• ACTIVITY_STREAM_ENABLED(required): boolean
  Title: Enable Activity Stream

  Default Value: true

  Enable capturing activity for the activity stream.
• ACTIVITY_STREAM_ENABLED_FOR_INVENTORY_SYNC(required): boolean
  Title: Enable Activity Stream for Inventory Sync

  Enable capturing activity for the activity stream when running inventory sync.
• AD_HOC_COMMANDS: array AD_HOC_COMMANDS
  List of modules allowed to be used by ad-hoc jobs.
• ALLOW_JINJA_IN_EXTRA_VARS(required): string
  Title: When can extra variables contain Jinja templates?

  Default Value: template

  Allowed Values: [ "always", "never", "template" ]

  Ansible allows variable substitution via the Jinja2 templating language for --extra-vars. This poses a potential security risk where users with the ability to specify extra vars at job launch time can use Jinja2 templates to run arbitrary Python. It is recommended that this value be set to "template" or "never".
• ALLOW_METRICS_FOR_ANONYMOUS_USERS: boolean
  Title: Allow anonymous users to poll metrics

  If true, anonymous users are allowed to poll metrics.
• ALLOW_OAUTH2_FOR_EXTERNAL_USERS: boolean
  Title: Allow External Users to Create OAuth2 Tokens

  For security reasons, users from external auth providers (LDAP, SAML, SSO, Radius, and others) are not allowed to create OAuth2 tokens. To change this behavior, enable this setting. Existing tokens will not be deleted when this setting is toggled off.
• ANSIBLE_FACT_CACHE_TIMEOUT: integer
  Title: Per-Host Ansible Fact Cache Timeout

  Minimum Value: 0

  Maximum time, in seconds, that stored Ansible facts are considered valid since the last time they were modified. Only valid, non-stale, facts will be accessible by a playbook. Note, this does not influence the deletion of ansible_facts from the database. Use a value of 0 to indicate that no timeout should be imposed.
• API_400_ERROR_LOG_FORMAT: string
  Title: Log Format For API 4XX Errors

  Minimum Length: 1

  Default Value: status {status_code} received by user {user_name} attempting to access {url_path} from {remote_addr}

  The format of logged messages when an API 4XX error occurs, the following variables will be substituted: status_code - The HTTP status code of the error user_name - The user name attempting to use the API url_path - The URL path to the API endpoint called remote_addr - The remote address seen for the user error - The error set by the api endpoint Variables need to be in the format {}.
• AUTH_BASIC_ENABLED(required): boolean
  Title: Enable HTTP Basic Auth

  Default Value: true

  Enable HTTP Basic Auth for the API Browser.
• AUTH_LDAP_1_BIND_DN: string
  Title: LDAP Bind DN

  DN (Distinguished Name) of user to bind for all search queries. This is the system user account we will use to login to query LDAP for other user information. Refer to the documentation for example syntax.
• AUTH_LDAP_1_BIND_PASSWORD: string
  Title: LDAP Bind Password

  Password used to bind LDAP user account.
• AUTH_LDAP_1_CONNECTION_OPTIONS: object LDAP Connection Options
  Title: LDAP Connection Options

  Additional Properties Allowed: additionalProperties

  Additional options to set for the LDAP connection. LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. "OPT_REFERRALS"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.
• AUTH_LDAP_1_DENY_GROUP: string
  Title: LDAP Deny Group

  Group DN denied from login. If specified, user will not be allowed to login if a member of this group. Only one deny group is supported.
• AUTH_LDAP_1_GROUP_SEARCH: array AUTH_LDAP_1_GROUP_SEARCH
  Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.
• AUTH_LDAP_1_GROUP_TYPE: string
  Title: LDAP Group Type

  Default Value: MemberDNGroupType

  Allowed Values: [ "PosixGroupType", "GroupOfNamesType", "GroupOfUniqueNamesType", "ActiveDirectoryGroupType", "OrganizationalRoleGroupType", "MemberDNGroupType", "NestedGroupOfNamesType", "NestedGroupOfUniqueNamesType", "NestedActiveDirectoryGroupType", "NestedOrganizationalRoleGroupType", "NestedMemberDNGroupType", "PosixUIDGroupType" ]

  The group type may need to be changed based on the type of the LDAP server. Values are listed at: https://django-auth-ldap.readthedocs.io/en/stable/groups.html#types-of-groups
• AUTH_LDAP_1_GROUP_TYPE_PARAMS: object LDAP Group Type Parameters
  Title: LDAP Group Type Parameters

  Additional Properties Allowed: additionalProperties

  Key value parameters to send the chosen group type init method.
• AUTH_LDAP_1_ORGANIZATION_MAP: object LDAP Organization Map
  Title: LDAP Organization Map

  Additional Properties Allowed: additionalProperties

  Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.
• AUTH_LDAP_1_REQUIRE_GROUP: string
  Title: LDAP Require Group

  Group DN required to login. If specified, user must be a member of this group to login via LDAP. If not set, everyone in LDAP that matches the user search will be able to login to the service. Only one require group is supported.
• AUTH_LDAP_1_SERVER_URI: string
  Title: LDAP Server URI

  URI to connect to LDAP server, such as "ldap://ldap.example.com:389" (non-SSL) or "ldaps://ldap.example.com:636" (SSL). Multiple LDAP servers may be specified by separating with spaces or commas. LDAP authentication is disabled if this parameter is empty.
• AUTH_LDAP_1_START_TLS: boolean
  Title: LDAP Start TLS

  Whether to enable TLS when the LDAP connection is not using SSL.
• AUTH_LDAP_1_TEAM_MAP: object LDAP Team Map
  Title: LDAP Team Map

  Additional Properties Allowed: additionalProperties

  Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.
• AUTH_LDAP_1_USER_ATTR_MAP: object LDAP User Attribute Map
  Title: LDAP User Attribute Map

  Additional Properties Allowed: additionalProperties

  Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.
• AUTH_LDAP_1_USER_DN_TEMPLATE: string
  Title: LDAP User DN Template

  Alternative to user search, if user DNs are all of the same format. This approach is more efficient for user lookups than searching if it is usable in your organizational environment. If this setting has a value it will be used instead of AUTH_LDAP_USER_SEARCH.
• AUTH_LDAP_1_USER_FLAGS_BY_GROUP: object LDAP User Flags By Group
  Title: LDAP User Flags By Group

  Additional Properties Allowed: additionalProperties

  Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.
• AUTH_LDAP_1_USER_SEARCH: array AUTH_LDAP_1_USER_SEARCH
  LDAP search query to find users. Any user that matches the given pattern will be able to login to the service. The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting). If multiple search queries need to be supported use of "LDAPUnion" is possible. See the documentation for details.
• AUTH_LDAP_2_BIND_DN: string
  Title: LDAP Bind DN

  DN (Distinguished Name) of user to bind for all search queries. This is the system user account we will use to login to query LDAP for other user information. Refer to the documentation for example syntax.
• AUTH_LDAP_2_BIND_PASSWORD: string
  Title: LDAP Bind Password

  Password used to bind LDAP user account.
• AUTH_LDAP_2_CONNECTION_OPTIONS: object LDAP Connection Options
  Title: LDAP Connection Options

  Additional Properties Allowed: additionalProperties

  Additional options to set for the LDAP connection. LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. "OPT_REFERRALS"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.
• AUTH_LDAP_2_DENY_GROUP: string
  Title: LDAP Deny Group

  Group DN denied from login. If specified, user will not be allowed to login if a member of this group. Only one deny group is supported.
• AUTH_LDAP_2_GROUP_SEARCH: array AUTH_LDAP_2_GROUP_SEARCH
  Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.
• AUTH_LDAP_2_GROUP_TYPE: string
  Title: LDAP Group Type

  Default Value: MemberDNGroupType

  Allowed Values: [ "PosixGroupType", "GroupOfNamesType", "GroupOfUniqueNamesType", "ActiveDirectoryGroupType", "OrganizationalRoleGroupType", "MemberDNGroupType", "NestedGroupOfNamesType", "NestedGroupOfUniqueNamesType", "NestedActiveDirectoryGroupType", "NestedOrganizationalRoleGroupType", "NestedMemberDNGroupType", "PosixUIDGroupType" ]

  The group type may need to be changed based on the type of the LDAP server. Values are listed at: https://django-auth-ldap.readthedocs.io/en/stable/groups.html#types-of-groups
• AUTH_LDAP_2_GROUP_TYPE_PARAMS: object LDAP Group Type Parameters
  Title: LDAP Group Type Parameters

  Additional Properties Allowed: additionalProperties

  Key value parameters to send the chosen group type init method.
• AUTH_LDAP_2_ORGANIZATION_MAP: object LDAP Organization Map
  Title: LDAP Organization Map

  Additional Properties Allowed: additionalProperties

  Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.
• AUTH_LDAP_2_REQUIRE_GROUP: string
  Title: LDAP Require Group

  Group DN required to login. If specified, user must be a member of this group to login via LDAP. If not set, everyone in LDAP that matches the user search will be able to login to the service. Only one require group is supported.
• AUTH_LDAP_2_SERVER_URI: string
  Title: LDAP Server URI

  URI to connect to LDAP server, such as "ldap://ldap.example.com:389" (non-SSL) or "ldaps://ldap.example.com:636" (SSL). Multiple LDAP servers may be specified by separating with spaces or commas. LDAP authentication is disabled if this parameter is empty.
• AUTH_LDAP_2_START_TLS: boolean
  Title: LDAP Start TLS

  Whether to enable TLS when the LDAP connection is not using SSL.
• AUTH_LDAP_2_TEAM_MAP: object LDAP Team Map
  Title: LDAP Team Map

  Additional Properties Allowed: additionalProperties

  Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.
• AUTH_LDAP_2_USER_ATTR_MAP: object LDAP User Attribute Map
  Title: LDAP User Attribute Map

  Additional Properties Allowed: additionalProperties

  Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.
• AUTH_LDAP_2_USER_DN_TEMPLATE: string
  Title: LDAP User DN Template

  Alternative to user search, if user DNs are all of the same format. This approach is more efficient for user lookups than searching if it is usable in your organizational environment. If this setting has a value it will be used instead of AUTH_LDAP_USER_SEARCH.
• AUTH_LDAP_2_USER_FLAGS_BY_GROUP: object LDAP User Flags By Group
  Title: LDAP User Flags By Group

  Additional Properties Allowed: additionalProperties

  Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.
• AUTH_LDAP_2_USER_SEARCH: array AUTH_LDAP_2_USER_SEARCH
  LDAP search query to find users. Any user that matches the given pattern will be able to login to the service. The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting). If multiple search queries need to be supported use of "LDAPUnion" is possible. See the documentation for details.
• AUTH_LDAP_3_BIND_DN: string
  Title: LDAP Bind DN

  DN (Distinguished Name) of user to bind for all search queries. This is the system user account we will use to login to query LDAP for other user information. Refer to the documentation for example syntax.
• AUTH_LDAP_3_BIND_PASSWORD: string
  Title: LDAP Bind Password

  Password used to bind LDAP user account.
• AUTH_LDAP_3_CONNECTION_OPTIONS: object LDAP Connection Options
  Title: LDAP Connection Options

  Additional Properties Allowed: additionalProperties

  Additional options to set for the LDAP connection. LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. "OPT_REFERRALS"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.
• AUTH_LDAP_3_DENY_GROUP: string
  Title: LDAP Deny Group

  Group DN denied from login. If specified, user will not be allowed to login if a member of this group. Only one deny group is supported.
• AUTH_LDAP_3_GROUP_SEARCH: array AUTH_LDAP_3_GROUP_SEARCH
  Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.
• AUTH_LDAP_3_GROUP_TYPE: string
  Title: LDAP Group Type

  Default Value: MemberDNGroupType

  Allowed Values: [ "PosixGroupType", "GroupOfNamesType", "GroupOfUniqueNamesType", "ActiveDirectoryGroupType", "OrganizationalRoleGroupType", "MemberDNGroupType", "NestedGroupOfNamesType", "NestedGroupOfUniqueNamesType", "NestedActiveDirectoryGroupType", "NestedOrganizationalRoleGroupType", "NestedMemberDNGroupType", "PosixUIDGroupType" ]

  The group type may need to be changed based on the type of the LDAP server. Values are listed at: https://django-auth-ldap.readthedocs.io/en/stable/groups.html#types-of-groups
• AUTH_LDAP_3_GROUP_TYPE_PARAMS: object LDAP Group Type Parameters
  Title: LDAP Group Type Parameters

  Additional Properties Allowed: additionalProperties

  Key value parameters to send the chosen group type init method.
• AUTH_LDAP_3_ORGANIZATION_MAP: object LDAP Organization Map
  Title: LDAP Organization Map

  Additional Properties Allowed: additionalProperties

  Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.
• AUTH_LDAP_3_REQUIRE_GROUP: string
  Title: LDAP Require Group

  Group DN required to login. If specified, user must be a member of this group to login via LDAP. If not set, everyone in LDAP that matches the user search will be able to login to the service. Only one require group is supported.
• AUTH_LDAP_3_SERVER_URI: string
  Title: LDAP Server URI

  URI to connect to LDAP server, such as "ldap://ldap.example.com:389" (non-SSL) or "ldaps://ldap.example.com:636" (SSL). Multiple LDAP servers may be specified by separating with spaces or commas. LDAP authentication is disabled if this parameter is empty.
• AUTH_LDAP_3_START_TLS: boolean
  Title: LDAP Start TLS

  Whether to enable TLS when the LDAP connection is not using SSL.
• AUTH_LDAP_3_TEAM_MAP: object LDAP Team Map
  Title: LDAP Team Map

  Additional Properties Allowed: additionalProperties

  Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.
• AUTH_LDAP_3_USER_ATTR_MAP: object LDAP User Attribute Map
  Title: LDAP User Attribute Map

  Additional Properties Allowed: additionalProperties

  Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.
• AUTH_LDAP_3_USER_DN_TEMPLATE: string
  Title: LDAP User DN Template

  Alternative to user search, if user DNs are all of the same format. This approach is more efficient for user lookups than searching if it is usable in your organizational environment. If this setting has a value it will be used instead of AUTH_LDAP_USER_SEARCH.
• AUTH_LDAP_3_USER_FLAGS_BY_GROUP: object LDAP User Flags By Group
  Title: LDAP User Flags By Group

  Additional Properties Allowed: additionalProperties

  Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.
• AUTH_LDAP_3_USER_SEARCH: array AUTH_LDAP_3_USER_SEARCH
  LDAP search query to find users. Any user that matches the given pattern will be able to login to the service. The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting). If multiple search queries need to be supported use of "LDAPUnion" is possible. See the documentation for details.
• AUTH_LDAP_4_BIND_DN: string
  Title: LDAP Bind DN

  DN (Distinguished Name) of user to bind for all search queries. This is the system user account we will use to login to query LDAP for other user information. Refer to the documentation for example syntax.
• AUTH_LDAP_4_BIND_PASSWORD: string
  Title: LDAP Bind Password

  Password used to bind LDAP user account.
• AUTH_LDAP_4_CONNECTION_OPTIONS: object LDAP Connection Options
  Title: LDAP Connection Options

  Additional Properties Allowed: additionalProperties

  Additional options to set for the LDAP connection. LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. "OPT_REFERRALS"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.
• AUTH_LDAP_4_DENY_GROUP: string
  Title: LDAP Deny Group

  Group DN denied from login. If specified, user will not be allowed to login if a member of this group. Only one deny group is supported.
• AUTH_LDAP_4_GROUP_SEARCH: array AUTH_LDAP_4_GROUP_SEARCH
  Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.
• AUTH_LDAP_4_GROUP_TYPE: string
  Title: LDAP Group Type

  Default Value: MemberDNGroupType

  Allowed Values: [ "PosixGroupType", "GroupOfNamesType", "GroupOfUniqueNamesType", "ActiveDirectoryGroupType", "OrganizationalRoleGroupType", "MemberDNGroupType", "NestedGroupOfNamesType", "NestedGroupOfUniqueNamesType", "NestedActiveDirectoryGroupType", "NestedOrganizationalRoleGroupType", "NestedMemberDNGroupType", "PosixUIDGroupType" ]

  The group type may need to be changed based on the type of the LDAP server. Values are listed at: https://django-auth-ldap.readthedocs.io/en/stable/groups.html#types-of-groups
• AUTH_LDAP_4_GROUP_TYPE_PARAMS: object LDAP Group Type Parameters
  Title: LDAP Group Type Parameters

  Additional Properties Allowed: additionalProperties

  Key value parameters to send the chosen group type init method.
• AUTH_LDAP_4_ORGANIZATION_MAP: object LDAP Organization Map
  Title: LDAP Organization Map

  Additional Properties Allowed: additionalProperties

  Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.
• AUTH_LDAP_4_REQUIRE_GROUP: string
  Title: LDAP Require Group

  Group DN required to login. If specified, user must be a member of this group to login via LDAP. If not set, everyone in LDAP that matches the user search will be able to login to the service. Only one require group is supported.
• AUTH_LDAP_4_SERVER_URI: string
  Title: LDAP Server URI

  URI to connect to LDAP server, such as "ldap://ldap.example.com:389" (non-SSL) or "ldaps://ldap.example.com:636" (SSL). Multiple LDAP servers may be specified by separating with spaces or commas. LDAP authentication is disabled if this parameter is empty.
• AUTH_LDAP_4_START_TLS: boolean
  Title: LDAP Start TLS

  Whether to enable TLS when the LDAP connection is not using SSL.
• AUTH_LDAP_4_TEAM_MAP: object LDAP Team Map
  Title: LDAP Team Map

  Additional Properties Allowed: additionalProperties

  Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.
• AUTH_LDAP_4_USER_ATTR_MAP: object LDAP User Attribute Map
  Title: LDAP User Attribute Map

  Additional Properties Allowed: additionalProperties

  Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.
• AUTH_LDAP_4_USER_DN_TEMPLATE: string
  Title: LDAP User DN Template

  Alternative to user search, if user DNs are all of the same format. This approach is more efficient for user lookups than searching if it is usable in your organizational environment. If this setting has a value it will be used instead of AUTH_LDAP_USER_SEARCH.
• AUTH_LDAP_4_USER_FLAGS_BY_GROUP: object LDAP User Flags By Group
  Title: LDAP User Flags By Group

  Additional Properties Allowed: additionalProperties

  Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.
• AUTH_LDAP_4_USER_SEARCH: array AUTH_LDAP_4_USER_SEARCH
  LDAP search query to find users. Any user that matches the given pattern will be able to login to the service. The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting). If multiple search queries need to be supported use of "LDAPUnion" is possible. See the documentation for details.
• AUTH_LDAP_5_BIND_DN: string
  Title: LDAP Bind DN

  DN (Distinguished Name) of user to bind for all search queries. This is the system user account we will use to login to query LDAP for other user information. Refer to the documentation for example syntax.
• AUTH_LDAP_5_BIND_PASSWORD: string
  Title: LDAP Bind Password

  Password used to bind LDAP user account.
• AUTH_LDAP_5_CONNECTION_OPTIONS: object LDAP Connection Options
  Title: LDAP Connection Options

  Additional Properties Allowed: additionalProperties

  Additional options to set for the LDAP connection. LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. "OPT_REFERRALS"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.
• AUTH_LDAP_5_DENY_GROUP: string
  Title: LDAP Deny Group

  Group DN denied from login. If specified, user will not be allowed to login if a member of this group. Only one deny group is supported.
• AUTH_LDAP_5_GROUP_SEARCH: array AUTH_LDAP_5_GROUP_SEARCH
  Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.
• AUTH_LDAP_5_GROUP_TYPE: string
  Title: LDAP Group Type

  Default Value: MemberDNGroupType

  Allowed Values: [ "PosixGroupType", "GroupOfNamesType", "GroupOfUniqueNamesType", "ActiveDirectoryGroupType", "OrganizationalRoleGroupType", "MemberDNGroupType", "NestedGroupOfNamesType", "NestedGroupOfUniqueNamesType", "NestedActiveDirectoryGroupType", "NestedOrganizationalRoleGroupType", "NestedMemberDNGroupType", "PosixUIDGroupType" ]

  The group type may need to be changed based on the type of the LDAP server. Values are listed at: https://django-auth-ldap.readthedocs.io/en/stable/groups.html#types-of-groups
• AUTH_LDAP_5_GROUP_TYPE_PARAMS: object LDAP Group Type Parameters
  Title: LDAP Group Type Parameters

  Additional Properties Allowed: additionalProperties

  Key value parameters to send the chosen group type init method.
• AUTH_LDAP_5_ORGANIZATION_MAP: object LDAP Organization Map
  Title: LDAP Organization Map

  Additional Properties Allowed: additionalProperties

  Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.
• AUTH_LDAP_5_REQUIRE_GROUP: string
  Title: LDAP Require Group

  Group DN required to login. If specified, user must be a member of this group to login via LDAP. If not set, everyone in LDAP that matches the user search will be able to login to the service. Only one require group is supported.
• AUTH_LDAP_5_SERVER_URI: string
  Title: LDAP Server URI

  URI to connect to LDAP server, such as "ldap://ldap.example.com:389" (non-SSL) or "ldaps://ldap.example.com:636" (SSL). Multiple LDAP servers may be specified by separating with spaces or commas. LDAP authentication is disabled if this parameter is empty.
• AUTH_LDAP_5_START_TLS: boolean
  Title: LDAP Start TLS

  Whether to enable TLS when the LDAP connection is not using SSL.
• AUTH_LDAP_5_TEAM_MAP: object LDAP Team Map
  Title: LDAP Team Map

  Additional Properties Allowed: additionalProperties

  Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.
• AUTH_LDAP_5_USER_ATTR_MAP: object LDAP User Attribute Map
  Title: LDAP User Attribute Map

  Additional Properties Allowed: additionalProperties

  Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.
• AUTH_LDAP_5_USER_DN_TEMPLATE: string
  Title: LDAP User DN Template

  Alternative to user search, if user DNs are all of the same format. This approach is more efficient for user lookups than searching if it is usable in your organizational environment. If this setting has a value it will be used instead of AUTH_LDAP_USER_SEARCH.
• AUTH_LDAP_5_USER_FLAGS_BY_GROUP: object LDAP User Flags By Group
  Title: LDAP User Flags By Group

  Additional Properties Allowed: additionalProperties

  Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.
• AUTH_LDAP_5_USER_SEARCH: array AUTH_LDAP_5_USER_SEARCH
  LDAP search query to find users. Any user that matches the given pattern will be able to login to the service. The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting). If multiple search queries need to be supported use of "LDAPUnion" is possible. See the documentation for details.
• AUTH_LDAP_BIND_DN: string
  Title: LDAP Bind DN

  DN (Distinguished Name) of user to bind for all search queries. This is the system user account we will use to login to query LDAP for other user information. Refer to the documentation for example syntax.
• AUTH_LDAP_BIND_PASSWORD: string
  Title: LDAP Bind Password

  Password used to bind LDAP user account.
• AUTH_LDAP_CONNECTION_OPTIONS: object LDAP Connection Options
  Title: LDAP Connection Options

  Additional Properties Allowed: additionalProperties

  Additional options to set for the LDAP connection. LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. "OPT_REFERRALS"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.
• AUTH_LDAP_DENY_GROUP: string
  Title: LDAP Deny Group

  Group DN denied from login. If specified, user will not be allowed to login if a member of this group. Only one deny group is supported.
• AUTH_LDAP_GROUP_SEARCH: array AUTH_LDAP_GROUP_SEARCH
  Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.
• AUTH_LDAP_GROUP_TYPE: string
  Title: LDAP Group Type

