authpolicy : The authentication policy object.¶
The authentication policy defines which authentication server groups the appliance uses to authenticate admins and lists the local admin groups that map to the remote admin groups.
Object Reference¶
References to authpolicy are object references.
The name part of an authentication policy object has the following components:
The ‘authpolicy’ string
Example:authpolicy/ZG5zLm5ldHdvcmtfdmlldyQxMTk:authpolicy
Restrictions¶
The object does not support the following operations:
Create (insert)
Delete
Global search (searches via the search object)
Scheduling
CSV export
The object cannot be managed on Cloud Platform members.
Fields¶
These fields are actual members of the object; thus, they can be requested by using _return_fields, if the fields are readable.
The basic version of the object contains the field(s): default_group, usage_type.
admin_groups¶
- admin_groups¶
List of names of local administration groups that are mapped to remote administration groups.
Type
String array.
Create
The default value is empty.
Search
The field is not available for search.
auth_services¶
- auth_services¶
The array that contains an ordered list of refs to localuser:authservice object, ldap_auth_service object, radius:authservice object, tacacsplus:authservice object, ad_auth_service object, certificate:authservice object. saml:authservice object,
Type
An array of the following objects: localuser:authservice, ldap_auth_service, radius:authservice, tacacsplus:authservice, ad_auth_service, certificate:authservice, saml:authservice.
This field supports nested return fields as described here.
Create
The default value is The default is a list that contains the reference to localuser:authservice object.
Search
The field is not available for search.
default_group¶
- default_group¶
The default admin group that provides authentication in case no valid group is found.
Type
String.
Create
The default value is empty.
Search
The field is available for search via
‘=’ (exact equality)
Notes
The default_group is part of the base object.
usage_type¶
- usage_type¶
Remote policies usage.
Type
String.
- Valid values are:
AUTH_ONLY
FULL
Create
The default value is FULL.
Search
The field is available for search via
‘=’ (exact equality)
Notes
The usage_type is part of the base object.
Fields List¶
Field |
Type |
Req |
R/O |
Base |
Search |
|---|---|---|---|---|---|
admin_groups |
[String] |
N |
N |
N |
N/A |
auth_services |
obj |
N |
N |
N |
N/A |
default_group |
String |
N |
N |
Y |
= |
usage_type |
String |
N |
N |
Y |
= |
