sources
Download SpecPrivX user & host sources
Source definitions - User and host directories. Common auth will also fetch these upon startup.
Authorization
string
required
OAuth2 token
- Default
- "Bearer a-proper-token-goes-here"
OAuth2
Required Scopes:
useradminsourcesViewservice Source definitions - User and host directories. Common auth will also fetch these upon startup.
All Scopes
-
admin· Admin scope - used for built-in PrivX admin account -
apiClient· API Client scope - used for scripted access -
authorizedKeysManage· Client with authorizedkeys-manage -
hostsProvisioning· Deploy script -
roleTargetResourcesManage· Client with role-target-resources-manage -
roleTargetResourcesView· Client with role-target-resources-view -
rolesManage· Client with roles-manage scope -
rolesView· Client with roles-view scope -
service· Microservice scope - used for communication between PrivX microservices -
sourcesManage· Client with sources-manage scope -
sourcesView· Client with source-view scope -
user· Normal users -
usersManage· Client with users-manage scope -
usersView· Client with users-view scope
- Flow Type:
- authorization_code
- Auth URL:
- https://api.privx.ssh.com/v1/auth/auth
- Token URL:
- https://api.privx.ssh.com/v1/auth/auth
Response
Successful response, returns an array of defined sources, returns an empty array if no sources defined
{
"count": 123,
"items": [
{
"id": "eef4aefc-d64e-4c2c-aba4-4914c86ce059",
"created": "2017-01-01T15:05:05Z",
"updated": "2017-01-01T15:05:05Z",
"updated_by": "eef4aefc-d64e-4c2c-aba4-4914c86ce059",
"author": "eef4aefc-d64e-4c2c-aba4-4914c86ce059",
"enabled": true,
"ttl": 86400,
"status_code": "OK",
"status_text": "Connection established",
"name": "A pretty source",
"comment": "A comment",
"tags": [
"string"
],
"username_pattern": [
"string"
],
"external_user_mapping": [
{
"source_id": "string",
"source_search_field": "string"
}
],
"session_password_enabled": true,
"child_session_auto_logout_delay": 900,
"session_password_policy": {
"password_min_length": 16,
"password_max_length": 16,
"use_special_characters": true,
"use_lower_case": true,
"use_upper_case": true,
"use_numbers": true,
"password_entropy": 95,
"password_strength": "STRONG"
},
"connection": {
"type": "LDAP",
"address": "string",
"port": 123,
"service_address_auto_update": true,
"iam_access_key_id": "string",
"iam_secret_access_key": "string",
"iam_session_token": "string",
"iam_fetch_roles": true,
"iam_fetch_role_path_prefix": "string",
"google_cloud_project_ids": [
"string"
],
"google_cloud_config_json": "string",
"openstack_version": "V2",
"openstack_endpoint": "string",
"openstack_username": "string",
"openstack_user_id": "string",
"openstack_password": "string",
"openstack_apikey": "string",
"openstack_domainname": "string",
"openstack_domainid": "string",
"openstack_token_id": "string",
"openstack_tenant_ids": [
"string"
],
"openstack_tenant_names": [
"string"
],
"azure_base_url": "string",
"azure_subscription_id": "string",
"azure_tenant_id": "string",
"azure_client_id": "string",
"azure_client_secret": "string",
"ldap_protocol": "LDAP",
"ldap_base": "string",
"ldap_user_filter": "(&(!(objectclass=computer))(objectclass=user)(!(UserAccountControl:1.2.840.113556.1.4.803:=2))) for Microsoft Active Directory",
"ldap_bind_dn": "CN=Admin,OU=Users,OU=ad,DC=ad,DC=ordain,DC=ssh,DC=com",
"ldap_bind_password": "FooBar",
"ldap_user_dn_pattern": "uid={0},ou=people",
"google_gsuite_domain": "mydomain.com, if left empty fetches all user domains",
"google_gsuite_domain_admin_email": "admin@mydomain.com",
"oidc_enabled": true,
"oidc_issuer": "string",
"oidc_button_title": "string",
"oidc_client_id": "string",
"oidc_client_secret": "string",
"oidc_additional_scopes": [
"string"
],
"oidc_tags_attribute_name": "string",
"attribute_mapping": {},
"mfa_type": "DISABLED",
"mfa_address": "string",
"mfa_port": 123,
"mfa_base_dn": "string",
"domain_controller_fqdn": "string",
"domain_controller_port": 123,
"kerberos_ticket": "string",
"enable_user_authentication": true,
"enable_machine_authentication": true
}
}
]
}Empty response
Empty response
Empty response
Empty response
Empty response
Empty response
Empty response
Empty response
Empty response
Bad request
{
"error_code": "GENERAL_ERROR",
"error_message": "string",
"property": "string",
"details": [
null
]
}Unauthorized request, OAuth2 authorization missing or invalid
{
"error_code": "GENERAL_ERROR",
"error_message": "string",
"property": "string",
"details": [
null
]
}Unauthorized request, OAuth2 authorization OK but scope insufficient
{
"error_code": "GENERAL_ERROR",
"error_message": "string",
"property": "string",
"details": [
null
]
}Resource not found
{
"error_code": "GENERAL_ERROR",
"error_message": "string",
"property": "string",
"details": [
null
]
}Internal server error
{
"error_code": "GENERAL_ERROR",
"error_message": "string",
"property": "string",
"details": [
null
]
}error_code
string
required
Standard error code denoting the error type
- Enum
-
- GENERAL_ERROR
- BAD_REQUEST
- PERMISSION_DENIED
- INVALID_REQUEST_DATA
- REQUIRED_VALUE_MISSING
- VALUE_OUT_OF_BOUNDS
- VALUE_INCORRECT_TYPE
- VALUE_INCORRECT_FORMAT
- VALUE_DUPLICATE
- CONFIGURATION_ERROR
- OUT_OF_RESOURCES
- MAX_LOAD
- TOO_MANY_CONNECTIONS
- DATABASE_ERROR
- CACHE_ERROR
- INTRA_SERVICE_COMMUNICATION_ERROR
error_message
string
Textual, human readable error message
property
string
The property name causing the error
details
array[]
An array of errors describing the error in more detail
reference (error)
recursiveerror_code
string
required
Standard error code denoting the error type
- Enum
-
- GENERAL_ERROR
- BAD_REQUEST
- PERMISSION_DENIED
- INVALID_REQUEST_DATA
- REQUIRED_VALUE_MISSING
- VALUE_OUT_OF_BOUNDS
- VALUE_INCORRECT_TYPE
- VALUE_INCORRECT_FORMAT
- VALUE_DUPLICATE
- CONFIGURATION_ERROR
- OUT_OF_RESOURCES
- MAX_LOAD
- TOO_MANY_CONNECTIONS
- DATABASE_ERROR
- CACHE_ERROR
- INTRA_SERVICE_COMMUNICATION_ERROR
error_message
string
Textual, human readable error message
property
string
The property name causing the error
details
array[]
An array of errors describing the error in more detail
reference (error)
recursiveerror_code
string
required
Standard error code denoting the error type
- Enum
-
- GENERAL_ERROR
- BAD_REQUEST
- PERMISSION_DENIED
- INVALID_REQUEST_DATA
- REQUIRED_VALUE_MISSING
- VALUE_OUT_OF_BOUNDS
- VALUE_INCORRECT_TYPE
- VALUE_INCORRECT_FORMAT
- VALUE_DUPLICATE
- CONFIGURATION_ERROR
- OUT_OF_RESOURCES
- MAX_LOAD
- TOO_MANY_CONNECTIONS
- DATABASE_ERROR
- CACHE_ERROR
- INTRA_SERVICE_COMMUNICATION_ERROR
error_message
string
Textual, human readable error message
property
string
The property name causing the error
details
array[]
An array of errors describing the error in more detail
reference (error)
recursiveerror_code
string
required
Standard error code denoting the error type
- Enum
-
- GENERAL_ERROR
- BAD_REQUEST
- PERMISSION_DENIED
- INVALID_REQUEST_DATA
- REQUIRED_VALUE_MISSING
- VALUE_OUT_OF_BOUNDS
- VALUE_INCORRECT_TYPE
- VALUE_INCORRECT_FORMAT
- VALUE_DUPLICATE
- CONFIGURATION_ERROR
- OUT_OF_RESOURCES
- MAX_LOAD
- TOO_MANY_CONNECTIONS
- DATABASE_ERROR
- CACHE_ERROR
- INTRA_SERVICE_COMMUNICATION_ERROR
error_message
string
Textual, human readable error message
property
string
The property name causing the error
details
array[]
An array of errors describing the error in more detail
reference (error)
recursiveerror_code
string
required
Standard error code denoting the error type
- Enum
-
- GENERAL_ERROR
- BAD_REQUEST
- PERMISSION_DENIED
- INVALID_REQUEST_DATA
- REQUIRED_VALUE_MISSING
- VALUE_OUT_OF_BOUNDS
- VALUE_INCORRECT_TYPE
- VALUE_INCORRECT_FORMAT
- VALUE_DUPLICATE
- CONFIGURATION_ERROR
- OUT_OF_RESOURCES
- MAX_LOAD
- TOO_MANY_CONNECTIONS
- DATABASE_ERROR
- CACHE_ERROR
- INTRA_SERVICE_COMMUNICATION_ERROR
error_message
string
Textual, human readable error message
property
string
The property name causing the error
details
array[]
An array of errors describing the error in more detail
reference (error)
recursivecount
int
items
array[object]
object
The address of the source provider, LDAP/AD/AWS/Local
id
string
uuid
The UUID of the returned object
- Example
- "eef4aefc-d64e-4c2c-aba4-4914c86ce059"
created
string
date-time
When the object was created
- Example
- "2017-01-01T15:05:05Z"
updated
string
date-time
When the object was created
- Example
- "2017-01-01T15:05:05Z"
updated_by
string
uuid
ID of the user who updated the object
- Example
- "eef4aefc-d64e-4c2c-aba4-4914c86ce059"
author
string
uuid
ID of the user who originally authored the object
- Example
- "eef4aefc-d64e-4c2c-aba4-4914c86ce059"
enabled
boolean
ttl
int
How often the source data should be refreshed, time in seconds
- Example
- 86400
status_code
string
Source status, OK / NOK / DISABLED
- Enum
-
- OK
- NOK
- DISABLED
- Example
- "OK"
status_text
string
A string indicating source status, free textual format.
