int
Directory count.
- Example
- 1
items
array[object]
object
The address of the source provider, LDAP/AD/AWS/Local
id
string
uuid
The UUID of the returned object
- Example
- "eef4aefc-d64e-4c2c-aba4-4914c86ce059"
created
string
date-time
When the object was created
- Example
- "2017-01-01T15:05:05Z"
updated
string
date-time
When the object was created
- Example
- "2017-01-01T15:05:05Z"
updated_by
string
uuid
ID of the user who updated the object
- Example
- "eef4aefc-d64e-4c2c-aba4-4914c86ce059"
author
string
uuid
ID of the user who originally authored the object
- Example
- "eef4aefc-d64e-4c2c-aba4-4914c86ce059"
enabled
boolean
ttl
int
How often the source data should be refreshed, time in seconds
- Example
- 86400
status_code
string
Source status, OK / NOK / DISABLED
- Enum
-
- OK
- NOK
- DISABLED
- Example
- "OK"
status_text
string
A string indicating source status, free textual format.
- Example
- "Connection established"
name
string
A name describing the source
- Example
- "A pretty source"
comment
string
A comment describing the object
- Example
- "A comment"
tags
array[string]
Array of tag strings
string
username_pattern
array[string]
Array of wildcarded username patters which should be authenticated against this source
string
external_user_mapping
array[object]
Mapping external users to source users via id+username
object
source_id
string
A shared identifier between an external user source and this directory, used to map an external user to this source.
source_search_field
string
Search this field (be that AD/LDAP attribute or a database column) for the user id provided.
session_password_enabled
boolean
child_session_auto_logout_delay
int
Child session auto logout delay in seconds
- Example
- 900
session_password_policy
object (session_password_policy)
Password policy for session password generation
password_min_length
int
Minimum password length, must be large enough to produce at least WEAK passwords and at least 10
- Example
- 16
password_max_length
int
Maximum password length, must be smaller or equal to 99
- Example
- 16
use_special_characters
boolean
- Example
- true
use_lower_case
boolean
- Example
- true
use_upper_case
boolean
- Example
- true
use_numbers
boolean
- Example
- true
password_entropy
int
Password entropy in bits for session passwords generated from this policy
- Example
- 95
password_strength
string
- Enum
-
- VERY_WEAK
- WEAK
- STRONG
- VERY_STRONG
- Example
- "STRONG"
connection
object (connection)
Source connection definition - depending on the type, either aws_iam_source, ad source or ldap_source is defined
type
string
Type of the source, LDAP, AD or AWS IAM
- Enum
-
- LDAP
- AD
- GOOGLEGSUITE
- OIDC
- AWS
- GOOGLECLOUD
- OPENSTACK
- AZURE
- LOCAL
address
string
The address of the LDAP/AD/Local source provider
port
int
The port of the LDAP/AD/Local source provider
service_address_auto_update
boolean
Should the host-service addresses be automatically updated if an address change is detected
iam_access_key_id
string
AWS access key
iam_secret_access_key
string
AWS secret access key
iam_session_token
string
AWS session token
iam_fetch_roles
boolean
Fetch roles from Amazon
iam_fetch_role_path_prefix
string
A prefix for roles to be fetched from Amazon
google_cloud_project_ids
array[string]
Array of Google Cloud project IDs
string
google_cloud_config_json
string
Google Cloud service-account configuration. Base64 encoded JSON blob.
openstack_version
string
The OpenStack version being configured.
