SSO to zabbix with Azure AD



This is a very quick follow up to the last post and uses the same technique to enable SSO to the zabbix application.

The initial steps that need to be followed in Azure AD are exactly the same as the last post - if you want that again its here

To enable the same thing in zabbix you simple need to go to the following screen in the application





And populate the following information - you can see some of these from the screenshot above

LDAP Host = ip/hostname of domain services machine from Azure AD (see screenshot in last post to see where that is in the old azure portal)
Port = 389 (standard ldap port)
Base DN = the part of the ldap tree where the users are located - in azure ad this is just dc=xxxxx,dc=onmicrosoft,dc=com where xxxxx is your azure ad domain
Search attribute = sAMAccountName - this is the ldap property containing the usernames
Bind DN = The username used by zabbix in the background to query Azure AD
Bind password = password for above
Login = username to test zabbix login - note this must be a valid zabbix user and an azure ad account
Password = azure ad password for the zabbix user above

Note that the account has to be created in zabbix but does not use a password from zabbix - it's a pass through

Once thats configured it should be working and you can login to zabbix with your azure ad password.

Couple of things to note - the performance of the authentication is very erratic - sometimes its instant sometimes it takes up to a minute - not sure if thats our setup or some general problem with zabbix

Once switched to ldap mode it is the only authentication method possible - you can;t have a mix of accounts. I guess if there is some issue there is a way of switching the authentication back to internal i just don't know how to do that.......

0 comments:

Post a Comment