Authentication object

The following objects are directly related to the authentication API.

Authentication

The authentication object has the following properties.

Property Type Description
authentication_type integer Default authentication.

Possible values:
0 - (default) Internal;
1 - LDAP.
http_auth_enabled integer HTTP authentication.

Possible values:
0 - (default) Disabled;
1 - Enabled.

Property behavior:
- supported if $ALLOW_HTTP_AUTH is enabled in the frontend configuration file (zabbix.conf.php).
http_login_form integer Default login form.

Possible values:
0 - (default) Zabbix login form;
1 - HTTP login form.

Property behavior:
- supported if $ALLOW_HTTP_AUTH is enabled in the frontend configuration file (zabbix.conf.php).
http_strip_domains string Domain name to remove.

Property behavior:
- supported if $ALLOW_HTTP_AUTH is enabled in the frontend configuration file (zabbix.conf.php).
http_case_sensitive integer HTTP case sensitive login.

Possible values:
0 - Off;
1 - (default) On.

Property behavior:
- supported if $ALLOW_HTTP_AUTH is enabled in the frontend configuration file (zabbix.conf.php).
ldap_auth_enabled integer LDAP authentication.

Possible values:
0 - (default) Disabled;
1 - Enabled.
ldap_case_sensitive integer LDAP case sensitive login.

Possible values:
0 - Off;
1 - (default) On.
ldap_userdirectoryid ID ID of the default user directory for LDAP authentication.
Used for user groups with gui_access set to LDAP or System default.

Property behavior:
- required if ldap_auth_enabled is set to "Enabled"
saml_auth_enabled integer SAML authentication.

Possible values:
0 - (default) Disabled;
1 - Enabled.
saml_case_sensitive integer SAML case sensitive login.

Possible values:
0 - Off;
1 - (default) On.
passwd_min_length integer Password minimal length requirement.

Possible values range from 1 to 70.

Default: 8.
passwd_check_rules integer Password checking rules.
This is a bitmask field, any combination of possible bitmap values is acceptable.

Possible bitmap values:
0 - check password length;
1 - check if password uses uppercase and lowercase Latin letters;
2 - check if password uses digits;
4 - check if password uses special characters;
8 - (default) check if password is not in the list of commonly used passwords, does not contain derivations of word "Zabbix" or user's name, last name or username.
ldap_jit_status integer Status of LDAP provisioning.

Possible values:
0 - Disabled for configured LDAP IdPs;
1 - Enabled for configured LDAP IdPs.
saml_jit_status integer Status of SAML provisioning.

Possible values:
0 - Disabled for configured SAML IdPs;
1 - Enabled for configured SAML IdPs.
jit_provision_interval string Time interval between JIT provision requests for logged-in user.
Accepts seconds and time unit with suffix with month and year support (3600s,60m,1h,1d,1M,1y). Minimum value: 1h.

Default: 1h.

Available only for LDAP provisioning.
disabled_usrgrpid ID ID of the user group to assign the deprovisioned user to.
The user group must be disabled and cannot be enabled or deleted when configured.

Property behavior:
- required if ldap_jit_status is set to "Enabled for configured LDAP IdPs", or saml_jit_status is set to "Enabled for configured SAML IdPs"
mfa_status integer Multi-factor authentication.

Possible values:
0 - Disabled (for all configured MFA methods);
1 - Enabled (for all configured MFA methods).
mfaid ID Default MFA method for user groups with MFA enabled.

Property behavior:
- required if mfa_status is set to "Enabled"