  Default Value: MemberDNGroupType

  Allowed Values: [ "PosixGroupType", "GroupOfNamesType", "GroupOfUniqueNamesType", "ActiveDirectoryGroupType", "OrganizationalRoleGroupType", "MemberDNGroupType", "NestedGroupOfNamesType", "NestedGroupOfUniqueNamesType", "NestedActiveDirectoryGroupType", "NestedOrganizationalRoleGroupType", "NestedMemberDNGroupType", "PosixUIDGroupType" ]

  The group type may need to be changed based on the type of the LDAP server. Values are listed at: https://django-auth-ldap.readthedocs.io/en/stable/groups.html#types-of-groups
• AUTH_LDAP_GROUP_TYPE_PARAMS: object LDAP Group Type Parameters
  Title: LDAP Group Type Parameters

  Additional Properties Allowed: additionalProperties

  Key value parameters to send the chosen group type init method.
• AUTH_LDAP_ORGANIZATION_MAP: object LDAP Organization Map
  Title: LDAP Organization Map

  Additional Properties Allowed: additionalProperties

  Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.
• AUTH_LDAP_REQUIRE_GROUP: string
  Title: LDAP Require Group

  Group DN required to login. If specified, user must be a member of this group to login via LDAP. If not set, everyone in LDAP that matches the user search will be able to login to the service. Only one require group is supported.
• AUTH_LDAP_SERVER_URI: string
  Title: LDAP Server URI

  URI to connect to LDAP server, such as "ldap://ldap.example.com:389" (non-SSL) or "ldaps://ldap.example.com:636" (SSL). Multiple LDAP servers may be specified by separating with spaces or commas. LDAP authentication is disabled if this parameter is empty.
• AUTH_LDAP_START_TLS: boolean
  Title: LDAP Start TLS

  Whether to enable TLS when the LDAP connection is not using SSL.
• AUTH_LDAP_TEAM_MAP: object LDAP Team Map
  Title: LDAP Team Map

  Additional Properties Allowed: additionalProperties

  Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.
• AUTH_LDAP_USER_ATTR_MAP: object LDAP User Attribute Map
  Title: LDAP User Attribute Map

  Additional Properties Allowed: additionalProperties

  Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.
• AUTH_LDAP_USER_DN_TEMPLATE: string
  Title: LDAP User DN Template

  Alternative to user search, if user DNs are all of the same format. This approach is more efficient for user lookups than searching if it is usable in your organizational environment. If this setting has a value it will be used instead of AUTH_LDAP_USER_SEARCH.
• AUTH_LDAP_USER_FLAGS_BY_GROUP: object LDAP User Flags By Group
  Title: LDAP User Flags By Group

  Additional Properties Allowed: additionalProperties

  Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.
• AUTH_LDAP_USER_SEARCH: array AUTH_LDAP_USER_SEARCH
  LDAP search query to find users. Any user that matches the given pattern will be able to login to the service. The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting). If multiple search queries need to be supported use of "LDAPUnion" is possible. See the documentation for details.
• AUTHENTICATION_BACKENDS: array AUTHENTICATION_BACKENDS
  Read Only: true

  List of authentication backends that are enabled based on license features and other authentication settings.
• AUTOMATION_ANALYTICS_GATHER_INTERVAL: integer
  Title: Automation Analytics Gather Interval

  Minimum Value: 1800

  Default Value: 14400

  Interval (in seconds) between data gathering.
• AUTOMATION_ANALYTICS_LAST_ENTRIES: string
  Title: Last gathered entries from the data collection service of Automation Analytics
• AUTOMATION_ANALYTICS_LAST_GATHER(required): string(date-time)
  Title: Last gather date for Automation Analytics.
• AUTOMATION_ANALYTICS_URL: string
  Title: Automation Analytics upload URL

  Minimum Length: 1

  Default Value: https://example.com

  This setting is used to to configure the upload URL for data collection for Automation Analytics.
• AWX_ANSIBLE_CALLBACK_PLUGINS: array AWX_ANSIBLE_CALLBACK_PLUGINS
  List of paths to search for extra callback plugins to be used when running jobs. Enter one path per line.
• AWX_CLEANUP_PATHS: boolean
  Title: Enable or Disable tmp dir cleanup

  Default Value: true

  Enable or Disable TMP Dir cleanup
• AWX_COLLECTIONS_ENABLED: boolean
  Title: Enable Collection(s) Download

  Default Value: true

  Allows collections to be dynamically downloaded from a requirements.yml file for SCM projects.
• AWX_ISOLATION_BASE_PATH(required): string
  Title: Job execution path

  Minimum Length: 1

  Default Value: /tmp

  The directory in which the service will create new temporary directories for job execution and isolation (such as credential files).
• AWX_ISOLATION_SHOW_PATHS: array AWX_ISOLATION_SHOW_PATHS
  List of paths that would otherwise be hidden to expose to isolated jobs. Enter one path per line. Volumes will be mounted from the execution node to the container. The supported format is HOST-DIR[:CONTAINER-DIR[:OPTIONS]].
• AWX_MOUNT_ISOLATED_PATHS_ON_K8S: boolean
  Title: Expose host paths for Container Groups

  Expose paths via hostPath for the Pods created by a Container Group. HostPath volumes present many security risks, and it is a best practice to avoid the use of HostPaths when possible.
• AWX_REQUEST_PROFILE: boolean
  Title: Debug Web Requests

  Debug web request python timing
• AWX_ROLES_ENABLED: boolean
  Title: Enable Role Download

  Default Value: true

  Allows roles to be dynamically downloaded from a requirements.yml file for SCM projects.
• AWX_RUNNER_KEEPALIVE_SECONDS(required): integer
  Title: K8S Ansible Runner Keep-Alive Message Interval

  Only applies to jobs running in a Container Group. If not 0, send a message every so-many seconds to keep connection open.
• AWX_SHOW_PLAYBOOK_LINKS: boolean
  Title: Follow symlinks

  Follow symbolic links when scanning for playbooks. Be aware that setting this to True can lead to infinite recursion if a link points to a parent directory of itself.
• AWX_TASK_ENV: object Extra Environment Variables
  Title: Extra Environment Variables

  Additional Properties Allowed: additionalProperties

  Additional environment variables set for playbook runs, inventory updates, project updates, and notification sending.
• BULK_HOST_MAX_CREATE: integer
  Title: Max number of hosts to allow to be created in a single bulk action

  Default Value: 100

  Max number of hosts to allow to be created in a single bulk action
• BULK_HOST_MAX_DELETE: integer
  Title: Max number of hosts to allow to be deleted in a single bulk action

  Default Value: 250

  Max number of hosts to allow to be deleted in a single bulk action
• BULK_JOB_MAX_LAUNCH: integer
  Title: Max jobs to allow bulk jobs to launch

  Default Value: 100

  Max jobs to allow bulk jobs to launch
• CLEANUP_HOST_METRICS_LAST_TS(required): string(date-time)
  Title: Last cleanup date for HostMetrics
• CSRF_TRUSTED_ORIGINS: array CSRF_TRUSTED_ORIGINS
  If the service is behind a reverse proxy/load balancer, use this setting to configure the schema://addresses from which the service should trust Origin header values.
• CUSTOM_LOGIN_INFO: string
  Title: Custom Login Info

  If needed, you can add specific information (such as a legal notice or a disclaimer) to a text box in the login modal using this setting. Any content added must be in plain text or an HTML fragment, as other markup languages are not supported.
• CUSTOM_LOGO: string
  Title: Custom Logo

  To set up a custom logo, provide a file that you create. For the custom logo to look its best, use a .png file with a transparent background. GIF, PNG and JPEG formats are supported.
• CUSTOM_VENV_PATHS: array CUSTOM_VENV_PATHS
  Paths where Tower will look for custom virtual environments (in addition to /var/lib/awx/venv/). Enter one path per line.
• DEFAULT_CONTAINER_RUN_OPTIONS: array DEFAULT_CONTAINER_RUN_OPTIONS
  List of options to pass to podman run example: ['--network', 'slirp4netns:enable_ipv6=true', '--log-level', 'debug']
• DEFAULT_CONTROL_PLANE_QUEUE_NAME: string
  Title: The instance group where control plane tasks run

  Read Only: true

  Minimum Length: 1

  Default Value: controlplane
• DEFAULT_EXECUTION_ENVIRONMENT: integer
  Title: Global default execution environment

  The Execution Environment to be used when one has not been configured for a job template.
• DEFAULT_EXECUTION_QUEUE_NAME: string
  Title: The instance group where user jobs run (currently only on non-VM installs)

  Read Only: true

  Minimum Length: 1

  Default Value: default
• DEFAULT_INVENTORY_UPDATE_TIMEOUT: integer
  Title: Default Inventory Update Timeout

  Minimum Value: 0

  Maximum time in seconds to allow inventory updates to run. Use value of 0 to indicate that no timeout should be imposed. A timeout set on an individual inventory source will override this.
• DEFAULT_JOB_IDLE_TIMEOUT: integer
  Title: Default Job Idle Timeout

  Minimum Value: 0

  If no output is detected from ansible in this number of seconds the execution will be terminated. Use value of 0 to indicate that no idle timeout should be imposed.
• DEFAULT_JOB_TIMEOUT: integer
  Title: Default Job Timeout

  Minimum Value: 0

  Maximum time in seconds to allow jobs to run. Use value of 0 to indicate that no timeout should be imposed. A timeout set on an individual job template will override this.
• DEFAULT_PROJECT_UPDATE_TIMEOUT: integer
  Title: Default Project Update Timeout

  Minimum Value: 0

  Maximum time in seconds to allow project updates to run. Use value of 0 to indicate that no timeout should be imposed. A timeout set on an individual project will override this.
• DISABLE_LOCAL_AUTH(required): boolean
  Title: Disable the built-in authentication system

  Controls whether users are prevented from using the built-in authentication system. You probably want to do this if you are using an LDAP or SAML integration.
• EVENT_STDOUT_MAX_BYTES_DISPLAY(required): integer
  Title: Job Event Standard Output Maximum Display Size

  Minimum Value: 0

  Default Value: 1024

  Maximum Size of Standard Output in bytes to display for a single job or ad hoc command event. `stdout` will end with `???` when truncated.
• GALAXY_IGNORE_CERTS: boolean
  Title: Ignore Ansible Galaxy SSL Certificate Verification

  If set to true, certificate validation will not be done when installing content from any Galaxy server.
• GALAXY_TASK_ENV(required): object Environment Variables for Galaxy Commands
  Title: Environment Variables for Galaxy Commands

  Additional Properties Allowed: additionalProperties

  Additional environment variables set for invocations of ansible-galaxy within project updates. Useful if you must use a proxy server for ansible-galaxy but not git.
• HOST_METRIC_SUMMARY_TASK_LAST_TS(required): string(date-time)
  Title: Last computing date of HostMetricSummaryMonthly
• INSIGHTS_TRACKING_STATE: boolean
  Title: Gather data for Automation Analytics

  Enables the service to gather data on automation and send it to Automation Analytics.
• INSTALL_UUID: string
  Title: Unique identifier for an installation

  Read Only: true

  Minimum Length: 1

  Default Value: 00000000-0000-0000-0000-000000000000
• IS_K8S: boolean
  Title: Is k8s

  Read Only: true

  Indicates whether the instance is part of a kubernetes-based deployment.
• LICENSE: object License
  Title: License

  Read Only: true

  Additional Properties Allowed: additionalProperties

  The license controls which features and functionality are enabled. Use /api/v2/config/ to update or change the license.
• LOCAL_PASSWORD_MIN_DIGITS: integer
  Title: Minimum number of digit characters in local password

  Minimum Value: 0

  Minimum number of digit characters required in a local password. 0 means no minimum
• LOCAL_PASSWORD_MIN_LENGTH: integer
  Title: Minimum number of characters in local password

  Minimum Value: 0

  Minimum number of characters required in a local password. 0 means no minimum
• LOCAL_PASSWORD_MIN_SPECIAL: integer
  Title: Minimum number of special characters in local password

  Minimum Value: 0

  Minimum number of special characters required in a local password. 0 means no minimum
• LOCAL_PASSWORD_MIN_UPPER: integer
  Title: Minimum number of uppercase characters in local password

  Minimum Value: 0

  Minimum number of uppercase characters required in a local password. 0 means no minimum
• LOG_AGGREGATOR_ACTION_MAX_DISK_USAGE_GB: integer
  Title: Maximum disk persistence for rsyslogd action queuing (in GB)

  Minimum Value: 1

  Default Value: 1

  Amount of data to store (in gigabytes) if an rsyslog action takes time to process an incoming message (defaults to 1). Equivalent to the rsyslogd queue.maxdiskspace setting on the action (e.g. omhttp). It stores files in the directory specified by LOG_AGGREGATOR_MAX_DISK_USAGE_PATH.
• LOG_AGGREGATOR_ACTION_QUEUE_SIZE: integer
  Title: Maximum number of messages that can be stored in the log action queue

  Minimum Value: 1

  Default Value: 131072

  Defines how large the rsyslog action queue can grow in number of messages stored. This can have an impact on memory utilization. When the queue reaches 75% of this number, the queue will start writing to disk (queue.highWatermark in rsyslog). When it reaches 90%, NOTICE, INFO, and DEBUG messages will start to be discarded (queue.discardMark with queue.discardSeverity=5).
• LOG_AGGREGATOR_ENABLED: boolean
  Title: Enable External Logging

  Enable sending logs to external log aggregator.
• LOG_AGGREGATOR_HOST: string
  Title: Logging Aggregator

  Minimum Length: 1

  Hostname/IP where external logs will be sent to.
• LOG_AGGREGATOR_INDIVIDUAL_FACTS: boolean
  Title: Log System Tracking Facts Individually

  If set, system tracking facts will be sent for each package, service, or other item found in a scan, allowing for greater search query granularity. If unset, facts will be sent as a single dictionary, allowing for greater efficiency in fact processing.
• LOG_AGGREGATOR_LEVEL: string
  Title: Logging Aggregator Level Threshold

  Default Value: INFO

  Allowed Values: [ "DEBUG", "INFO", "WARNING", "ERROR", "CRITICAL" ]

  Level threshold used by log handler. Severities from lowest to highest are DEBUG, INFO, WARNING, ERROR, CRITICAL. Messages less severe than the threshold will be ignored by log handler. (messages under category awx.anlytics ignore this setting)
• LOG_AGGREGATOR_LOGGERS: array LOG_AGGREGATOR_LOGGERS
  List of loggers that will send HTTP logs to the collector, these can include any or all of: awx - service logs activity_stream - activity stream records job_events - callback data from Ansible job events system_tracking - facts gathered from scan jobs broadcast_websocket - errors pertaining to websockets broadcast metrics
• LOG_AGGREGATOR_MAX_DISK_USAGE_PATH: string
  Title: File system location for rsyslogd disk persistence

  Minimum Length: 1

  Default Value: /var/lib/awx

  Location to persist logs that should be retried after an outage of the external log aggregator (defaults to /var/lib/awx). Equivalent to the rsyslogd queue.spoolDirectory setting.
• LOG_AGGREGATOR_PASSWORD: string
  Title: Logging Aggregator Password/Token

  Password or authentication token for external log aggregator (if required; HTTP/s only).
• LOG_AGGREGATOR_PORT: integer
  Title: Logging Aggregator Port

  Port on Logging Aggregator to send logs to (if required and not provided in Logging Aggregator).
• LOG_AGGREGATOR_PROTOCOL: string
  Title: Logging Aggregator Protocol

  Default Value: https

  Allowed Values: [ "https", "tcp", "udp" ]

  Protocol used to communicate with log aggregator. HTTPS/HTTP assumes HTTPS unless http:// is explicitly used in the Logging Aggregator hostname.
• LOG_AGGREGATOR_RSYSLOGD_DEBUG: boolean
  Title: Enable rsyslogd debugging

  Enabled high verbosity debugging for rsyslogd. Useful for debugging connection issues for external log aggregation.
• LOG_AGGREGATOR_TCP_TIMEOUT: integer
  Title: TCP Connection Timeout

  Default Value: 5

  Number of seconds for a TCP connection to external log aggregator to timeout. Applies to HTTPS and TCP log aggregator protocols.
• LOG_AGGREGATOR_TOWER_UUID: string
  Title: Cluster-wide unique identifier.

  Useful to uniquely identify instances.
• LOG_AGGREGATOR_TYPE: string
  Title: Logging Aggregator Type

  Allowed Values: [ "logstash", "splunk", "loggly", "sumologic", "other" ]

  Format messages for the chosen log aggregator.
• LOG_AGGREGATOR_USERNAME: string
  Title: Logging Aggregator Username

  Username for external log aggregator (if required; HTTP/s only).
• LOG_AGGREGATOR_VERIFY_CERT: boolean
  Title: Enable/disable HTTPS certificate verification

  Default Value: true

  Flag to control enable/disable of certificate verification when LOG_AGGREGATOR_PROTOCOL is "https". If enabled, the log handler will verify certificate sent by external log aggregator before establishing connection.
• LOGIN_REDIRECT_OVERRIDE: string
  Title: Login redirect override URL

  URL to which unauthorized users will be redirected to log in. If blank, users will be sent to the login page.
• MANAGE_ORGANIZATION_AUTH(required): boolean
  Title: Organization Admins Can Manage Users and Teams

  Default Value: true

  Controls whether any Organization Admin has the privileges to create and manage users and teams. You may want to disable this ability if you are using an LDAP or SAML integration.
• MAX_FORKS: integer
  Title: Maximum number of forks per job

  Default Value: 200

  Saving a Job Template with more than this number of forks will result in an error. When set to 0, no limit is applied.
• MAX_UI_JOB_EVENTS(required): integer
  Title: Max Job Events Retrieved by UI

  Minimum Value: 100

  Default Value: 4000

  Maximum number of job events for the UI to retrieve within a single request.
• MAX_WEBSOCKET_EVENT_RATE: integer
  Title: Job Event Maximum Websocket Messages Per Second

  Minimum Value: 0

  Default Value: 30

  Maximum number of messages to update the UI live job output with per second. Value of 0 means no limit.
• OAUTH2_PROVIDER: object OAuth 2 Timeout Settings
  Title: OAuth 2 Timeout Settings

  Additional Properties Allowed: additionalProperties

  Dictionary for customizing OAuth 2 timeouts, available items are `ACCESS_TOKEN_EXPIRE_SECONDS`, the duration of access tokens in the number of seconds, `AUTHORIZATION_CODE_EXPIRE_SECONDS`, the duration of authorization codes in the number of seconds, and `REFRESH_TOKEN_EXPIRE_SECONDS`, the duration of refresh tokens, after expired access tokens, in the number of seconds.
• ORG_ADMINS_CAN_SEE_ALL_USERS(required): boolean
  Title: All Users Visible to Organization Admins

  Default Value: true

  Controls whether any Organization Admin can view all users and teams, even those not associated with their Organization.
• PENDO_TRACKING_STATE: string
  Title: User Analytics Tracking State

  Read Only: true

  Default Value: off

  Allowed Values: [ "off", "anonymous", "detailed" ]

  Enable or Disable User Analytics Tracking.
• PROJECT_UPDATE_VVV(required): boolean
  Title: Run Project Updates With Higher Verbosity

  Adds the CLI -vvv flag to ansible-playbook runs of project_update.yml used for project updates.
• PROXY_IP_ALLOWED_LIST(required): array PROXY_IP_ALLOWED_LIST
  If the service is behind a reverse proxy/load balancer, use this setting to configure the proxy IP addresses from which the service should trust custom REMOTE_HOST_HEADERS header values. If this setting is an empty list (the default), the headers specified by REMOTE_HOST_HEADERS will be trusted unconditionally')
• RADIUS_PORT: integer
  Title: RADIUS Port

  Minimum Value: 1

  Maximum Value: 65535

  Default Value: 1812

  Port of RADIUS server.
• RADIUS_SECRET: string
  Title: RADIUS Secret

  Shared secret for authenticating to RADIUS server.
• RADIUS_SERVER: string
  Title: RADIUS Server

  Hostname/IP of RADIUS server. RADIUS authentication is disabled if this setting is empty.
• RECEPTOR_NO_SIG: boolean
  Title: Receptor no sig

  Read Only: true

  Default Value: true

  Indicates whether signatures for receptor work requests should be enforced.
• RECEPTOR_RELEASE_WORK: boolean
  Title: Release Receptor Work

  Default Value: true

  Release receptor work
• REDHAT_PASSWORD: string
  Title: Red Hat customer password

  This password is used to send data to Automation Analytics
• REDHAT_USERNAME: string
  Title: Red Hat customer username

  This username is used to send data to Automation Analytics
• REMOTE_HOST_HEADERS(required): array REMOTE_HOST_HEADERS
  HTTP headers and meta keys to search to determine remote host name or IP. Add additional items to this list, such as "HTTP_X_FORWARDED_FOR", if behind a reverse proxy. See the "Proxy Support" section of the AAP Installation guide for more details.
• SAML_AUTO_CREATE_OBJECTS: boolean
  Title: Automatically Create Organizations and Teams on SAML Login

  Default Value: true

  When enabled (the default), mapped Organizations and Teams will be created automatically on successful SAML login.
• SCHEDULE_MAX_JOBS(required): integer
  Title: Maximum Scheduled Jobs

  Minimum Value: 1

  Default Value: 10

  Maximum number of the same job template that can be waiting to run when launching from a schedule before no more are created.
• SESSION_COOKIE_AGE(required): integer
  Title: Idle Time Force Log Out

  Minimum Value: 60

  Maximum Value: 30000000000

  Default Value: 1800

  Number of seconds that a user is inactive before they will need to login again.
• SESSIONS_PER_USER(required): integer
  Title: Maximum number of simultaneous logged in sessions

  Minimum Value: -1

  Default Value: -1

  Maximum number of simultaneous logged in sessions a user may have. To disable enter -1.
• SOCIAL_AUTH_AZUREAD_OAUTH2_CALLBACK_URL: string
  Title: Azure AD OAuth2 Callback URL

  Read Only: true

  Minimum Length: 1

  Default Value: https://olamhost/sso/complete/azuread-oauth2/

  Provide this URL as the callback URL for your application as part of your registration process. Refer to the documentation for more detail.
• SOCIAL_AUTH_AZUREAD_OAUTH2_KEY: string
  Title: Azure AD OAuth2 Key

  The OAuth2 key (Client ID) from your Azure AD application.
• SOCIAL_AUTH_AZUREAD_OAUTH2_ORGANIZATION_MAP: object Azure AD OAuth2 Organization Map
  Title: Azure AD OAuth2 Organization Map

  Additional Properties Allowed: additionalProperties

  Mapping to organization admins/users from social auth accounts. This setting controls which users are placed into which organizations based on their username and email address. Configuration details are available in the documentation.
• SOCIAL_AUTH_AZUREAD_OAUTH2_SECRET: string
  Title: Azure AD OAuth2 Secret

  The OAuth2 secret (Client Secret) from your Azure AD application.
• SOCIAL_AUTH_AZUREAD_OAUTH2_TEAM_MAP: object Azure AD OAuth2 Team Map
  Title: Azure AD OAuth2 Team Map

  Additional Properties Allowed: additionalProperties

  Mapping of team members (users) from social auth accounts. Configuration details are available in the documentation.
• SOCIAL_AUTH_GITHUB_CALLBACK_URL: string
  Title: GitHub OAuth2 Callback URL