- Example
- "Connection established"
name
string
A name describing the source
- Example
- "A pretty source"
comment
string
A comment describing the object
- Example
- "A comment"
tags
array[string]
Array of tag strings
string
username_pattern
array[string]
Array of wildcarded username patters which should be authenticated against this source
string
external_user_mapping
array[object]
Mapping external users to source users via id+username
object
source_id
string
A shared identifier between an external user source and this directory, used to map an external user to this source.
source_search_field
string
Search this field (be that AD/LDAP attribute or a database column) for the user id provided.
session_password_enabled
boolean
child_session_auto_logout_delay
int
Child session auto logout delay in seconds
- Example
- 900
session_password_policy
object (session_password_policy)
Password policy for session password generation
password_min_length
int
Minimum password length, must be large enough to produce at least WEAK passwords and at least 10
- Example
- 16
password_max_length
int
Maximum password length, must be smaller or equal to 99
- Example
- 16
use_special_characters
boolean
- Example
- true
use_lower_case
boolean
- Example
- true
use_upper_case
boolean
- Example
- true
use_numbers
boolean
- Example
- true
password_entropy
int
Password entropy in bits for session passwords generated from this policy
- Example
- 95
password_strength
string
- Enum
-
- VERY_WEAK
- WEAK
- STRONG
- VERY_STRONG
- Example
- "STRONG"
connection
object (connection)
Source connection definition - depending on the type, either aws_iam_source, ad source or ldap_source is defined
type
string
Type of the source, LDAP, AD or AWS IAM
- Enum
-
- LDAP
- AD
- GOOGLEGSUITE
- OIDC
- AWS
- GOOGLECLOUD
- OPENSTACK
- AZURE
- LOCAL
address
string
The address of the LDAP/AD/Local source provider
port
int
The port of the LDAP/AD/Local source provider
service_address_auto_update
boolean
Should the host-service addresses be automatically updated if an address change is detected
iam_access_key_id
string
AWS access key
iam_secret_access_key
string
AWS secret access key
iam_session_token
string
AWS session token
iam_fetch_roles
boolean
Fetch roles from Amazon
iam_fetch_role_path_prefix
string
A prefix for roles to be fetched from Amazon
google_cloud_project_ids
array[string]
Array of Google Cloud project IDs
string
google_cloud_config_json
string
Google Cloud service-account configuration. Base64 encoded JSON blob.
openstack_version
string
The OpenStack version being configured.
- Enum
-
- V2
- V3
openstack_endpoint
string
OpenStack service endpoint url.
openstack_username
string
OpenStack user name for Identity V2 API.
openstack_user_id
string
OpenStack user ID for Identity V3 API, used with Username and DomainID or DomainName
openstack_password
string
OpenStack password for Identity V2 and V3. Either password or API key is used.
openstack_apikey
string
OpenStack API key for Identity V2 and V3. Either password or API key is used.
openstack_domainname
string
OpenStack domain name for Identity V3, used with user name.
openstack_domainid
string
OpenStack domain ID for Identity V3, used with user name.
openstack_token_id
string
OpenStack token ID.
openstack_tenant_ids
array[string]
Array of OpenStack tenant IDs.
string
openstack_tenant_names
array[string]
Array of OpenStack tenant names.
string
azure_base_url
string
Azure connection endpoint url
azure_subscription_id
string
Azure subscription ID
azure_tenant_id
string
Azure tenant ID
azure_client_id
string
Azure client ID
azure_client_secret
string
Azure client secret
ldap_protocol
string
- Enum
-
- LDAP
- LDAPS
- STARTTLS
ldap_base
string
The base LDAP/AD DN of the search string
ldap_user_filter
string
The user filter for the base DN
- Example
- "(&(!(objectclass=computer))(objectclass=user)(!(UserAccountControl:1.2.840.113556.1.4.803:=2))) for Microsoft Active Directory"
ldap_bind_dn
string
The browse account for LDAP/AD connection
- Example
- "CN=Admin,OU=Users,OU=ad,DC=ad,DC=ordain,DC=ssh,DC=com"
ldap_bind_password
string
The browse account password for LDAP/AD connection
- Example
- "FooBar"
ldap_user_dn_pattern
string
Where to capture the user's distinguished name
- Example
- "uid={0},ou=people"
google_gsuite_domain
string
- Example
- "mydomain.com, if left empty fetches all user domains"
google_gsuite_domain_admin_email
string
- Example
- "admin@mydomain.com"
oidc_enabled
boolean
oidc_issuer
string
oidc_button_title
string
oidc_client_id
string
oidc_client_secret
string
oidc_additional_scopes
array[string]
string
oidc_tags_attribute_name
string
attribute_mapping
object (attribute_mapping)
An object containing remote:local mappings for mapping attributes from remote source to local attribute schema.
mfa_type
string
Multifactor-authentication-back-end type
- Enum
-
- DISABLED
- INTERNAL
- RADIUS
- OIDC
- FIDO
- MOBILE
mfa_address
string
Multifactor-authentication-back-end address
mfa_port
int
Multifactor-authentication back-end port
mfa_base_dn
string
Base DN of users who need to authenticate using MFA
domain_controller_fqdn
string
Domain Controller FQDN for Kerberos authentication
domain_controller_port
int
Domain Controller port number for Kerberos authentication
kerberos_ticket
string
Base64 encoded Kerberos ticket for Kerberos authentication
enable_user_authentication
boolean
Is user authentication enabled for this source
enable_machine_authentication
boolean
Is machine user authentication enabled for this source
Create a new source definition. Id, author, created & updated are automatically populated by the server.
enabled
boolean
ttl
int
How often the source data should be refreshed, time in seconds
- Example
- 86400
name
string
A name describing the source
- Example
- "A pretty source"
comment
string
A comment describing the object
- Example
- "A comment"
tags
array[string]
Array of tag strings
string
username_pattern
array[string]
Array of wildcarded username patters which should be authenticated against this source
string
external_user_mapping
array[object]
Mapping external users to source users via id+username
object
source_id
string
A shared identifier between an external user source and this directory, used to map an external user to this source.
source_search_field
string
Search this field (be that AD/LDAP attribute or a database column) for the user id provided.
session_password_enabled
boolean
child_session_auto_logout_delay
int
Child session auto logout delay in seconds
- Example
- 900
session_password_policy
object (session_password_policy)
Password policy for session password generation
password_min_length
int
Minimum password length, must be large enough to produce at least WEAK passwords and at least 10
- Example
- 16
password_max_length
int
Maximum password length, must be smaller or equal to 99
- Example
- 16
use_special_characters
boolean
- Example
- true
use_lower_case
boolean
- Example
- true
use_upper_case
boolean
- Example
- true
use_numbers
boolean
- Example
- true
connection
object (connection)
Source connection definition - depending on the type, either aws_iam_source, ad source or ldap_source is defined
type
string
Type of the source, LDAP, AD or AWS IAM
- Enum
-
- LDAP
- AD
- GOOGLEGSUITE
- OIDC
- AWS
- GOOGLECLOUD
- OPENSTACK
- AZURE
- LOCAL
address
string
The address of the LDAP/AD/Local source provider
port
int
The port of the LDAP/AD/Local source provider
service_address_auto_update
boolean
Should the host-service addresses be automatically updated if an address change is detected
iam_access_key_id
string
AWS access key
iam_secret_access_key
string
AWS secret access key
iam_session_token
string
AWS session token
iam_fetch_roles
boolean
Fetch roles from Amazon
iam_fetch_role_path_prefix
string
A prefix for roles to be fetched from Amazon
google_cloud_project_ids
array[string]
Array of Google Cloud project IDs
string
google_cloud_config_json
string
Google Cloud service-account configuration. Base64 encoded JSON blob.
openstack_version
string
The OpenStack version being configured.
- Enum
-
- V2
- V3
openstack_endpoint
string
OpenStack service endpoint url.
openstack_username
string
OpenStack user name for Identity V2 API.
openstack_user_id
string
OpenStack user ID for Identity V3 API, used with Username and DomainID or DomainName
openstack_password
string
OpenStack password for Identity V2 and V3. Either password or API key is used.
openstack_apikey
string
OpenStack API key for Identity V2 and V3. Either password or API key is used.
openstack_domainname
string
OpenStack domain name for Identity V3, used with user name.
openstack_domainid
string
OpenStack domain ID for Identity V3, used with user name.
openstack_token_id
string
OpenStack token ID.
openstack_tenant_ids
array[string]
Array of OpenStack tenant IDs.
string
openstack_tenant_names
array[string]
Array of OpenStack tenant names.
string
azure_base_url
string
Azure connection endpoint url
azure_subscription_id
string
Azure subscription ID
azure_tenant_id
string
Azure tenant ID
azure_client_id
string
Azure client ID
azure_client_secret
string
Azure client secret
ldap_protocol
string
- Enum
-
- LDAP
- LDAPS
- STARTTLS
ldap_base
string
The base LDAP/AD DN of the search string
ldap_user_filter
string
The user filter for the base DN
- Example
- "(&(!(objectclass=computer))(objectclass=user)(!(UserAccountControl:1.2.840.113556.1.4.803:=2))) for Microsoft Active Directory"
ldap_bind_dn
string
The browse account for LDAP/AD connection
- Example
- "CN=Admin,OU=Users,OU=ad,DC=ad,DC=ordain,DC=ssh,DC=com"
ldap_bind_password
string
The browse account password for LDAP/AD connection
- Example
- "FooBar"
ldap_user_dn_pattern
string
Where to capture the user's distinguished name
- Example
- "uid={0},ou=people"
google_gsuite_domain
string
- Example
- "mydomain.com, if left empty fetches all user domains"
google_gsuite_domain_admin_email
string
- Example
- "admin@mydomain.com"
oidc_enabled
boolean
oidc_issuer
string
oidc_button_title
string
oidc_client_id
string
oidc_client_secret
string
oidc_additional_scopes
array[string]
string
oidc_tags_attribute_name
string
attribute_mapping
object (attribute_mapping)
An object containing remote:local mappings for mapping attributes from remote source to local attribute schema.
mfa_type
string
Multifactor-authentication-back-end type
- Enum
-
- DISABLED
- INTERNAL
- RADIUS
- OIDC
- FIDO
mfa_address
string
Multifactor-authentication-back-end address
mfa_port
int
Multifactor-authentication back-end port
mfa_base_dn
string
Base DN of users who need to authenticate using MFA
domain_controller_fqdn
string
Domain Controller FQDN for Kerberos authentication
domain_controller_port
int
Domain Controller port number for Kerberos authentication
kerberos_ticket
string
Base64 encoded Kerberos ticket for Kerberos authentication
enable_user_authentication
boolean
Is user authentication enabled for this source
enable_machine_authentication
boolean
Is machine user authentication enabled for this source
Authorization
string
required
OAuth2 token
- Default
- "Bearer a-proper-token-goes-here"
OAuth2
Required Scopes:
adminservicesourcesManage Create a new source definition. Id, author, created & updated are automatically populated by the server.
