Version: v41

sources

countinteger

items object[]

Array [

idstring<uuid>

The UUID of the returned object

Example: eef4aefc-d64e-4c2c-aba4-4914c86ce059

createdstring<date-time>

When the object was created

Example: 2017-01-01T15:05:05Z

updatedstring<date-time>

When the object was created

Example: 2017-01-01T15:05:05Z

updated_bystring<uuid>

ID of the user who updated the object

Example: eef4aefc-d64e-4c2c-aba4-4914c86ce059

authorstring<uuid>

ID of the user who originally authored the object

Example: eef4aefc-d64e-4c2c-aba4-4914c86ce059

enabledboolean

ttlinteger

How often the source data should be refreshed, time in seconds

Example: 86400

status_codestring

Source status, OK / NOK / DISABLED

Possible values: [OK, NOK, DISABLED]

Example: OK

status_textstring

A string indicating source status, free textual format.

Example: Connection established

namestring

A name describing the source

Example: A pretty source

commentstring

A comment describing the object

Example: A comment

tagsstring[]

Array of tag strings

username_patternstring[]

Array of wildcarded username patters which should be authenticated against this source

external_user_mapping object[]

Mapping external users to source users via id+username

Array [

source_idstring

A shared identifier between an external user source and this directory, used to map an external user to this source.

source_search_fieldstring

Search this field (be that AD/LDAP attribute or a database column) for the user id provided.

]

session_password_enabledboolean

child_session_auto_logout_delayinteger

Child session auto logout delay in seconds

Example: 900

session_password_policy object

Password policy for session password generation

password_min_lengthinteger

Minimum password length, must be large enough to produce at least WEAK passwords and at least 10

Example: 16

password_max_lengthinteger

Maximum password length, must be smaller or equal to 99

Example: 16

use_special_charactersboolean

Example: true

use_lower_caseboolean

Example: true

use_upper_caseboolean

Example: true

use_numbersboolean

Example: true

password_entropyinteger

Password entropy in bits for session passwords generated from this policy

Example: 95

password_strengthstring

Possible values: [VERY_WEAK, WEAK, STRONG, VERY_STRONG]

Example: STRONG

connection object

Source connection definition - depending on the type, either aws_iam_source, ad source or ldap_source is defined

typestring

Type of the source, LDAP, AD or AWS IAM

Possible values: [LDAP, AD, GOOGLEGSUITE, OIDC, AWS, GOOGLECLOUD, OPENSTACK, AZURE, LOCAL]

addressstring

The address of the LDAP/AD/Local source provider

portinteger

The port of the LDAP/AD/Local source provider

service_address_auto_updateboolean

Should the host-service addresses be automatically updated if an address change is detected

iam_access_key_idstring

AWS access key

iam_secret_access_keystring

AWS secret access key

iam_session_tokenstring

AWS session token

iam_fetch_rolesboolean

Fetch roles from Amazon

iam_fetch_role_path_prefixstring

A prefix for roles to be fetched from Amazon

google_cloud_project_idsstring[]

Array of Google Cloud project IDs

google_cloud_config_jsonstring

Google Cloud service-account configuration. Base64 encoded JSON blob.

openstack_versionstring

The OpenStack version being configured.

Possible values: [V2, V3]

openstack_endpointstring

OpenStack service endpoint url.

openstack_usernamestring

OpenStack user name for Identity V2 API.

openstack_user_idstring

OpenStack user ID for Identity V3 API, used with Username and DomainID or DomainName

openstack_passwordstring

OpenStack password for Identity V2 and V3. Either password or API key is used.

openstack_apikeystring

OpenStack API key for Identity V2 and V3. Either password or API key is used.

openstack_domainnamestring

OpenStack domain name for Identity V3, used with user name.

openstack_domainidstring

OpenStack domain ID for Identity V3, used with user name.

openstack_token_idstring

OpenStack token ID.

openstack_tenant_idsstring[]

Array of OpenStack tenant IDs.

openstack_tenant_namesstring[]

Array of OpenStack tenant names.

azure_base_urlstring

Azure connection endpoint url

azure_subscription_idstring

Azure subscription ID

azure_tenant_idstring

Azure tenant ID

azure_client_idstring

Azure client ID

azure_client_secretstring

Azure client secret

ldap_protocolstring

Possible values: [LDAP, LDAPS, STARTTLS]

ldap_basestring

The base LDAP/AD DN of the search string

ldap_user_filterstring

The user filter for the base DN

Example:

(&(!(objectclass=computer))(objectclass=user)(!(UserAccountControl:1.2.840.113556.1.4.803:=2))) for Microsoft Active Directory

ldap_bind_dnstring

The browse account for LDAP/AD connection

Example: CN=Admin,OU=Users,OU=ad,DC=ad,DC=ordain,DC=ssh,DC=com

ldap_bind_passwordstring

The browse account password for LDAP/AD connection

Example: FooBar

ldap_user_dn_patternstring

Where to capture the user's distinguished name

Example: uid={0},ou=people

google_gsuite_domainstring

Example: mydomain.com, if left empty fetches all user domains

google_gsuite_domain_admin_emailstring

Example: admin@mydomain.com

oidc_enabledboolean

oidc_issuerstring

oidc_button_titlestring

oidc_client_idstring

oidc_client_secretstring

oidc_additional_scopesstring[]

oidc_tags_attribute_namestring

attribute_mappingobject

An object containing remote:local mappings for mapping attributes from remote source to local attribute schema.

mfa_typestring

Multifactor-authentication-back-end type

Possible values: [DISABLED, INTERNAL, RADIUS, OIDC, FIDO, MOBILE]

mfa_addressstring

Multifactor-authentication-back-end address

mfa_portinteger

Multifactor-authentication back-end port

mfa_base_dnstring

Base DN of users who need to authenticate using MFA

domain_controller_fqdnstring

Domain Controller FQDN for Kerberos authentication

domain_controller_portinteger

Domain Controller port number for Kerberos authentication

kerberos_ticketstring

Base64 encoded Kerberos ticket for Kerberos authentication

enable_user_authenticationboolean

Is user authentication enabled for this source

enable_machine_authenticationboolean

Is machine user authentication enabled for this source

]

sources
{
  "count": 0,
  "items": [
    {
      "id": "eef4aefc-d64e-4c2c-aba4-4914c86ce059",
      "created": "2017-01-01T15:05:05Z",
      "updated": "2017-01-01T15:05:05Z",
      "updated_by": "eef4aefc-d64e-4c2c-aba4-4914c86ce059",
      "author": "eef4aefc-d64e-4c2c-aba4-4914c86ce059",
      "enabled": true,
      "ttl": 86400,
      "status_code": "OK",
      "status_text": "Connection established",
      "name": "A pretty source",
      "comment": "A comment",
      "tags": [
        "string"
      ],
      "username_pattern": [
        "string"
      ],
      "external_user_mapping": [
        {
          "source_id": "string",
          "source_search_field": "string"
        }
      ],
      "session_password_enabled": true,
      "child_session_auto_logout_delay": 900,
      "session_password_policy": {
        "password_min_length": 16,
        "password_max_length": 16,
        "use_special_characters": true,
        "use_lower_case": true,
        "use_upper_case": true,
        "use_numbers": true,
        "password_entropy": 95,
        "password_strength": "STRONG"
      },
      "connection": {
        "type": "LDAP",
        "address": "string",
        "port": 0,
        "service_address_auto_update": true,
        "iam_access_key_id": "string",
        "iam_secret_access_key": "string",
        "iam_session_token": "string",
        "iam_fetch_roles": true,
        "iam_fetch_role_path_prefix": "string",
        "google_cloud_project_ids": [
          "string"
        ],
        "google_cloud_config_json": "string",
        "openstack_version": "V2",
        "openstack_endpoint": "string",
        "openstack_username": "string",
        "openstack_user_id": "string",
        "openstack_password": "string",
        "openstack_apikey": "string",
        "openstack_domainname": "string",
        "openstack_domainid": "string",
        "openstack_token_id": "string",
        "openstack_tenant_ids": [
          "string"
        ],
        "openstack_tenant_names": [
          "string"
        ],
        "azure_base_url": "string",
        "azure_subscription_id": "string",
        "azure_tenant_id": "string",
        "azure_client_id": "string",
        "azure_client_secret": "string",
        "ldap_protocol": "LDAP",
        "ldap_base": "string",
        "ldap_user_filter": "(&(!(objectclass=computer))(objectclass=user)(!(UserAccountControl:1.2.840.113556.1.4.803:=2))) for Microsoft Active Directory",
        "ldap_bind_dn": "CN=Admin,OU=Users,OU=ad,DC=ad,DC=ordain,DC=ssh,DC=com",
        "ldap_bind_password": "FooBar",
        "ldap_user_dn_pattern": "uid={0},ou=people",
        "google_gsuite_domain": "mydomain.com, if left empty fetches all user domains",
        "google_gsuite_domain_admin_email": "admin@mydomain.com",
        "oidc_enabled": true,
        "oidc_issuer": "string",
        "oidc_button_title": "string",
        "oidc_client_id": "string",
        "oidc_client_secret": "string",
        "oidc_additional_scopes": [
          "string"
        ],
        "oidc_tags_attribute_name": "string",
        "attribute_mapping": {},
        "mfa_type": "DISABLED",
        "mfa_address": "string",
        "mfa_port": 0,
        "mfa_base_dn": "string",
        "domain_controller_fqdn": "string",
        "domain_controller_port": 0,
        "kerberos_ticket": "string",
        "enable_user_authentication": true,
        "enable_machine_authentication": true
      }
    }
  ]
}