  Read Only: true

  Minimum Length: 1

  Default Value: https://olamhost/sso/complete/github/

  Provide this URL as the callback URL for your application as part of your registration process. Refer to the documentation for more detail.
• SOCIAL_AUTH_GITHUB_ENTERPRISE_API_URL: string
  Title: GitHub Enterprise API URL

  The API URL for your GitHub Enterprise instance, e.g.: http(s)://hostname/api/v3/. Refer to Github Enterprise documentation for more details.
• SOCIAL_AUTH_GITHUB_ENTERPRISE_CALLBACK_URL: string
  Title: GitHub Enterprise OAuth2 Callback URL

  Read Only: true

  Minimum Length: 1

  Default Value: https://olamhost/sso/complete/github-enterprise/

  Provide this URL as the callback URL for your application as part of your registration process. Refer to the documentation for more detail.
• SOCIAL_AUTH_GITHUB_ENTERPRISE_KEY: string
  Title: GitHub Enterprise OAuth2 Key

  The OAuth2 key (Client ID) from your GitHub Enterprise developer application.
• SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_API_URL: string
  Title: GitHub Enterprise Organization API URL

  The API URL for your GitHub Enterprise instance, e.g.: http(s)://hostname/api/v3/. Refer to Github Enterprise documentation for more details.
• SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_CALLBACK_URL: string
  Title: GitHub Enterprise Organization OAuth2 Callback URL

  Read Only: true

  Minimum Length: 1

  Default Value: https://olamhost/sso/complete/github-enterprise-org/

  Provide this URL as the callback URL for your application as part of your registration process. Refer to the documentation for more detail.
• SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_KEY: string
  Title: GitHub Enterprise Organization OAuth2 Key

  The OAuth2 key (Client ID) from your GitHub Enterprise organization application.
• SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_NAME: string
  Title: GitHub Enterprise Organization Name

  The name of your GitHub Enterprise organization, as used in your organization's URL: https://github.com//.
• SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_ORGANIZATION_MAP: object GitHub Enterprise Organization OAuth2 Organization Map
  Title: GitHub Enterprise Organization OAuth2 Organization Map

  Additional Properties Allowed: additionalProperties

  Mapping to organization admins/users from social auth accounts. This setting controls which users are placed into which organizations based on their username and email address. Configuration details are available in the documentation.
• SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_SECRET: string
  Title: GitHub Enterprise Organization OAuth2 Secret

  The OAuth2 secret (Client Secret) from your GitHub Enterprise organization application.
• SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_TEAM_MAP: object GitHub Enterprise Organization OAuth2 Team Map
  Title: GitHub Enterprise Organization OAuth2 Team Map

  Additional Properties Allowed: additionalProperties

  Mapping of team members (users) from social auth accounts. Configuration details are available in the documentation.
• SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_URL: string
  Title: GitHub Enterprise Organization URL

  The URL for your Github Enterprise instance, e.g.: http(s)://hostname/. Refer to Github Enterprise documentation for more details.
• SOCIAL_AUTH_GITHUB_ENTERPRISE_ORGANIZATION_MAP: object GitHub Enterprise OAuth2 Organization Map
  Title: GitHub Enterprise OAuth2 Organization Map

  Additional Properties Allowed: additionalProperties

  Mapping to organization admins/users from social auth accounts. This setting controls which users are placed into which organizations based on their username and email address. Configuration details are available in the documentation.
• SOCIAL_AUTH_GITHUB_ENTERPRISE_SECRET: string
  Title: GitHub Enterprise OAuth2 Secret

  The OAuth2 secret (Client Secret) from your GitHub Enterprise developer application.
• SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_API_URL: string
  Title: GitHub Enterprise Team API URL

  The API URL for your GitHub Enterprise instance, e.g.: http(s)://hostname/api/v3/. Refer to Github Enterprise documentation for more details.
• SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_CALLBACK_URL: string
  Title: GitHub Enterprise Team OAuth2 Callback URL

  Read Only: true

  Minimum Length: 1

  Default Value: https://olamhost/sso/complete/github-enterprise-team/

  Create an organization-owned application at https://github.com/organizations//settings/applications and obtain an OAuth2 key (Client ID) and secret (Client Secret). Provide this URL as the callback URL for your application.
• SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_ID: string
  Title: GitHub Enterprise Team ID

  Find the numeric team ID using the Github Enterprise API: http://fabian-kostadinov.github.io/2015/01/16/how-to-find-a-github-team-id/.
• SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_KEY: string
  Title: GitHub Enterprise Team OAuth2 Key

  The OAuth2 key (Client ID) from your GitHub Enterprise organization application.
• SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_MAP: object GitHub Enterprise OAuth2 Team Map
  Title: GitHub Enterprise OAuth2 Team Map

  Additional Properties Allowed: additionalProperties

  Mapping of team members (users) from social auth accounts. Configuration details are available in the documentation.
• SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_ORGANIZATION_MAP: object GitHub Enterprise Team OAuth2 Organization Map
  Title: GitHub Enterprise Team OAuth2 Organization Map

  Additional Properties Allowed: additionalProperties

  Mapping to organization admins/users from social auth accounts. This setting controls which users are placed into which organizations based on their username and email address. Configuration details are available in the documentation.
• SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_SECRET: string
  Title: GitHub Enterprise Team OAuth2 Secret

  The OAuth2 secret (Client Secret) from your GitHub Enterprise organization application.
• SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_TEAM_MAP: object GitHub Enterprise Team OAuth2 Team Map
  Title: GitHub Enterprise Team OAuth2 Team Map

  Additional Properties Allowed: additionalProperties

  Mapping of team members (users) from social auth accounts. Configuration details are available in the documentation.
• SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_URL: string
  Title: GitHub Enterprise Team URL

  The URL for your Github Enterprise instance, e.g.: http(s)://hostname/. Refer to Github Enterprise documentation for more details.
• SOCIAL_AUTH_GITHUB_ENTERPRISE_URL: string
  Title: GitHub Enterprise URL

  The URL for your Github Enterprise instance, e.g.: http(s)://hostname/. Refer to Github Enterprise documentation for more details.
• SOCIAL_AUTH_GITHUB_KEY: string
  Title: GitHub OAuth2 Key

  The OAuth2 key (Client ID) from your GitHub developer application.
• SOCIAL_AUTH_GITHUB_ORG_CALLBACK_URL: string
  Title: GitHub Organization OAuth2 Callback URL

  Read Only: true

  Minimum Length: 1

  Default Value: https://olamhost/sso/complete/github-org/

  Provide this URL as the callback URL for your application as part of your registration process. Refer to the documentation for more detail.
• SOCIAL_AUTH_GITHUB_ORG_KEY: string
  Title: GitHub Organization OAuth2 Key

  The OAuth2 key (Client ID) from your GitHub organization application.
• SOCIAL_AUTH_GITHUB_ORG_NAME: string
  Title: GitHub Organization Name

  The name of your GitHub organization, as used in your organization's URL: https://github.com//.
• SOCIAL_AUTH_GITHUB_ORG_ORGANIZATION_MAP: object GitHub Organization OAuth2 Organization Map
  Title: GitHub Organization OAuth2 Organization Map

  Additional Properties Allowed: additionalProperties

  Mapping to organization admins/users from social auth accounts. This setting controls which users are placed into which organizations based on their username and email address. Configuration details are available in the documentation.
• SOCIAL_AUTH_GITHUB_ORG_SECRET: string
  Title: GitHub Organization OAuth2 Secret

  The OAuth2 secret (Client Secret) from your GitHub organization application.
• SOCIAL_AUTH_GITHUB_ORG_TEAM_MAP: object GitHub Organization OAuth2 Team Map
  Title: GitHub Organization OAuth2 Team Map

  Additional Properties Allowed: additionalProperties

  Mapping of team members (users) from social auth accounts. Configuration details are available in the documentation.
• SOCIAL_AUTH_GITHUB_ORGANIZATION_MAP: object GitHub OAuth2 Organization Map
  Title: GitHub OAuth2 Organization Map

  Additional Properties Allowed: additionalProperties

  Mapping to organization admins/users from social auth accounts. This setting controls which users are placed into which organizations based on their username and email address. Configuration details are available in the documentation.
• SOCIAL_AUTH_GITHUB_SECRET: string
  Title: GitHub OAuth2 Secret

  The OAuth2 secret (Client Secret) from your GitHub developer application.
• SOCIAL_AUTH_GITHUB_TEAM_CALLBACK_URL: string
  Title: GitHub Team OAuth2 Callback URL

  Read Only: true

  Minimum Length: 1

  Default Value: https://olamhost/sso/complete/github-team/

  Create an organization-owned application at https://github.com/organizations//settings/applications and obtain an OAuth2 key (Client ID) and secret (Client Secret). Provide this URL as the callback URL for your application.
• SOCIAL_AUTH_GITHUB_TEAM_ID: string
  Title: GitHub Team ID

  Find the numeric team ID using the Github API: http://fabian-kostadinov.github.io/2015/01/16/how-to-find-a-github-team-id/.
• SOCIAL_AUTH_GITHUB_TEAM_KEY: string
  Title: GitHub Team OAuth2 Key

  The OAuth2 key (Client ID) from your GitHub organization application.
• SOCIAL_AUTH_GITHUB_TEAM_MAP: object GitHub OAuth2 Team Map
  Title: GitHub OAuth2 Team Map

  Additional Properties Allowed: additionalProperties

  Mapping of team members (users) from social auth accounts. Configuration details are available in the documentation.
• SOCIAL_AUTH_GITHUB_TEAM_ORGANIZATION_MAP: object GitHub Team OAuth2 Organization Map
  Title: GitHub Team OAuth2 Organization Map

  Additional Properties Allowed: additionalProperties

  Mapping to organization admins/users from social auth accounts. This setting controls which users are placed into which organizations based on their username and email address. Configuration details are available in the documentation.
• SOCIAL_AUTH_GITHUB_TEAM_SECRET: string
  Title: GitHub Team OAuth2 Secret

  The OAuth2 secret (Client Secret) from your GitHub organization application.
• SOCIAL_AUTH_GITHUB_TEAM_TEAM_MAP: object GitHub Team OAuth2 Team Map
  Title: GitHub Team OAuth2 Team Map

  Additional Properties Allowed: additionalProperties

  Mapping of team members (users) from social auth accounts. Configuration details are available in the documentation.
• SOCIAL_AUTH_GOOGLE_OAUTH2_AUTH_EXTRA_ARGUMENTS: object Google OAuth2 Extra Arguments
  Title: Google OAuth2 Extra Arguments

  Additional Properties Allowed: additionalProperties

  Extra arguments for Google OAuth2 login. You can restrict it to only allow a single domain to authenticate, even if the user is logged in with multple Google accounts. Refer to the documentation for more detail.
• SOCIAL_AUTH_GOOGLE_OAUTH2_CALLBACK_URL: string
  Title: Google OAuth2 Callback URL

  Read Only: true

  Minimum Length: 1

  Default Value: https://olamhost/sso/complete/google-oauth2/

  Provide this URL as the callback URL for your application as part of your registration process. Refer to the documentation for more detail.
• SOCIAL_AUTH_GOOGLE_OAUTH2_KEY: string
  Title: Google OAuth2 Key

  The OAuth2 key from your web application.
• SOCIAL_AUTH_GOOGLE_OAUTH2_ORGANIZATION_MAP: object Google OAuth2 Organization Map
  Title: Google OAuth2 Organization Map

  Additional Properties Allowed: additionalProperties

  Mapping to organization admins/users from social auth accounts. This setting controls which users are placed into which organizations based on their username and email address. Configuration details are available in the documentation.
• SOCIAL_AUTH_GOOGLE_OAUTH2_SECRET: string
  Title: Google OAuth2 Secret

  The OAuth2 secret from your web application.
• SOCIAL_AUTH_GOOGLE_OAUTH2_TEAM_MAP: object Google OAuth2 Team Map
  Title: Google OAuth2 Team Map

  Additional Properties Allowed: additionalProperties

  Mapping of team members (users) from social auth accounts. Configuration details are available in the documentation.
• SOCIAL_AUTH_GOOGLE_OAUTH2_WHITELISTED_DOMAINS: array SOCIAL_AUTH_GOOGLE_OAUTH2_WHITELISTED_DOMAINS
  Update this setting to restrict the domains who are allowed to login using Google OAuth2.
• SOCIAL_AUTH_OIDC_KEY: string
  Title: OIDC Key

  Minimum Length: 1

  The OIDC key (Client ID) from your IDP.
• SOCIAL_AUTH_OIDC_OIDC_ENDPOINT: string
  Title: OIDC Provider URL

  The URL for your OIDC provider including the path up to /.well-known/openid-configuration
• SOCIAL_AUTH_OIDC_SECRET: string
  Title: OIDC Secret

  The OIDC secret (Client Secret) from your IDP.
• SOCIAL_AUTH_OIDC_VERIFY_SSL: boolean
  Title: Verify OIDC Provider Certificate

  Default Value: true

  Verify the OIDC provider ssl certificate.
• SOCIAL_AUTH_ORGANIZATION_MAP: object Social Auth Organization Map
  Title: Social Auth Organization Map

  Additional Properties Allowed: additionalProperties

  Mapping to organization admins/users from social auth accounts. This setting controls which users are placed into which organizations based on their username and email address. Configuration details are available in the documentation.
• SOCIAL_AUTH_SAML_CALLBACK_URL: string
  Title: SAML Assertion Consumer Service (ACS) URL

  Read Only: true

  Minimum Length: 1

  Default Value: https://olamhost/sso/complete/saml/

  Register the service as a service provider (SP) with each identity provider (IdP) you have configured. Provide your SP Entity ID and this ACS URL for your application.
• SOCIAL_AUTH_SAML_ENABLED_IDPS: object SAML Enabled Identity Providers
  Title: SAML Enabled Identity Providers

  Additional Properties Allowed: additionalProperties

  Configure the Entity ID, SSO URL and certificate for each identity provider (IdP) in use. Multiple SAML IdPs are supported. Some IdPs may provide user data using attribute names that differ from the default OIDs. Attribute names may be overridden for each IdP. Refer to the Ansible documentation for additional details and syntax.
• SOCIAL_AUTH_SAML_EXTRA_DATA: array SOCIAL_AUTH_SAML_EXTRA_DATA
  A list of tuples that maps IDP attributes to extra_attributes. Each attribute will be a list of values, even if only 1 value.
• SOCIAL_AUTH_SAML_METADATA_URL: string
  Title: SAML Service Provider Metadata URL

  Read Only: true

  Minimum Length: 1

  Default Value: https://olamhost/sso/metadata/saml/

  If your identity provider (IdP) allows uploading an XML metadata file, you can download one from this URL.
• SOCIAL_AUTH_SAML_ORG_INFO(required): object SAML Service Provider Organization Info
  Title: SAML Service Provider Organization Info

  Additional Properties Allowed: additionalProperties

  Provide the URL, display name, and the name of your app. Refer to the documentation for example syntax.
• SOCIAL_AUTH_SAML_ORGANIZATION_ATTR: object SAML Organization Attribute Mapping
  Title: SAML Organization Attribute Mapping

  Additional Properties Allowed: additionalProperties

  Used to translate user organization membership.
• SOCIAL_AUTH_SAML_ORGANIZATION_MAP: object SAML Organization Map
  Title: SAML Organization Map

  Additional Properties Allowed: additionalProperties

  Mapping to organization admins/users from social auth accounts. This setting controls which users are placed into which organizations based on their username and email address. Configuration details are available in the documentation.
• SOCIAL_AUTH_SAML_SECURITY_CONFIG: object SAML Security Config
  Title: SAML Security Config

  Additional Properties Allowed: additionalProperties

  A dict of key value pairs that are passed to the underlying python-saml security setting https://github.com/onelogin/python-saml#settings
• SOCIAL_AUTH_SAML_SP_ENTITY_ID: string
  Title: SAML Service Provider Entity ID

  The application-defined unique identifier used as the audience of the SAML service provider (SP) configuration. This is usually the URL for the service.
• SOCIAL_AUTH_SAML_SP_EXTRA: object SAML Service Provider extra configuration data
  Title: SAML Service Provider extra configuration data

  Additional Properties Allowed: additionalProperties

  A dict of key value pairs to be passed to the underlying python-saml Service Provider configuration setting.
• SOCIAL_AUTH_SAML_SP_PRIVATE_KEY(required): string
  Title: SAML Service Provider Private Key

  Create a keypair to use as a service provider (SP) and include the private key content here.
• SOCIAL_AUTH_SAML_SP_PUBLIC_CERT(required): string
  Title: SAML Service Provider Public Certificate

  Create a keypair to use as a service provider (SP) and include the certificate content here.
• SOCIAL_AUTH_SAML_SUPPORT_CONTACT(required): object SAML Service Provider Support Contact
  Title: SAML Service Provider Support Contact

  Additional Properties Allowed: additionalProperties

  Provide the name and email address of the support contact for your service provider. Refer to the documentation for example syntax.
• SOCIAL_AUTH_SAML_TEAM_ATTR: object SAML Team Attribute Mapping
  Title: SAML Team Attribute Mapping

  Additional Properties Allowed: additionalProperties

  Used to translate user team membership.
• SOCIAL_AUTH_SAML_TEAM_MAP: object SAML Team Map
  Title: SAML Team Map

  Additional Properties Allowed: additionalProperties

  Mapping of team members (users) from social auth accounts. Configuration details are available in the documentation.
• SOCIAL_AUTH_SAML_TECHNICAL_CONTACT(required): object SAML Service Provider Technical Contact
  Title: SAML Service Provider Technical Contact

  Additional Properties Allowed: additionalProperties

  Provide the name and email address of the technical contact for your service provider. Refer to the documentation for example syntax.
• SOCIAL_AUTH_SAML_USER_FLAGS_BY_ATTR: object SAML User Flags Attribute Mapping
  Title: SAML User Flags Attribute Mapping

  Additional Properties Allowed: additionalProperties

  Used to map super users and system auditors from SAML.
• SOCIAL_AUTH_TEAM_MAP: object Social Auth Team Map
  Title: Social Auth Team Map

  Additional Properties Allowed: additionalProperties

  Mapping of team members (users) from social auth accounts. Configuration details are available in the documentation.
• SOCIAL_AUTH_USER_FIELDS: array SOCIAL_AUTH_USER_FIELDS
  When set to an empty list `[]`, this setting prevents new user accounts from being created. Only users who have previously logged in using social auth or have a user account with a matching email address will be able to login.
• SOCIAL_AUTH_USERNAME_IS_FULL_EMAIL: boolean
  Title: Use Email address for usernames

  Enabling this setting will tell social auth to use the full Email as username instead of the full name
• STDOUT_MAX_BYTES_DISPLAY(required): integer
  Title: Standard Output Maximum Display Size

  Minimum Value: 0

  Default Value: 1048576

  Maximum Size of Standard Output in bytes to display before requiring the output be downloaded.
• SUBSCRIPTION_USAGE_MODEL: string
  Title: Defines subscription usage model and shows Host Metrics

  Allowed Values: [ "", "unique_managed_hosts" ]
• SUBSCRIPTIONS_PASSWORD: string
  Title: Red Hat or Satellite password

  This password is used to retrieve subscription and content information
• SUBSCRIPTIONS_USERNAME: string
  Title: Red Hat or Satellite username

  This username is used to retrieve subscription and content information
• TACACSPLUS_AUTH_PROTOCOL: string
  Title: TACACS+ Authentication Protocol

  Default Value: ascii

  Allowed Values: [ "ascii", "pap" ]

  Choose the authentication protocol used by TACACS+ client.
• TACACSPLUS_HOST: string
  Title: TACACS+ Server

  Hostname of TACACS+ server.
• TACACSPLUS_PORT: integer
  Title: TACACS+ Port

  Minimum Value: 1

  Maximum Value: 65535

  Default Value: 49

  Port number of TACACS+ server.
• TACACSPLUS_REM_ADDR: boolean
  Title: TACACS+ client address sending enabled

  Enable the client address sending by TACACS+ client.
• TACACSPLUS_SECRET: string
  Title: TACACS+ Secret

  Shared secret for authenticating to TACACS+ server.
• TACACSPLUS_SESSION_TIMEOUT: integer
  Title: TACACS+ Auth Session Timeout

  Minimum Value: 0

  Default Value: 5

  TACACS+ session timeout value in seconds, 0 disables timeout.
• TOWER_URL_BASE(required): string
  Title: Base URL of the service

  Minimum Length: 1

  Default Value: https://olamhost

  This setting is used by services like notifications to render a valid url to the service.
• UI_LIVE_UPDATES_ENABLED(required): boolean
  Title: Enable Live Updates in the UI

  Default Value: true

  If disabled, the page will not refresh when events are received. Reloading the page will be required to get the latest details.
• UI_NEXT: boolean
  Title: Enable Preview of New User Interface

  Enable preview of new user interface.