- Enum
-
- V2
- V3
openstack_endpoint
string
OpenStack service endpoint url.
openstack_username
string
OpenStack user name for Identity V2 API.
openstack_user_id
string
OpenStack user ID for Identity V3 API, used with Username and DomainID or DomainName
openstack_password
string
OpenStack password for Identity V2 and V3. Either password or API key is used.
openstack_apikey
string
OpenStack API key for Identity V2 and V3. Either password or API key is used.
openstack_domainname
string
OpenStack domain name for Identity V3, used with user name.
openstack_domainid
string
OpenStack domain ID for Identity V3, used with user name.
openstack_token_id
string
OpenStack token ID.
openstack_tenant_ids
array[string]
Array of OpenStack tenant IDs.
string
openstack_tenant_names
array[string]
Array of OpenStack tenant names.
string
azure_base_url
string
Azure connection endpoint url
azure_subscription_id
string
Azure subscription ID
azure_tenant_id
string
Azure tenant ID
azure_client_id
string
Azure client ID
azure_client_secret
string
Azure client secret
ldap_protocol
string
- Enum
-
- LDAP
- LDAPS
- STARTTLS
ldap_base
string
The base LDAP/AD DN of the search string
ldap_user_filter
string
The user filter for the base DN
- Example
- "(&(!(objectclass=computer))(objectclass=user)(!(UserAccountControl:1.2.840.113556.1.4.803:=2))) for Microsoft Active Directory"
ldap_bind_dn
string
The browse account for LDAP/AD connection
- Example
- "CN=Admin,OU=Users,OU=ad,DC=ad,DC=ordain,DC=ssh,DC=com"
ldap_bind_password
string
The browse account password for LDAP/AD connection
- Example
- "FooBar"
ldap_user_dn_pattern
string
Where to capture the user's distinguished name
- Example
- "uid={0},ou=people"
google_gsuite_domain
string
- Example
- "mydomain.com, if left empty fetches all user domains"
google_gsuite_domain_admin_email
string
- Example
- "admin@mydomain.com"
oidc_enabled
boolean
oidc_issuer
string
oidc_button_title
string
oidc_client_id
string
oidc_client_secret
string
oidc_additional_scopes
array[string]
string
oidc_tags_attribute_name
string
attribute_mapping
object (attribute_mapping)
An object containing remote:local mappings for mapping attributes from remote source to local attribute schema.
mfa_type
string
Multifactor-authentication-back-end type
- Enum
-
- DISABLED
- INTERNAL
- RADIUS
- OIDC
- FIDO
- MOBILE
mfa_address
string
Multifactor-authentication-back-end address
mfa_port
int
Multifactor-authentication back-end port
mfa_base_dn
string
Base DN of users who need to authenticate using MFA
domain_controller_fqdn
string
Domain Controller FQDN for Kerberos authentication
domain_controller_port
int
Domain Controller port number for Kerberos authentication
kerberos_ticket
string
Base64 encoded Kerberos ticket for Kerberos authentication
enable_user_authentication
boolean
Is user authentication enabled for this source
enable_machine_authentication
boolean
Is machine user authentication enabled for this source
oauth
Required Scopes:
admin Register PrivX instance to Mobile gateway.
All Scopes
-
admin· Admin scope - used for built-in SSH PrivX admin account -
licensesManage· Clients with license manage scope -
service· Microservice scope - used for communication between SSH PrivX microservices -
user· Normal users
- Flow Type:
- authorization_code
- Auth URL:
- https://api.x.com/v1/auth/auth
- Token URL:
- https://api.x.com/v1/auth/auth
Response
Registration completed successfully
Empty response
Empty response
Empty response
Empty response
Empty response
Empty response
Empty response
Empty response
Empty response
Empty response
Empty response
Empty response
Empty response
No schema
Internal server error
{
"error_code": "GENERAL_ERROR",
"error_message": "string",
"property": "string",
"details": [