All Scopes
-
admin· Admin scope - used for built-in PrivX admin account -
apiClient· API Client scope - used for scripted access -
authorizedKeysManage· Client with authorizedkeys-manage -
hostsProvisioning· Deploy script -
roleTargetResourcesManage· Client with role-target-resources-manage -
roleTargetResourcesView· Client with role-target-resources-view -
rolesManage· Client with roles-manage scope -
rolesView· Client with roles-view scope -
service· Microservice scope - used for communication between PrivX microservices -
sourcesManage· Client with sources-manage scope -
sourcesView· Client with source-view scope -
user· Normal users -
usersManage· Client with users-manage scope -
usersView· Client with users-view scope
- Flow Type:
- authorization_code
- Auth URL:
- https://api.privx.ssh.com/v1/auth/auth
- Token URL:
- https://api.privx.ssh.com/v1/auth/auth
Request
{
"enabled": true,
"ttl": 86400,
"name": "A pretty source",
"comment": "A comment",
"tags": [
"string"
],
"username_pattern": [
"string"
],
"external_user_mapping": [
{
"source_id": "string",
"source_search_field": "string"
}
],
"session_password_enabled": true,
"child_session_auto_logout_delay": 900,
"session_password_policy": {
"password_min_length": 16,
"password_max_length": 16,
"use_special_characters": true,
"use_lower_case": true,
"use_upper_case": true,
"use_numbers": true
},
"connection": {
"type": "LDAP",
"address": "string",
"port": 123,
"service_address_auto_update": true,
"iam_access_key_id": "string",
"iam_secret_access_key": "string",
"iam_session_token": "string",
"iam_fetch_roles": true,
"iam_fetch_role_path_prefix": "string",
"google_cloud_project_ids": [
"string"
],
"google_cloud_config_json": "string",
"openstack_version": "V2",
"openstack_endpoint": "string",
"openstack_username": "string",
"openstack_user_id": "string",
"openstack_password": "string",
"openstack_apikey": "string",
"openstack_domainname": "string",
"openstack_domainid": "string",
"openstack_token_id": "string",
"openstack_tenant_ids": [
"string"
],
"openstack_tenant_names": [
"string"
],
"azure_base_url": "string",
"azure_subscription_id": "string",
"azure_tenant_id": "string",
"azure_client_id": "string",
"azure_client_secret": "string",
"ldap_protocol": "LDAP",
"ldap_base": "string",
"ldap_user_filter": "(&(!(objectclass=computer))(objectclass=user)(!(UserAccountControl:1.2.840.113556.1.4.803:=2))) for Microsoft Active Directory",
"ldap_bind_dn": "CN=Admin,OU=Users,OU=ad,DC=ad,DC=ordain,DC=ssh,DC=com",
"ldap_bind_password": "FooBar",
"ldap_user_dn_pattern": "uid={0},ou=people",
"google_gsuite_domain": "mydomain.com, if left empty fetches all user domains",
"google_gsuite_domain_admin_email": "admin@mydomain.com",
"oidc_enabled": true,
"oidc_issuer": "string",
"oidc_button_title": "string",
"oidc_client_id": "string",
"oidc_client_secret": "string",
"oidc_additional_scopes": [
"string"
],
"oidc_tags_attribute_name": "string",
"attribute_mapping": {},
"mfa_type": "DISABLED",
"mfa_address": "string",
"mfa_port": 123,
"mfa_base_dn": "string",
"domain_controller_fqdn": "string",
"domain_controller_port": 123,
"kerberos_ticket": "string",
"enable_user_authentication": true,
"enable_machine_authentication": true
}
}Response
Source Successfully created
{
"id": "5bf77342-221c-11ee-be56-0242ac120002"
}Empty response
Empty response
Empty response
Empty response
Empty response
Empty response
Empty response
Empty response
Empty response
Bad request
{
"error_code": "GENERAL_ERROR",
"error_message": "string",
"property": "string",
"details": [
null
]
}Unauthorized request, OAuth2 authorization missing or invalid
{
"error_code": "GENERAL_ERROR",
"error_message": "string",
"property": "string",
"details": [
null
]
}Unauthorized request, OAuth2 authorization OK but scope insufficient
{
"error_code": "GENERAL_ERROR",
"error_message": "string",
"property": "string",
"details": [
null
]
}Resource not found
{
"error_code": "GENERAL_ERROR",
"error_message": "string",
"property": "string",
"details": [
null
]
}Internal server error
{
"error_code": "GENERAL_ERROR",
"error_message": "string",
"property": "string",
"details": [
null
]
}error_code
string
required
Standard error code denoting the error type
- Enum
-
- GENERAL_ERROR
- BAD_REQUEST
- PERMISSION_DENIED
- INVALID_REQUEST_DATA
- REQUIRED_VALUE_MISSING
- VALUE_OUT_OF_BOUNDS
- VALUE_INCORRECT_TYPE
- VALUE_INCORRECT_FORMAT
- VALUE_DUPLICATE
- CONFIGURATION_ERROR
- OUT_OF_RESOURCES
- MAX_LOAD
- TOO_MANY_CONNECTIONS
- DATABASE_ERROR
- CACHE_ERROR
- INTRA_SERVICE_COMMUNICATION_ERROR
error_message
string
Textual, human readable error message
property
string
The property name causing the error
details
array[]
An array of errors describing the error in more detail
reference (error)
recursiveerror_code
string
required
Standard error code denoting the error type
- Enum
-
- GENERAL_ERROR
- BAD_REQUEST
- PERMISSION_DENIED
- INVALID_REQUEST_DATA
- REQUIRED_VALUE_MISSING
- VALUE_OUT_OF_BOUNDS
- VALUE_INCORRECT_TYPE
- VALUE_INCORRECT_FORMAT
- VALUE_DUPLICATE
- CONFIGURATION_ERROR
- OUT_OF_RESOURCES
- MAX_LOAD
- TOO_MANY_CONNECTIONS
- DATABASE_ERROR
- CACHE_ERROR
- INTRA_SERVICE_COMMUNICATION_ERROR
error_message
string
Textual, human readable error message
property
string
The property name causing the error
details
array[]
An array of errors describing the error in more detail
reference (error)
recursiveerror_code
string
required
Standard error code denoting the error type
- Enum
-
- GENERAL_ERROR
- BAD_REQUEST
- PERMISSION_DENIED
- INVALID_REQUEST_DATA
- REQUIRED_VALUE_MISSING
- VALUE_OUT_OF_BOUNDS
- VALUE_INCORRECT_TYPE
- VALUE_INCORRECT_FORMAT
- VALUE_DUPLICATE
- CONFIGURATION_ERROR
- OUT_OF_RESOURCES
- MAX_LOAD
- TOO_MANY_CONNECTIONS
- DATABASE_ERROR
- CACHE_ERROR
- INTRA_SERVICE_COMMUNICATION_ERROR
error_message
string
Textual, human readable error message
property
string
The property name causing the error
details
array[]
An array of errors describing the error in more detail
reference (error)
recursiveerror_code
string
required
Standard error code denoting the error type
- Enum
-
- GENERAL_ERROR
- BAD_REQUEST
- PERMISSION_DENIED
- INVALID_REQUEST_DATA
- REQUIRED_VALUE_MISSING
- VALUE_OUT_OF_BOUNDS
- VALUE_INCORRECT_TYPE
- VALUE_INCORRECT_FORMAT
- VALUE_DUPLICATE
- CONFIGURATION_ERROR
- OUT_OF_RESOURCES
- MAX_LOAD
- TOO_MANY_CONNECTIONS
- DATABASE_ERROR
- CACHE_ERROR
- INTRA_SERVICE_COMMUNICATION_ERROR
error_message
string
Textual, human readable error message
property
string
The property name causing the error
details
array[]
An array of errors describing the error in more detail
reference (error)
recursiveerror_code
string
required
Standard error code denoting the error type
- Enum
-
- GENERAL_ERROR
- BAD_REQUEST
- PERMISSION_DENIED
- INVALID_REQUEST_DATA
- REQUIRED_VALUE_MISSING
- VALUE_OUT_OF_BOUNDS
- VALUE_INCORRECT_TYPE
- VALUE_INCORRECT_FORMAT
- VALUE_DUPLICATE
- CONFIGURATION_ERROR
- OUT_OF_RESOURCES
- MAX_LOAD
- TOO_MANY_CONNECTIONS
- DATABASE_ERROR
- CACHE_ERROR
- INTRA_SERVICE_COMMUNICATION_ERROR
error_message
string
Textual, human readable error message
property
string
The property name causing the error
details
array[]
An array of errors describing the error in more detail
reference (error)
recursiveid
string
uuid
ID of the created resource
Location
string
Location of the created resource
source_id
string
required
Source id
Authorization
string
required
OAuth2 token
- Default
- "Bearer a-proper-token-goes-here"
OAuth2
Required Scopes:
adminsourcesViewservice Get source object by ID.