{
    "properties":{
        "ACTIVITY_STREAM_ENABLED":{
            "default":true,
            "description":"Enable capturing activity for the activity stream.",
            "title":"Enable Activity Stream",
            "type":"boolean"
        },
        "ACTIVITY_STREAM_ENABLED_FOR_INVENTORY_SYNC":{
            "description":"Enable capturing activity for the activity stream when running inventory sync.",
            "title":"Enable Activity Stream for Inventory Sync",
            "type":"boolean"
        },
        "AD_HOC_COMMANDS":{
            "default":[
                "command",
                "shell",
                "yum",
                "apt",
                "apt_key",
                "apt_repository",
                "apt_rpm",
                "service",
                "group",
                "user",
                "mount",
                "ping",
                "selinux",
                "setup",
                "win_ping",
                "win_service",
                "win_updates",
                "win_group",
                "win_user"
            ],
            "description":"List of modules allowed to be used by ad-hoc jobs.",
            "items":{
                "minLength":"1",
                "type":"string"
            },
            "type":"array"
        },
        "ALLOW_JINJA_IN_EXTRA_VARS":{
            "default":"template",
            "description":"Ansible allows variable substitution via the Jinja2 templating language for --extra-vars. This poses a potential security risk where users with the ability to specify extra vars at job launch time can use Jinja2 templates to run arbitrary Python.  It is recommended that this value be set to \"template\" or \"never\".",
            "enum":[
                "always",
                "never",
                "template"
            ],
            "title":"When can extra variables contain Jinja templates?",
            "type":"string"
        },
        "ALLOW_METRICS_FOR_ANONYMOUS_USERS":{
            "description":"If true, anonymous users are allowed to poll metrics.",
            "title":"Allow anonymous users to poll metrics",
            "type":"boolean"
        },
        "ALLOW_OAUTH2_FOR_EXTERNAL_USERS":{
            "description":"For security reasons, users from external auth providers (LDAP, SAML, SSO, Radius, and others) are not allowed to create OAuth2 tokens. To change this behavior, enable this setting. Existing tokens will not be deleted when this setting is toggled off.",
            "title":"Allow External Users to Create OAuth2 Tokens",
            "type":"boolean"
        },
        "ANSIBLE_FACT_CACHE_TIMEOUT":{
            "description":"Maximum time, in seconds, that stored Ansible facts are considered valid since the last time they were modified. Only valid, non-stale, facts will be accessible by a playbook. Note, this does not influence the deletion of ansible_facts from the database. Use a value of 0 to indicate that no timeout should be imposed.",
            "minimum":"0",
            "title":"Per-Host Ansible Fact Cache Timeout",
            "type":"integer"
        },
        "API_400_ERROR_LOG_FORMAT":{
            "default":"status {status_code} received by user {user_name} attempting to access {url_path} from {remote_addr}",
            "description":"The format of logged messages when an API 4XX error occurs, the following variables will be substituted: \nstatus_code - The HTTP status code of the error\nuser_name - The user name attempting to use the API\nurl_path - The URL path to the API endpoint called\nremote_addr - The remote address seen for the user\nerror - The error set by the api endpoint\nVariables need to be in the format {<variable name>}.",
            "minLength":"1",
            "title":"Log Format For API 4XX Errors",
            "type":"string"
        },
        "AUTHENTICATION_BACKENDS":{
            "default":[
                "awx.sso.backends.TACACSPlusBackend",
                "awx.main.backends.AWXModelBackend"
            ],
            "description":"List of authentication backends that are enabled based on license features and other authentication settings.",
            "items":{
                "minLength":"1",
                "type":"string"
            },
            "readOnly":true,
            "type":"array"
        },
        "AUTH_BASIC_ENABLED":{
            "default":true,
            "description":"Enable HTTP Basic Auth for the API Browser.",
            "title":"Enable HTTP Basic Auth",
            "type":"boolean"
        },
        "AUTH_LDAP_1_BIND_DN":{
            "description":"DN (Distinguished Name) of user to bind for all search queries. This is the system user account we will use to login to query LDAP for other user information. Refer to the documentation for example syntax.",
            "title":"LDAP Bind DN",
            "type":"string"
        },
        "AUTH_LDAP_1_BIND_PASSWORD":{
            "description":"Password used to bind LDAP user account.",
            "title":"LDAP Bind Password",
            "type":"string"
        },
        "AUTH_LDAP_1_CONNECTION_OPTIONS":{
            "additionalProperties":{
                "type":"string",
                "x-nullable":true
            },
            "default":{
                "OPT_NETWORK_TIMEOUT":"30",
                "OPT_REFERRALS":"0"
            },
            "description":"Additional options to set for the LDAP connection.  LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. \"OPT_REFERRALS\"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.",
            "title":"LDAP Connection Options",
            "type":"object"
        },
        "AUTH_LDAP_1_DENY_GROUP":{
            "description":"Group DN denied from login. If specified, user will not be allowed to login if a member of this group.  Only one deny group is supported.",
            "title":"LDAP Deny Group",
            "type":"string",
            "x-nullable":true
        },
        "AUTH_LDAP_1_GROUP_SEARCH":{
            "description":"Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.",
            "items":{
                "type":"string",
                "x-nullable":true
            },
            "type":"array"
        },
        "AUTH_LDAP_1_GROUP_TYPE":{
            "default":"MemberDNGroupType",
            "description":"The group type may need to be changed based on the type of the LDAP server.  Values are listed at: https://django-auth-ldap.readthedocs.io/en/stable/groups.html#types-of-groups",
            "enum":[
                "PosixGroupType",
                "GroupOfNamesType",
                "GroupOfUniqueNamesType",
                "ActiveDirectoryGroupType",
                "OrganizationalRoleGroupType",
                "MemberDNGroupType",
                "NestedGroupOfNamesType",
                "NestedGroupOfUniqueNamesType",
                "NestedActiveDirectoryGroupType",
                "NestedOrganizationalRoleGroupType",
                "NestedMemberDNGroupType",
                "PosixUIDGroupType"
            ],
            "title":"LDAP Group Type",
            "type":"string"
        },
        "AUTH_LDAP_1_GROUP_TYPE_PARAMS":{
            "additionalProperties":{
                "type":"string",
                "x-nullable":true
            },
            "default":{
                "member_attr":"member",
                "name_attr":"cn"
            },
            "description":"Key value parameters to send the chosen group type init method.",
            "title":"LDAP Group Type Parameters",
            "type":"object"
        },
        "AUTH_LDAP_1_ORGANIZATION_MAP":{
            "additionalProperties":{
                "additionalProperties":{
                    "type":"string"
                },
                "type":"object"
            },
            "description":"Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.",
            "title":"LDAP Organization Map",
            "type":"object"
        },
        "AUTH_LDAP_1_REQUIRE_GROUP":{
            "description":"Group DN required to login. If specified, user must be a member of this group to login via LDAP. If not set, everyone in LDAP that matches the user search will be able to login to the service. Only one require group is supported.",
            "title":"LDAP Require Group",
            "type":"string",
            "x-nullable":true
        },
        "AUTH_LDAP_1_SERVER_URI":{
            "description":"URI to connect to LDAP server, such as \"ldap://ldap.example.com:389\" (non-SSL) or \"ldaps://ldap.example.com:636\" (SSL). Multiple LDAP servers may be specified by separating with spaces or commas. LDAP authentication is disabled if this parameter is empty.",
            "title":"LDAP Server URI",
            "type":"string"
        },
        "AUTH_LDAP_1_START_TLS":{
            "description":"Whether to enable TLS when the LDAP connection is not using SSL.",
            "title":"LDAP Start TLS",
            "type":"boolean"
        },
        "AUTH_LDAP_1_TEAM_MAP":{
            "additionalProperties":{
                "additionalProperties":{
                    "type":"string"
                },
                "type":"object"
            },
            "description":"Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.",
            "title":"LDAP Team Map",
            "type":"object"
        },
        "AUTH_LDAP_1_USER_ATTR_MAP":{
            "additionalProperties":{
                "minLength":"1",
                "type":"string"
            },
            "description":"Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.",
            "title":"LDAP User Attribute Map",
            "type":"object"
        },
        "AUTH_LDAP_1_USER_DN_TEMPLATE":{
            "description":"Alternative to user search, if user DNs are all of the same format. This approach is more efficient for user lookups than searching if it is usable in your organizational environment. If this setting has a value it will be used instead of AUTH_LDAP_USER_SEARCH.",
            "title":"LDAP User DN Template",
            "type":"string",
            "x-nullable":true
        },
        "AUTH_LDAP_1_USER_FLAGS_BY_GROUP":{
            "additionalProperties":{
                "items":{
                    "minLength":"1",
                    "type":"string"
                },
                "type":"array"
            },
            "description":"Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.",
            "title":"LDAP User Flags By Group",
            "type":"object"
        },
        "AUTH_LDAP_1_USER_SEARCH":{
            "description":"LDAP search query to find users.  Any user that matches the given pattern will be able to login to the service.  The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting).  If multiple search queries need to be supported use of \"LDAPUnion\" is possible. See the documentation for details.",
            "items":{
                "type":"string",
                "x-nullable":true
            },
            "type":"array"
        },
        "AUTH_LDAP_2_BIND_DN":{
            "description":"DN (Distinguished Name) of user to bind for all search queries. This is the system user account we will use to login to query LDAP for other user information. Refer to the documentation for example syntax.",
            "title":"LDAP Bind DN",
            "type":"string"
        },
        "AUTH_LDAP_2_BIND_PASSWORD":{
            "description":"Password used to bind LDAP user account.",
            "title":"LDAP Bind Password",
            "type":"string"
        },
        "AUTH_LDAP_2_CONNECTION_OPTIONS":{
            "additionalProperties":{
                "type":"string",
                "x-nullable":true
            },
            "default":{
                "OPT_NETWORK_TIMEOUT":"30",
                "OPT_REFERRALS":"0"
            },
            "description":"Additional options to set for the LDAP connection.  LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. \"OPT_REFERRALS\"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.",
            "title":"LDAP Connection Options",
            "type":"object"
        },
        "AUTH_LDAP_2_DENY_GROUP":{
            "description":"Group DN denied from login. If specified, user will not be allowed to login if a member of this group.  Only one deny group is supported.",
            "title":"LDAP Deny Group",
            "type":"string",
            "x-nullable":true
        },
        "AUTH_LDAP_2_GROUP_SEARCH":{
            "description":"Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.",
            "items":{
                "type":"string",
                "x-nullable":true
            },
            "type":"array"
        },
        "AUTH_LDAP_2_GROUP_TYPE":{
            "default":"MemberDNGroupType",
            "description":"The group type may need to be changed based on the type of the LDAP server.  Values are listed at: https://django-auth-ldap.readthedocs.io/en/stable/groups.html#types-of-groups",
            "enum":[
                "PosixGroupType",
                "GroupOfNamesType",
                "GroupOfUniqueNamesType",
                "ActiveDirectoryGroupType",
                "OrganizationalRoleGroupType",
                "MemberDNGroupType",
                "NestedGroupOfNamesType",
                "NestedGroupOfUniqueNamesType",
                "NestedActiveDirectoryGroupType",
                "NestedOrganizationalRoleGroupType",
                "NestedMemberDNGroupType",
                "PosixUIDGroupType"
            ],
            "title":"LDAP Group Type",
            "type":"string"
        },
        "AUTH_LDAP_2_GROUP_TYPE_PARAMS":{
            "additionalProperties":{
                "type":"string",
                "x-nullable":true
            },
            "default":{
                "member_attr":"member",
                "name_attr":"cn"
            },
            "description":"Key value parameters to send the chosen group type init method.",
            "title":"LDAP Group Type Parameters",
            "type":"object"
        },
        "AUTH_LDAP_2_ORGANIZATION_MAP":{
            "additionalProperties":{
                "additionalProperties":{
                    "type":"string"
                },
                "type":"object"
            },
            "description":"Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.",
            "title":"LDAP Organization Map",
            "type":"object"
        },
        "AUTH_LDAP_2_REQUIRE_GROUP":{
            "description":"Group DN required to login. If specified, user must be a member of this group to login via LDAP. If not set, everyone in LDAP that matches the user search will be able to login to the service. Only one require group is supported.",
            "title":"LDAP Require Group",
            "type":"string",
            "x-nullable":true
        },
        "AUTH_LDAP_2_SERVER_URI":{
            "description":"URI to connect to LDAP server, such as \"ldap://ldap.example.com:389\" (non-SSL) or \"ldaps://ldap.example.com:636\" (SSL). Multiple LDAP servers may be specified by separating with spaces or commas. LDAP authentication is disabled if this parameter is empty.",
            "title":"LDAP Server URI",
            "type":"string"
        },
        "AUTH_LDAP_2_START_TLS":{
            "description":"Whether to enable TLS when the LDAP connection is not using SSL.",
            "title":"LDAP Start TLS",
            "type":"boolean"
        },
        "AUTH_LDAP_2_TEAM_MAP":{
            "additionalProperties":{
                "additionalProperties":{
                    "type":"string"
                },
                "type":"object"
            },
            "description":"Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.",
            "title":"LDAP Team Map",
            "type":"object"
        },
        "AUTH_LDAP_2_USER_ATTR_MAP":{
            "additionalProperties":{
                "minLength":"1",
                "type":"string"
            },
            "description":"Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.",
            "title":"LDAP User Attribute Map",
            "type":"object"
        },
        "AUTH_LDAP_2_USER_DN_TEMPLATE":{
            "description":"Alternative to user search, if user DNs are all of the same format. This approach is more efficient for user lookups than searching if it is usable in your organizational environment. If this setting has a value it will be used instead of AUTH_LDAP_USER_SEARCH.",
            "title":"LDAP User DN Template",
            "type":"string",
            "x-nullable":true
        },
        "AUTH_LDAP_2_USER_FLAGS_BY_GROUP":{
            "additionalProperties":{
                "items":{
                    "minLength":"1",
                    "type":"string"
                },
                "type":"array"
            },
            "description":"Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.",
            "title":"LDAP User Flags By Group",
            "type":"object"
        },
        "AUTH_LDAP_2_USER_SEARCH":{
            "description":"LDAP search query to find users.  Any user that matches the given pattern will be able to login to the service.  The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting).  If multiple search queries need to be supported use of \"LDAPUnion\" is possible. See the documentation for details.",
            "items":{
                "type":"string",
                "x-nullable":true
            },
            "type":"array"
        },
        "AUTH_LDAP_3_BIND_DN":{
            "description":"DN (Distinguished Name) of user to bind for all search queries. This is the system user account we will use to login to query LDAP for other user information. Refer to the documentation for example syntax.",
            "title":"LDAP Bind DN",
            "type":"string"
        },
        "AUTH_LDAP_3_BIND_PASSWORD":{
            "description":"Password used to bind LDAP user account.",
            "title":"LDAP Bind Password",
            "type":"string"
        },
        "AUTH_LDAP_3_CONNECTION_OPTIONS":{
            "additionalProperties":{
                "type":"string",
                "x-nullable":true
            },
            "default":{
                "OPT_NETWORK_TIMEOUT":"30",
                "OPT_REFERRALS":"0"
            },
            "description":"Additional options to set for the LDAP connection.  LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. \"OPT_REFERRALS\"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.",
            "title":"LDAP Connection Options",
            "type":"object"
        },
        "AUTH_LDAP_3_DENY_GROUP":{
            "description":"Group DN denied from login. If specified, user will not be allowed to login if a member of this group.  Only one deny group is supported.",
            "title":"LDAP Deny Group",
            "type":"string",
            "x-nullable":true
        },
        "AUTH_LDAP_3_GROUP_SEARCH":{
            "description":"Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.",
            "items":{
                "type":"string",
                "x-nullable":true
            },
            "type":"array"
        },
        "AUTH_LDAP_3_GROUP_TYPE":{
            "default":"MemberDNGroupType",
            "description":"The group type may need to be changed based on the type of the LDAP server.  Values are listed at: https://django-auth-ldap.readthedocs.io/en/stable/groups.html#types-of-groups",
            "enum":[
                "PosixGroupType",
                "GroupOfNamesType",
                "GroupOfUniqueNamesType",
                "ActiveDirectoryGroupType",
                "OrganizationalRoleGroupType",
                "MemberDNGroupType",
                "NestedGroupOfNamesType",
                "NestedGroupOfUniqueNamesType",
                "NestedActiveDirectoryGroupType",
                "NestedOrganizationalRoleGroupType",
                "NestedMemberDNGroupType",
                "PosixUIDGroupType"
            ],
            "title":"LDAP Group Type",
            "type":"string"
        },
        "AUTH_LDAP_3_GROUP_TYPE_PARAMS":{
            "additionalProperties":{
                "type":"string",
                "x-nullable":true
            },
            "default":{
                "member_attr":"member",
                "name_attr":"cn"
            },
            "description":"Key value parameters to send the chosen group type init method.",
            "title":"LDAP Group Type Parameters",
            "type":"object"
        },
        "AUTH_LDAP_3_ORGANIZATION_MAP":{
            "additionalProperties":{
                "additionalProperties":{
                    "type":"string"
                },
                "type":"object"
            },
            "description":"Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.",
            "title":"LDAP Organization Map",
            "type":"object"
        },
        "AUTH_LDAP_3_REQUIRE_GROUP":{
            "description":"Group DN required to login. If specified, user must be a member of this group to login via LDAP. If not set, everyone in LDAP that matches the user search will be able to login to the service. Only one require group is supported.",
            "title":"LDAP Require Group",
            "type":"string",
            "x-nullable":true
        },
        "AUTH_LDAP_3_SERVER_URI":{
            "description":"URI to connect to LDAP server, such as \"ldap://ldap.example.com:389\" (non-SSL) or \"ldaps://ldap.example.com:636\" (SSL). Multiple LDAP servers may be specified by separating with spaces or commas. LDAP authentication is disabled if this parameter is empty.",
            "title":"LDAP Server URI",
            "type":"string"
        },
        "AUTH_LDAP_3_START_TLS":{
            "description":"Whether to enable TLS when the LDAP connection is not using SSL.",
            "title":"LDAP Start TLS",
            "type":"boolean"
        },
        "AUTH_LDAP_3_TEAM_MAP":{
            "additionalProperties":{
                "additionalProperties":{
                    "type":"string"
                },
                "type":"object"
            },
            "description":"Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.",
            "title":"LDAP Team Map",
            "type":"object"
        },
        "AUTH_LDAP_3_USER_ATTR_MAP":{
            "additionalProperties":{
                "minLength":"1",
                "type":"string"
            },
            "description":"Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.",
            "title":"LDAP User Attribute Map",
            "type":"object"
        },
        "AUTH_LDAP_3_USER_DN_TEMPLATE":{
            "description":"Alternative to user search, if user DNs are all of the same format. This approach is more efficient for user lookups than searching if it is usable in your organizational environment. If this setting has a value it will be used instead of AUTH_LDAP_USER_SEARCH.",
            "title":"LDAP User DN Template",
            "type":"string",
            "x-nullable":true
        },
        "AUTH_LDAP_3_USER_FLAGS_BY_GROUP":{
            "additionalProperties":{
                "items":{
                    "minLength":"1",
                    "type":"string"
                },
                "type":"array"
            },
            "description":"Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.",
            "title":"LDAP User Flags By Group",
            "type":"object"
        },
        "AUTH_LDAP_3_USER_SEARCH":{
            "description":"LDAP search query to find users.  Any user that matches the given pattern will be able to login to the service.  The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting).  If multiple search queries need to be supported use of \"LDAPUnion\" is possible. See the documentation for details.",
            "items":{
                "type":"string",
                "x-nullable":true
            },
            "type":"array"
        },
        "AUTH_LDAP_4_BIND_DN":{
            "description":"DN (Distinguished Name) of user to bind for all search queries. This is the system user account we will use to login to query LDAP for other user information. Refer to the documentation for example syntax.",
            "title":"LDAP Bind DN",
            "type":"string"
        },
        "AUTH_LDAP_4_BIND_PASSWORD":{
            "description":"Password used to bind LDAP user account.",
            "title":"LDAP Bind Password",
            "type":"string"
        },
        "AUTH_LDAP_4_CONNECTION_OPTIONS":{
            "additionalProperties":{
                "type":"string",
                "x-nullable":true
            },
            "default":{
                "OPT_NETWORK_TIMEOUT":"30",
                "OPT_REFERRALS":"0"
            },
            "description":"Additional options to set for the LDAP connection.  LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. \"OPT_REFERRALS\"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.",
            "title":"LDAP Connection Options",
            "type":"object"
        },
        "AUTH_LDAP_4_DENY_GROUP":{
            "description":"Group DN denied from login. If specified, user will not be allowed to login if a member of this group.  Only one deny group is supported.",
            "title":"LDAP Deny Group",
            "type":"string",
            "x-nullable":true
        },
        "AUTH_LDAP_4_GROUP_SEARCH":{
            "description":"Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.",
            "items":{
                "type":"string",
                "x-nullable":true
            },
            "type":"array"
        },
        "AUTH_LDAP_4_GROUP_TYPE":{
            "default":"MemberDNGroupType",
            "description":"The group type may need to be changed based on the type of the LDAP server.  Values are listed at: https://django-auth-ldap.readthedocs.io/en/stable/groups.html#types-of-groups",
            "enum":[
                "PosixGroupType",
                "GroupOfNamesType",
                "GroupOfUniqueNamesType",
                "ActiveDirectoryGroupType",
                "OrganizationalRoleGroupType",
                "MemberDNGroupType",
                "NestedGroupOfNamesType",
                "NestedGroupOfUniqueNamesType",
                "NestedActiveDirectoryGroupType",
                "NestedOrganizationalRoleGroupType",
                "NestedMemberDNGroupType",
                "PosixUIDGroupType"
            ],
            "title":"LDAP Group Type",
            "type":"string"
        },
        "AUTH_LDAP_4_GROUP_TYPE_PARAMS":{
            "additionalProperties":{
                "type":"string",
                "x-nullable":true
            },
            "default":{
                "member_attr":"member",
                "name_attr":"cn"
            },
            "description":"Key value parameters to send the chosen group type init method.",
            "title":"LDAP Group Type Parameters",
            "type":"object"
        },
        "AUTH_LDAP_4_ORGANIZATION_MAP":{
            "additionalProperties":{
                "additionalProperties":{
                    "type":"string"
                },
                "type":"object"
            },
            "description":"Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.",
            "title":"LDAP Organization Map",
            "type":"object"
        },
        "AUTH_LDAP_4_REQUIRE_GROUP":{
            "description":"Group DN required to login. If specified, user must be a member of this group to login via LDAP. If not set, everyone in LDAP that matches the user search will be able to login to the service. Only one require group is supported.",
            "title":"LDAP Require Group",
            "type":"string",
            "x-nullable":true
        },
        "AUTH_LDAP_4_SERVER_URI":{
            "description":"URI to connect to LDAP server, such as \"ldap://ldap.example.com:389\" (non-SSL) or \"ldaps://ldap.example.com:636\" (SSL). Multiple LDAP servers may be specified by separating with spaces or commas. LDAP authentication is disabled if this parameter is empty.",
            "title":"LDAP Server URI",
            "type":"string"
        },
        "AUTH_LDAP_4_START_TLS":{
            "description":"Whether to enable TLS when the LDAP connection is not using SSL.",
            "title":"LDAP Start TLS",
            "type":"boolean"
        },
        "AUTH_LDAP_4_TEAM_MAP":{
            "additionalProperties":{
                "additionalProperties":{
                    "type":"string"
                },
                "type":"object"
            },
            "description":"Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.",
            "title":"LDAP Team Map",
            "type":"object"
        },
        "AUTH_LDAP_4_USER_ATTR_MAP":{
            "additionalProperties":{
                "minLength":"1",
                "type":"string"
            },
            "description":"Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.",
            "title":"LDAP User Attribute Map",
            "type":"object"
        },
        "AUTH_LDAP_4_USER_DN_TEMPLATE":{
            "description":"Alternative to user search, if user DNs are all of the same format. This approach is more efficient for user lookups than searching if it is usable in your organizational environment. If this setting has a value it will be used instead of AUTH_LDAP_USER_SEARCH.",
            "title":"LDAP User DN Template",
            "type":"string",
            "x-nullable":true
        },
        "AUTH_LDAP_4_USER_FLAGS_BY_GROUP":{
            "additionalProperties":{
                "items":{
                    "minLength":"1",
                    "type":"string"
                },
                "type":"array"
            },
            "description":"Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.",
            "title":"LDAP User Flags By Group",
            "type":"object"
        },
        "AUTH_LDAP_4_USER_SEARCH":{
            "description":"LDAP search query to find users.  Any user that matches the given pattern will be able to login to the service.  The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting).  If multiple search queries need to be supported use of \"LDAPUnion\" is possible. See the documentation for details.",
            "items":{
                "type":"string",
                "x-nullable":true
            },
            "type":"array"
        },
        "AUTH_LDAP_5_BIND_DN":{
            "description":"DN (Distinguished Name) of user to bind for all search queries. This is the system user account we will use to login to query LDAP for other user information. Refer to the documentation for example syntax.",
            "title":"LDAP Bind DN",
            "type":"string"
        },
        "AUTH_LDAP_5_BIND_PASSWORD":{
            "description":"Password used to bind LDAP user account.",
            "title":"LDAP Bind Password",
            "type":"string"
        },
        "AUTH_LDAP_5_CONNECTION_OPTIONS":{
            "additionalProperties":{
                "type":"string",
                "x-nullable":true
            },
            "default":{
                "OPT_NETWORK_TIMEOUT":"30",
                "OPT_REFERRALS":"0"
            },
            "description":"Additional options to set for the LDAP connection.  LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. \"OPT_REFERRALS\"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.",
            "title":"LDAP Connection Options",
            "type":"object"
        },
        "AUTH_LDAP_5_DENY_GROUP":{
            "description":"Group DN denied from login. If specified, user will not be allowed to login if a member of this group.  Only one deny group is supported.",
            "title":"LDAP Deny Group",
            "type":"string",
            "x-nullable":true
        },
        "AUTH_LDAP_5_GROUP_SEARCH":{
            "description":"Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.",
            "items":{
                "type":"string",
                "x-nullable":true
            },
            "type":"array"
        },
        "AUTH_LDAP_5_GROUP_TYPE":{
            "default":"MemberDNGroupType",
            "description":"The group type may need to be changed based on the type of the LDAP server.  Values are listed at: https://django-auth-ldap.readthedocs.io/en/stable/groups.html#types-of-groups",
            "enum":[
                "PosixGroupType",
                "GroupOfNamesType",
                "GroupOfUniqueNamesType",
                "ActiveDirectoryGroupType",
                "OrganizationalRoleGroupType",
                "MemberDNGroupType",
                "NestedGroupOfNamesType",
                "NestedGroupOfUniqueNamesType",
                "NestedActiveDirectoryGroupType",
                "NestedOrganizationalRoleGroupType",
                "NestedMemberDNGroupType",
                "PosixUIDGroupType"
            ],
            "title":"LDAP Group Type",
            "type":"string"
        },
        "AUTH_LDAP_5_GROUP_TYPE_PARAMS":{
            "additionalProperties":{
                "type":"string",
                "x-nullable":true
            },
            "default":{
                "member_attr":"member",
                "name_attr":"cn"
            },
            "description":"Key value parameters to send the chosen group type init method.",
            "title":"LDAP Group Type Parameters",
            "type":"object"
        },
        "AUTH_LDAP_5_ORGANIZATION_MAP":{
            "additionalProperties":{
                "additionalProperties":{
                    "type":"string"
                },
                "type":"object"
            },
            "description":"Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.",
            "title":"LDAP Organization Map",
            "type":"object"
        },
        "AUTH_LDAP_5_REQUIRE_GROUP":{
            "description":"Group DN required to login. If specified, user must be a member of this group to login via LDAP. If not set, everyone in LDAP that matches the user search will be able to login to the service. Only one require group is supported.",
            "title":"LDAP Require Group",
            "type":"string",
            "x-nullable":true
        },
        "AUTH_LDAP_5_SERVER_URI":{