null
]
}Bad Gateway - Returned when interacting with the mobilegw has gone wrong
{
"error_code": "GENERAL_ERROR",
"error_message": "string",
"property": "string",
"details": [
null
]
}error_code
string
required
Standard error code denoting the error type
- Enum
-
- GENERAL_ERROR
- BAD_REQUEST
- PERMISSION_DENIED
- INVALID_REQUEST_DATA
- REQUIRED_VALUE_MISSING
- VALUE_OUT_OF_BOUNDS
- VALUE_INCORRECT_TYPE
- VALUE_INCORRECT_FORMAT
- VALUE_DUPLICATE
- CONFIGURATION_ERROR
- OUT_OF_RESOURCES
- MAX_LOAD
- TOO_MANY_CONNECTIONS
- DATABASE_ERROR
- CACHE_ERROR
- INTRA_SERVICE_COMMUNICATION_ERROR
error_message
string
Textual, human readable error message
property
string
The property name causing an error
details
array[]
An array of errors describing error in more detail
reference (error)
recursiveerror_code
string
required
Standard error code denoting the error type
- Enum
-
- GENERAL_ERROR
- BAD_REQUEST
- PERMISSION_DENIED
- INVALID_REQUEST_DATA
- REQUIRED_VALUE_MISSING
- VALUE_OUT_OF_BOUNDS
- VALUE_INCORRECT_TYPE
- VALUE_INCORRECT_FORMAT
- VALUE_DUPLICATE
- CONFIGURATION_ERROR
- OUT_OF_RESOURCES
- MAX_LOAD
- TOO_MANY_CONNECTIONS
- DATABASE_ERROR
- CACHE_ERROR
- INTRA_SERVICE_COMMUNICATION_ERROR
error_message
string
Textual, human readable error message
property
string
The property name causing an error
details
array[]
An array of errors describing error in more detail
reference (error)
recursiveUnregister PrivX instance from Mobile gateway. Destroys all pairing data!
oauth
Required Scopes:
admin Unregister PrivX instance from Mobile gateway. Destroys all pairing data!
All Scopes
-
admin· Admin scope - used for built-in SSH PrivX admin account -
licensesManage· Clients with license manage scope -
service· Microservice scope - used for communication between SSH PrivX microservices -
user· Normal users
- Flow Type:
- authorization_code
- Auth URL:
- https://api.x.com/v1/auth/auth
- Token URL:
- https://api.x.com/v1/auth/auth
Response
Unregistration completed successfully
Empty response
Empty response
Empty response
Empty response
Empty response
Empty response
Empty response
Empty response
Empty response
Empty response
Empty response
Empty response
Empty response
No schema
Internal server error
{
"error_code": "GENERAL_ERROR",
"error_message": "string",
"property": "string",
"details": [
null
]
}Bad Gateway - Returned when interacting with the mobilegw has gone wrong
{
"error_code": "GENERAL_ERROR",
"error_message": "string",
"property": "string",
"details": [
null
]
}error_code
string
required
Standard error code denoting the error type
- Enum
-
- GENERAL_ERROR
- BAD_REQUEST
- PERMISSION_DENIED
- INVALID_REQUEST_DATA
- REQUIRED_VALUE_MISSING
- VALUE_OUT_OF_BOUNDS
- VALUE_INCORRECT_TYPE
- VALUE_INCORRECT_FORMAT
- VALUE_DUPLICATE
- CONFIGURATION_ERROR
- OUT_OF_RESOURCES
- MAX_LOAD
- TOO_MANY_CONNECTIONS
- DATABASE_ERROR
- CACHE_ERROR
- INTRA_SERVICE_COMMUNICATION_ERROR
error_message
string
Textual, human readable error message
property
string
The property name causing an error
details
array[]
An array of errors describing error in more detail
reference (error)
recursiveerror_code
string
required
Standard error code denoting the error type
- Enum
-
- GENERAL_ERROR
- BAD_REQUEST
- PERMISSION_DENIED
- INVALID_REQUEST_DATA
- REQUIRED_VALUE_MISSING
- VALUE_OUT_OF_BOUNDS
- VALUE_INCORRECT_TYPE
- VALUE_INCORRECT_FORMAT
- VALUE_DUPLICATE
- CONFIGURATION_ERROR
- OUT_OF_RESOURCES
- MAX_LOAD
- TOO_MANY_CONNECTIONS
- DATABASE_ERROR
- CACHE_ERROR
- INTRA_SERVICE_COMMUNICATION_ERROR
error_message
string
Textual, human readable error message
property
string
The property name causing an error
details
array[]
An array of errors describing error in more detail
reference (error)
recursiveWas this page helpful?