zscaler.ziacloud.zia_authentication_settings module – Updates the organization’s default authentication settings

Note

This module is part of the zscaler.ziacloud collection (version 2.0.3).

It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install zscaler.ziacloud. You need further requirements to be able to use this module, see Requirements for details.

To use it in a playbook, specify: zscaler.ziacloud.zia_authentication_settings.

New in zscaler.ziacloud 2.0.0

Synopsis

  • Updates the organization’s default authentication settings in the ZIA Admin Portal.

Requirements

The below requirements are needed on the host that executes this module.

Parameters

Parameter

Comments

api_key

string

A string that contains the obfuscated API key.

auth_custom_frequency

integer

The custom cookie authentication frequency in days. Required if auth_frequency is CUSTOM_COOKIE.

auth_frequency

string

Defines how frequently users must reauthenticate.

Choices:

  • "DAILY_COOKIE"

  • "PERMANENT_COOKIE"

  • "SESSION_COOKIE"

  • "CUSTOM_COOKIE"

auto_provision

boolean

Whether to enable SAML-based user auto-provisioning.

Choices:

  • false

  • true

client_id

string

The client ID for OAuth2 authentication.

client_secret

string

The client secret for OAuth2 authentication.

cloud

string

The Zscaler cloud name provisioned for your organization.

Choices:

  • "zscloud"

  • "zscaler"

  • "zscalerone"

  • "zscalertwo"

  • "zscalerthree"

  • "zscalerbeta"

  • "zscalergov"

  • "zscalerten"

  • "beta"

  • "production"

directory_sync_migrate_to_scim_enabled

boolean

If true, disables legacy LDAP sync to migrate to SCIM-based provisioning.

Choices:

  • false

  • true

kerberos_enabled

boolean

Whether Kerberos authentication is enabled.

Choices:

  • false

  • true

last_sync_end_time

integer

Timestamp for when the last LDAP directory sync completed (epoch time).

last_sync_start_time

integer

Timestamp for when the last LDAP directory sync started (epoch time).

mobile_admin_saml_idp_enabled

boolean

Whether Mobile Admin can be used as an identity provider.

Choices:

  • false

  • true

one_time_auth

string

Controls how one-time passwords are handled when org_auth_type is NONE.

Choices:

  • "OTP_DISABLED"

  • "OTP_TOKEN"

  • "OTP_LINK"

org_auth_type

string

User authentication type. If set to an LDAP-based value, the LDAP configuration must also be valid.

Choices:

  • "ANY"

  • "NONE"

  • "SAFECHANNEL_DIR"

  • "MICROSOFT_ACTIVE_DIR"

  • "OPENLDAP_DIR"

  • "NOVELL_DIR"

  • "IBM_DOMINO_DIR"

  • "SUN_DIR"

  • "SMAUTH_ENTERPRISE_HOSTED"

password

string

A string that contains the password for the API admin.

password_expiry

string

Defines how often user passwords expire.

Choices:

  • "NEVER"

  • "ONE_MONTH"

  • "THREE_MONTHS"

  • "SIX_MONTHS"

password_strength

string

Enforces minimum password strength for hosted DB user authentication.

Choices:

  • "NONE"

  • "MEDIUM"

  • "STRONG"

private_key

string

The private key for JWT-based OAuth2 authentication.

provider

dictionary

A dict containing authentication credentials.

api_key

string

Obfuscated API key.

client_id

string

OAuth2 client ID.

client_secret

string

OAuth2 client secret.

cloud

string

Zscaler cloud name.

Choices:

  • "zscloud"

  • "zscaler"

  • "zscalerone"

  • "zscalertwo"

  • "zscalerthree"

  • "zscalerbeta"

  • "zscalergov"

  • "zscalerten"

  • "beta"

  • "production"

password

string

Password for the API admin.

private_key

string

Private key for OAuth2 JWT.

sandbox_cloud

string

Sandbox Cloud environment.

sandbox_token

string

Sandbox API Key.

use_legacy_client

boolean

Whether to use the legacy Zscaler API client.

Choices:

  • false ← (default)

  • true

username

string

Email ID of the API admin.

vanity_domain

string

Vanity domain for OAuth2.

saml_enabled

boolean

Whether SAML authentication is enabled.

Choices:

  • false

  • true

sandbox_cloud

string

The Sandbox cloud environment for API access.

sandbox_token

string

A string that contains the Sandbox API Key.

state

string

Whether the resource should be present. Only present is supported.

Choices:

  • "present" ← (default)

use_legacy_client

boolean

Whether to use the legacy Zscaler API client.

Choices:

  • false ← (default)

  • true

username

string

A string that contains the email ID of the API admin.

vanity_domain

string

The vanity domain provisioned by Zscaler for OAuth2 flows.

Notes

Note

  • Check mode is supported.

Examples

- name: Updates the organization's default authentication settings information
  zscaler.ziacloud.zia_authentication_settings:
    provider: '{{ provider }}'
    org_auth_type: true
    one_time_auth: false
    saml_enabled: false
    kerberos_enabled: false
    auth_frequency: DAILY_COOKIE
    auth_custom_frequency: false
    password_strength: MEDIUM
    password_expiry: SIX_MONTHS
    mobile_admin_saml_idp_enabled: false
    auto_provision: false
    directory_sync_migrate_to_scim_enabled: false

Authors

  • William Guilherme (@willguibr)