            "description":"URI to connect to LDAP server, such as \"ldap://ldap.example.com:389\" (non-SSL) or \"ldaps://ldap.example.com:636\" (SSL). Multiple LDAP servers may be specified by separating with spaces or commas. LDAP authentication is disabled if this parameter is empty.",
            "title":"LDAP Server URI",
            "type":"string"
        },
        "AUTH_LDAP_5_START_TLS":{
            "description":"Whether to enable TLS when the LDAP connection is not using SSL.",
            "title":"LDAP Start TLS",
            "type":"boolean"
        },
        "AUTH_LDAP_5_TEAM_MAP":{
            "additionalProperties":{
                "additionalProperties":{
                    "type":"string"
                },
                "type":"object"
            },
            "description":"Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.",
            "title":"LDAP Team Map",
            "type":"object"
        },
        "AUTH_LDAP_5_USER_ATTR_MAP":{
            "additionalProperties":{
                "minLength":"1",
                "type":"string"
            },
            "description":"Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.",
            "title":"LDAP User Attribute Map",
            "type":"object"
        },
        "AUTH_LDAP_5_USER_DN_TEMPLATE":{
            "description":"Alternative to user search, if user DNs are all of the same format. This approach is more efficient for user lookups than searching if it is usable in your organizational environment. If this setting has a value it will be used instead of AUTH_LDAP_USER_SEARCH.",
            "title":"LDAP User DN Template",
            "type":"string",
            "x-nullable":true
        },
        "AUTH_LDAP_5_USER_FLAGS_BY_GROUP":{
            "additionalProperties":{
                "items":{
                    "minLength":"1",
                    "type":"string"
                },
                "type":"array"
            },
            "description":"Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.",
            "title":"LDAP User Flags By Group",
            "type":"object"
        },
        "AUTH_LDAP_5_USER_SEARCH":{
            "description":"LDAP search query to find users.  Any user that matches the given pattern will be able to login to the service.  The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting).  If multiple search queries need to be supported use of \"LDAPUnion\" is possible. See the documentation for details.",
            "items":{
                "type":"string",
                "x-nullable":true
            },
            "type":"array"
        },
        "AUTH_LDAP_BIND_DN":{
            "description":"DN (Distinguished Name) of user to bind for all search queries. This is the system user account we will use to login to query LDAP for other user information. Refer to the documentation for example syntax.",
            "title":"LDAP Bind DN",
            "type":"string"
        },
        "AUTH_LDAP_BIND_PASSWORD":{
            "description":"Password used to bind LDAP user account.",
            "title":"LDAP Bind Password",
            "type":"string"
        },
        "AUTH_LDAP_CONNECTION_OPTIONS":{
            "additionalProperties":{
                "type":"string",
                "x-nullable":true
            },
            "default":{
                "OPT_NETWORK_TIMEOUT":"30",
                "OPT_REFERRALS":"0"
            },
            "description":"Additional options to set for the LDAP connection.  LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. \"OPT_REFERRALS\"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.",
            "title":"LDAP Connection Options",
            "type":"object"
        },
        "AUTH_LDAP_DENY_GROUP":{
            "description":"Group DN denied from login. If specified, user will not be allowed to login if a member of this group.  Only one deny group is supported.",
            "title":"LDAP Deny Group",
            "type":"string",
            "x-nullable":true
        },
        "AUTH_LDAP_GROUP_SEARCH":{
            "description":"Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.",
            "items":{
                "type":"string",
                "x-nullable":true
            },
            "type":"array"
        },
        "AUTH_LDAP_GROUP_TYPE":{
            "default":"MemberDNGroupType",
            "description":"The group type may need to be changed based on the type of the LDAP server.  Values are listed at: https://django-auth-ldap.readthedocs.io/en/stable/groups.html#types-of-groups",
            "enum":[
                "PosixGroupType",
                "GroupOfNamesType",
                "GroupOfUniqueNamesType",
                "ActiveDirectoryGroupType",
                "OrganizationalRoleGroupType",
                "MemberDNGroupType",
                "NestedGroupOfNamesType",
                "NestedGroupOfUniqueNamesType",
                "NestedActiveDirectoryGroupType",
                "NestedOrganizationalRoleGroupType",
                "NestedMemberDNGroupType",
                "PosixUIDGroupType"
            ],
            "title":"LDAP Group Type",
            "type":"string"
        },
        "AUTH_LDAP_GROUP_TYPE_PARAMS":{
            "additionalProperties":{
                "type":"string",
                "x-nullable":true
            },
            "default":{
                "member_attr":"member",
                "name_attr":"cn"
            },
            "description":"Key value parameters to send the chosen group type init method.",
            "title":"LDAP Group Type Parameters",
            "type":"object"
        },
        "AUTH_LDAP_ORGANIZATION_MAP":{
            "additionalProperties":{
                "additionalProperties":{
                    "type":"string"
                },
                "type":"object"
            },
            "description":"Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.",
            "title":"LDAP Organization Map",
            "type":"object"
        },
        "AUTH_LDAP_REQUIRE_GROUP":{
            "description":"Group DN required to login. If specified, user must be a member of this group to login via LDAP. If not set, everyone in LDAP that matches the user search will be able to login to the service. Only one require group is supported.",
            "title":"LDAP Require Group",
            "type":"string",
            "x-nullable":true
        },
        "AUTH_LDAP_SERVER_URI":{
            "description":"URI to connect to LDAP server, such as \"ldap://ldap.example.com:389\" (non-SSL) or \"ldaps://ldap.example.com:636\" (SSL). Multiple LDAP servers may be specified by separating with spaces or commas. LDAP authentication is disabled if this parameter is empty.",
            "title":"LDAP Server URI",
            "type":"string"
        },
        "AUTH_LDAP_START_TLS":{
            "description":"Whether to enable TLS when the LDAP connection is not using SSL.",
            "title":"LDAP Start TLS",
            "type":"boolean"
        },
        "AUTH_LDAP_TEAM_MAP":{
            "additionalProperties":{
                "additionalProperties":{
                    "type":"string"
                },
                "type":"object"
            },
            "description":"Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.",
            "title":"LDAP Team Map",
            "type":"object"
        },
        "AUTH_LDAP_USER_ATTR_MAP":{
            "additionalProperties":{
                "minLength":"1",
                "type":"string"
            },
            "description":"Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.",
            "title":"LDAP User Attribute Map",
            "type":"object"
        },
        "AUTH_LDAP_USER_DN_TEMPLATE":{
            "description":"Alternative to user search, if user DNs are all of the same format. This approach is more efficient for user lookups than searching if it is usable in your organizational environment. If this setting has a value it will be used instead of AUTH_LDAP_USER_SEARCH.",
            "title":"LDAP User DN Template",
            "type":"string",
            "x-nullable":true
        },
        "AUTH_LDAP_USER_FLAGS_BY_GROUP":{
            "additionalProperties":{
                "items":{
                    "minLength":"1",
                    "type":"string"
                },
                "type":"array"
            },
            "description":"Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.",
            "title":"LDAP User Flags By Group",
            "type":"object"
        },
        "AUTH_LDAP_USER_SEARCH":{
            "description":"LDAP search query to find users.  Any user that matches the given pattern will be able to login to the service.  The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting).  If multiple search queries need to be supported use of \"LDAPUnion\" is possible. See the documentation for details.",
            "items":{
                "type":"string",
                "x-nullable":true
            },
            "type":"array"
        },
        "AUTOMATION_ANALYTICS_GATHER_INTERVAL":{
            "default":"14400",
            "description":"Interval (in seconds) between data gathering.",
            "minimum":"1800",
            "title":"Automation Analytics Gather Interval",
            "type":"integer"
        },
        "AUTOMATION_ANALYTICS_LAST_ENTRIES":{
            "title":"Last gathered entries from the data collection service of Automation Analytics",
            "type":"string"
        },
        "AUTOMATION_ANALYTICS_LAST_GATHER":{
            "format":"date-time",
            "title":"Last gather date for Automation Analytics.",
            "type":"string",
            "x-nullable":true
        },
        "AUTOMATION_ANALYTICS_URL":{
            "default":"https://example.com",
            "description":"This setting is used to to configure the upload URL for data collection for Automation Analytics.",
            "minLength":"1",
            "title":"Automation Analytics upload URL",
            "type":"string"
        },
        "AWX_ANSIBLE_CALLBACK_PLUGINS":{
            "description":"List of paths to search for extra callback plugins to be used when running jobs. Enter one path per line.",
            "items":{
                "minLength":"1",
                "type":"string"
            },
            "type":"array"
        },
        "AWX_CLEANUP_PATHS":{
            "default":true,
            "description":"Enable or Disable TMP Dir cleanup",
            "title":"Enable or Disable tmp dir cleanup",
            "type":"boolean"
        },
        "AWX_COLLECTIONS_ENABLED":{
            "default":true,
            "description":"Allows collections to be dynamically downloaded from a requirements.yml file for SCM projects.",
            "title":"Enable Collection(s) Download",
            "type":"boolean"
        },
        "AWX_ISOLATION_BASE_PATH":{
            "default":"/tmp",
            "description":"The directory in which the service will create new temporary directories for job execution and isolation (such as credential files).",
            "minLength":"1",
            "title":"Job execution path",
            "type":"string"
        },
        "AWX_ISOLATION_SHOW_PATHS":{
            "description":"List of paths that would otherwise be hidden to expose to isolated jobs. Enter one path per line. Volumes will be mounted from the execution node to the container. The supported format is HOST-DIR[:CONTAINER-DIR[:OPTIONS]]. ",
            "items":{
                "minLength":"1",
                "type":"string"
            },
            "type":"array"
        },
        "AWX_MOUNT_ISOLATED_PATHS_ON_K8S":{
            "description":"Expose paths via hostPath for the Pods created by a Container Group. HostPath volumes present many security risks, and it is a best practice to avoid the use of HostPaths when possible. ",
            "title":"Expose host paths for Container Groups",
            "type":"boolean"
        },
        "AWX_REQUEST_PROFILE":{
            "description":"Debug web request python timing",
            "title":"Debug Web Requests",
            "type":"boolean"
        },
        "AWX_ROLES_ENABLED":{
            "default":true,
            "description":"Allows roles to be dynamically downloaded from a requirements.yml file for SCM projects.",
            "title":"Enable Role Download",
            "type":"boolean"
        },
        "AWX_RUNNER_KEEPALIVE_SECONDS":{
            "description":"Only applies to jobs running in a Container Group. If not 0, send a message every so-many seconds to keep connection open.",
            "title":"K8S Ansible Runner Keep-Alive Message Interval",
            "type":"integer"
        },
        "AWX_SHOW_PLAYBOOK_LINKS":{
            "description":"Follow symbolic links when scanning for playbooks. Be aware that setting this to True can lead to infinite recursion if a link points to a parent directory of itself.",
            "title":"Follow symlinks",
            "type":"boolean"
        },
        "AWX_TASK_ENV":{
            "additionalProperties":{
                "minLength":"1",
                "type":"string"
            },
            "description":"Additional environment variables set for playbook runs, inventory updates, project updates, and notification sending.",
            "title":"Extra Environment Variables",
            "type":"object"
        },
        "BULK_HOST_MAX_CREATE":{
            "default":"100",
            "description":"Max number of hosts to allow to be created in a single bulk action",
            "title":"Max number of hosts to allow to be created in a single bulk action",
            "type":"integer"
        },
        "BULK_HOST_MAX_DELETE":{
            "default":"250",
            "description":"Max number of hosts to allow to be deleted in a single bulk action",
            "title":"Max number of hosts to allow to be deleted in a single bulk action",
            "type":"integer"
        },
        "BULK_JOB_MAX_LAUNCH":{
            "default":"100",
            "description":"Max jobs to allow bulk jobs to launch",
            "title":"Max jobs to allow bulk jobs to launch",
            "type":"integer"
        },
        "CLEANUP_HOST_METRICS_LAST_TS":{
            "format":"date-time",
            "title":"Last cleanup date for HostMetrics",
            "type":"string",
            "x-nullable":true
        },
        "CSRF_TRUSTED_ORIGINS":{
            "description":"If the service is behind a reverse proxy/load balancer, use this setting to configure the schema://addresses from which the service should trust Origin header values. ",
            "items":{
                "minLength":"1",
                "type":"string"
            },
            "type":"array"
        },
        "CUSTOM_LOGIN_INFO":{
            "description":"If needed, you can add specific information (such as a legal notice or a disclaimer) to a text box in the login modal using this setting. Any content added must be in plain text or an HTML fragment, as other markup languages are not supported.",
            "title":"Custom Login Info",
            "type":"string"
        },
        "CUSTOM_LOGO":{
            "description":"To set up a custom logo, provide a file that you create. For the custom logo to look its best, use a .png file with a transparent background. GIF, PNG and JPEG formats are supported.",
            "title":"Custom Logo",
            "type":"string"
        },
        "CUSTOM_VENV_PATHS":{
            "description":"Paths where Tower will look for custom virtual environments (in addition to /var/lib/awx/venv/). Enter one path per line.",
            "items":{
                "minLength":"1",
                "type":"string"
            },
            "type":"array"
        },
        "DEFAULT_CONTAINER_RUN_OPTIONS":{
            "default":[
                "--network",
                "slirp4netns:enable_ipv6=true"
            ],
            "description":"List of options to pass to podman run example: ['--network', 'slirp4netns:enable_ipv6=true', '--log-level', 'debug']",
            "items":{
                "minLength":"1",
                "type":"string"
            },
            "type":"array"
        },
        "DEFAULT_CONTROL_PLANE_QUEUE_NAME":{
            "default":"controlplane",
            "minLength":"1",
            "readOnly":true,
            "title":"The instance group where control plane tasks run",
            "type":"string"
        },
        "DEFAULT_EXECUTION_ENVIRONMENT":{
            "description":"The Execution Environment to be used when one has not been configured for a job template.",
            "title":"Global default execution environment",
            "type":"integer",
            "x-nullable":true
        },
        "DEFAULT_EXECUTION_QUEUE_NAME":{
            "default":"default",
            "minLength":"1",
            "readOnly":true,
            "title":"The instance group where user jobs run (currently only on non-VM installs)",
            "type":"string"
        },
        "DEFAULT_INVENTORY_UPDATE_TIMEOUT":{
            "description":"Maximum time in seconds to allow inventory updates to run. Use value of 0 to indicate that no timeout should be imposed. A timeout set on an individual inventory source will override this.",
            "minimum":"0",
            "title":"Default Inventory Update Timeout",
            "type":"integer"
        },
        "DEFAULT_JOB_IDLE_TIMEOUT":{
            "description":"If no output is detected from ansible in this number of seconds the execution will be terminated. Use value of 0 to indicate that no idle timeout should be imposed.",
            "minimum":"0",
            "title":"Default Job Idle Timeout",
            "type":"integer"
        },
        "DEFAULT_JOB_TIMEOUT":{
            "description":"Maximum time in seconds to allow jobs to run. Use value of 0 to indicate that no timeout should be imposed. A timeout set on an individual job template will override this.",
            "minimum":"0",
            "title":"Default Job Timeout",
            "type":"integer"
        },
        "DEFAULT_PROJECT_UPDATE_TIMEOUT":{
            "description":"Maximum time in seconds to allow project updates to run. Use value of 0 to indicate that no timeout should be imposed. A timeout set on an individual project will override this.",
            "minimum":"0",
            "title":"Default Project Update Timeout",
            "type":"integer"
        },
        "DISABLE_LOCAL_AUTH":{
            "description":"Controls whether users are prevented from using the built-in authentication system. You probably want to do this if you are using an LDAP or SAML integration.",
            "title":"Disable the built-in authentication system",
            "type":"boolean"
        },
        "EVENT_STDOUT_MAX_BYTES_DISPLAY":{
            "default":"1024",
            "description":"Maximum Size of Standard Output in bytes to display for a single job or ad hoc command event. `stdout` will end with `???` when truncated.",
            "minimum":"0",
            "title":"Job Event Standard Output Maximum Display Size",
            "type":"integer"
        },
        "GALAXY_IGNORE_CERTS":{
            "description":"If set to true, certificate validation will not be done when installing content from any Galaxy server.",
            "title":"Ignore Ansible Galaxy SSL Certificate Verification",
            "type":"boolean"
        },
        "GALAXY_TASK_ENV":{
            "additionalProperties":{
                "minLength":"1",
                "type":"string"
            },
            "default":{
                "ANSIBLE_FORCE_COLOR":"false",
                "GIT_SSH_COMMAND":"ssh -o StrictHostKeyChecking=no"
            },
            "description":"Additional environment variables set for invocations of ansible-galaxy within project updates. Useful if you must use a proxy server for ansible-galaxy but not git.",
            "title":"Environment Variables for Galaxy Commands",
            "type":"object"
        },
        "HOST_METRIC_SUMMARY_TASK_LAST_TS":{
            "format":"date-time",
            "title":"Last computing date of HostMetricSummaryMonthly",
            "type":"string",
            "x-nullable":true
        },
        "INSIGHTS_TRACKING_STATE":{
            "description":"Enables the service to gather data on automation and send it to Automation Analytics.",
            "title":"Gather data for Automation Analytics",
            "type":"boolean"
        },
        "INSTALL_UUID":{
            "default":"00000000-0000-0000-0000-000000000000",
            "minLength":"1",
            "readOnly":true,
            "title":"Unique identifier for an installation",
            "type":"string"
        },
        "IS_K8S":{
            "description":"Indicates whether the instance is part of a kubernetes-based deployment.",
            "readOnly":true,
            "title":"Is k8s",
            "type":"boolean"
        },
        "LICENSE":{
            "additionalProperties":{
                "type":"string",
                "x-nullable":true
            },
            "description":"The license controls which features and functionality are enabled. Use /api/v2/config/ to update or change the license.",
            "readOnly":true,
            "title":"License",
            "type":"object"
        },
        "LOCAL_PASSWORD_MIN_DIGITS":{
            "description":"Minimum number of digit characters required in a local password. 0 means no minimum",
            "minimum":"0",
            "title":"Minimum number of digit characters in local password",
            "type":"integer"
        },
        "LOCAL_PASSWORD_MIN_LENGTH":{
            "description":"Minimum number of characters required in a local password. 0 means no minimum",
            "minimum":"0",
            "title":"Minimum number of characters in local password",
            "type":"integer"
        },
        "LOCAL_PASSWORD_MIN_SPECIAL":{
            "description":"Minimum number of special characters required in a local password. 0 means no minimum",
            "minimum":"0",
            "title":"Minimum number of special characters in local password",
            "type":"integer"
        },
        "LOCAL_PASSWORD_MIN_UPPER":{
            "description":"Minimum number of uppercase characters required in a local password. 0 means no minimum",
            "minimum":"0",
            "title":"Minimum number of uppercase characters in local password",
            "type":"integer"
        },
        "LOGIN_REDIRECT_OVERRIDE":{
            "description":"URL to which unauthorized users will be redirected to log in.  If blank, users will be sent to the login page.",
            "title":"Login redirect override URL",
            "type":"string"
        },
        "LOG_AGGREGATOR_ACTION_MAX_DISK_USAGE_GB":{
            "default":"1",
            "description":"Amount of data to store (in gigabytes) if an rsyslog action takes time to process an incoming message (defaults to 1). Equivalent to the rsyslogd queue.maxdiskspace setting on the action (e.g. omhttp). It stores files in the directory specified by LOG_AGGREGATOR_MAX_DISK_USAGE_PATH.",
            "minimum":"1",
            "title":"Maximum disk persistence for rsyslogd action queuing (in GB)",
            "type":"integer"
        },
        "LOG_AGGREGATOR_ACTION_QUEUE_SIZE":{
            "default":"131072",
            "description":"Defines how large the rsyslog action queue can grow in number of messages stored. This can have an impact on memory utilization. When the queue reaches 75% of this number, the queue will start writing to disk (queue.highWatermark in rsyslog). When it reaches 90%, NOTICE, INFO, and DEBUG messages will start to be discarded (queue.discardMark with queue.discardSeverity=5).",
            "minimum":"1",
            "title":"Maximum number of messages that can be stored in the log action queue",
            "type":"integer"
        },
        "LOG_AGGREGATOR_ENABLED":{
            "description":"Enable sending logs to external log aggregator.",
            "title":"Enable External Logging",
            "type":"boolean"
        },
        "LOG_AGGREGATOR_HOST":{
            "description":"Hostname/IP where external logs will be sent to.",
            "minLength":"1",
            "title":"Logging Aggregator",
            "type":"string",
            "x-nullable":true
        },
        "LOG_AGGREGATOR_INDIVIDUAL_FACTS":{
            "description":"If set, system tracking facts will be sent for each package, service, or other item found in a scan, allowing for greater search query granularity. If unset, facts will be sent as a single dictionary, allowing for greater efficiency in fact processing.",
            "title":"Log System Tracking Facts Individually",
            "type":"boolean"
        },
        "LOG_AGGREGATOR_LEVEL":{
            "default":"INFO",
            "description":"Level threshold used by log handler. Severities from lowest to highest are DEBUG, INFO, WARNING, ERROR, CRITICAL. Messages less severe than the threshold will be ignored by log handler. (messages under category awx.anlytics ignore this setting)",
            "enum":[
                "DEBUG",
                "INFO",
                "WARNING",
                "ERROR",
                "CRITICAL"
            ],
            "title":"Logging Aggregator Level Threshold",
            "type":"string"
        },
        "LOG_AGGREGATOR_LOGGERS":{
            "default":[
                "awx",
                "activity_stream",
                "job_events",
                "system_tracking",
                "broadcast_websocket"
            ],
            "description":"List of loggers that will send HTTP logs to the collector, these can include any or all of: \nawx - service logs\nactivity_stream - activity stream records\njob_events - callback data from Ansible job events\nsystem_tracking - facts gathered from scan jobs\nbroadcast_websocket - errors pertaining to websockets broadcast metrics\n",
            "items":{
                "minLength":"1",
                "type":"string"
            },
            "type":"array"
        },
        "LOG_AGGREGATOR_MAX_DISK_USAGE_PATH":{
            "default":"/var/lib/awx",
            "description":"Location to persist logs that should be retried after an outage of the external log aggregator (defaults to /var/lib/awx). Equivalent to the rsyslogd queue.spoolDirectory setting.",
            "minLength":"1",
            "title":"File system location for rsyslogd disk persistence",
            "type":"string"
        },
        "LOG_AGGREGATOR_PASSWORD":{
            "description":"Password or authentication token for external log aggregator (if required; HTTP/s only).",
            "title":"Logging Aggregator Password/Token",
            "type":"string"
        },
        "LOG_AGGREGATOR_PORT":{
            "description":"Port on Logging Aggregator to send logs to (if required and not provided in Logging Aggregator).",
            "title":"Logging Aggregator Port",
            "type":"integer",
            "x-nullable":true
        },
        "LOG_AGGREGATOR_PROTOCOL":{
            "default":"https",
            "description":"Protocol used to communicate with log aggregator.  HTTPS/HTTP assumes HTTPS unless http:// is explicitly used in the Logging Aggregator hostname.",
            "enum":[
                "https",
                "tcp",
                "udp"
            ],
            "title":"Logging Aggregator Protocol",
            "type":"string"
        },
        "LOG_AGGREGATOR_RSYSLOGD_DEBUG":{
            "description":"Enabled high verbosity debugging for rsyslogd.  Useful for debugging connection issues for external log aggregation.",
            "title":"Enable rsyslogd debugging",
            "type":"boolean"
        },
        "LOG_AGGREGATOR_TCP_TIMEOUT":{
            "default":"5",
            "description":"Number of seconds for a TCP connection to external log aggregator to timeout. Applies to HTTPS and TCP log aggregator protocols.",
            "title":"TCP Connection Timeout",
            "type":"integer"
        },
        "LOG_AGGREGATOR_TOWER_UUID":{
            "description":"Useful to uniquely identify instances.",
            "title":"Cluster-wide unique identifier.",
            "type":"string"
        },
        "LOG_AGGREGATOR_TYPE":{
            "description":"Format messages for the chosen log aggregator.",
            "enum":[
                "logstash",
                "splunk",
                "loggly",
                "sumologic",
                "other"
            ],
            "title":"Logging Aggregator Type",
            "type":"string",
            "x-nullable":true
        },
        "LOG_AGGREGATOR_USERNAME":{
            "description":"Username for external log aggregator (if required; HTTP/s only).",
            "title":"Logging Aggregator Username",
            "type":"string"
        },
        "LOG_AGGREGATOR_VERIFY_CERT":{
            "default":true,
            "description":"Flag to control enable/disable of certificate verification when LOG_AGGREGATOR_PROTOCOL is \"https\". If enabled, the log handler will verify certificate sent by external log aggregator before establishing connection.",
            "title":"Enable/disable HTTPS certificate verification",
            "type":"boolean"
        },
        "MANAGE_ORGANIZATION_AUTH":{
            "default":true,
            "description":"Controls whether any Organization Admin has the privileges to create and manage users and teams. You may want to disable this ability if you are using an LDAP or SAML integration.",
            "title":"Organization Admins Can Manage Users and Teams",
            "type":"boolean"
        },
        "MAX_FORKS":{
            "default":"200",
            "description":"Saving a Job Template with more than this number of forks will result in an error. When set to 0, no limit is applied.",
            "title":"Maximum number of forks per job",
            "type":"integer"
        },
        "MAX_UI_JOB_EVENTS":{
            "default":"4000",
            "description":"Maximum number of job events for the UI to retrieve within a single request.",
            "minimum":"100",
            "title":"Max Job Events Retrieved by UI",
            "type":"integer"
        },
        "MAX_WEBSOCKET_EVENT_RATE":{
            "default":"30",
            "description":"Maximum number of messages to update the UI live job output with per second. Value of 0 means no limit.",
            "minimum":"0",
            "title":"Job Event Maximum Websocket Messages Per Second",
            "type":"integer"
        },
        "OAUTH2_PROVIDER":{
            "additionalProperties":{
                "minimum":"1",
                "type":"integer"
            },
            "default":{
                "ACCESS_TOKEN_EXPIRE_SECONDS":"31536000000",
                "AUTHORIZATION_CODE_EXPIRE_SECONDS":"600",
                "REFRESH_TOKEN_EXPIRE_SECONDS":"2628000"
            },
            "description":"Dictionary for customizing OAuth 2 timeouts, available items are `ACCESS_TOKEN_EXPIRE_SECONDS`, the duration of access tokens in the number of seconds, `AUTHORIZATION_CODE_EXPIRE_SECONDS`, the duration of authorization codes in the number of seconds, and `REFRESH_TOKEN_EXPIRE_SECONDS`, the duration of refresh tokens, after expired access tokens, in the number of seconds.",
            "title":"OAuth 2 Timeout Settings",
            "type":"object"
        },
        "ORG_ADMINS_CAN_SEE_ALL_USERS":{
            "default":true,
            "description":"Controls whether any Organization Admin can view all users and teams, even those not associated with their Organization.",
            "title":"All Users Visible to Organization Admins",
            "type":"boolean"
        },
        "PENDO_TRACKING_STATE":{
            "default":"off",
            "description":"Enable or Disable User Analytics Tracking.",
            "enum":[
                "off",
                "anonymous",
                "detailed"
            ],
            "readOnly":true,
            "title":"User Analytics Tracking State",
            "type":"string"
        },
        "PROJECT_UPDATE_VVV":{
            "description":"Adds the CLI -vvv flag to ansible-playbook runs of project_update.yml used for project updates.",
            "title":"Run Project Updates With Higher Verbosity",
            "type":"boolean"
        },
        "PROXY_IP_ALLOWED_LIST":{
            "description":"If the service is behind a reverse proxy/load balancer, use this setting to configure the proxy IP addresses from which the service should trust custom REMOTE_HOST_HEADERS header values. If this setting is an empty list (the default), the headers specified by REMOTE_HOST_HEADERS will be trusted unconditionally')",
            "items":{
                "minLength":"1",
                "type":"string"
            },
            "type":"array"
        },
        "RADIUS_PORT":{
            "default":"1812",
            "description":"Port of RADIUS server.",
            "maximum":"65535",
            "minimum":"1",
            "title":"RADIUS Port",
            "type":"integer"
        },
        "RADIUS_SECRET":{
            "description":"Shared secret for authenticating to RADIUS server.",
            "title":"RADIUS Secret",
            "type":"string"
        },
        "RADIUS_SERVER":{
            "description":"Hostname/IP of RADIUS server. RADIUS authentication is disabled if this setting is empty.",
            "title":"RADIUS Server",
            "type":"string"
        },
        "RECEPTOR_NO_SIG":{
            "default":true,
            "description":"Indicates whether signatures for receptor work requests should be enforced.",
            "readOnly":true,
            "title":"Receptor no sig",
            "type":"boolean"
        },
        "RECEPTOR_RELEASE_WORK":{
            "default":true,
            "description":"Release receptor work",
            "title":"Release Receptor Work",
            "type":"boolean"
        },
        "REDHAT_PASSWORD":{
            "description":"This password is used to send data to Automation Analytics",
            "title":"Red Hat customer password",
            "type":"string"
        },
        "REDHAT_USERNAME":{
            "description":"This username is used to send data to Automation Analytics",
            "title":"Red Hat customer username",
            "type":"string"