All Scopes
-
admin· Admin scope - used for built-in PrivX admin account -
apiClient· API Client scope - used for scripted access -
authorizedKeysManage· Client with authorizedkeys-manage -
hostsProvisioning· Deploy script -
roleTargetResourcesManage· Client with role-target-resources-manage -
roleTargetResourcesView· Client with role-target-resources-view -
rolesManage· Client with roles-manage scope -
rolesView· Client with roles-view scope -
service· Microservice scope - used for communication between PrivX microservices -
sourcesManage· Client with sources-manage scope -
sourcesView· Client with source-view scope -
user· Normal users -
usersManage· Client with users-manage scope -
usersView· Client with users-view scope
- Flow Type:
- authorization_code
- Auth URL:
- https://api.privx.ssh.com/v1/auth/auth
- Token URL:
- https://api.privx.ssh.com/v1/auth/auth
Response
Successful response, returns a source if found
{
"id": "eef4aefc-d64e-4c2c-aba4-4914c86ce059",
"created": "2017-01-01T15:05:05Z",
"updated": "2017-01-01T15:05:05Z",
"updated_by": "eef4aefc-d64e-4c2c-aba4-4914c86ce059",
"author": "eef4aefc-d64e-4c2c-aba4-4914c86ce059",
"enabled": true,
"ttl": 86400,
"status_code": "OK",
"status_text": "Connection established",
"name": "A pretty source",
"comment": "A comment",
"tags": [
"string"
],
"username_pattern": [
"string"
],
"external_user_mapping": [
{
"source_id": "string",
"source_search_field": "string"
}
],
"session_password_enabled": true,
"child_session_auto_logout_delay": 900,
"session_password_policy": {
"password_min_length": 16,
"password_max_length": 16,
"use_special_characters": true,
"use_lower_case": true,
"use_upper_case": true,
"use_numbers": true,
"password_entropy": 95,
"password_strength": "STRONG"
},
"connection": {
"type": "LDAP",
"address": "string",
"port": 123,
"service_address_auto_update": true,
"iam_access_key_id": "string",
"iam_secret_access_key": "string",
"iam_session_token": "string",
"iam_fetch_roles": true,
"iam_fetch_role_path_prefix": "string",
"google_cloud_project_ids": [
"string"
],
"google_cloud_config_json": "string",
"openstack_version": "V2",
"openstack_endpoint": "string",
"openstack_username": "string",
"openstack_user_id": "string",
"openstack_password": "string",
"openstack_apikey": "string",
"openstack_domainname": "string",
"openstack_domainid": "string",
"openstack_token_id": "string",
"openstack_tenant_ids": [
"string"
],
"openstack_tenant_names": [
"string"
],
"azure_base_url": "string",
"azure_subscription_id": "string",
"azure_tenant_id": "string",
"azure_client_id": "string",
"azure_client_secret": "string",
"ldap_protocol": "LDAP",
"ldap_base": "string",
"ldap_user_filter": "(&(!(objectclass=computer))(objectclass=user)(!(UserAccountControl:1.2.840.113556.1.4.803:=2))) for Microsoft Active Directory",
"ldap_bind_dn": "CN=Admin,OU=Users,OU=ad,DC=ad,DC=ordain,DC=ssh,DC=com",
"ldap_bind_password": "FooBar",
"ldap_user_dn_pattern": "uid={0},ou=people",
"google_gsuite_domain": "mydomain.com, if left empty fetches all user domains",
"google_gsuite_domain_admin_email": "admin@mydomain.com",
"oidc_enabled": true,
"oidc_issuer": "string",
"oidc_button_title": "string",
"oidc_client_id": "string",
"oidc_client_secret": "string",
"oidc_additional_scopes": [
"string"
],
"oidc_tags_attribute_name": "string",
"attribute_mapping": {},
"mfa_type": "DISABLED",
"mfa_address": "string",
"mfa_port": 123,
"mfa_base_dn": "string",
"domain_controller_fqdn": "string",
"domain_controller_port": 123,
"kerberos_ticket": "string",
"enable_user_authentication": true,
"enable_machine_authentication": true
}
}Empty response
Empty response
Empty response
Empty response
Empty response
Empty response
Empty response
Empty response
Empty response
Bad request
{
"error_code": "GENERAL_ERROR",
"error_message": "string",
"property": "string",
"details": [
null
]
}Unauthorized request, OAuth2 authorization missing or invalid
{
"error_code": "GENERAL_ERROR",
"error_message": "string",
"property": "string",
"details": [
null
]
}Unauthorized request, OAuth2 authorization OK but scope insufficient
{
"error_code": "GENERAL_ERROR",
"error_message": "string",
"property": "string",
"details": [
null
]
}Resource not found
{
"error_code": "GENERAL_ERROR",
"error_message": "string",
"property": "string",
"details": [
null
]
}Internal server error
{
"error_code": "GENERAL_ERROR",
"error_message": "string",
"property": "string",
"details": [
null
]
}error_code
string
required
Standard error code denoting the error type
- Enum
-
- GENERAL_ERROR
- BAD_REQUEST
- PERMISSION_DENIED
- INVALID_REQUEST_DATA
- REQUIRED_VALUE_MISSING
- VALUE_OUT_OF_BOUNDS
- VALUE_INCORRECT_TYPE
- VALUE_INCORRECT_FORMAT
- VALUE_DUPLICATE
- CONFIGURATION_ERROR
- OUT_OF_RESOURCES
- MAX_LOAD
- TOO_MANY_CONNECTIONS
- DATABASE_ERROR
- CACHE_ERROR
- INTRA_SERVICE_COMMUNICATION_ERROR
error_message
string
Textual, human readable error message
property
string
The property name causing the error
details
array[]
An array of errors describing the error in more detail
reference (error)
recursiveerror_code
string
required
Standard error code denoting the error type
- Enum
-
- GENERAL_ERROR
- BAD_REQUEST
- PERMISSION_DENIED
- INVALID_REQUEST_DATA
- REQUIRED_VALUE_MISSING
- VALUE_OUT_OF_BOUNDS
- VALUE_INCORRECT_TYPE
- VALUE_INCORRECT_FORMAT
- VALUE_DUPLICATE
- CONFIGURATION_ERROR
- OUT_OF_RESOURCES
- MAX_LOAD
- TOO_MANY_CONNECTIONS
- DATABASE_ERROR
- CACHE_ERROR
- INTRA_SERVICE_COMMUNICATION_ERROR
error_message
string
Textual, human readable error message
property
string
The property name causing the error
details
array[]
An array of errors describing the error in more detail
reference (error)
recursiveerror_code
string
required
Standard error code denoting the error type
- Enum
-
- GENERAL_ERROR
- BAD_REQUEST
- PERMISSION_DENIED
- INVALID_REQUEST_DATA
- REQUIRED_VALUE_MISSING
- VALUE_OUT_OF_BOUNDS
- VALUE_INCORRECT_TYPE
- VALUE_INCORRECT_FORMAT
- VALUE_DUPLICATE
- CONFIGURATION_ERROR
- OUT_OF_RESOURCES
- MAX_LOAD
- TOO_MANY_CONNECTIONS
- DATABASE_ERROR
- CACHE_ERROR
- INTRA_SERVICE_COMMUNICATION_ERROR
error_message
string
Textual, human readable error message
property
string
The property name causing the error
details
array[]
An array of errors describing the error in more detail
reference (error)
recursiveerror_code
string
required
Standard error code denoting the error type
- Enum
-
- GENERAL_ERROR
- BAD_REQUEST
- PERMISSION_DENIED
- INVALID_REQUEST_DATA
- REQUIRED_VALUE_MISSING
- VALUE_OUT_OF_BOUNDS
- VALUE_INCORRECT_TYPE
- VALUE_INCORRECT_FORMAT
- VALUE_DUPLICATE
- CONFIGURATION_ERROR
- OUT_OF_RESOURCES
- MAX_LOAD
- TOO_MANY_CONNECTIONS
- DATABASE_ERROR
- CACHE_ERROR
- INTRA_SERVICE_COMMUNICATION_ERROR
error_message
string
Textual, human readable error message
property
string
The property name causing the error
details
array[]
An array of errors describing the error in more detail
reference (error)
recursiveerror_code
string
required
Standard error code denoting the error type
- Enum
-
- GENERAL_ERROR
- BAD_REQUEST
- PERMISSION_DENIED
- INVALID_REQUEST_DATA
- REQUIRED_VALUE_MISSING
- VALUE_OUT_OF_BOUNDS
- VALUE_INCORRECT_TYPE
- VALUE_INCORRECT_FORMAT
- VALUE_DUPLICATE
- CONFIGURATION_ERROR
- OUT_OF_RESOURCES
- MAX_LOAD
- TOO_MANY_CONNECTIONS
- DATABASE_ERROR
- CACHE_ERROR
- INTRA_SERVICE_COMMUNICATION_ERROR
error_message
string
Textual, human readable error message
property
string
The property name causing the error
details
array[]
An array of errors describing the error in more detail
reference (error)
recursiveid
string
uuid
The UUID of the returned object
- Example
- "eef4aefc-d64e-4c2c-aba4-4914c86ce059"
created
string
date-time
When the object was created
- Example
- "2017-01-01T15:05:05Z"
updated
string
date-time
When the object was created
- Example
- "2017-01-01T15:05:05Z"
updated_by
string
uuid
ID of the user who updated the object
- Example
- "eef4aefc-d64e-4c2c-aba4-4914c86ce059"
author
string
uuid
ID of the user who originally authored the object
- Example
- "eef4aefc-d64e-4c2c-aba4-4914c86ce059"
enabled
boolean
ttl
int
How often the source data should be refreshed, time in seconds
- Example
- 86400
status_code
string
Source status, OK / NOK / DISABLED
- Enum
-
- OK
- NOK
- DISABLED
- Example
- "OK"
status_text
string
A string indicating source status, free textual format.
