Security Configuration Reference

The protocol (LDAP or LDAPS) and the host and port of your LDAP server. For example ldap://172.16.124.169:389.

The connection timeout in milliseconds.

The read timeout in milliseconds.

If enabled, the user account information must exist in the local database as well as the LDAP server and predefined user details are used to populate created or updated user accounts.

If disabled, Moogsoft AIOps creates or updates user accounts with the LDAP information.

The method used to look up the DN (Distinguished Name), a unique path to any object in the active directory.

The two methods are:

Optionally for both direct and lookup methods, you can use the userDnLookupUser, userDnLookupPassword and encryptedUserDnLookupPassword properties to define the user to look up each DN in your directory. See Moog Encryptor for more information if you want to use password encryption.

An optional LDAP attribute filter to search for user attributes.

An attribute map between the LDAP user attributes and the user attributes in the Moogsoft AIOps database.

This property uses the following format:

"attributeMap": 
{
    "db_column_5": "ldap_attribute_1",
    "db_column_2": "ldap_attribute_8",
    "db_column_3": "ldap_attribute_8"
}

Username of the system user to bind and search for user group information. LDAP uses this user if you leave the userDnLookupUser property empty. The system sends two bind requests and two search requests with LDAP. If you do not configure a system user, the user bind chosen for authentication is also used for the LDAP group search.

Password of the system user to bind and search for user group information.

DN for the part of the LDAP structure that contains the user groups. This is used in conjunction with the memberAttribute to find any LDAP groups the user belongs to. These groups are then mapped to a local role using the roleMap property.

Attribute used to look for group members.

Attribute used to look for group name.

Defines the role mappings between the user directory and Moogsoft AIOps.

Sychronizes team assignment between the user directory and the teams in Moogsoft AIOps.

Defines the LDAP attribute or custom attribute that maps to team names in Moogsoft AIOps. You can provide the mapping as a JSON object. For example:

Example:

{
    "LDAP Team" : "My Team", 
    "Another LDAP Team" : "My second team" 
}

Enable to use the LDAP group name as the team name in Moogsoft AIOps.

Creates a team or teams if they do not exist in Moogsoft AIOps. If you leave teamMap empty, the teams adopt their LDAP teams names.

The SSL protocol you want to use.

Location of the SSL server certificate.

Location of the SSL client certificate.

Location of the client key file.

Location of the identity provider's metadata file. The metadata file provides information on how to connect to the IdP. Moogsoft AIOps requires the file to be in .xml format.

Location of the service provider's metadata file. Moogsoft AIOps writes the SP metadata information to this file. This location must be accessible and editable by the Apache Tomcat user. Moogsoft AIOps requires the file to be in .xml format. If your IdP does not have an SP metadata file generator, you can create one manually. See Build a Service Provider Metadata File for instructions.

Default roles that Moogsoft AIOps assigns to new users upon first login using SAML. If the user already has a role mapping, Moogsoft AIOps uses that instead.

Default teams that Moogsoft AIOps assigns to new users upon first login using SAML. You can create an empty list if you do not want to assign new users to a team.

Default primary group that Moogsoft AIOps assigns to new users upon first login using SAML.

The field that Moogsoft AIOps uses to map existing users to your IdP users.

The IdP attribute that maps to username in Moogsoft AIOps.

The IdP attribute that maps to email in Moogsoft AIOps.

The IdP attributes that map to full name in Moogsoft AIOps.

The IdP attribute that maps to teams in Moogsoft AIOps.

The IdP attribute or custom attribute that maps to team names in Moogsoft AIOps.

Creates a team or teams if they do not exist in Moogsoft AIOps. If you leave teamMap empty, the teams adopt their IdP teams names.

The IdP attribute containing role information.

The IdP attribute that maps to Moogsoft AIOps roles.

Your unencrypted keystore password. Any whitespace in the name is replaced with an underscore.

Your encrypted keystore password. Any whitespace in the name is replaced with an underscore.

Your private key password. Any whitespace in the name is replaced with an underscore.

Maximum time in seconds for Moogsoft AIOps to receive an IdP's SAML assertion before it becomes invalid.

Service Provider Entity ID assertion number. Some IdPs require this ID.

The IdP attribute that maps to contact number in Moogsoft AIOps.

The IdP attribute that maps to department in Moogsoft AIOps.

The IdP attribute that maps to primary group inMoogsoft AIOps.

The IdP attribute that maps to timezone in Moogsoft AIOps.