        },
        "REMOTE_HOST_HEADERS":{
            "default":[
                "REMOTE_ADDR",
                "REMOTE_HOST"
            ],
            "description":"HTTP headers and meta keys to search to determine remote host name or IP. Add additional items to this list, such as \"HTTP_X_FORWARDED_FOR\", if behind a reverse proxy. See the \"Proxy Support\" section of the AAP Installation guide for more details.",
            "items":{
                "minLength":"1",
                "type":"string"
            },
            "type":"array"
        },
        "SAML_AUTO_CREATE_OBJECTS":{
            "default":true,
            "description":"When enabled (the default), mapped Organizations and Teams will be created automatically on successful SAML login.",
            "title":"Automatically Create Organizations and Teams on SAML Login",
            "type":"boolean"
        },
        "SCHEDULE_MAX_JOBS":{
            "default":"10",
            "description":"Maximum number of the same job template that can be waiting to run when launching from a schedule before no more are created.",
            "minimum":"1",
            "title":"Maximum Scheduled Jobs",
            "type":"integer"
        },
        "SESSIONS_PER_USER":{
            "default":"-1",
            "description":"Maximum number of simultaneous logged in sessions a user may have. To disable enter -1.",
            "minimum":"-1",
            "title":"Maximum number of simultaneous logged in sessions",
            "type":"integer"
        },
        "SESSION_COOKIE_AGE":{
            "default":"1800",
            "description":"Number of seconds that a user is inactive before they will need to login again.",
            "maximum":"30000000000",
            "minimum":"60",
            "title":"Idle Time Force Log Out",
            "type":"integer"
        },
        "SOCIAL_AUTH_AZUREAD_OAUTH2_CALLBACK_URL":{
            "default":"https://olamhost/sso/complete/azuread-oauth2/",
            "description":"Provide this URL as the callback URL for your application as part of your registration process. Refer to the documentation for more detail. ",
            "minLength":"1",
            "readOnly":true,
            "title":"Azure AD OAuth2 Callback URL",
            "type":"string"
        },
        "SOCIAL_AUTH_AZUREAD_OAUTH2_KEY":{
            "description":"The OAuth2 key (Client ID) from your Azure AD application.",
            "title":"Azure AD OAuth2 Key",
            "type":"string"
        },
        "SOCIAL_AUTH_AZUREAD_OAUTH2_ORGANIZATION_MAP":{
            "additionalProperties":{
                "additionalProperties":{
                    "type":"string"
                },
                "type":"object"
            },
            "description":"Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the\ndocumentation.",
            "title":"Azure AD OAuth2 Organization Map",
            "type":"object",
            "x-nullable":true
        },
        "SOCIAL_AUTH_AZUREAD_OAUTH2_SECRET":{
            "description":"The OAuth2 secret (Client Secret) from your Azure AD application.",
            "title":"Azure AD OAuth2 Secret",
            "type":"string"
        },
        "SOCIAL_AUTH_AZUREAD_OAUTH2_TEAM_MAP":{
            "additionalProperties":{
                "additionalProperties":{
                    "type":"string"
                },
                "type":"object"
            },
            "description":"Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.",
            "title":"Azure AD OAuth2 Team Map",
            "type":"object",
            "x-nullable":true
        },
        "SOCIAL_AUTH_GITHUB_CALLBACK_URL":{
            "default":"https://olamhost/sso/complete/github/",
            "description":"Provide this URL as the callback URL for your application as part of your registration process. Refer to the documentation for more detail.",
            "minLength":"1",
            "readOnly":true,
            "title":"GitHub OAuth2 Callback URL",
            "type":"string"
        },
        "SOCIAL_AUTH_GITHUB_ENTERPRISE_API_URL":{
            "description":"The API URL for your GitHub Enterprise instance, e.g.: http(s)://hostname/api/v3/. Refer to Github Enterprise documentation for more details.",
            "title":"GitHub Enterprise API URL",
            "type":"string"
        },
        "SOCIAL_AUTH_GITHUB_ENTERPRISE_CALLBACK_URL":{
            "default":"https://olamhost/sso/complete/github-enterprise/",
            "description":"Provide this URL as the callback URL for your application as part of your registration process. Refer to the documentation for more detail.",
            "minLength":"1",
            "readOnly":true,
            "title":"GitHub Enterprise OAuth2 Callback URL",
            "type":"string"
        },
        "SOCIAL_AUTH_GITHUB_ENTERPRISE_KEY":{
            "description":"The OAuth2 key (Client ID) from your GitHub Enterprise developer application.",
            "title":"GitHub Enterprise OAuth2 Key",
            "type":"string"
        },
        "SOCIAL_AUTH_GITHUB_ENTERPRISE_ORGANIZATION_MAP":{
            "additionalProperties":{
                "additionalProperties":{
                    "type":"string"
                },
                "type":"object"
            },
            "description":"Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the\ndocumentation.",
            "title":"GitHub Enterprise OAuth2 Organization Map",
            "type":"object",
            "x-nullable":true
        },
        "SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_API_URL":{
            "description":"The API URL for your GitHub Enterprise instance, e.g.: http(s)://hostname/api/v3/. Refer to Github Enterprise documentation for more details.",
            "title":"GitHub Enterprise Organization API URL",
            "type":"string"
        },
        "SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_CALLBACK_URL":{
            "default":"https://olamhost/sso/complete/github-enterprise-org/",
            "description":"Provide this URL as the callback URL for your application as part of your registration process. Refer to the documentation for more detail.",
            "minLength":"1",
            "readOnly":true,
            "title":"GitHub Enterprise Organization OAuth2 Callback URL",
            "type":"string"
        },
        "SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_KEY":{
            "description":"The OAuth2 key (Client ID) from your GitHub Enterprise organization application.",
            "title":"GitHub Enterprise Organization OAuth2 Key",
            "type":"string"
        },
        "SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_NAME":{
            "description":"The name of your GitHub Enterprise organization, as used in your organization's URL: https://github.com/<yourorg>/.",
            "title":"GitHub Enterprise Organization Name",
            "type":"string"
        },
        "SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_ORGANIZATION_MAP":{
            "additionalProperties":{
                "additionalProperties":{
                    "type":"string"
                },
                "type":"object"
            },
            "description":"Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the\ndocumentation.",
            "title":"GitHub Enterprise Organization OAuth2 Organization Map",
            "type":"object",
            "x-nullable":true
        },
        "SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_SECRET":{
            "description":"The OAuth2 secret (Client Secret) from your GitHub Enterprise organization application.",
            "title":"GitHub Enterprise Organization OAuth2 Secret",
            "type":"string"
        },
        "SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_TEAM_MAP":{
            "additionalProperties":{
                "additionalProperties":{
                    "type":"string"
                },
                "type":"object"
            },
            "description":"Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.",
            "title":"GitHub Enterprise Organization OAuth2 Team Map",
            "type":"object",
            "x-nullable":true
        },
        "SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_URL":{
            "description":"The URL for your Github Enterprise instance, e.g.: http(s)://hostname/. Refer to Github Enterprise documentation for more details.",
            "title":"GitHub Enterprise Organization URL",
            "type":"string"
        },
        "SOCIAL_AUTH_GITHUB_ENTERPRISE_SECRET":{
            "description":"The OAuth2 secret (Client Secret) from your GitHub Enterprise developer application.",
            "title":"GitHub Enterprise OAuth2 Secret",
            "type":"string"
        },
        "SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_API_URL":{
            "description":"The API URL for your GitHub Enterprise instance, e.g.: http(s)://hostname/api/v3/. Refer to Github Enterprise documentation for more details.",
            "title":"GitHub Enterprise Team API URL",
            "type":"string"
        },
        "SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_CALLBACK_URL":{
            "default":"https://olamhost/sso/complete/github-enterprise-team/",
            "description":"Create an organization-owned application at https://github.com/organizations/<yourorg>/settings/applications and obtain an OAuth2 key (Client ID) and secret (Client Secret). Provide this URL as the callback URL for your application.",
            "minLength":"1",
            "readOnly":true,
            "title":"GitHub Enterprise Team OAuth2 Callback URL",
            "type":"string"
        },
        "SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_ID":{
            "description":"Find the numeric team ID using the Github Enterprise API: http://fabian-kostadinov.github.io/2015/01/16/how-to-find-a-github-team-id/.",
            "title":"GitHub Enterprise Team ID",
            "type":"string"
        },
        "SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_KEY":{
            "description":"The OAuth2 key (Client ID) from your GitHub Enterprise organization application.",
            "title":"GitHub Enterprise Team OAuth2 Key",
            "type":"string"
        },
        "SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_MAP":{
            "additionalProperties":{
                "additionalProperties":{
                    "type":"string"
                },
                "type":"object"
            },
            "description":"Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.",
            "title":"GitHub Enterprise OAuth2 Team Map",
            "type":"object",
            "x-nullable":true
        },
        "SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_ORGANIZATION_MAP":{
            "additionalProperties":{
                "additionalProperties":{
                    "type":"string"
                },
                "type":"object"
            },
            "description":"Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the\ndocumentation.",
            "title":"GitHub Enterprise Team OAuth2 Organization Map",
            "type":"object",
            "x-nullable":true
        },
        "SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_SECRET":{
            "description":"The OAuth2 secret (Client Secret) from your GitHub Enterprise organization application.",
            "title":"GitHub Enterprise Team OAuth2 Secret",
            "type":"string"
        },
        "SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_TEAM_MAP":{
            "additionalProperties":{
                "additionalProperties":{
                    "type":"string"
                },
                "type":"object"
            },
            "description":"Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.",
            "title":"GitHub Enterprise Team OAuth2 Team Map",
            "type":"object",
            "x-nullable":true
        },
        "SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_URL":{
            "description":"The URL for your Github Enterprise instance, e.g.: http(s)://hostname/. Refer to Github Enterprise documentation for more details.",
            "title":"GitHub Enterprise Team URL",
            "type":"string"
        },
        "SOCIAL_AUTH_GITHUB_ENTERPRISE_URL":{
            "description":"The URL for your Github Enterprise instance, e.g.: http(s)://hostname/. Refer to Github Enterprise documentation for more details.",
            "title":"GitHub Enterprise URL",
            "type":"string"
        },
        "SOCIAL_AUTH_GITHUB_KEY":{
            "description":"The OAuth2 key (Client ID) from your GitHub developer application.",
            "title":"GitHub OAuth2 Key",
            "type":"string"
        },
        "SOCIAL_AUTH_GITHUB_ORGANIZATION_MAP":{
            "additionalProperties":{
                "additionalProperties":{
                    "type":"string"
                },
                "type":"object"
            },
            "description":"Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the\ndocumentation.",
            "title":"GitHub OAuth2 Organization Map",
            "type":"object",
            "x-nullable":true
        },
        "SOCIAL_AUTH_GITHUB_ORG_CALLBACK_URL":{
            "default":"https://olamhost/sso/complete/github-org/",
            "description":"Provide this URL as the callback URL for your application as part of your registration process. Refer to the documentation for more detail.",
            "minLength":"1",
            "readOnly":true,
            "title":"GitHub Organization OAuth2 Callback URL",
            "type":"string"
        },
        "SOCIAL_AUTH_GITHUB_ORG_KEY":{
            "description":"The OAuth2 key (Client ID) from your GitHub organization application.",
            "title":"GitHub Organization OAuth2 Key",
            "type":"string"
        },
        "SOCIAL_AUTH_GITHUB_ORG_NAME":{
            "description":"The name of your GitHub organization, as used in your organization's URL: https://github.com/<yourorg>/.",
            "title":"GitHub Organization Name",
            "type":"string"
        },
        "SOCIAL_AUTH_GITHUB_ORG_ORGANIZATION_MAP":{
            "additionalProperties":{
                "additionalProperties":{
                    "type":"string"
                },
                "type":"object"
            },
            "description":"Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the\ndocumentation.",
            "title":"GitHub Organization OAuth2 Organization Map",
            "type":"object",
            "x-nullable":true
        },
        "SOCIAL_AUTH_GITHUB_ORG_SECRET":{
            "description":"The OAuth2 secret (Client Secret) from your GitHub organization application.",
            "title":"GitHub Organization OAuth2 Secret",
            "type":"string"
        },
        "SOCIAL_AUTH_GITHUB_ORG_TEAM_MAP":{
            "additionalProperties":{
                "additionalProperties":{
                    "type":"string"
                },
                "type":"object"
            },
            "description":"Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.",
            "title":"GitHub Organization OAuth2 Team Map",
            "type":"object",
            "x-nullable":true
        },
        "SOCIAL_AUTH_GITHUB_SECRET":{
            "description":"The OAuth2 secret (Client Secret) from your GitHub developer application.",
            "title":"GitHub OAuth2 Secret",
            "type":"string"
        },
        "SOCIAL_AUTH_GITHUB_TEAM_CALLBACK_URL":{
            "default":"https://olamhost/sso/complete/github-team/",
            "description":"Create an organization-owned application at https://github.com/organizations/<yourorg>/settings/applications and obtain an OAuth2 key (Client ID) and secret (Client Secret). Provide this URL as the callback URL for your application.",
            "minLength":"1",
            "readOnly":true,
            "title":"GitHub Team OAuth2 Callback URL",
            "type":"string"
        },
        "SOCIAL_AUTH_GITHUB_TEAM_ID":{
            "description":"Find the numeric team ID using the Github API: http://fabian-kostadinov.github.io/2015/01/16/how-to-find-a-github-team-id/.",
            "title":"GitHub Team ID",
            "type":"string"
        },
        "SOCIAL_AUTH_GITHUB_TEAM_KEY":{
            "description":"The OAuth2 key (Client ID) from your GitHub organization application.",
            "title":"GitHub Team OAuth2 Key",
            "type":"string"
        },
        "SOCIAL_AUTH_GITHUB_TEAM_MAP":{
            "additionalProperties":{
                "additionalProperties":{
                    "type":"string"
                },
                "type":"object"
            },
            "description":"Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.",
            "title":"GitHub OAuth2 Team Map",
            "type":"object",
            "x-nullable":true
        },
        "SOCIAL_AUTH_GITHUB_TEAM_ORGANIZATION_MAP":{
            "additionalProperties":{
                "additionalProperties":{
                    "type":"string"
                },
                "type":"object"
            },
            "description":"Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the\ndocumentation.",
            "title":"GitHub Team OAuth2 Organization Map",
            "type":"object",
            "x-nullable":true
        },
        "SOCIAL_AUTH_GITHUB_TEAM_SECRET":{
            "description":"The OAuth2 secret (Client Secret) from your GitHub organization application.",
            "title":"GitHub Team OAuth2 Secret",
            "type":"string"
        },
        "SOCIAL_AUTH_GITHUB_TEAM_TEAM_MAP":{
            "additionalProperties":{
                "additionalProperties":{
                    "type":"string"
                },
                "type":"object"
            },
            "description":"Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.",
            "title":"GitHub Team OAuth2 Team Map",
            "type":"object",
            "x-nullable":true
        },
        "SOCIAL_AUTH_GOOGLE_OAUTH2_AUTH_EXTRA_ARGUMENTS":{
            "additionalProperties":{
                "type":"string",
                "x-nullable":true
            },
            "description":"Extra arguments for Google OAuth2 login. You can restrict it to only allow a single domain to authenticate, even if the user is logged in with multple Google accounts. Refer to the documentation for more detail.",
            "title":"Google OAuth2 Extra Arguments",
            "type":"object"
        },
        "SOCIAL_AUTH_GOOGLE_OAUTH2_CALLBACK_URL":{
            "default":"https://olamhost/sso/complete/google-oauth2/",
            "description":"Provide this URL as the callback URL for your application as part of your registration process. Refer to the documentation for more detail.",
            "minLength":"1",
            "readOnly":true,
            "title":"Google OAuth2 Callback URL",
            "type":"string"
        },
        "SOCIAL_AUTH_GOOGLE_OAUTH2_KEY":{
            "description":"The OAuth2 key from your web application.",
            "title":"Google OAuth2 Key",
            "type":"string"
        },
        "SOCIAL_AUTH_GOOGLE_OAUTH2_ORGANIZATION_MAP":{
            "additionalProperties":{
                "additionalProperties":{
                    "type":"string"
                },
                "type":"object"
            },
            "description":"Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the\ndocumentation.",
            "title":"Google OAuth2 Organization Map",
            "type":"object",
            "x-nullable":true
        },
        "SOCIAL_AUTH_GOOGLE_OAUTH2_SECRET":{
            "description":"The OAuth2 secret from your web application.",
            "title":"Google OAuth2 Secret",
            "type":"string"
        },
        "SOCIAL_AUTH_GOOGLE_OAUTH2_TEAM_MAP":{
            "additionalProperties":{
                "additionalProperties":{
                    "type":"string"
                },
                "type":"object"
            },
            "description":"Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.",
            "title":"Google OAuth2 Team Map",
            "type":"object",
            "x-nullable":true
        },
        "SOCIAL_AUTH_GOOGLE_OAUTH2_WHITELISTED_DOMAINS":{
            "description":"Update this setting to restrict the domains who are allowed to login using Google OAuth2.",
            "items":{
                "minLength":"1",
                "type":"string"
            },
            "type":"array"
        },
        "SOCIAL_AUTH_OIDC_KEY":{
            "description":"The OIDC key (Client ID) from your IDP.",
            "minLength":"1",
            "title":"OIDC Key",
            "type":"string"
        },
        "SOCIAL_AUTH_OIDC_OIDC_ENDPOINT":{
            "description":"The URL for your OIDC provider including the path up to /.well-known/openid-configuration",
            "title":"OIDC Provider URL",
            "type":"string"
        },
        "SOCIAL_AUTH_OIDC_SECRET":{
            "description":"The OIDC secret (Client Secret) from your IDP.",
            "title":"OIDC Secret",
            "type":"string"
        },
        "SOCIAL_AUTH_OIDC_VERIFY_SSL":{
            "default":true,
            "description":"Verify the OIDC provider ssl certificate.",
            "title":"Verify OIDC Provider Certificate",
            "type":"boolean"
        },
        "SOCIAL_AUTH_ORGANIZATION_MAP":{
            "additionalProperties":{
                "additionalProperties":{
                    "type":"string"
                },
                "type":"object"
            },
            "description":"Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the\ndocumentation.",
            "title":"Social Auth Organization Map",
            "type":"object",
            "x-nullable":true
        },
        "SOCIAL_AUTH_SAML_CALLBACK_URL":{
            "default":"https://olamhost/sso/complete/saml/",
            "description":"Register the service as a service provider (SP) with each identity provider (IdP) you have configured. Provide your SP Entity ID and this ACS URL for your application.",
            "minLength":"1",
            "readOnly":true,
            "title":"SAML Assertion Consumer Service (ACS) URL",
            "type":"string"
        },
        "SOCIAL_AUTH_SAML_ENABLED_IDPS":{
            "additionalProperties":{
                "additionalProperties":{
                    "type":"string",
                    "x-nullable":true
                },
                "type":"object"
            },
            "description":"Configure the Entity ID, SSO URL and certificate for each identity provider (IdP) in use. Multiple SAML IdPs are supported. Some IdPs may provide user data using attribute names that differ from the default OIDs. Attribute names may be overridden for each IdP. Refer to the Ansible documentation for additional details and syntax.",
            "title":"SAML Enabled Identity Providers",
            "type":"object"
        },
        "SOCIAL_AUTH_SAML_EXTRA_DATA":{
            "description":"A list of tuples that maps IDP attributes to extra_attributes. Each attribute will be a list of values, even if only 1 value.",
            "items":{
                "type":"string",
                "x-nullable":true
            },
            "type":"array",
            "x-nullable":true
        },
        "SOCIAL_AUTH_SAML_METADATA_URL":{
            "default":"https://olamhost/sso/metadata/saml/",
            "description":"If your identity provider (IdP) allows uploading an XML metadata file, you can download one from this URL.",
            "minLength":"1",
            "readOnly":true,
            "title":"SAML Service Provider Metadata URL",
            "type":"string"
        },
        "SOCIAL_AUTH_SAML_ORGANIZATION_ATTR":{
            "additionalProperties":{
                "type":"string"
            },
            "description":"Used to translate user organization membership.",
            "title":"SAML Organization Attribute Mapping",
            "type":"object",
            "x-nullable":true
        },
        "SOCIAL_AUTH_SAML_ORGANIZATION_MAP":{
            "additionalProperties":{
                "additionalProperties":{
                    "type":"string"
                },
                "type":"object"
            },
            "description":"Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the\ndocumentation.",
            "title":"SAML Organization Map",
            "type":"object",
            "x-nullable":true
        },
        "SOCIAL_AUTH_SAML_ORG_INFO":{
            "additionalProperties":{
                "additionalProperties":{
                    "type":"string",
                    "x-nullable":true
                },
                "type":"object"
            },
            "description":"Provide the URL, display name, and the name of your app. Refer to the documentation for example syntax.",
            "title":"SAML Service Provider Organization Info",
            "type":"object"
        },
        "SOCIAL_AUTH_SAML_SECURITY_CONFIG":{
            "additionalProperties":{
                "type":"string",
                "x-nullable":true
            },
            "default":{
                "requestedAuthnContext":false
            },
            "description":"A dict of key value pairs that are passed to the underlying python-saml security setting https://github.com/onelogin/python-saml#settings",
            "title":"SAML Security Config",
            "type":"object",
            "x-nullable":true
        },
        "SOCIAL_AUTH_SAML_SP_ENTITY_ID":{
            "description":"The application-defined unique identifier used as the audience of the SAML service provider (SP) configuration. This is usually the URL for the service.",
            "title":"SAML Service Provider Entity ID",
            "type":"string"
        },
        "SOCIAL_AUTH_SAML_SP_EXTRA":{
            "additionalProperties":{
                "type":"string",
                "x-nullable":true
            },
            "description":"A dict of key value pairs to be passed to the underlying python-saml Service Provider configuration setting.",
            "title":"SAML Service Provider extra configuration data",
            "type":"object",
            "x-nullable":true
        },
        "SOCIAL_AUTH_SAML_SP_PRIVATE_KEY":{
            "description":"Create a keypair to use as a service provider (SP) and include the private key content here.",
            "title":"SAML Service Provider Private Key",
            "type":"string"
        },
        "SOCIAL_AUTH_SAML_SP_PUBLIC_CERT":{
            "description":"Create a keypair to use as a service provider (SP) and include the certificate content here.",
            "title":"SAML Service Provider Public Certificate",
            "type":"string"
        },
        "SOCIAL_AUTH_SAML_SUPPORT_CONTACT":{
            "additionalProperties":{
                "type":"string",
                "x-nullable":true
            },
            "description":"Provide the name and email address of the support contact for your service provider. Refer to the documentation for example syntax.",
            "title":"SAML Service Provider Support Contact",
            "type":"object"
        },
        "SOCIAL_AUTH_SAML_TEAM_ATTR":{
            "additionalProperties":{
                "type":"string"
            },
            "description":"Used to translate user team membership.",
            "title":"SAML Team Attribute Mapping",
            "type":"object",
            "x-nullable":true
        },
        "SOCIAL_AUTH_SAML_TEAM_MAP":{
            "additionalProperties":{
                "additionalProperties":{
                    "type":"string"
                },
                "type":"object"
            },
            "description":"Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.",
            "title":"SAML Team Map",
            "type":"object",
            "x-nullable":true
        },
        "SOCIAL_AUTH_SAML_TECHNICAL_CONTACT":{
            "additionalProperties":{
                "type":"string",
                "x-nullable":true
            },
            "description":"Provide the name and email address of the technical contact for your service provider. Refer to the documentation for example syntax.",
            "title":"SAML Service Provider Technical Contact",
            "type":"object"
        },
        "SOCIAL_AUTH_SAML_USER_FLAGS_BY_ATTR":{
            "additionalProperties":{
                "type":"string"
            },
            "description":"Used to map super users and system auditors from SAML.",
            "title":"SAML User Flags Attribute Mapping",
            "type":"object",
            "x-nullable":true
        },
        "SOCIAL_AUTH_TEAM_MAP":{
            "additionalProperties":{
                "additionalProperties":{
                    "type":"string"
                },
                "type":"object"
            },
            "description":"Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.",
            "title":"Social Auth Team Map",
            "type":"object",
            "x-nullable":true
        },
        "SOCIAL_AUTH_USERNAME_IS_FULL_EMAIL":{
            "description":"Enabling this setting will tell social auth to use the full Email as username instead of the full name",
            "title":"Use Email address for usernames",
            "type":"boolean"
        },
        "SOCIAL_AUTH_USER_FIELDS":{
            "description":"When set to an empty list `[]`, this setting prevents new user accounts from being created. Only users who have previously logged in using social auth or have a user account with a matching email address will be able to login.",
            "items":{
                "minLength":"1",
                "type":"string"
            },
            "type":"array",
            "x-nullable":true
        },
        "STDOUT_MAX_BYTES_DISPLAY":{
            "default":"1048576",
            "description":"Maximum Size of Standard Output in bytes to display before requiring the output be downloaded.",
            "minimum":"0",
            "title":"Standard Output Maximum Display Size",
            "type":"integer"
        },
        "SUBSCRIPTIONS_PASSWORD":{
            "description":"This password is used to retrieve subscription and content information",
            "title":"Red Hat or Satellite password",
            "type":"string"
        },
        "SUBSCRIPTIONS_USERNAME":{
            "description":"This username is used to retrieve subscription and content information",
            "title":"Red Hat or Satellite username",
            "type":"string"
        },
        "SUBSCRIPTION_USAGE_MODEL":{
            "enum":[
                "",
                "unique_managed_hosts"
            ],
            "title":"Defines subscription usage model and shows Host Metrics",
            "type":"string"
        },
        "TACACSPLUS_AUTH_PROTOCOL":{
            "default":"ascii",
            "description":"Choose the authentication protocol used by TACACS+ client.",
            "enum":[
                "ascii",
                "pap"
            ],
            "title":"TACACS+ Authentication Protocol",
            "type":"string"
        },
        "TACACSPLUS_HOST":{
            "description":"Hostname of TACACS+ server.",
            "title":"TACACS+ Server",
            "type":"string"
        },
        "TACACSPLUS_PORT":{
            "default":"49",
            "description":"Port number of TACACS+ server.",
            "maximum":"65535",
            "minimum":"1",
            "title":"TACACS+ Port",
            "type":"integer"
        },
        "TACACSPLUS_REM_ADDR":{
            "description":"Enable the client address sending by TACACS+ client.",
            "title":"TACACS+ client address sending enabled",
            "type":"boolean"
        },
        "TACACSPLUS_SECRET":{
            "description":"Shared secret for authenticating to TACACS+ server.",
            "title":"TACACS+ Secret",
            "type":"string"
        },
        "TACACSPLUS_SESSION_TIMEOUT":{
            "default":"5",
            "description":"TACACS+ session timeout value in seconds, 0 disables timeout.",
            "minimum":"0",
            "title":"TACACS+ Auth Session Timeout",
            "type":"integer"
        },
        "TOWER_URL_BASE":{
            "default":"https://olamhost",
            "description":"This setting is used by services like notifications to render a valid url to the service.",
            "minLength":"1",
            "title":"Base URL of the service",
            "type":"string"
        },
        "UI_LIVE_UPDATES_ENABLED":{
            "default":true,
            "description":"If disabled, the page will not refresh when events are received. Reloading the page will be required to get the latest details.",
            "title":"Enable Live Updates in the UI",
            "type":"boolean"
        },
        "UI_NEXT":{
            "description":"Enable preview of new user interface.",
            "title":"Enable Preview of New User Interface",
            "type":"boolean"
        }
    },
    "required":[
        "ACTIVITY_STREAM_ENABLED",
        "ACTIVITY_STREAM_ENABLED_FOR_INVENTORY_SYNC",
        "ORG_ADMINS_CAN_SEE_ALL_USERS",
        "MANAGE_ORGANIZATION_AUTH",
        "TOWER_URL_BASE",
        "REMOTE_HOST_HEADERS",
        "PROXY_IP_ALLOWED_LIST",
        "ALLOW_JINJA_IN_EXTRA_VARS",
        "AWX_ISOLATION_BASE_PATH",
        "AWX_RUNNER_KEEPALIVE_SECONDS",
        "GALAXY_TASK_ENV",
        "PROJECT_UPDATE_VVV",
        "STDOUT_MAX_BYTES_DISPLAY",
        "EVENT_STDOUT_MAX_BYTES_DISPLAY",
        "SCHEDULE_MAX_JOBS",
        "AUTOMATION_ANALYTICS_LAST_GATHER",
        "CLEANUP_HOST_METRICS_LAST_TS",
        "HOST_METRIC_SUMMARY_TASK_LAST_TS",
        "SESSION_COOKIE_AGE",
        "SESSIONS_PER_USER",
        "DISABLE_LOCAL_AUTH",
        "AUTH_BASIC_ENABLED",
        "MAX_UI_JOB_EVENTS",
        "UI_LIVE_UPDATES_ENABLED",
        "SOCIAL_AUTH_SAML_SP_PUBLIC_CERT",
        "SOCIAL_AUTH_SAML_SP_PRIVATE_KEY",
        "SOCIAL_AUTH_SAML_ORG_INFO",
        "SOCIAL_AUTH_SAML_TECHNICAL_CONTACT",
        "SOCIAL_AUTH_SAML_SUPPORT_CONTACT"
    ],
    "type":"object"
}

