The following objects are directly related to the authentication
API.
The authentication object has the following properties.
Property | Type | Description |
---|---|---|
authentication_type | integer | Default authentication. Possible values: 0 - (default) Internal; 1 - LDAP. |
http_auth_enabled | integer | HTTP authentication. Possible values: 0 - (default) Disabled; 1 - Enabled. Property behavior: - supported if $ALLOW_HTTP_AUTH is enabled in the frontend configuration file (zabbix.conf.php). |
http_login_form | integer | Default login form. Possible values: 0 - (default) Zabbix login form; 1 - HTTP login form. Property behavior: - supported if $ALLOW_HTTP_AUTH is enabled in the frontend configuration file (zabbix.conf.php). |
http_strip_domains | string | Domain name to remove. Property behavior: - supported if $ALLOW_HTTP_AUTH is enabled in the frontend configuration file (zabbix.conf.php). |
http_case_sensitive | integer | HTTP case sensitive login. Possible values: 0 - Off; 1 - (default) On. Property behavior: - supported if $ALLOW_HTTP_AUTH is enabled in the frontend configuration file (zabbix.conf.php). |
ldap_auth_enabled | integer | LDAP authentication. Possible values: 0 - (default) Disabled; 1 - Enabled. |
ldap_case_sensitive | integer | LDAP case sensitive login. Possible values: 0 - Off; 1 - (default) On. |
ldap_userdirectoryid | ID | ID of the default user directory for LDAP authentication. Used for user groups with gui_access set to LDAP or System default.Property behavior: - required if ldap_auth_enabled is set to "Enabled" |
saml_auth_enabled | integer | SAML authentication. Possible values: 0 - (default) Disabled; 1 - Enabled. |
saml_case_sensitive | integer | SAML case sensitive login. Possible values: 0 - Off; 1 - (default) On. |
passwd_min_length | integer | Password minimal length requirement. Possible values range from 1 to 70. Default: 8. |
passwd_check_rules | integer | Password checking rules. Possible bitmap values: 0 - Check password length; 1 - Check if password uses uppercase and lowercase Latin letters; 2 - Check if password uses digits; 4 - Check if password uses special characters; 8 - (default) Check if password is not in the list of commonly used passwords and does not contain derivations of word "Zabbix" or user's name, last name, or username. This is a bitmask field; any sum of possible bitmap values is acceptable (for example, 15 for checking all rules). |
ldap_jit_status | integer | Status of LDAP provisioning. Possible values: 0 - Disabled for configured LDAP IdPs; 1 - Enabled for configured LDAP IdPs. |
saml_jit_status | integer | Status of SAML provisioning. Possible values: 0 - Disabled for configured SAML IdPs; 1 - Enabled for configured SAML IdPs. |
jit_provision_interval | string | Time interval between JIT provision requests for logged-in user. Accepts seconds and time unit with suffix with month and year support (3600s,60m,1h,1d,1M,1y). Minimum value: 1h. Default: 1h. Available only for LDAP provisioning. |
disabled_usrgrpid | ID | ID of the user group to assign the deprovisioned user to. The user group must be disabled and cannot be enabled or deleted when configured. Property behavior: - required if ldap_jit_status is set to "Enabled for configured LDAP IdPs", or saml_jit_status is set to "Enabled for configured SAML IdPs" |
mfa_status | integer | Multi-factor authentication. Possible values: 0 - Disabled (for all configured MFA methods); 1 - Enabled (for all configured MFA methods). |
mfaid | ID | Default MFA method for user groups with MFA enabled. Property behavior: - required if mfa_status is set to "Enabled" |