- Example
- "Connection established"
name
string
A name describing the source
- Example
- "A pretty source"
comment
string
A comment describing the object
- Example
- "A comment"
tags
array[string]
Array of tag strings
string
username_pattern
array[string]
Array of wildcarded username patters which should be authenticated against this source
string
external_user_mapping
array[object]
Mapping external users to source users via id+username
object
source_id
string
A shared identifier between an external user source and this directory, used to map an external user to this source.
source_search_field
string
Search this field (be that AD/LDAP attribute or a database column) for the user id provided.
session_password_enabled
boolean
child_session_auto_logout_delay
int
Child session auto logout delay in seconds
- Example
- 900
session_password_policy
object (session_password_policy)
Password policy for session password generation
password_min_length
int
Minimum password length, must be large enough to produce at least WEAK passwords and at least 10
- Example
- 16
password_max_length
int
Maximum password length, must be smaller or equal to 99
- Example
- 16
use_special_characters
boolean
- Example
- true
use_lower_case
boolean
- Example
- true
use_upper_case
boolean
- Example
- true
use_numbers
boolean
- Example
- true
password_entropy
int
Password entropy in bits for session passwords generated from this policy
- Example
- 95
password_strength
string
- Enum
-
- VERY_WEAK
- WEAK
- STRONG
- VERY_STRONG
- Example
- "STRONG"
connection
object (connection)
Source connection definition - depending on the type, either aws_iam_source, ad source or ldap_source is defined
type
string
Type of the source, LDAP, AD or AWS IAM
- Enum
-
- LDAP
- AD
- GOOGLEGSUITE
- OIDC
- AWS
- GOOGLECLOUD
- OPENSTACK
- AZURE
- LOCAL
address
string
The address of the LDAP/AD/Local source provider
port
int
The port of the LDAP/AD/Local source provider
service_address_auto_update
boolean
Should the host-service addresses be automatically updated if an address change is detected
iam_access_key_id
string
AWS access key
iam_secret_access_key
string
AWS secret access key
iam_session_token
string
AWS session token
iam_fetch_roles
boolean
Fetch roles from Amazon
iam_fetch_role_path_prefix
string
A prefix for roles to be fetched from Amazon
google_cloud_project_ids
array[string]
Array of Google Cloud project IDs
string
google_cloud_config_json
string
Google Cloud service-account configuration. Base64 encoded JSON blob.
openstack_version
string
The OpenStack version being configured.
- Enum
-
- V2
- V3
openstack_endpoint
string
OpenStack service endpoint url.
openstack_username
string
OpenStack user name for Identity V2 API.
openstack_user_id
string
OpenStack user ID for Identity V3 API, used with Username and DomainID or DomainName
openstack_password
string
OpenStack password for Identity V2 and V3. Either password or API key is used.
openstack_apikey
string
OpenStack API key for Identity V2 and V3. Either password or API key is used.
openstack_domainname
string
OpenStack domain name for Identity V3, used with user name.
openstack_domainid
string
OpenStack domain ID for Identity V3, used with user name.
openstack_token_id
string
OpenStack token ID.
openstack_tenant_ids
array[string]
Array of OpenStack tenant IDs.
string
openstack_tenant_names
array[string]
Array of OpenStack tenant names.
string
azure_base_url
string
Azure connection endpoint url
azure_subscription_id
string
Azure subscription ID
azure_tenant_id
string
Azure tenant ID
azure_client_id
string
Azure client ID
azure_client_secret
string
Azure client secret
ldap_protocol
string
- Enum
-
- LDAP
- LDAPS
- STARTTLS
ldap_base
string
The base LDAP/AD DN of the search string
ldap_user_filter
string
The user filter for the base DN
- Example
- "(&(!(objectclass=computer))(objectclass=user)(!(UserAccountControl:1.2.840.113556.1.4.803:=2))) for Microsoft Active Directory"
ldap_bind_dn
string
The browse account for LDAP/AD connection
- Example
- "CN=Admin,OU=Users,OU=ad,DC=ad,DC=ordain,DC=ssh,DC=com"
ldap_bind_password
string
The browse account password for LDAP/AD connection
- Example
- "FooBar"
ldap_user_dn_pattern
string
Where to capture the user's distinguished name
- Example
- "uid={0},ou=people"
google_gsuite_domain
string
- Example
- "mydomain.com, if left empty fetches all user domains"
google_gsuite_domain_admin_email
string
- Example
- "admin@mydomain.com"
oidc_enabled
boolean
oidc_issuer
string
oidc_button_title
string
oidc_client_id
string
oidc_client_secret
string
oidc_additional_scopes
array[string]
string
oidc_tags_attribute_name
string
attribute_mapping
object (attribute_mapping)
An object containing remote:local mappings for mapping attributes from remote source to local attribute schema.
mfa_type
string
Multifactor-authentication-back-end type
- Enum
-
- DISABLED
- INTERNAL
- RADIUS
- OIDC
- FIDO
- MOBILE
mfa_address
string
Multifactor-authentication-back-end address
mfa_port
int
Multifactor-authentication back-end port
mfa_base_dn
string
Base DN of users who need to authenticate using MFA
domain_controller_fqdn
string
Domain Controller FQDN for Kerberos authentication
domain_controller_port
int
Domain Controller port number for Kerberos authentication
kerberos_ticket
string
Base64 encoded Kerberos ticket for Kerberos authentication
enable_user_authentication
boolean
Is user authentication enabled for this source
enable_machine_authentication
boolean
Is machine user authentication enabled for this source
enabled
boolean
ttl
int
How often the source data should be refreshed, time in seconds
- Example
- 86400
name
string
A name describing the source
- Example
- "A pretty source"
comment
string
A comment describing the object
- Example
- "A comment"
tags
array[string]
Array of tag strings
string
username_pattern
array[string]
Array of wildcarded username patters which should be authenticated against this source
string
external_user_mapping
array[object]
Mapping external users to source users via id+username
object
source_id
string
A shared identifier between an external user source and this directory, used to map an external user to this source.
source_search_field
string
Search this field (be that AD/LDAP attribute or a database column) for the user id provided.
session_password_enabled
boolean
child_session_auto_logout_delay
int
Child session auto logout delay in seconds
- Example
- 900
session_password_policy
object (session_password_policy)
Password policy for session password generation
password_min_length
int
Minimum password length, must be large enough to produce at least WEAK passwords and at least 10
- Example
- 16
password_max_length
int
Maximum password length, must be smaller or equal to 99
- Example
- 16
use_special_characters
boolean
- Example
- true
use_lower_case
boolean
- Example
- true
use_upper_case
boolean
- Example
- true
use_numbers
boolean
- Example
- true
connection
object (connection)
Source connection definition - depending on the type, either aws_iam_source, ad source or ldap_source is defined
type
string
Type of the source, LDAP, AD or AWS IAM
- Enum
-
- LDAP
- AD
- GOOGLEGSUITE
- OIDC
- AWS
- GOOGLECLOUD
- OPENSTACK
- AZURE
- LOCAL
address
string
The address of the LDAP/AD/Local source provider
port
int
The port of the LDAP/AD/Local source provider
service_address_auto_update
boolean
Should the host-service addresses be automatically updated if an address change is detected
iam_access_key_id
string
AWS access key
iam_secret_access_key
string
AWS secret access key
iam_session_token
string
AWS session token
iam_fetch_roles
boolean
Fetch roles from Amazon
iam_fetch_role_path_prefix
string
A prefix for roles to be fetched from Amazon
google_cloud_project_ids
array[string]
Array of Google Cloud project IDs
string
google_cloud_config_json
string
Google Cloud service-account configuration. Base64 encoded JSON blob.
openstack_version
string
The OpenStack version being configured.
- Enum
-
- V2
- V3
openstack_endpoint
string
OpenStack service endpoint url.
openstack_username
string
OpenStack user name for Identity V2 API.
openstack_user_id
string
OpenStack user ID for Identity V3 API, used with Username and DomainID or DomainName
openstack_password
string
OpenStack password for Identity V2 and V3. Either password or API key is used.
openstack_apikey
string
OpenStack API key for Identity V2 and V3. Either password or API key is used.
openstack_domainname
string
OpenStack domain name for Identity V3, used with user name.
openstack_domainid
string
OpenStack domain ID for Identity V3, used with user name.
openstack_token_id
string
OpenStack token ID.
openstack_tenant_ids
array[string]
Array of OpenStack tenant IDs.
string
openstack_tenant_names
array[string]
Array of OpenStack tenant names.
string
azure_base_url
string
Azure connection endpoint url
azure_subscription_id
string
Azure subscription ID
azure_tenant_id
string
Azure tenant ID
azure_client_id
string
Azure client ID
azure_client_secret
string
Azure client secret
ldap_protocol
string
- Enum
-
- LDAP
- LDAPS
- STARTTLS
ldap_base
string
The base LDAP/AD DN of the search string
ldap_user_filter
string
The user filter for the base DN
- Example
- "(&(!(objectclass=computer))(objectclass=user)(!(UserAccountControl:1.2.840.113556.1.4.803:=2))) for Microsoft Active Directory"
ldap_bind_dn
string
The browse account for LDAP/AD connection
- Example
- "CN=Admin,OU=Users,OU=ad,DC=ad,DC=ordain,DC=ssh,DC=com"
ldap_bind_password
string
The browse account password for LDAP/AD connection
- Example
- "FooBar"
ldap_user_dn_pattern
string
Where to capture the user's distinguished name
- Example
- "uid={0},ou=people"
google_gsuite_domain
string
- Example
- "mydomain.com, if left empty fetches all user domains"
google_gsuite_domain_admin_email
string
- Example
- "admin@mydomain.com"
oidc_enabled
boolean
oidc_issuer
string
oidc_button_title
string
oidc_client_id
string
oidc_client_secret
string
oidc_additional_scopes
array[string]
string
oidc_tags_attribute_name
string
attribute_mapping
object (attribute_mapping)
An object containing remote:local mappings for mapping attributes from remote source to local attribute schema.
mfa_type
string
Multifactor-authentication-back-end type
- Enum
-
- DISABLED
- INTERNAL
- RADIUS
- OIDC
- FIDO
mfa_address
string
Multifactor-authentication-back-end address
mfa_port
int
Multifactor-authentication back-end port
mfa_base_dn
string
Base DN of users who need to authenticate using MFA
domain_controller_fqdn
string
Domain Controller FQDN for Kerberos authentication
domain_controller_port
int
Domain Controller port number for Kerberos authentication
kerberos_ticket
string
Base64 encoded Kerberos ticket for Kerberos authentication
enable_user_authentication
boolean
Is user authentication enabled for this source
enable_machine_authentication
boolean
Is machine user authentication enabled for this source
Authorization
string
required
OAuth2 token
- Default
- "Bearer a-proper-token-goes-here"
source_id
string
required
Source ID
OAuth2
Required Scopes:
adminsourcesManageservice Update a source.