• Array of: string
  Minimum Length: 1

{
    "default":[
        "command",
        "shell",
        "yum",
        "apt",
        "apt_key",
        "apt_repository",
        "apt_rpm",
        "service",
        "group",
        "user",
        "mount",
        "ping",
        "selinux",
        "setup",
        "win_ping",
        "win_service",
        "win_updates",
        "win_group",
        "win_user"
    ],
    "description":"List of modules allowed to be used by ad-hoc jobs.",
    "items":{
        "minLength":"1",
        "type":"string"
    },
    "type":"array"
}

• string

{
    "additionalProperties":{
        "type":"string",
        "x-nullable":true
    },
    "default":{
        "OPT_NETWORK_TIMEOUT":"30",
        "OPT_REFERRALS":"0"
    },
    "description":"Additional options to set for the LDAP connection.  LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. \"OPT_REFERRALS\"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.",
    "title":"LDAP Connection Options",
    "type":"object"
}

• Array of: string

{
    "description":"Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.",
    "items":{
        "type":"string",
        "x-nullable":true
    },
    "type":"array"
}

• string

{
    "additionalProperties":{
        "type":"string",
        "x-nullable":true
    },
    "default":{
        "member_attr":"member",
        "name_attr":"cn"
    },
    "description":"Key value parameters to send the chosen group type init method.",
    "title":"LDAP Group Type Parameters",
    "type":"object"
}

• object additionalProperties
  Additional Properties Allowed: additionalProperties

{
    "additionalProperties":{
        "additionalProperties":{
            "type":"string"
        },
        "type":"object"
    },
    "description":"Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.",
    "title":"LDAP Organization Map",
    "type":"object"
}

• object additionalProperties
  Additional Properties Allowed: additionalProperties

{
    "additionalProperties":{
        "additionalProperties":{
            "type":"string"
        },
        "type":"object"
    },
    "description":"Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.",
    "title":"LDAP Team Map",
    "type":"object"
}

• string
  Minimum Length: 1

{
    "additionalProperties":{
        "minLength":"1",
        "type":"string"
    },
    "description":"Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.",
    "title":"LDAP User Attribute Map",
    "type":"object"
}

• array additionalProperties

{
    "additionalProperties":{
        "items":{
            "minLength":"1",
            "type":"string"
        },
        "type":"array"
    },
    "description":"Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.",
    "title":"LDAP User Flags By Group",
    "type":"object"
}

• Array of: string

{
    "description":"LDAP search query to find users.  Any user that matches the given pattern will be able to login to the service.  The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting).  If multiple search queries need to be supported use of \"LDAPUnion\" is possible. See the documentation for details.",
    "items":{
        "type":"string",
        "x-nullable":true
    },
    "type":"array"
}

• string

{
    "additionalProperties":{
        "type":"string",
        "x-nullable":true
    },
    "default":{
        "OPT_NETWORK_TIMEOUT":"30",
        "OPT_REFERRALS":"0"
    },
    "description":"Additional options to set for the LDAP connection.  LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. \"OPT_REFERRALS\"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.",
    "title":"LDAP Connection Options",
    "type":"object"
}

• Array of: string

{
    "description":"Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.",
    "items":{
        "type":"string",
        "x-nullable":true
    },
    "type":"array"
}

• string

{
    "additionalProperties":{
        "type":"string",
        "x-nullable":true
    },
    "default":{
        "member_attr":"member",
        "name_attr":"cn"
    },
    "description":"Key value parameters to send the chosen group type init method.",
    "title":"LDAP Group Type Parameters",
    "type":"object"
}

• object additionalProperties
  Additional Properties Allowed: additionalProperties

{
    "additionalProperties":{
        "additionalProperties":{
            "type":"string"
        },
        "type":"object"
    },
    "description":"Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.",
    "title":"LDAP Organization Map",
    "type":"object"
}

• object additionalProperties
  Additional Properties Allowed: additionalProperties

{
    "additionalProperties":{
        "additionalProperties":{
            "type":"string"
        },
        "type":"object"
    },
    "description":"Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.",
    "title":"LDAP Team Map",
    "type":"object"
}

• string
  Minimum Length: 1

{
    "additionalProperties":{
        "minLength":"1",
        "type":"string"
    },
    "description":"Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.",
    "title":"LDAP User Attribute Map",
    "type":"object"
}

• array additionalProperties

{
    "additionalProperties":{
        "items":{
            "minLength":"1",
            "type":"string"
        },
        "type":"array"
    },
    "description":"Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.",
    "title":"LDAP User Flags By Group",
    "type":"object"
}

• Array of: string

{
    "description":"LDAP search query to find users.  Any user that matches the given pattern will be able to login to the service.  The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting).  If multiple search queries need to be supported use of \"LDAPUnion\" is possible. See the documentation for details.",
    "items":{
        "type":"string",
        "x-nullable":true
    },
    "type":"array"
}

• string

{
    "additionalProperties":{
        "type":"string",
        "x-nullable":true
    },
    "default":{
        "OPT_NETWORK_TIMEOUT":"30",
        "OPT_REFERRALS":"0"
    },
    "description":"Additional options to set for the LDAP connection.  LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. \"OPT_REFERRALS\"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.",
    "title":"LDAP Connection Options",
    "type":"object"
}

• Array of: string

{
    "description":"Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.",
    "items":{
        "type":"string",
        "x-nullable":true
    },
    "type":"array"
}

• string

{
    "additionalProperties":{
        "type":"string",
        "x-nullable":true
    },
    "default":{
        "member_attr":"member",
        "name_attr":"cn"
    },
    "description":"Key value parameters to send the chosen group type init method.",
    "title":"LDAP Group Type Parameters",
    "type":"object"
}

• object additionalProperties
  Additional Properties Allowed: additionalProperties

{
    "additionalProperties":{
        "additionalProperties":{
            "type":"string"
        },
        "type":"object"
    },
    "description":"Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.",
    "title":"LDAP Organization Map",
    "type":"object"
}

• object additionalProperties
  Additional Properties Allowed: additionalProperties

{
    "additionalProperties":{
        "additionalProperties":{
            "type":"string"
        },
        "type":"object"
    },
    "description":"Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.",
    "title":"LDAP Team Map",
    "type":"object"
}

• string
  Minimum Length: 1

{
    "additionalProperties":{
        "minLength":"1",
        "type":"string"
    },
    "description":"Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.",
    "title":"LDAP User Attribute Map",
    "type":"object"
}

• array additionalProperties

{
    "additionalProperties":{
        "items":{
            "minLength":"1",
            "type":"string"
        },
        "type":"array"
    },
    "description":"Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.",
    "title":"LDAP User Flags By Group",
    "type":"object"
}

• Array of: string

{
    "description":"LDAP search query to find users.  Any user that matches the given pattern will be able to login to the service.  The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting).  If multiple search queries need to be supported use of \"LDAPUnion\" is possible. See the documentation for details.",
    "items":{
        "type":"string",
        "x-nullable":true
    },
    "type":"array"
}

• string

{
    "additionalProperties":{
        "type":"string",
        "x-nullable":true
    },
    "default":{
        "OPT_NETWORK_TIMEOUT":"30",
        "OPT_REFERRALS":"0"
    },
    "description":"Additional options to set for the LDAP connection.  LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. \"OPT_REFERRALS\"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.",
    "title":"LDAP Connection Options",
    "type":"object"
}

• Array of: string

{
    "description":"Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.",
    "items":{
        "type":"string",
        "x-nullable":true
    },
    "type":"array"
}

• string

{
    "additionalProperties":{
        "type":"string",
        "x-nullable":true
    },
    "default":{
        "member_attr":"member",
        "name_attr":"cn"
    },
    "description":"Key value parameters to send the chosen group type init method.",
    "title":"LDAP Group Type Parameters",
    "type":"object"
}

• object additionalProperties
  Additional Properties Allowed: additionalProperties

{
    "additionalProperties":{
        "additionalProperties":{
            "type":"string"
        },
        "type":"object"
    },
    "description":"Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.",
    "title":"LDAP Organization Map",
    "type":"object"
}

• object additionalProperties
  Additional Properties Allowed: additionalProperties

{
    "additionalProperties":{
        "additionalProperties":{
            "type":"string"
        },
        "type":"object"
    },
    "description":"Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.",
    "title":"LDAP Team Map",
    "type":"object"
}

• string
  Minimum Length: 1

{
    "additionalProperties":{
        "minLength":"1",
        "type":"string"
    },
    "description":"Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.",
    "title":"LDAP User Attribute Map",
    "type":"object"
}

• array additionalProperties

{
    "additionalProperties":{
        "items":{
            "minLength":"1",
            "type":"string"
        },
        "type":"array"
    },
    "description":"Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.",
    "title":"LDAP User Flags By Group",
    "type":"object"
}

• Array of: string

{
    "description":"LDAP search query to find users.  Any user that matches the given pattern will be able to login to the service.  The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting).  If multiple search queries need to be supported use of \"LDAPUnion\" is possible. See the documentation for details.",
    "items":{
        "type":"string",
        "x-nullable":true
    },
    "type":"array"
}

• string

{
    "additionalProperties":{
        "type":"string",
        "x-nullable":true
    },
    "default":{
        "OPT_NETWORK_TIMEOUT":"30",
        "OPT_REFERRALS":"0"
    },
    "description":"Additional options to set for the LDAP connection.  LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. \"OPT_REFERRALS\"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.",
    "title":"LDAP Connection Options",
    "type":"object"
}

• Array of: string

{
    "description":"Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.",
    "items":{
        "type":"string",
        "x-nullable":true
    },
    "type":"array"
}

• string

{
    "additionalProperties":{
        "type":"string",
        "x-nullable":true
    },
    "default":{
        "member_attr":"member",
        "name_attr":"cn"
    },
    "description":"Key value parameters to send the chosen group type init method.",
    "title":"LDAP Group Type Parameters",
    "type":"object"
}

• object additionalProperties
  Additional Properties Allowed: additionalProperties

{
    "additionalProperties":{
        "additionalProperties":{
            "type":"string"
        },
        "type":"object"
    },
    "description":"Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.",
    "title":"LDAP Organization Map",
    "type":"object"
}

