This is a very quick follow up to the last post and uses the same technique to enable SSO to the zabbix application.
The initial steps that need to be followed in Azure AD are exactly the same as the last post - if you want that again its here
To enable the same thing in zabbix you simple need to go to the following screen in the application
And populate the following information - you can see some of these from the screenshot above
LDAP Host = ip/hostname of domain services machine from Azure AD (see screenshot in last post to see where that is in the old azure portal)
Port = 389 (standard ldap port)
Base DN = the part of the ldap tree where the users are located - in azure ad this is just dc=xxxxx,dc=onmicrosoft,dc=com where xxxxx is your azure ad domain
Search attribute = sAMAccountName - this is the ldap property containing the usernames
Bind DN = The username used by zabbix in the background to query Azure AD
Bind password = password for above
Login = username to test zabbix login - note this must be a valid zabbix user and an azure ad account
Password = azure ad password for the zabbix user above
Note that the account has to be created in zabbix but does not use a password from zabbix - it's a pass through
Once thats configured it should be working and you can login to zabbix with your azure ad password.
Couple of things to note - the performance of the authentication is very erratic - sometimes its instant sometimes it takes up to a minute - not sure if thats our setup or some general problem with zabbix
Once switched to ldap mode it is the only authentication method possible - you can;t have a mix of accounts. I guess if there is some issue there is a way of switching the authentication back to internal i just don't know how to do that.......
Hi, this is not SSO, this is ad integration. Thanks
ReplyDeletethis is misleading.
ReplyDelete