All Scopes
-
admin· Admin scope - used for built-in PrivX admin account -
apiClient· API Client scope - used for scripted access -
authorizedKeysManage· Client with authorizedkeys-manage -
hostsProvisioning· Deploy script -
roleTargetResourcesManage· Client with role-target-resources-manage -
roleTargetResourcesView· Client with role-target-resources-view -
rolesManage· Client with roles-manage scope -
rolesView· Client with roles-view scope -
service· Microservice scope - used for communication between PrivX microservices -
sourcesManage· Client with sources-manage scope -
sourcesView· Client with source-view scope -
user· Normal users -
usersManage· Client with users-manage scope -
usersView· Client with users-view scope
- Flow Type:
- authorization_code
- Auth URL:
- https://api.privx.ssh.com/v1/auth/auth
- Token URL:
- https://api.privx.ssh.com/v1/auth/auth
Request
{
"enabled": true,
"ttl": 86400,
"name": "A pretty source",
"comment": "A comment",
"tags": [
"string"
],
"username_pattern": [
"string"
],
"external_user_mapping": [
{
"source_id": "string",
"source_search_field": "string"
}
],
"session_password_enabled": true,
"child_session_auto_logout_delay": 900,
"session_password_policy": {
"password_min_length": 16,
"password_max_length": 16,
"use_special_characters": true,
"use_lower_case": true,
"use_upper_case": true,
"use_numbers": true
},
"connection": {
"type": "LDAP",
"address": "string",
"port": 123,
"service_address_auto_update": true,
"iam_access_key_id": "string",
"iam_secret_access_key": "string",
"iam_session_token": "string",
"iam_fetch_roles": true,
"iam_fetch_role_path_prefix": "string",
"google_cloud_project_ids": [
"string"
],
"google_cloud_config_json": "string",
"openstack_version": "V2",
"openstack_endpoint": "string",
"openstack_username": "string",
"openstack_user_id": "string",
"openstack_password": "string",
"openstack_apikey": "string",
"openstack_domainname": "string",
"openstack_domainid": "string",
"openstack_token_id": "string",
"openstack_tenant_ids": [
"string"
],
"openstack_tenant_names": [
"string"
],
"azure_base_url": "string",
"azure_subscription_id": "string",
"azure_tenant_id": "string",
"azure_client_id": "string",
"azure_client_secret": "string",
"ldap_protocol": "LDAP",
"ldap_base": "string",
"ldap_user_filter": "(&(!(objectclass=computer))(objectclass=user)(!(UserAccountControl:1.2.840.113556.1.4.803:=2))) for Microsoft Active Directory",
"ldap_bind_dn": "CN=Admin,OU=Users,OU=ad,DC=ad,DC=ordain,DC=ssh,DC=com",
"ldap_bind_password": "FooBar",
"ldap_user_dn_pattern": "uid={0},ou=people",
"google_gsuite_domain": "mydomain.com, if left empty fetches all user domains",
"google_gsuite_domain_admin_email": "admin@mydomain.com",
"oidc_enabled": true,
"oidc_issuer": "string",
"oidc_button_title": "string",
"oidc_client_id": "string",
"oidc_client_secret": "string",
"oidc_additional_scopes": [
"string"
],
"oidc_tags_attribute_name": "string",
"attribute_mapping": {},
"mfa_type": "DISABLED",
"mfa_address": "string",
"mfa_port": 123,
"mfa_base_dn": "string",
"domain_controller_fqdn": "string",
"domain_controller_port": 123,
"kerberos_ticket": "string",
"enable_user_authentication": true,
"enable_machine_authentication": true
}
}Response
Source successfully updated
Empty response
Empty response
Empty response
Empty response
Empty response
Empty response
Empty response
Empty response
Empty response
Empty response
No schema
Bad request
{
"error_code": "GENERAL_ERROR",
"error_message": "string",
"property": "string",
"details": [
null
]
}Unauthorized request, OAuth2 authorization missing or invalid
{
"error_code": "GENERAL_ERROR",
"error_message": "string",
"property": "string",
"details": [
null
]
}Unauthorized request, OAuth2 authorization OK but scope insufficient
{
"error_code": "GENERAL_ERROR",
"error_message": "string",
"property": "string",
"details": [
null
]
}Resource not found
{
"error_code": "GENERAL_ERROR",
"error_message": "string",
"property": "string",
"details": [
null
]
}Internal server error
{
"error_code": "GENERAL_ERROR",
"error_message": "string",
"property": "string",
"details": [
null
]
}error_code
string
required
Standard error code denoting the error type
- Enum
-
- GENERAL_ERROR
- BAD_REQUEST
- PERMISSION_DENIED
- INVALID_REQUEST_DATA
- REQUIRED_VALUE_MISSING
- VALUE_OUT_OF_BOUNDS
- VALUE_INCORRECT_TYPE
- VALUE_INCORRECT_FORMAT
- VALUE_DUPLICATE
- CONFIGURATION_ERROR
- OUT_OF_RESOURCES
- MAX_LOAD
- TOO_MANY_CONNECTIONS
- DATABASE_ERROR
- CACHE_ERROR
- INTRA_SERVICE_COMMUNICATION_ERROR
error_message
string
Textual, human readable error message
property
string
The property name causing the error
details
array[]
An array of errors describing the error in more detail
reference (error)
recursiveerror_code
string
required
Standard error code denoting the error type
- Enum
-
- GENERAL_ERROR
- BAD_REQUEST
- PERMISSION_DENIED
- INVALID_REQUEST_DATA
- REQUIRED_VALUE_MISSING
- VALUE_OUT_OF_BOUNDS
- VALUE_INCORRECT_TYPE
- VALUE_INCORRECT_FORMAT
- VALUE_DUPLICATE
- CONFIGURATION_ERROR
- OUT_OF_RESOURCES
- MAX_LOAD
- TOO_MANY_CONNECTIONS
- DATABASE_ERROR
- CACHE_ERROR
- INTRA_SERVICE_COMMUNICATION_ERROR
error_message
string
Textual, human readable error message
property
string
The property name causing the error
details
array[]
An array of errors describing the error in more detail
reference (error)
recursiveerror_code
string
required
Standard error code denoting the error type
- Enum
-
- GENERAL_ERROR
- BAD_REQUEST
- PERMISSION_DENIED
- INVALID_REQUEST_DATA
- REQUIRED_VALUE_MISSING
- VALUE_OUT_OF_BOUNDS
- VALUE_INCORRECT_TYPE
- VALUE_INCORRECT_FORMAT
- VALUE_DUPLICATE
- CONFIGURATION_ERROR
- OUT_OF_RESOURCES
- MAX_LOAD
- TOO_MANY_CONNECTIONS
- DATABASE_ERROR
- CACHE_ERROR
- INTRA_SERVICE_COMMUNICATION_ERROR
error_message
string
Textual, human readable error message
property
string
The property name causing the error
details
array[]
An array of errors describing the error in more detail
reference (error)
recursiveerror_code
string
required
Standard error code denoting the error type
- Enum
-
- GENERAL_ERROR
- BAD_REQUEST
- PERMISSION_DENIED
- INVALID_REQUEST_DATA
- REQUIRED_VALUE_MISSING
- VALUE_OUT_OF_BOUNDS
- VALUE_INCORRECT_TYPE
- VALUE_INCORRECT_FORMAT
- VALUE_DUPLICATE
- CONFIGURATION_ERROR
- OUT_OF_RESOURCES
- MAX_LOAD
- TOO_MANY_CONNECTIONS
- DATABASE_ERROR
- CACHE_ERROR
- INTRA_SERVICE_COMMUNICATION_ERROR
error_message
string
Textual, human readable error message
property
string
The property name causing the error
details
array[]
An array of errors describing the error in more detail
reference (error)
recursiveerror_code
string
required
Standard error code denoting the error type
- Enum
-
- GENERAL_ERROR
- BAD_REQUEST
- PERMISSION_DENIED
- INVALID_REQUEST_DATA
- REQUIRED_VALUE_MISSING
- VALUE_OUT_OF_BOUNDS
- VALUE_INCORRECT_TYPE
- VALUE_INCORRECT_FORMAT
- VALUE_DUPLICATE
- CONFIGURATION_ERROR
- OUT_OF_RESOURCES
- MAX_LOAD
- TOO_MANY_CONNECTIONS
- DATABASE_ERROR
- CACHE_ERROR
- INTRA_SERVICE_COMMUNICATION_ERROR
error_message
string
Textual, human readable error message
property
string
The property name causing the error
details
array[]
An array of errors describing the error in more detail
reference (error)
recursivesource_id
string
required
Source id
Authorization
string
required
OAuth2 token
- Default
- "Bearer a-proper-token-goes-here"
OAuth2
Required Scopes:
adminservice Delete source by ID.