• object additionalProperties
  Additional Properties Allowed: additionalProperties

{
    "additionalProperties":{
        "additionalProperties":{
            "type":"string"
        },
        "type":"object"
    },
    "description":"Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.",
    "title":"LDAP Team Map",
    "type":"object"
}

• string
  Minimum Length: 1

{
    "additionalProperties":{
        "minLength":"1",
        "type":"string"
    },
    "description":"Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.",
    "title":"LDAP User Attribute Map",
    "type":"object"
}

• array additionalProperties

{
    "additionalProperties":{
        "items":{
            "minLength":"1",
            "type":"string"
        },
        "type":"array"
    },
    "description":"Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.",
    "title":"LDAP User Flags By Group",
    "type":"object"
}

• Array of: string

{
    "description":"LDAP search query to find users.  Any user that matches the given pattern will be able to login to the service.  The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting).  If multiple search queries need to be supported use of \"LDAPUnion\" is possible. See the documentation for details.",
    "items":{
        "type":"string",
        "x-nullable":true
    },
    "type":"array"
}

• string

{
    "additionalProperties":{
        "type":"string",
        "x-nullable":true
    },
    "default":{
        "OPT_NETWORK_TIMEOUT":"30",
        "OPT_REFERRALS":"0"
    },
    "description":"Additional options to set for the LDAP connection.  LDAP referrals are disabled by default (to prevent certain LDAP queries from hanging with AD). Option names should be strings (e.g. \"OPT_REFERRALS\"). Refer to https://www.python-ldap.org/doc/html/ldap.html#options for possible options and values that can be set.",
    "title":"LDAP Connection Options",
    "type":"object"
}

• Array of: string

{
    "description":"Users are mapped to organizations based on their membership in LDAP groups. This setting defines the LDAP search query to find groups. Unlike the user search, group search does not support LDAPSearchUnion.",
    "items":{
        "type":"string",
        "x-nullable":true
    },
    "type":"array"
}

• string

{
    "additionalProperties":{
        "type":"string",
        "x-nullable":true
    },
    "default":{
        "member_attr":"member",
        "name_attr":"cn"
    },
    "description":"Key value parameters to send the chosen group type init method.",
    "title":"LDAP Group Type Parameters",
    "type":"object"
}

• object additionalProperties
  Additional Properties Allowed: additionalProperties

{
    "additionalProperties":{
        "additionalProperties":{
            "type":"string"
        },
        "type":"object"
    },
    "description":"Mapping between organization admins/users and LDAP groups. This controls which users are placed into which organizations relative to their LDAP group memberships. Configuration details are available in the documentation.",
    "title":"LDAP Organization Map",
    "type":"object"
}

• object additionalProperties
  Additional Properties Allowed: additionalProperties

{
    "additionalProperties":{
        "additionalProperties":{
            "type":"string"
        },
        "type":"object"
    },
    "description":"Mapping between team members (users) and LDAP groups. Configuration details are available in the documentation.",
    "title":"LDAP Team Map",
    "type":"object"
}

• string
  Minimum Length: 1

{
    "additionalProperties":{
        "minLength":"1",
        "type":"string"
    },
    "description":"Mapping of LDAP user schema to API user attributes. The default setting is valid for ActiveDirectory but users with other LDAP configurations may need to change the values. Refer to the documentation for additional details.",
    "title":"LDAP User Attribute Map",
    "type":"object"
}

• array additionalProperties

{
    "additionalProperties":{
        "items":{
            "minLength":"1",
            "type":"string"
        },
        "type":"array"
    },
    "description":"Retrieve users from a given group. At this time, superuser and system auditors are the only groups supported. Refer to the documentation for more detail.",
    "title":"LDAP User Flags By Group",
    "type":"object"
}

• Array of: string

{
    "description":"LDAP search query to find users.  Any user that matches the given pattern will be able to login to the service.  The user should also be mapped into an organization (as defined in the AUTH_LDAP_ORGANIZATION_MAP setting).  If multiple search queries need to be supported use of \"LDAPUnion\" is possible. See the documentation for details.",
    "items":{
        "type":"string",
        "x-nullable":true
    },
    "type":"array"
}

• Array of: string
  Minimum Length: 1

{
    "default":[
        "awx.sso.backends.TACACSPlusBackend",
        "awx.main.backends.AWXModelBackend"
    ],
    "description":"List of authentication backends that are enabled based on license features and other authentication settings.",
    "items":{
        "minLength":"1",
        "type":"string"
    },
    "readOnly":true,
    "type":"array"
}

• Array of: string
  Minimum Length: 1

{
    "description":"List of paths to search for extra callback plugins to be used when running jobs. Enter one path per line.",
    "items":{
        "minLength":"1",
        "type":"string"
    },
    "type":"array"
}

• Array of: string
  Minimum Length: 1

{
    "description":"List of paths that would otherwise be hidden to expose to isolated jobs. Enter one path per line. Volumes will be mounted from the execution node to the container. The supported format is HOST-DIR[:CONTAINER-DIR[:OPTIONS]]. ",
    "items":{
        "minLength":"1",
        "type":"string"
    },
    "type":"array"
}

• string
  Minimum Length: 1

{
    "additionalProperties":{
        "minLength":"1",
        "type":"string"
    },
    "description":"Additional environment variables set for playbook runs, inventory updates, project updates, and notification sending.",
    "title":"Extra Environment Variables",
    "type":"object"
}

• Array of: string
  Minimum Length: 1

{
    "description":"If the service is behind a reverse proxy/load balancer, use this setting to configure the schema://addresses from which the service should trust Origin header values. ",
    "items":{
        "minLength":"1",
        "type":"string"
    },
    "type":"array"
}

• Array of: string
  Minimum Length: 1

{
    "description":"Paths where Tower will look for custom virtual environments (in addition to /var/lib/awx/venv/). Enter one path per line.",
    "items":{
        "minLength":"1",
        "type":"string"
    },
    "type":"array"
}

• Array of: string
  Minimum Length: 1

{
    "default":[
        "--network",
        "slirp4netns:enable_ipv6=true"
    ],
    "description":"List of options to pass to podman run example: ['--network', 'slirp4netns:enable_ipv6=true', '--log-level', 'debug']",
    "items":{
        "minLength":"1",
        "type":"string"
    },
    "type":"array"
}

• string
  Minimum Length: 1

{
    "additionalProperties":{
        "minLength":"1",
        "type":"string"
    },
    "default":{
        "ANSIBLE_FORCE_COLOR":"false",
        "GIT_SSH_COMMAND":"ssh -o StrictHostKeyChecking=no"
    },
    "description":"Additional environment variables set for invocations of ansible-galaxy within project updates. Useful if you must use a proxy server for ansible-galaxy but not git.",
    "title":"Environment Variables for Galaxy Commands",
    "type":"object"
}

• string

{
    "additionalProperties":{
        "type":"string",
        "x-nullable":true
    },
    "description":"The license controls which features and functionality are enabled. Use /api/v2/config/ to update or change the license.",
    "readOnly":true,
    "title":"License",
    "type":"object"
}

• Array of: string
  Minimum Length: 1

{
    "default":[
        "awx",
        "activity_stream",
        "job_events",
        "system_tracking",
        "broadcast_websocket"
    ],
    "description":"List of loggers that will send HTTP logs to the collector, these can include any or all of: \nawx - service logs\nactivity_stream - activity stream records\njob_events - callback data from Ansible job events\nsystem_tracking - facts gathered from scan jobs\nbroadcast_websocket - errors pertaining to websockets broadcast metrics\n",
    "items":{
        "minLength":"1",
        "type":"string"
    },
    "type":"array"
}

• integer
  Minimum Value: 1

{
    "additionalProperties":{
        "minimum":"1",
        "type":"integer"
    },
    "default":{
        "ACCESS_TOKEN_EXPIRE_SECONDS":"31536000000",
        "AUTHORIZATION_CODE_EXPIRE_SECONDS":"600",
        "REFRESH_TOKEN_EXPIRE_SECONDS":"2628000"
    },
    "description":"Dictionary for customizing OAuth 2 timeouts, available items are `ACCESS_TOKEN_EXPIRE_SECONDS`, the duration of access tokens in the number of seconds, `AUTHORIZATION_CODE_EXPIRE_SECONDS`, the duration of authorization codes in the number of seconds, and `REFRESH_TOKEN_EXPIRE_SECONDS`, the duration of refresh tokens, after expired access tokens, in the number of seconds.",
    "title":"OAuth 2 Timeout Settings",
    "type":"object"
}

• Array of: string
  Minimum Length: 1

{
    "description":"If the service is behind a reverse proxy/load balancer, use this setting to configure the proxy IP addresses from which the service should trust custom REMOTE_HOST_HEADERS header values. If this setting is an empty list (the default), the headers specified by REMOTE_HOST_HEADERS will be trusted unconditionally')",
    "items":{
        "minLength":"1",
        "type":"string"
    },
    "type":"array"
}

• Array of: string
  Minimum Length: 1

{
    "default":[
        "REMOTE_ADDR",
        "REMOTE_HOST"
    ],
    "description":"HTTP headers and meta keys to search to determine remote host name or IP. Add additional items to this list, such as \"HTTP_X_FORWARDED_FOR\", if behind a reverse proxy. See the \"Proxy Support\" section of the AAP Installation guide for more details.",
    "items":{
        "minLength":"1",
        "type":"string"
    },
    "type":"array"
}

• object additionalProperties
  Additional Properties Allowed: additionalProperties

{
    "additionalProperties":{
        "additionalProperties":{
            "type":"string"
        },
        "type":"object"
    },
    "description":"Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the\ndocumentation.",
    "title":"Azure AD OAuth2 Organization Map",
    "type":"object",
    "x-nullable":true
}

• object additionalProperties
  Additional Properties Allowed: additionalProperties

{
    "additionalProperties":{
        "additionalProperties":{
            "type":"string"
        },
        "type":"object"
    },
    "description":"Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.",
    "title":"Azure AD OAuth2 Team Map",
    "type":"object",
    "x-nullable":true
}

• object additionalProperties
  Additional Properties Allowed: additionalProperties

{
    "additionalProperties":{
        "additionalProperties":{
            "type":"string"
        },
        "type":"object"
    },
    "description":"Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the\ndocumentation.",
    "title":"GitHub Enterprise Organization OAuth2 Organization Map",
    "type":"object",
    "x-nullable":true
}

• object additionalProperties
  Additional Properties Allowed: additionalProperties

{
    "additionalProperties":{
        "additionalProperties":{
            "type":"string"
        },
        "type":"object"
    },
    "description":"Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.",
    "title":"GitHub Enterprise Organization OAuth2 Team Map",
    "type":"object",
    "x-nullable":true
}

• object additionalProperties
  Additional Properties Allowed: additionalProperties

{
    "additionalProperties":{
        "additionalProperties":{
            "type":"string"
        },
        "type":"object"
    },
    "description":"Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the\ndocumentation.",
    "title":"GitHub Enterprise OAuth2 Organization Map",
    "type":"object",
    "x-nullable":true
}

• object additionalProperties
  Additional Properties Allowed: additionalProperties

{
    "additionalProperties":{
        "additionalProperties":{
            "type":"string"
        },
        "type":"object"
    },
    "description":"Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.",
    "title":"GitHub Enterprise OAuth2 Team Map",
    "type":"object",
    "x-nullable":true
}

• object additionalProperties
  Additional Properties Allowed: additionalProperties

{
    "additionalProperties":{
        "additionalProperties":{
            "type":"string"
        },
        "type":"object"
    },
    "description":"Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the\ndocumentation.",
    "title":"GitHub Enterprise Team OAuth2 Organization Map",
    "type":"object",
    "x-nullable":true
}

• object additionalProperties
  Additional Properties Allowed: additionalProperties

{
    "additionalProperties":{
        "additionalProperties":{
            "type":"string"
        },
        "type":"object"
    },
    "description":"Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.",
    "title":"GitHub Enterprise Team OAuth2 Team Map",
    "type":"object",
    "x-nullable":true
}

• object additionalProperties
  Additional Properties Allowed: additionalProperties

{
    "additionalProperties":{
        "additionalProperties":{
            "type":"string"
        },
        "type":"object"
    },
    "description":"Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the\ndocumentation.",
    "title":"GitHub Organization OAuth2 Organization Map",
    "type":"object",
    "x-nullable":true
}

• object additionalProperties
  Additional Properties Allowed: additionalProperties

{
    "additionalProperties":{
        "additionalProperties":{
            "type":"string"
        },
        "type":"object"
    },
    "description":"Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.",
    "title":"GitHub Organization OAuth2 Team Map",
    "type":"object",
    "x-nullable":true
}

• object additionalProperties
  Additional Properties Allowed: additionalProperties

{
    "additionalProperties":{
        "additionalProperties":{
            "type":"string"
        },
        "type":"object"
    },
    "description":"Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the\ndocumentation.",
    "title":"GitHub OAuth2 Organization Map",
    "type":"object",
    "x-nullable":true
}

• object additionalProperties
  Additional Properties Allowed: additionalProperties

{
    "additionalProperties":{
        "additionalProperties":{
            "type":"string"
        },
        "type":"object"
    },
    "description":"Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.",
    "title":"GitHub OAuth2 Team Map",
    "type":"object",
    "x-nullable":true
}

• object additionalProperties
  Additional Properties Allowed: additionalProperties

{
    "additionalProperties":{
        "additionalProperties":{
            "type":"string"
        },
        "type":"object"
    },
    "description":"Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the\ndocumentation.",
    "title":"GitHub Team OAuth2 Organization Map",
    "type":"object",
    "x-nullable":true
}

• object additionalProperties
  Additional Properties Allowed: additionalProperties

{
    "additionalProperties":{
        "additionalProperties":{
            "type":"string"
        },
        "type":"object"
    },
    "description":"Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.",
    "title":"GitHub Team OAuth2 Team Map",
    "type":"object",
    "x-nullable":true
}

• string

{
    "additionalProperties":{
        "type":"string",
        "x-nullable":true
    },
    "description":"Extra arguments for Google OAuth2 login. You can restrict it to only allow a single domain to authenticate, even if the user is logged in with multple Google accounts. Refer to the documentation for more detail.",
    "title":"Google OAuth2 Extra Arguments",
    "type":"object"
}

• object additionalProperties
  Additional Properties Allowed: additionalProperties

{
    "additionalProperties":{
        "additionalProperties":{
            "type":"string"
        },
        "type":"object"
    },
    "description":"Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the\ndocumentation.",
    "title":"Google OAuth2 Organization Map",
    "type":"object",
    "x-nullable":true
}

• object additionalProperties
  Additional Properties Allowed: additionalProperties

{
    "additionalProperties":{
        "additionalProperties":{
            "type":"string"
        },
        "type":"object"
    },
    "description":"Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.",
    "title":"Google OAuth2 Team Map",
    "type":"object",
    "x-nullable":true
}

• Array of: string
  Minimum Length: 1

{
    "description":"Update this setting to restrict the domains who are allowed to login using Google OAuth2.",
    "items":{
        "minLength":"1",
        "type":"string"
    },
    "type":"array"
}

• object additionalProperties
  Additional Properties Allowed: additionalProperties

{
    "additionalProperties":{
        "additionalProperties":{
            "type":"string"
        },
        "type":"object"
    },
    "description":"Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the\ndocumentation.",
    "title":"Social Auth Organization Map",
    "type":"object",
    "x-nullable":true
}

• object additionalProperties
  Additional Properties Allowed: additionalProperties

{
    "additionalProperties":{
        "additionalProperties":{
            "type":"string",
            "x-nullable":true
        },
        "type":"object"
    },
    "description":"Configure the Entity ID, SSO URL and certificate for each identity provider (IdP) in use. Multiple SAML IdPs are supported. Some IdPs may provide user data using attribute names that differ from the default OIDs. Attribute names may be overridden for each IdP. Refer to the Ansible documentation for additional details and syntax.",
    "title":"SAML Enabled Identity Providers",
    "type":"object"
}

• Array of: string

{
    "description":"A list of tuples that maps IDP attributes to extra_attributes. Each attribute will be a list of values, even if only 1 value.",
    "items":{
        "type":"string",
        "x-nullable":true
    },
    "type":"array",
    "x-nullable":true
}

• object additionalProperties
  Additional Properties Allowed: additionalProperties

{
    "additionalProperties":{
        "additionalProperties":{
            "type":"string",
            "x-nullable":true
        },
        "type":"object"
    },
    "description":"Provide the URL, display name, and the name of your app. Refer to the documentation for example syntax.",
    "title":"SAML Service Provider Organization Info",
    "type":"object"
}

• string

{
    "additionalProperties":{
        "type":"string"
    },
    "description":"Used to translate user organization membership.",
    "title":"SAML Organization Attribute Mapping",
    "type":"object",
    "x-nullable":true
}

• object additionalProperties
  Additional Properties Allowed: additionalProperties

{
    "additionalProperties":{
        "additionalProperties":{
            "type":"string"
        },
        "type":"object"
    },
    "description":"Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the\ndocumentation.",
    "title":"SAML Organization Map",
    "type":"object",
    "x-nullable":true
}

• string

{
    "additionalProperties":{
        "type":"string",
        "x-nullable":true
    },
    "default":{
        "requestedAuthnContext":false
    },
    "description":"A dict of key value pairs that are passed to the underlying python-saml security setting https://github.com/onelogin/python-saml#settings",
    "title":"SAML Security Config",
    "type":"object",
    "x-nullable":true
}

• string

{
    "additionalProperties":{
        "type":"string",
        "x-nullable":true
    },
    "description":"A dict of key value pairs to be passed to the underlying python-saml Service Provider configuration setting.",
    "title":"SAML Service Provider extra configuration data",
    "type":"object",
    "x-nullable":true
}

• string

{
    "additionalProperties":{
        "type":"string",
        "x-nullable":true
    },
    "description":"Provide the name and email address of the support contact for your service provider. Refer to the documentation for example syntax.",
    "title":"SAML Service Provider Support Contact",
    "type":"object"
}

• string

{
    "additionalProperties":{
        "type":"string"
    },
    "description":"Used to translate user team membership.",
    "title":"SAML Team Attribute Mapping",
    "type":"object",
    "x-nullable":true
}

• object additionalProperties
  Additional Properties Allowed: additionalProperties

{
    "additionalProperties":{
        "additionalProperties":{
            "type":"string"
        },
        "type":"object"
    },
    "description":"Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.",
    "title":"SAML Team Map",
    "type":"object",
    "x-nullable":true
}

• string

{
    "additionalProperties":{
        "type":"string",
        "x-nullable":true
    },
    "description":"Provide the name and email address of the technical contact for your service provider. Refer to the documentation for example syntax.",
    "title":"SAML Service Provider Technical Contact",
    "type":"object"
}

• string

{
    "additionalProperties":{
        "type":"string"
    },
    "description":"Used to map super users and system auditors from SAML.",
    "title":"SAML User Flags Attribute Mapping",
    "type":"object",
    "x-nullable":true
}

• object additionalProperties
  Additional Properties Allowed: additionalProperties

{
    "additionalProperties":{
        "additionalProperties":{
            "type":"string"
        },
        "type":"object"
    },
    "description":"Mapping of team members (users) from social auth accounts. Configuration\ndetails are available in the documentation.",
    "title":"Social Auth Team Map",
    "type":"object",
    "x-nullable":true
}

• Array of: string
  Minimum Length: 1

{
    "description":"When set to an empty list `[]`, this setting prevents new user accounts from being created. Only users who have previously logged in using social auth or have a user account with a matching email address will be able to login.",
    "items":{
        "minLength":"1",
        "type":"string"
    },
    "type":"array",
    "x-nullable":true
}

• string

{
    "additionalProperties":{
        "type":"string"
    },
    "type":"object"
}

• string

{
    "additionalProperties":{
        "type":"string"
    },
    "type":"object"
}

• Array of: string
  Minimum Length: 1

{
    "items":{
        "minLength":"1",
        "type":"string"
    },
    "type":"array"
}

• string

{
    "additionalProperties":{
        "type":"string"
    },
    "type":"object"
}

• string

{
    "additionalProperties":{
        "type":"string"
    },
    "type":"object"
}

• Array of: string
  Minimum Length: 1

{
    "items":{
        "minLength":"1",
        "type":"string"
    },
    "type":"array"
}

• string

{
    "additionalProperties":{
        "type":"string"
    },
    "type":"object"
}

• string

{
    "additionalProperties":{
        "type":"string"
    },
    "type":"object"
}

• Array of: string
  Minimum Length: 1

{
    "items":{
        "minLength":"1",
        "type":"string"
    },
    "type":"array"
}

• string

{
    "additionalProperties":{
        "type":"string"
    },
    "type":"object"
}

• string

{
    "additionalProperties":{
        "type":"string"
    },
    "type":"object"
}

• Array of: string
  Minimum Length: 1

{
    "items":{
        "minLength":"1",
        "type":"string"
    },
    "type":"array"
}

• string

{
    "additionalProperties":{
        "type":"string"
    },
    "type":"object"
}

• string

{
    "additionalProperties":{
        "type":"string"
    },
    "type":"object"
}

• Array of: string
  Minimum Length: 1

{
    "items":{
        "minLength":"1",
        "type":"string"
    },
    "type":"array"
}

• string

{
    "additionalProperties":{
        "type":"string"
    },
    "type":"object"
}

• string

{
    "additionalProperties":{
        "type":"string"
    },
    "type":"object"
}

• Array of: string
  Minimum Length: 1

{
    "items":{
        "minLength":"1",
        "type":"string"
    },
    "type":"array"
}

• string

{
    "additionalProperties":{
        "type":"string"
    },
    "type":"object"
}

• string

{
    "additionalProperties":{
        "type":"string"
    },
    "type":"object"
}

• string

{
    "additionalProperties":{
        "type":"string"
    },
    "type":"object"
}

• string

{
    "additionalProperties":{
        "type":"string"
    },
    "type":"object"
}

• string

{
    "additionalProperties":{
        "type":"string"
    },
    "type":"object"
}

• string

{
    "additionalProperties":{
        "type":"string"
    },
    "type":"object"
}

• string

{
    "additionalProperties":{
        "type":"string"
    },
    "type":"object"
}

• string

{
    "additionalProperties":{
        "type":"string"
    },
    "type":"object"
}

• string

{
    "additionalProperties":{
        "type":"string"
    },
    "type":"object"
}

• string

{
    "additionalProperties":{
        "type":"string"
    },
    "type":"object"
}

• string

{
    "additionalProperties":{
        "type":"string"
    },
    "type":"object"
}

• string

{
    "additionalProperties":{
        "type":"string"
    },
    "type":"object"
}

• string

{
    "additionalProperties":{
        "type":"string"
    },
    "type":"object"
}

• string

{
    "additionalProperties":{
        "type":"string"
    },
    "type":"object"
}

• string

{
    "additionalProperties":{
        "type":"string"
    },
    "type":"object"
}

• string

{
    "additionalProperties":{
        "type":"string"
    },
    "type":"object"
}

• string

{
    "additionalProperties":{
        "type":"string"
    },
    "type":"object"
}

• string

{
    "additionalProperties":{
        "type":"string",
        "x-nullable":true
    },
    "type":"object"
}

• string

{
    "additionalProperties":{
        "type":"string",
        "x-nullable":true
    },
    "type":"object"
}

• string

{
    "additionalProperties":{
        "type":"string"
    },
    "type":"object"
}

• string

{
    "additionalProperties":{
        "type":"string"
    },
    "type":"object"
}

• string

{
    "additionalProperties":{
        "type":"string"
    },
    "type":"object"
}