All Scopes
-
admin· Admin scope - used for built-in PrivX admin account -
apiClient· API Client scope - used for scripted access -
authorizedKeysManage· Client with authorizedkeys-manage -
hostsProvisioning· Deploy script -
roleTargetResourcesManage· Client with role-target-resources-manage -
roleTargetResourcesView· Client with role-target-resources-view -
rolesManage· Client with roles-manage scope -
rolesView· Client with roles-view scope -
service· Microservice scope - used for communication between PrivX microservices -
sourcesManage· Client with sources-manage scope -
sourcesView· Client with source-view scope -
user· Normal users -
usersManage· Client with users-manage scope -
usersView· Client with users-view scope
- Flow Type:
- authorization_code
- Auth URL:
- https://api.privx.ssh.com/v1/auth/auth
- Token URL:
- https://api.privx.ssh.com/v1/auth/auth
Response
Source Successfully deleted
Empty response
Empty response
Empty response
Empty response
Empty response
Empty response
Empty response
Empty response
Empty response
Empty response
No schema
Bad request
{
"error_code": "GENERAL_ERROR",
"error_message": "string",
"property": "string",
"details": [
null
]
}Unauthorized request, OAuth2 authorization missing or invalid
{
"error_code": "GENERAL_ERROR",
"error_message": "string",
"property": "string",
"details": [
null
]
}Unauthorized request, OAuth2 authorization OK but scope insufficient
{
"error_code": "GENERAL_ERROR",
"error_message": "string",
"property": "string",
"details": [
null
]
}Resource not found
{
"error_code": "GENERAL_ERROR",
"error_message": "string",
"property": "string",
"details": [
null
]
}Internal server error
{
"error_code": "GENERAL_ERROR",
"error_message": "string",
"property": "string",
"details": [
null
]
}error_code
string
required
Standard error code denoting the error type
- Enum
-
- GENERAL_ERROR
- BAD_REQUEST
- PERMISSION_DENIED
- INVALID_REQUEST_DATA
- REQUIRED_VALUE_MISSING
- VALUE_OUT_OF_BOUNDS
- VALUE_INCORRECT_TYPE
- VALUE_INCORRECT_FORMAT
- VALUE_DUPLICATE
- CONFIGURATION_ERROR
- OUT_OF_RESOURCES
- MAX_LOAD
- TOO_MANY_CONNECTIONS
- DATABASE_ERROR
- CACHE_ERROR
- INTRA_SERVICE_COMMUNICATION_ERROR
error_message
string
Textual, human readable error message
property
string
The property name causing the error
details
array[]
An array of errors describing the error in more detail
reference (error)
recursiveerror_code
string
required
Standard error code denoting the error type
- Enum
-
- GENERAL_ERROR
- BAD_REQUEST
- PERMISSION_DENIED
- INVALID_REQUEST_DATA
- REQUIRED_VALUE_MISSING
- VALUE_OUT_OF_BOUNDS
- VALUE_INCORRECT_TYPE
- VALUE_INCORRECT_FORMAT
- VALUE_DUPLICATE
- CONFIGURATION_ERROR
- OUT_OF_RESOURCES
- MAX_LOAD
- TOO_MANY_CONNECTIONS
- DATABASE_ERROR
- CACHE_ERROR
- INTRA_SERVICE_COMMUNICATION_ERROR
error_message
string
Textual, human readable error message
property
string
The property name causing the error
details
array[]
An array of errors describing the error in more detail
reference (error)
recursiveerror_code
string
required
Standard error code denoting the error type
- Enum
-
- GENERAL_ERROR
- BAD_REQUEST
- PERMISSION_DENIED
- INVALID_REQUEST_DATA
- REQUIRED_VALUE_MISSING
- VALUE_OUT_OF_BOUNDS
- VALUE_INCORRECT_TYPE
- VALUE_INCORRECT_FORMAT
- VALUE_DUPLICATE
- CONFIGURATION_ERROR
- OUT_OF_RESOURCES
- MAX_LOAD
- TOO_MANY_CONNECTIONS
- DATABASE_ERROR
- CACHE_ERROR
- INTRA_SERVICE_COMMUNICATION_ERROR
error_message
string
Textual, human readable error message
property
string
The property name causing the error
details
array[]
An array of errors describing the error in more detail
reference (error)
recursiveerror_code
string
required
Standard error code denoting the error type
- Enum
-
- GENERAL_ERROR
- BAD_REQUEST
- PERMISSION_DENIED
- INVALID_REQUEST_DATA
- REQUIRED_VALUE_MISSING
- VALUE_OUT_OF_BOUNDS
- VALUE_INCORRECT_TYPE
- VALUE_INCORRECT_FORMAT
- VALUE_DUPLICATE
- CONFIGURATION_ERROR
- OUT_OF_RESOURCES
- MAX_LOAD
- TOO_MANY_CONNECTIONS
- DATABASE_ERROR
- CACHE_ERROR
- INTRA_SERVICE_COMMUNICATION_ERROR
error_message
string
Textual, human readable error message
property
string
The property name causing the error
details
array[]
An array of errors describing the error in more detail
reference (error)
recursiveerror_code
string
required
Standard error code denoting the error type
- Enum
-
- GENERAL_ERROR
- BAD_REQUEST
- PERMISSION_DENIED
- INVALID_REQUEST_DATA
- REQUIRED_VALUE_MISSING
- VALUE_OUT_OF_BOUNDS
- VALUE_INCORRECT_TYPE
- VALUE_INCORRECT_FORMAT
- VALUE_DUPLICATE
- CONFIGURATION_ERROR
- OUT_OF_RESOURCES
- MAX_LOAD
- TOO_MANY_CONNECTIONS
- DATABASE_ERROR
- CACHE_ERROR
- INTRA_SERVICE_COMMUNICATION_ERROR
error_message
string
Textual, human readable error message
property
string
The property name causing the error
details
array[]
An array of errors describing the error in more detail
reference (error)
recursiveFetch hosts from local host directory, or users from any user directory.
array[string]
- Content Type
- application/list
string
uuid
Authorization
string
required
OAuth2 token
- Default
- "Bearer a-proper-token-goes-here"
OAuth2
Required Scopes:
adminsourcesManageservice Fetch hosts from local host directory, or users from any user directory.
All Scopes
-
admin· Admin scope - used for built-in PrivX admin account -
apiClient· API Client scope - used for scripted access -
authorizedKeysManage· Client with authorizedkeys-manage -
hostsProvisioning· Deploy script -
roleTargetResourcesManage· Client with role-target-resources-manage -
roleTargetResourcesView· Client with role-target-resources-view -
rolesManage· Client with roles-manage scope -
rolesView· Client with roles-view scope -
service· Microservice scope - used for communication between PrivX microservices -
sourcesManage· Client with sources-manage scope -
sourcesView· Client with source-view scope -
user· Normal users -
usersManage· Client with users-manage scope -
usersView· Client with users-view scope
- Flow Type:
- authorization_code
- Auth URL:
- https://api.privx.ssh.com/v1/auth/auth
- Token URL:
- https://api.privx.ssh.com/v1/auth/auth
Response
Successful response, refresh started for listed directories.
{
"id": "eef4aefc-d64e-4c2c-aba4-4914c86ce059",
"created": "2017-01-01T15:05:05Z",
"updated": "2017-01-01T15:05:05Z",
"updated_by": "eef4aefc-d64e-4c2c-aba4-4914c86ce059",
"author": "eef4aefc-d64e-4c2c-aba4-4914c86ce059",
"enabled": true,
"ttl": 86400,
"status_code": "OK",
"status_text": "Connection established",
"name": "A pretty source",
"comment": "A comment",
"tags": [
"string"
],
"username_pattern": [
"string"
],
"external_user_mapping": [
{
"source_id": "string",
"source_search_field": "string"
}
],
"session_password_enabled": true,
"child_session_auto_logout_delay": 900,
"session_password_policy": {
"password_min_length": 16,
"password_max_length": 16,
"use_special_characters": true,
"use_lower_case": true,
"use_upper_case": true,
"use_numbers": true,
"password_entropy": 95,
"password_strength": "STRONG"
},
"connection": {
"type": "LDAP",
"address": "string",
"port": 123,
"service_address_auto_update": true,
"iam_access_key_id": "string",
"iam_secret_access_key": "string",
"iam_session_token": "string",
"iam_fetch_roles": true,
"iam_fetch_role_path_prefix": "string",
"google_cloud_project_ids": [
"string"
],
"google_cloud_config_json": "string",
"openstack_version": "V2",
"openstack_endpoint": "string",
"openstack_username": "string",
"openstack_user_id": "string",
"openstack_password": "string",
"openstack_apikey": "string",
"openstack_domainname": "string",
"openstack_domainid": "string",
"openstack_token_id": "string",
"openstack_tenant_ids": [
"string"
],
"openstack_tenant_names": [
"string"
],
"azure_base_url": "string",
"azure_subscription_id": "string",
"azure_tenant_id": "string",
"azure_client_id": "string",
"azure_client_secret": "string",
"ldap_protocol": "LDAP",
"ldap_base": "string",
"ldap_user_filter": "(&(!(objectclass=computer))(objectclass=user)(!(UserAccountControl:1.2.840.113556.1.4.803:=2))) for Microsoft Active Directory",
"ldap_bind_dn": "CN=Admin,OU=Users,OU=ad,DC=ad,DC=ordain,DC=ssh,DC=com",
"ldap_bind_password": "FooBar",
"ldap_user_dn_pattern": "uid={0},ou=people",
"google_gsuite_domain": "mydomain.com, if left empty fetches all user domains",
"google_gsuite_domain_admin_email": "admin@mydomain.com",
"oidc_enabled": true,
"oidc_issuer": "string",
"oidc_button_title": "string",
"oidc_client_id": "string",
"oidc_client_secret": "string",
"oidc_additional_scopes": [
"string"
],
"oidc_tags_attribute_name": "string",
"attribute_mapping": {},
"mfa_type": "DISABLED",
"mfa_address": "string",
"mfa_port": 123,
"mfa_base_dn": "string",
"domain_controller_fqdn": "string",
"domain_controller_port": 123,
"kerberos_ticket": "string",
"enable_user_authentication": true,
"enable_machine_authentication": true
}
}Empty response
Empty response
Empty response
Empty response
Empty response
Empty response
Empty response
Empty response
Empty response
Bad request
{
"error_code": "GENERAL_ERROR",
"error_message": "string",
"property": "string",
"details": [
null
]
}Unauthorized request, OAuth2 authorization missing or invalid
{
"error_code": "GENERAL_ERROR",
"error_message": "string",
"property": "string",
"details": [
null
]
}Unauthorized request, OAuth2 authorization OK but scope insufficient
{
"error_code": "GENERAL_ERROR",
"error_message": "string",
"property": "string",
"details": [
null
]
}Resource not found
{
"error_code": "GENERAL_ERROR",
"error_message": "string",
"property": "string",
"details": [
null
]
}Internal server error
{
"error_code": "GENERAL_ERROR",
"error_message": "string",
"property": "string",
"details": [
null
]
}error_code
string
required
Standard error code denoting the error type
- Enum
-
- GENERAL_ERROR
- BAD_REQUEST
- PERMISSION_DENIED
- INVALID_REQUEST_DATA
- REQUIRED_VALUE_MISSING
- VALUE_OUT_OF_BOUNDS
- VALUE_INCORRECT_TYPE
- VALUE_INCORRECT_FORMAT
- VALUE_DUPLICATE
- CONFIGURATION_ERROR
- OUT_OF_RESOURCES
- MAX_LOAD
- TOO_MANY_CONNECTIONS
- DATABASE_ERROR
- CACHE_ERROR
- INTRA_SERVICE_COMMUNICATION_ERROR
error_message
string
Textual, human readable error message
property
string
The property name causing the error
details
array[]
An array of errors describing the error in more detail
reference (error)
recursiveerror_code
string
required
Standard error code denoting the error type
- Enum
-
- GENERAL_ERROR
- BAD_REQUEST
- PERMISSION_DENIED
- INVALID_REQUEST_DATA
- REQUIRED_VALUE_MISSING
- VALUE_OUT_OF_BOUNDS
- VALUE_INCORRECT_TYPE
- VALUE_INCORRECT_FORMAT
- VALUE_DUPLICATE
- CONFIGURATION_ERROR
- OUT_OF_RESOURCES
- MAX_LOAD
- TOO_MANY_CONNECTIONS
- DATABASE_ERROR
- CACHE_ERROR
- INTRA_SERVICE_COMMUNICATION_ERROR
error_message
string
Textual, human readable error message
property
string
The property name causing the error
details
array[]
An array of errors describing the error in more detail
reference (error)
recursiveerror_code
string
required
Standard error code denoting the error type
- Enum
-
- GENERAL_ERROR
- BAD_REQUEST
- PERMISSION_DENIED
- INVALID_REQUEST_DATA
- REQUIRED_VALUE_MISSING
- VALUE_OUT_OF_BOUNDS
- VALUE_INCORRECT_TYPE
- VALUE_INCORRECT_FORMAT
- VALUE_DUPLICATE
- CONFIGURATION_ERROR
- OUT_OF_RESOURCES
- MAX_LOAD
- TOO_MANY_CONNECTIONS
- DATABASE_ERROR
- CACHE_ERROR
- INTRA_SERVICE_COMMUNICATION_ERROR
error_message
string
Textual, human readable error message
property
string
The property name causing the error
details
array[]
An array of errors describing the error in more detail
reference (error)
recursiveerror_code
string
required
Standard error code denoting the error type
- Enum
-
- GENERAL_ERROR
- BAD_REQUEST
- PERMISSION_DENIED
- INVALID_REQUEST_DATA
- REQUIRED_VALUE_MISSING
- VALUE_OUT_OF_BOUNDS
- VALUE_INCORRECT_TYPE
- VALUE_INCORRECT_FORMAT
- VALUE_DUPLICATE
- CONFIGURATION_ERROR
- OUT_OF_RESOURCES
- MAX_LOAD
- TOO_MANY_CONNECTIONS
- DATABASE_ERROR
- CACHE_ERROR
- INTRA_SERVICE_COMMUNICATION_ERROR
error_message
string
Textual, human readable error message
property
string
The property name causing the error
details
array[]
An array of errors describing the error in more detail
reference (error)
recursiveerror_code
string
required
Standard error code denoting the error type
- Enum
-
- GENERAL_ERROR
- BAD_REQUEST
- PERMISSION_DENIED
- INVALID_REQUEST_DATA
- REQUIRED_VALUE_MISSING
- VALUE_OUT_OF_BOUNDS
- VALUE_INCORRECT_TYPE
- VALUE_INCORRECT_FORMAT
- VALUE_DUPLICATE
- CONFIGURATION_ERROR
- OUT_OF_RESOURCES
- MAX_LOAD
- TOO_MANY_CONNECTIONS
- DATABASE_ERROR
- CACHE_ERROR
- INTRA_SERVICE_COMMUNICATION_ERROR
error_message
string
Textual, human readable error message
property
string
The property name causing the error
details
array[]
An array of errors describing the error in more detail
reference (error)
recursiveid
string
uuid
The UUID of the returned object
- Example
- "eef4aefc-d64e-4c2c-aba4-4914c86ce059"
created
string
date-time
When the object was created
- Example
- "2017-01-01T15:05:05Z"
updated
string
date-time
When the object was created
- Example
- "2017-01-01T15:05:05Z"
updated_by
string
uuid
ID of the user who updated the object
- Example
- "eef4aefc-d64e-4c2c-aba4-4914c86ce059"
author
string
uuid
ID of the user who originally authored the object
- Example
- "eef4aefc-d64e-4c2c-aba4-4914c86ce059"
enabled
boolean
ttl
int
How often the source data should be refreshed, time in seconds
- Example
- 86400
status_code
string
Source status, OK / NOK / DISABLED
- Enum
-
- OK
- NOK
- DISABLED
- Example
- "OK"
status_text
string
A string indicating source status, free textual format.
- Example
- "Connection established"
name
string
A name describing the source
- Example
- "A pretty source"
comment
string
A comment describing the object
- Example
- "A comment"
tags
array[string]
Array of tag strings
string
username_pattern
array[string]
Array of wildcarded username patters which should be authenticated against this source
string
external_user_mapping
array[object]
Mapping external users to source users via id+username
object
source_id
string
A shared identifier between an external user source and this directory, used to map an external user to this source.
source_search_field
string
Search this field (be that AD/LDAP attribute or a database column) for the user id provided.
session_password_enabled
boolean
child_session_auto_logout_delay
int
Child session auto logout delay in seconds
- Example
- 900
session_password_policy
object (session_password_policy)
Password policy for session password generation
password_min_length
int
Minimum password length, must be large enough to produce at least WEAK passwords and at least 10
- Example
- 16
password_max_length
int
Maximum password length, must be smaller or equal to 99
- Example
- 16
use_special_characters
boolean
- Example
- true
use_lower_case
boolean
- Example
- true
use_upper_case
boolean
- Example
- true
use_numbers
boolean
- Example
- true
password_entropy
int
Password entropy in bits for session passwords generated from this policy
- Example
- 95
password_strength
string
- Enum
-
- VERY_WEAK
- WEAK
- STRONG
- VERY_STRONG
- Example
- "STRONG"
connection
object (connection)
Source connection definition - depending on the type, either aws_iam_source, ad source or ldap_source is defined
type
string
Type of the source, LDAP, AD or AWS IAM
- Enum
-
- LDAP
- AD
- GOOGLEGSUITE
- OIDC
- AWS
- GOOGLECLOUD
- OPENSTACK
- AZURE
- LOCAL
address
string
The address of the LDAP/AD/Local source provider
port
int
The port of the LDAP/AD/Local source provider
service_address_auto_update
boolean
Should the host-service addresses be automatically updated if an address change is detected
iam_access_key_id
string
AWS access key
iam_secret_access_key
string
AWS secret access key
iam_session_token
string
AWS session token
iam_fetch_roles
boolean
Fetch roles from Amazon
iam_fetch_role_path_prefix
string
A prefix for roles to be fetched from Amazon
google_cloud_project_ids
array[string]
Array of Google Cloud project IDs
string
google_cloud_config_json
string
Google Cloud service-account configuration. Base64 encoded JSON blob.
openstack_version
string
The OpenStack version being configured.
- Enum
-
- V2
- V3
openstack_endpoint
string
OpenStack service endpoint url.
openstack_username
string
OpenStack user name for Identity V2 API.
openstack_user_id
string
OpenStack user ID for Identity V3 API, used with Username and DomainID or DomainName
openstack_password
string
OpenStack password for Identity V2 and V3. Either password or API key is used.
openstack_apikey
string
OpenStack API key for Identity V2 and V3. Either password or API key is used.
openstack_domainname
string
OpenStack domain name for Identity V3, used with user name.
openstack_domainid
string
OpenStack domain ID for Identity V3, used with user name.
openstack_token_id
string
OpenStack token ID.
openstack_tenant_ids
array[string]
Array of OpenStack tenant IDs.
string
openstack_tenant_names
array[string]
Array of OpenStack tenant names.
string
azure_base_url
string
Azure connection endpoint url
azure_subscription_id
string
Azure subscription ID
azure_tenant_id
string
Azure tenant ID
azure_client_id
string
Azure client ID
azure_client_secret
string
Azure client secret
ldap_protocol
string
- Enum
-
- LDAP
- LDAPS
- STARTTLS
ldap_base
string
The base LDAP/AD DN of the search string
ldap_user_filter
string
The user filter for the base DN
- Example
- "(&(!(objectclass=computer))(objectclass=user)(!(UserAccountControl:1.2.840.113556.1.4.803:=2))) for Microsoft Active Directory"
ldap_bind_dn
string
The browse account for LDAP/AD connection
- Example
- "CN=Admin,OU=Users,OU=ad,DC=ad,DC=ordain,DC=ssh,DC=com"
ldap_bind_password
string
The browse account password for LDAP/AD connection
- Example
- "FooBar"
ldap_user_dn_pattern
string
Where to capture the user's distinguished name
- Example
- "uid={0},ou=people"
google_gsuite_domain
string
- Example
- "mydomain.com, if left empty fetches all user domains"
google_gsuite_domain_admin_email
string
- Example
- "admin@mydomain.com"
oidc_enabled
boolean
oidc_issuer
string
oidc_button_title
string
oidc_client_id
string
oidc_client_secret
string
oidc_additional_scopes
array[string]
string
oidc_tags_attribute_name
string
attribute_mapping
object (attribute_mapping)
An object containing remote:local mappings for mapping attributes from remote source to local attribute schema.
mfa_type
string
Multifactor-authentication-back-end type
- Enum
-
- DISABLED
- INTERNAL
- RADIUS
- OIDC
- FIDO
- MOBILE
mfa_address
string
Multifactor-authentication-back-end address
mfa_port
int
Multifactor-authentication back-end port
mfa_base_dn
string
Base DN of users who need to authenticate using MFA
domain_controller_fqdn
string
Domain Controller FQDN for Kerberos authentication
domain_controller_port
int
Domain Controller port number for Kerberos authentication
kerberos_ticket
string
Base64 encoded Kerberos ticket for Kerberos authentication
enable_user_authentication
boolean
Is user authentication enabled for this source
enable_machine_authentication
boolean
Is machine user authentication enabled for this source
Was this page helpful?